Re: security/wpa_supplicant: Reassoc on NWID change

Mon, 10 Dec 2018 06:08:52 -0800 

Hi Gregor,

I've tested your diff in recent days and in my case most often
when I change the physical location (and hence AP) I put my
laptop into suspend. I've noticed that with your diff wpa
supplicant is not abble to reassoc to the AP on resume. However
it looks to me more like wpa supplicant problem than your diff.

It ends up in infinite loop of:

1544442781.550029: iwn0: RX EAPOL from 04:bd:88:4a:11:50
1544442781.550061: RX EAPOL - hexdump(len=46): 01 00 00 05 01 01 00 05 01 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00
1544442781.550103: iwn0: Not associated - Delay processing of received EAPOL 
frame (state=COMPLETED bssid=6c:f3:7f:d6:5e:f0)
1544442786.575010: iwn0: RX EAPOL from 04:bd:88:4a:11:50
1544442786.575042: RX EAPOL - hexdump(len=46): 01 00 00 05 01 01 00 05 01 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00
1544442786.575085: iwn0: Not associated - Delay processing of received EAPOL 
frame (state=COMPLETED bssid=6c:f3:7f:d6:5e:f0)
1544442791.593955: iwn0: RX EAPOL from 04:bd:88:4a:11:50
1544442791.593986: RX EAPOL - hexdump(len=46): 01 00 00 05 01 02 00 05 01 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00
1544442791.594030: iwn0: Not associated - Delay processing of received EAPOL 
frame (state=COMPLETED bssid=6c:f3:7f:d6:5e:f0)
1544442796.618836: iwn0: RX EAPOL from 04:bd:88:4a:11:50
1544442796.618867: RX EAPOL - hexdump(len=46): 01 00 00 05 01 02 00 05 01 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00
1544442796.618910: iwn0: Not associated - Delay processing of received EAPOL 
frame (state=COMPLETED bssid=6c:f3:7f:d6:5e:f0)
1544442801.641262: iwn0: RX EAPOL from 04:bd:88:4a:11:50
1544442801.641293: RX EAPOL - hexdump(len=46): 01 00 00 05 01 02 00 05 01 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00
1544442801.641335: iwn0: Not associated - Delay processing of received EAPOL 
frame (state=COMPLETED bssid=6c:f3:7f:d6:5e:f0)
1544442806.684327: iwn0: RX EAPOL from 04:bd:88:4a:11:50
1544442806.684358: RX EAPOL - hexdump(len=46): 01 00 00 05 01 01 00 05 01 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00
1544442806.684402: iwn0: Not associated - Delay processing of received EAPOL 
frame (state=COMPLETED bssid=6c:f3:7f:d6:5e:f0)
1544442811.738381: iwn0: RX EAPOL from 04:bd:88:4a:11:50
1544442811.738412: RX EAPOL - hexdump(len=46): 01 00 00 05 01 01 00 05 01 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00

in the same time iwn0 interface shows:

        status: no network
        ieee80211: join lighthouse chan 132 bssid 04:bd:88:4a:31:50 -52dBm 
wpaprotos wpa2 wpaakms 802.1x wpaciphers ccmp wpagroupcipher ccmp

bssid is visible, however status is no network. I also should mention, that
the problem of reassociating to AP after resume works sometimes.

However, I can say I don't see any negative effects from your diff, as problem
of reassociation after resume was always there with wpa supplicant.

