FT-EAP hostapd - AP to AP packets lost
Mikael Kanstrup
mikael.kanstrup at sonymobile.com
Thu May 4 01:26:10 PDT 2017
Hi Jouni and all,
I am trying to setup FT-EAP with hostapd but struggle to have AP to AP
communication working. RRB packets are not received properly without
patching hostapd sources.
The setup is using two D-Link DWA-160 adapters (rt2800usb driver) each
on a separate instance of hostapd. The wireless interfaces are bridged
using the 'bridge' hostapd configuration option. I'm using Ubuntu 16.04
with HWE stack (kernel 4.8.0-41-generic).
Up until yesterday I was running with the "old" FT RRB protocol (hostapd
version from git 87ad672) and today I just tried with Michael's FT
improvement patches applied (942b52a) and the cause of problems seems
the be the same.
I can successfully connect to either AP but roaming is not working.
Using Wireshark to trace both the bridge interface and each wireless
interface I can see the RRB packets (for PMK R1 pull request) being sent
but for some reason not received properly. Not by any of the AP instances.
If I apply the following patch (to receive all ethernet frames) I can
connect and roam back and forth between the two APs with the old RRB
protocol:
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 9bd07c8..5ff6c63 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -633,6 +633,9 @@ static void hostapd_rrb_receive(void *ctx, const u8
*src_addr, const u8 *buf,
if (len < sizeof(*ethhdr))
return;
ethhdr = (struct l2_ethhdr *) buf;
+ if (be_to_host16(ethhdr->h_proto) != ETH_P_RRB) {
+ return;
+ }
wpa_printf(MSG_DEBUG, "FT: RRB received packet " MACSTR " -> "
MACSTR, MAC2STR(ethhdr->h_source),
MAC2STR(ethhdr->h_dest));
if (!is_multicast_ether_addr(ethhdr->h_dest) &&
@@ -715,7 +718,7 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
hapd->l2 = l2_packet_init(hapd->conf->bridge[0] ?
hapd->conf->bridge :
- hapd->conf->iface, NULL, ETH_P_RRB,
+ hapd->conf->iface, NULL, ETH_P_ALL,
hostapd_rrb_receive, hapd, 1);
if (hapd->l2 == NULL &&
(hapd->driver == NULL ||
For hostapd with new RRB protocol the hostapd_rrb_oui_receive handler is
not called until I change to ETH_P_ALL (in eth_p_oui_register).
Any clue why packets are received only when listening to all ethernet
frames?
My config files provided below for reference
old FT hostapd.conf used on both APs:
driver=nl80211
ssid=Kanstrup-FT-EAP
channel=1
ieee80211n=1
ht_capab=[SHORT-GI-20]
hw_mode=g
ctrl_interface=/var/run/hostapd
ctrl_interface_group=adm
eap_server=1
eap_user_file=peap-mschapv2.eap_user
eap_reauth_period=600
wpa=2
wpa_pairwise=CCMP
ieee8021x=1
server_cert=server.pem
private_key=server.key
bridge=br0
wpa_key_mgmt=FT-EAP
mobility_domain=0102
ft_over_ds=1
r1_key_holder=9cd643e7bb68
nas_identifier=ft-eap-9cd643e7bb68
r0kh=9c:d6:43:e7:bb:68 ft-eap-9cd643e7bb68 f8840e8cd41fb3653bd88f64c203349f
r1kh=9c:d6:43:e7:bb:68 9c:d6:43:e7:bb:68 f8840e8cd41fb3653bd88f64c203349f
r1kh=9c:d6:43:e7:bb:a4 9c:d6:43:e7:bb:a4 f8840e8cd41fb3653bd88f64c203349f
new FT hostapd.conf used on both APs:
driver=nl80211
ssid=Kanstrup-FT-EAP
channel=1
ieee80211n=1
ht_capab=[SHORT-GI-20]
hw_mode=g
#require_ht=1
ignore_broadcast_ssid=0
ctrl_interface=/var/run/hostapd
ctrl_interface_group=adm
eap_server=1
eap_user_file=peap-mschapv2.eap_user
eap_reauth_period=600
wpa=2
wpa_pairwise=CCMP
ieee8021x=1
server_cert=server.pem
private_key=server.key
bridge=br0
wpa_key_mgmt=FT-EAP
mobility_domain=0102
ft_over_ds=1
nas_identifier=kanstrup.test.test
r0kh=ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff
r1kh=00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff
Best Regards
Mikael Kanstrup
More information about the Hostap
mailing list