From chenifang at giga.net.tw Tue Feb 1 03:10:01 2005 From: chenifang at giga.net.tw (joseph_chen) Date: Tue, 1 Feb 2005 16:10:01 +0800 Subject: Madwifi along with WPA-PSK References: <004701c5077a$d27f74a0$2b0da8c0@josephifang> <1107207625.7832.53.camel@desktop.cunninghams> <002201c507fa$0dddb820$2b0da8c0@josephifang> <1107225525.28285.3.camel@desktop.cunninghams> Message-ID: <011801c50835$6d8419f0$2b0da8c0@josephifang> Hi: I read your replay again, and I found ..... Maybe you misunderstand my problem, or I make the wrong statement about it :-) Actually, I want to know one thing, based on your description, whether you can successfully use your WG511T with hostapd to act as AP (authenticator). And then you can use another wlan card (a supplicant) to connect the AP that you just set up using WPA-PSK. DLink604T is not required in this dicussion. joseph ----- Original Message ----- From: "Nigel Cunningham" To: "joseph_chen" Cc: Sent: Tuesday, February 01, 2005 10:38 AM Subject: Re: Madwifi along with WPA-PSK > Hi. > > I only know about using it under pure Linux, I'm afraid. Can't help you > with a windows client. > > Regards, > > Nigel > > On Tue, 2005-02-01 at 12:04, joseph_chen wrote: > > at first , than you for your response! > > I just wonder whether I have to use wpa_supplicant to be the supplicant. > > if the supplicant is windows client, is it still OK about WPA-PSK? > > > > > > Joseph > > > > ----- Original Message ----- > > From: "Nigel Cunningham" > > To: "joseph_chen" > > Cc: > > Sent: Tuesday, February 01, 2005 5:40 AM > > Subject: Re: Madwifi along with WPA-PSK > > > > > > > Hi. > > > > > > Yes. You need to get the wpa_supplicant, but it is possible: > > > > > > /sbin/ifconfig ath0 up > > > /sbin/iwconfig ath0 channel 1 > > > /usr/bin/wpa_supplicant -c/etc/wpa_supplicant.conf -Dmadwifi -iath0 -B > > > > > > Does it for me (with the appropriate things in the conf). I had less > > > success trying with channel != 1. > > > > > > Netgear WG511T talking to DLink604T. > > > > > > Regards, > > > > > > Nigel > > > > > > On Mon, 2005-01-31 at 20:54, joseph_chen wrote: > > > > Hi ~ hotstapd guy > > > > > > > > Has anyone successfully test Madwifi with hostapd to act an as > > > > authenticator ? Is WPA-PSK workable ? > > > > > > > > > > > > Joseph > > > > > > > > > > > > > > > > ______________________________________________________________________ > > > > _______________________________________________ > > > > HostAP mailing list > > > > HostAP at shmoo.com > > > > http://lists.shmoo.com/mailman/listinfo/hostap > > > -- > > > Nigel Cunningham > > > Software Engineer, Canberra, Australia > > > http://www.cyclades.com > > > > > > Ph: +61 (2) 6292 8028 Mob: +61 (417) 100 574 > > > > -- > Nigel Cunningham > Software Engineer, Canberra, Australia > http://www.cyclades.com > > Ph: +61 (2) 6292 8028 Mob: +61 (417) 100 574 > From f.masini at aliceposta.it Tue Feb 1 07:44:47 2005 From: f.masini at aliceposta.it (Masini Filippo) Date: Tue, 01 Feb 2005 13:44:47 +0100 Subject: why wifi0 "TX packets:0" ? Message-ID: <41FF79BF.20003@aliceposta.it> My situation: Laptop Compaq Presario 900EA Athlon XP 1500 Linux Suse 9.2 Pro Pcmcia DWL-650 rev.P The firmware is good downloaded in the card the two led are on, and