Re: iwx not getting to status: active
Stefan Sperling writes: > Taking a fresh look at this in the morning, I think we should be checking > for errors from ieee80211_set_key() before flagging the group key as valid. > The only reason this could fail in your case is ENOMEM so it shouldn't > make a difference regarding your test case. I tested it for good measure. > still ok? OK > > There is still room for improvement but that's left for later. I suppose we > should move the driver back into SCAN state if it fails to set link state UP, > rather than having it hang. Otherwise an AP could trigger a hang accidentally > or deliberately by not sending a group key. > > diff 7faf78381a333a9545f245f931e6a51077ba6762 /usr/src > blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689 > file + sys/dev/pci/if_iwx.c > --- sys/dev/pci/if_iwx.c > +++ sys/dev/pci/if_iwx.c > @@ -6677,11 +6677,16 @@ iwx_set_key(struct ieee80211com *ic, struct ieee80211_ > struct ieee80211_key *k) > { > struct iwx_softc *sc = ic->ic_softc; > + struct iwx_node *in = (void *)ni; > struct iwx_setkey_task_arg *a; > + int err; > > if (k->k_cipher != IEEE80211_CIPHER_CCMP) { > /* Fallback to software crypto for other ciphers. */ > - return (ieee80211_set_key(ic, ni, k)); > + err = ieee80211_set_key(ic, ni, k); > + if (!err && (k->k_flags & IEEE80211_KEY_GROUP)) > + in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY; > + return err; > } > > if (sc->setkey_nkeys >= nitems(sc->setkey_arg))
Re: iwx not getting to status: active
Confirmed it is also work. iwx0 at pci0 dev 20 function 3 "Intel Wi-Fi 6 AX201" rev 0x00, msix Regards, zxystd
Re: iwx not getting to status: active
On Mon, Jul 05, 2021 at 06:36:00PM -0700, Greg Steuck wrote: > Stefan Sperling writes: > > > On Tue, Jul 06, 2021 at 12:31:20AM +0200, Stefan Sperling wrote: > >> On Mon, Jul 05, 2021 at 02:11:36PM -0700, Greg Steuck wrote: > >> > Do I need to figure out the state machines behind iwx and iee80211 now? > >> > :) > >> > >> This AP seems to use TKIP for the groupcipher and the iwx > >> setkey task doesn't handle this case properly. > >> > >> Can you try this? > > > > This smaller patch might suffice: > > I was wrong, this also works great! > > OK gnezdo@ Taking a fresh look at this in the morning, I think we should be checking for errors from ieee80211_set_key() before flagging the group key as valid. The only reason this could fail in your case is ENOMEM so it shouldn't make a difference regarding your test case. still ok? There is still room for improvement but that's left for later. I suppose we should move the driver back into SCAN state if it fails to set link state UP, rather than having it hang. Otherwise an AP could trigger a hang accidentally or deliberately by not sending a group key. diff 7faf78381a333a9545f245f931e6a51077ba6762 /usr/src blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689 file + sys/dev/pci/if_iwx.c --- sys/dev/pci/if_iwx.c +++ sys/dev/pci/if_iwx.c @@ -6677,11 +6677,16 @@ iwx_set_key(struct ieee80211com *ic, struct ieee80211_ struct ieee80211_key *k) { struct iwx_softc *sc = ic->ic_softc; + struct iwx_node *in = (void *)ni; struct iwx_setkey_task_arg *a; + int err; if (k->k_cipher != IEEE80211_CIPHER_CCMP) { /* Fallback to software crypto for other ciphers. */ - return (ieee80211_set_key(ic, ni, k)); + err = ieee80211_set_key(ic, ni, k); + if (!err && (k->k_flags & IEEE80211_KEY_GROUP)) + in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY; + return err; } if (sc->setkey_nkeys >= nitems(sc->setkey_arg))
Re: iwx not getting to status: active
Stefan Sperling writes: > On Tue, Jul 06, 2021 at 12:31:20AM +0200, Stefan Sperling wrote: >> On Mon, Jul 05, 2021 at 02:11:36PM -0700, Greg Steuck wrote: >> > Do I need to figure out the state machines behind iwx and iee80211 now? :) >> >> This AP seems to use TKIP for the groupcipher and the iwx >> setkey task doesn't handle this case properly. >> >> Can you try this? > > This smaller patch might suffice: I was wrong, this also works great! OK gnezdo@ > > diff 7faf78381a333a9545f245f931e6a51077ba6762 /usr/src > blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689 > file + sys/dev/pci/if_iwx.c > --- sys/dev/pci/if_iwx.c > +++ sys/dev/pci/if_iwx.c > @@ -6677,9 +6677,12 @@ iwx_set_key(struct ieee80211com *ic, struct ieee80211_ > struct ieee80211_key *k) > { > struct iwx_softc *sc = ic->ic_softc; > + struct iwx_node *in = (void *)ni; > struct iwx_setkey_task_arg *a; > > if (k->k_cipher != IEEE80211_CIPHER_CCMP) { > + if (k->k_flags & IEEE80211_KEY_GROUP) > + in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY; > /* Fallback to software crypto for other ciphers. */ > return (ieee80211_set_key(ic, ni, k)); > }
