From owner-svn-src-head@freebsd.org Wed Jul 18 19:50:53 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 22E12103019A; Wed, 18 Jul 2018 19:50:53 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5E4D98A172; Wed, 18 Jul 2018 19:50:52 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id fsTCfHSOxWppDfsTDfpm2H; Wed, 18 Jul 2018 13:50:45 -0600 X-Authority-Analysis: v=2.3 cv=YIcrNiOx c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=R9QF1RCXAYgA:10 a=XldT38RWNwACPDQzwzUA:9 a=LpQP-O61AAAA:8 a=xfDLHkLGAAAA:8 a=pGLkceISAAAA:8 a=6I5d2MoRAAAA:8 a=HcIk6lI_g2L5OQK4NXUA:9 a=9-KHCQ_UQ_Jb1lMe:21 a=FkekSh_sH2puxxXE:21 a=CjuIK1q_8ugA:10 a=MDe6oluTFS4T8Vulk8gA:9 a=hquHOILUSkIA:10 a=YxBL1-UpAAAA:8 a=ics_IjAVWSmO8OVX31YA:9 a=BOg4e644cxQA:10 a=pioyyrs4ZptJ924tMmac:22 a=IfaqVvZgccqrtc8gcwf2:22 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from slippy.cwsent.com (slippy8 [10.2.2.6]) by spqr.komquats.com (Postfix) with ESMTPS id 1BFDD1008; Wed, 18 Jul 2018 12:50:41 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id w6IJoP8v005613; Wed, 18 Jul 2018 12:50:25 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id w6IJoPLu005610; Wed, 18 Jul 2018 12:50:25 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201807181950.w6IJoPLu005610@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Kyle Evans cc: Adrian Chadd , Cy Schubert , src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r336203 - in head: contrib/wpa contrib/wpa/hostapd contrib/wpa/hs20/client contrib/wpa/patches contrib/wpa/src/ap contrib/wpa/src/common contrib/wpa/src/crypto contrib/wpa/src/drivers c... In-Reply-To: Message from Kyle Evans of "Wed, 18 Jul 2018 13:05:26 -0500." Mime-Version: 1.0 Content-Type: multipart/mixed ; boundary="==_Exmh_1531943200_26820" Date: Wed, 18 Jul 2018 12:50:25 -0700 X-CMAE-Envelope: MS4wfJ37+G2wEr9o2wOGCNQzon8vHKn2dnzm+FQDPFl5+q9f9yBBAqVm0c4LU9kVXuOuEIMNMey1iObMINsEFGS7+tuSBXfFRvNgjAjig9GIleCeAYJHR99m aKRISL0mr6aU/kwt82IVrzVKfR69GyJK0a+q7Y8rP84h1gRN9KfJTuaxIomrABEgeJNffO/LZf18IPaiBKl2lGzkY2Gpp5yEIJ5Hs7/27oTCt/SdC3YKI+5f CYahQ0GLqvTUoFYOuiW5neLmCXY66BB6qUEHqJuOXD7eW4XpIf7M/dekNI+WfkIpNYHqmYl/DsUdivIxEGxiZkv2Me0uojCp2CPYa00AYlUtVNk51i1z204R 3pSriX3x X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jul 2018 19:50:53 -0000 This is a multipart MIME message. --==_Exmh_1531943200_26820 Content-Type: text/plain; charset=us-ascii Hi Kyle, Can you try the attached patch please? The upline commit log entry says: commit e8d08cf37844f783b389e601ecedd13edd2b9196 Author: Jouni Malinen Date: Wed Jun 6 01:22:01 2018 +0300 SAE: Do not drop STA entry on reauthentication in infrastructure BSS A new SAE Commit message should not be allowed to drop an existing STA entry since the sender of that Commit message cannot be authenticated before receiving the Confirm message. This is important in particular when PMF is used since this would provide a potential new path for forcing a connection to be dropped. Fix this by allowing a new SAE Authentication instance to be started when the old instance is in Accepted state and the new Commit message does not use the same peer-scalar value (checked in sae_parse_commit_scalar()). When PMF is used, the AP will use SA Query procedure when receiving the (Re)Association Request frame. In theory, that step could be skipped in case of SAE Authentication since the non-AP STA is demonstrating knowledge of the password. Anyway, there is no allowance for that exception in the IEEE 802.11 standard, so at least for now, leave this using SA Query procedure just