On Wed, Oct 28, 2015 at 8:32 PM, Dan Williams <dcbw@xxxxxxxxxx> wrote: > On Tue, 2015-10-27 at 15:05 -0500, Dan Williams wrote: >> On Wed, 2015-10-28 at 00:54 +0530, Krishna Chaitanya wrote: >> > On Wed, Oct 28, 2015 at 12:11 AM, Dan Williams <dcbw@xxxxxxxxxx> wrote: >> > > On Tue, 2015-10-27 at 18:16 +0100, simo wrote: >> > >> Hi, I am Simon and I am new in this mail list. >> > >> >> > >> I am experiencing problems enabling encryption key after creating an >> > >> IBSS network through wpa_supplicant. >> > > >> > > It looks like the error is coming from the kernel mac80211/cfg80211 WiFi >> > > stack in nl80211_key_allowed(). That function returns an error if there >> > > is not yet any "current_bss", which is probably the case here. To me it >> > > looks like a mismatch in expectations between the kernel and >> > > wpa_supplicant about how IBSS WEP is supposed to be configured. >> > > >> > > wpas_start_assoc_cb() - sets up parameters for IBSS create/join >> > > -- kernel cfg80211 has current_bss = NULL >> > > wpas_start_assoc_cb() calls wpa_set_wep_keys() >> > > -- kernel cfg80211 rejects set_keys request because current_bss == NULL >> > > wpas_start_assoc_cb() calls wpa_drv_associate() to being association >> > > -- kernel driver creates new IBSS, sends EVENT_IBSS_JOINED >> > > -- kernel cfg80211 calls __cfg80211_ibss_joined() and sets current_bss >> > > >> > > What's odd is that none of this code in the kernel or supplicant has >> > > really changed since early 2013, so its either been broken for a long >> > > time, or I'm missing something completely about when current_bss gets >> > > set. >> > > >> > > Dan >> > > >> > >> wlan0: Trying to associate with SSID 'my-net-302' >> > >> wlan0: Cancelling scan request >> > >> wlan0: WPA: clearing own WPA/RSN IE >> > >> wlan0: Automatic auth_alg selection: 0x1 >> > >> wlan0: WPA: clearing AP WPA IE >> > >> wlan0: WPA: clearing AP RSN IE >> > >> wlan0: WPA: clearing own WPA/RSN IE >> > >> wpa_driver_nl80211_set_key: ifindex=3 (wlan0) alg=1 addr=(nil) key_idx=0 >> > >> set_tx=1 seq_len=0 key_len=5 >> > >> nl80211: KEY_DATA - hexdump(len=5): [REMOVED] >> > >> nl80211: set_key failed; err=-67 Link has been severed) >> > > >> > > ^^^ the error >> > > <snip> >> > > >> > >> nl80211: Event message available >> > >> nl80211: Drv Event 43 (NL80211_CMD_JOIN_IBSS) received for wlan0 >> > >> nl80211: IBSS 12:24:21:59:87:d0 joined >> > >> nl80211: IBSS-joined on 2412 MHz >> > >> nl80211: Operating frequency for the associated BSS from scan results: >> > >> 2412 MHz >> > >> nl80211: IBSS on frequency 2412 MHz >> > >> wlan0: Event ASSOC (0) received >> > >> wlan0: State: ASSOCIATING -> ASSOCIATED >> > > >> > > Then reports success creating/joining the adhoc network. But of course, >> > > since the key set failed, the network is not encrypted. >> > set_key after association is successful, the failure before association >> > can be ignored. This is not a problem. >> > >> > >> > wlan0: State: ASSOCIATED -> COMPLETED >> > wlan0: Radio work 'connect'@0xfab20 done in 0.603215 seconds >> > wlan0: CTRL-EVENT-CONNECTED - Connection to 12:24:21:59:87:d0 completed >> > [id=0 id_str=] >> > nl80211: Set wlan0 operstate 0->1 (UP) >> > netlink: Operstate: ifindex=3 linkmode=-1 (no change), operstate=6 >> > (IF_OPER_UP) >> > wlan0: Cancelling scan request >> > wpa_driver_nl80211_set_key: ifindex=3 (wlan0) alg=1 addr=(nil) key_idx=0 >> > set_tx=1 seq_len=0 key_len=5 >> > nl80211: KEY_DATA - hexdump(len=5): [REMOVED] >> > RTM_NEWLINK: ifi_index=3 ifname=wlan0 operstate=6 linkmode=1 >> > ifi_family=0 ifi_flags=0x11043 ([UP][RUNNING][LOWER_ >> >> Ah, you are correct. IIRC some drivers don't really support setting the >> keys after IBSS create though, since they don't have a great way to >> update the IEs after the join has already happened. I wonder what >> driver the reporter is using? > > Before I wrote the above I was actually writing about how some drivers > don't allow setting the encryption key after the IBSS has been > created/joined, using libertas as an example. libertas firmware > requires the key to be given before/during the join operation otherwise > the IBSS beacons don't have any security stuff in them. > > And guess what? The reporter is using the 'libertas' driver... > cfg80211 support got added to the driver a while back, but I guess it > was somewhat incomplete. But also, it seems that wpa_supplicant expects > all nl80211/cfg80211 capable drivers to be able to set the key after a > join. So yay, this just isn't going to work. Its not a problem with wpa_supplicant, it is doing the set_key both before and after JOIN IBSS. But before joing the cfg80211 fails the set_key due to no connection. And the driver in this case rejects after JOIN. > Simo, the only recourse here is to use "-D wext" instead of "-D > nl80211", unfortunately... He mentioned earlier that wext is not working, so security cannot be set :-). _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap