hostapd, hostap, prism2 and WPA

Michael Smith msmith
Mon Jun 27 14:33:22 PDT 2005 

Hi,

I've set up hostapd and wpa_supplicant 0.4.3 with madwifi-bsd on Linux 
2.6.11.11, using WPA2-PSK and CCMP, and that seems happy.

Now when I try to replicate it using a PCMCIA prism2 card, I run into 
problems. If the master reboots, the station doesn't seem to notice. 
Forcing a reassociation (wpa_cli reassoc) usually fixes it. I've seen some 
cases where it didn't, but I'm having trouble duplicating that now.

I've tried WPA2-PSK and CCMP, WPA2-PSK and TKIP, and WPA-PSK and TKIP. 
I've also tried station firmware 1.8.4 and 1.7.4, but it doesn't seem to 
make much difference, although 1.8.4 seems to have other problems.

With WPA2-PSK+CCMP+1.8.4, I see this on the station when it connects to 
the master:

Jun 27 21:13:57 wi-client kernel: wlan0: Trying to join BSSID 00:02:6f:xx:xx:98
Jun 27 21:13:57 wi-client kernel: wifi0: LinkStatus=1 (Connected)
Jun 27 21:13:57 wi-client kernel: wifi0: LinkStatus: BSSID=00:02:6f:xx:xx:98
Jun 27 21:13:57 wi-client kernel: hostap_crypt: registered algorithm 'CCMP'

When I reboot the master, I don't get any LinkStatus=2 (Disconnected) 
messages on the station. If I start pinging the station from the master, I 
see this on the station:

Jun 27 21:14:38 wi-client kernel: CCMP: replay detected: 
STA=00:02:6f:xx:xx:98 previous PN 000000000004 received PN 000000000001
Jun 27 21:14:38 wi-client kernel: wifi0: decryption failed (SA=00:02:6f:xx:xx:98) res=-4
Jun 27 21:14:38 wi-client kernel: CCMP: replay detected: 
STA=00:02:6f:xx:xx:98 previous PN 000000000004 received PN 000000000002
...
Jun 27 21:15:30 wi-client kernel: CCMP: replay detected: 
STA=00:02:6f:xx:xx:98 previous PN 000000000004 received PN 000000000004
Jun 27 21:15:30 wi-client kernel: wifi0: decryption failed (SA=00:02:6f:xx:xx:98) res=-4
Jun 27 21:15:31 wi-client kernel: CCMP: decrypt failed: STA=00:02:6f:xx:xx:98
Jun 27 21:15:31 wi-client kernel: wifi0: decryption failed (SA=00:02:6f:xx:xx:98) res=-5
Jun 27 21:15:32 wi-client kernel: CCMP: decrypt failed: STA=00:02:6f:xx:xx:98

In this case "wpa_cli reassoc" fixes the problem. Is there something I 
could do that would allow the station to figure out when the master is 
dead? madwifi checks for missed beacons. I don't see any code for that in 
HostAP, but I'm pretty sure think my stations were able to recover from a 
rebooted master when I was just using HostAP+WEP.

BTW, I noticed some settings (set by wpa_supplicant and hostapd) don't 
match on client and server:

station# iwpriv wlan0 getwpa -> 1
station# iwpriv wlan0 getdrop_unencry -> 1
station# prism2_param wlan0 ap_auth_algs -> 1
station# prism2_param wlan0 ieee_802_1x -> 0

master# iwpriv wlan0 getwpa -> 0
master# iwpriv wlan0 getdrop_unencry -> 0
master# prism2_param wlan0 ap_auth_algs -> 3
master# prism2_param wlan0 ieee_802_1x -> 1

I tried setting wpa=1 on the master, but it didn't make a difference.
Setting drop_unencry=1 broke the authentication process.

Mike

More information about the Hostap mailing list