diff --git a/contrib/hostapd/config.c b/contrib/hostapd/config.c index 34e2256aa6b5..016d9b9c959d 100644 --- a/contrib/hostapd/config.c +++ b/contrib/hostapd/config.c @@ -29,6 +29,7 @@ #include "sha1.h" #include "eap.h" #include "radius_client.h" +#include "ieee802_1x.h" /* XXX for EAPOL_VERSION */ static struct hostapd_config *hostapd_config_defaults(void) @@ -60,6 +61,7 @@ static struct hostapd_config *hostapd_config_defaults(void) conf->logger_stdout = (unsigned int) -1; conf->auth_algs = HOSTAPD_AUTH_OPEN | HOSTAPD_AUTH_SHARED_KEY; + conf->eapol_version = EAPOL_VERSION; /* NB: default version */ conf->wpa_group_rekey = 600; conf->wpa_gmk_rekey = 86400; @@ -855,6 +857,17 @@ struct hostapd_config * hostapd_config_read(const char *fname) } } else if (strcmp(buf, "eapol_key_index_workaround") == 0) { conf->eapol_key_index_workaround = atoi(pos); + } else if (strcmp(buf, "eapol_version") == 0) { + conf->eapol_version = atoi(pos); + if (conf->eapol_version < 1 || + conf->eapol_version > 2) { + printf("Line %d: invalid EAPOL " + "version (%d): '%s'.\n", + line, conf->eapol_version, pos); + errors++; + } else + wpa_printf(MSG_DEBUG, "eapol_version=%d", + conf->eapol_version); #ifdef CONFIG_IAPP } else if (strcmp(buf, "iapp_interface") == 0) { conf->ieee802_11f = 1; diff --git a/contrib/hostapd/config.h b/contrib/hostapd/config.h index c56f4e7bf241..8754a84884aa 100644 --- a/contrib/hostapd/config.h +++ b/contrib/hostapd/config.h @@ -73,6 +73,7 @@ struct hostapd_config { * EAP Request-Identity */ size_t eap_req_id_text_len; int eapol_key_index_workaround; + int eapol_version; size_t default_wep_key_len; int individual_wep_key_len; diff --git a/contrib/hostapd/hostapd.conf b/contrib/hostapd/hostapd.conf index ecd766360410..3dd5aab04fb3 100644 --- a/contrib/hostapd/hostapd.conf +++ b/contrib/hostapd/hostapd.conf @@ -106,6 +106,14 @@ auth_algs=3 # Require IEEE 802.1X authorization #ieee8021x=1 +# IEEE 802.1X/EAPOL version +# hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL +# version 2. However, there are some clients that do not handle +# the new version number correctly (they seem to drop the frames completely). +# In order to make hostapd interoperate with these clients, the version number +# can be set to the older version (1) with this configuration value. +#eapol_version=2 + # Optional displayable message sent with EAP Request-Identity. The first \0 # in this string will be converted to ASCII-0 (nul). This can be used to # separate network info (comma separated list of attribute=value pairs); see, diff --git a/contrib/hostapd/ieee802_1x.c b/contrib/hostapd/ieee802_1x.c index fa44d82211bd..f3fc31135db8 100644 --- a/contrib/hostapd/ieee802_1x.c +++ b/contrib/hostapd/ieee802_1x.c @@ -74,7 +74,7 @@ static void ieee802_1x_send(hostapd *hapd, struct sta_info *sta, u8 type, #endif xhdr = (struct ieee802_1x_hdr *) buf; - xhdr->version = EAPOL_VERSION; + xhdr->version = hapd->conf->eapol_version; xhdr->type = type; xhdr->length = htons(datalen); @@ -322,7 +322,7 @@ static void ieee802_1x_tx_key_one(hostapd *hapd, struct sta_info *sta, /* This header is needed here for HMAC-MD5, but it will be regenerated * in ieee802_1x_send() */ - hdr->version = EAPOL_VERSION; + hdr->version = hapd->conf->eapol_version; hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; hdr->length = htons(len); hmac_md5(sm->eapol_key_sign, sm->eapol_key_sign_len, @@ -1663,7 +1663,7 @@ int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, "dot1xPaePortInitialize=%d\n" "dot1xPaePortReauthenticate=FALSE\n", sta->aid, - EAPOL_VERSION, + hapd->conf->eapol_version, sm->initialize); /* dot1xAuthConfigTable */ diff --git a/contrib/hostapd/wpa.c b/contrib/hostapd/wpa.c index 4bac473122d6..98eef20ca1e2 100644 --- a/contrib/hostapd/wpa.c +++ b/contrib/hostapd/wpa.c @@ -1853,7 +1853,7 @@ static void wpa_send_eapol(struct hostapd_data *hapd, struct sta_info *sta, if (hdr == NULL) return; memset(hdr, 0, len); - hdr->version = EAPOL_VERSION; + hdr->version = hapd->conf->eapol_version; hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; hdr->length = htons(len - sizeof(*hdr)); key = (struct wpa_eapol_key *) (hdr + 1);