On Sat, Jul 11, 2020 at 10:22:10AM -0500, Tim Chase wrote:
> On 2020-07-11 10:34, Stefan Sperling wrote:
> > On Fri, Jul 10, 2020 at 10:20:07AM -0500, Tim Chase wrote:
> > > On 2020-07-10 09:58, Stefan Sperling wrote:
> > > > Does it work if you eliminate DHCP and assign static IPs?
> > >
> > > It indeed allowed me to talk to other devices on the network
> > > over wifi. So that's at least some form of progress from where
> > > the physical layer wasn't even giving a carrier originally.
> >
> > With static IP working, it's quite likely that looking at the wifi
> > layer won't lead us anywhere. This is looking more and more like a
> > DHCP problem, rather than a wifi problem. I'm at a loss as to where
> > we could look next.
>
> Since it seems like we hit a dead-end, I went ahead took your other
> suggestion, switching my router so it's AES only, no TKIP and it's
> back to working. So something in that TKIP confusion that you
> identified seems to be dropping the DHCP reply on the floor.
Thanks for confirming that CCPM-only (i.e. WPA2-only) works as expected.
What is a bit puzzling is that a CCMP+TKIP AP I used for trying to
reproduce the issue seemed to work as expected for me.
I have now found out that ic_rsngroupcipher wasn't updated and always
remained set to CCMP (see the other patch I sent to tech@ earlier today).
Turn out athn is relying on that value to be correct.
If the AP uses TKIP for group-addressed frames, then the check shown in
the patch below might result in a false-positive for TKIP frames.
Does this patch make the device work against your AP in both modes?
Something else we could still try is to only enable offloading if the AP
uses CCMP as a groupcipher. We could completely fall back to software crypto
in all the other cases. But let's try this simple patch first, since this
keeps pairwise CCMP accelerated in hardware.
diff 21633c8848e72769b1658114d9c706c177040a2a /usr/src
blob - 70dbaf422bd5ddc4567ef61322718cb15e7453ce
file + sys/dev/ic/ar5008.c
--- sys/dev/ic/ar5008.c
+++ sys/dev/ic/ar5008.c
@@ -1005,7 +1005,7 @@ ar5008_rx_process(struct athn_softc *sc, struct mbuf_l
(ni->ni_flags & IEEE80211_NODE_RXPROT) &&
(ni->ni_rsncipher == IEEE80211_CIPHER_CCMP ||
(IEEE80211_IS_MULTICAST(wh->i_addr1) &&
- ic->ic_rsngroupcipher == IEEE80211_CIPHER_CCMP))) {
+ ni->ni_rsngroupcipher == IEEE80211_CIPHER_CCMP))) {
if (ar5008_ccmp_decap(sc, m, ni) != 0) {
ifp->if_ierrors++;
ieee80211_release_node(ic, ni);
