hostapd and encryption

Markus Ritzer fdsag
Sun May 11 12:13:10 PDT 2008 

>
> Configuring WPA in hostapd should have been enough.. I would have
> expected that to make madwifi reject open connections without any
> additional steps. Could you please send debug log from hostapd (-dd on
> command line) showing a client connecting without WPA when hostapd is
> configured to use WPA?

First of all, sorry for not responding for so long! I wasn't at home for 
some days.

I noticed the following: When I started hostapd at boot time, encryption 
didn't work (or it accepted unencrypted connections, too), but when I 
killed hostapd and restarted it, only encrypted connections were 
allowed. I tried to start it with -dd and here is a part of the output:

Configuration file: /etc/hostapd/hostapd.conf
Line 43: DEPRECATED: 'debug' configuration variable is not used anymore
ctrl_interface_group=0
madwifi_set_iface_flags: dev_up=0
madwifi_set_privacy: enabled=0
BSS count 1, BSSID mask ff:ff:ff:ff:ff:ff (0 bits)
SIOCGIWRANGE: WE(compiled)=22 WE(source)=13 enc_capa=0xf
ath0: IEEE 802.11 Fetching hardware channel/rate support not supported.
Flushing old station entries
madwifi_sta_deauth: addr=ff:ff:ff:ff:ff:ff reason_code=3
ioctl[IEEE80211_IOCTL_SETMLME]: Invalid argument
madwifi_sta_deauth: Failed to deauth STA (addr ff:ff:ff:ff:ff:ff reason 3)
Could not connect to kernel driver.
Deauthenticate all stations
madwifi_set_privacy: enabled=0
madwifi_del_key: addr=00:00:00:00:00:00 key_idx=0
madwifi_del_key: addr=00:00:00:00:00:00 key_idx=1
madwifi_del_key: addr=00:00:00:00:00:00 key_idx=2
madwifi_del_key: addr=00:00:00:00:00:00 key_idx=3
Using interface ath0 with hwaddr 00:19:e0:83:b8:48 and ssid 'MARKUS'
SSID - hexdump_ascii(len=6):
     4d 41 52 4b 55 53                                 MARKUS         
PSK (ASCII passphrase) - hexdump_ascii(len=14):
     4d 41 52 4b 55 53 31 38 31 32 31 39 38 32         MARKUS18121982 
PSK (from passphrase) - hexdump(len=32): 06 4b 39 a6 54 8f c6 eb 24 a8 
68 0e 36 e4 a1 4c 30 5b cb 2a a0 7b 11 b1 e6 25 b7 3d c1 13 e0 ca
madwifi_set_ieee8021x: enabled=1
madwifi_configure_wpa: group key cipher=3
madwifi_configure_wpa: pairwise key ciphers=0x8
madwifi_configure_wpa: key management algorithms=0x2
madwifi_configure_wpa: rsn capabilities=0x0
madwifi_configure_wpa: enable WPA=0x1
WPA: group state machine entering state GTK_INIT (VLAN-ID 0)
GMK - hexdump(len=32): [REMOVED]
GTK - hexdump(len=16): [REMOVED]
WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0)
madwifi_set_key: alg=CCMP addr=00:00:00:00:00:00 key_idx=1
madwifi_set_privacy: enabled=1
madwifi_set_iface_flags: dev_up=1
ath0: Setup of interface done.
l2_packet_receive - recvfrom: Network is down
Wireless event: cmd=0x8b1a len=15
l2_packet_receive - recvfrom: Network is down
Wireless event: cmd=0x8c03 len=20
ath0: STA 00:08:a1:a1:8e:10 IEEE 802.11: associated
  New STA
madwifi req WPA IE - hexdump(len=256): 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00
madwifi req RSN IE - hexdump(len=256): 12 c7 27 09 00 00 96 02 00 00 6a 
c1 2e c0 00 00 00 00 00 88 12 c7 6a c1 2e c0 0b 00 00 00 c4 8b 12 c7 00 
00 00 00 09 00 00 00 c4 8b 12 c7 00 00 00 00 00 00 00 00 00 00 00 00 00 
88 12 c7 00 00 00 00 00 00 49 00 00 88 12 c7 30 3e 8f c9 30 3e 8f c9 40 
cf 7d c0 00 00 49 c1 b0 3d 8f c9 00 00 49 c1 e5 a5 5c c0 a0 d1 84 cd 40 
