From: James Prestwood <prestwoj@gmail.com>
To: iwd@lists.01.org
Subject: Re: Cannot connect to SAE protected AP with iwd 1.16 and beyond
Date: Tue, 07 Sep 2021 14:18:38 -0700 [thread overview]
Message-ID: <f3fec57d587019ad7c23431da8a1932d5a7be3f4.camel@gmail.com> (raw)
In-Reply-To: <20210901185903.2717.42774@ml01.vlan13.01.org>
[-- Attachment #1: Type: text/plain, Size: 348 bytes --]
Hi Jesus,
We think we've identified the problem which ultimately is a bug in
hostapd. Luckily it can be worked around in IWD though. Attached is a
patch which should hopefully fix your connection problem. This patch is
also on the mailing list along with some others but in your case you
should only need this single one.
Thanks,
James
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-sae-don-t-send-commit-in-confirmed-state.patch --]
[-- Type: text/x-patch, Size: 1437 bytes --]
From 9964627c1e265567645cd07f5f71709073fcf2ca Mon Sep 17 00:00:00 2001
From: James Prestwood <prestwoj@gmail.com>
Date: Tue, 7 Sep 2021 14:04:07 -0700
Subject: [PATCH] sae: don't send commit in confirmed state
This works around a hostapd bug (described more in the TODO comment)
that deaths IWD if the initial commit is not acked. This behavior
has been identified in consumer access points and likely won't ever
be patched for older devices. Because of this IWD must work around
the problem which can be eliminated by not sending out this commit
message.
---
src/sae.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/sae.c b/src/sae.c
index fbd0298d..4eda9225 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -1165,7 +1165,18 @@ static int sae_verify_confirmed(struct sae_sm *sm, uint16_t trans,
sm->sync++;
sm->sc++;
- sae_send_commit(sm, true);
+ /*
+ * TODO: There is a bug in hostapd which deaths stations if a commit
+ * is received in an Accepted SAE state. This can be triggered if the
+ * STA's commit is not acked, which triggers a re-transmission, and
+ * ultimated causes the AP to death IWD.
+ *
+ * Since this bug is present in production APs out in the wild we must
+ * work around it by going against the spec (802.11-2020 12.4.8.6.5) and
+ * only send a confirm here.
+ *
+ * sae_send_commit(sm, true);
+ */
if (!sae_send_confirm(sm))
return -EPROTO;
--
2.31.1
next prev parent reply other threads:[~2021-09-07 21:18 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-27 8:05 Cannot connect to SAE protected AP with iwd 1.16 and beyond Jesus Gonzalez
2021-08-28 2:42 ` Denis Kenzior
2021-08-29 15:06 ` Jesus Gonzalez
2021-08-30 18:47 ` Jesus Gonzalez
2021-08-30 19:01 ` Denis Kenzior
2021-08-31 5:54 ` Jesus Gonzalez
2021-08-31 6:11 ` Paul Menzel
2021-09-01 13:05 ` Jesus Gonzalez
2021-08-31 13:24 ` Denis Kenzior
2021-09-01 13:09 ` Jesus Gonzalez
2021-09-01 15:51 ` Denis Kenzior
2021-09-01 18:59 ` Jesus Gonzalez
2021-09-01 20:54 ` Denis Kenzior
2021-09-07 21:18 ` James Prestwood [this message]
2021-09-08 8:41 ` Jesus Gonzalez
2021-09-08 16:44 ` James Prestwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f3fec57d587019ad7c23431da8a1932d5a7be3f4.camel@gmail.com \
--to=prestwoj@gmail.com \
--cc=iwd@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.