Re: iwx not getting to status: active
Stefan Sperling writes:
> Taking a fresh look at this in the morning, I think we should be checking
> for errors from ieee80211_set_key() before flagging the group key as valid.
> The only reason this could fail in your case is ENOMEM so it shouldn't
> make a difference regarding your test case.
I tested it for good measure.
> still ok?
OK
>
> There is still room for improvement but that's left for later. I suppose we
> should move the driver back into SCAN state if it fails to set link state UP,
> rather than having it hang. Otherwise an AP could trigger a hang accidentally
> or deliberately by not sending a group key.
>
> diff 7faf78381a333a9545f245f931e6a51077ba6762 /usr/src
> blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689
> file + sys/dev/pci/if_iwx.c
> --- sys/dev/pci/if_iwx.c
> +++ sys/dev/pci/if_iwx.c
> @@ -6677,11 +6677,16 @@ iwx_set_key(struct ieee80211com *ic, struct ieee80211_
> struct ieee80211_key *k)
> {
> struct iwx_softc *sc = ic->ic_softc;
> + struct iwx_node *in = (void *)ni;
> struct iwx_setkey_task_arg *a;
> + int err;
>
> if (k->k_cipher != IEEE80211_CIPHER_CCMP) {
> /* Fallback to software crypto for other ciphers. */
> - return (ieee80211_set_key(ic, ni, k));
> + err = ieee80211_set_key(ic, ni, k);
> + if (!err && (k->k_flags & IEEE80211_KEY_GROUP))
> + in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY;
> + return err;
> }
>
> if (sc->setkey_nkeys >= nitems(sc->setkey_arg))
Re: iwx not getting to status: active
Confirmed it is also work. iwx0 at pci0 dev 20 function 3 "Intel Wi-Fi 6 AX201" rev 0x00, msix Regards, zxystd
Re: iwx not getting to status: active
On Mon, Jul 05, 2021 at 06:36:00PM -0700, Greg Steuck wrote:
> Stefan Sperling writes:
>
> > On Tue, Jul 06, 2021 at 12:31:20AM +0200, Stefan Sperling wrote:
> >> On Mon, Jul 05, 2021 at 02:11:36PM -0700, Greg Steuck wrote:
> >> > Do I need to figure out the state machines behind iwx and iee80211 now?
> >> > :)
> >>
> >> This AP seems to use TKIP for the groupcipher and the iwx
> >> setkey task doesn't handle this case properly.
> >>
> >> Can you try this?
> >
> > This smaller patch might suffice:
>
> I was wrong, this also works great!
>
> OK gnezdo@
Taking a fresh look at this in the morning, I think we should be checking
for errors from ieee80211_set_key() before flagging the group key as valid.
The only reason this could fail in your case is ENOMEM so it shouldn't
make a difference regarding your test case.
still ok?
There is still room for improvement but that's left for later. I suppose we
should move the driver back into SCAN state if it fails to set link state UP,
rather than having it hang. Otherwise an AP could trigger a hang accidentally
or deliberately by not sending a group key.
diff 7faf78381a333a9545f245f931e6a51077ba6762 /usr/src
blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689
file + sys/dev/pci/if_iwx.c
--- sys/dev/pci/if_iwx.c
+++ sys/dev/pci/if_iwx.c
@@ -6677,11 +6677,16 @@ iwx_set_key(struct ieee80211com *ic, struct ieee80211_
struct ieee80211_key *k)
{
struct iwx_softc *sc = ic->ic_softc;
+ struct iwx_node *in = (void *)ni;
struct iwx_setkey_task_arg *a;
+ int err;
if (k->k_cipher != IEEE80211_CIPHER_CCMP) {
/* Fallback to software crypto for other ciphers. */
- return (ieee80211_set_key(ic, ni, k));
+ err = ieee80211_set_key(ic, ni, k);
+ if (!err && (k->k_flags & IEEE80211_KEY_GROUP))
+ in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY;
+ return err;
}
if (sc->setkey_nkeys >= nitems(sc->setkey_arg))
Re: iwx not getting to status: active
Stefan Sperling writes:
> On Tue, Jul 06, 2021 at 12:31:20AM +0200, Stefan Sperling wrote:
>> On Mon, Jul 05, 2021 at 02:11:36PM -0700, Greg Steuck wrote:
>> > Do I need to figure out the state machines behind iwx and iee80211 now? :)
>>
>> This AP seems to use TKIP for the groupcipher and the iwx
>> setkey task doesn't handle this case properly.
>>
>> Can you try this?
>
> This smaller patch might suffice:
I was wrong, this also works great!
