During eap authentication, the supplier sends the response to the address
01:80:c2:00:00:03, the PAE group address.
Some switches will broadcast messages sent to this address, which will
cause the devices under the same switch to receive these response packets,
which will cause the device's eap state machine to migrate incorrectly,
resulting in repeated authentication or slow authentication.
Signed-off-by: xinpeng wang <wangxinpeng@xxxxxxxxxxxxx>
---
src/eapol_supp/eapol_supp_sm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 0bfe3c970..3c03a433c 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -1365,6 +1365,11 @@ int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf,
wpa_printf(MSG_DEBUG, "EAPOL: Ignore EAP packet with unknown code 10");
break;
}
+
+ if (plen >= sizeof(*ehdr) && ehdr->code == EAP_CODE_RESPONSE) {
+ wpa_printf(MSG_DEBUG, "EAPOL: Ignore EAP packet with response");
+ break;
+ }
}
if (sm->cached_pmk) {
--
2.20.1
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
