We have a wireless network with dynamically set wep keys on some sort of cisco APs. With compat-wireless-2008-04-22 I can reliably associate (dynamic wep, EAP-TTLS with phase 2 PAP auth) using wpa_supplicant-0.6.3. But I do not obtain a DHCP lease, and I'm suspecting that my outgoing packets are dropped by the AP. There was a similar thread on this list about one month ago (same topic), and Tomas Winkler wrote "Please validate that you are receiving two keys from a supplicant. The order should be first unicast then broadcast key." For the record, the AP sets the keys in the reverse order: wpa_supplicant -Dwext -iwlan0 -c /root/wpa_supplicant.conf -ddd [...] CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state SUCCESS EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:15:c6:5e:e5:70 RX EAPOL - hexdump(len=61): 01 03 00 39 01 00 0d 00 00 48 0f 65 c8 37 56 a8 32 17 1a 5f 38 4d 50 5b b9 11 13 4c 61 af 30 02 e0 29 39 c8 e4 ee e4 00 c8 e3 75 99 cf 2f 5c 72 31 b8 c8 e1 07 83 ff d9 01 82 08 6c 08 EAPOL: Received EAPOL-Key frame EAPOL: KEY_RX entering state KEY_RECEIVE EAPOL: processKey EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1 key_length=13 key_index=0x2 EAPOL: Successfully fetched key (len=64) EAPOL: EAPOL-Key key signature verified EAPOL: Decrypted(RC4) key - hexdump(len=13): [REMOVED] EAPOL: Setting dynamic WEP key: broadcast keyidx 2 len 13 wpa_driver_wext_set_key: alg=1 key_idx=2 set_tx=0 seq_len=0 key_len=13 RX EAPOL from 00:15:c6:5e:e5:70 RX EAPOL - hexdump(len=48): 01 03 00 2c 01 00 0d 00 00 48 0f 65 c8 37 57 71 cf 6b a3 b1 08 ce 88 d0 ca 0a 0c 00 84 7b c4 83 5e 20 c0 0d a2 f9 ce f0 94 5f 38 ee e7 7c 68 3a EAPOL: Received EAPOL-Key frame EAPOL: KEY_RX entering state KEY_RECEIVE EAPOL: processKey EAPOL: RX IEEE 802.1X ver=1 type=3 len=44 EAPOL-Key: type=1 key_length=13 key_index=0x83 EAPOL: Successfully fetched key (len=64) EAPOL: EAPOL-Key key signature verified EAPOL: using part of EAP keying material data encryption key - hexdump(len=13): [REMOVED] EAPOL: Setting dynamic WEP key: unicast keyidx 3 len 13 wpa_driver_wext_set_key: alg=1 key_idx=3 set_tx=128 seq_len=0 key_len=13 EAPOL: all required EAPOL-Key frames received WPA: EAPOL processing complete Cancelling scan request Cancelling authentication timeout State: ASSOCIATED -> COMPLETED [...] Finally, I'm enabling some TX debugging: echo 0x20800002 >> /sys/bus/pci/drivers/iwl4965/debug_level This is what I get in the log: Apr 22 19:02:56 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c Apr 22 19:02:56 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3 Apr 22 19:02:56 localhost dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 14 Apr 22 19:02:56 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x8003 retries 5 Apr 22 19:02:57 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(90 bytes) at rate 0x21c Apr 22 19:02:57 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3 Apr 22 19:02:57 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x8003 retries 4 Apr 22 19:03:01 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(90 bytes) at rate 0x21c Apr 22 19:03:01 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3 Apr 22 19:03:01 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2 Apr 22 19:03:12 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c Apr 22 19:03:12 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3 Apr 22 19:03:12 localhost dhclient: DHCPREQUEST on wlan0 to 255.255.255.255 port 67 Apr 22 19:03:12 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 0 Apr 22 19:03:17 localhost dhclient: DHCPREQUEST on wlan0 to 255.255.255.255 port 67 Apr 22 19:03:17 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c Apr 22 19:03:17 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3 Apr 22 19:03:17 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2 Apr 22 19:03:22 localhost dhclient: DHCPREQUEST on wlan0 to 255.255.255.255 port 67 Apr 22 19:03:22 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c Apr 22 19:03:22 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3 Apr 22 19:03:22 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2 Apr 22 19:03:28 localhost dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 6 Apr 22 19:03:28 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c Apr 22 19:03:28 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3 Apr 22 19:03:28 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2 Apr 22 19:03:34 localhost dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 9 Apr 22 19:03:34 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c Apr 22 19:03:34 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3 I thought the DHCP broadcast ought to be encrypted with the broadcast key (=keyidx 2)?? But its encrypted with the unicast key (keyidx 3). Or am I really confused here? Please let me know if you have any ideas to fix this! Cheers, Volker -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