OK gnezdo@
>
> diff 7faf78381a333a9545f245f931e6a51077ba6762 /usr/src
> blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689
> file + sys/dev/pci/if_iwx.c
> --- sys/dev/pci/if_iwx.c
> +++ sys/dev/pci/if_iwx.c
> @@ -6677,9 +6677,12 @@ iwx_set_key(struct ieee80211com *ic, struct ieee80211_
> struct ieee80211_key *k)
> {
> struct iwx_softc *sc = ic->ic_softc;
> + struct iwx_node *in = (void *)ni;
> struct iwx_setkey_task_arg *a;
>
> if (k->k_cipher != IEEE80211_CIPHER_CCMP) {
> + if (k->k_flags & IEEE80211_KEY_GROUP)
> + in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY;
> /* Fallback to software crypto for other ciphers. */
> return (ieee80211_set_key(ic, ni, k));
> }
Re: iwx not getting to status: active
Stefan Sperling writes:
> This AP seems to use TKIP for the groupcipher and the iwx
> setkey task doesn't handle this case properly.
>
> Can you try this?
This works great, yielding these diagnostics:
iwx0: associated with 38:ff:36:23:09:ac ssid "MarlinGuest" channel 52 start MCS
0 long preamble long slot time HT enabled
iwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU
iwx0: received msg 1/4 of the 4-way handshake from 38:ff:36:23:09:ac
iwx0: sending msg 2/4 of the 4-way handshake to 38:ff:36:23:09:ac
iwx0: received msg 3/4 of the 4-way handshake from 38:ff:36:23:09:ac
iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:23:09:ac
iwx_add_sta_key entered
k->k_flags 100
iwx0: sending action to 38:ff:36:23:09:ac on channel 52 mode 11n
iwx0: sending action to 38:ff:36:23:09:ac on channel 52 mode 11n
iwx0: sending action to 38:ff:36:23:09:ac on channel 52 mode 11n
I think the simpler patch doesn't work, I'll double check.
Thanks a lot!
> diff 7faf78381a333a9545f245f931e6a51077ba6762 /usr/src
> blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689
> file + sys/dev/pci/if_iwx.c
> --- sys/dev/pci/if_iwx.c
> +++ sys/dev/pci/if_iwx.c
> @@ -6677,11 +6677,24 @@ iwx_set_key(struct ieee80211com *ic, struct ieee80211_
> struct ieee80211_key *k)
> {
> struct iwx_softc *sc = ic->ic_softc;
> + struct iwx_node *in = (void *)ni;
> struct iwx_setkey_task_arg *a;
> + const int want_keymask = (IWX_NODE_FLAG_HAVE_PAIRWISE_KEY |
> + IWX_NODE_FLAG_HAVE_GROUP_KEY);
> + int err;
>
> if (k->k_cipher != IEEE80211_CIPHER_CCMP) {
> + if (k->k_flags & IEEE80211_KEY_GROUP)
> + in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY;
> /* Fallback to software crypto for other ciphers. */
> - return (ieee80211_set_key(ic, ni, k));
> + err = ieee80211_set_key(ic, ni, k);
> + if (!err && (in->in_flags & want_keymask) == want_keymask) {
> + DPRINTF(("marking port %s valid\n",
> + ether_sprintf(ni->ni_macaddr)));
> + ni->ni_port_valid = 1;
> + ieee80211_set_link_state(ic, LINK_STATE_UP);
> + }
> + return err;
> }
>
> if (sc->setkey_nkeys >= nitems(sc->setkey_arg))
Re: iwx not getting to status: active
On Tue, Jul 06, 2021 at 12:31:20AM +0200, Stefan Sperling wrote:
> On Mon, Jul 05, 2021 at 02:11:36PM -0700, Greg Steuck wrote:
> > Do I need to figure out the state machines behind iwx and iee80211 now? :)
>
> This AP seems to use TKIP for the groupcipher and the iwx
> setkey task doesn't handle this case properly.
>
> Can you try this?
This smaller patch might suffice:
diff 7faf78381a333a9545f245f931e6a51077ba6762 /usr/src
blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689
file + sys/dev/pci/if_iwx.c
--- sys/dev/pci/if_iwx.c
+++ sys/dev/pci/if_iwx.c
@@ -6677,9 +6677,12 @@ iwx_set_key(struct ieee80211com *ic, struct ieee80211_
struct ieee80211_key *k)
{
struct iwx_softc *sc = ic->ic_softc;
+ struct iwx_node *in = (void *)ni;
struct iwx_setkey_task_arg *a;
if (k->k_cipher != IEEE80211_CIPHER_CCMP) {
+ if (k->k_flags & IEEE80211_KEY_GROUP)
+ in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY;
/* Fallback to software crypto for other ciphers. */
return (ieee80211_set_key(ic, ni, k));
}
Re: iwx not getting to status: active
On Mon, Jul 05, 2021 at 02:11:36PM -0700, Greg Steuck wrote:
> Do I need to figure out the state machines behind iwx and iee80211 now? :)
This AP seems to use TKIP for the groupcipher and the iwx
setkey task doesn't handle this case properly.
