git.ipfire.org Git - thirdparty/ipxe.git/commit

author	Michael Brown <mcb30@ipxe.org>
	Tue, 7 Nov 2023 11:08:33 +0000 (11:08 +0000)
committer	Michael Brown <mcb30@ipxe.org>
	Tue, 7 Nov 2023 13:31:20 +0000 (13:31 +0000)
commit	1bd01b761f1f33723f0b07d277863b3284dfe232
tree	65e1a4a066e38d039a39a3853b5597a2b3e91949	tree
parent	5524bb98328dd1b16037916498b0f91e0200a87c	commit \| diff

[eapol] Delay EAPoL-Start while waiting for EAP to complete

EAP exchanges may take a long time to reach a final status, especially
when relying upon MAC Authentication Bypass (MAB). Our current
behaviour of sending EAPoL-Start every few seconds until a final
status is obtained can prevent these exchanges from ever completing.

Fix by redefining the EAP supplicant state to allow EAPoL-Start to be
suppressed: either temporarily (while waiting for a full EAP exchange
to complete, in which case we need to eventually resend EAPoL-Start if
the final Success or Failure packet is lost), or permanently (while
waiting for the potentially very long MAC Authentication Bypass
timeout period).

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/include/ipxe/eap.h		diff \| blob \| blame \| history
src/net/eap.c		diff \| blob \| blame \| history
src/net/eapol.c		diff \| blob \| blame \| history