Station in 4 address mode, AP to station packets don't arrive
jimc at jfcarter.net
jimc at jfcarter.net
Fri Mar 31 11:36:28 PDT 2017
I put the station in 4 address mode. Expected packets arrive on the
access point, which sends replies back on the station clone
(wlan0.sta3), but none arrive on the station, only management frames.
Versions: hostapd-2.4-3.2.x86_64 from OpenSuSE "Leap" 42.1.
Kernel 4.1.38-50-default (stock kernel for 42.1).
The AP's NIC is a Ralink RT5370 (USB ID 148f:5370) (rt2800usb.ko).
There is an internal wireless NIC which is not used.
The AP system is a CompuLab fit-PC3-LP (AMD G-T40E @1.0GHz).
The station has a Qualcomm-Atheros QCA9377 (802.11-ac) Wi-fi NIC
(PCI ID 168c:0042) (driver: ath10k_pci.ko) and the kernel is
4.10.1-default from OpenSuSE "Tumbleweed". For this query it is running
NetworkManager-1.0.6-10.1.x86_64 although the same symptoms are seen
with a custom network setup script, equivalent to manual setup of
everything. wpa_supplicant command line arguments (edited):
wpa_supplicant -c wpa.conf -u -f wpa.log . The client (station) system
is an Acer Aspire E5-573G (Intel I5-5200U @2.2GHz).
My goal is to run a virtual machine on the laptop and have it bridged
onto the wired LAN (WDS) like a normal virtual machine. For testing
I am ignoring the VM, and concentrating on bridging the station.
I am using NetworkManager this time around because it's easier to boot
the machine and have a working 3 address network. I hope to use
NetworkManager in production because its GUI gives me low-hassle
agility to switch Service Sets and to turn on VPNs.
To start a test I do:
ip link set wlan0 down
iw dev wlan0 set 4addr on
ip link set wlan0 up
wpa_supplicant reconnects, taking 6 seconds, and the NetworkManager
infrastructure produces no syslog messages. (wlan0 is not in the
bridge with the VM's vnet0; that works but not with NetworkManager.)
On the AP the station bridge device, wlan0.sta3, appears and is placed
in the bridge next to AP's wlan0 itself. Other 3 address stations
continue to work. The station generates ICMP (4+6) echo requests, ARP,
Neighbor Discovery and Router Solicitation packets, all of which are seen
on its wlan0 by tcpdump. The AP's wlan0.sta3 emits those packets (and
wlan0 doesn't). The AP answers each one, plus sending multicast Router
Advertisements, all of which wlan0.sta3 gets according to tcpdump. But
none of the outgoing packets arrive on the station, neither as seen by
tcpdump nor by ping reports. (Both ends have 802.11 management frames.)
The firewall on both ends is not logging any dropped packets (except
Mirai probes and suchlike from the wild side, which are irrelevant).
When I turn off the station's firewall it doesn't help. The firewall
on the AP identifies the packets as coming from br0, or wlan0 on the
station, and in 3 address mode it accepts these packets on both ends.
I suspect I have failed to turn on something at the AP, but I can't
figure out what. Can anyone suggest a possibility?
Output of ip addr show, ip -4 route show, ip -6 route show, iw dev wlan0
info on the station:
== ip addr show (station) ("important" interfaces first)
4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 40:b8:9a:b1:9c:85 brd ff:ff:ff:ff:ff:ff
inet 192.9.200.195/26 brd 192.9.200.255 scope global dynamic wlan0
valid_lft 84441sec preferred_lft 84441sec
inet6 fe80::42b8:9aff:feb1:9c85/64 scope link
valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether fe:54:00:09:c8:c7 brd ff:ff:ff:ff:ff:ff
inet 192.9.200.195/32 brd 192.9.200.195 scope global br0
valid_lft forever preferred_lft forever
inet6 2001:470:1f05:844::c3/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::8062:45ff:fe95:a02e/64 scope link
valid_lft forever preferred_lft forever
** (Contains vnet0, in the future it will contain wlan0 also.)
5: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
link/ether fe:54:00:09:c8:c7 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe09:c8c7/64 scope link
valid_lft forever preferred_lft forever
** (In br0)
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 2c:60:0c:c7:cb:24 brd ff:ff:ff:ff:ff:ff
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
== ip -4 route show (station)
192.9.200.192/26 dev wlan0 proto kernel scope link src 192.9.200.195
192.9.200.195 dev br0 proto kernel scope link src 192.9.200.195 metric 425
192.9.200.199 dev br0 proto static scope link metric 425
== ip -6 route show (station)
2001:470:1f05:844::c3 dev br0 proto kernel metric 256 pref medium
2001:470:1f05:844::c7 dev br0 proto static metric 425 pref medium
fe80::/64 dev br0 proto kernel metric 256 pref medium
fe80::/64 dev vnet0 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
== iw dev wlan0 info (station)
nterface wlan0
ifindex 4
wdev 0x1
addr 40:b8:9a:b1:9c:85
type managed
wiphy 0
channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
== iwconfig wlan0 (station)
wlan0 IEEE 802.11 ESSID:"CouchNet"
Mode:Managed Frequency:2.462 GHz Access Point: 00:E1:80:67:84:34
Bit Rate=1 Mb/s Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:on
Link Quality=63/70 Signal level=-47 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:204 Missed beacon:0
**** Invalid misc -- could this be a clue? And the actual bitrate
seems faster than what's reported.
