ODP: question about error nl80211: Frame command failed: ret=-1 (Operation not permitted)

Piotr Lobacz piotr.lobacz at softgent.com
Wed Feb 10 06:19:41 EST 2021 

Hi again,
i have verified it once again and i can now tell it with 100% that you are right about this frame command issue. That is not the problem.

The real problem is that part 4/4 for handshake is not even being called. I have switched back to wpa_supplicant 2.6 and compared the log results.

This is what i get with 2.6 version:

Feb 10 10:27:15 px30-64 wpa_supplicant[239]: WPA: 6e:95:7c:a0:99:3d WPA_PTK entering state PTKCALCNEGOTIATING2
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: WPA: 6e:95:7c:a0:99:3d WPA_PTK entering state PTKINITNEGOTIATING
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: hostapd_logger: STA 6e:95:7c:a0:99:3d - sending 3/4 msg of 4-Way Handshake
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: WPA: Send EAPOL(version=2 secure=1 mic=1 ack=1 install=1 pairwise=1 kde_len=46 keyidx=1 encr=1)
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: WPA: Replay Counter - hexdump(len=8): 00 00 00 00 00 00 00 02
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: Plaintext EAPOL-Key Key Data - hexdump(len=56): [REMOVED]
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: WPA: Use EAPOL-Key timeout of 1000 ms (retry counter 1)
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: l2_packet_receive: src=6e:95:7c:a0:99:3d len=99
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: wlan0: RX EAPOL from 6e:95:7c:a0:99:3d
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: RX EAPOL - hexdump(len=99): 02 03 00 5f 02 03 0a 00 10 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2a f6 11 ae c0 15 3e 89 65 df b8 79 51 03 22 03 00 00
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: IEEE 802.1X: 99 bytes from 6e:95:7c:a0:99:3d
Feb 10 10:27:15 px30-64 wpa_supplicant[239]:    IEEE 802.1X: version=2 type=3 length=95
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: WPA: Received EAPOL-Key from 6e:95:7c:a0:99:3d key_info=0x30a type=2 key_data_length=0
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: WPA: Received Key Nonce - hexdump(len=32): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: WPA: Received Replay Counter - hexdump(len=8): 00 00 00 00 00 00 00 02
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: hostapd_logger: STA 6e:95:7c:a0:99:3d - received EAPOL-Key frame (4/4 Pairwise)
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: WPA: 6e:95:7c:a0:99:3d WPA_PTK entering state PTKINITDONE
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: wpa_driver_nl80211_set_key: ifindex=3 (wlan0) alg=3 addr=0x3002e390 key_idx=0 set_tx=1 seq_len=0 key_len=16
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: nl80211: KEY_DATA - hexdump(len=16): [REMOVED]
Feb 10 10:27:15 px30-64 wpa_supplicant[239]:    addr=6e:95:7c:a0:99:3d
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: wlan0: P2P: Marking group formation completed on GO on first data connection
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: dbus: Station MAC address '6e:95:7c:a0:99:3d' 'StaAuthorized'
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: wlan0: AP-STA-CONNECTED 6e:95:7c:a0:99:3d
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: nl80211: Set STA flags - ifname=wlan0 addr=6e:95:7c:a0:99:3d total_flags=0x61 flags_or=0x1 flags_and=0xffffffff authorized=1
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: hostapd_logger: STA 6e:95:7c:a0:99:3d - authorizing port
Feb 10 10:27:15 px30-64 wpa_supplicant[239]: hostapd_logger: STA 6e:95:7c:a0:99:3d - pairwise key handshake completed (RSN)

And this result is for 2.9 version:

Feb 10 01:18:14 px30-64 wpa_supplicant[243]: WPA: EAPOL-Key MIC using HMAC-SHA1
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: WPA: 6e:95:7c:a0:99:3d WPA_PTK entering state PTKCALCNEGOTIATING2
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: WPA: 6e:95:7c:a0:99:3d WPA_PTK entering state PTKINITNEGOTIATING
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: hostapd_logger: STA 6e:95:7c:a0:99:3d - sending 3/4 msg of 4-Way Handshake
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: WPA: Send EAPOL(version=2 secure=1 mic=1 ack=1 install=1 pairwise=1 kde_len=50 keyidx=1 encr=1)
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: WPA: Replay Counter - hexdump(len=8): 00 00 00 00 00 00 00 02
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: Plaintext EAPOL-Key Key Data - hexdump(len=64): [REMOVED]
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: WPA: Encrypt Key Data using AES-WRAP (KEK length 16)
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: WPA: EAPOL-Key MIC using HMAC-SHA1
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: WPA: Use EAPOL-Key timeout of 1000 ms (retry counter 1)
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: nl80211: Event message available
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: nl80211: Drv Event 20 (NL80211_CMD_DEL_STATION) received for wlan0
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: nl80211: Delete station 6e:95:7c:a0:99:3d
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: wlan0: Event DISASSOC (1) received
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: wlan0: Disassociation notification
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: wlan0:  * reason 0 (UNKNOWN)
Feb 10 01:18:14 px30-64 wpa_supplicant[243]: wlan0: * address 6e:95:7c:a0:99:3d

The question is what has changed in between that prevents me from connecting?

BR
Piotr

Od: Piotr Lobacz <piotr.lobacz at softgent.com>
Wysłane: środa, 10 lutego 2021 11:10
Do: Jouni Malinen <j at w1.fi>
DW: hostap at lists.infradead.org <hostap at lists.infradead.org>
Temat: ODP: question about error nl80211: Frame command failed: ret=-1 (Operation not permitted)

Hi Jouni,
thx for your quick and very helpfull response. So if the driver handles Probe Request frame processing internally, what could possibly cause, that my mobile device is not being connected (being disconnected) to the wpa_supplicant (in AP mode)?

BR
Piotr


Od: Jouni Malinen <j at w1.fi>
Wysłane: środa, 10 lutego 2021 10:29
Do: Piotr Lobacz <piotr.lobacz at softgent.com>
DW: hostap at lists.infradead.org <hostap at lists.infradead.org>
Temat: Re: question about error nl80211: Frame command failed: ret=-1 (Operation not permitted)

On Wed, Feb 10, 2021 at 01:31:43AM +0000, Piotr Lobacz wrote:
> I am trying to use NetworkManager together with wpa_supplicant 2.9 with closed driver for rtl8192f chip. I have set a hotspot connection and the problem is that if i try to connect to it from any device i get this error from subject. I have also attached full log in here: https://pastebin.com/VyTgz0WA .

That NL80211_CMD_FRAME failure is reported for the case where
wpa_supplicant (in AP mode) is trying to send a Probe Response frame as
a response to the Probe Request frame that the driver delivered to upper
layers. However, the driver seems to refuse to transmit the response.

Taken into account that "closed driver" part, I'm not going to try to
speculate on this more than note that there are many drivers that handle
Probe Request frame processing internally and as such, I would not be
very surprised if they do not accept Probe Response frames from user
space. If the driver is indeed taking care of that functionality, I
would simply ignore this failure.

--
Jouni Malinen                                            PGP id EFC895FA
[https://softgent.com/wp-content/uploads/2020/01/Zasob-14.png]<https://www.softgent.com>

Softgent Sp. z o.o., Budowlanych 31d, 80-298 Gdansk, POLAND

KRS: 0000674406, NIP: 9581679801, REGON: 367090912

www.softgent.com

Sąd Rejonowy Gdańsk-Północ w Gdańsku, VII Wydział Gospodarczy Krajowego Rejestru Sądowego

KRS 0000674406, Kapitał zakładowy: 25 000,00 zł wpłacony w całości.

More information about the Hostap mailing list