From 620bfba12034be7d2ad4a357063d609ff5b6e63a Mon Sep 17 00:00:00 2001
From: sam <sam@FreeBSD.org>
Date: Mon, 27 Mar 2006 18:15:24 +0000
Subject: Add eapol_version config parameter so folks with clients that
 (bogusly) require the authenticator announce EAPOL version 1 don't have to
 hack the code to get a working setup.

Discussed with Jouni; he's committed a similar set of changes to
his devel branch and I sent him these changes so I'm committing
this on the vendor branch in the expectation it will appear in
the next import.

MFC after:	1 week
---
 contrib/hostapd/config.c     | 13 +++++++++++++
 contrib/hostapd/config.h     |  1 +
 contrib/hostapd/hostapd.conf |  8 ++++++++
 contrib/hostapd/ieee802_1x.c |  6 +++---
 contrib/hostapd/wpa.c        |  2 +-
 5 files changed, 26 insertions(+), 4 deletions(-)

(limited to 'contrib/hostapd')

diff --git a/contrib/hostapd/config.c b/contrib/hostapd/config.c
index 34e2256..016d9b9 100644
--- a/contrib/hostapd/config.c
+++ b/contrib/hostapd/config.c
@@ -29,6 +29,7 @@
 #include "sha1.h"
 #include "eap.h"
 #include "radius_client.h"
+#include "ieee802_1x.h"		/* XXX for EAPOL_VERSION */
 
 
 static struct hostapd_config *hostapd_config_defaults(void)
@@ -60,6 +61,7 @@ static struct hostapd_config *hostapd_config_defaults(void)
 	conf->logger_stdout = (unsigned int) -1;
 
 	conf->auth_algs = HOSTAPD_AUTH_OPEN | HOSTAPD_AUTH_SHARED_KEY;
+	conf->eapol_version = EAPOL_VERSION;	/* NB: default version */
 
 	conf->wpa_group_rekey = 600;
 	conf->wpa_gmk_rekey = 86400;
@@ -855,6 +857,17 @@ struct hostapd_config * hostapd_config_read(const char *fname)
 			}
 		} else if (strcmp(buf, "eapol_key_index_workaround") == 0) {
 			conf->eapol_key_index_workaround = atoi(pos);
+		} else if (strcmp(buf, "eapol_version") == 0) {
+			conf->eapol_version = atoi(pos);
+			if (conf->eapol_version < 1 ||
+			    conf->eapol_version > 2) {
+				printf("Line %d: invalid EAPOL "
+				       "version (%d): '%s'.\n",
+				       line, conf->eapol_version, pos);
+				errors++;
+			} else
+				wpa_printf(MSG_DEBUG, "eapol_version=%d",
+				   conf->eapol_version);
 #ifdef CONFIG_IAPP
 		} else if (strcmp(buf, "iapp_interface") == 0) {
 			conf->ieee802_11f = 1;
diff --git a/contrib/hostapd/config.h b/contrib/hostapd/config.h
index c56f4e7..8754a84 100644
--- a/contrib/hostapd/config.h
+++ b/contrib/hostapd/config.h
@@ -73,6 +73,7 @@ struct hostapd_config {
 				* EAP Request-Identity */
 	size_t eap_req_id_text_len;
 	int eapol_key_index_workaround;
+	int eapol_version;
 
 	size_t default_wep_key_len;
 	int individual_wep_key_len;
diff --git a/contrib/hostapd/hostapd.conf b/contrib/hostapd/hostapd.conf
index ecd7663..3dd5aab 100644
--- a/contrib/hostapd/hostapd.conf
+++ b/contrib/hostapd/hostapd.conf
@@ -106,6 +106,14 @@ auth_algs=3
 # Require IEEE 802.1X authorization
 #ieee8021x=1
 
+# IEEE 802.1X/EAPOL version
+# hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
+# version 2. However, there are some clients that do not handle
+# the new version number correctly (they seem to drop the frames completely).
+# In order to make hostapd interoperate with these clients, the version number
+# can be set to the older version (1) with this configuration value.
+#eapol_version=2
+
 # Optional displayable message sent with EAP Request-Identity. The first \0
 # in this string will be converted to ASCII-0 (nul). This can be used to
 # separate network info (comma separated list of attribute=value pairs); see,
diff --git a/contrib/hostapd/ieee802_1x.c b/contrib/hostapd/ieee802_1x.c
index fa44d82..f3fc311 100644
--- a/contrib/hostapd/ieee802_1x.c
+++ b/contrib/hostapd/ieee802_1x.c
@@ -74,7 +74,7 @@ static void ieee802_1x_send(hostapd *hapd, struct sta_info *sta, u8 type,
 #endif
 
 	xhdr = (struct ieee802_1x_hdr *) buf;
-	xhdr->version = EAPOL_VERSION;
+	xhdr->version = hapd->conf->eapol_version;
 	xhdr->type = type;
 	xhdr->length = htons(datalen);
 
@@ -322,7 +322,7 @@ static void ieee802_1x_tx_key_one(hostapd *hapd, struct sta_info *sta,
 
 	/* This header is needed here for HMAC-MD5, but it will be regenerated
 	 * in ieee802_1x_send() */
-	hdr->version = EAPOL_VERSION;
+	hdr->version = hapd->conf->eapol_version;
 	hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
 	hdr->length = htons(len);
 	hmac_md5(sm->eapol_key_sign, sm->eapol_key_sign_len,
@@ -1663,7 +1663,7 @@ int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
 			"dot1xPaePortInitialize=%d\n"
 			"dot1xPaePortReauthenticate=FALSE\n",
 			sta->aid,
-			EAPOL_VERSION,
+			hapd->conf->eapol_version,
 			sm->initialize);
 
 	/* dot1xAuthConfigTable */
diff --git a/contrib/hostapd/wpa.c b/contrib/hostapd/wpa.c
index 4bac473..98eef20 100644
--- a/contrib/hostapd/wpa.c
+++ b/contrib/hostapd/wpa.c
@@ -1853,7 +1853,7 @@ static void wpa_send_eapol(struct hostapd_data *hapd, struct sta_info *sta,
 	if (hdr == NULL)
 		return;
 	memset(hdr, 0, len);
-	hdr->version = EAPOL_VERSION;
+	hdr->version = hapd->conf->eapol_version;
 	hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
 	hdr->length = htons(len  - sizeof(*hdr));
 	key = (struct wpa_eapol_key *) (hdr + 1);
-- 
cgit v1.1