Hi
When I connect to an AP with wpa, then I receive deauth frame,
ieee80211_rx_mgmt_deauth will be called, which will call
ieee80211_set_associated(dev, ifsta, 0); to disconnect. In function
ieee80211_set_associated, it calls wireless_send_event with SIOCGIWAP
event and memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN). wpa_supplicant will
receives this event then call mac80211 to remove any old security key,
the problem it will pass 00:00:00:00:00:00 as station address.
ieee80211_set_encryption will fail since there are no station with
00:00:00:00:00:00. This will leave the old key which causes the problems
in the next reconnection.
Below is the work around to this problem, I am not very familiar with
security in mac80211 so I appreciate any comment on how to fix this
problem the right way.
Mohamed
diff --git a/net/mac80211/ieee80211_ioctl.c b/net/mac80211/ieee80211_ioctl.c
index c84a26e..e08df5e 100644
--- a/net/mac80211/ieee80211_ioctl.c
+++ b/net/mac80211/ieee80211_ioctl.c
@@ -97,7 +97,10 @@ static int ieee80211_set_encryption(struct net_device *dev, u8 *sta_addr,
return -EINVAL;
}
- sta = sta_info_get(local, sta_addr);
+ if (is_zero_ether_addr(sta_addr))
+ sta = sta_info_get(local, sdata->u.sta.bssid);
+ else
+ sta = sta_info_get(local, sta_addr);
if (!sta) {
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
printk(KERN_DEBUG "%s: set_encrypt - unknown addr "
> > > wpa_supplicant will
> > > receives this event then call mac80211 to remove any old security key,
> > > the problem it will pass 00:00:00:00:00:00 as station address.
>
> This sounds broken. wpa_supplicant should remove the key for the
> previous BSSID.
> > Interesting. I'd think this is a wpa_supplicant bug, Jouni, how is the
> > security wext stuff supposed to work here?
>
> Agreed, this sounds like a bug in wpa_supplicant. Unicast keys should be
> removed with their correct address. I think this used to work, but maybe
> some of the changes in BSSID processing in disassociation cases caused
> the old BSSID to be forgotten.
Can you look into it then please?
Thanks,
johannes
On Thu, Nov 22, 2007 at 01:55:26PM +0100, Johannes Berg wrote:
> > > > wpa_supplicant will
> > > > receives this event then call mac80211 to remove any old security key,
> > > > the problem it will pass 00:00:00:00:00:00 as station address.
> Can you look into it then please?
It looks like this was fixed more than a year ago.. Which wpa_supplicant
version was used here? Can the problem be reproduced on something more
recent (e.g., 0.5.8 or the current 0.6.x snapshot)? If yes, I would like
to see debug log from wpa_supplicant showing what exactly happens.
The fix was to reorder clearing of the BSSID:
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=3103d0a7f91a48ebfa0d08c6599babd0c556e6a9
--
Jouni Malinen PGP id EFC895FA
Hi,
> When I connect to an AP with wpa, then I receive deauth frame,
> ieee80211_rx_mgmt_deauth will be called, which will call
> ieee80211_set_associated(dev, ifsta, 0); to disconnect. In function
> ieee80211_set_associated, it calls wireless_send_event with SIOCGIWAP
> event and memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN). wpa_supplicant will
> receives this event then call mac80211 to remove any old security key,
> the problem it will pass 00:00:00:00:00:00 as station address.
> ieee80211_set_encryption will fail since there are no station with
> 00:00:00:00:00:00. This will leave the old key which causes the problems
> in the next reconnection.
Interesting. I'd think this is a wpa_supplicant bug, Jouni, how is the
security wext stuff supposed to work here?