Can you try this?
diff 7faf78381a333a9545f245f931e6a51077ba6762 /usr/src
blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689
file + sys/dev/pci/if_iwx.c
--- sys/dev/pci/if_iwx.c
+++ sys/dev/pci/if_iwx.c
@@ -6677,11 +6677,24 @@ iwx_set_key(struct ieee80211com *ic, struct ieee80211_
struct ieee80211_key *k)
{
struct iwx_softc *sc = ic->ic_softc;
+ struct iwx_node *in = (void *)ni;
struct iwx_setkey_task_arg *a;
+ const int want_keymask = (IWX_NODE_FLAG_HAVE_PAIRWISE_KEY |
+ IWX_NODE_FLAG_HAVE_GROUP_KEY);
+ int err;
if (k->k_cipher != IEEE80211_CIPHER_CCMP) {
+ if (k->k_flags & IEEE80211_KEY_GROUP)
+ in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY;
/* Fallback to software crypto for other ciphers. */
- return (ieee80211_set_key(ic, ni, k));
+ err = ieee80211_set_key(ic, ni, k);
+ if (!err && (in->in_flags & want_keymask) == want_keymask) {
+ DPRINTF(("marking port %s valid\n",
+ ether_sprintf(ni->ni_macaddr)));
+ ni->ni_port_valid = 1;
+ ieee80211_set_link_state(ic, LINK_STATE_UP);
+ }
+ return err;
}
if (sc->setkey_nkeys >= nitems(sc->setkey_arg))
Re: iwx not getting to status: active
Greg Steuck writes:
> Stefan Sperling writes:
>
>>> iwx0: received msg 3/4 of the 4-way handshake from 38:ff:36:23:09:ac
>>> iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:23:09:ac
>>>
>>> I never see "iwx0: sending action to" after this.
>>
>> And you still see status: "no network" in ifconfig at this point?
>> This could mean we're failing to set the link UP after the WPA handshake
>> has completed. But I cannot explain why.
>
> Correct. It stays as "no network".
I instrumented iwx_add_sta_key with this patch:
diff --git a/sys/dev/pci/if_iwx.c b/sys/dev/pci/if_iwx.c
index 5be1d92ee86..ffbfb4c9591 100644
--- a/sys/dev/pci/if_iwx.c
+++ b/sys/dev/pci/if_iwx.c
@@ -6709,6 +6709,8 @@ iwx_add_sta_key(struct iwx_softc *sc, int sta_id, struct
ieee80211_node *ni,
IWX_NODE_FLAG_HAVE_GROUP_KEY);
int err;
+ printf("iwx_add_sta_key entered\n");
+
/*
* Keys are stored in 'ni' so 'k' is valid if 'ni' is valid.
* Currently we only implement station mode where 'ni' is always
@@ -6736,17 +6738,21 @@ iwx_add_sta_key(struct iwx_softc *sc, int sta_id,
struct ieee80211_node *ni,
status = IWX_ADD_STA_SUCCESS;
err = iwx_send_cmd_pdu_status(sc, IWX_ADD_STA_KEY, sizeof(cmd), ,
);
- if (sc->sc_flags & IWX_FLAG_SHUTDOWN)
+ if (sc->sc_flags & IWX_FLAG_SHUTDOWN) {
+ printf("ECANCELED\n");
return ECANCELED;
+ }
if (!err && (status & IWX_ADD_STA_STATUS_MASK) != IWX_ADD_STA_SUCCESS)
err = EIO;
if (err) {
IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_AUTH_LEAVE);
ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
+ printf("err %d\n", err);
return err;
}
+ printf("k->k_flags %x\n", k->k_flags);
if (k->k_flags & IEEE80211_KEY_GROUP) {
in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY;
} else {
@@ -6762,6 +6768,8 @@ iwx_add_sta_key(struct iwx_softc *sc, int sta_id, struct
ieee80211_node *ni,
ether_sprintf(ni->ni_macaddr)));
ni->ni_port_valid = 1;
ieee80211_set_link_state(ic, LINK_STATE_UP);
+ } else {
+ printf("in->in_flags %x want_keymask %x\n", in->in_flags,
want_keymask);
}
return 0;
I see in the failing case:
iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:
iwx_add_sta_key entered
k->k_flags 100
in->in_flags 1 want_keymask 3
... and then crickets. Which is different from the success case:
iwx0: sending msg 4/4 of the 4-way handshake to 0a:ab:60:
iwx_add_sta_key entered
k->k_flags 100
in->in_flags 1 want_keymask 3
iwx_add_sta_key entered
k->k_flags 101
iwx0: sending action to 0a:ab:60: on channel 1 mode 11n
Do I need to figure out the state machines behind iwx and iee80211 now? :)
Thanks
Greg
Re: iwx not getting to status: active
On Mon, Jul 05, 2021 at 10:20:09AM -0700, Greg Steuck wrote: > Stefan Sperling writes: > > > On Mon, Jul 05, 2021 at 09:35:20AM +0200, Stefan Sperling wrote: > >> On Sun, Jul 04, 2021 at 07:58:47PM -0700, Greg Steuck wrote: > >> > I never see "iwx0: sending action to" after this. > >> > >> And you still see status: "no network" in ifconfig at this point? > >> This could mean we're failing to set the link UP after the WPA handshake > >> has completed. But I cannot explain why. > > > > And perhaps related: > > Did you have this patch applied? Does it make any difference? > > I didn't have this applied before, but now that I have I don't see any > difference. I'll keep it applied just to get some testing out of it. > > Thanks > Greg If you can still reproduce it, please try to figure out why ieee80211_set_link_state() isn't being called. It should be setting the link state to UP, otherwise the ifconfig "status:" like will keep showing "no network".