the card find the accesspoint by the command :~# iwlist wlan0 scan but it not comunicate with him I can see in "ifconfig -a" output that my card not transmit any packet beacuse wlan0 TX > 0 but wifi0 Tx = 0, but the card receive every packet i can still go in monitor mode, but i can't transmit packets. These are my logs, can you help me? homer:~/Desktop/hostap-driver-0.2.6 # iwconfig lo no wireless extensions. eth0 no wireless extensions. sit0 no wireless extensions. wifi0 no wireless extensions. wlan0 IEEE 802.11b ESSID:"Spartacus" Nickname:"homer" Mode:Managed Frequency:2.422GHz Access Point: 00:0D:88:1F:0A:38 Bit Rate:11Mb/s Sensitivity=1/3 Retry min limit:8 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality:50/70 Signal level:-40 dBm Noise level:-90 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 homer:~/Desktop/hostap-driver-0.2.6 # ifconfig -a wifi0 Link encap:UNSPEC HWaddr 00-0D-88-4C-0E-7D-00-00-00-00-00-00-00-00-00-00 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:1402 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:500994 (489.2 Kb) TX bytes:0 (0.0 b) Interrupt:10 Base address:0x880 wlan0 Link encap:Ethernet HWaddr 00:0D:88:4C:0E:7D inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::20d:88ff:fe4c:e7d/64 Scope:Link UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1402 errors:0 dropped:0 overruns:0 frame:0 TX packets:40 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:475758 (464.6 Kb) TX bytes:17404 (16.9 Kb) Interrupt:10 Base address:0x880 homer:~ # cardctl ident Socket 0: product info: "D-Link", "DWL-650 Wireless PC Card RevP", "ISL37101P-10", "A3" manfid: 0x000b, 0x7110 function: 6 (network) homer:~ # cardctl status Socket 0: 5V 16-bit PC Card function 0: [ready] homer:~ # dmesg .... wifi0: NIC: id=0x801d v1.0.0 wifi0: PRI: id=0x15 v1.1.2 wifi0: STA: id=0x1f v1.8.3 wifi0: LinkStatus=1 (Connected) wifi0: LinkStatus: BSSID=00:0d:88:1f:0a:38 wlan0: no IPv6 routers present homer:~ # hostap_diag wlan0 Host AP driver diagnostics information for 'wlan0' NICID: id=0x801d v1.0.0 (PRISM III PCMCIA (AT24C08 compatible small serial flash)) PRIID: id=0x0015 v1.1.2 STAID: id=0x001f v1.8.3 (station firmware) homer:~ # hostap_fw_load wlan0 Downloading primary firmware /etc/dwl_firmware/pm010102.hex srec summary for pm010102.hex Included file name: PM010102.HEX Component: 0x0015 1.1.2 (primary firmware) Verifying update compatibility and combining data: Plugging PDR 0400 (NIC configuration): ram16=1 pci=0 (03 00) OK. Downloading to volatile memory (RAM). OK. srec summary for pm010102.hex Included file name: PM010102.HEX Component: 0x0015 1.1.2 (primary firmware) ioctl[PRISM2_IOCTL_HOSTAPD]: No data available STAID not available (maybe running PRI-only) ioctl[PRISM2_IOCTL_HOSTAPD]: No data available ioctl[PRISM2_IOCTL_HOSTAPD]: No data available Verifying update compatibility and combining data: Plug record length mismatch (PDR=0x0001): 6 != 16 ==> extend from default OK. Downloading to volatile memory (RAM). OK. Downloading secondary (station) firmware /etc/dwl_firmware/rf010803.hex srec summary for rf010803.hex Component: 0x001f 1.8.3 (station firmware) ioctl[PRISM2_IOCTL_HOSTAPD]: No data available STAID not available (maybe running PRI-only) ioctl[PRISM2_IOCTL_HOSTAPD]: No data available ioctl[PRISM2_IOCTL_HOSTAPD]: No data available Verifying update compatibility and combining data: Could not find data position for plugging PDR 0x0413 at 0x0000118a (len=2) PDR 0x0413 is not in wlan card PDA and there is no default data. Ignoring plug record. OK. Downloading to volatile memory (RAM). OK. Components after download: NICID: 0x801d v1.0.0 PRIID: 0x0015 v1.1.2 STAID: 0x001f v1.8.3 Card is ready with both PRI and STA firmware images From dhskhoo at yahoo.com Tue Feb 1 14:30:39 2005 From: dhskhoo at yahoo.com (dennis khoo) Date: Tue, 1 Feb 2005 11:30:39 -0800 (PST) Subject: "iwlist wlan0 ap" working? Message-ID: <20050201193039.58941.qmail@web30804.mail.mud.yahoo.com> Hi all, Does "iwlist wlan0 ap"(from wireless_tools 28) work on hostap 0.2.6 with prism 1.7.4 firmware? I tested it under master mode without WEP or WPA, just the default "test" ESSID and got "No Peers/Access-Point in range". I've tried "iwlist wlan0 scanning" and that works when wlan0 is in managed mode. I just want to be able to scan a list of APs while running in master mode without having to resort to managed mode to scan if I can help it. Any insights or help is deeply apreciated. thanks in advance dennis __________________________________ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250 From gorakha at fastmail.fm Tue Feb 1 15:36:52 2005 From: gorakha at fastmail.fm (name) Date: Tue, 01 Feb 2005 21:36:52 +0100 Subject: Error during hostapd compilation. Message-ID: <41FFE864.7070806@fastmail.fm> Hi, I am getting following error when building hostspd. In file included from ieee802_1x.c:34: md5.h:6:25: openssl/md5.h: No such file or directory make: *** [ieee802_1x.o] Error 1 I have enabled the CONFIG_RADIUS_SERVER option in .config file, as i will need that in testing later. First i thought may be i have to install openssl, but when i try to install openssl(yum install openssl) it says, already installed and openssl command also works. but i am not able to locate this md5.h file. My system is FC3. Any help is appreciated. sonu. From jcromie at divsol.com Tue Feb 1 16:10:24 2005 From: jcromie at divsol.com (Jim Cromie) Date: Tue, 01 Feb 2005 14:10:24 -0700 Subject: 1st success w hostap Message-ID: <41FFF040.6090903@divsol.com> Ive got my 1st wireless link up across hostap so FWIW, heres something of a report. I *was* having the following problem: 2 ifup processes chewing all cpu, io. machine got really sluggish - best to have top already running, new shells take forever easy to reproduce: ifup hostap. I 'fixed' it by deleting a conflicting config-file; ifcfg-dlink, which had HWADDR='same' mac-address, apparently causing both devices/interfaces to vie for resource. Anyway. the last step was associating with the nearby AP these cmds did it for me. [root at harpo jimc]# iwconfig wifi0 mode managed [root at harpo jimc]# iwconfig lo no wireless extensions. eth0 no wireless extensions. eth1 IEEE 802.11g ESSID:"Apple Network ea3fa9" Nickname:"harpo.jimc.earth" Mode:Managed Frequency:2.457GHz Access Point: 00:03:93:EA:3F:A9 Bit Rate=54Mb/s Tx-Power=20 dBm RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=0/100 Signal level=-38 dBm Noise level=-82 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:98 