7f 20 c1 58 01 49 c1 01 00 00 00 00 00 00 00 01 00 00 00 98 aa e2 c2 94 
b2 11 c0 00 08 00 00 d8 93 11 c0 1c 4d 20 c1 b0 45 92 cf e0 22 1d a3 f8 
12 00 00 01 00 00 00 00 00 00 00 a8 45 92 cf 00 4d 20 c1 01 00 00 00 00 
4d 20 c1 a8 45 92 cf 00 00 00 00 bb 8e 11 c0 a8 45 92 cf 2d 31 01 00 00 
00 00 00 d7 8a 11 c0 46 6e 4e a4 f8 12 00 00 66 1e 00 00 00 00 00 00 01 
00 00 00 a8 45 92 cf 00 4d 20 c1 40 5c 20 c1 00 00 00 00 90 47 92 cf a0 
d1 84 cd 00 80
No WPA/RSN information element for station!?
Wireless event: cmd=0x8c02 len=95
Custom wireless event: 'STA-TRAFFIC-STAT
mac=00:08:a1:a1:8e:10
rx_packets=0
rx_bytes=0
tx_packets=0
tx_bytes=0
'
Wireless event: cmd=0x8c04 len=20
ath0: STA 00:08:a1:a1:8e:10 IEEE 802.11: disassociated
Wireless event: cmd=0x8c03 len=20
ath0: STA 00:08:a1:a1:8e:10 IEEE 802.11: associated
  New STA
madwifi req WPA IE - hexdump(len=256): 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00
madwifi req RSN IE - hexdump(len=256): 12 c7 fe 00 00 00 96 02 00 00 6a 
c1 2e c0 00 00 00 00 82 02 00 00 6a c1 2e c0 0b 00 00 00 c4 8b 12 c7 00 
00 00 00 09 00 00 00 c4 8b 12 c7 00 00 00 00 00 00 00 00 00 00 00 00 00 
88 12 c7 00 00 00 00 00 00 49 00 00 88 12 c7 30 3e 8f c9 30 3e 8f c9 98 
f1 58 cf 8c 3e 8f c9 b0 3d 8f c9 00 00 00 00 8c 3e 8f c9 2c 25 18 c0 20 
00 00 00 c4 3d 8f c9 00 00 00 00 00 00 00 00 01 00 00 00 98 aa e2 c2 01 
00 00 00 70 b2 11 c5 04 00 00 00 98 3e 8f c9 9c 3e 8f c9 1c c2 4d c0 80 
b7 62 cf 00 40 00 00 00 00 00 00 bc d9 4d c0 71 ce 0a 08 00 00 00 00 51 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 88 12 c7 00 
00 00 00 09 a0 93 c8 45 eb 2e c0 00 00 00 00 00 6c ae cf 00 08 2a cc 2a 
af 2e c0 00 08 2a 0a f5 0f 00 00 92 02 00 00 7a 67 13 c0 70 d3 11 c0 00 
00 00 00 00 80
No WPA/RSN information element for station!?
Sending disassociation info to STA 00:08:a1:a1:8e:10
madwifi_sta_disassoc: addr=00:08:a1:a1:8e:10 reason_code=4
Wireless event: cmd=0x8c02 len=95
Custom wireless event: 'STA-TRAFFIC-STAT
mac=00:08:a1:a1:8e:10
rx_packets=0
rx_bytes=0
tx_packets=0
tx_bytes=0
'
Wireless event: cmd=0x8c04 len=20
ath0: STA 00:08:a1:a1:8e:10 IEEE 802.11: disassociated
Wireless event: cmd=0x8c03 len=20
ath0: STA 00:08:a1:a1:8e:10 IEEE 802.11: associated
  New STA
madwifi req WPA IE - hexdump(len=256): 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00
madwifi req RSN IE - hexdump(len=256): 12 c7 47 09 00 00 96 02 00 00 6a 
c1 2e c0 00 00 00 00 82 02 00 00 6a c1 2e c0 0b 00 00 00 c4 8b 12 c7 00 
00 00 00 09 00 00 00 c4 8b 12 c7 00 00 00 00 00 00 00 00 00 00 00 00 00 
88 12 c7 00 00 00 00 00 00 49 00 00 88 12 c7 30 3e 8f c9 30 3e 8f c9 98 
f1 58 cf 8c 3e 8f c9 b0 3d 8f c9 00 00 00 00 8c 3e 8f c9 2c 25 18 c0 60 
9f 7d c0 40 ce 7d c0 05 7f 12 c0 00 00 00 00 0a 00 00 00 46 00 00 00 01 
00 00 00 70 b2 11 c5 04 00 00 00 98 3e 8f c9 9c 3e 8f c9 1c c2 4d c0 80 
b7 62 cf 00 40 00 00 00 00 00 00 bc d9 4d c0 71 ce 0a 08 00 00 00 00 51 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 88 12 c7 00 
00 00 00 09 a0 93 c8 45 eb 2e c0 00 00 00 00 00 6c ae cf 00 08 2a cc 2a 
af 2e c0 00 08 2a 0a f5 0f 00 00 92 02 00 00 7a 67 13 c0 70 d3 11 c0 00 
00 00 00 00 80
No WPA/RSN information element for station!?
Wireless event: cmd=0x8c02 len=95
Custom wireless event: 'STA-TRAFFIC-STAT
mac=00:08:a1:a1:8e:10
rx_packets=0
rx_bytes=0
tx_packets=0
tx_bytes=0
'
Wireless event: cmd=0x8c04 len=20
ath0: STA 00:08:a1:a1:8e:10 IEEE 802.11: disassociated