Re: iwx not getting to status: active
Stefan Sperling writes: >> iwx0: received msg 3/4 of the 4-way handshake from 38:ff:36:23:09:ac >> iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:23:09:ac >> >> I never see "iwx0: sending action to" after this. > > And you still see status: "no network" in ifconfig at this point? > This could mean we're failing to set the link UP after the WPA handshake > has completed. But I cannot explain why. Correct. It stays as "no network". >> Any debugging clues? > > netstat -nI iwx0 > netstat -W iwx0 > > Do any of the counters keep changing? Which ones? I collected some counters below with "close net80211 hardware crypto set_key races" applied. I don't have any other equipment with me, so packet captures aren't currently practical. % netstat -W iwx0 | perl -ne 'print unless m/\b0\b/' ieee80211 on iwx0: 2991 input encrypted packets without wep/wpa config discarded 1 input deauthentication packet 6 input eapol-key packets 8 active scans started % netstat -nI iwx0 NameMtu Network Address Ipkts IfailOpkts Ofail Colls iwx01500e8:84:a5:xx:xx:xx6 06 0 0 % netstat -W iwx0 | perl -ne 'print unless m/\b0\b/' ieee80211 on iwx0: 3150 input encrypted packets without wep/wpa config discarded 1 input deauthentication packet 6 input eapol-key packets 8 active scans started % netstat -W iwx0 | perl -ne 'print unless m/\b0\b/' ieee80211 on iwx0: 3292 input encrypted packets without wep/wpa config discarded 1 input deauthentication packet 6 input eapol-key packets 8 active scans started % netstat -W iwx0 | perl -ne 'print unless m/\b0\b/' ieee80211 on iwx0: 3379 input encrypted packets without wep/wpa config discarded 1 input deauthentication packet 6 input eapol-key packets 8 active scans started % netstat -nI iwx0 NameMtu Network Address Ipkts IfailOpkts Ofail Colls iwx01500e8:84:a5:xx:xx:xx6 06 0 0 dmesg: iwx0 at pci0 dev 20 function 3 "Intel Wi-Fi 6 AX201" rev 0x00, msix iwx0: hw rev 0x350, fw ver 48.1335886879.0, address e8:84:a5:xx:xx:xx iwx0: acquiring device failed iwx0: end active scan iwx0: + 38:ff:36:22:ce:bc 60 +11 54M ess privacy rsn "MarlinGuest" iwx0: + 38:ff:36:23:09:a84 +48 54M ess privacy rsn "MarlinGuest" iwx0: + 38:ff:36:23:09:ac 52 +37 54M ess privacy rsn "MarlinGuest" iwx0: firmware has detected regulatory domain 'US' (0x5553) iwx0: SCAN -> AUTH iwx0: sending auth to 38:ff:36:23:09:a8 on channel 4 mode 11g iwx0: AUTH -> ASSOC iwx0: sending assoc_req to 38:ff:36:23:09:a8 on channel 4 mode 11g iwx0: ASSOC -> RUN iwx0: associated with 38:ff:36:23:09:a8 ssid "MarlinGuest" channel 4 start MCS 0 short preamble short slot time HT enabled iwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU iwx0: received msg 1/4 of the 4-way handshake from 38:ff:36:23:09:a8 iwx0: sending msg 2/4 of the 4-way handshake to 38:ff:36:23:09:a8 iwx0: received msg 3/4 of the 4-way handshake from 38:ff:36:23:09:a8 iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:23:09:a8 iwx0: RUN -> INIT iwx0: begin active scan iwx0: INIT -> SCAN iwx0: SCAN -> INIT iwx0: begin active scan iwx0: INIT -> SCAN iwx0: SCAN -> INIT iwx0: begin active scan iwx0: INIT -> SCAN iwx0: end active scan iwx0: + 38:ff:36:22:04:b89 +14 54M ess privacy rsn "MarlinGuest" iwx0: + 38:ff:36:23:09:a84 +45 54M ess privacy rsn "MarlinGuest" iwx0: + 38:ff:36:23:09:ac 52 +37 54M ess privacy rsn "MarlinGuest" iwx0: + f8:e7:1e:1b:85:f84 +18 54M ess privacy rsn "MarlinGuest" iwx0: firmware has detected regulatory domain 'US' (0x5553) iwx0: SCAN -> AUTH iwx0: sending auth to 38:ff:36:23:09:a8 on channel 4 mode 11g iwx0: AUTH -> ASSOC iwx0: sending assoc_req to 38:ff:36:23:09:a8 