Hi, Yes, I’ve seen that too. Recently it seemed to have gotten better, but the issue is still there. Although I’ve been searching for it, I’ve only come across a single observation which lead to an idea for a change. --------------------------- src/pae/ieee802_1x_kay.c --------------------------- index b0a418ef0..442d487f7 100644 @@ -1101,9 +1101,11 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant, * values (i.e., peer having copied my MI,MN * from either of the last two MKPDUs that I * have sent). */ - if (mn == participant->mn || - (participant->mn > 1 && - mn == participant->mn - 1)) + /* BUG: This is shown to be too tight. + * With packets being send/received out of + * sequence this assumption is not valid. + * Adjusted to three. */ + if (participant->mn + 3 >= mn) return true; } } I’ve created a test setup which allows you to experiment with this on a single linux host. https://gitlab.com/JaapKeuter/MACsec-sim Now it works fairly well with three nodes, but increasing to eight, for instance, shows the failure. Hope it helps. > On 21 Feb 2024, at 17:34, Moritz Wilhelmy <mw-hostap@xxxxxxxxxxx> wrote: > > Hello, > > Before I will probably have to bury this macsec project at work I want > to report what appears to be a bug to me in wpa_supplicant's macsec key > agreement (MKA) implementation: > > I have 3 machines: ed0, ed1 and ed2, they all share the same > wpa_supplicant.conf with the same values for MKA pre-shared keys and > systemd unit that starts wpa_supplicant. > > Sometimes when I reboot all machines it works fine on start up, when I > ping the IPv6 link local multicast address ff02::1%macsec0 I get > response packets from all three machines: > > ed0# ping ff02::1%macsec0 > PING ff02::1%macsec0(ff02::1%macsec0) 56 data bytes > 64 bytes from fe80::4801:e9ff:fe34:a268%macsec0: icmp_seq=1 ttl=64 time=0.117 ms > 64 bytes from fe80::747f:28ff:fedc:abaa%macsec0: icmp_seq=1 ttl=64 time=2.85 ms (DUP!) > 64 bytes from fe80::60a2:b8ff:fe98:ad8f%macsec0: icmp_seq=1 ttl=64 time=4.67 ms (DUP!) > ^C > > Other times one of the machines seems to have issues with key agreement > despite having the same shared key as the other machines (i.e. only one > DUP! response on pinging the multicast address): > > $ ssh ed1 > Warning: Permanently added 'fe80::4801:e9ff:fe34:a268%eno1' (ED25519) to the list of known hosts. > ed1# ping ff02::1%macsec0 > PING ff02::1%macsec0(ff02::1%macsec0) 56 data bytes > 64 bytes from fe80::4801:e9ff:fe34:a268%macsec0: icmp_seq=1 ttl=64 time=0.112 ms > 64 bytes from fe80::60a2:b8ff:fe98:ad8f%macsec0: icmp_seq=1 ttl=64 time=4.89 ms (DUP!) <--- second DUP! from the 3rd machine is missing > 64 bytes from fe80::4801:e9ff:fe34:a268%macsec0: icmp_seq=2 ttl=64 time=0.098 ms > 64 bytes from fe80::60a2:b8ff:fe98:ad8f%macsec0: icmp_seq=2 ttl=64 time=2.69 ms (DUP!) > ^C > --- ff02::1%macsec0 ping statistics --- > 2 packets transmitted, 2 received, +2 duplicates, 0% packet loss, time 1001ms > rtt min/avg/max/mdev = 0.098/1.947/4.890/1.999 ms > ed1# systemctl status wpa_supplicant > ● wpa_supplicant.service - WPA supplicant > Loaded: loaded (/lib/systemd/system/wpa_supplicant.service; enabled; vendor preset: disabled) > Active: active (running) since Sat 2024-02-10 16:07:19 UTC; 20s ago > Main PID: 496 (wpa_supplicant) > Tasks: 1 (limit: 404) > Memory: 4.9M > CGroup: /system.slice/wpa_supplicant.service > └─496 /usr/sbin/wpa_supplicant -u -i br0 -Dmacsec_linux -c /etc/wpa_supplicant.conf > > Feb 10 16:07:19 hostname systemd[1]: Starting WPA supplicant... > Feb 10 16:07:19 hostname wpa_supplicant[496]: Successfully initialized wpa_supplicant > Feb 10 16:07:19 hostname systemd[1]: Started WPA supplicant. > Feb 10 16:07:20 hostname wpa_supplicant[496]: br0: Associated with 01:80:c2:00:00:03 > Feb 10 16:07:20 hostname wpa_supplicant[496]: br0: CTRL-EVENT-CONNECTED - Connection to 01:80:c2:00:00:03 completed [id=0 id_str=] > Feb 10 16:07:20 hostname wpa_supplicant[496]: br0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 > Feb 10 16:07:26 hostname wpa_supplicant[496]: KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU > Feb 10 16:07:28 hostname wpa_supplicant[496]: KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU > Feb 10 16:07:30 hostname wpa_supplicant[496]: KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU > Feb 10 16:07:33 hostname wpa_supplicant[496]: KaY: Life time has not elapsed since prior SAK distributed > ed1# logout > Connection to fe80::4801:e9ff:fe34:a268%eno1 closed. > > $ ssh ed2 > Warning: Permanently added 'fe80::60a2:b8ff:fe98:ad8f%eno1' (ED25519) to the list of known hosts. > ed2# systemctl status wpa_supplicant > ● wpa_supplicant.service - WPA supplicant > Loaded: loaded (/lib/systemd/system/wpa_supplicant.service; enabled; vendor preset: disabled) > Active: active (running) since Sat 2024-02-10 16:01:48 UTC; 47s ago > Main PID: 496 (wpa_supplicant) > Tasks: 1 (limit: 404) > Memory: 4.8M > CGroup: /system.slice/wpa_supplicant.service > └─496 /usr/sbin/wpa_supplicant -u -i br0 -Dmacsec_linux -c /etc/wpa_supplicant.conf > > Feb 10 16:01:47 hostname systemd[1]: Starting WPA supplicant... > Feb 10 16:01:48 hostname wpa_supplicant[496]: Successfully initialized wpa_supplicant > Feb 10 16:01:48 hostname systemd[1]: Started WPA supplicant. > Feb 10 16:01:48 hostname wpa_supplicant[496]: br0: Associated with 01:80:c2:00:00:03 > Feb 10 16:01:48 hostname wpa_supplicant[496]: br0: CTRL-EVENT-CONNECTED - Connection to 01:80:c2:00:00:03 completed [id=0 id_str=] > Feb 10 16:01:48 hostname wpa_supplicant[496]: br0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 > Feb 10 16:01:54 hostname wpa_supplicant[496]: KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU > Feb 10 16:01:56 hostname wpa_supplicant[496]: KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU > ed2# logout > Connection to fe80::60a2:b8ff:fe98:ad8f%eno1 closed. > > $ ssh ed0 > Warning: Permanently added 'fe80::747f:28ff:fedc:abaa%eno1' (ED25519) to the list of known hosts. > ed0# systemctl status wpa_supplicant > ● wpa_supplicant.service - WPA supplicant > Loaded: loaded (/lib/systemd/system/wpa_supplicant.service; enabled; vendor preset: disabled) > Active: active (running) since Sat 2024-02-10 16:07:00 UTC; 54s ago > Main PID: 495 (wpa_supplicant) > Tasks: 1 (limit: 404) > Memory: 4.8M > CGroup: /system.slice/wpa_supplicant.service > └─495 /usr/sbin/wpa_supplicant -u -i br0 -Dmacsec_linux -c /etc/wpa_supplicant.conf > > Feb 10 16:07:06 hostname wpa_supplicant[495]: KaY: The peer (73cec9c3a974289e25a335a4) is not my live peer - ignore MACsec SAK Use param> > Feb 10 16:07:06 hostname wpa_supplicant[495]: KaY: Discarding Rx MKPDU: decode of parameter set type (3) failed > Feb 10 16:07:06 hostname wpa_supplicant[495]: KaY: The peer (73cec9c3a974289e25a335a4) is not my live peer - ignore MACsec SAK Use param> > Feb 10 16:07:06 hostname wpa_supplicant[495]: KaY: Discarding Rx MKPDU: decode of parameter set type (3) failed > Feb 10 16:07:07 hostname wpa_supplicant[495]: KaY: The peer (73cec9c3a974289e25a335a4) is not my live peer - ignore MACsec SAK Use param> > Feb 10 16:07:07 hostname wpa_supplicant[495]: KaY: Discarding Rx MKPDU: decode of parameter set type (3) failed > Feb 10 16:07:09 hostname wpa_supplicant[495]: KaY: The peer (73cec9c3a974289e25a335a4) is not my live peer - ignore MACsec SAK Use param> > Feb 10 16:07:09 hostname wpa_supplicant[495]: KaY: Discarding Rx MKPDU: decode of parameter set type (3) failed > Feb 10 16:07:11 hostname wpa_supplicant[495]: KaY: The peer (73cec9c3a974289e25a335a4) is not my live peer - ignore MACsec SAK Use param> > Feb 10 16:07:11 hostname wpa_supplicant[495]: KaY: Discarding Rx MKPDU: decode of parameter set type (3) failed > > ^^^^ seems to me that the culprit in this case is ed0 that somehow fell > out of sync with the others if I'm reading this right, but I didn't > write this software so perhaps you tell me :) > > Are you aware of/have you encountered this issue before? Is there any > known solution/software version where it's fixed? > > Here's some more context and diagnostical info: > > ed0# wpa_supplicant -v > wpa_supplicant v2.10 > Copyright (c) 2003-2022, Jouni Malinen <j@xxxxx> and contributors > > ed0# uname -a > Linux hostname 5.4.24 #1 SMP PREEMPT Thu Oct 7 08:39:19 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux > > ed0# cat /sys/class/net/br0/bridge/group_fwd_mask > 0x8 > > ed0# cat /etc/wpa_supplicant.conf > ctrl_interface=/var/run/wpa_supplicant > eapol_version=3 > ap_scan=0 > fast_reauth=1 > > network={ > key_mgmt=NONE > eapol_flags=0 > macsec_policy=1 > > mka_cak=35659df249c7c90fcaeb675ef59eb783 > mka_ckn=83f447da8078c18a7bae35851a0349384e9da84ab45a705f304731f3dc7fee > } > > > > The file is left as copied from the [RedHat introduction][1] with some > keys filled in where they belong and then copied identically to all > three machines. > > Sorry I had to edit the logs to remove the hostname, I've signed an NDA. > > Best regards, > > Moritz > > [1]: https://developers.redhat.com/blog/2017/06/28/whats-new-in-macsec-setting-up-macsec-using-wpa_supplicant-and-optionally-networkmanager# > > _______________________________________________ > Hostap mailing list > Hostap@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/hostap _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