In the meantime, I wrote a shell script that seems to solve the problem 
for me:
(I had trouble using the init scripts in /etc/init.d -- I am using 
Gentoo Linux)

#!/bin/bash

LOGFILE=/data/logs/accesspoint
 
date >> $LOGFILE
# This is the IP-address of the wlan card
IP=192.168.2.1
 
# loading the kernel module in access point mode
modprobe ath_pci autocreate=ap  >> $LOGFILE
 
# set up a temporary SSID
iwconfig ath0 essid markus12345 channel 9  >> $LOGFILE
 
iwpriv ath0 bintval 500         >> $LOGFILE
iwpriv ath0 mode 3              >> $LOGFILE
iwconfig ath0 channel 9         >> $LOGFILE
iwpriv ath0 turbo 0             >> $LOGFILE
 
# assign an IP-address to the wlan card
ifconfig ath0 $IP               >> $LOGFILE
 
# start the wlan device
ifconfig ath0 up                >> $LOGFILE
 
# wait for a while, so everything is ready for hostapd (I needed this)
sleep 8
 
# activate IP-forwarding in the kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
 
# activate masquerading
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE    >> $LOGFILE
 
# initialize return value with error
RET=1
 
while [ $RET -ne 0 ]
do
        # start hostapd in the background (-B)
        hostapd /etc/hostapd/hostapd.conf -B    >> $LOGFILE
 
        #wait
        sleep 5
 
        # check if hostapd is running
        ps -A|grep hostapd
        RET=$?
done
 
#start DHCP server
dhcpd   >> $LOGFILE





iwconfig says now:


lo        no wireless extensions.

eth0      no wireless extensions.

dummy0    no wireless extensions.

tunl0     no wireless extensions.

wifi0     no wireless extensions.

ath0      IEEE 802.11g  ESSID:"MARKUS"  Nickname:""
          Mode:Master  Frequency:2.452 GHz  Access Point: 00:19:E0:83:B8:48
          Bit Rate:0 kb/s   Tx-Power:18 dBm   Sensitivity=1/1
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:305B-9BB1-64D0-D6B4-9175-0BD0-FFCD-9005 [3]   
Security mode:open
          Power Management:off
          Link Quality=20/70  Signal level=-76 dBm  Noise level=-96 dBm
          Rx invalid nwid:8788  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

More information about the Hostap mailing list