Regards,
 Mikolaj

On Wed, Nov 28, 2018 at 06:56:46PM +0100, Gregor Best wrote:
> Peter Hessler <phess...@theapt.org> writes:
> 
> > This looks really cool, thank you for looking at it!
> >
> > One thing that you may also need, is to may also need to reassoc when
> > the bssid changes (roaming between different APs).  Can you also test
> > that when you do your join testing?
> > [...]
> 
> Good call. That does turn out to be necessary, so I've amended my
> original patch. An updated patch is attached below my signature.
> 
> I've tested this with a two-AP 802.1x network now, but since the APs are
> more or less sitting on top of each other, I can't really move out of
> range of only one of them to test organic handover. I've emulated that
> by adding the SSID to my `iwm0`'s joinlist and manually exchanging the
> BSSID.
> 
> I'll try to see if I can squeeze in some time at my local eduroam
> network tomorrow to check out how this works in the "I got out of range
> of one AP and the kernel switched me over to another"-scenario.
> 
> --
>       Gregor
> 
> Index: patches/patch-src_drivers_driver_openbsd_c
> ===================================================================
> RCS file: 
> /home/cvs/ports/security/wpa_supplicant/patches/patch-src_drivers_driver_openbsd_c,v
> retrieving revision 1.5
> diff -u -p -r1.5 patch-src_drivers_driver_openbsd_c
> --- patches/patch-src_drivers_driver_openbsd_c        17 May 2016 08:29:27 
> -0000      1.5
> +++ patches/patch-src_drivers_driver_openbsd_c        28 Nov 2018 17:51:30 
> -0000
> @@ -2,23 +2,137 @@ $OpenBSD: patch-src_drivers_driver_openb
>  
>  Fix includes
>  
> ---- src/drivers/driver_openbsd.c.orig        Sun Sep 27 21:02:05 2015
> -+++ src/drivers/driver_openbsd.c     Mon Sep 28 09:51:53 2015
> -@@ -9,13 +9,14 @@
> +Index: src/drivers/driver_openbsd.c
> +--- src/drivers/driver_openbsd.c.orig
> ++++ src/drivers/driver_openbsd.c
> +@@ -9,19 +9,34 @@
>   #include "includes.h"
>   #include <sys/ioctl.h>
>   
>  +#include "common.h"
>  +#include "driver.h"
> ++#include "eloop.h"
>  +
> ++#include <sys/socket.h>
>   #include <net/if.h>
>  +#include <net/if_var.h>
> ++#include <net/route.h>
>   #include <net80211/ieee80211.h>
>   #include <net80211/ieee80211_crypto.h>
>   #include <net80211/ieee80211_ioctl.h>
> --
> + 
>  -#include "common.h"
>  -#include "driver.h"
> ++#define RTM_READSZ 2048
>   
>   struct openbsd_driver_data {
> -     char ifname[IFNAMSIZ + 1];
> +-    char ifname[IFNAMSIZ + 1];
> +     void *ctx;
> + 
> +-    int sock;                       /* open socket for 802.11 ioctls */
> ++    char ifname[IFNAMSIZ + 1];
> ++    int ifindex;  /* Ifindex of the configured interface */
> ++
> ++    int sock;     /* open socket for 802.11 ioctls */
> ++    int rtsock;   /* routing socket for interface state messages */
> ++
> ++    /* These fields are used to track the last seen (and associated) access 
> point
> ++       to determine whether we should kick off an association event */
> ++    int nwid_len; /* Length of last seen SSID (as per routing message) */
> ++    char nwid[IEEE80211_NWID_LEN]; /* Last seen SSID (as per routing 
> message) */
> ++    char addr[IEEE80211_ADDR_LEN]; /* Last seen BSSID (as per routing 
> message) */
> + };
> + 
> + 
> +@@ -90,6 +105,57 @@ wpa_driver_openbsd_set_key(const char *ifname, void *p
> +     return 0;
> + }
> + 
> ++static void
> ++wpa_driver_openbsd_event_receive(int sock, void *global, void *sock_ctx)
> ++{
> ++    struct openbsd_driver_data *drv = sock_ctx;
> ++    struct rt_msghdr *rtm;
> ++    struct if_ieee80211_data *ifie;
> ++    char *rtmmsg;
> ++    ssize_t n;
> ++
> ++    rtmmsg = os_zalloc(RTM_READSZ);
> ++    if (rtmmsg == NULL) {
> ++            wpa_printf(MSG_ERROR, "Can't allocate space for routing 
> message");
> ++            return;
> ++    }
> ++
> ++    do {
> ++            n = read(sock, rtmmsg, RTM_READSZ);
> ++    } while (n == -1 && errno == EINTR);
> ++
> ++    if (n == -1)
> ++            goto done;
> ++
> ++    rtm = (struct rt_msghdr *)rtmmsg;
> ++
> ++    if ((size_t)n < sizeof(rtm->rtm_msglen) ||
> ++        n < rtm->rtm_msglen ||
> ++        rtm->rtm_version != RTM_VERSION)
> ++            goto done;
> ++
> ++    if ((rtm->rtm_type != RTM_80211INFO) ||
> ++        (rtm->rtm_index != drv->ifindex))
> ++            goto done;
> ++
> ++    ifie = &((struct if_ieee80211_msghdr *)rtm)->ifim_ifie;
> ++
> ++    if ((ifie->ifie_nwid_len != drv->nwid_len) ||
> ++        (os_memcmp(drv->nwid, ifie->ifie_nwid, ifie->ifie_nwid_len) != 0) ||
> ++        (os_memcmp(drv->addr, ifie->ifie_addr, IEEE80211_ADDR_LEN) != 0)) {
> ++            os_memcpy(drv->addr, ifie->ifie_addr, IEEE80211_ADDR_LEN);
> ++
> ++            os_memcpy(drv->nwid, ifie->ifie_nwid, ifie->ifie_nwid_len);
> ++            drv->nwid_len = ifie->ifie_nwid_len;
> ++
> ++            /* Emit ASSOC event */
> ++            wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
> ++    }
> ++
> ++done:
> ++    os_free(rtmmsg);
> ++}
> ++
> + static void *
> + wpa_driver_openbsd_init(void *ctx, const char *ifname)
> + {
> +@@ -103,9 +169,21 @@ wpa_driver_openbsd_init(void *ctx, const char *ifname)
> +     if (drv->sock < 0)
> +             goto fail;
> + 
> ++    drv->rtsock = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
> ++    if (drv->rtsock < 0)
> ++            goto fail;
> ++
> +     drv->ctx = ctx;
> +     os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
> + 
> ++    drv->ifindex = if_nametoindex(drv->ifname);
> ++    if (drv->ifindex == 0) /* No interface with that name */
> ++            goto fail;
> ++
> ++    drv->nwid_len = wpa_driver_openbsd_get_ssid(drv, drv->nwid);
> ++    wpa_driver_openbsd_get_bssid(drv, drv->addr);
> ++
> ++    eloop_register_read_sock(drv->rtsock, wpa_driver_openbsd_event_receive, 
> NULL, drv);
> +     return drv;
> + 
> + fail:
> +@@ -119,7 +197,11 @@ wpa_driver_openbsd_deinit(void *priv)
> + {
> +     struct openbsd_driver_data *drv = priv;
> + 
> ++    eloop_unregister_read_sock(drv->rtsock);
> ++
> +     close(drv->sock);
> ++    close(drv->rtsock);
> ++
> +     os_free(drv);
> + }
> +

Reply via email to