like any other PMF case. Signed-off-by: Jouni Malinen In message , Kyle Evans writes: > Poking at the router indicates that it is indeed during a rekey event. > > On Wed, Jul 18, 2018 at 12:56 PM, Adrian Chadd wrote > : > > Is it during a rekey event? > > > > > > > > -adrian > > > > On Wed, 18 Jul 2018 at 08:16, Kyle Evans wrote: > >> > >> On Wed, Jul 11, 2018 at 1:53 PM, Cy Schubert wrote: > >> > Author: cy > >> > Date: Wed Jul 11 18:53:18 2018 > >> > New Revision: 336203 > >> > URL: https://svnweb.freebsd.org/changeset/base/336203 > >> > > >> > Log: > >> > MFV r324714: > >> > > >> > Update wpa 2.5 --> 2.6. > >> > > >> > MFC after: 1 month > >> > > >> > >> Hi, > >> > >> Thanks again for the update! For some reason with 2.6, I'm seeing > >> hourly (+/- a minute or two) disconnects: > >> > >> Jul 18 08:16:47 shiva wpa_supplicant[63771]: wlan0: > >> CTRL-EVENT-DISCONNECTED bssid=... reason=1 locally_generated=1 > >> Jul 18 08:16:47 shiva kernel: wlan0: link state changed to DOWN > >> Jul 18 08:16:47 shiva wpa_supplicant[63771]: ioctl[SIOCS80211, op=20, > >> val=0, arg_len=7]: Can't assign requested address > >> Jul 18 08:18:03 shiva wpa_supplicant[63771]: wlan0: Trying to > >> associate with ... (SSID='FBI Surveillance Cat' freq=2437 MHz) > >> Jul 18 08:18:03 shiva wpa_supplicant[63771]: wlan0: Associated with ... > >> Jul 18 08:18:03 shiva kernel: wlan0: link state changed to UP > >> Jul 18 08:18:03 shiva dhclient[40889]: send_packet: No buffer space availa > ble > >> Jul 18 08:18:03 shiva wpa_supplicant[63771]: wlan0: WPA: Key > >> negotiation completed with ... [PTK=CCMP GTK=CCMP] > >> Jul 18 08:18:03 shiva wpa_supplicant[63771]: wlan0: > >> CTRL-EVENT-CONNECTED - Connection to ... completed [id=0 id_str=] > >> Jul 18 08:18:06 shiva dhclient[42269]: New IP Address (wlan0): 192.168.1.1 > 50 > >> Jul 18 08:18:06 shiva dhclient[42841]: New Subnet Mask (wlan0): 255.255.25 > 5.0 > >> Jul 18 08:18:06 shiva dhclient[43080]: New Broadcast Address (wlan0): > >> 192.168.1.255 > >> Jul 18 08:18:06 shiva dhclient[43248]: New Routers (wlan0): 192.168.1.1 > >> > >> Any idea what that might be about? My wpa_supplicant.conf is fairly > >> minimal with exactly one network specified. > >> > >> Thanks, > >> > >> Kyle Evans > >> --==_Exmh_1531943200_26820 Content-Type: text/plain ; name="rekey.diff"; charset=us-ascii Content-Description: rekey.diff Content-Disposition: attachment; filename="rekey.diff" diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 9027bbfc0..a1a037311 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -753,12 +753,24 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta, } break; case SAE_ACCEPTED: - if (auth_transaction == 1) { + if (auth_transaction == 1 && + (hapd->conf->mesh & MESH_ENABLED)) { wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR ") doing reauthentication", MAC2STR(sta->addr)); ap_free_sta(hapd, sta); wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); + } else if (auth_transaction == 1) { + wpa_printf(MSG_DEBUG, "SAE: Start reauthentication"); + ret = auth_sae_send_commit(hapd, sta, bssid, 1); + if (ret) + return ret; + sae_set_state(sta, SAE_COMMITTED, "Sent Commit"); + + if (sae_process_commit(sta->sae) < 0) + return WLAN_STATUS_UNSPECIFIED_FAILURE; + sta->sae->sync = 0; + sae_set_retransmit_timer(hapd, sta); } else { if (sae_check_big_sync(hapd, sta)) return WLAN_STATUS_SUCCESS; --==_Exmh_1531943200_26820 Content-Type: text/plain; charset=us-ascii Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. --==_Exmh_1531943200_26820--