From owner-freebsd-current@FreeBSD.ORG Fri May 2 03:43:04 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 60913106564A for ; Fri, 2 May 2008 03:43:04 +0000 (UTC) (envelope-from sam@freebsd.org) Received: from ebb.errno.com (ebb.errno.com [69.12.149.25]) by mx1.freebsd.org (Postfix) with ESMTP id D87CD8FC19 for ; Fri, 2 May 2008 03:43:03 +0000 (UTC) (envelope-from sam@freebsd.org) Received: from Macintosh-2.local ([10.0.0.194]) (authenticated bits=0) by ebb.errno.com (8.13.6/8.12.6) with ESMTP id m423h2Mm068943 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 May 2008 20:43:03 -0700 (PDT) (envelope-from sam@freebsd.org) Message-ID: <481A8DC6.6030601@freebsd.org> Date: Thu, 01 May 2008 20:43:02 -0700 From: Sam Leffler Organization: FreeBSD Project User-Agent: Thunderbird 2.0.0.12 (Macintosh/20080213) MIME-Version: 1.0 To: David Cornejo References: <6b8e8f4f0804291900v521cde5cw1ad4eaba70244e9c@mail.gmail.com> <4817E52F.5070806@freebsd.org> <6b8e8f4f0805011334t68c265a8r50eaf2264eb12d08@mail.gmail.com> <481A520B.3020808@freebsd.org> <6b8e8f4f0805012012u3d0baee1x46e313c33b4295f4@mail.gmail.com> In-Reply-To: <6b8e8f4f0805012012u3d0baee1x46e313c33b4295f4@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-DCC-Rhyolite-Metrics: ebb.errno.com; whitelist Cc: freebsd-current@freebsd.org Subject: Re: problems making an access point w/current X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 May 2008 03:43:04 -0000 What you show are PTK's being plumbed but the issue I asked about was for the GTK and you haven't shown the log of it being plumbed. You also don't show the Michael failure msg so I cannot tell what key was involved. Please collect a full log and either send it privately or give me a url. You might also look at the scripts in tools/tools/net80211/scripts for examples of how I setup working configurations of various flavors. Sam David Cornejo wrote: > recompiled everything from todays sources, > > [win xp connection attempt] > > wlan0: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 rsc 0 tsc 0 len 0 > wlan0: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 rsc 0 tsc 0 len 0 > wlan0: ieee80211_crypto_setkey: TKIP keyix 4 flags 0x3 mac > 00:13:e8:30:a7:6d rsc 0 tsc 0 len 16 > wlan0: ieee80211_crypto_setkey: TKIP keyix 4 flags 0x3 mac > 00:13:e8:30:a7:6d rsc 0 tsc 0 len 16 > wlan0: _ieee80211_crypto_delkey: TKIP keyix 4 flags 0x3 rsc 0 tsc 2 len 16 > wlan0: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 rsc 0 tsc 0 len 0 > wlan0: [00:0b:6b:34:65:99] discard frame due to countermeasures (tkip_encap) > > [ repeat this a couple hundred times ] > > wlan0: [00:0b:6b:34:65:99] discard frame due to countermeasures (tkip_encap) > wlan0: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 rsc 0 tsc 0 len 0 > wlan0: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 rsc 0 tsc 0 len 0 > wlan0: ieee80211_crypto_setkey: TKIP keyix 4 flags 0x3 mac > 00:13:e8:30:a7:6d rsc 0 tsc 0 len 16 > > [win xp thinks it's connected, but no DHCP] > > I'm wondering if it's not an interaction problem with if_bridge? I'll > try a simpler config... > > thanks, > dave c > > > On Thu, May 1, 2008 at 1:28 PM, Sam Leffler wrote: >> Are you certain hostapd is up to date? There was a bug like this a while >> back (before code was committed to CVS) when I failed to update hostapd to >> plumb keys correctly. I routinely test this same config (i.e. card) w/o any >> issues. >> >> Sam >> >> David Cornejo wrote: >> >>> >>> >>> from dmesg: >>> >>> ath0: mac 5.9 phy 4.3 radio 3.6 >>> ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413) >>> >>> [root@ap2] 111% ifconfig -v wlan0 >>> wlan0: flags=8943 >>> metric 0 mtu 2290 >>> ether 00:0b:6b:34:65:99 >>> media: IEEE 802.11 Wireless Ethernet autoselect mode 11a >>> status: running >>> ssid hmiln channel 52 (5260 Mhz 11a) bssid 00:0b:6b:34:65:99 >>> regdomain DEBUG country US anywhere ecm authmode WPA -wps -tsn >>> privacy MIXED deftxkey 2 >>> TKIP 2:128-bit >>> TKIP 3:128-bit powersavemode OFF powersavesleep 100 txpower 19 >>> txpowmax 50.0 -dotd rtsthreshold 2346 fragthreshold 2346 bmiss 7 >>> 11a ucast NONE mgmt 6 Mb/s mcast 6 Mb/s maxretry 6 >>> 11b ucast NONE mgmt 1 Mb/s mcast 1 Mb/s maxretry 6 >>> 11g ucast NONE mgmt 1 Mb/s mcast 1 Mb/s maxretry 6 >>> turboA ucast NONE mgmt 6 Mb/s mcast 6 Mb/s maxretry 6 >>> 11na ucast NONE mgmt 0 MCS mcast 0 MCS maxretry 6 >>> 11ng ucast NONE mgmt 0 MCS mcast 0 MCS maxretry 6 >>> scanvalid 