Ditto on the AP:
== ip addr show (AP) ("important" interfaces first)
6: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 00:01:c0:12:30:44 brd ff:ff:ff:ff:ff:ff
inet 192.9.200.193/26 brd 192.9.200.255 scope global br0
valid_lft forever preferred_lft forever
inet6 2001:470:1f05:844::3/64 scope global
valid_lft forever preferred_lft forever
inet6 2001:470:1f05:844::c1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::201:c0ff:fe12:3044/64 scope link
valid_lft forever preferred_lft forever
4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
link/ether 00:e1:80:67:84:34 brd ff:ff:ff:ff:ff:ff
27: wlan0.sta3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UNKNOWN group default qlen 1000
link/ether 00:e1:80:67:84:34 brd ff:ff:ff:ff:ff:ff
inet6 fe80::2e1:80ff:fe67:8434/64 scope link
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
link/ether 00:01:c0:12:30:44 brd ff:ff:ff:ff:ff:ff
18: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UNKNOWN group default qlen 500
link/ether fe:54:00:09:c8:d3 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe09:c8d3/64 scope link
valid_lft forever preferred_lft forever
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc tbf state UP group default qlen 1000
link/ether 00:10:60:15:85:f4 brd ff:ff:ff:ff:ff:ff
inet 47.146.45.82/19 brd 47.146.63.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::210:60ff:fe15:85f4/64 scope link
valid_lft forever preferred_lft forever
5: wlan1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:0d:f0:ac:76:c5 brd ff:ff:ff:ff:ff:ff
7: sit0 at NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default
link/sit 0.0.0.0 brd 0.0.0.0
9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 192.9.200.129 peer 192.9.200.130/32 scope global tun0
valid_lft forever preferred_lft forever
inet6 2001:470:1f05:844::4:1/112 scope global
valid_lft forever preferred_lft forever
10: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 192.9.200.145 peer 192.9.200.146/32 scope global tun1
valid_lft forever preferred_lft forever
inet6 2001:470:1f05:844::3:1/112 scope global
valid_lft forever preferred_lft forever
11: ifb0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc tbf state UNKNOWN group default qlen 32
link/ether fe:b1:13:c7:23:05 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fcb1:13ff:fec7:2305/64 scope link
valid_lft forever preferred_lft forever
12: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
link/ether de:49:9d:45:88:e1 brd ff:ff:ff:ff:ff:ff
15: he-ipv6 at NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default
link/sit 47.146.45.82 peer 72.52.104.74
inet6 2001:470:1f04:844::2/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::2f92:2d52/64 scope link
valid_lft forever preferred_lft forever
== ip -4 route show (AP)
default via 47.146.32.1 dev eth1 proto dhcp
47.146.32.0/19 dev eth1 proto kernel scope link src 47.146.45.82
192.9.200.128/28 via 192.9.200.130 dev tun0
192.9.200.130 dev tun0 proto kernel scope link src 192.9.200.129
192.9.200.144/28 via 192.9.200.146 dev tun1
192.9.200.146 dev tun1 proto kernel scope link src 192.9.200.145
192.9.200.192/26 dev br0 proto kernel scope link src 192.9.200.193
192.9.200.199 via 192.9.200.195 dev br0
224.0.0.0/24 dev br0 scope link
239.192.0.0/14 dev br0 scope link
239.255.0.0/16 dev br0 scope link
== ip -6 route show (AP) ("important" routes at top)
2001:470:1f05:844::/64 dev br0 proto kernel metric 256 pref medium
default via 2001:470:1f04:844::1 dev he-ipv6 metric 1024 pref medium
local ::1 dev lo proto kernel metric 256 pref medium
2001:470:1f04:844::2 dev he-ipv6 proto kernel metric 256 pref medium
2001:470:1f04:844::/64 dev he-ipv6 metric 1024 pref medium
2001:470:1f05:844::c7 via fe80::42b8:9aff:feb1:9c85 dev br0 metric 1024 pref medium
2001:470:1f05:844::3:0/112 dev tun1 proto kernel metric 256 pref medium
2001:470:1f05:844::4:0/112 dev tun0 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev ifb0 proto kernel metric 256 pref medium
fe80::/64 dev br0 proto kernel metric 256 pref medium
fe80::/64 dev he-ipv6 proto kernel metric 256 pref medium
fe80::/64 dev vnet0 proto kernel metric 256 pref medium
fe80::/64 dev wlan0.sta3 proto kernel metric 256 pref medium
ff02::/16 dev br0 metric 1024 pref medium
== iw dev wlan0 info (AP)
Interface wlan0
ifindex 4
wdev 0x100000001
addr 00:e1:80:67:84:34
ssid CouchNet
type AP
wiphy 1
channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
== iwconfig wlan0 (AP)
wlan0 IEEE 802.11bgn Mode:Master Tx-Power=30 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:off
== Output of brctl show br0 on the AP
br0 8000.0001c0123044 no eth0
vnet0
wlan0
wlan0.sta3
== Hostapd.conf (minus most comments):
interface=wlan0
bridge=br0
wds_sta=1 # Yes clone 4addr stations
wds_bridge=br0
driver=nl80211
ssid=CouchNet
country_code=US
ieee80211d=1
hw_mode=g # Actually 802.11n
channel=11
max_num_sta=255
preamble=1
macaddr_acl=0
deny_mac_file=/etc/hostapd.deny
auth_algs=3
ieee80211n=1
logger_syslog=-1
logger_syslog_level=2
logger_stdout=0
logger_stdout_level=2
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
wpa=3
wpa_passphrase=WouldntYouLikeToKnow
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP
rsn_pairwise=CCMP
wpa_group_rekey=86400 # This station has to reauth on group rekey
wpa_strict_rekey=0
James F. Carter Landline 310 397 3058 Mobile 424 230 4633
12134 Lawler Street, Los Angeles, CA, USA, 90066-1906
Email: jimc at jfcarter.net http://www.jfcarter.net/~jimc (q.v. for GPG key)
More information about the Hostap
mailing list