on channel 4 mode 11g iwx0: ASSOC -> RUN iwx0: associated with 38:ff:36:23:09:a8 ssid "MarlinGuest" channel 4 start MCS 0 short preamble short slot time HT enabled iwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU iwx0: received msg 1/4 of the 4-way handshake from 38:ff:36:23:09:a8 iwx0: sending msg 2/4 of the 4-way handshake to 38:ff:36:23:09:a8 iwx0: received msg 3/4 of the 4-way handshake from 38:ff:36:23:09:a8 iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:23:09:a8 iwx0: RUN -> AUTH iwx0: sending auth to 38:ff:36:23:09:a8 on channel 4 mode 11n iwx0: AUTH -> ASSOC iwx0: sending assoc_req to 38:ff:36:23:09:a8 on channel 4 mode 11n iwx0: ASSOC -> RUN iwx0: associated with 38:ff:36:23:09:a8 ssid "MarlinGuest" channel 4 start MCS 0 short preamble short slot time HT enabled iwx0: missed beacon threshold set to 30 beacons, beacon interval
Re: iwx not getting to status: active
Stefan Sperling writes: > On Mon, Jul 05, 2021 at 09:35:20AM +0200, Stefan Sperling wrote: >> On Sun, Jul 04, 2021 at 07:58:47PM -0700, Greg Steuck wrote: >> > I never see "iwx0: sending action to" after this. >> >> And you still see status: "no network" in ifconfig at this point? >> This could mean we're failing to set the link UP after the WPA handshake >> has completed. But I cannot explain why. > > And perhaps related: > Did you have this patch applied? Does it make any difference? I didn't have this applied before, but now that I have I don't see any difference. I'll keep it applied just to get some testing out of it. Thanks Greg
Re: iwx not getting to status: active
On Mon, Jul 05, 2021 at 09:35:20AM +0200, Stefan Sperling wrote:
> On Sun, Jul 04, 2021 at 07:58:47PM -0700, Greg Steuck wrote:
> > I never see "iwx0: sending action to" after this.
>
> And you still see status: "no network" in ifconfig at this point?
> This could mean we're failing to set the link UP after the WPA handshake
> has completed. But I cannot explain why.
And perhaps related:
Did you have this patch applied? Does it make any difference?
Details here: https://marc.info/?l=openbsd-tech=162513511620823=2
diff 86b3b873864f7e98e688c12d8e455803ff30eadb
27f93922f2b250b31e9534b457665df3dcf58794
blob - ea245574f624ada1b8d0c9e8e8a0653fb2c3adc4
blob + 0bac2cda2290c4a44de8f5b8110a4399f75de88d
--- sys/dev/ic/bwfm.c
+++ sys/dev/ic/bwfm.c
@@ -2714,7 +2714,13 @@ bwfm_set_key_cb(struct bwfm_softc *sc, void *arg)
wsec |= wsec_enable;
bwfm_fwvar_var_set_int(sc, "wsec", wsec);
+ if ((k->k_flags & IEEE80211_KEY_GROUP) == 0 &&
+ ni->ni_rsn_supp_state == RSNA_SUPP_PTKNEGOTIATING)
+ ni->ni_rsn_supp_state = RSNA_SUPP_PTKDONE;
+
if (sc->sc_key_tasks == 0) {
+ if (k->k_flags & IEEE80211_KEY_SECURE)
+ ni->ni_flags |= IEEE80211_NODE_TXRXPROT;
DPRINTF(("%s: marking port %s valid\n", DEVNAME(sc),
ether_sprintf(cmd->ni->ni_macaddr)));
cmd->ni->ni_port_valid = 1;
blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689
blob + 5be1d92ee862f584df5901fe54ebe30e0c937d36
--- sys/dev/pci/if_iwx.c
+++ sys/dev/pci/if_iwx.c
@@ -6747,12 +6747,17 @@ iwx_add_sta_key(struct iwx_softc *sc, int sta_id, stru
return err;
}
- if (k->k_flags & IEEE80211_KEY_GROUP)
+ if (k->k_flags & IEEE80211_KEY_GROUP) {
in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY;
- else
+ } else {
in->in_flags |= IWX_NODE_FLAG_HAVE_PAIRWISE_KEY;
+ if (ni->ni_rsn_supp_state == RSNA_SUPP_PTKNEGOTIATING)
+ ni->ni_rsn_supp_state = RSNA_SUPP_PTKDONE;
+ }
if ((in->in_flags & want_keymask) == want_keymask) {
+ if (k->k_flags & IEEE80211_KEY_SECURE)
+ ni->ni_flags |= IEEE80211_NODE_TXRXPROT;
DPRINTF(("marking port %s valid\n",
ether_sprintf(ni->ni_macaddr)));
