current-users: Re: WPA regression

Subject: Re: WPA regression
To: None <current-users@netbsd.org>
From: Jared D. McNeill <jmcneill@invisible.ca>
List: current-users
Date: 01/29/2008 19:00:17
Jukka Salmi wrote:
> Stephen M. Rumble --> current-users (2008-01-29 13:23:44 -0500):
>> Quoting Jukka Salmi <j+nbsd@2008.salmi.ch>:
> [...]
>>> Does it stop working exactly when the first GTK rekeying takes place?
>>> If yes, it's probably the same problem I'm trying to debug ATM (using
>>> hostapd(8) and wpa_supplicant(8) with ath(4) on NetBSD/i386 current).
>> I have no idea. Is there an easy way to check?
>>
>> wpa_cli's `status' command just says COMPLETED, I think.
> 
> Is your access point running hostapd(8)? If yes, try setting
> wpa_group_rekey to a small value, e.g. 60 (default is 600) to not have
> to wait for ten minutes until rekeying takes place... Then start hostapd
> with option -dd (and without -B), and as soon as you see "ath0: Setup
> of interface done." start wpa_supplicant; authentication should work.
> Wait for a minute, and hostapd should print "ath0: WPA rekeying GTK",
> followed by several "EAPOL-Key timeout" lines, and finally
> 
> ath0: STA [...] IEEE 802.11: deauthenticated due to local deauth request
> ath0: STA [...] IEEE 802.11: deassociated
> 
> If your AP doesn't run hostapd or you don't have access to it, try
> running wpa_supplicant with option -dd and without -B; as soon as
> rekeying fails you should see "Added BSSID XXX into blacklist", where
> XXX is your AP's BSSID.
> 
> At least that's what I'm currently seeing, as soon as the first rekeying
> takes place...
> 
> 
>> ath0 does timeout a lot (and I commented out the printf in the driver), 
> 
> Does setting hw.ath0.txintrperiod=1 instead help?

I don't see the local deauth request, but I do see the following when it 
fails for me:

WPA: Key negotiation completed with 00:19:e3:fa:b7:f2 [PTK=CCMP GTK=CCMP]
Cancelling scan request
Cancelling authentication timeout
State: GROUP_HANDSHAKE -> COMPLETED
CTRL-EVENT-CONNECTED - Connection to 00:00:00:00:00:00 completed 
(reauth) [id=0 id_str=]
EAPOL: External notification - portValid=1
EAPOL: External notification - EAP success=1

Notice the invalid bssid. This is with wpi(4).

Cheers,
Jared