Re: iwx not getting to status: active
Stefan Sperling writes: > This AP seems to use TKIP for the groupcipher and the iwx > setkey task doesn't handle this case properly. > > Can you try this? This works great, yielding these diagnostics: iwx0: associated with 38:ff:36:23:09:ac ssid "MarlinGuest" channel 52 start MCS 0 long preamble long slot time HT enabled iwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU iwx0: received msg 1/4 of the 4-way handshake from 38:ff:36:23:09:ac iwx0: sending msg 2/4 of the 4-way handshake to 38:ff:36:23:09:ac iwx0: received msg 3/4 of the 4-way handshake from 38:ff:36:23:09:ac iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:23:09:ac iwx_add_sta_key entered k->k_flags 100 iwx0: sending action to 38:ff:36:23:09:ac on channel 52 mode 11n iwx0: sending action to 38:ff:36:23:09:ac on channel 52 mode 11n iwx0: sending action to 38:ff:36:23:09:ac on channel 52 mode 11n I think the simpler patch doesn't work, I'll double check. Thanks a lot! > diff 7faf78381a333a9545f245f931e6a51077ba6762 /usr/src > blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689 > file + sys/dev/pci/if_iwx.c > --- sys/dev/pci/if_iwx.c > +++ sys/dev/pci/if_iwx.c > @@ -6677,11 +6677,24 @@ iwx_set_key(struct ieee80211com *ic, struct ieee80211_ > struct ieee80211_key *k) > { > struct iwx_softc *sc = ic->ic_softc; > + struct iwx_node *in = (void *)ni; > struct iwx_setkey_task_arg *a; > + const int want_keymask = (IWX_NODE_FLAG_HAVE_PAIRWISE_KEY | > + IWX_NODE_FLAG_HAVE_GROUP_KEY); > + int err; > > if (k->k_cipher != IEEE80211_CIPHER_CCMP) { > + if (k->k_flags & IEEE80211_KEY_GROUP) > + in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY; > /* Fallback to software crypto for other ciphers. */ > - return (ieee80211_set_key(ic, ni, k)); > + err = ieee80211_set_key(ic, ni, k); > + if (!err && (in->in_flags & want_keymask) == want_keymask) { > + DPRINTF(("marking port %s valid\n", > + ether_sprintf(ni->ni_macaddr))); > + ni->ni_port_valid = 1; > + ieee80211_set_link_state(ic, LINK_STATE_UP); > + } > + return err; > } > > if (sc->setkey_nkeys >= nitems(sc->setkey_arg))
Re: iwx not getting to status: active
On Tue, Jul 06, 2021 at 12:31:20AM +0200, Stefan Sperling wrote: > On Mon, Jul 05, 2021 at 02:11:36PM -0700, Greg Steuck wrote: > > Do I need to figure out the state machines behind iwx and iee80211 now? :) > > This AP seems to use TKIP for the groupcipher and the iwx > setkey task doesn't handle this case properly. > > Can you try this? This smaller patch might suffice: diff 7faf78381a333a9545f245f931e6a51077ba6762 /usr/src blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689 file + sys/dev/pci/if_iwx.c --- sys/dev/pci/if_iwx.c +++ sys/dev/pci/if_iwx.c @@ -6677,9 +6677,12 @@ iwx_set_key(struct ieee80211com *ic, struct ieee80211_ struct ieee80211_key *k) { struct iwx_softc *sc = ic->ic_softc; + struct iwx_node *in = (void *)ni; struct iwx_setkey_task_arg *a; if (k->k_cipher != IEEE80211_CIPHER_CCMP) { + if (k->k_flags & IEEE80211_KEY_GROUP) + in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY; /* Fallback to software crypto for other ciphers. */ return (ieee80211_set_key(ic, ni, k)); }
Re: iwx not getting to status: active
On Mon, Jul 05, 2021 at 02:11:36PM -0700, Greg Steuck wrote: > Do I need to figure out the state machines behind iwx and iee80211 now? :) This AP seems to use TKIP for the groupcipher and the iwx setkey task doesn't handle this case properly. Can you try this? diff 7faf78381a333a9545f245f931e6a51077ba6762 /usr/src blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689 file + sys/dev/pci/if_iwx.c --- sys/dev/pci/if_iwx.c +++ sys/dev/pci/if_iwx.c @@ -6677,11 +6677,24 @@ iwx_set_key(struct ieee80211com *ic, struct ieee80211_ struct ieee80211_key *k) { struct iwx_softc *sc = ic->ic_softc; + struct iwx_node *in = (void *)ni; struct