On Thu, 2016-06-09 at 16:47 -0500, Dan Williams wrote:
> On Thu, 2016-06-09 at 17:28 +0200, Bastien Nocera wrote:
> >
> > On Thu, 2016-06-09 at 10:23 -0500, Dan Williams wrote:
> > >
> > >
> > > On Thu, 2016-06-09 at 17:13 +0200, Bastien Nocera wrote:
> > > >
> > > >
> > > > On Thu, 2016-06-09 at 10:00 -0500, Dan Williams wrote:
> > > > >
> > > > >
> > > > >
> > > > >
> > > > <snip>
> > > > >
> > > > >
> > > > >
> > > > > So I missed it before. But your AP isn't actually set for
> > > > > WEP,
> > > > > it's
> > > > > set for WPA/TKIP. If it's actually using just WEP, you won't
> > > > > see
> > > > > any
> > > > > of the RSN/WPA IEs in the beacon.
> > > > Still isn't right that it's not showing though, is it?
> > > Yeah. Can you 'nmcli g log', then:
> > >
> > > nmcli g log level debug domains <output from 'g log'
> > > domains>,WIFI_SCAN
> > >
> > > and then turn on airplane mode, turn it off, and wait for a bit
> > > until
> > > you're sure the AP doesn't get found by NM. Then send me the
> > > logs
> > > and
> > > I'll take a look to see if I can figure out why NM doesn't find
> > > it.
> > > If
> > > the supplicant sees it, but NM does not, then there's an NM bug
> > > somewhere.
> > Well, wpa_supplicant is throwing an error when you try to get the
> > RSN,
> > so I don't really expect NM to be able to process that access
> > point.
> The AP's beacon indicates that it is using TSN (Transition Security
> Network), since it's indicating WEP-104 as the group cipher (00 0f ac
> 05). It looks like wpa_supplicant tries to handle that in some
> places,
> but ultimately the IE parsing in wpa_parse_wpa_ie_rsn() doesn't allow
> that, so the IE won't parse, and the supplicant wouldn't allow
> assocaiting to that network either.
>
> So it's a bug in the supplicant for TSN networks. For other testing,
> try disabling RSN/WPA2? If the AP allows a "WEP-only" mode that's
> what
> I'd use. You want *nothing* in the beacon that indicates RSN or WPA
> capabilities.
Jouni confirmed that there is a bug in the supplicant. The
commit ce8963fc9f197771cd51ba2834fbdf711189641a ('Remove WEP40/WEP104
cipher suite support for WPA/WPA2') appears to have broken this
functionality (where the AP advertises WEP support in WPA/RSN IEs), but
it will still work for WEP-only APs. Not sure what his solution will
be, since this behavior (TSN) is technically allowed by the standards
for WPA1 (but not necessarily for WPA2/RSN, I believe).
We should likely also modify NM to not reject the AP if the RSN IE
fails to parse, but to simply ignore WPA2/RSN on that AP and only allow
using TKIP, if present. If the RSN IE fails to parse and the AP does
not support TKIP, then NM should correctly reject the AP, since RSN+WEP
is not really a valid mode.
Dan
_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list
