Mismatch in FT Action Frame

[Kai Scharwies]

The problem seems to be this:

When wpa_ft_action_rx() is called from handle_action() in
src/ap/ieee802_11.c the received action frame contents are as expected and
correctly parsed:
06 01 00 15 6d 84 6b f4 f8 d1 11 15 72 f3 30 26 01 00 00 0f ac 04 01 00 00
0f ac 04 01 00 00 0f ac 04 00 00 01 00 9e 95 f1 cc 83 33 c5 4f 79 40 3d 55
e6 07 25 0e 36 03 a1 b2 01 37 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 03 24 1d 99 d5 3c be cb 36 90 41 49 6d 64
c7 5f cc b1 29 85 d8 e7 8e c3 e2 ea 98 d6 23 73 ca 62 03 11 6d 65 73 68 6e
6f 64 65 6e 67 2e 61 76 69 67 6c 65

But when wpa_ft_action_rx() is called from hostapd_action_rx() in
src/ap/drv_callbacks.c the received action frame contents are missing the
frame category and is causing the mentioned "FT: Mismatch in FT Action...":
01 00 15 6d 84 6b f4 f8 d1 11 15 72 f3 30 26 01 00 00 0f ac 04 01 00 00 0f
ac 04 01 00 00 0f ac 04 00 00 01 00 9e 95 f1 cc 83 33 c5 4f 79 40 3d 55 e6
07 25 0e 36 03 a1 b2 01 37 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 03 24 1d 99 d5 3c be cb 36 90 41 49 6d 64 c7
5f cc b1 29 85 d8 e7 8e c3 e2 ea 98 d6 23 73 ca 62 03 11 6d 65 73 68 6e 6f
64 65 6e 67 2e 61 76 69 67 6c 65

What could be causing this?


2013/1/17 Kai Scharwies <kai at scharwies.de>

> Hello everybody,
>
> while experimenting with 802.11r functionality of wpa_supplicant/hostapd I
> tried roaming between to APs (configured with FT-PSK) using the command
> "ft_ds f8:d1:11:15:de:d0" in wpa_cli.
>
> In the hostapd log of one of the APs it says this:
>
> 1358436032.545729: hostapd_action_rx: FT_ACTION length 157
> 1358436032.545736: FT: Received FT Action frame (STA=15:6d:84:6b:f4:f8
> Target AP=d1:11:15:de:d0:30 Action=0)
> 1358436032.545750: FT: Mismatch in FT Action STA address:
> STA=00:15:6d:84:6b:f4 STA-Address=15:6d:84:6b:f4:f8
> 1358436032.552326: FT: RRB received packet f8:d1:11:15:de:d0 ->
> f8:d1:11:15:72:f3
>
> In my opinion either wpa_supplicant inserts the mac addresses at the wrong
> position of the action frame, or hostapd parses the received frame
> incorrectly, because you can see a "shift" in the mac adresses' output:
>
> d1:11:15:de:d0:30 should really be f8:d1:11:15:de:d0
> and
> 15:6d:84:6b:f4:f8 should really be 00:15:6d:84:6b:f4
>
> Can anyone confirm my suspicion?
>
> Best regards,
> Kai
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20130122/cdb8c06e/attachment.htm