2 * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions)
3 * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #ifndef EAPOL_AUTH_SM_I_H
10 #define EAPOL_AUTH_SM_I_H
12 #include "common/defs.h"
13 #include "radius/radius.h"
15 /* IEEE Std 802.1X-2004, Ch. 8.2 */
17 typedef enum { ForceUnauthorized
= 1, ForceAuthorized
= 3, Auto
= 2 }
19 typedef enum { Unauthorized
= 2, Authorized
= 1 } PortState
;
20 typedef enum { Both
= 0, In
= 1 } ControlledDirection
;
21 typedef unsigned int Counter
;
25 * struct eapol_authenticator - Global EAPOL authenticator data
27 struct eapol_authenticator
{
28 struct eapol_auth_config conf
;
29 struct eapol_auth_cb cb
;
32 u8 default_wep_key_idx
;
34 u32 acct_multi_session_id_hi
;
35 u32 acct_multi_session_id_lo
;
40 * struct eapol_state_machine - Per-Supplicant Authenticator state machines
42 struct eapol_state_machine
{
48 /* global variables */
51 PortState authPortStatus
;
60 PortTypes portControl
;
62 Boolean reAuthenticate
;
64 /* Port Timers state machine */
65 /* 'Boolean tick' implicitly handled as registered timeout */
67 /* Authenticator PAE state machine */
68 enum { AUTH_PAE_INITIALIZE
, AUTH_PAE_DISCONNECTED
, AUTH_PAE_CONNECTING
,
69 AUTH_PAE_AUTHENTICATING
, AUTH_PAE_AUTHENTICATED
,
70 AUTH_PAE_ABORTING
, AUTH_PAE_HELD
, AUTH_PAE_FORCE_AUTH
,
71 AUTH_PAE_FORCE_UNAUTH
, AUTH_PAE_RESTART
} auth_pae_state
;
76 unsigned int reAuthCount
;
78 unsigned int quietPeriod
; /* default 60; 0..65535 */
79 #define AUTH_PAE_DEFAULT_quietPeriod 60
80 unsigned int reAuthMax
; /* default 2 */
81 #define AUTH_PAE_DEFAULT_reAuthMax 2
83 Counter authEntersConnecting
;
84 Counter authEapLogoffsWhileConnecting
;
85 Counter authEntersAuthenticating
;
86 Counter authAuthSuccessesWhileAuthenticating
;
87 Counter authAuthTimeoutsWhileAuthenticating
;
88 Counter authAuthFailWhileAuthenticating
;
89 Counter authAuthEapStartsWhileAuthenticating
;
90 Counter authAuthEapLogoffWhileAuthenticating
;
91 Counter authAuthReauthsWhileAuthenticated
;
92 Counter authAuthEapStartsWhileAuthenticated
;
93 Counter authAuthEapLogoffWhileAuthenticated
;
95 /* Backend Authentication state machine */
96 enum { BE_AUTH_REQUEST
, BE_AUTH_RESPONSE
, BE_AUTH_SUCCESS
,
97 BE_AUTH_FAIL
, BE_AUTH_TIMEOUT
, BE_AUTH_IDLE
, BE_AUTH_INITIALIZE
,
101 unsigned int serverTimeout
; /* default 30; 1..X */
102 #define BE_AUTH_DEFAULT_serverTimeout 30
104 Counter backendResponses
;
105 Counter backendAccessChallenges
;
106 Counter backendOtherRequestsToSupplicant
;
107 Counter backendAuthSuccesses
;
108 Counter backendAuthFails
;
110 /* Reauthentication Timer state machine */
111 enum { REAUTH_TIMER_INITIALIZE
, REAUTH_TIMER_REAUTHENTICATE
112 } reauth_timer_state
;
114 unsigned int reAuthPeriod
; /* default 3600 s */
115 Boolean reAuthEnabled
;
117 /* Authenticator Key Transmit state machine */
118 enum { AUTH_KEY_TX_NO_KEY_TRANSMIT
, AUTH_KEY_TX_KEY_TRANSMIT
121 /* Key Receive state machine */
122 enum { KEY_RX_NO_KEY_RECEIVE
, KEY_RX_KEY_RECEIVE
} key_rx_state
;
126 /* Controlled Directions state machine */
127 enum { CTRL_DIR_FORCE_BOTH
, CTRL_DIR_IN_OR_BOTH
} ctrl_dir_state
;
129 ControlledDirection adminControlledDirections
;
130 ControlledDirection operControlledDirections
;
133 /* Authenticator Statistics Table */
134 Counter dot1xAuthEapolFramesRx
;
135 Counter dot1xAuthEapolFramesTx
;
136 Counter dot1xAuthEapolStartFramesRx
;
137 Counter dot1xAuthEapolLogoffFramesRx
;
138 Counter dot1xAuthEapolRespIdFramesRx
;
139 Counter dot1xAuthEapolRespFramesRx
;
140 Counter dot1xAuthEapolReqIdFramesTx
;
141 Counter dot1xAuthEapolReqFramesTx
;
142 Counter dot1xAuthInvalidEapolFramesRx
;
143 Counter dot1xAuthEapLengthErrorFramesRx
;
144 Counter dot1xAuthLastEapolFrameVersion
;
146 /* Other variables - not defined in IEEE 802.1X */
147 u8 addr
[ETH_ALEN
]; /* Supplicant address */
148 int flags
; /* EAPOL_SM_* */
150 /* EAPOL/AAA <-> EAP full authenticator interface */
151 struct eap_eapol_interface
*eap_if
;
153 int radius_identifier
;
154 /* TODO: check when the last messages can be released */
155 struct radius_msg
*last_recv_radius
;
156 u8 last_eap_id
; /* last used EAP Identifier */
159 u8 eap_type_authsrv
; /* EAP type of the last EAP packet from
160 * Authentication server */
161 u8 eap_type_supp
; /* EAP type of the last EAP packet from Supplicant */
162 struct radius_class_data radius_class
;
163 struct wpabuf
*radius_cui
; /* Chargeable-User-Identity */
167 Boolean initializing
; /* in process of initializing state machines */
170 struct eapol_authenticator
*eapol
;
172 void *sta
; /* station context pointer to use in callbacks */
176 u32 acct_multi_session_id_hi
;
177 u32 acct_multi_session_id_lo
;
180 #endif /* EAPOL_AUTH_SM_I_H */