> diff --git a/net/mac80211/ieee80211_ioctl.c b/net/mac80211/ieee80211_ioctl.c
> index c84a26e..e08df5e 100644
> --- a/net/mac80211/ieee80211_ioctl.c
> +++ b/net/mac80211/ieee80211_ioctl.c
> @@ -97,7 +97,10 @@ static int ieee80211_set_encryption(struct net_device *dev, u8 *sta_addr,
> return -EINVAL;
> }
>
> - sta = sta_info_get(local, sta_addr);
> + if (is_zero_ether_addr(sta_addr))
> + sta = sta_info_get(local, sdata->u.sta.bssid);
> + else
> + sta = sta_info_get(local, sta_addr);
> if (!sta) {
> #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
> printk(KERN_DEBUG "%s: set_encrypt - unknown addr "
>
Jouni Malinen wrote:
> On Wed, Nov 21, 2007 at 04:17:34PM +0100, Johannes Berg wrote:
>
>
>>> When I connect to an AP with wpa, then I receive deauth frame,
>>> ieee80211_rx_mgmt_deauth will be called, which will call
>>> ieee80211_set_associated(dev, ifsta, 0); to disconnect. In function
>>> ieee80211_set_associated, it calls wireless_send_event with SIOCGIWAP
>>> event and memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN).
>>>
>
> This sounds correct.
>
>
>>> wpa_supplicant will
>>> receives this event then call mac80211 to remove any old security key,
>>> the problem it will pass 00:00:00:00:00:00 as station address.
>>>
>
> This sounds broken. wpa_supplicant should remove the key for the
> previous BSSID.
>
>
>>> ieee80211_set_encryption will fail since there are no station with
>>> 00:00:00:00:00:00. This will leave the old key which causes the problems
>>> in the next reconnection.
>>>
>
> This sounds correct behavior.
>
>
>> Interesting. I'd think this is a wpa_supplicant bug, Jouni, how is the
>> security wext stuff supposed to work here?
>>
>
> Agreed, this sounds like a bug in wpa_supplicant. Unicast keys should be
> removed with their correct address. I think this used to work, but maybe
> some of the changes in BSSID processing in disassociation cases caused
> the old BSSID to be forgotten.
>
>
>>> diff --git a/net/mac80211/ieee80211_ioctl.c b/net/mac80211/ieee80211_ioctl.c
>>> @@ -97,7 +97,10 @@ static int ieee80211_set_encryption(struct net_device *dev, u8 *sta_addr,
>>> - sta = sta_info_get(local, sta_addr);
>>> + if (is_zero_ether_addr(sta_addr))
>>> + sta = sta_info_get(local, sdata->u.sta.bssid);
>>> + else
>>> + sta = sta_info_get(local, sta_addr);
>>>
>
> NAK. I don't think this is the correct fix here.
>
>
I agree I just included this workaround to illustrated what I did to
make it work.
On Wed, Nov 21, 2007 at 04:17:34PM +0100, Johannes Berg wrote:
> > When I connect to an AP with wpa, then I receive deauth frame,
> > ieee80211_rx_mgmt_deauth will be called, which will call
> > ieee80211_set_associated(dev, ifsta, 0); to disconnect. In function
> > ieee80211_set_associated, it calls wireless_send_event with SIOCGIWAP
> > event and memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN).
This sounds correct.
> > wpa_supplicant will
> > receives this event then call mac80211 to remove any old security key,
> > the problem it will pass 00:00:00:00:00:00 as station address.
This sounds broken. wpa_supplicant should remove the key for the
previous BSSID.
> > ieee80211_set_encryption will fail since there are no station with
> > 00:00:00:00:00:00. This will leave the old key which causes the problems
> > in the next reconnection.
This sounds correct behavior.
> Interesting. I'd think this is a wpa_supplicant bug, Jouni, how is the
> security wext stuff supposed to work here?
Agreed, this sounds like a bug in wpa_supplicant. Unicast keys should be
removed with their correct address. I think this used to work, but maybe
some of the changes in BSSID processing in disassociation cases caused
the old BSSID to be forgotten.
> > diff --git a/net/mac80211/ieee80211_ioctl.c b/net/mac80211/ieee80211_ioctl.c
> > @@ -97,7 +97,10 @@ static int ieee80211_set_encryption(struct net_device *dev, u8 *sta_addr,
> > - sta = sta_info_get(local, sta_addr);
> > + if (is_zero_ether_addr(sta_addr))
> > + sta = sta_info_get(local, sdata->u.sta.bssid);
> > + else
> > + sta = sta_info_get(local, sta_addr);
NAK. I don't think this is the correct fix here.
--
Jouni Malinen PGP id EFC895FA