problem with 802.11r

Marcin Marzec etagh
Thu Sep 10 05:12:53 PDT 2009 

Hi,

Im trying to set up network with 802.11r functionality, but have some
problems.
I'm using linux kernel 2.6.31-rc6, atheros WLAN cards on APs and client.
Hostapd + wpa_supplicant on newest 0.7 snapshots.

My problem is that when i'm trying to make transition from one AP to another
with ft_ds command, client drops connection, and then trying to associate to
any AP with no result.
I think that it could be problem with passing PMK-R1 betwean AP.

I will appreciate if someone could help me, and tell me what can be wrong.
Below is my configs, and logs.

Regards,
Marcin


Here is my AP config:

##### hostapd configuration file
##############################################
interface=wlan0
bridge=br0
driver=nl80211
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=1
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=m-wpa2-pskr
hw_mode=g
channel=4
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=2347
fragm_threshold=2346
auth_algs=3
ignore_broadcast_ssid=0
own_ip_addr=127.0.0.1
nas_identifier=ap2.example.com
wpa=2
wpa_passphrase=testtest
wpa_key_mgmt=FT-PSK
rsn_pairwise=CCMP
##### IEEE 802.11r configuration
##############################################
mobility_domain=a1b2
r0_key_lifetime=10000
r1_key_holder=0019e06df9a6
reassociation_deadline=1000
r0kh=00:1d:0f:b4:a9:15 ap1.example.com 000102030405060708090a0b0c0d0e0f
r0kh=00:19:e0:6d:f9:a6 ap2.example.com 00112233445566778899aabbccddeeff
r1kh=00:1d:0f:b4:a9:15 00:1d:0f:b4:a9:15 000102030405060708090a0b0c0d0e0f
r1kh=00:19:e0:6d:f9:a6 00:19:e0:6d:f9:a6 00112233445566778899aabbccddeeff
pmk_r1_push=1

second AP config is similar
wpa_suplicant config:

ctrl_interface=/var/run/wpa_supplicant
update_config=1
eapol_version=1
ap_scan=1
network={
 ssid="m-wpa2-pskr"
 scan_ssid=1
 key_mgmt=FT-PSK
 proto=WPA2
 pairwise=CCMP
 group=CCMP
 psk="testtest"
}


And the logs on hostapd:

-after connecting client to first AP:

authentication: STA=00:c0:a8:e6:c8:ae auth_alg=0 auth_transaction=1
status_code=0 wep=0
wlan0: STA 00:c0:a8:e6:c8:ae IEEE 802.11: authentication OK (open system)
wlan0: STA 00:c0:a8:e6:c8:ae MLME:
MLME-AUTHENTICATE.indication(00:c0:a8:e6:c8:ae, OPEN_SYSTEM)
wlan0: STA 00:c0:a8:e6:c8:ae MLME:
MLME-DELETEKEYS.request(00:c0:a8:e6:c8:ae)
authentication reply: STA=00:c0:a8:e6:c8:ae auth_alg=0 auth_transaction=2
resp=0 (IE len=0)

