When hostapd 2.7 is configured for FT over-the-DS mode, performing an FT roam back to a previously-connected AP gives the following error in hostapd: nl80211: NL80211_CMD_SET_STATION result: -22 (Invalid argument) wlan01: STA 06:05:04:03:02:01 IEEE 802.11: Could not set STA to kernel driver This results in hostapd refusing the reassociation request with code 17 (Association denied because AP is unable to handle additional associated stations). The kernel driver in this case is the ath10k (4.19). In add_associated_sta() in ieee802_11.c, there is a conditional that resets the wpa sm (required for FT over-the-DS mode as there is no authentication frame to reset the wpa sm), but only if the STA is not authorized. The STA is not authorized when performing an FT roam to a new AP, but it is authorized when roaming back to a previously-connected AP. Therefore, any FT over-the-DS roams to new APs will work correctly, and FT over-the-DS roams to previously-connected (authorized) APs will fail. The patch below appears to fix this issue, validated after performing several thousand FT over-the-air and over-the-DS roams with our automated test bed. However, I am hesitant to submit it in this form as it may affect FILS (which we are not currently using) or possibly KRACK: diff -Naur orig/hostap_2_7/src/ap/ieee802_11.c new/hostap_2_7/src/ap/ieee802_11.c --- orig/hostap_2_7/src/ap/ieee802_11.c 2018-12-02 12:34:59.000000000 -0700 +++ new/hostap_2_7/src/ap/ieee802_11.c 2018-12-28 23:41:00.394507047 -0700 @@ -2808,10 +2808,11 @@ * TK has been configured since the TX/RX PN must not be reset to 0 for * the same key. */ - if (!sta->added_unassoc && - (!(sta->flags & WLAN_STA_AUTHORIZED) || + + /* do not check for WLAN_STA_AUTHORIZED for FT-over-the-DS */ + if (!sta->added_unassoc || (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) && - !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) { + !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm))) { hostapd_drv_sta_remove(hapd, sta->addr); wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); set = 0; Not sure if FT roaming to a previous AP is included in the unit tests. If not, it might be a good idea to add it. Best regards, Dennis Bland _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap