Sorry I did some mistake in my configuration. The sta was not include in the bridge, because my configuration was wrong. Now My configuration is correct. I'm running mac80211 backport 5.4-rc8-1 on AP and sta (client) I was set the WDS feature on sta (the AP accept the wds sta, and automatically put it in my bridge) I bridged the sta with my ETH0 The security policy was set to WPA-EAP (I tested PEAP-MSCHAPV2 and EAP-TLS) With this settings, the authentication is successful but I can't ping the AP from sta, and I can't ping the sta from AP. The origin of this issue is the broadcast frame format. These frames are sent in 3 addr mode, and the test in rx.c from driver/net/mac80211. In function __ieee80211_data_to_8023 drop these frame. I attach a pcap file, you can see the authentication, WPA exchange. The frame #205, #208, #213 .. are a broadcast/multicast frame sent from my AP. These frame are in 3 addr format (TO DS and FROM DS are not set to 1). In older version these frames are sent in 4addr format (but sent one time per station). So now where should I make a fix: - In transmit side, I should change the code to send the frame in 4addr format, but that can break another work (because I will send one frame per sta). - In Rx side, I should accept the broadcast frame in 3addr if the transmitter address is my peer (the sta or the bssid). I need your help to fix this issue. Thanks Cedric Voncken. -----Message d'origine----- De : linux-wireless-owner@xxxxxxxxxxxxxxx <linux-wireless-owner@xxxxxxxxxxxxxxx> De la part de Cedric VONCKEN Envoyé : lundi 2 mars 2020 09:29 À : Johannes Berg <johannes@xxxxxxxxxxxxxxxx>; Steve deRosier <derosier@xxxxxxxxx> Cc : linux-wireless@xxxxxxxxxxxxxxx Objet : RE: [mac80211]: wds link and Radius authentication issue Yes I'm running mac80211 on both side. I progress in understanding to this issue. After checked, the issue is different with different mac80211 version. With the backport 5.4-rc8-1, the driver level seem worked correctly. The hostapd (in AP side) didn't include the sta in the bridge when the security policy is WPA-PSK or WPA-EAP. With none policy the sta is correctly included. Now I'm searching in hostpad. -----Message d'origine----- De : Johannes Berg <johannes@xxxxxxxxxxxxxxxx> Envoyé : vendredi 28 février 2020 10:37 À : Steve deRosier <derosier@xxxxxxxxx>; Cedric VONCKEN <cedric.voncken@xxxxxxxxx> Cc : linux-wireless@xxxxxxxxxxxxxxx Objet : Re: [mac80211]: wds link and Radius authentication issue On Thu, 2020-02-27 at 17:26 -0800, Steve deRosier wrote: > On Thu, Feb 27, 2020 at 9:37 AM Cedric VONCKEN <cedric.voncken@xxxxxxxxx> wrote: > > Where can I found some information on how the wds system should > > work? I looked in 802.11-2012 standard and I didn't found any > > informations. > > > > I think Wikipedia says it best: > "WDS may be incompatible between different products (even occasionally > from the same vendor) since the IEEE 802.11-1999 standard does not > define how to construct any such implementations or how stations > interact to arrange for exchanging frames of this format. The IEEE > 802.11-1999 standard merely defines the 4-address frame format that > makes it possible." I think really what Cedric is asking is how this is/should be done with mac80211's 4-addr client/AP mode(s)? Cedric, are you running mac80211 on both sides of the link, the AP and the (4-addr) client? johannes
Attachment:
NOK.pcapng
Description: NOK.pcapng