On Fri, Jul 25, 2025 at 10:19:44AM -0700, Adrian Chadd wrote: | On Fri, 25 Jul 2025 at 10:12, Doug Ambrisko <ambri...@ambrisko.com> wrote: | | > I assume there isn't hack to skip it in the kernel or wpa_supplicant if the | > AP requires it? | > | | No. The management frames need to be encrypted/decrypted correctly, and the | broadcast management / action frames need a new IE to be added and | validated. | | Things just "don't" work in subtle ways if you try to hack it in. | | All the stuff I've been cleaning up / working on has been to get enough | stuff working w/ 11ac so I can now work on 802.11w/MFP. | It even requires some crypto code clean-up so we handle the MFP frames | correctly w/ CCMP (as there's now a couple flags we need to care about.) | | I'm getting there, just slowly, as it requires a bunch of refactoring and | clean-up as I go along. :)
I figured that would be the case. When you have something to test I can try it out. Thanks, Doug A. | > On Fri, Jul 25, 2025 at 10:07:04AM -0700, Adrian Chadd wrote: | > | hi, | > | | > | I'm slowly working on it. It requires a lot of cleanup in net80211. | > | | > | -adrian | > | | > | On Fri, 25 Jul 2025 at 09:53, Doug Ambrisko <ambri...@ambrisko.com> | > wrote: | > | | > | > Do we support management frame protection? I'm using iwlwifi on | > -current. | > | > Work now requires it so I can't connect anymore. I did some testing | > | > with OpenWRT at home and when I require 802.11w Management Frame | > Protection | > | > then I can't connect. Linux works fine. Linux shows pmf=2 for | > | > wpa_supplicant and when I set that doesn't help for FreeBSD. I'm using | > | > wpa_supplicant from ports which is the same version running on Linux. | > | > | > | > With pmf=2 set in wpa_supplicant.conf in the debug output I see: | > | > wlan0: skip RSN IE - no mgmt frame protection enabled but AP | > | > requires it | > | > wlan0: reject due to mismatch with WPA/WPA2 | > | > | > | > without I see: | > | > bsd_set_key: alg=3 addr=0x23f788 key_idx=1 set_tx=0 seq_len=6 | > | > key_len=16 | > | > wlan0: WPA: IGTK keyid 4 pn 000000000000 | > | > WPA: IGTK - hexdump(len=16): [REMOVED] | > | > bsd_set_key: alg=4 addr=0x23f788 key_idx=4 set_tx=0 seq_len=6 | > | > key_len=16 | > | > ioctl[SIOCS80211, op=19, val=0, arg_len=64]: Invalid argument | > | > wlan0: WPA: Failed to configure IGTK to the driver | > | > wlan0: RSN: Failed to configure IGTK | > | > | > | > and then it disconnects. | > | > | > | > 802.11r Fast Transition in OpenWRT seems to work okay when I enable | > that | > | > without PMF. | > | > | > | > Thanks, | > | > | > | > Doug A. | > | > | > | > | > | >