sit0 no wireless extensions. wifi0 IEEE 802.11b ESSID:"Apple Network ea3fa9" Nickname:"harpo.jimc.earth" Mode:Managed Frequency:2.457GHz Access Point: 00:03:93:EA:3F:A9 Bit Rate:2Mb/s Sensitivity=1/3 Retry min limit:8 RTS thr:off Fragment thr:off Encryption key:off Power Management:off wlan0 IEEE 802.11b ESSID:"Apple Network ea3fa9" Nickname:"harpo.jimc.earth" Mode:Managed Frequency:2.457GHz Access Point: 00:03:93:EA:3F:A9 Bit Rate:2Mb/s Sensitivity=1/3 Retry min limit:8 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=35/92 Signal level=-68 dBm Noise level=-99 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:12 Invalid misc:87 Missed beacon:0 # in this command, /sbin/ifup-local is triggered, which upgrades firmware ram [root at harpo jimc]# ifup wlan0 Error for wireless request "Set Mode" (8B06) : SET failed on device wlan0 ; Operation not supported. Determining IP information for wlan0...SIOCADDRT: File exists done. srec summary for r1010504.hex Included file name: R1010504.HEX Component: 0x001f 1.5.4 (station firmware) Verifying update compatibility and combining data: Exact NICID was not found from the list of supported platforms, but an alternative that has been reported to work was found. OK. Downloading to volatile memory (RAM). OK. Components after download: NICID: 0x8008 v1.0.1 PRIID: 0x0015 v0.3.0 STAID: 0x001f v1.5.4 driver: hostap version: 0.3.5 - 2005-01-23 firmware-version: 1.5.4 bus-info: [root at harpo jimc]# ip addr 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 08:00:46:d9:3e:96 brd ff:ff:ff:ff:ff:ff inet6 fe80::a00:46ff:fed9:3e96/64 scope link valid_lft forever preferred_lft forever 3: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0e:35:1c:c6:fb brd ff:ff:ff:ff:ff:ff inet 10.0.1.5/24 brd 255.255.255.255 scope global eth1 inet6 fe80::20e:35ff:fe1c:c6fb/64 scope link valid_lft forever preferred_lft forever 4: sit0: mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 7: wifi0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ieee802.11 00:40:05:de:3a:25 brd ff:ff:ff:ff:ff:ff 8: wlan0: mtu 1500 qdisc noqueue link/ether 00:40:05:de:3a:25 brd ff:ff:ff:ff:ff:ff inet 10.0.1.3/24 brd 255.255.255.255 scope global wlan0 inet6 fe80::240:5ff:fede:3a25/64 scope link valid_lft forever preferred_lft forever ie 3,8 both have inet, both dhcpd from same AP FWIW, heres that script. jimc]# more /sbin/ifup-local #!/bin/sh # update firmware on DLink when card is up'd iface=$1 foo=`ethtool -i $iface`; # ethtool has dependency on ioctl, which in turn requires that module is installed if [ "$?" = "0" ] ; then # 0.7.6 is my original firmware version old=`ethtool -i $iface | awk /0.7.6/`; if [ "$old" != "" ] ; then # download new one /usr/local/bin/prism2_srec -ri $iface /etc/firmware/r1010504.hex ethtool -i $iface fi fi And heres what a bit more of what Im seeing now: [root at harpo jimc]# iwlist scan lo Interface doesn't support scanning. eth0 Interface doesn't support scanning. eth1 Scan completed : Cell 01 - Address: 00:06:25:86:DC:FB ESSID:"linksys" Protocol:IEEE 802.11b Mode:Master Channel:7 Encryption key:off Bit Rate:11Mb/s Extra: Rates (Mb/s): 1 2 5.5 11 Signal level=-28 dBm Extra: Last beacon: 9ms ago Cell 02 - Address: 00:11:95:0A:79:18 ESSID:"VVS" Protocol:IEEE 