wpa_supplicant fails with ndiswrapper andmadwifi driver for Atheros 802.11a/b/g card

Jouni Malinen jkmaline
Sat Nov 20 21:04:04 PST 2004


On Wed, Nov 10, 2004 at 12:19:06PM -0800, Michael Reilly wrote:

> >>I have a Cisco CB21AG card which is based on the Atheros 802.11a/b/g chip 
> >>(5212 I think it is called).  The card has a PCI id of vendor 0x168c, 
> >>device 0x0013.
> >>
> >>wpa_supplicant fails when I try to use WPA-PSK.  I downloaded a trial 
> >>copy of driverloader and it works fine.

> 	ndiswrapper: driver ar5211.sys (,12/03/2003,2.4.2.33) added

I tested with another AR5212-based a/b/g card and the same driver
version (2.4.2.33) using the current CVS snapshot of ndiswrapper and
Linux 2.4.28. This worked in my tests with WPA-PSK. In couple of test
cases with Linksys WRT54G as the AP, it took few attempts to get group
key handshake completed, though. This may be some kind of timing related
issue with the client not receiving encrypted frames immediately after
the keys have been configured. The tests with another AP (Gateway
7001ag) were succeeded on the first try. This AP has a longer timeout
for group key handshake, which could explain the behavior.

WPA-RADIUS (key_mgmt=WPA+IEEE 802.1X) was not apparently implemented at
all in ndiswrapper (I would assume it was just forgotten). I added
support for it and this seemed to allow association and completion of
IEEE 802.1X + WPA authentication. The attached patch against the
ndiswrapper CVS was enough to get this working and it would be nice to
see it being added to the next ndiswrapper release.

I tested this with both Atheros and Broadcom based cards. There seems to
be some issues with both cards as far as reliability in getting packets
through during the authentication is concerned.. Some of the IEEE 802.1X
packets seem to disappear and I needed to use shorter EAPOL state
machine timeouts to get authentication more reliable. Another issue was
the failure in getting group key handshake done in some test runs that I
mentioned above.

-- 
Jouni Malinen                                            PGP id EFC895FA
-------------- next part --------------
Index: driver/iw_ndis.c
===================================================================
RCS file: /cvsroot/ndiswrapper/ndiswrapper/driver/iw_ndis.c,v
retrieving revision 1.79
diff -u -p -r1.79 iw_ndis.c
--- driver/iw_ndis.c	13 Nov 2004 04:56:27 -0000	1.79
+++ driver/iw_ndis.c	21 Nov 2004 04:49:35 -0000
@@ -1523,6 +1523,7 @@ static int wpa_associate(struct net_devi
 		 wpa_assoc_info.key_mgmt_suite,
 		 wpa_assoc_info.pairwise_suite, wpa_assoc_info.group_suite);
 	if (wpa_assoc_info.key_mgmt_suite != KEY_MGMT_PSK &&
+	    wpa_assoc_info.key_mgmt_suite != KEY_MGMT_802_1X &&
 	    wpa_assoc_info.key_mgmt_suite != KEY_MGMT_NONE)
 		TRACEEXIT(return -EINVAL);
 
@@ -1555,6 +1556,11 @@ static int wpa_associate(struct net_devi
 			TRACEEXIT(return -EINVAL);
 		auth_mode = AUTHMODE_WPAPSK;
 		break;
+	case KEY_MGMT_802_1X:
+		if (!test_bit(CAPA_WPA, &handle->capa))
+			TRACEEXIT(return -EINVAL);
+		auth_mode = AUTHMODE_WPA;
+		break;
 	case KEY_MGMT_NONE:
 		if (wpa_assoc_info.group_suite != CIPHER_WEP104 &&
 		    wpa_assoc_info.group_suite != CIPHER_WEP40)



More information about the Hostap mailing list