wlan0: STA 00:c0:a8:e6:c8:ae IEEE 802.11: authenticated
MGMT
mgmt::assoc_req
association request: STA=00:c0:a8:e6:c8:ae capab_info=0x431
listen_interval=1
  new AID 1
wlan0: STA 00:c0:a8:e6:c8:ae IEEE 802.11: association OK (aid 1)
FT: MIC data - hexdump(len=167): 00 c0 a8 e6 c8 ae 00 19 e0 6d f9 a6 06 30
26 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 04 00 00 01 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 03 a1 b2 01 37 6b 00 03 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 01 06 00 19 e0 6d f9 a6 03 0f 61 70 32 2e 65 78 61 6d 70 6c 65 2e
63 6f 6d
MGMT (TX callback) ACK
mgmt::auth cb
wlan0: STA 00:c0:a8:e6:c8:ae IEEE 802.11: authenticated
MGMT (TX callback) ACK
mgmt::assoc_resp cb
wlan0: STA 00:c0:a8:e6:c8:ae IEEE 802.11: associated (aid 1)
wlan0: STA 00:c0:a8:e6:c8:ae MLME:
MLME-ASSOCIATE.indication(00:c0:a8:e6:c8:ae)
wlan0: STA 00:c0:a8:e6:c8:ae MLME:
MLME-DELETEKEYS.request(00:c0:a8:e6:c8:ae)
nl_set_encr: ifindex=4 alg=0 addr=0x809cc60 key_idx=0 set_tx=1 seq_len=0
key_len=0
   addr=00:c0:a8:e6:c8:ae
wlan0: STA 00:c0:a8:e6:c8:ae WPA: event 1 notification
nl_set_encr: ifindex=4 alg=0 addr=0x809cc60 key_idx=0 set_tx=1 seq_len=0
key_len=0
   addr=00:c0:a8:e6:c8:ae
wlan0: STA 00:c0:a8:e6:c8:ae WPA: start authentication
WPA: 00:c0:a8:e6:c8:ae WPA_PTK entering state INITIALIZE
nl_set_encr: ifindex=4 alg=0 addr=0x809cc60 key_idx=0 set_tx=1 seq_len=0
key_len=0
   addr=00:c0:a8:e6:c8:ae
wlan0: STA 00:c0:a8:e6:c8:ae IEEE 802.1X: unauthorizing port
WPA: 00:c0:a8:e6:c8:ae WPA_PTK_GROUP entering state IDLE
WPA: 00:c0:a8:e6:c8:ae WPA_PTK entering state AUTHENTICATION
WPA: 00:c0:a8:e6:c8:ae WPA_PTK entering state AUTHENTICATION2
WPA: 00:c0:a8:e6:c8:ae WPA_PTK entering state INITPSK
WPA: 00:c0:a8:e6:c8:ae WPA_PTK entering state PTKSTART
wlan0: STA 00:c0:a8:e6:c8:ae WPA: sending 1/4 msg of 4-Way Handshake
WPA: Send EAPOL(version=3 secure=0 mic=0 ack=1 install=0 pairwise=8
kde_len=0 keyidx=0 encr=0)
IEEE 802.1X: 00:c0:a8:e6:c8:ae TX status - version=2 type=3 length=95 -
ack=1
IEEE 802.1X: 121 bytes from 00:c0:a8:e6:c8:ae
   IEEE 802.1X: version=1 type=3 length=117
wlan0: STA 00:c0:a8:e6:c8:ae WPA: received EAPOL-Key frame (2/4 Pairwise)
WPA: 00:c0:a8:e6:c8:ae WPA_PTK entering state PTKCALCNEGOTIATING
FT: PMK-R0 - hexdump(len=32): [REMOVED]
FT: PMKR0Name - hexdump(len=16): ff 75 fc 9c 18 13 7a 93 73 bd f8 f3 8b e9
5c 5d
FT: PMK-R1 - hexdump(len=32): [REMOVED]
FT: PMKR1Name - hexdump(len=16): 29 3c 53 b8 1f d8 8e 06 31 9e 86 47 f2 56
86 12
FT: PTK - hexdump(len=48): [REMOVED]
FT: PTKName - hexdump(len=16): c3 30 0b 1c 33 aa 3e f8 19 21 5e 57 f7 f8 08
ff
WPA: 00:c0:a8:e6:c8:ae WPA_PTK entering state PTKCALCNEGOTIATING2
WPA: 00:c0:a8:e6:c8:ae WPA_PTK entering state PTKINITNEGOTIATING
wlan0: STA 00:c0:a8:e6:c8:ae WPA: sending 3/4 msg of 4-Way Handshake
WPA: Send EAPOL(version=3 secure=1 mic=1 ack=1 install=1 pairwise=8
kde_len=51 keyidx=1 encr=1)
Plaintext EAPOL-Key Key Data - hexdump(len=64): [REMOVED]
IEEE 802.1X: 00:c0:a8:e6:c8:ae TX status - version=2 type=3 length=159 -
ack=1
IEEE 802.1X: 99 bytes from 00:c0:a8:e6:c8:ae
   IEEE 802.1X: version=1 type=3 length=95
wlan0: STA 00:c0:a8:e6:c8:ae WPA: received EAPOL-Key frame (4/4 Pairwise)
WPA: 00:c0:a8:e6:c8:ae WPA_PTK entering state PTKINITDONE
nl_set_encr: ifindex=4 alg=3 addr=0x809cc60 key_idx=0 set_tx=1 seq_len=0
key_len=16
   addr=00:c0:a8:e6:c8:ae
wlan0: STA 00:c0:a8:e6:c8:ae IEEE 802.1X: authorizing port
wlan0: STA 00:c0:a8:e6:c8:ae RADIUS: starting accounting session
4AA7B95E-00000000
wlan0: STA 00:c0:a8:e6:c8:ae WPA: pairwise key handshake completed (RSN)
FT: Deriving and pushing PMK-R1 keys to R1KHs for STA 00:c0:a8:e6:c8:ae
FT: R1KH-ID 00:19:e0:6d:f9:a6
FT: PMK-R1 - hexdump(len=32): [REMOVED]
FT: PMKR1Name - hexdump(len=16): 29 3c 53 b8 1f d8 8e 06 31 9e 86 47 f2 56
86 12
FT: R1KH-ID 00:1d:0f:b4:a9:15
FT: PMK-R1 - hexdump(len=32): [REMOVED]
FT: PMKR1Name - hexdump(len=16): be 4e fe a4 88 7f e1 cb 2d 28 eb 74 a8 aa
4e 6c

after that connection is ok.

-and after initiating transition,on second AP:

authentication: STA=00:c0:a8:e6:c8:ae auth_alg=2 auth_transaction=1
status_code=0 wep=0
  New STA
FT: Received authentication frame: STA=00:c0:a8:e6:c8:ae
BSSID=00:1d:0f:b4:a9:15 transaction=1
FT: Received authentication frame IEs - hexdump(len=146): 30 26 01 00 00 0f
ac 04 01 00 00 0f ac 04 01 00 00 0f ac 04 00 00 01 00 ff 75 fc 9c 18 13 7a
93 73 bd f8 f3 8b e9 5c 5d 36 03 a1 b2 00 37 63 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 99 64 8a eb a5 f7 c6 14 d5
60 07 1b 05 fe 0b 52 2a 3f 8a 4a 08 fa ad 30 8a 5a 5a 3d 43 68 6b 01 03 0f
61 70 32 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d
FT: STA R0KH-ID - hexdump(len=15): 61 70 32 2e 65 78 61 6d 70 6c 65 2e 63 6f
6d
FT: Requested PMKR0Name - hexdump(len=16): ff 75 fc 9c 18 13 7a 93 73 bd f8
f3 8b e9 5c 5d
FT: Derived requested PMKR1Name - hexdump(len=16): be 4e fe a4 88 7f e1 cb
2d 28 eb 74 a8 aa 4e 6c
FT: Send PMK-R1 pull request to remote R0KH address 00:19:e0:6d:f9:a6
FT: FT authentication response: dst=00:c0:a8:e6:c8:ae auth_transaction=2
status=53
FT: Response IEs - hexdump(len=0): [NULL]
authentication reply: STA=00:c0:a8:e6:c8:ae auth_alg=2 auth_transaction=2
resp=53 (IE len=0)

after that the same is repeating couple times.

-and after initiating transition,on first AP:

authentication: STA=00:c0:a8:e6:c8:ae auth_alg=2 auth_transaction=1
status_code=0 wep=0
FT: Received authentication frame: STA=00:c0:a8:e6:c8:ae
BSSID=00:19:e0:6d:f9:a6 transaction=1
FT: Received authentication frame IEs - hexdump(len=146): 30 26 01 00 00 0f
ac 04 01 00 00 0f ac 04 01 00 00 0f ac 04 00 00 01 00 ff 75 fc 9c 18 13 7a
93 73 bd f8 f3 8b e9 5c 5d 36 03 a1 b2 00 37 63 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 25 bc c7 47 25 13 83 fa d8
ac f4 1c 6a 9d db ae 68 b9 43 9e ef a5 a0 f1 fa 71 32 88 89 b0 7b c2 03 0f
61 70 32 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d
FT: STA R0KH-ID - hexdump(len=15): 61 70 32 2e 65 78 61 6d 70 6c 65 2e 63 6f
6d
FT: Requested PMKR0Name - hexdump(len=16): ff 75 fc 9c 18 13 7a 93 73 bd f8
f3 8b e9 5c 5d
FT: Derived requested PMKR1Name - hexdump(len=16): 29 3c 53 b8 1f d8 8e 06
31 9e 86 47 f2 56 86 12
FT: Selected PMK-R1 - hexdump(len=32): [REMOVED]
FT: Received SNonce - hexdump(len=32): 25 bc c7 47 25 13 83 fa d8 ac f4 1c
6a 9d db ae 68 b9 43 9e ef a5 a0 f1 fa 71 32 88 89 b0 7b c2
FT: Generated ANonce - hexdump(len=32): 90 39 d6 12 8f a6 d4 c0 07 e5 7d 42
4c 61 d2 33 64 24 cc 15 80 18 ee 9a bd a0 22 b1 13 4f 0e 61
FT: PTK - hexdump(len=48): [REMOVED]
FT: PTKName - hexdump(len=16): 71 4a 70 48 19 68 85 42 85 c8 fb b9 35 0f 24
18
nl_set_encr: ifindex=4 alg=3 addr=0x809cc60 key_idx=0 set_tx=1 seq_len=0
key_len=16
   addr=00:c0:a8:e6:c8:ae
FT: FT authentication response: dst=00:c0:a8:e6:c8:ae auth_transaction=2
status=0
FT: Response IEs - hexdump(len=154): 30 26 01 00 00 0f ac 04 01 00 00 0f ac
04 01 00 00 0f ac 04 00 00 01 00 ff 75 fc 9c 18 13 7a 93 73 bd f8 f3 8b e9
5c 5d 36 03 a1 b2 01 37 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 90 39 d6 12 8f a6 d4 c0 07 e5 7d 42 4c 61 d2 33 64 24 cc 15 80 18 ee
9a bd a0 22 b1 13 4f 0e 61 25 bc c7 47 25 13 83 fa d8 ac f4 1c 6a 9d db ae
68 b9 43 9e ef a5 a0 f1 fa 71 32 88 89 b0 7b c2 01 06 00 19 e0 6d f9 a6 03
0f 61 70 32 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d
authentication reply: STA=00:c0:a8:e6:c8:ae auth_alg=2 auth_transaction=2
resp=0 (IE len=154)
wlan0: STA 00:c0:a8:e6:c8:ae IEEE 802.11: authentication OK (FT)
wlan0: STA 00:c0:a8:e6:c8:ae MLME:
MLME-AUTHENTICATE.indication(00:c0:a8:e6:c8:ae, FT)


after that the same is repeating couple times.

More information about the Hostap mailing list