iwx_setkey_task_arg *a; + const int want_keymask = (IWX_NODE_FLAG_HAVE_PAIRWISE_KEY | + IWX_NODE_FLAG_HAVE_GROUP_KEY); + int err; if (k->k_cipher != IEEE80211_CIPHER_CCMP) { + if (k->k_flags & IEEE80211_KEY_GROUP) + in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY; /* Fallback to software crypto for other ciphers. */ - return (ieee80211_set_key(ic, ni, k)); + err = ieee80211_set_key(ic, ni, k); + if (!err && (in->in_flags & want_keymask) == want_keymask) { + DPRINTF(("marking port %s valid\n", + ether_sprintf(ni->ni_macaddr))); + ni->ni_port_valid = 1; + ieee80211_set_link_state(ic, LINK_STATE_UP); + } + return err; } if (sc->setkey_nkeys >= nitems(sc->setkey_arg))
Re: iwx not getting to status: active
Greg Steuck writes: > Stefan Sperling writes: > >>> iwx0: received msg 3/4 of the 4-way handshake from 38:ff:36:23:09:ac >>> iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:23:09:ac >>> >>> I never see "iwx0: sending action to" after this. >> >> And you still see status: "no network" in ifconfig at this point? >> This could mean we're failing to set the link UP after the WPA handshake >> has completed. But I cannot explain why. > > Correct. It stays as "no network". I instrumented iwx_add_sta_key with this patch: diff --git a/sys/dev/pci/if_iwx.c b/sys/dev/pci/if_iwx.c index 5be1d92ee86..ffbfb4c9591 100644 --- a/sys/dev/pci/if_iwx.c +++ b/sys/dev/pci/if_iwx.c @@ -6709,6 +6709,8 @@ iwx_add_sta_key(struct iwx_softc *sc, int sta_id, struct ieee80211_node *ni, IWX_NODE_FLAG_HAVE_GROUP_KEY); int err; + printf("iwx_add_sta_key entered\n"); + /* * Keys are stored in 'ni' so 'k' is valid if 'ni' is valid. * Currently we only implement station mode where 'ni' is always @@ -6736,17 +6738,21 @@ iwx_add_sta_key(struct iwx_softc *sc, int sta_id, struct ieee80211_node *ni, status = IWX_ADD_STA_SUCCESS; err = iwx_send_cmd_pdu_status(sc, IWX_ADD_STA_KEY, sizeof(cmd), &cmd, &status); - if (sc->sc_flags & IWX_FLAG_SHUTDOWN) + if (sc->sc_flags & IWX_FLAG_SHUTDOWN) { + printf("ECANCELED\n"); return ECANCELED; + } if (!err && (status & IWX_ADD_STA_STATUS_MASK) != IWX_ADD_STA_SUCCESS) err = EIO; if (err) { IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, IEEE80211_REASON_AUTH_LEAVE); ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); + printf("err %d\n", err); return err; } + printf("k->k_flags %x\n", k->k_flags); if (k->k_flags & IEEE80211_KEY_GROUP) { in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY; } else { @@ -6762,6 +6768,8 @@ iwx_add_sta_key(struct iwx_softc *sc, int sta_id, struct ieee80211_node *ni, ether_sprintf(ni->ni_macaddr))); ni->ni_port_valid = 1; ieee80211_set_link_state(ic, LINK_STATE_UP); + } else { + printf("in->in_flags %x want_keymask %x\n", in->in_flags, want_keymask); } return 0; I see in the failing case: iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36: iwx_add_sta_key entered k->k_flags 100 in->in_flags 1 want_keymask 3 ... and then crickets. Which is different from the success case: iwx0: sending msg 4/4 of the 4-way handshake to 0a:ab:60: iwx_add_sta_key entered k->k_flags 100 in->in_flags 1 want_keymask 3 iwx_add_sta_key entered k->k_flags 101 iwx0: sending action to 0a:ab:60: on channel 1 mode 11n Do I need to figure out the state machines behind iwx and iee80211 now? :) Thanks Greg
Re: iwx not getting to status: active
On Mon, Jul 05, 2021 at 10:20:09AM -0700, Greg Steuck wrote: > Stefan Sperling writes: > > > On Mon, Jul 05, 2021 at 09:35:20AM +0200, Stefan Sperling wrote: > >> On Sun, Jul 04, 2021 at 07:58:47PM -0700, Greg Steuck wrote: > >> > I never see "iwx0: sending action to" after this. > >> > >> And you still see status: "no network" in ifconfig at this point? > >> This could mean we're failing to set the link UP after the WPA handshake > >> has completed. But I cannot explain why. > > > > And perhaps related: > > Did you have this patch applied? Does it make any difference? > > I didn't have this applied before, but now that I have I don't see any > difference. I'll keep it applied just to get some testing out of it. > > Thanks > Greg If you can still reproduce it, please try to figure out why ieee80211_set_link_state() isn't being called. It should be setting the link state to UP, otherwise the ifconfig "status:" like will keep showing "no network".
