Search Linux Wireless

RE: [mac80211]: wds link and Radius authentication issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I continue my investigation, and I think I found an interesting point.

	My AP have 3 bssid, the wlan0 is set in WPA-EAP, the wlan0_1 is set in WPA-PSK and the latest wlan0_2 is without security. It is useful for my test, I only need to change the sta configuration.

	I added some debug in  net/mac80211/tx.c

	When I use the BSSID set in WPA-PSK (this case works), the broadcast frames are sent through the netdev wlan0_1.sta1.
	When I use the BSSID set in WPA-EAP (this case doesn't work) the broadcast frames are sent through the netdev wlan0 (use fast_xmit path). But the wlan0.sta1 netdev is created in the system, added to the bridge, and received the frame from the bridge. But in this case the function ieee80211_lookup_ra_sta  return ENOLINK for wlan0.sta1 and the frame is dropped.

	So I think the issue is in transmit side, I don't why, but with WPA-EAP the mac80211 state seem different and the WDS doesn't work.

	Do you have any explanation or idea to locate the origin ?

	Regards. 

-----Message d'origine-----
De : Cedric VONCKEN <cedric.voncken@xxxxxxxxx> 
Envoyé : lundi 2 mars 2020 17:08
À : Cedric VONCKEN <cedric.voncken@xxxxxxxxx>; Johannes Berg <johannes@xxxxxxxxxxxxxxxx>; Steve deRosier <derosier@xxxxxxxxx>
Cc : linux-wireless@xxxxxxxxxxxxxxx
Objet : [mac80211]: wds link and Radius authentication issue

	Sorry I did some mistake in my configuration.

	The sta was not include in the bridge, because my configuration was wrong.

	Now My configuration is correct.
		I'm running mac80211 backport 5.4-rc8-1 on AP and sta (client)
		I was set the WDS feature on sta (the AP accept the wds sta, and automatically put it in my bridge)
		I bridged the sta with my ETH0
		The security policy was set to WPA-EAP (I tested PEAP-MSCHAPV2 and EAP-TLS)

	With this settings, the authentication is successful but I can't ping the AP from sta, and I can't ping the sta from AP.

	The origin of this issue is the broadcast frame format. These frames are sent in 3 addr mode, and the test in rx.c from driver/net/mac80211. In function __ieee80211_data_to_8023 drop these frame.
	I attach a pcap file, you can see the authentication, WPA exchange. The frame #205, #208, #213 .. are a broadcast/multicast frame sent from my AP. These frame are in 3 addr format (TO DS and FROM DS are not set to 1).

	In older version these frames are sent in 4addr format (but sent one time per station).

	So now where should I make a fix:
		- In transmit side, I should change the code to send the frame in 4addr format, but that can break another work (because I will send one frame per sta).
		- In Rx side, I should accept the broadcast frame in 3addr if the transmitter address is my peer (the sta or the bssid).

	I need your help to fix this issue.

	Thanks

Cedric Voncken.
-----Message d'origine-----
De : linux-wireless-owner@xxxxxxxxxxxxxxx <linux-wireless-owner@xxxxxxxxxxxxxxx> De la part de Cedric VONCKEN Envoyé : lundi 2 mars 2020 09:29 À : Johannes Berg <johannes@xxxxxxxxxxxxxxxx>; Steve deRosier <derosier@xxxxxxxxx> Cc : linux-wireless@xxxxxxxxxxxxxxx Objet : RE: [mac80211]: wds link and Radius authentication issue Yes I'm running mac80211 on both side.

I progress in understanding to this issue. After checked, the issue is different with different mac80211 version. With the backport 5.4-rc8-1, the driver level seem worked correctly. The hostapd (in AP side) didn't include the sta in the bridge when the security policy is WPA-PSK or WPA-EAP. With none policy the sta is correctly included.

Now I'm searching in hostpad.

-----Message d'origine-----
De : Johannes Berg <johannes@xxxxxxxxxxxxxxxx> Envoyé : vendredi 28 février 2020 10:37 À : Steve deRosier <derosier@xxxxxxxxx>; Cedric VONCKEN <cedric.voncken@xxxxxxxxx> Cc : linux-wireless@xxxxxxxxxxxxxxx Objet : Re: [mac80211]: wds link and Radius authentication issue

On Thu, 2020-02-27 at 17:26 -0800, Steve deRosier wrote:
> On Thu, Feb 27, 2020 at 9:37 AM Cedric VONCKEN <cedric.voncken@xxxxxxxxx> wrote:
> > Where can I found some information on how the wds system should 
> > work? I looked in 802.11-2012 standard and I didn't found any 
> > informations.
> > 
> 
> I think Wikipedia says it best:
> "WDS may be incompatible between different products (even occasionally 
> from the same vendor) since the IEEE 802.11-1999 standard does not 
> define how to construct any such implementations or how stations 
> interact to arrange for exchanging frames of this format. The IEEE
> 802.11-1999 standard merely defines the 4-address frame format that 
> makes it possible."

I think really what Cedric is asking is how this is/should be done with mac80211's 4-addr client/AP mode(s)?

Cedric, are you running mac80211 on both sides of the link, the AP and the (4-addr) client?

johannes
[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux