group rekeying failing
michael-dev
michael-dev
Mon Jul 23 15:23:56 PDT 2012
Hi,
I'm currently facing trouble using hostapd from git (2012-07-07),
though the problem has been present for quite some time with openwrt.
The setup is a multi-ssid with wpa-psk (radius) and wpa-eap (radius)
using WPA-2 and multi-vlan. peerkey, okc and rsn_preauth are enabled,
but the problem persists even without and across psk and 802.1X. The
STAs are wpa-supplicant 0.6.10 and 0.7.3, but the problem has also been
seen with MacOS 10.6, the AP is OpenWRT von P1020WLAN with two AR9300
cards.
After authentication, all stations receive broadcast frames sent by the
AP. Then, group key renegotiation occurs, and _some_ stations are now
failing to receive broadcast frames. This then breaks IPv6 soon after,
because neighbourhood discovery does no longer work.
I've patched driver_nl80211.c to debug the broadcast key actually set
by the driver, and it differs between ap and sta during rekeying but not
during auth.
Further, I looks like the stations not failing are those, for whose BSS
hostap did not issue an set_key command during rekeying. Even though, on
the stations failing, wpa supplicant sets the same key as already set
before again, but hostap uses a different key than before. I further
seen some warnings on GKeyDoneStations>1, which I guess are related.
There are also ap and sta logs for single-sta logged-in failing
(log-sta and log-ap) and an ap log for two-stas, where only one is
failing (log-ap-2).
For size reasons, those are downloadable here:
http://pastebin.com/tCiTvBrT (log-ap)
http://pastebin.com/M1QDfwRg (log-ap-2)
http://pastebin.com/kN9GRTVw (log-sta)
Do you have any hints on what is actually failing here?
Regards,
M. Braun
More information about the Hostap
mailing list