On Fri, 25 Jul 2025 at 10:12, Doug Ambrisko <ambri...@ambrisko.com> wrote:
> I assume there isn't hack to skip it in the kernel or wpa_supplicant if the > AP requires it? > No. The management frames need to be encrypted/decrypted correctly, and the broadcast management / action frames need a new IE to be added and validated. Things just "don't" work in subtle ways if you try to hack it in. All the stuff I've been cleaning up / working on has been to get enough stuff working w/ 11ac so I can now work on 802.11w/MFP. It even requires some crypto code clean-up so we handle the MFP frames correctly w/ CCMP (as there's now a couple flags we need to care about.) I'm getting there, just slowly, as it requires a bunch of refactoring and clean-up as I go along. :) -adrian -adrian > > Thanks for the quick response, > > Doug A. > > On Fri, Jul 25, 2025 at 10:07:04AM -0700, Adrian Chadd wrote: > | hi, > | > | I'm slowly working on it. It requires a lot of cleanup in net80211. > | > | -adrian > | > | On Fri, 25 Jul 2025 at 09:53, Doug Ambrisko <ambri...@ambrisko.com> > wrote: > | > | > Do we support management frame protection? I'm using iwlwifi on > -current. > | > Work now requires it so I can't connect anymore. I did some testing > | > with OpenWRT at home and when I require 802.11w Management Frame > Protection > | > then I can't connect. Linux works fine. Linux shows pmf=2 for > | > wpa_supplicant and when I set that doesn't help for FreeBSD. I'm using > | > wpa_supplicant from ports which is the same version running on Linux. > | > > | > With pmf=2 set in wpa_supplicant.conf in the debug output I see: > | > wlan0: skip RSN IE - no mgmt frame protection enabled but AP > | > requires it > | > wlan0: reject due to mismatch with WPA/WPA2 > | > > | > without I see: > | > bsd_set_key: alg=3 addr=0x23f788 key_idx=1 set_tx=0 seq_len=6 > | > key_len=16 > | > wlan0: WPA: IGTK keyid 4 pn 000000000000 > | > WPA: IGTK - hexdump(len=16): [REMOVED] > | > bsd_set_key: alg=4 addr=0x23f788 key_idx=4 set_tx=0 seq_len=6 > | > key_len=16 > | > ioctl[SIOCS80211, op=19, val=0, arg_len=64]: Invalid argument > | > wlan0: WPA: Failed to configure IGTK to the driver > | > wlan0: RSN: Failed to configure IGTK > | > > | > and then it disconnects. > | > > | > 802.11r Fast Transition in OpenWRT seems to work okay when I enable > that > | > without PMF. > | > > | > Thanks, > | > > | > Doug A. > | > > | > > >