802.11g Mode:Master Channel:3 Encryption key:on Bit Rate:54Mb/s Extra: Rates (Mb/s): 1 2 5.5 6 9 11 12 18 24 36 48 54 Signal level=-72 dBm Extra: Last beacon: 25ms ago Cell 03 - Address: 00:03:93:EA:3F:A9 ESSID:"Apple Network ea3fa9" Protocol:IEEE 802.11bg Mode:Master Channel:10 Encryption key:off Bit Rate:54Mb/s Extra: Rates (Mb/s): 1 2 5.5 6 9 11 12 18 24 36 48 54 Signal level=-40 dBm Extra: Last beacon: 4ms ago sit0 Interface doesn't support scanning. wifi0 Scan completed : Cell 01 - Address: 00:03:93:EA:3F:A9 ESSID:"Apple Network ea3fa9" Mode:Master Frequency:2.457GHz (Channel 10) Quality:0/70 Signal level:-64 dBm Noise level:-95 dBm Encryption key:off Bit Rate:1Mb/s Bit Rate:2Mb/s Bit Rate:5.5Mb/s Bit Rate:11Mb/s Extra:bcn_int=100 Extra:resp_rate=10 Cell 02 - Address: 00:06:25:86:DC:FB ESSID:"linksys" Mode:Master Frequency:2.442GHz (Channel 7) Quality:0/70 Signal level:-43 dBm Noise level:-97 dBm Encryption key:off Bit Rate:1Mb/s Bit Rate:2Mb/s Bit Rate:5.5Mb/s Bit Rate:11Mb/s Extra:bcn_int=100 Extra:resp_rate=20 wlan0 Scan completed : Cell 01 - Address: 00:03:93:EA:3F:A9 ESSID:"Apple Network ea3fa9" Mode:Master Frequency:2.457GHz (Channel 10) Quality:0/70 Signal level:-64 dBm Noise level:-94 dBm Encryption key:off Bit Rate:1Mb/s Bit Rate:2Mb/s Bit Rate:5.5Mb/s Bit Rate:11Mb/s Extra:bcn_int=100 Extra:resp_rate=10 Cell 02 - Address: 00:06:25:86:DC:FB ESSID:"linksys" Mode:Master Frequency:2.442GHz (Channel 7) Quality:0/70 Signal level:-45 dBm Noise level:-93 dBm Encryption key:off Bit Rate:1Mb/s Bit Rate:2Mb/s Bit Rate:5.5Mb/s Bit Rate:11Mb/s Extra:bcn_int=100 Extra:resp_rate=20 [root at harpo jimc]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.1.0 * 255.255.255.0 U 0 0 0 eth1 10.0.1.0 * 255.255.255.0 U 0 0 0 wlan0 169.254.0.0 * 255.255.0.0 U 0 0 0 wlan0 default 10.0.1.1 0.0.0.0 UG 0 0 0 eth1 [root at harpo jimc] and later ... (more ifup's .. ??) [root at harpo jimc]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.1.0 * 255.255.255.0 U 0 0 0 wlan0 10.0.1.0 * 255.255.255.0 U 0 0 0 eth1 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default 10.0.1.1 0.0.0.0 UG 0 0 0 wlan0 [root at harpo jimc]# now to send, reboot, and see if theyre repeatable :-) From jcromie at divsol.com Tue Feb 1 16:41:27 2005 From: jcromie at divsol.com (Jim Cromie) Date: Tue, 01 Feb 2005 14:41:27 -0700 Subject: Error during hostapd compilation. In-Reply-To: <41FFE864.7070806@fastmail.fm> References: <41FFE864.7070806@fastmail.fm> Message-ID: <41FFF787.3060506@divsol.com> name wrote: > Hi, > > I am getting following error when building hostspd. > > In file included from ieee802_1x.c:34: > md5.h:6:25: openssl/md5.h: No such file or directory > make: *** [ieee802_1x.o] Error 1 U probly need something like this rpm: openssl-devel-0.9.7a-40 From amr at broadbandcentral.us Tue Feb 1 17:24:40 2005 From: amr at broadbandcentral.us (amr nasr) Date: Tue, 1 Feb 2005 15:24:40 -0700 Subject: hostapd possible bug Message-ID: <003a01c508ac$d2cf5f50$f205050a@silicon> Hi, Here is the output of the hostapd debug log file Configuration file: /etc/hostapd.conf Opening raw packet socket for ifindex 4921 Using interface wlan0ap with hwaddr 00:02:6f:05:52:ce and ssid '8021x' wlan0: RADIUS Authentication server 216.143.235.102:1812 Flushing old station entries Deauthenticate all stations DATA Data frame from not associated STA 00:02:6f:06:33:cd mgmt::auth authentication: STA=00:02:6f:06:33:cd auth_alg=0 auth_transaction=1 status_code=0 wep=0 New STA wlan0: STA 00:02:6f:06:33:cd IEEE 802.11: authentication OK (open system) wlan0: STA 00:02:6f:06:33:cd WPA: event 0 notification authentication reply: STA=00:02:6f:06:33:cd auth_alg=0 auth_transaction=2 resp=0 MGMT (TX callback) ACK mgmt::auth cb wlan0: STA 00:02:6f:06:33:cd IEEE 802.11: authenticated mgmt::assoc_req association request: STA=00:02:6f:06:33:cd capab_info=0x01 listen_interval=10 new AID 1 wlan0: STA 00:02:6f:06:33:cd IEEE 802.11: association OK (aid 1) MGMT (TX callback) ACK mgmt::assoc_resp cb wlan0: STA 00:02:6f:06:33:cd IEEE 802.11: associated (aid 1, accounting session 41FFFC3F-00000000) wlan0: STA 00:02:6f:06:33:cd WPA: event 1 notification wlan0: STA 00:02:6f:06:33:cd IEEE 802.1X: start authentication IEEE 802.1X: 00:02:6f:06:33:cd AUTH_PAE entering state INITIALIZE IEEE 802.1X: 00:02:6f:06:33:cd AUTH_PAE entering state INITIALIZE DATA IEEE 802.1X: 4 bytes from 00:02:6f:06:33:cd IEEE 802.1X: version=1 type=1 length=0 wlan0: STA 00:02:6f:06:33:cd IEEE 802.1X: received EAPOL-Start from STA IEEE 802.1X: 00:02:6f:06:33:cd AUTH_PAE entering state DISCONNECTED wlan0: STA 00:02:6f:06:33:cd IEEE 802.1X: unauthorizing port IEEE 802.1X: 00:02:6f:06:33:cd BE_AUTH entering state IDLE IEEE 802.1X: 00:02:6f:06:33:cd REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:02:6f:06:33:cd AUTH_PAE entering state CONNECTING IEEE 802.1X: Sending EAP Request-Identity to 00:02:6f:06:33:cd (identifier 0) IEEE 802.1X: 00:02:6f:06:33:cd REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:02:6f:06:33:cd REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:02:6f:06:33:cd REAUTH_TIMER entering state INITIALIZE DATA (TX callback) ACK IEEE 802.1X: 00:02:6f:06:33:cd TX status - version=1 type=0 length=10 - ack=1 "hostapd.log" [noeol] 170L, 9082C Best Regards, Amr Nasr -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/hostap/attachments/20050201/6fdc9914/attachment.htm From mailinglists at inetmx.de Wed Feb 2 01:44:40 2005 From: mailinglists at inetmx.de (mailinglists) Date: Wed, 02 Feb 2005 07:44:40 +0100 Subject: Madwifi along with WPA-PSK In-Reply-To: <004701c5077a$d27f74a0$2b0da8c0@josephifang> References: <004701c5077a$d27f74a0$2b0da8c0@josephifang> Message-ID: <1107326680.12388.10.camel@Surtus> Yep.. I have a system like that running using wpa-psk and tkip. From your post on madwifi mailinglist I guess you are running into the same trouble I did, but the hint in this post http://lists.shmoo.com/pipermail/hostap/2005-January/009078.html made it work finally for me. Oh and I also got the hint to only use either tkip or ccmp not both. /tobi Am Montag, den 31.01.2005, 17:54 +0800 schrieb joseph_chen: > Hi ~ hotstapd guy > > Has anyone successfully test Madwifi with hostapd to act an as > authenticator ? Is WPA-PSK workable ? > > > Joseph > > > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap ++++++++++++ WERBUNG +++++++++++++++ Free-Mail http://www.inetmx.de 52 MB Postfach / Spam- und Virenfilter by http://www.inetsolutions.de ISP / Qualit?ts-Webhosting From