Thank you for replying.
On 4 October 2016 at 13:20, Bob Copeland <me@xxxxxxxxxxxxxxx> wrote:
> wpa_supplicant mostly isn't involved in HWMP besides installing the
> group keys - once peering is done, the kernel handles the rest.
But which kernel? I cannot upgrade to anything more recent than 3.4
without major hardware changes.
These are semi-embedded systems and I cannot control the hardware of
those hundreds systems in the field.
> Note there were a number of issues with encrypted networks not
> correctly implementing the standard that were resolved recently.
> These will cause backwards-compatibility issues, though I'm not
> sure if they landed in 2.6. The changes are:
>
> In wpa_supplicant:
> - an IGTK was installed whether or not ieee80211w was selected
> - said IGTK was also the MGTK instead of a separate key
> - AMPE element in peering frames didn't include IGTK (if desired)
> - AMPE element incorrectly included keys in peering close frames
I tried with ieee80211w explicitly disabled in the configuration file,
with the same result. Would it help to make more settings explicit?
> And in the kernel:
> - self-protected management frames (HWMP) were integrity protected
> (with that MGTK-as-IGTK) instead of encrypted with MGTK as required
> by the standard. This was fixed in 4.8.
So if I cannot use a 4.8 kernel, I will need to patch wpa_supplicant
to use the old (incorrect) implementation or find a kernel patch for
3.4.xxx?
> Do you have all of the devices on the same wpa_supplicant version?
Of course.
Kind regards,
jer
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
