Re: WPA with ath

From: Tai-hwa Liang <avatar_at_mmlab.cse.yzu.edu.tw>
Date: Thu, 3 Feb 2005 11:27:54 +0800 (CST)
On Sat, 22 Jan 2005, Sam Leffler wrote:
> Bryan Bunch wrote:
>> I'm trying to connect to a Linksys WRT54G. I have tested the card on
>> the computer when booting up in XP and it connects fine via WPA. I
>> also tested the card in CURRENT with WPA disabled and the card
>> connected fine.
>
> There's nothing useful in the log you included.  You can get the reason code 
> sent by the ap by enabling association debugging in the 802.11 layer.  I 
> usually do this with the 80211debug program found in 
> /usr/src/tools/tools/ath.  Something like
>
> 80211debug +assoc+auth
>
> should suffice.  Messages go to the console.
>
> I've seen postings in various forums that this AP has issues with certain 
> firmware revs; you might check if your firmware is up to date.
>
> Past the above a packet trace is needed.

Hi Bunch,

   According to WPA for 802.11i, section 2.2.2:

 	The only unencrypted data packets allowed are unicast 802.1X
 	data packets and unencrypted 802.1X data packets are only
 	allowed when there is no Pairwise key between the station
 	and AP otherwise unencrypted data packets must be discarded.

   I guess that's why your station being deauthenticated right after
seeing "Group rekeying completed with..." since WPA requires station
sending group EAPOL key in encrypted form once the pairwise key is
available and installed.

   In my testing environment, -CURRENT if_ath + wpa_supplicant 0.3.0
always being kicked out by Buffalo AirStation G54 AP(firmware 2.20)
after station completed the group key handshake; however, the same
station/software configuration works flawlessly(read: only one 4-way
handshake + 2 way group key exchange) with another Orinoco AP(which
allows station to reply the last EAPOL successful message in plaintext).

   The attached patch works on my box. Would you please give it a try?

-- 
Cheers,

Tai-hwa Liang

--- /sys/net80211/ieee80211_output.c.old	Tue Jan 25 09:22:56 2005
+++ /sys/net80211/ieee80211_output.c	Thu Feb  3 10:07:55 2005
_at__at_ -563,7 +563,7 _at__at_
  		 */
  		if (eh.ether_type != htons(ETHERTYPE_PAE) ||
  		    ((ic->ic_flags & IEEE80211_F_WPA) &&
-		     !KEY_UNDEFINED(ni->ni_ucastkey))) {
+		     !KEY_UNDEFINED(*key))) {
  			wh->i_fc[1] |= IEEE80211_FC1_WEP;
  			/* XXX do fragmentation */
  			if (!ieee80211_crypto_enmic(ic, key, m)) {
Received on Thu Feb 03 2005 - 02:28:01 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:27 UTC