possible bug with WEP individual keys

Leonardo Maccari maccari-thisaintpartofmyaddress- at lenst.det.unifi.it
Fri Dec 2 12:19:05 EST 2005


I'm trying to link two AP ("alpha" and "gamma", both with WEP) with a WDS
channel, selecting individual keys for each of them. Each AP runs the
following script with different (inverted) MAC and IP addresses:

#reinit everything
ifconfig wlan0 down
ifconfig wlan0wds0 down
rmmod hostap_pci && modprobe hostap_pci

echo 1 > /proc/sys/net/ipv4/ip_forward

#add wds towards gamma
iwpriv wlan0 wds_add 00:0E:6A:7A:E1:0D

iwpriv wlan0 host_encrypt 1
iwpriv wlan0 host_decrypt 1
iwpriv wlan0 bcrx_sta_key 1
iwconfig wlan0 mode master
iwconfig wlan0 essid alpha
ifconfig wlan0 192.168.10.1
iwconfig wlan0 key ffffffffff
hostap_crypt_conf -p wlan0 00:0E:6A:7A:E1:0D NULL
ifconfig wlan0wds0 192.168.4.10
route add -net 192.168.5.0 netmask 255.255.255.0 dev wlan0wds0

right after I run the script iwconfig says this: 

wlan0     IEEE 802.11b  ESSID:"alpha"
          Mode:Master  Frequency:2.422GHz  Access Point: 00:0E:6A:7A:EB:F9
          Bit Rate:11Mb/s   Sensitivity=1/3
          Retry min limit:8   RTS thr:off   Fragment thr:off
          Encryption key:FFFF-FFFF-FF   Security mode:restricted
          Power Management:off
          Link Quality:0  Signal level:0  Noise level:0
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

wlan0wds0  IEEE 802.11b  Mode:Repeater  Frequency:2.422GHz
          Access Point: 00:0E:6A:7A:E1:0D   Bit Rate:11Mb/s
Sensitivity=1/3
          Retry min limit:8   RTS thr:off   Fragment thr:off
          Encryption key:FFFF-FFFF-FF   Security mode:restricted
          Power Management:off

and:

[root at alpha ~]# hostap_crypt_conf -l wlan0
Default keys
  algorithm: WEP
  TX key idx: 1
  key 1: ff ff ff ff ff
  key 2:
  key 3:
  key 4:

Keys for 00:0e:6a:7a:e1:0d
  algorithm: NULL
  TX key idx: 1
  key 1:
  key 2:
  key 3:
  key 4:

For a couple of seconds the AP can ping each other, then both of them
deauthenticate everyone, come up again and I have this situation:

wlan0     IEEE 802.11b  ESSID:"alpha"
          Mode:Master  Frequency:2.422GHz  Access Point: 00:0E:6A:7A:EB:F9
          Bit Rate:11Mb/s   Sensitivity=1/3
          Retry min limit:8   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality:0  Signal level:0  Noise level:0
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:5  Invalid misc:83   Missed beacon:0

wlan0wds0  IEEE 802.11b  Mode:Repeater  Frequency:2.422GHz
          Access Point: 00:0E:6A:7A:E1:0D   Bit Rate:11Mb/s
Sensitivity=1/3
          Retry min limit:8   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off

[root at alpha ~]# hostap_crypt_conf -l wlan0
Default keys
  algorithm: none

Keys for 00:0e:6a:7a:e1:0d
  algorithm: NULL
  TX key idx: 1
  key 1:
  key 2:
  key 3:
  key 4:

so keys are reset and they can't ping each other anymore.

Another proof of this strange behavior I've tested is that if alpha has a
client, with ffffffffff key, I let it ping alpha, run the script, it can
ping for a couple of seconds and then, when keys are reset it can't
anymore.

they both mount:

[root at gamma hostap-utils-0.4.0]# ./hostap_diag wlan0
Host AP driver diagnostics information for 'wlan0'

NICID: id=0x8013 v1.0.0 (PRISM II (2.5) Mini-PCI (SST parallel flash))
PRIID: id=0x0015 v1.1.1
STAID: id=0x001f v1.8.4 (station firmware)

and hostap_pci: 0.4.1.

what is happening?
ciao,
leonardo.


-- 
   Key fingerprint = 3129 C583 F03B 2E73 0115  C040 3489 0185 B592 19FE
 Obviously -thisaintpartofmyaddress- is not part of my real email address 




More information about the HostAP mailing list