diff mbox

[39/44] start radius accounting after FT and PREauth

Message ID 1456314830-12935-40-git-send-email-michael-dev@fami-braun.de
State Changes Requested
Headers show

Commit Message

michael-dev Feb. 24, 2016, 11:53 a.m. UTC 
From: Michael Braun <michael-dev@fami-braun.de>

eapol_sm_set_port_authorized is not called as eapol state machine
is set directly to authorized. Thus accounting was not started.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
---
 src/ap/ieee802_1x.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Jouni Malinen Feb. 28, 2016, 6:02 p.m. UTC | #1 
On Wed, Feb 24, 2016 at 12:53:45PM +0100, michael-dev@fami-braun.de wrote:
> eapol_sm_set_port_authorized is not called as eapol state machine
> is set directly to authorized. Thus accounting was not started.

Would you be able to share a hostapd debug log showing such cases (both
FT and PMKSA caching)? I cannot reproduce this at least with the PMKSA
caching case.

> diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
> @@ -1139,7 +1139,8 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
> -		/* TODO: get vlan_id from R0KH using RRB message */
> +		ap_sta_bind_vlan(hapd, sta);

This looks independent change and should be in a separate commit. In any
case, I could not apply that part before the open items in RRB message
extensions have been resolved.

> @@ -1161,6 +1162,7 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
>  			eap_sm_notify_cached(sta->eapol_sm->eap);
>  		pmksa_cache_to_eapol_data(hapd, pmksa, sta->eapol_sm);
>  		ap_sta_bind_vlan(hapd, sta);
> +		ieee802_1x_set_sta_authorized(hapd, sta, 1);

This does not look correct. ieee802_1x_new_station() is called before
the 4-way handshake has completed. The port should not be marked
authorized before that. And in any case, accounting session is already
starting at that point without this patch, so I'm not sure why this
change would be needed here.

The FT case may be more applicable since FT protocol does not include
4-way handshake. That said, maybe it would be better to replace the
ap_sta_set_authorized() call in handle_assoc_cb() with
ieee802_1x_set_sta_authorized() for this case to have a single place to
take all the needed steps.
diff mbox

Patch

diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index f28ada8..543f604 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -1139,7 +1139,8 @@  void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
 		sta->eapol_sm->portValid = TRUE;
 		if (sta->eapol_sm->eap)
 			eap_sm_notify_cached(sta->eapol_sm->eap);
-		/* TODO: get vlan_id from R0KH using RRB message */
+		ap_sta_bind_vlan(hapd, sta);
+		ieee802_1x_set_sta_authorized(hapd, sta, 1);
 		return;
 	}
 #endif /* CONFIG_IEEE80211R */
@@ -1161,6 +1162,7 @@  void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
 			eap_sm_notify_cached(sta->eapol_sm->eap);
 		pmksa_cache_to_eapol_data(hapd, pmksa, sta->eapol_sm);
 		ap_sta_bind_vlan(hapd, sta);
+		ieee802_1x_set_sta_authorized(hapd, sta, 1);
 	} else {
 		if (reassoc) {
 			/*