On Mon, Jan 05, 2026 at 02:32:52PM +0100, Stefan Sperling wrote:
> On Thu, Jan 01, 2026 at 05:44:23PM +0100, Stefan Sperling wrote:
> > On Thu, Jan 01, 2026 at 04:03:54PM +0000, Vitaliy Makkoveev wrote:
> > > On Thu, Jan 01, 2026 at 10:43:21AM +0100, Stefan Sperling wrote:
> > > > My best guess is that this AP is buggy and does not like the
> > > > PFM-capabale bit being set in our assoc request.
> > > >
> > > > Does this patch help?
> > > >
> > >
> > > Yes, this fixed wifi on both machines. Thanks!
> >
> > Good. I'm glad that we've found out where the problem is.
> >
> > The code path we are touching here is also used to generate beacons
> > in hostap mode. So I will need to figure out a way to make this change
> > without breaking the use of PMF in hostap mode.
> > None of our drivers combine PMF and hostap right now, but the stack
> > should not prevent hostap and PMF from working together.
> >
> > I will try to take a closer look at this next week. Currently in
> > vacation mode.
>
> I am going to commit this:
>
Works for me. Thanks.
> M sys/net80211/ieee80211_output.c | 15+ 2-
>
> 1 file changed, 15 insertions(+), 2 deletions(-)
>
> commit - 32dd3676ace5111f40a82f0365663c9854d1d8ac
> commit + 8c18b9cd547490538f81e304fa40e1954ae0a5f1
> blob - eda5b7fe673517d2c260850131f5ee732501b3ef
> blob + fc176fc708d69d0f3add4b691f321b3f2971b8ea
> --- sys/net80211/ieee80211_output.c
> +++ sys/net80211/ieee80211_output.c
> @@ -1049,6 +1049,7 @@ ieee80211_add_rsn_body(u_int8_t *frm, struct ieee80211
> const u_int8_t *oui = wpa ? MICROSOFT_OUI : IEEE80211_OUI;
> u_int8_t *pcount;
> u_int16_t count, rsncaps;
> + int pmf = 0;
>
> /* write Version field */
> LE_WRITE_2(frm, 1); frm += 2;
> @@ -1123,10 +1124,22 @@ ieee80211_add_rsn_body(u_int8_t *frm, struct ieee80211
> if (wpa)
> return frm;
>
> + if (ic->ic_caps & IEEE80211_C_MFP) {
> + /*
> + * When acting as client station, only announce PMF support
> + * to access points which support PMF. There are access points
> + * out there which do not support PMF and won't even initiate
> + * the 4-way handshake with us if the PMF-capable bit is set.
> + */
> + if (ic->ic_opmode != IEEE80211_M_STA ||
> + (ni->ni_rsncaps & IEEE80211_RSNCAP_MFPC))
> + pmf = 1;
> + }
> +
> /* write RSN Capabilities field */
> rsncaps = (ni->ni_rsncaps & (IEEE80211_RSNCAP_PTKSA_RCNT_MASK |
> IEEE80211_RSNCAP_GTKSA_RCNT_MASK));
> - if (ic->ic_caps & IEEE80211_C_MFP) {
> + if (pmf) {
> rsncaps |= IEEE80211_RSNCAP_MFPC;
> if (ic->ic_flags & IEEE80211_F_MFPR)
> rsncaps |= IEEE80211_RSNCAP_MFPR;
> @@ -1143,7 +1156,7 @@ ieee80211_add_rsn_body(u_int8_t *frm, struct ieee80211
> frm += IEEE80211_PMKID_LEN;
> }
>
> - if (!(ic->ic_caps & IEEE80211_C_MFP))
> + if (!pmf)
> return frm;
>
> if ((ni->ni_flags & IEEE80211_NODE_PMKID) == 0) {
>