Re: iwx not getting to status: active
Stefan Sperling writes: >> iwx0: received msg 3/4 of the 4-way handshake from 38:ff:36:23:09:ac >> iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:23:09:ac >> >> I never see "iwx0: sending action to" after this. > > And you still see status: "no network" in ifconfig at this point? > This could mean we're failing to set the link UP after the WPA handshake > has completed. But I cannot explain why. Correct. It stays as "no network". >> Any debugging clues? > > netstat -nI iwx0 > netstat -W iwx0 > > Do any of the counters keep changing? Which ones? I collected some counters below with "close net80211 hardware crypto set_key races" applied. I don't have any other equipment with me, so packet captures aren't currently practical. % netstat -W iwx0 | perl -ne 'print unless m/\b0\b/' ieee80211 on iwx0: 2991 input encrypted packets without wep/wpa config discarded 1 input deauthentication packet 6 input eapol-key packets 8 active scans started % netstat -nI iwx0 NameMtu Network Address Ipkts IfailOpkts Ofail Colls iwx01500e8:84:a5:xx:xx:xx6 06 0 0 % netstat -W iwx0 | perl -ne 'print unless m/\b0\b/' ieee80211 on iwx0: 3150 input encrypted packets without wep/wpa config discarded 1 input deauthentication packet 6 input eapol-key packets 8 active scans started % netstat -W iwx0 | perl -ne 'print unless m/\b0\b/' ieee80211 on iwx0: 3292 input encrypted packets without wep/wpa config discarded 1 input deauthentication packet 6 input eapol-key packets 8 active scans started % netstat -W iwx0 | perl -ne 'print unless m/\b0\b/' ieee80211 on iwx0: 3379 input encrypted packets without wep/wpa config discarded 1 input deauthentication packet 6 input eapol-key packets 8 active scans started % netstat -nI iwx0 NameMtu Network Address Ipkts IfailOpkts Ofail Colls iwx01500e8:84:a5:xx:xx:xx6 06 0 0 dmesg: iwx0 at pci0 dev 20 function 3 "Intel Wi-Fi 6 AX201" rev 0x00, msix iwx0: hw rev 0x350, fw ver 48.1335886879.0, address e8:84:a5:xx:xx:xx iwx0: acquiring device failed iwx0: end active scan iwx0: + 38:ff:36:22:ce:bc 60 +11 54M ess privacy rsn "MarlinGuest" iwx0: + 38:ff:36:23:09:a84 +48 54M ess privacy rsn "MarlinGuest" iwx0: + 38:ff:36:23:09:ac 52 +37 54M ess privacy rsn "MarlinGuest" iwx0: firmware has detected regulatory domain 'US' (0x5553) iwx0: SCAN -> AUTH iwx0: sending auth to 38:ff:36:23:09:a8 on channel 4 mode 11g iwx0: AUTH -> ASSOC iwx0: sending assoc_req to 38:ff:36:23:09:a8 on channel 4 mode 11g iwx0: ASSOC -> RUN iwx0: associated with 38:ff:36:23:09:a8 ssid "MarlinGuest" channel 4 start MCS 0 short preamble short slot time HT enabled iwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU iwx0: received msg 1/4 of the 4-way handshake from 38:ff:36:23:09:a8 iwx0: sending msg 2/4 of the 4-way handshake to 38:ff:36:23:09:a8 iwx0: received msg 3/4 of the 4-way handshake from 38:ff:36:23:09:a8 iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:23:09:a8 iwx0: RUN -> INIT iwx0: begin active scan iwx0: INIT -> SCAN iwx0: SCAN -> INIT iwx0: begin active scan iwx0: INIT -> SCAN iwx0: SCAN -> INIT iwx0: begin active scan iwx0: INIT -> SCAN iwx0: end active scan iwx0: + 38:ff:36:22:04:b89 +14 54M ess privacy rsn "MarlinGuest" iwx0: + 38:ff:36:23:09:a84 +45 54M ess privacy rsn "MarlinGuest" iwx0: + 38:ff:36:23:09:ac 52 +37 54M ess privacy rsn "MarlinGuest" iwx0: + f8:e7:1e:1b:85:f84 +18 54M ess privacy rsn "MarlinGuest" iwx0: firmware has detected regulatory domain 'US' (0x5553) iwx0: SCAN -> AUTH iwx0: sending auth to 38:ff:36:23:09:a8 on channel 4 mode 11g iwx0: AUTH -> ASSOC iwx0: sending assoc_req to 38:ff:36:23:09:a8 