On Thu, Jan 06, 2022 at 09:47:27AM +0800, xinpeng wang wrote: > When using PEAP certification, the server may use Identity's Request message > as a heartbeat; there will be many clients on the Internet to send address > 01: 80: C2: 00: 03 Identity's Response message as a heartbeat; at this time > When a client is broken and reconnect, it is easy to receive this message, > resulting in triggering restart of EAPOL authentication, resulting in a slow > authentication. So Ignore the response message in the Connecting state. This sounds really confusing.. Why would a Supplicant process an EAP response message in any state (well, with the exception of the quite unfortunate LEAP design)? What is special about the CONNECTING state in this context? That said, it is quite inconvenient if the EAPOL state machine needs to peek into the EAP header for something like this.. How commonly does this happen? Based on the that address, I'd assuming this is about use of EAPOL/IEEE 802.1X on a wired Ethernet interface rather than anything with Wi-Fi. Though, that should have been with one more zero octet: 01:80:C2:00:00:03, i.e., the PAE group address. Would you be able to share some debug logs showing the undesired behavior? -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
