From patchwork Sat Mar 30 04:27:27 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Fries X-Patchwork-Id: 232511 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "maxx.shmoo.com", Issuer "CA Cert Signing Authority" (not verified)) by ozlabs.org (Postfix) with ESMTPS id 0562F2C008C for ; Sat, 30 Mar 2013 15:27:48 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id C248717C00E; Sat, 30 Mar 2013 00:27:44 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oC3QA18uNkip; Sat, 30 Mar 2013 00:27:44 -0400 (EDT) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id C85A79D274; Sat, 30 Mar 2013 00:27:38 -0400 (EDT) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id C65BE9D275 for ; Sat, 30 Mar 2013 00:27:37 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LL5FK-9WMnWg for ; Sat, 30 Mar 2013 00:27:31 -0400 (EDT) Received: from SpacedOut.fries.net (SpacedOut.fries.net [67.64.210.234]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "SpacedOut.fries.net", Issuer "SpacedOut.fries.net" (not verified)) by maxx.maxx.shmoo.com (Postfix) with ESMTPS id 96B659D1F8 for ; Sat, 30 Mar 2013 00:27:31 -0400 (EDT) Received: from SpacedOut.fries.net (david@localhost [127.0.0.1]) by SpacedOut.fries.net (8.14.4/8.14.4/Debian-2.1) with ESMTP id r2U4RTVg011994 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 Mar 2013 23:27:29 -0500 Received: (from david@localhost) by SpacedOut.fries.net (8.14.4/8.14.4/Submit) id r2U4RR2F011985; Fri, 29 Mar 2013 23:27:27 -0500 Date: Fri, 29 Mar 2013 23:27:27 -0500 From: David Fries To: hostap@lists.shmoo.com Subject: revert fix for Nokia N900 WPA-EAP connect problems Message-ID: <20130330042727.GA11078@spacedout.fries.net> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.3.9 (SpacedOut.fries.net [127.0.0.1]); Fri, 29 Mar 2013 23:27:29 -0500 (CDT) Cc: Jouni Malinen X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com Jouni Malinen, Cc'ed, you as your name was on the commit I seem to be having problems with. Since the commit fd8e4fda506f32efadebdf62aaf51769a4d08fdc "EAPOL auth: Disconnect after IEEE 802.1X failure" was applied to hostapd, the Nokia N900 is having problems connecting to hostapd for me. I'm running hostapd with WPA-EAP TTLS, MSCHAPV2, and Integrated EAP server. It seems like the first time I try to connect, as in start hostapd, connect, it doesn't have any problems. But if I disconnect, and reconnect within some time window, that's when I have problems. Sometimes I'll tell the N900 to connect, and it will blink the WiFi network until it timesout and asks to try again. Other times, as I have the N900 certificate encryped, it will prompt me for the password, then immediately turn around and prompt me again, in which case the connection will succeed, but after a few minutes (9 minutes in one case), it will drop while hostapd is trying to rekey. I updated today to commit ce26864e79144cba12d5ff98632570593cc57b8a and still see the problem. If I apply the following patch, which mostly reverts the earlier commit fd8e4fda506f3 I mentioned, I can connect and disconnect without any problems. From b421cc082b90d302ccc542c15062c26b457a4db2 Mon Sep 17 00:00:00 2001 From: David Fries Date: Sat, 13 Oct 2012 20:42:08 -0500 Subject: [PATCH] Revert "EAPOL auth: Disconnect after IEEE 802.1X failure" This reverts commit fd8e4fda506f32efadebdf62aaf51769a4d08fdc. Committer: Jouni Malinen Conflicts: src/ap/ieee802_1x.c debug message format has changed --- src/ap/ieee802_1x.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c index e87431e..0314417 100644 --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c @@ -2206,16 +2206,12 @@ static void ieee802_1x_finished(struct hostapd_data *hapd, "Added PMKSA cache entry (IEEE 802.1X)"); } - if (!success) { +#ifdef CONFIG_WPS + if (!success && (sta->flags & WLAN_STA_WPS)) { /* * Many devices require deauthentication after WPS provisioning * and some may not be be able to do that themselves, so - * disconnect the client here. In addition, this may also - * benefit IEEE 802.1X/EAPOL authentication cases, too since - * the EAPOL PAE state machine would remain in HELD state for - * considerable amount of time and some EAP methods, like - * EAP-FAST with anonymous provisioning, may require another - * EAPOL authentication to be started to complete connection. + * disconnect the client here. */ wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "IEEE 802.1X: Force " "disconnection after EAP-Failure"); @@ -2225,6 +2221,7 @@ static void ieee802_1x_finished(struct hostapd_data *hapd, */ os_sleep(0, 10000); ap_sta_disconnect(hapd, sta, sta->addr, - WLAN_REASON_IEEE_802_1X_AUTH_FAILED); + WLAN_REASON_PREV_AUTH_NOT_VALID); } +#endif /* CONFIG_WPS */ }