ni->ni_port_valid = 1;
blob - 08ffda8c9aaede9c901d97a43bf2873591e8df19
blob + 0c141fc5df7ba1a774af98a59a2b718bdcc721bb
--- sys/dev/usb/if_athn_usb.c
+++ sys/dev/usb/if_athn_usb.c
@@ -1662,7 +1662,12 @@ athn_usb_set_key_cb(struct athn_usb_softc *usc, void *
s = splnet();
athn_usb_write_barrier(>sc_sc);
athn_set_key(ic, cmd->ni, cmd->key);
+ if ((cmd->key->k_flags & IEEE80211_KEY_GROUP) == 0 &&
+ cmd->ni->ni_rsn_supp_state == RSNA_SUPP_PTKNEGOTIATING)
+ cmd->ni->ni_rsn_supp_state = RSNA_SUPP_PTKDONE;
if (usc->sc_key_tasks == 0) {
+ if (cmd->key->k_flags & IEEE80211_KEY_SECURE)
+ cmd->ni->ni_flags |= IEEE80211_NODE_TXRXPROT;
DPRINTF(("marking port %s valid\n",
ether_sprintf(cmd->ni->ni_macaddr)));
cmd->ni->ni_port_valid = 1;
blob - bb220831ffc852347afdcda18c9bca0589d6d939
blob + 8e426e9cab0b389f2e1260139ad451b30e10287e
--- sys/dev/usb/if_otus.c
+++ sys/dev/usb/if_otus.c
@@ -2116,7 +2116,12 @@ otus_set_key_cb(struct otus_softc *sc, void *arg)
memcpy(key.key, k->k_key + 16, 16);
(void)otus_cmd(sc, AR_CMD_EKEY, , sizeof key, NULL);
+ if ((k->k_flags & IEEE80211_KEY_GROUP) == 0 &&
+ cmd->ni->ni_rsn_supp_state == RSNA_SUPP_PTKNEGOTIATING)
+ cmd->ni->ni_rsn_supp_state = RSNA_SUPP_PTKDONE;
if (sc->sc_key_tasks == 0) {
+ if (k->k_flags & IEEE80211_KEY_SECURE)
+ cmd->ni->ni_flags |= IEEE80211_NODE_TXRXPROT;
DPRINTF(("marking port %s valid\n",
ether_sprintf(cmd->ni->ni_macaddr)));
cmd->ni->ni_port_valid = 1;
blob - 929d8f161d50cd294569dd74e0a4e2980e5607ca
blob + 5e30f1b680b1b58c020ba9627aa5a8776aa1b3a4
--- sys/dev/usb/if_rsu.c
+++ sys/dev/usb/if_rsu.c
@@ -940,7 +940,12 @@ rsu_set_key_cb(struct rsu_softc *sc, void *arg)
memcpy(key.key, k->k_key, MIN(k->k_len, sizeof(key.key)));
(void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, , sizeof(key));
+ if ((k->k_flags & IEEE80211_KEY_GROUP) == 0 &&
+ cmd->ni->ni_rsn_supp_state == RSNA_SUPP_PTKNEGOTIATING)
+ cmd->ni->ni_rsn_supp_state = RSNA_SUPP_PTKDONE;
if (sc->sc_key_tasks == 0) {
+ if (k->k_flags & IEEE80211_KEY_SECURE)
+ cmd->ni->ni_flags |= IEEE80211_NODE_TXRXPROT;
DPRINTF(("marking port %s valid\n",
ether_sprintf(cmd->ni->ni_macaddr)));
cmd->ni->ni_port_valid = 1;
blob - 7759d6e0cea12b48a1373d90942b20a8d55bd7fb
blob +
Re: iwx not getting to status: active
> 5. jul. 2021 kl. 04:58 skrev Greg Steuck : > > I stumbled upon a weird hotel WiFi which never gets to a fully running > link with iwx0. I see ifconfig is stuck with: > > iwx0: flags=808847 > mtu 1500 >lladdr xx >index 1 priority 4 llprio 3 >groups: wlan egress >media: IEEE802.11 autoselect (HT-MCS11 mode 11n) >status: no network >ieee80211: nwid MarlinGuest chan 4 bssid 38:ff:36:23:09:a8 68% wpakey > wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher tkip > > The network is functional as evidenced by the assorted android and > chromeos devices connecting to it. I once encountered a hotel wifi which only let my OpenBSD laptop connect and have a properly working connection after I reduced the MTU 700-ish bytes. That may or may not be related to the problem you are seeing. - Peter — Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. signature.asc Description: Message signed with OpenPGP
Re: iwx not getting to status: active
