EAPOL 1/4 msg can come before association indication from driver. For MLO connection, the source address check of such frames should be against AP MLD address instead of assoc link BSSID. Signed-off-by: Veerendranath Jakkam <quic_vjakkam@xxxxxxxxxxx> --- wpa_supplicant/events.c | 5 +++-- wpa_supplicant/wpa_supplicant.c | 10 ++++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index a0fe9cc8a..4840c82fc 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -3844,8 +3844,9 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, os_get_reltime(&now); os_reltime_sub(&now, &wpa_s->pending_eapol_rx_time, &age); if (age.sec == 0 && age.usec < 200000 && - os_memcmp(wpa_s->pending_eapol_rx_src, bssid, ETH_ALEN) == - 0) { + os_memcmp(wpa_s->pending_eapol_rx_src, + wpa_s->valid_links ? wpa_s->ap_mld_addr : bssid, + ETH_ALEN) == 0) { wpa_dbg(wpa_s, MSG_DEBUG, "Process pending EAPOL " "frame that was received just before " "association notification"); diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index cb15feb7b..4f010ef40 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -5147,6 +5147,8 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, enum frame_encryption encrypted) { struct wpa_supplicant *wpa_s = ctx; + const u8 *connected_addr = wpa_s->valid_links ? + wpa_s->ap_mld_addr : wpa_s->bssid; wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " (encrypted=%d)", MAC2STR(src_addr), encrypted); @@ -5172,7 +5174,7 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, #ifdef CONFIG_AP !wpa_s->ap_iface && #endif /* CONFIG_AP */ - os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) { + os_memcmp(src_addr, connected_addr, ETH_ALEN) != 0)) { /* * There is possible race condition between receiving the * association event and the EAPOL frame since they are coming @@ -5186,9 +5188,9 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, * case with wired IEEE 802.1X). */ wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing " - "of received EAPOL frame (state=%s bssid=" MACSTR ")", + "of received EAPOL frame (state=%s connected_addr=" MACSTR ")", wpa_supplicant_state_txt(wpa_s->wpa_state), - MAC2STR(wpa_s->bssid)); + MAC2STR(connected_addr)); wpabuf_free(wpa_s->pending_eapol_rx); wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len); if (wpa_s->pending_eapol_rx) { @@ -5201,7 +5203,7 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, } wpa_s->last_eapol_matches_bssid = - os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0; + os_memcmp(src_addr, connected_addr, ETH_ALEN) == 0; #ifdef CONFIG_AP if (wpa_s->ap_iface) { -- 2.25.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap