Re: wifi join and wpaprotos

Peter Hessler Wed, 21 Nov 2018 00:20:00 -0800

On 2018 Nov 20 (Tue) at 20:06:25 +0100 (+0100), Peter Hessler wrote:
:On 2018 Nov 02 (Fri) at 19:13:56 +0100 (+0100), Peter Hessler wrote:
::On 2018 Nov 02 (Fri) at 17:59:05 +0100 (+0100), Solene Rapenne wrote:
:::Stefan Sperling <[email protected]> wrote:
:::> On Fri, Nov 02, 2018 at 03:41:57PM +0100, Solene Rapenne wrote:
:::> > Hello,
:::> > 
:::> > I can't connect to wpa1 networks using join. From the man page, I 
understand
:::> > that "wpaprotos" parameter isn't supported.
:::> > 
:::> >     The id can either be any text string up to 32 characters in
:::> >     length, or a series of hexadecimal digits up to 64 digits.  Any
:::> >     necessary wpakey or nwkey arguments should be specified on the
:::> >     same line.  May not be used with nwid.
:::> > 
:::> > The SSID when I use "ifconfig iwm0 scan":
:::> > 
:::> >     nwid freeboxSSID chan 11 bssid 16:fa:ca:a1:ba:3c 67% HT-MCS15 
privacy,short_slottime,wpa1
:::> > 
:::> > 
:::> > With this line in /etc/hostname.iwm0:
:::> > 
:::> >     join "freeboxSSID" wpakey somekeyhere
:::> > 
:::> > It won't connect until I type "ifconfig iwm0 wpaprotos wpa1".
:::> > 
:::> > 
:::> > If I add the wpaprotos parameters to the /etc/hostname.iwm0 line, when
:::> > rebooting, the ifconfig command output is the following.
:::> > 
:::> >     iwm0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 
1500
:::> >             lladdr 8c:16:45:9b:c9:fe
:::> >             index 1 priority 4 llprio 3
:::> >             trunk: trunkdev trunk0
:::> >             groups: wlan
:::> >             media: IEEE802.11 autoselect (DS1)
:::> >             status: no network
:::> >             ieee80211: join freeboxSSID
:::> > 
:::> > I'm not sure it's a bug, but I prefer to report it.
:::> 
:::> That's probably a bug. Using wpaprotos with join in hostname.if is supposed
:::> to work as long as you're specifying it on the same line, like this:
:::> 
:::>      join "freeboxSSID" wpakey somekeyhere wpaprotos wpa1
:::
:::With this line, it doesn't find the SSID after reboot or using netstart.
:::
::
::I'll look into it.  Thanks for the report!
::
:
:Sorry for the delay, it took a while to get time to fix this.
:
:There are two bugs masquarading as one.
:
:First in the kernel, is that we didn't properly match what the node
:(access point) is advertising to us, so we should match against that
:instead.  Secondly, in ifconfig, we made all of the nice pretty
:structures and stomped all over them when saving them.
:
:You'll need to rebuild ifconfig and boot into a new kernel.
:
:OK?
:


Sorry, I attached the wrong diff, too many other things were intertwined
in it.

Here's a diff that compiles, and should fix your issue.

OK?


Index: sys/net80211/ieee80211_node.c
===================================================================
RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_node.c,v
retrieving revision 1.157
diff -u -p -u -p -r1.157 ieee80211_node.c
--- sys/net80211/ieee80211_node.c       20 Nov 2018 20:26:01 -0000      1.157
+++ sys/net80211/ieee80211_node.c       21 Nov 2018 07:36:51 -0000
@@ -515,12 +515,8 @@ ieee80211_match_ess(struct ieee80211_ess
                return 0;
 
        if (ess->flags & (IEEE80211_F_PSK | IEEE80211_F_RSNON)) {
-               /* Ensure same WPA version. */
-               if ((ni->ni_rsnprotos & IEEE80211_PROTO_RSN) &&
-                   (ess->rsnprotos & IEEE80211_PROTO_RSN) == 0)
-                       return 0;
-               if ((ni->ni_rsnprotos & IEEE80211_PROTO_WPA) &&
-                   (ess->rsnprotos & IEEE80211_PROTO_WPA) == 0)
+               /* Ensure a compatible WPA version. */
+               if ((ni->ni_supported_rsnprotos & ess->rsnprotos) == 0)
                        return 0;
        } else if (ess->flags & IEEE80211_F_WEPON) {
                if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
Index: sbin/ifconfig/ifconfig.c
===================================================================
RCS file: /cvs/openbsd/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.384
diff -u -p -u -p -r1.384 ifconfig.c
--- sbin/ifconfig/ifconfig.c    20 Nov 2018 20:49:26 -0000      1.384
+++ sbin/ifconfig/ifconfig.c    21 Nov 2018 07:36:00 -0000
@@ -1909,7 +1909,7 @@ setifwpa(const char *val, int d)
        wpa.i_enabled = d;
 
        if (actions & A_JOIN) {
-               memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
+               join.i_wpaparams.i_enabled = d;
                join.i_flags |= IEEE80211_JOIN_WPA;
                return;
        }
@@ -1940,6 +1940,12 @@ setifwpaprotos(const char *val, int d)
        }
        free(optlist);
 
+       if (actions & A_JOIN) {
+               join.i_wpaparams.i_protos = rval;
+               join.i_flags |= IEEE80211_JOIN_WPA;
+               return;
+       }
+
        memset(&wpa, 0, sizeof(wpa));
        (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
        if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
@@ -1949,12 +1955,6 @@ setifwpaprotos(const char *val, int d)
        wpa.i_ciphers = 0;
        wpa.i_groupcipher = 0;
 
-       if (actions & A_JOIN) {
-               memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
-               join.i_flags |= IEEE80211_JOIN_WPA;
-               return;
-       }
-
        if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
                err(1, "SIOCS80211WPAPARMS");
 }
@@ -1981,6 +1981,14 @@ setifwpaakms(const char *val, int d)
        }
        free(optlist);
 
+       if (actions & A_JOIN) {
+               join.i_wpaparams.i_akms = rval;
+               join.i_wpaparams.i_enabled =
+                   ((rval & IEEE80211_WPA_AKM_8021X) != 0);
+               join.i_flags |= IEEE80211_JOIN_WPA;
+               return;
+       }
+
        memset(&wpa, 0, sizeof(wpa));
        (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
        if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
@@ -1989,12 +1997,6 @@ setifwpaakms(const char *val, int d)
        /* Enable WPA for 802.1x here. PSK case is handled in setifwpakey(). */
        wpa.i_enabled = ((rval & IEEE80211_WPA_AKM_8021X) != 0);
 
-       if (actions & A_JOIN) {
-               memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
-               join.i_flags |= IEEE80211_JOIN_WPA;
-               return;
-       }
-
        if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
                err(1, "SIOCS80211WPAPARMS");
 }
@@ -2042,18 +2044,18 @@ setifwpaciphers(const char *val, int d)
        }
        free(optlist);
 
+       if (actions & A_JOIN) {
+               join.i_wpaparams.i_ciphers = rval;
+               join.i_flags |= IEEE80211_JOIN_WPA;
+               return;
+       }
+
        memset(&wpa, 0, sizeof(wpa));
        (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
        if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
                err(1, "SIOCG80211WPAPARMS");
        wpa.i_ciphers = rval;
 
-       if (actions & A_JOIN) {
-               memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
-               join.i_flags |= IEEE80211_JOIN_WPA;
-               return;
-       }
-
        if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
                err(1, "SIOCS80211WPAPARMS");
 }
@@ -2076,7 +2078,7 @@ setifwpagroupcipher(const char *val, int
        wpa.i_groupcipher = cipher;
 
        if (actions & A_JOIN) {
-               memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
+               join.i_wpaparams.i_groupcipher = cipher;
                join.i_flags |= IEEE80211_JOIN_WPA;
                return;
        }


-- 
To iterate is human, to recurse, divine.
                -- Robert Heller

Re: wifi join and wpaprotos

Reply via email to