From owner-svn-src-head@freebsd.org Fri Jul 20 01:37:33 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DAEEC102A2B0; Fri, 20 Jul 2018 01:37:32 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 118FD85C97; Fri, 20 Jul 2018 01:37:31 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id gKMLfOvBjWppDgKMMfu7cs; Thu, 19 Jul 2018 19:37:30 -0600 X-Authority-Analysis: v=2.3 cv=YIcrNiOx c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=kj9zAlcOel0A:10 a=R9QF1RCXAYgA:10 a=xfDLHkLGAAAA:8 a=YxBL1-UpAAAA:8 a=ypVJL4-jAAAA:8 a=6I5d2MoRAAAA:8 a=VxmjJ2MpAAAA:8 a=QCccru2TAAAA:8 a=IIX2BFdiAAAA:8 a=H7iLv7eKUq9jpd-PgQUA:9 a=9yUAienz81jZAseb:21 a=hgFp2bqX_GqDSb-v:21 a=CjuIK1q_8ugA:10 a=UJ0tAi3fqDAA:10 a=8GuA_aGtTd0A:10 a=IfaqVvZgccqrtc8gcwf2:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=khIbc0fXALFIcTpOSxgJ:22 a=IjZwj45LgO3ly-622nXo:22 a=7gXAzLPJhVmCkEl4_tsf:22 a=rCjsK_HQOcgUb9vb-KUg:22 a=rHg00LAlvzXsuODty-Nv:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id 095A614FE; Thu, 19 Jul 2018 18:37:29 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id w6K1bSxH055920; Thu, 19 Jul 2018 18:37:28 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id w6K1bSMm055917; Thu, 19 Jul 2018 18:37:28 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201807200137.w6K1bSMm055917@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Kyle Evans cc: Cy Schubert , Shawn Webb , src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org, Cy Schubert , "Oleg V. Nauman" Subject: Re: svn commit: r336203 - in head: contrib/wpa contrib/wpa/hostapd contrib/wpa/hs20/client contrib/wpa/patches contrib/wpa/src/ap contrib/wpa/src/common contrib/wpa/src/crypto contrib/wpa/src/drivers c... In-Reply-To: Message from Kyle Evans of "Thu, 19 Jul 2018 20:27:31 -0500." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 19 Jul 2018 18:37:28 -0700 X-CMAE-Envelope: MS4wfHmeot3FtEa6KYlvfjEZzpzynv6fnfe/qgp+Bi97mKcF3x5KGnvp6KIddE5D2SEDmuAfYMxV7UUXpFvkW6XE2ua3XjdW00CkcUP+ai9DIv30vkhFzqW1 FdVGWRQ4Cp0rYrSS4rdk4WStH+wuXLsRLmdfoTvuTECPgFEDFK57R2+L/AdVxkUYILD7PJ74R8cnR7gPIUOrslhEQlv7UApEbPJgMP7OFC+jMjQicTaspyXi wJSm5y9Mw1+rakQxlNOH9LgQdyhTRHURsKM4MpzeUBdUKyUVj3LrZ2D+hs81UQBnEKt72OyznLeu4s/R4IA0pO5Qg6FgaYcQljDQFzl+SBV5lkqUNXsDsNTy DcNASFVv X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jul 2018 01:37:33 -0000 In message , Kyle Evans writes: > On Thu, Jul 19, 2018 at 7:57 PM, Cy Schubert wrot > e: > > In message > il.com> > > , Kyle Evans writes: > >> On Thu, Jul 19, 2018 at 7:32 PM, Shawn Webb w > rot > >> e: > >> > On Thu, Jul 19, 2018 at 07:24:46PM -0500, Kyle Evans wrote: > >> >> On Thu, Jul 19, 2018 at 6:21 PM, Kyle Evans wrote: > >> >> > On Thu, Jul 19, 2018 at 4:33 PM, Cy Schubert om> > >> wrote: > >> >> >> In message <201807192114.w6JLEapA097589@slippy.cwsent.com>, Cy Schub > ert > >> >> >> writes: > >> >> >>> In message <17042686.Mc0X0P6XHu@asus.theweb.org.ua>, "Oleg V. Nauma > n" > >> >> >>> writes: > >> >> >>> > On Thursday, July 19, 2018 4:54:42 PM EEST Cy Schubert wrote: > >> >> >>> > > In message @ma > >> il.gma > >> >> >>> > > il.com> > >> >> >>> > > > >> >> >>> > > , Kyle Evans writes: > >> >> >>> > > > On Thu, Jul 19, 2018 at 7:13 AM, Niclas Zeising > >> >> >>> > > > > >> >> >>> > > > wrote: > >> >> >>> > > > > [ sending this again since I missed the list the first time > , a > >> pologie > >> >> >>> s > >> >> >>> > > > > if > >> >> >>> > > > > anyone receives a duplicate ] > >> >> >>> > > > > > >> >> >>> > > > > On 07/19/18 13:57, Kyle Evans wrote: > >> >> >>> > > > >> On Thu, Jul 19, 2018 at 4:51 AM, Alexey Dokuchaev ree > >> bsd.org > >> >> >>> > > >> >> >>> > > > >> > >> >> >>> > > > >> wrote: > >> >> >>> > > > >>> On Thu, Jul 19, 2018 at 11:48:03AM +0300, Andrey V. Elsuk > ov > >> wrote: > >> >> >>> > > > >>>> ... > >> >> >>> > > > >>>> Yesterday I updated my notebook (with iwm(4)) and also n > oti > >> ced tha > >> >> >>> t > >> >> >>> > > > >>>> wi-fi connection periodically breaks. /etc/rc.d/wpa_supp > lic > >> ant > >> >> >>> > > > >>>> restart > >> >> >>> > > > >>>> wlan0 helps. After your message I reinstalled wpa_suppli > can > >> t from > >> >> >>> ol > >> >> >>> > d > >> >> >>> > > > >>>> source and now it works stable already about 2 hours. > >> >> >>> > > > >>> > >> >> >>> > > > >>> So, right now, we have broken wpa_supplicant(8) in -CURRE > NT? > >> :-/ > >> >> >>> > > > >> > >> >> >>> > > > >> Well, "broken". It's incredibly stable outside of rekeying > ev > >> ents, a > >> >> >>> nd > >> >> >>> > > > >> further testing shows that I don't actually notice these d > isc > >> onnects > >> >> >>> > > > >> most of the time because it reassociates fast enough. I no > tic > >> ed it t > >> >> >>> he > >> >> >>> > > > >> first time because apparently I had both SSIDs from my AP > unc > >> ommente > >> >> >>> d > >> >> >>> > > > >> in my wpa_supplicant.conf and it decided at that point to > con > >> nect to > >> >> >>> > > > >> the other one, which took a little longer. > >> >> >>> > > > >> > >> >> >>> > > > >> Contrary to Andrey's report, though, I don't have to kick > >> >> >>> > > > >> wpa_supplicant at all. It will reassociate on its own ever > y s > >> ingle > >> >> >>> > > > >> time. > >> >> >>> > > > > > >> >> >>> > > > > Hi! > >> >> >>> > > > > I have the exact same problem as Andrey, with the same driv > er. > >> I've > >> >> >>> no > >> >> >>> > t > >> >> >>> > > > > investigated very much, but when using the 2.8 wpa_supplica > nt > >> the wif > >> >> >>> i > >> >> >>> > > > > network dies after a little while, and I have to restart it > (u > >> sually > >> >> >>> > > > > with > >> >> >>> > > > > /etc/rc.d/netif restart). Then it works for a little while > , b > >> efore > >> >> >>> > > > > going > >> >> >>> > > > > down again. With the old wpa_supplicant I didn't have this > pr > >> oblem. > >> >> >>> > > > > > >> >> >>> > > > > I don't have very much else to add except noting that I'm a > ffe > >> cted as > >> >> >>> > > > > well. > >> >> >>> > > > > I haven't had time to debug it properly (which is why I've > nev > >> er > >> >> >>> > > > > reported > >> >> >>> > > > > it) > >> >> >>> > > > > >> >> >>> > > > I plan on trying out the latest from upstream beyond the patc > h C > >> y sent > >> >> >>> > > > along earlier to see if it's perhaps been addressed elsewhere > in > >> the > >> >> >>> > > > past two years since this release was made. > >> >> >>> > > > >> >> >>> > > A point of reference. I've had no issues here with any of the n > etw > >> orks > >> >> >>> > > I use. All the networks I use are either WPA-PSK or open. The l > ast > >> >> >>> > > WPA-EAP I used was at former $JOB a few years ago. However, at > the > >> Link > >> >> >>> > > Lounge just outside where $JOB is at my wifi would disconnect e > ver > >> y 30 > >> >> >>> > > minutes using our old wpa 2.5, requiring a netif restart. 2.6 r > eso > >> lved > >> >> >>> > > that issue. > >> >> >>> > > > >> >> >>> > > Upline git commit 0adc9b28b39d414d5febfff752f6a1576f785c85 also > lo > >> oks > >> >> >>> > > interesting. > >> >> >>> > > > >> >> >>> > > ommit 0adc9b28b39d414d5febfff752f6a1576f785c85 > >> >> >>> > > Author: Jouni Malinen > >> >> >>> > > Date: Sun Oct 1 12:32:57 2017 +0300 > >> >> >>> > > > >> >> >>> > > Fix PTK rekeying to generate a new ANonce > >> >> >>> > > > >> >> >>> > > The Authenticator state machine path for PTK rekeying ended > up > >> >> >>> > > bypassing > >> >> >>> > > the AUTHENTICATION2 state where a new ANonce is generated w > hen > >> going > >> >> >>> > > directly to the PTKSTART state since there is no need to tr > y t > >> o > >> >> >>> > > determine the PMK again in such a case. This is far from id > eal > >> >> >>> > > since the > >> >> >>> > > new PTK would depend on a new nonce only from the supplican > t. > >> >> >>> > > > >> >> >>> > > Fix this by generating a new ANonce when moving to the PTKS > TAR > >> T > >> >> >>> > > state > >> >> >>> > > for the purpose of starting new 4-way handshake to rekey PT > K. > >> >> >>> > > > >> >> >>> > > Signed-off-by: Jouni Malinen > >> >> >>> > > > >> >> >>> > > > >> >> >>> > > I suspect a timeout because reason=1 in Kyle's log. > >> >> >>> > > >> >> >>> > > >> >> >>> > I have two systems experienced wifi connection issues after rece > nt > >> HEAD > >> >> >>> > update. > >> >> >>> > Both of them experiencing frequent up/down wlan0 events on boot > so > >> wireles > >> >> >>> s > >> >> >>> > connection can not negotiate DHCP requests, possibly due to fact > tha > >> t both > >> >> >>> > connecting to the same AP. > >> >> >>> > AP capabilities list: > >> >> >>> > > >> >> >>> > ***** f8:1a:67:56:16:16 1 54M -74:-96 100 EPS WPA WME > ATH > >> WPS > >> >> >>> > > >> >> >>> > Interesting enough that switching wpa_supplicant to version 2.6 f > rom > >> ports > >> >> >>> > fixes that issue completely. > >> >> >>> > > >> >> >>> > Hopefully it helps. > >> >> >>> > > >> >> >>> > Thank you. > >> >> >>> > >> >> >>> I've imported all the patches in the port, from our upline into bas > e. > >> >> >>> Some were already committed to > >> >> >>> -- > >> >> >>> Cheers, > >> >> >>> Cy Schubert > >> >> >>> FreeBSD UNIX: Web: http://www.FreeBSD.org > >> >> >>> > >> >> >>> The need of the many outweighs the greed of the few. > >> >> >>> base 2.5 others not. This should bring base up to par with the por > t, > >> >> >>> address the remaining security issues, and probably fix this thread > to > >> o. > >> >> >> > >> >> >> exmh. I had my cursor in the wrong place when I hit send. > >> >> >> > >> >> >> I've imported all the patches in the port, from our upline into base > . > >> >> >> Some were already committed to base 2.5 others not. This should brin > g > >> >> >> base up to par with the port, address the remaining security issues, > >> >> >> and probably fix this thread too. > >> >> >> > >> >> > > >> >> > FWIW- with ports 2.6 I've confirmed that instead of the reassociation > I > >> get: > >> >> > > >> >> > Jul 19 18:17:30 shiva wpa_supplicant[34199]: wlan0: WPA: Group > >> >> > rekeying completed with ... [GTK=CCMP] > >> >> > > >> >> > I'll try with base 2.6 now that you've updated with all of these patc > hes > >> . > >> >> > >> >> Alright, base 2.6 is still no good here. I note that there's still > >> >> some diff between ports and base [1] (about 252 lines of diff to sort > >> >> through, nothing serious... I removed the obviously-for-libressl > >> >> diff). > >> >> > >> >> Some of it looks kind of suspicious, but I'd guess the changes in > >> >> ./src/rsn_supp/wpa.c are mostly what make the difference for me. How > >> >> much of this really needs to stick around, given that ports > >> >> wpa_supplicant is actually pretty stable? > >> > > >> > (Attempting to read between the lines, forgive me if I > >> > misinterpreted.) > >> > >> Sorry, I seem to have missed a word there. I meant "How much of this > >> [diff] really needs to stick around, given that ports wpa_supplicant > >> is actually pretty stable?" -- we've had a couple reports of > >> improvements from the 2.6 in ports, so I wonder if some of our local > >> diffs should have gone away with the 2.6 update but we didn't quite > >> get there. > >> > >> > Some of the systems I've set up recently are more easily set up with > >> > wireless. Running a 100ft cable in an office building isn't that fun. > >> > > >> > >> Ahh, indeed- at $work we have tons of those, with 2ft thick concrete > >> walls sprinkled conservatively and legacy wire runs -everywhere-, and > >> not necessarily with drop ceilings or conduit... ugh. > > > > I'm on a $work issue right now. I'll get back to this in an hour. > > > > FWIW- extracting the src/rsn_supp/wpa.c diff from the aforementioned > diff between ports 2.6 and base 2.6 and doing a patch -R of that on > the base 2.6 fixes my problem, at least. Yes, I'm looking at that now. (I fixed the NFS issue -- firewall out of state impacting NFS -- at $JOB sooner than expected. I'm on it now. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.