on channel 4 mode 11g iwx0: ASSOC -> RUN iwx0: associated with 38:ff:36:23:09:a8 ssid "MarlinGuest" channel 4 start MCS 0 short preamble short slot time HT enabled iwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU iwx0: received msg 1/4 of the 4-way handshake from 38:ff:36:23:09:a8 iwx0: sending msg 2/4 of the 4-way handshake to 38:ff:36:23:09:a8 iwx0: received msg 3/4 of the 4-way handshake from 38:ff:36:23:09:a8 iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:23:09:a8 iwx0: RUN -> AUTH iwx0: sending auth to 38:ff:36:23:09:a8 on channel 4 mode 11n iwx0: AUTH -> ASSOC iwx0: sending assoc_req to 38:ff:36:23:09:a8 on channel 4 mode 11n iwx0: ASSOC -> RUN iwx0: associated with 38:ff:36:23:09:a8 ssid "MarlinGuest" channel 4 start MCS 0 short preamble short slot time HT enabled iwx0: missed beacon threshold set to 30 beacons, beacon interval i
Re: iwx not getting to status: active
Stefan Sperling writes: > On Mon, Jul 05, 2021 at 09:35:20AM +0200, Stefan Sperling wrote: >> On Sun, Jul 04, 2021 at 07:58:47PM -0700, Greg Steuck wrote: >> > I never see "iwx0: sending action to" after this. >> >> And you still see status: "no network" in ifconfig at this point? >> This could mean we're failing to set the link UP after the WPA handshake >> has completed. But I cannot explain why. > > And perhaps related: > Did you have this patch applied? Does it make any difference? I didn't have this applied before, but now that I have I don't see any difference. I'll keep it applied just to get some testing out of it. Thanks Greg
Re: iwx not getting to status: active
On Mon, Jul 05, 2021 at 09:35:20AM +0200, Stefan Sperling wrote: > On Sun, Jul 04, 2021 at 07:58:47PM -0700, Greg Steuck wrote: > > I never see "iwx0: sending action to" after this. > > And you still see status: "no network" in ifconfig at this point? > This could mean we're failing to set the link UP after the WPA handshake > has completed. But I cannot explain why. And perhaps related: Did you have this patch applied? Does it make any difference? Details here: https://marc.info/?l=openbsd-tech&m=162513511620823&w=2 diff 86b3b873864f7e98e688c12d8e455803ff30eadb 27f93922f2b250b31e9534b457665df3dcf58794 blob - ea245574f624ada1b8d0c9e8e8a0653fb2c3adc4 blob + 0bac2cda2290c4a44de8f5b8110a4399f75de88d --- sys/dev/ic/bwfm.c +++ sys/dev/ic/bwfm.c @@ -2714,7 +2714,13 @@ bwfm_set_key_cb(struct bwfm_softc *sc, void *arg) wsec |= wsec_enable; bwfm_fwvar_var_set_int(sc, "wsec", wsec); + if ((k->k_flags & IEEE80211_KEY_GROUP) == 0 && + ni->ni_rsn_supp_state == RSNA_SUPP_PTKNEGOTIATING) + ni->ni_rsn_supp_state = RSNA_SUPP_PTKDONE; + if (sc->sc_key_tasks == 0) { + if (k->k_flags & IEEE80211_KEY_SECURE) + ni->ni_flags |= IEEE80211_NODE_TXRXPROT; DPRINTF(("%s: marking port %s valid\n", DEVNAME(sc), ether_sprintf(cmd->ni->ni_macaddr))); cmd->ni->ni_port_valid = 1; blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689 blob + 5be1d92ee862f584df5901fe54ebe30e0c937d36 --- sys/dev/pci/if_iwx.c +++ sys/dev/pci/if_iwx.c @@ -6747,12 +6747,17 @@ iwx_add_sta_key(struct iwx_softc *sc, int sta_id, stru return err; } - if (k->k_flags & IEEE80211_KEY_GROUP) + if (k->k_flags & IEEE80211_KEY_GROUP) { in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY; - else + } else { in->in_flags |= IWX_NODE_FLAG_HAVE_PAIRWISE_KEY; + if (ni->ni_rsn_supp_state == RSNA_SUPP_PTKNEGOTIATING) + ni->ni_rsn_supp_state = RSNA_SUPP_PTKDONE; + } if ((in->in_flags & want_keymask) == want_keymask) { + if (k->k_flags & IEEE80211_KEY_SECURE) + ni->ni_flags |= IEEE80211_NODE_TXRXPROT; DPRINTF(("marking port %s valid\n", ether_sprintf(ni->ni_macaddr))); ni->ni_port_valid = 1; blob - 08ffda8c9aaede9c901d97a43bf2873591e8df19 blob + 0c141fc5df7ba1a774af98a59a2b718bdcc721bb --- sys/dev/usb/if_athn_usb.c +++ sys/dev/usb/if_athn_usb.c @@ -1662,7 +1662,12 @@ athn_usb_set_key_cb(struct athn_usb_softc *usc, void * s = splnet(); athn_usb_write_barrier(&usc->sc_sc); athn_set_key(ic, cmd->ni, cmd->key); + if ((cmd->key->k_flags & IEEE80211_KEY_GROUP) == 0 && + cmd->ni->ni_rsn_supp_state == RSNA_SUPP_PTKNEGOTIATING) + cmd->ni->ni_rsn_supp_state = RSNA_SUPP_PTKDONE; if (usc->sc_key_tasks == 0) { + if (cmd->key->k_flags & IEEE80211_KEY_SECURE) + cmd->ni->ni_flags |= IEEE80211_NODE_TXRXPROT; DPRINTF(("marking port %s valid\n", ether_sprintf(cmd->ni->ni_macaddr))); cmd->ni->ni_port_valid = 1; blob - bb220831ffc852347afdcda18c9bca0589d6d939 blob + 8e426e9cab0b389f2e1260139ad451b30e10287e --- sys/dev/usb/if_otus.c +++ sys/dev/usb/if_otus.c @@ -2116,7 +2116,12 @@ otus_set_key_cb(struct otus_softc *sc, void *arg) memcpy(key.key, k->k_key + 16, 16); (void)otus_cmd(sc, AR_CMD_EKEY, &key, sizeof key, NULL); + if ((k->k_flags & IEEE80211_KEY_GROUP) == 0 && + cmd->ni->ni_rsn_supp_state == RSNA_SUPP_PTKNEGOTIATING) + cmd->ni->ni_rsn_supp_state = RSNA_SUPP_PTKDONE; if (sc->sc_key_tasks == 0) { + if (k->k_flags & IEEE80211_KEY_SECURE) + cmd->ni->ni_flags |= IEEE80211_NODE_TXRXPROT; DPRINTF(("marking port %s valid\n", ether_sprintf(cmd->ni->ni_macaddr))); cmd->ni->ni_port_valid = 1; blob - 929d8f161d50cd294569dd74e0a4e2980e5607ca blob + 5e30f1b680b1b58c020ba9627aa5a8776aa1b3a4 --- sys/dev/usb/if_rsu.c +++ sys/dev/usb/if_rsu.c @@ -940,7 +940,12 @@ rsu_set_key_cb(struct rsu_softc *sc, void *arg) memcpy(key.key, k->k_key, MIN(k->k_len, sizeof(key.key))); (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key)); + if ((k->k_flags & IEEE80211_KEY_GROUP) == 0 && + cmd->ni->ni_rsn_supp_state == RSNA_SUPP_PTKNEGOTIATING) + cmd->ni->ni_rsn_supp_state = RSNA_SUPP_PTKDONE; if (sc->sc_key_tasks == 0) { + if (k->k_flags & IEEE80211_KEY_SECURE) + cmd->ni->ni_flags |= IEEE80211_NODE_TXRXPROT; DPRINTF(("marking port %s valid\n", ether_sprintf(cmd->ni->ni_macaddr))); cmd->ni->ni_port_valid = 1; blob - 7759d6e0cea12b48a1373d90942b20a8d
Re: iwx not getting to status: active
> 5. jul. 2021 kl. 04:58 skrev Greg Steuck : > > I stumbled upon a weird hotel WiFi which never gets to a fully running > link with iwx0. I see ifconfig is stuck with: > > iwx0: flags=808847 > mtu 1500 >lladdr xx >index 1 priority 4 llprio 3 >groups: wlan egress >media: IEEE802.11 autoselect (HT-MCS11 mode 11n) >status: no network >ieee80211: nwid MarlinGuest chan 4 bssid 38:ff:36:23:09:a8 68% wpakey > wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher tkip > > The network is functional as evidenced by the assorted android and > chromeos devices connecting to it. I once encountered a hotel wifi which only let my OpenBSD laptop connect and have a properly working connection after I reduced the MTU 700-ish bytes. That may or may not be related to the problem you are seeing. - Peter — Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. signature.asc Description: Message signed with OpenPGP
Re: iwx not getting to status: active
