Message ID | CAGnO3drm20P6-CqzrjPdEKzFyqdz+cYiDYdjUncdmi-FQ0regQ@mail.gmail.com |
---|---|
State | Changes Requested |
Headers | show |
On Tue, Jul 26, 2016 at 03:19:13PM +0100, Nick Lowe wrote: > [PATCH] Do not send a NAS-Port attribute in Access-Request and > Accounting-Request RADIUS packets as the association id is likely to always > be 0. What is this Association Id being 0 based on? IEEE 802.11 must have a unique Association Id. Some drivers might not provide that information to hostapd, but anyway, I'm not going to apply this. If there is need to get rid of NAS-Port = 0 cases, I guess it would be fine to do show based on the sta->aid value.
Hi Jouni, It is because the value is not conceptually available where auth takes place before assoc. https://tools.ietf.org/html/rfc3580#section-3.4 "Where IEEE 802.1X authentication occurs prior to association, a unique NAS-Port value may not be available." hostapd always sends a value of 0 in this scenario. Regards, Nick
On Mon, Aug 08, 2016 at 01:51:49PM +0100, Nick Lowe wrote: > It is because the value is not conceptually available where auth takes > place before assoc. > > https://tools.ietf.org/html/rfc3580#section-3.4 > > "Where IEEE 802.1X authentication occurs prior to association, a > unique NAS-Port value may not be available." > > hostapd always sends a value of 0 in this scenario. Sure, but that is not the case for most of IEEE 802.11 uses since EAP authentication happens after association for WPA2-Enterprise and same for IEEE 802.1X open/WEP cases. It is only RSN pre-authentication where association id would not be available since there is no association at all.
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c index 42b0299..a526441 100644 --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c @@ -412,13 +412,6 @@ static int add_common_radius_sta_attr(struct hostapd_data *hapd, return -1; } - if (!hostapd_config_get_radius_attr(req_attr, - RADIUS_ATTR_NAS_PORT) && - !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT, sta->aid)) { - wpa_printf(MSG_ERROR, "Could not add NAS-Port"); - return -1; - } - os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT, MAC2STR(sta->addr));
[PATCH] Do not send a NAS-Port attribute in Access-Request and Accounting-Request RADIUS packets as the association id is likely to always be 0. Signed-off-by: Nick Lowe <nlowe@lugatech.com> --- src/ap/ieee802_1x.c | 7 ------- 1 file changed, 7 deletions(-) buf[sizeof(buf) - 1] = '\0';