802.11r/FT issue

Jouni Malinen j at w1.fi
Sat Oct 21 02:00:10 PDT 2017

On Wed, Oct 18, 2017 at 07:23:31PM +0000, Grewal, Ajay (GE Power) wrote:
> I’ve built the latest version of hostapd/wpa_supplicant from the master (8e5931f0c777a8abbfce9a299720f5b489b359b7) with 802.11r support. The wpa_supplicant w/EAP-TLS is unable to perform over-the-air FT between APs. It seems to ignore the FT authentication response from the target AP.

There was 689 ms between the two Authentication frames. The station
likely timed out authentication because of that.

> Noticed a set_key error in the ap2.log:
> FT: TK - hexdump(len=16): [REMOVED]
> FT: PTKName - hexdump(len=16): 84 ad 14 7b b4 bc c2 9c e5 6e 7c 81 fd bc b6 95
> wpa_driver_nl80211_set_key: ifindex=12 (wlan0) alg=3 addr=0x1bcc428 key_idx=0 set_tx=1 seq_len=0 key_len=16
> nl80211: KEY_DATA - hexdump(len=16): [REMOVED]
>    addr=00:30:1a:4e:0c:39
> nl80211: set_key failed; err=-2 No such file or directory)
> FT: Postponed auth callback result for 00:30:1a:4e:0c:39 - status 0

This one is expected with most drivers. The key will be set again after
having processed the association if this earlier attempt failed.

> Configs, logs and packet traces are attached. I’d appreciate any help in identifying the root cause.

The same configuration works for me. I'd expect that the main issue is
in that latency in getting the Authentication response back to the
station. Some of it is due to the use of wildcard R0KH/R1KH
configuration, but I'd assume something else is behind most of the 689
ms.. How do collect the debug logs from the APs? Have you tried this
with debugging disabled?

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list