On Sun, Jul 04, 2021 at 07:58:47PM -0700, Greg Steuck wrote: > I stumbled upon a weird hotel WiFi which never gets to a fully running > link with iwx0. I see ifconfig is stuck with: > > iwx0: flags=808847 > mtu 1500 > lladdr xx > index 1 priority 4 llprio 3 > groups: wlan egress > media: IEEE802.11 autoselect (HT-MCS11 mode 11n) > status: no network > ieee80211: nwid MarlinGuest chan 4 bssid 38:ff:36:23:09:a8 68% wpakey > wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher tkip > > The network is functional as evidenced by the assorted android and > chromeos devices connecting to it. > > I start with > $ doas ifconfig iwx0 inet nwid MarlinGuest wpakey <...> debug autoconf > > The following gets dumped into dmesg: > > iwx0 at pci0 dev 20 function 3 "Intel Wi-Fi 6 AX201" rev 0x00, msix > iwx0: hw rev 0x350, fw ver 48.1335886879.0, address xx > ... > iwx0: firmware has detected regulatory domain 'US' (0x5553) > iwx0: SCAN -> AUTH > iwx0: sending auth to 38:ff:36:23:09:a8 on channel 4 mode 11g > iwx0: authentication timed out for 38:ff:36:23:09:a8 > iwx0: AUTH -> SCAN > iwx0: end active scan > ... > iwx0: + 38:ff:36:22:ce:b81 +19 54M ess privacy rsn "MarlinGuest" > iwx0: + 38:ff:36:23:09:ac 52 +39 54M ess privacy rsn "MarlinGuest" > ... > iwx0: + f8:e7:1e:1b:85:f84 +22 54M ess privacy rsn "MarlinGuest" > ... > iwx0: firmware has detected regulatory domain 'US' (0x5553) > iwx0: SCAN -> AUTH > iwx0: sending auth to 38:ff:36:23:09:ac on channel 52 mode 11a > iwx0: AUTH -> ASSOC > iwx0: sending assoc_req to 38:ff:36:23:09:ac on channel 52 mode 11a > iwx0: ASSOC -> RUN > iwx0: associated with 38:ff:36:23:09:ac ssid "MarlinGuest" channel 52 start > MCS 0 long preamble long slot time HT enabled > iwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU > iwx0: received msg 1/4 of the 4-way handshake from 38:ff:36:23:09:ac > iwx0: sending msg 2/4 of the 4-way handshake to 38:ff:36:23:09:ac > iwx0: received msg 3/4 of the 4-way handshake from 38:ff:36:23:09:ac > iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:23:09:ac > > I never see "iwx0: sending action to" after this. And you still see status: "no network" in ifconfig at this point? This could mean we're failing to set the link UP after the WPA handshake has completed. But I cannot explain why. > Now, to send this email I tether to my cell phone which works much better: > > ... > iwx0: + 0a:ab:60:xx:xx:xx9 +42 54M ess privacy rsn "gnezdo" > ... > iwx0: - 38:ff:36:22:04:b89 +16 54M ess privacy rsn "MarlinGuest"! > iwx0: - 38:ff:36:22:ce:b81 +17 54M ess privacy rsn "MarlinGuest"! > iwx0: - 38:ff:36:23:09:a84 +20 54M ess privacy rsn "MarlinGuest"! > iwx0: - 38:ff:36:23:09:ac 52 +40 54M ess privacy rsn "MarlinGuest"! > ... > iwx0: - f8:e7:1e:1b:85:f84 +23 54M ess privacy rsn "MarlinGuest"! > ... > iwx0: firmware has detected regulatory domain 'US' (0x5553) > iwx0: SCAN -> AUTH > iwx0: sending auth to 0a:ab:60:xx:xx:xx on channel 9 mode 11g > iwx0: AUTH -> ASSOC > iwx0: sending assoc_req to 0a:ab:60:xx:xx:xx on channel 9 mode 11g > iwx0: ASSOC -> RUN > iwx0: associated with 0a:ab:60:xx:xx:xx ssid "gnezdo" channel 9 start MCS 0 > short preamble short slot time HT enabled > iwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU > iwx0: received msg 1/4 of the 4-way handshake from 0a:ab:60:xx:xx:xx > iwx0: sending msg 2/4 of the 4-way handshake to 0a:ab:60:xx:xx:xx > iwx0: received msg 3/4 of the 4-way handshake from 0a:ab:60:xx:xx:xx > iwx0: sending msg 4/4 of the 4-way handshake to 0a:ab:60:xx:xx:xx > iwx0: sending action to 0a:ab:60:xx:xx:xx on channel 9 mode 11n > iwx0: sending action to 0a:ab:60:xx:xx:xx on channel 9 mode 11n > iwx0: sending action to 0a:ab:60:xx:xx:xx on channel 9 mode 11n > > Any debugging clues? netstat -nI iwx0 netstat -W iwx0 Do any of the counters keep changing? Which ones? Failing that, we will need to see packet captures from another machine which has e.g. an iwm interface: # enable monitor mode and write packets to a pcap file: ifconfig iwm0 down ifconfig iwm0 mediaopt monitor chan 52 ifconfig iwm0 up tcpdump -n -y IEEE802_11_RADIO -s 4096 -w /tmp/iwm.pcap -i iwm0 # now reproduce the issue and share the resulting pcap file # go back to regular operation on iwm0: ifconfig iwm0 down ifconfig iwm0 -mediaopt monitor -chan Cheers, Stefan
