Hi, thanks for your help. I wasn't sure where to find the crypto statistics, so I checked the keys instead. I'm not sure if there's an easy way to check which key is which, but there were three keys shared between the AP and STA. One was constant and received high use, so I'm assuming that was the unicast key. The other two changed periodically and received little use, so I'm assuming that one of those was the multicast key. Both of these keys appeared to stay in sync with each other after the problem began to occur, however.
A little more on my setup, I have seen this problem across many kernel versions and hostapd versions. Currently, my AP is running hostapd-7.3 and ath5k on a 3.2.1 kernel and my STA is running wpa_supplicant-7.3 and rt61pci on a 3.1.10 kernel (3.2.1 didn't have an rt2x00 patch needed to use promiscuous mode). The closet problem I can find is here: http://lists.shmoo.com/pipermail/hostap/2011-November/024771.html. The problem occurs an hour or two after connecting, and can by fixed by reassociating. However, that post refers to Eduroam, so it might not be related. Let me if there is any other useful information that I can provide. Ian On 01/22/2012 07:57 PM, Wright, Brett wrote: > Hi, > > Sounds like it could be a multicast encryption key problem. > WPA uses separate multicast and unicast encryption keys. > Stations sending to the AP just use unicast key even for multicast data > (since they can only send directly to the AP), however AP sending to > stations will use the multicast key. > I'm not sure why the multicast key is broken/out of synch, but to > confirm if this is what is happening either compare the current > multicast keys at the AP and STA to see if they differ, or check the > statistics for crypto errors. > > Brett > >> -----Original Message----- >> From: ath5k-devel-boun...@lists.ath5k.org [mailto:ath5k-devel- >> boun...@lists.ath5k.org] On Behalf Of Ian Milligan >> Sent: Monday, 23 January 2012 1:16 PM >> To: ath5k-de...@venema.h4ckr.net >> Subject: [ath5k-devel] ARP Forwarding Problem in AP Mode with WPA >> >> Hi, >> >> I have an AP with an Atheros AR5001X+ bridged with an ethernet > adapter. >> The problem is that after a certain amount of time, ARP requests > coming >> from anything but the AP (meaning from the ethernet interface or other >> stations) aren't reaching the stations. I have verified using tcpdump >> that they reach the bridge and wireless interfaces on the AP, but >> aren't >> seen by the station. This appears only to happen when WPA is enabled, >> and forwarding in the opposite direction works fine. Let me know what >> further information would help debug this problem. >> >> Ian >> _______________________________________________ >> ath5k-devel mailing list >> ath5k-devel@lists.ath5k.org >> https://lists.ath5k.org/mailman/listinfo/ath5k-devel _______________________________________________ ath5k-devel mailing list ath5k-devel@lists.ath5k.org https://lists.ath5k.org/mailman/listinfo/ath5k-devel
