[eapol] Send EAPoL-Start packets to trigger EAP authenticationsupplicant

We have no way to force a link-layer restart in iPXE, and therefore no
way to explicitly trigger a restart of EAP authentication.  If an iPXE
script has performed some action that requires such a restart
(e.g. registering a device such that the port VLAN assignment will be
changed), then the only means currently available to effect the
restart is to reboot the whole system.  If iPXE is taking over a
physical link already used by a preceding bootloader, then even a
reboot may not work.

In the EAP model, the supplicant is a pure responder and never
initiates transmissions.  EAPoL extends this to include an EAPoL-Start
packet type that may be sent by the supplicant to (re)trigger EAP.

Add support for sending EAPoL-Start packets at two-second intervals on
links that are open and have reached physical link-up, but for which
EAP has not yet completed.  This allows "ifclose ; ifopen" to be used
to restart the EAP process.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

1 files changed, 8 insertions, 0 deletions

diff --git a/src/include/ipxe/eapol.h b/src/include/ipxe/eapol.h
index f6009a2ff..d4ea39208 100644
--- a/src/include/ipxe/eapol.h
+++ b/src/include/ipxe/eapol.h
@@ -30,6 +30,9 @@ struct eapol_header {
 /** EAPoL-encapsulated EAP packets */
 #define EAPOL_TYPE_EAP 0
 
+/** EAPoL start */
+#define EAPOL_TYPE_START 1
+
 /** EAPoL key */
 #define EAPOL_TYPE_KEY 5
 
@@ -37,8 +40,13 @@ struct eapol_header {
 struct eapol_supplicant {
 	/** EAP supplicant */
 	struct eap_supplicant eap;
+	/** EAPoL-Start retransmission timer */
+	struct retry_timer timer;
 };
 
+/** Delay between EAPoL-Start packets */
+#define EAPOL_START_INTERVAL ( 2 * TICKS_PER_SEC )
+
 /** An EAPoL handler */
 struct eapol_handler {
 	/** Type */