iwx not getting to status: active
I stumbled upon a weird hotel WiFi which never gets to a fully running link with iwx0. I see ifconfig is stuck with: iwx0: flags=808847 mtu 1500 lladdr xx index 1 priority 4 llprio 3 groups: wlan egress media: IEEE802.11 autoselect (HT-MCS11 mode 11n) status: no network ieee80211: nwid MarlinGuest chan 4 bssid 38:ff:36:23:09:a8 68% wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher tkip The network is functional as evidenced by the assorted android and chromeos devices connecting to it. I start with $ doas ifconfig iwx0 inet nwid MarlinGuest wpakey <...> debug autoconf The following gets dumped into dmesg: iwx0 at pci0 dev 20 function 3 "Intel Wi-Fi 6 AX201" rev 0x00, msix iwx0: hw rev 0x350, fw ver 48.1335886879.0, address xx ... iwx0: firmware has detected regulatory domain 'US' (0x5553) iwx0: SCAN -> AUTH iwx0: sending auth to 38:ff:36:23:09:a8 on channel 4 mode 11g iwx0: authentication timed out for 38:ff:36:23:09:a8 iwx0: AUTH -> SCAN iwx0: end active scan ... iwx0: + 38:ff:36:22:ce:b81 +19 54M ess privacy rsn "MarlinGuest" iwx0: + 38:ff:36:23:09:ac 52 +39 54M ess privacy rsn "MarlinGuest" ... iwx0: + f8:e7:1e:1b:85:f84 +22 54M ess privacy rsn "MarlinGuest" ... iwx0: firmware has detected regulatory domain 'US' (0x5553) iwx0: SCAN -> AUTH iwx0: sending auth to 38:ff:36:23:09:ac on channel 52 mode 11a iwx0: AUTH -> ASSOC iwx0: sending assoc_req to 38:ff:36:23:09:ac on channel 52 mode 11a iwx0: ASSOC -> RUN iwx0: associated with 38:ff:36:23:09:ac ssid "MarlinGuest" channel 52 start MCS 0 long preamble long slot time HT enabled iwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU iwx0: received msg 1/4 of the 4-way handshake from 38:ff:36:23:09:ac iwx0: sending msg 2/4 of the 4-way handshake to 38:ff:36:23:09:ac iwx0: received msg 3/4 of the 4-way handshake from 38:ff:36:23:09:ac iwx0: sending msg 4/4 of the 4-way handshake to 38:ff:36:23:09:ac I never see "iwx0: sending action to" after this. Now, to send this email I tether to my cell phone which works much better: ... iwx0: + 0a:ab:60:xx:xx:xx9 +42 54M ess privacy rsn "gnezdo" ... iwx0: - 38:ff:36:22:04:b89 +16 54M ess privacy rsn "MarlinGuest"! iwx0: - 38:ff:36:22:ce:b81 +17 54M ess privacy rsn "MarlinGuest"! iwx0: - 38:ff:36:23:09:a84 +20 54M ess privacy rsn "MarlinGuest"! iwx0: - 38:ff:36:23:09:ac 52 +40 54M ess privacy rsn "MarlinGuest"! ... iwx0: - f8:e7:1e:1b:85:f84 +23 54M ess privacy rsn "MarlinGuest"! ... iwx0: firmware has detected regulatory domain 'US' (0x5553) iwx0: SCAN -> AUTH iwx0: sending auth to 0a:ab:60:xx:xx:xx on channel 9 mode 11g iwx0: AUTH -> ASSOC iwx0: sending assoc_req to 0a:ab:60:xx:xx:xx on channel 9 mode 11g iwx0: ASSOC -> RUN iwx0: associated with 0a:ab:60:xx:xx:xx ssid "gnezdo" channel 9 start MCS 0 short preamble short slot time HT enabled iwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU iwx0: received msg 1/4 of the 4-way handshake from 0a:ab:60:xx:xx:xx iwx0: sending msg 2/4 of the 4-way handshake to 0a:ab:60:xx:xx:xx iwx0: received msg 3/4 of the 4-way handshake from 0a:ab:60:xx:xx:xx iwx0: sending msg 4/4 of the 4-way handshake to 0a:ab:60:xx:xx:xx iwx0: sending action to 0a:ab:60:xx:xx:xx on channel 9 mode 11n iwx0: sending action to 0a:ab:60:xx:xx:xx on channel 9 mode 11n iwx0: sending action to 0a:ab:60:xx:xx:xx on channel 9 mode 11n Any debugging clues? Thanks Greg