60 -bgscan bgscanintvl 300 bgscanidle 250 >>> roam:11a rssi 7dBm rate 12 Mb/s >>> roam:11b rssi 7dBm rate 1 Mb/s >>> roam:11g rssi 7dBm rate 5 Mb/s >>> roam:turboA rssi 7dBm rate 12 Mb/s >>> roam:sturbo rssi 7dBm rate 12 Mb/s -pureg protmode CTS -ht >>> -htcompat -ampdu ampdulimit 8k ampdudensity - -amsdu -shortgi >>> htprotmode RTSCTS -puren -wme burst ff dturbo -dwds -hidessid >> apbridge >>> dtimperiod 1 doth dfs inact bintval 100 >>> groups: wlan >>> >>> I disabled WME and it behaves a little different: >>> >>> [root@ap2] 115% ifconfig wlan0 list sta >>> ADDR AID CHAN RATE RSSI IDLE TXSEQ RXSEQ CAPS FLAG >>> 00:13:e8:30:a7:6d 1 52 54M 25.0 0 5 10624 EP AQP WPA WME >>> >>> But the client (Win XP) can't get an address from the DHCP server, and >>> if I set a static address on the client still nothing. The wired LAN >>> is very busy, but from tcpdump it looks like the packets from the >>> client get to the LAN, but they aren't responded to. >>> >>> thanks, >>> dave c >>> >>> >>> On Tue, Apr 29, 2008 at 5:19 PM, Sam Leffler wrote: >>> >>> >>>> David Cornejo wrote: >>>> >>>> >>>> >>>>> Hi, >>>>> >>>>> I am trying to build an access point out of a Soekris 4801 - I have >>>>> built two images from the CURRENT source, one on March 28, 2008 >>>>> (pre-VAPS) and one from today April 29th, 2008. >>>>> >>>>> The 3/28 one works beautifully, the 4/29 one has authorization >> problems. >>>>> I converted the rc.conf to the new wlan_* things. >>>>> >>>>> Is there something wrong with my configurations? >>>>> >>>>> thanks, >>>>> dave c >>>>> >>>>> good old config, kernel & world built march 28th sources. >>>>> >>>>> === rc.conf === >>>>> >>>>> hostname="ap1.dogwood.com" >>>>> >>>>> hostapd_enable="YES" >>>>> >>>>> ifconfig_sis0="up" >>>>> ifconfig_sis1="up" >>>>> ifconfig_sis2="up" >>>>> ifconfig_ath0="mode 11a mediaopt hostap dturbo" >>>>> >>>>> cloned_interfaces="bridge0" >>>>> ifconfig_bridge0="ether 92:74:fd:88:12:f3 addm sis0 addm sis1 addm >>>>> sis2 addm ath0 stp sis0 stp sis1 stp sis2 stp ath0 DHCP" >>>>> >>>>> ntpdate_enable="YES" >>>>> ntpdate_flags="pool.ntp.org" >>>>> >>>>> sendmail_enable="NONE" >>>>> sshd_enable="YES" >>>>> syslogd_flags="-ss" >>>>> rwhod_enable="YES" >>>>> >>>>> smartd_enable="YES" >>>>> >>>>> ntpd_enable="YES" >>>>> >>>>> === hostapd.conf >>>>> >>>>> interface=ath0 >>>>> driver=bsd >>>>> logger_syslog=-1 >>>>> logger_syslog_level=0 >>>>> logger_stdout=-1 >>>>> logger_stdout_level=0 >>>>> debug=4 >>>>> dump_file=/tmp/hostapd.dump >>>>> ctrl_interface=/var/run/hostapd >>>>> ctrl_interface_group=wheel >>>>> ssid=hoana-a >>>>> wpa=1 >>>>> wpa_passphrase=v1g1lance >>>>> wpa_key_mgmt=WPA-PSK >>>>> wpa_pairwise=TKIP >>>>> >>>>> === log output >>>>> >>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d IEEE 802.11: >>>>> >>>>> >>>> associated >>>> >>>> >>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: event 1 >>>>> notification >>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: start >>>>> authentication >>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d IEEE 802.1X: >>>>> unauthorizing port >>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: sending >>>>> 1/4 msg of 4-Way Handshake >>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: received >>>>> EAPOL-Key frame (2/4 Pairwise) >>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: sending >>>>> 3/4 msg of 4-Way Handshake >>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: received >>>>> EAPOL-Key frame (4/4 Pairwise) >>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d IEEE 802.1X: >>>>> authorizing port >>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: pairwise >>>>> key handshake completed (WPA) >>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: sending >>>>> 1/2 msg of Group Key Handshake >>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: received >>>>> EAPOL-Key frame (2/2 Group) >>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: group >>>>> key handshake completed (WPA) >>>>> >>>>> ========== >>>>> >>>>> bad new config, kernel & world built from april 29 sources >>>>> >>>>> === rc.conf === >>>>> >>>>> hostname="ap2.dogwood.com" >>>>> >>>>> ifconfig_sis0="up" >>>>> ifconfig_sis1="up" >>>>> ifconfig_sis2="up" >>>>> ifconfig_wlan0="mode 11a" >>>>> >>>>> wlans_ath0="wlan0" >>>>> create_args_wlan0="wlanmode ap" >>>>> >>>>> cloned_interfaces="bridge0" >>>>> ifconfig_bridge0="ether 00:40:96:01:01:01 addm sis0 addm sis1 addm >>>>> sis2 addm wlan0 stp sis0 stp sis1 stp sis2 stp wlan0 DHCP" >>>>> hostapd_enable="YES" >>>>> >>>>> ntpdate_enable="YES" >>>>> ntpdate_flags="pool.ntp.org" >>>>> ntpd_enable="YES" >>>>> >>>>> sendmail_enable="NONE" >>>>> sshd_enable="YES" >>>>> syslogd_flags="-ss" >>>>> rwhod_enable="YES" >>>>> >>>>> # HARDWARE SPECIFIC >>>>> smartd_enable="YES" >>>>> >>>>> dumpdev="NO" >>>>> >>>>> === hostapd.conf === >>>>> >>>>> interface=wlan0 >>>>> driver=bsd >>>>> logger_syslog=-1 >>>>> logger_syslog_level=0 >>>>> logger_stdout=-1 >>>>> logger_stdout_level=0 >>>>> debug=4 >>>>> dump_file=/tmp/hostapd.dump >>>>> ctrl_interface=/var/run/hostapd >>>>> ctrl_interface_group=wheel >>>>> ssid=hmiln >>>>> wpa=1 >>>>> wpa_passphrase=v1g1lance >>>>> wpa_key_mgmt=WPA-PSK >>>>> wpa_pairwise=TKIP >>>>> >>>>> === log output >>>>> >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d IEEE 802.11: >>>>> associated >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: event 1 >>>>> notification >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: start >>>>> authentication >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d IEEE 802.1X: >>>>> unauthorizing port >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: sending >>>>> 1/4 msg of 4-Way Handshake >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: >>>>> received EAPOL-Key frame (2/4 Pairwise) >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: sending >>>>> 3/4 msg of 4-Way Handshake >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: >>>>> received EAPOL-Key frame (4/4 Pairwise) >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d IEEE 802.1X: >>>>> authorizing port >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: >>>>> pairwise key handshake completed (WPA) >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: sending >>>>> 1/2 msg of Group Key Handshake >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: >>>>> received EAPOL-Key frame (2/2 Group) >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: group >>>>> key handshake completed (WPA) >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: >>>>> received EAPOL-Key frame (Request) >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: >>>>> received EAPOL-Key Error Request (STA detected Michael MIC failure) >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: sending >>>>> 1/4 msg of 4-Way Handshake >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: >>>>> received EAPOL-Key frame (2/4 Pairwise) >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: sending >>>>> 3/4 msg of 4-Way Handshake >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: >>>>> received EAPOL-Key frame (4/4 Pairwise) >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d IEEE 802.1X: >>>>> authorizing port >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: >>>>> pairwise key handshake completed (WPA) >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: sending >>>>> 1/2 msg of Group Key Handshake >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: >>>>> received EAPOL-Key frame (2/2 Group) >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: group >>>>> key handshake completed (WPA) >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: >>>>> received EAPOL-Key frame (Request) >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: >>>>> received EAPOL-Key Error Request (STA detected Michael MIC failure) >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: IEEE 802.11 TKIP countermeasures >>>>> >>>>> >>>> initiated >>>> >>>> >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: sending >>>>> 1/4 msg of 4-Way Handshake >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d IEEE 802.11: >>>>> deassociated >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: event 2 >>>>> notification >>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d IEEE 802.1X: >>>>> unauthorizing port >>>>> >>>>> >>>>> >>>> Please show the output of ifconfig -v wlan0 and the mac+phy revs of the >> ath >>>> card. I also need to know what hal you're using. >>>> >>>> This could be because wme is now enabled by default; if it's on try >> turning >>>> it off. >>>> >>>> Sam >>>> >>>> >>>> >>> _______________________________________________ >>> freebsd-current@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-current >>> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >>> >>> >>> >>> >> > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" > >