HI jouni,
>Could you please check whether you can reproduce this with the releases
v2.7? "v2.7-devel
- i ported changes from 2.7 to 2.7-devel as i cannot port all other
changes to 2.7. Still crash happened.
There is no crash log. all i get on target AP console is:
"[1] + Segmentation fault (core dumped) /usr/sbin/hostapd
/mnt/jffs2/hostapd.conf -d"
Hostapd.conf of target AP:
"
ssid=ssid_11k
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
wpa_passphrase=0123456789
...
..
mobility_domain=aaaa
nas_identifier=00xxxxF0CF07
r1_key_holder=00xxxxF0CF07
ft_over_ds=1
r0kh=00:xx:xx:F0:53:AD 00xxxxF053AD 00112233445566778899aabbccddeeff
r1kh=00:xx:xx:F0:53:AD 00:xx:xx:F0:53:AD 00112233445566778899aabbccddeeff
"
Same conf file works with hostapd-2.1. So i will not suspect it.
we are still using madwifi driver. After debugging, i found the issue
is with newly added "seq_num" in AP-AP communication over DS.
For pmk-R1 push mechanism, In wpa_ft_rrb_seq_chk(), checks for "if
(rkh_seq->rx.num_last == 0)" this is always true as "rkh_seq" is just
allocated and set to '0'. This causes wpa_ft_rrb_seq_chk() to returns
"DEFER". hacking it to return "OK" solves the issue as of now.
wpa_ft_rrb_rx_push() --- ( for some reason, AP-AP comm changed from
pull (while reporting bug) to push(while debugging) during my testing)
wpa_ft_rrb_rx_r1()
wpa_ft_rrb_lookup_r0kh() ---- it will allocate 0kh and set to '0'.
wpa_ft_rrb_seq_chk() ---- so obviously, r0kh->seq will be '0'
If above seq is not taken care in 2.7, i guess it will show similar symptom.
Does any hostapd configuration changes are required to support "seq num" ?
Thanks.
On Tue, Jan 22, 2019 at 4:02 AM Jouni Malinen <j@xxxxx> wrote:
>
> On Mon, Jan 14, 2019 at 04:06:40PM -0800, Abc Abc wrote:
> > I am working with hostapd version "v2.7-devel".
>
> Could you please check whether you can reproduce this with the releases
> v2.7? "v2.7-devel" was the temporary version string during a long period
> and it is difficult to know what the exact snapshot is here.
>
> > While doing fast BSS transition of iphone SE, using "FT_over_DS",
> > target AP hostapd crashes.
>
> Would you be able to run hostapd under valgrind or at least get a
> backtrace from the coredump for that crash?
>
> > Connect AP hostapd is running properly.
> >
> > Logs of connect AP and Target AP are attached.
>
> Could you please provide hostapd configuration files from the APs (with
> private key information, if any, masked out)?
>
> > From debugging, it appears target AP couldn't send "sequence request".
> > This sequence request is relatively new exchange compared to 2.1v.
> >
> > ---- on target AP ---
> > wpa_ft_pull_pmk_r1()
> > wpa_ft_rrb_seq_req()
> > wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth, NULL,
>
> That does not match the current hostap.git snapshot of v2.7 release. It
> would be better to debug this type of issues with the current version.
>
> > ---------------- target AP (07)------------
> > madwifi_hostapd_add_sta_node: auth_alg=2
>
> Where does this madwifi_hostapd_add_sta_node come from? The madwifi
> driver interface was dropped from hostapd in 2014 and the madwifi
> project itself did the last release in early 2008..
>
> --
> Jouni Malinen PGP id EFC895FA
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
