wpa_supplicant 2.6 HWMP routes no traffic

Jeroen Roovers jer at airfi.aero
Tue Oct 4 22:50:14 PDT 2016


Thank you for replying.

On 4 October 2016 at 13:20, Bob Copeland <me at bobcopeland.com> wrote:
> wpa_supplicant mostly isn't involved in HWMP besides installing the
> group keys - once peering is done, the kernel handles the rest.

But which kernel? I cannot upgrade to anything more recent than 3.4
without major hardware changes.
These are semi-embedded systems and I cannot control the hardware of
those hundreds systems in the field.

> Note there were a number of issues with encrypted networks not
> correctly implementing the standard that were resolved recently.
> These will cause backwards-compatibility issues, though I'm not
> sure if they landed in 2.6.  The changes are:
>
> In wpa_supplicant:
>  - an IGTK was installed whether or not ieee80211w was selected
>  - said IGTK was also the MGTK instead of a separate key
>  - AMPE element in peering frames didn't include IGTK (if desired)
>  - AMPE element incorrectly included keys in peering close frames

I tried with ieee80211w explicitly disabled in the configuration file,
with the same result. Would it help to make more settings explicit?

> And in the kernel:
>  - self-protected management frames (HWMP) were integrity protected
>    (with that MGTK-as-IGTK) instead of encrypted with MGTK as required
>    by the standard.  This was fixed in 4.8.

So if I cannot use a 4.8 kernel, I will need to patch wpa_supplicant
to use the old (incorrect) implementation or find a kernel patch for
3.4.xxx?

> Do you have all of the devices on the same wpa_supplicant version?

Of course.


Kind regards,
     jer



More information about the Hostap mailing list