archive mirror
 help / color / mirror / Atom feed
From: James Prestwood <>
To: "" <>
Subject: BUG: brcmfmac fails to connect after offload connection
Date: Wed, 24 Mar 2021 14:30:35 -0700	[thread overview]
Message-ID: <> (raw)


I discovered this bug where, after an offloaded connection (SAE/WPA3 in
my case), the kernel/driver/firmware can no longer connect via non-
offload means. This is due to the firmware no longer forwarding eapol
frames so the supplicant cannot complete the 4-way handshake. I am
testing on a Raspberry Pi 3 B+ (BCM43438). To reproduce:

1. Connect initially to a WPA3 network using SAE_OFFLOAD. This is done
with CMD_CONNECT using the SAE_PASSWORD attribute. This works as

2. Disconnect from WPA3 network

3. Connect to another network without using offload. In my case I am
connecting to a WPA2 network using CMD_CONNECT but not including
ATTR_PMK. This will rely on the supplicant doing the 4-way in

Expected behavior: Connecting to the 2nd WPA2 network using non-offload 
should work.

Actual behavior: Connection/4-way times out due to the firmware not
forwarding any eapol frames to userspace.

The only way to 'fix' this situation is to fully reboot the device and
reload the firmware. Once the firmware is 'fresh' it can do non-offload 
connections without issues. It is only after you do a single offload
connection the firmware gets stuck in this state where it no longer
forwards eapol frames to userspace.

I asked a question some time ago about a suspicious wording in the
nl80211 docs regarding offload and that some hardware may not support
the 4-way in userspace. I'm curious if maybe offload/non-offload is not
intended to be used together. It would sure be nice to get an answer to
that question. Maybe this issue is not really a bug, but a consequence
of using non-offload/offload together? Anyways, hopefully this reaches
the right people.


                 reply	other threads:[~2021-03-24 21:31 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).