#18966: WPA-EAP TLS broken on Buffalo WZR-HP-AG300H/ath9k - workaround included
---------------------------------+-----------------------------------
Reporter: alexander.wetzel@… | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone:
Component: kernel | Version: Barrier Breaker 14.07
Resolution: | Keywords: athk9 eap
---------------------------------+-----------------------------------
Comment (by alexander.wetzel@…):
I'm still investigating this, but it looks like I found hard evidence that
it's not a bug in Openwrt, so you may want to close the bug:
I was able to patch wireshark, so it follow the eap rekeys. When I now
enter the PMKs from the radius server or wpa_supplicant debug log I see
can see the cleartext of the encoded packets.
(I'll upload my current version of the patch here, so if someone is
interested in it you can have a look. May take some time till I finalize
that and try to get it included in wireshark.)
And the first result is, that all packets are decoded correctly in
wireshark, both the Openwrt router and the Linux client seems generate
valid packets. The packets are all there and according to the capture the
communication should work.
So I have to conclude that the issue is indeed the linux client (as the
test with win7 was already indicating).
Since wpa_supplicant is reporting the correct key (which is in wireshark
able to decode the packets from the router) this seems to be a
driver/kernel issue. I'll mess around a bit more and then address this to
the correct audience (probably a linux kernel bug again.)
As unlikely as it seems, EAP-rekey under load seems to be broken, at least
for the wlan drivers iwlwifi (with Centrino Ultimate-N 6300) and iwl3945
(PRO/Wireless 3945ABG) up to at least kernel 3.19.
--
Ticket URL: <https://dev.openwrt.org/ticket/18966#comment:6>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
