Hi, I have observed some behavior related to OWE where hostapd and the station cannot connect if the associate request ACK is never received by the station: 1. Station sends Association request 2. Hostapd receives this, derives its side of the keys and replies 3. Station never receives an ACK from the association request, kernel retransmits. 4. Hostapd receives the retransmit, treats it as a new association and re-derives the keys. 5. Station gets hostapd's first Association response via CMD_CONNECT, unknown what ever happened to the second association response, likely dropped by the kernel since it already sent CMD_CONNECT to userspace. 6. Now the STA derives its keys based on hostapd's first association response, and hostapd derived its keys based on its second. This results in the 4-way failing. I can think of only two possible ways to fix this: a) Have the kernel tell userspace of the retransmit, and of a new association response (an additional CMD_CONNECT event?). This assumes the second response actually made it and wasn't lost. This would end up being quite a burden on both the kernel and userspace to handle this case. Better would be... b) Have hostapd treat additional association requests as retransmits. For OWE specifically you can all but guarantee it was a retransmit if the DH IE is identical. I can't seem to find anything in 802.11 about retransmitting management frames, so hostapd isn't doing anything wrong as far as the spec is concerned... But I think the behavior could be improved by treating identical associate requests as retransmits. Below is a log of the behavior (just the two association requests). Thanks, James nl80211: Event message available nl80211: BSS Event 59 (NL80211_CMD_FRAME) received for wln1 nl80211: MLME event 59 (NL80211_CMD_FRAME) on wln1(02:00:00:00:f1:00) A1=02:00:00:00:f1:00 A2=02:00:00:00:04:00 nl80211: MLME event frame - hexdump(len=144): 00 00 3a 01 02 00 00 00 f1 00 02 00 00 00 04 00 02 00 00 00 f1 00 10 00 31 14 05 00 00 0a 6f 77 65 2d 68 69 64 64 65 6e 01 04 02 04 0b 16 21 02 00 14 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 12 80 00 46 05 70 00 00 00 00 7f 0a 04 00 48 00 01 00 00 40 00 01 ff 33 20 14 00 1a 42 02 07 6d 8c bf 5b 4f b0 c7 3a 76 54 11 74 77 88 50 fd 2c 9e 33 ac 56 f8 5c 92 34 c4 14 37 a8 63 50 5a 3c 4a 72 02 63 03 fc 5e 60 3e 1b 99 nl80211: Frame event nl80211: RX frame da=02:00:00:00:f1:00 sa=02:00:00:00:04:00 bssid=02:00:00:00:f1:00 freq=2412 ssi_signal=-30 fc=0x0 seq_ctrl=0x10 stype=0 (WLAN_FC_STYPE_ASSOC_REQ) len=144 wln1: Event RX_MGMT (18) received mgmt::assoc_req association request: STA=02:00:00:00:04:00 capab_info=0x1431 listen_interval=5 seq_ctrl=0x10 OWE: DH shared secret - hexdump(len=48): 69 b3 37 8a 66 32 77 58 f7 09 29 19 0a b6 2d 72 3b da 78 ef 5c f9 3e 72 6c a1 19 c9 f5 12 46 da a7 47 a2 f2 43 e3 31 ff cb a7 4d cb 5b 6a 00 97 OWE: prk - hexdump(len=48): 7e a5 bc f2 04 a9 bd 88 96 ea 51 0e 44 5a 2a 5d bc 2f a3 d0 9c 73 7e f0 92 fb 8f 6d 90 d6 f1 ab e4 a5 d6 4d da 3b 8c a8 1a 00 ff c2 a2 08 7f ef OWE: PMK - hexdump(len=48): 0a 4c 39 38 9c fb f6 78 34 73 7d f8 3e 55 09 ac 80 74 df 6c 32 09 94 a3 27 f9 9e bf be 21 cd 26 c9 93 b1 03 fe b1 80 c9 7f 84 ac 1a 61 79 0a b1 OWE: PMKID - hexdump(len=16): 92 24 fd 91 53 3c ae a7 22 5d 3e e0 2d b3 7b 73 RSN: Cache PMK (2) - hexdump(len=32): 0a 4c 39 38 9c fb f6 78 34 73 7d f8 3e 55 09 ac 80 74 df 6c 32 09 94 a3 27 f9 9e bf be 21 cd 26 RSN: added PMKSA cache entry for 02:00:00:00:04:00 RSN: added PMKID - hexdump(len=16): 92 24 fd 91 53 3c ae a7 22 5d 3e e0 2d b3 7b 73 new AID 1 wln1: STA 02:00:00:00:04:00 IEEE 802.11: association OK (aid 1) Add associated STA 02:00:00:00:04:00 (added_unassoc=1 auth_alg=0 ft_over_ds=0 reassoc=0 authorized=0 ft_tk=0 fils_tk=0) nl80211: Set STA 02:00:00:00:04:00 * supported rates - hexdump(len=4): 02 04 0b 16 * capability=0x1431 * aid=1 * listen_interval=5 * flags set=0xb4 mask=0xb4 nl80211: send_mlme - da=02:00:00:00:04:00 noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 no_encrypt=0 fc=0x10 (WLAN_FC_STYPE_ASSOC_RESP) nlmode=3 nl80211: send_mlme - Use bss->freq=2412 nl80211: send_mlme -> send_frame_cmd nl80211: CMD_FRAME freq=2412 wait=0 no_cck=0 no_ack=0 offchanok=0 CMD_FRAME - hexdump(len=126): 10 00 00 00 02 00 00 00 04 00 02 00 00 00 f1 00 02 00 00 00 f1 00 00 00 11 00 00 00 01 c0 01 04 82 84 0b 16 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 12 80 00 7f 08 04 00 40 02 00 00 00 40 5a 03 24 01 00 ff 33 20 14 00 8f 92 f6 29 68 27 be 82 cc f8 19 de 8b 2f c6 fc 54 7a 4b e5 c4 fa 24 dd fe b0 62 a6 ce 70 43 a1 b3 5a 7c 4d 7e 0e 4a a7 a8 fb 32 8d ad 0d 62 b5 nl80211: Frame TX command accepted; cookie 0x1c nl80211: Event message available nl80211: BSS Event 59 (NL80211_CMD_FRAME) received for wln1 nl80211: MLME event 59 (NL80211_CMD_FRAME) on wln1(02:00:00:00:f1:00) A1=02:00:00:00:f1:00 A2=02:00:00:00:04:00 nl80211: MLME event frame - hexdump(len=144): 00 00 3a 01 02 00 00 00 f1 00 02 00 00 00 04 00 02 00 00 00 f1 00 20 00 31 14 05 00 00 0a 6f 77 65 2d 68 69 64 64 65 6e 01 04 02 04 0b 16 21 02 00 14 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 12 80 00 46 05 70 00 00 00 00 7f 0a 04 00 48 00 01 00 00 40 00 01 ff 33 20 14 00 1a 42 02 07 6d 8c bf 5b 4f b0 c7 3a 76 54 11 74 77 88 50 fd 2c 9e 33 ac 56 f8 5c 92 34 c4 14 37 a8 63 50 5a 3c 4a 72 02 63 03 fc 5e 60 3e 1b 99 nl80211: Frame event nl80211: RX frame da=02:00:00:00:f1:00 sa=02:00:00:00:04:00 bssid=02:00:00:00:f1:00 freq=2412 ssi_signal=-30 fc=0x0 seq_ctrl=0x20 stype=0 (WLAN_FC_STYPE_ASSOC_REQ) len=144 wln1: Event RX_MGMT (18) received mgmt::assoc_req association request: STA=02:00:00:00:04:00 capab_info=0x1431 listen_interval=5 seq_ctrl=0x20 OWE: DH shared secret - hexdump(len=48): 5f 35 1f f4 c0 12 52 25 19 6d 23 9b 9f 32 ce 71 85 63 3f 5c 00 67 8d f8 ab 3b c3 a9 45 c3 c7 e6 3d fb 7b e6 ce 51 b6 7e d9 45 e7 4b 49 1f ab a5 OWE: prk - hexdump(len=48): a9 c2 82 30 2d 3e d0 e3 fc 12 54 00 c0 14 43 20 5c c2 09 f8 cb 61 5a 5b 70 fa db 5d ef d3 7e 9f c6 6a f1 8a 6a 8a 9f cd dc b3 08 f5 0e 1d 63 00 OWE: PMK - hexdump(len=48): 97 24 46 fa 14 b7 ab 49 d9 4b 79 0e 60 03 07 ef be 7a a0 3d 5e 7d 5d ec 4a d6 72 81 69 5e 1c 56 78 3c 3a 87 bb 6b ee 8a ea cc c1 75 e2 02 69 4d OWE: PMKID - hexdump(len=16): ea ec 26 0b 5a 2f 8a 32 03 dd f5 30 a0 1e 29 fd RSN: Cache PMK (2) - hexdump(len=32): 97 24 46 fa 14 b7 ab 49 d9 4b 79 0e 60 03 07 ef be 7a a0 3d 5e 7d 5d ec 4a d6 72 81 69 5e 1c 56 RSN: added PMKSA cache entry for 02:00:00:00:04:00 RSN: added PMKID - hexdump(len=16): ea ec 26 0b 5a 2f 8a 32 03 dd f5 30 a0 1e 29 fd old AID 1 wln1: STA 02:00:00:00:04:00 IEEE 802.11: association OK (aid 1) Add associated STA 02:00:00:00:04:00 (added_unassoc=0 auth_alg=0 ft_over_ds=0 reassoc=0 authorized=0 ft_tk=0 fils_tk=0) nl80211: sta_remove -> DEL_STATION wln1 02:00:00:00:04:00 --> 0 (Success) wln1: STA 02:00:00:00:04:00 WPA: event 8 notification nl80211: Add STA 02:00:00:00:04:00 * supported rates - hexdump(len=4): 02 04 0b 16 * capability=0x1431 * aid=1 * listen_interval=5 * flags set=0xb4 mask=0xb4 nl80211: send_mlme - da=02:00:00:00:04:00 noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 no_encrypt=0 fc=0x10 (WLAN_FC_STYPE_ASSOC_RESP) nlmode=3 nl80211: send_mlme - Use bss->freq=2412 nl80211: send_mlme -> send_frame_cmd nl80211: CMD_FRAME freq=2412 wait=0 no_cck=0 no_ack=0 offchanok=0 CMD_FRAME - hexdump(len=126): 10 00 00 00 02 00 00 00 04 00 02 00 00 00 f1 00 02 00 00 00 f1 00 00 00 11 00 00 00 01 c0 01 04 82 84 0b 16 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 12 80 00 7f 08 04 00 40 02 00 00 00 40 5a 03 24 01 00 ff 33 20 14 00 d6 65 94 1e 4f 40 e0 85 8a 2f c4 9b 78 fa c8 0c e6 7e 15 cb 1f 68 ca 8e c4 dd 3a 18 71 4f 8d 4f 4d 5c 49 57 24 05 58 72 fd fd 17 b2 a7 43 75 7d nl80211: Frame TX command accepted; cookie 0x1d _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