On Sun, Jul 04, 2021 at 07:58:47PM -0700, Greg Steuck wrote: > I stumbled upon a weird hotel WiFi which never gets to a fully running > link with iwx0. I see ifconfig is stuck with: > > iwx0: flags=808847 > mtu 1500 > lladdr xx > index 1 priority 4 llprio 3 > groups: wlan egress > media: IEEE802.11 autoselect (HT-MCS11 mode 11n) > status: no network > ieee80211: nwid MarlinGuest chan 4 bssid 38:ff:36:23:09:a8 68% wpakey > wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher tkip > > The network is functional as evidenced by the assorted android and > chromeos devices connecting to it. > > I start with > $ doas ifconfig iwx0 inet nwid MarlinGuest wpakey <...> debug autoconf > > The following gets dumped into dmesg: > > iwx0 at pci0 dev 20 function 3 "Intel Wi-Fi 6 AX201" rev 0x00, msix > iwx0: hw rev 0x350, fw ver 48.1335886879.0, address xx > ... > iwx0: firmware has detected regulatory domain 'US' (0x5553) > iwx0: SCAN -> AUTH > iwx0: sending auth to 38:ff:36:23:09:a8 on channel 4 mode 11g > iwx0: authentication timed out for 38:ff:36:23:09:a8 > iwx0: AUTH -> SCAN > iwx0: end active scan > ... > iwx0: + 38:ff:36:22:ce:b81 +19 54M ess privacy rsn "MarlinGuest" > iwx0: + 38:ff:36:23:09:ac 52 +39 54M ess privacy rsn "MarlinGuest" > ... > iwx0: + f8:e7:1e:1b:85:f84 +22 54M ess privacy rsn "MarlinGuest" > ... > iwx0: firmware has detected regulatory domain 'US' (0x5553) > iwx0: SCAN -> AUTH > iwx0: sending auth to 38:ff:36:23:09:ac on channel 52 mode 11a > iwx0: AUTH -> ASSOC > iwx0: sending assoc_req to 38:ff:36:23:09:ac on channel 52 mode 11a > iwx0: ASSOC -> RUN > iwx0: associated with 38:ff:36:23:09:ac ssid "MarlinGuest" channel 52 start > MCS 0 long preamble long slot time HT enabled > iwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU > iwx0: received msg 1/4 of the 4-way handshake from 38:ff:36:23:09:ac > iwx0: sending msg 2/4 of the 4-way handshake to 38:ff:36:23:09:ac > iwx0: received msg 3/4 of the 4-way handshake from 38:ff:36:23:09:ac > iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:23:09:ac > > I never see "iwx0: sending action to" after this. And you still see status: "no network" in ifconfig at this point? This could mean we're failing to set the link UP after the WPA handshake has completed. But I cannot explain why. > Now, to send this email I tether to my cell phone which works much better: > > ... > iwx0: + 0a:ab:60:xx:xx:xx9 +42 54M ess privacy rsn "gnezdo" > ... > iwx0: - 38:ff:36:22:04:b89 +16 54M ess privacy rsn "MarlinGuest"! > iwx0: - 38:ff:36:22:ce:b81 +17 54M ess privacy rsn "MarlinGuest"! > iwx0: - 38:ff:36:23:09:a84 +20 54M ess privacy rsn "MarlinGuest"! > iwx0: - 38:ff:36:23:09:ac 52 +40 54M ess privacy rsn "MarlinGuest"! > ... > iwx0: - f8:e7:1e:1b:85:f84 +23 54M ess privacy rsn "MarlinGuest"! > ... > iwx0: firmware has detected regulatory domain 'US' (0x5553) > iwx0: SCAN -> AUTH > iwx0: sending auth to 0a:ab:60:xx:xx:xx on channel 9 mode 11g > iwx0: AUTH -> ASSOC > iwx0: sending assoc_req to 0a:ab:60:xx:xx:xx on channel 9 mode 11g > iwx0: ASSOC -> RUN > iwx0: associated with 0a:ab:60:xx:xx:xx ssid "gnezdo" channel 9 start MCS 0 > short preamble short slot time HT enabled > iwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU > iwx0: received msg 1/4 of the 4-way handshake from 0a:ab:60:xx:xx:xx > iwx0: sending msg 2/4 of the 4-way handshake to 0a:ab:60:xx:xx:xx > iwx0: received msg 3/4 of the 4-way handshake from 0a:ab:60:xx:xx:xx > iwx0: sending msg 4/4 of the 4-way handshake to 0a:ab:60:xx:xx:xx > iwx0: sending action to 0a:ab:60:xx:xx:xx on channel 9 mode 11n > iwx0: sending action to 0a:ab:60:xx:xx:xx on channel 9 mode 11n > iwx0: sending action to 0a:ab:60:xx:xx:xx on channel 9 mode 11n > > Any debugging clues? netstat -nI iwx0 netstat -W iwx0 Do any of the counters keep changing? Which ones? Failing that, we will need to see packet captures from another machine which has e.g. an iwm interface: # enable monitor mode and write packets to a pcap file: ifconfig iwm0 down ifconfig iwm0 mediaopt monitor chan 52 ifconfig iwm0 up tcpdump -n -y IEEE802_11_RADIO -s 4096 -w /tmp/iwm.pcap -i iwm0 # now reproduce the issue and share the resulting pcap file # go back to regular operation on iwm0: ifconfig iwm0 down ifconfig iwm0 -mediaopt monitor -chan Cheers, Stefan
iwx not getting to status: active
I stumbled upon a weird hotel WiFi which never gets to a fully running link with iwx0. I see ifconfig is stuck with: iwx0: flags=808847 mtu 1500 lladdr xx index 1 priority 4 llprio 3 groups: wlan egress media: IEEE802.11 autoselect (HT-MCS11 mode 11n) status: no network ieee80211: nwid MarlinGuest chan 4 bssid 38:ff:36:23:09:a8 68% wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher tkip The network is functional as evidenced by the assorted android and chromeos devices connecting to it. I start with $ doas ifconfig iwx0 inet nwid MarlinGuest wpakey <...> debug autoconf The following gets dumped into dmesg: iwx0 at pci0 dev 20 function 3 "Intel Wi-Fi 6 AX201" rev 0x00, msix iwx0: hw rev 0x350, fw ver 48.1335886879.0, address xx ... iwx0: firmware has detected regulatory domain 'US' (0x5553) iwx0: SCAN -> AUTH iwx0: sending auth to 38:ff:36:23:09:a8 on channel 4 mode 11g iwx0: authentication timed out for 38:ff:36:23:09:a8 iwx0: AUTH -> SCAN iwx0: end active scan ... iwx0: + 38:ff:36:22:ce:b81 +19 54M ess privacy rsn "MarlinGuest" iwx0: + 38:ff:36:23:09:ac 52 +39 54M ess privacy rsn "MarlinGuest" ... iwx0: + f8:e7:1e:1b:85:f84 +22 54M ess privacy rsn "MarlinGuest" ... iwx0: firmware has detected regulatory domain 'US' (0x5553) iwx0: SCAN -> AUTH iwx0: sending auth to 38:ff:36:23:09:ac on channel 52 mode 11a iwx0: AUTH -> ASSOC iwx0: sending assoc_req to 38:ff:36:23:09:ac on channel 52 mode 11a iwx0: ASSOC -> RUN iwx0: associated with 38:ff:36:23:09:ac ssid "MarlinGuest" channel 52 start MCS 0 long preamble long slot time HT enabled iwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU iwx0: received msg 1/4 of the 4-way handshake from 38:ff:36:23:09:ac iwx0: sending msg 2/4 of the 4-way handshake to 38:ff:36:23:09:ac iwx0: received msg 3/4 of the 4-way handshake from 38:ff:36:23:09:ac iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:23:09:ac I never see "iwx0: sending action to" after this. Now, to send this email I tether to my cell phone which works much better: ... iwx0: + 0a:ab:60:xx:xx:xx9 +42 54M ess privacy rsn "gnezdo" ... iwx0: - 38:ff:36:22:04:b89 +16 54M ess privacy rsn "MarlinGuest"! iwx0: - 38:ff:36:22:ce:b81 +17 54M ess privacy rsn "MarlinGuest"! iwx0: - 38:ff:36:23:09:a84 +20 54M ess privacy rsn "MarlinGuest"! iwx0: - 38:ff:36:23:09:ac 52 +40 54M ess privacy rsn "MarlinGuest"! ... iwx0: - f8:e7:1e:1b:85:f84 +23 54M ess privacy rsn "MarlinGuest"! ... iwx0: firmware has detected regulatory domain 'US' (0x5553) iwx0: SCAN -> AUTH iwx0: sending auth to 0a:ab:60:xx:xx:xx on channel 9 mode 11g iwx0: AUTH -> ASSOC iwx0: sending assoc_req to 0a:ab:60:xx:xx:xx on channel 9 mode 11g iwx0: ASSOC -> RUN iwx0: associated with 0a:ab:60:xx:xx:xx ssid "gnezdo" channel 9 start MCS 0 short preamble short slot time HT enabled iwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU iwx0: received msg 1/4 of the 4-way handshake from 0a:ab:60:xx:xx:xx iwx0: sending msg 2/4 of the 4-way handshake to 0a:ab:60:xx:xx:xx iwx0: received msg 3/4 of the 4-way handshake from 0a:ab:60:xx:xx:xx iwx0: sending msg 4/4 of the 4-way handshake to 0a:ab:60:xx:xx:xx iwx0: sending action to 0a:ab:60:xx:xx:xx on channel 9 mode 11n iwx0: sending action to 0a:ab:60:xx:xx:xx on channel 9 mode 11n iwx0: sending action to 0a:ab:60:xx:xx:xx on channel 9 mode 11n Any debugging clues? Thanks Greg