diff mbox

Do not send a NAS-Port attribute in Access-Request and Accounting-Request RADIUS packets as the association id is likely to always be 0.

Message ID CAGnO3drm20P6-CqzrjPdEKzFyqdz+cYiDYdjUncdmi-FQ0regQ@mail.gmail.com
State Changes Requested
Headers show

Commit Message

Nick Lowe July 26, 2016, 2:19 p.m. UTC 
[PATCH] Do not send a NAS-Port attribute in Access-Request and
 Accounting-Request RADIUS packets as the association id is likely to always
 be 0.

Signed-off-by: Nick Lowe <nlowe@lugatech.com>
---
 src/ap/ieee802_1x.c | 7 -------
 1 file changed, 7 deletions(-)

  buf[sizeof(buf) - 1] = '\0';

Comments

Jouni Malinen Aug. 7, 2016, 9:29 p.m. UTC | #1 
On Tue, Jul 26, 2016 at 03:19:13PM +0100, Nick Lowe wrote:
> [PATCH] Do not send a NAS-Port attribute in Access-Request and
>  Accounting-Request RADIUS packets as the association id is likely to always
>  be 0.

What is this Association Id being 0 based on? IEEE 802.11 must have a
unique Association Id. Some drivers might not provide that information
to hostapd, but anyway, I'm not going to apply this. If there is need to
get rid of NAS-Port = 0 cases, I guess it would be fine to do show based
on the sta->aid value.
Nick Lowe Aug. 8, 2016, 12:51 p.m. UTC | #2 
Hi Jouni,

It is because the value is not conceptually available where auth takes
place before assoc.

https://tools.ietf.org/html/rfc3580#section-3.4

"Where IEEE 802.1X authentication occurs prior to association, a
unique NAS-Port value may not be available."

hostapd always sends a value of 0 in this scenario.

Regards,

Nick
Jouni Malinen Aug. 8, 2016, 4:11 p.m. UTC | #3 
On Mon, Aug 08, 2016 at 01:51:49PM +0100, Nick Lowe wrote:
> It is because the value is not conceptually available where auth takes
> place before assoc.
> 
> https://tools.ietf.org/html/rfc3580#section-3.4
> 
> "Where IEEE 802.1X authentication occurs prior to association, a
> unique NAS-Port value may not be available."
> 
> hostapd always sends a value of 0 in this scenario.

Sure, but that is not the case for most of IEEE 802.11 uses since EAP
authentication happens after association for WPA2-Enterprise and same
for IEEE 802.1X open/WEP cases. It is only RSN pre-authentication where
association id would not be available since there is no association at
all.
diff mbox

Patch

diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 42b0299..a526441 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -412,13 +412,6 @@  static int add_common_radius_sta_attr(struct
hostapd_data *hapd,
  return -1;
  }

- if (!hostapd_config_get_radius_attr(req_attr,
-    RADIUS_ATTR_NAS_PORT) &&
-    !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT, sta->aid)) {
- wpa_printf(MSG_ERROR, "Could not add NAS-Port");
- return -1;
- }
-
  os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
     MAC2STR(sta->addr));