WPA-PSK hostapd+madwifi-ng <--> DLink DWL-G810 interop problems

Bob Carlson rjc
Tue Apr 18 09:27:14 PDT 2006 

I know the 4-way handshake protocol, but not these specific
implementations, so take what I suggest with a grain of salt. It appears
that the WPA Information Element (IE) in the second EAPOL message is being
compared to the one sent in association request. They don't match, so the
M2 message is being discarded. The 4-way never completes, so it times out.

Background: In WPA 1 or 2, the STA associates with Open security. The
AssocReq message contains IEs that describe the desired encryption. The
4-way handshake is then used to establish a key. Once the key is
established, the connection is complete.

I have had a problem with another DWL when I tried WPA2. I don't recall the
hex IE for WPA2, so I'm not sure what you have configured here. The DWL put
AES in a WPA1 IE. Not unreasonable, but not strictly standard, I think. If
you are using AES, if you try TKIP instead, it might work.

Cheers, Bob

> -----Original Message-----
> From: hostap-bounces+bob.carlson=sigpro.com at shmoo.com [mailto:hostap-
> bounces+bob.carlson=sigpro.com at shmoo.com] On Behalf Of Duncan Gibb
> Sent: Tuesday, April 18, 2006 7:19 AM
> To: hostap at shmoo.com
> Subject: WPA-PSK hostapd+madwifi-ng <--> DLink DWL-G810 interop problems
> 
> Hi
> 
> I've built an access point using a Soekris net4801 and a Gigabyte
> GN-WP01GT (Atheros 5005GS PCI).  It's running Debian Sarge with a
> mainline-ish 2.6.16.2 Linux kernel.  I rebuilt Faidon Liambotis's .deb
> of hostapd 0.5.2 against the madwifi-ng r1497 drivers and set up a
> WPA-PSK network.
> 
> It's working fine with a laptop running a proprietary operating system,
> but I also want to add a couple of DLink DWL-G810 wifi-to-wired ethernet
> bridges (UK model rev C1 = Atheros-in-a-box) to connect some non-wifi
> devices without drilling holes in my house.
> 
> Originally, I kept getting loops of "WPA_PTK entering state PTKSTART ...
> WPA: EAPOL-Key timeout" in threes every few seconds.  I read about Bug
> 89 (broken clients drop packets with EAPOL version set to 2), but I
> couldn't find a patch to fix just that issue, and the process to
> Debianise a CVS head snapshot was not obvious enough for the time
> available (sorry), so I rebuilt 0.5.2 again with EAPOL_VERSION defined
> to 1.  Now I'm seeing this:
> 
> __
> ath0: STA 00:11:95:04:bb:c3 IEEE 802.11: associated
>   New STA
> ath0: STA 00:11:95:04:bb:c3 WPA: event 1 notification
> madwifi_del_key: addr=00:11:95:04:bb:c3 key_idx=0
> ath0: STA 00:11:95:04:bb:c3 WPA: start authentication
> WPA: 00:11:95:04:bb:c3 WPA_PTK entering state INITIALIZE
> madwifi_del_key: addr=00:11:95:04:bb:c3 key_idx=0
> ath0: STA 00:11:95:04:bb:c3 IEEE 802.1X: unauthorizing port
> madwifi_set_sta_authorized: addr=00:11:95:04:bb:c3 authorized=0
> WPA: 00:11:95:04:bb:c3 WPA_PTK_GROUP entering state IDLE
> WPA: 00:11:95:04:bb:c3 WPA_PTK entering state AUTHENTICATION
> WPA: 00:11:95:04:bb:c3 WPA_PTK entering state AUTHENTICATION2
> WPA: 00:11:95:04:bb:c3 WPA_PTK entering state INITPSK
> WPA: 00:11:95:04:bb:c3 WPA_PTK entering state PTKSTART
> ath0: STA 00:11:95:04:bb:c3 WPA: sending 1/4 msg of 4-Way Handshake
> WPA: Send EAPOL(secure=0 mic=0 ack=1 install=0 pairwise=1 ie_len=0
> gtk_len=0 keyidx=0 encr=0)
> TX EAPOL - hexdump(len=113): 00 11 95 04 bb c3 00 14 85 2e 01 9e 88 8e 01
> 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 32 68 8d 3
> 3 87 96 60 79 96 c8 5a 49 c5 56 4f 50 d3 77 3b c5 95 7b 75 7e 51 de a8 17
> af 34 9e 79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
> 0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00
> ath0: STA 00:11:95:04:bb:c3 WPA: EAPOL-Key timeout
> WPA: 00:11:95:04:bb:c3 WPA_PTK entering state PTKSTART
> ath0: STA 00:11:95:04:bb:c3 WPA: sending 1/4 msg of 4-Way Handshake
> WPA: Send EAPOL(secure=0 mic=0 ack=1 install=0 pairwise=1 ie_len=0
> gtk_len=0 keyidx=0 encr=0)
> TX EAPOL - hexdump(len=113): 00 11 95 04 bb c3 00 14 85 2e 01 9e 88 8e 01
> 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 02 32 68 8d 3
> 3 87 96 60 79 96 c8 5a 49 c5 56 4f 50 d3 77 3b c5 95 7b 75 7e 51 de a8 17
> af 34 9e 79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
> 0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00
> IEEE 802.1X: 125 bytes from 00:11:95:04:bb:c3
>    IEEE 802.1X: version=1 type=3 length=121
> ath0: STA 00:11:95:04:bb:c3 WPA: WPA IE from (Re)AssocReq did not match
> with msg 2/4
> WPA IE in AssocReq - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02
> 01 00 00 50 f2 02 01 00 00 50 f2 02
> WPA IE in msg 2/4 - hexdump(len=26): dd 16 00 50 f2 01 01 00 00 50 f2 02
> 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00
> hostapd_wpa_auth_disconnect: WPA authenticator requests disconnect: STA
> 00:11:95:04:bb:c3 reason 2
> madwifi_sta_deauth: addr=00:11:95:04:bb:c3 reason_code=2
> ath0: STA 00:11:95:04:bb:c3 IEEE 802.11: deauthenticated due to local
> deauth request
> Wireless event: cmd=0x8c04 len=20
> ath0: STA 00:11:95:04:bb:c3 IEEE 802.11: disassociated
> __
> 
> It looks to me like hostapd is expecting two extra zero bytes at the end
> of the AssocReq, which it's not getting from the DLinks.  But I don't
> know which end is wrong or what the right behaviour should be.
> 
> Since I'm new to wifi beyond using an idiot-proof GUI to hook up to an
> existing AP, I'd appreciate someone who knows more narrowing down the
> problem space for me.  I reckon it's one of:
> 
>  - bad firmware in the DLinks (v3.10, 14 Feb 2005, latest)
> 
>  - outdated or wrongly built hostapd (is there an easy way
>    to Debianise a CVS snap?)
> 
>  - compatibility issue between madwifi-ng and hostapd
> 
>  - obscure GCC problem (drivers and kernel were built with
>    3.2; hostapd was built with 3.3)
> 
> 
> Where should I look first?
> 
> 
> Cheers
> 
> 
> Duncan
> 
> 
> 
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap

More information about the Hostap mailing list