sudha.ramachandra at wipro.com Wed Feb 2 03:19:32 2005 From: sudha.ramachandra at wipro.com (sudha.ramachandra at wipro.com) Date: Wed, 2 Feb 2005 13:49:32 +0530 Subject: "NOT READY" issue Message-ID: hello all, i compiled the latest version prism54 driver with 2.4.19 version of linux kernel...i was also able to insmod prism54.o...but when i gave the command iwconfig eth0 this is what the output i get... eth0 NOT READY! ESSID:"test" Mode:Managed Channel:6 Access Point: 00:00:00:00:00:00 Tx-Power=31 dBm Sensivity=0/200 Retryminlimit=0 RTS thr:off Fragment thr:off Encryption key:off Link Quality=0/100 Signal level=-0dBm Noise level=-0 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 Can any body figure out the problem...Any help is appreciated...My experience regarding this is very less Thanks sudha Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or Mailadmin at wipro.com immediately and destroy all copies of this message and any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/hostap/attachments/20050202/82ccbd66/attachment.htm From jgreen at users.sourceforge.net Wed Feb 2 03:40:29 2005 From: jgreen at users.sourceforge.net (Josh Green) Date: Wed, 02 Feb 2005 00:40:29 -0800 Subject: Two Senao PCMCIA cards in Mips AMD Alchemy board Message-ID: <1107333629.26094.28.camel@SillyPuddy.localdomain> Hello, I'm attempting to turn an embedded AMD Alchemy board into a wireless access point and bridge between a point to point link. For this I am using 2 Senao 200mW 802.11b cards (the one with 2 antenna connectors). I'm using a cross compiler tool chain (gcc 3.4.3) to build the kernel modules. When I start pcmcia (cardmgr) with both cards inserted I get the following output: Linux Kernel Card Services options: none hostap_cs: 0.2.6 - 2004-12-25 (Jouni Malinen ) hostap_cs: Registered netdevice wifi0 hostap_cs: index 0x01: Vcc 3.3, irq 34, io 0xc0000000-0xc000003f wifi0: NIC: id=0x800c v1.0.0 wifi0: PRI: id=0x15 v1.1.0 wifi0: STA: id=0x1f v1.4.9 0.0: RequestIO: Configuration locked <--- Second card causes this 0.0: GetNextTuple: No more items ds: unable to create instance of 'hostap_cs'! When this happens, one card will function correctly (wlan0 available, etc) but the other one will not (no wlan1). I can get things to work sometimes if I start PCMCIA then insert one card, wait a bit and then the other. I've posted this to the Linux MIPS list also, in case its a MIPS related problem, but I thought I'd check here as well. I noticed in the hostap_cs.c file this: /* This reserves IO space but doesn't actually enable it */ CFG_CHECK2(RequestIO, pcmcia_request_io(link->handle, &link->io)); Which is the call that is printing that error message (for the second device). The handle pointer is the same as the one passed in the first call. Here is an additional error that I receive sometimes (no specific way to cause it that I have discovered yet). Badness in local_bh_enable at kernel/softirq.c:140 Call Trace: [<802482c4>] skb_clone+0x24/0x374 [<8012c3c8>] local_bh_enable+0x74/0x9c [<80251048>] dev_queue_xmit+0x310/0x374 [<80249884>] kfree_skbmem+0x14/0x30 [] hostap_data_start_xmit+0x80c/0xac4 [hostap] [<8024866c>] alloc_skb+0x58/0xf4 [<802a1240>] arp_constructor+0x28/0x274 [<802a0000>] udp_rcv+0x368/0x938 [<80250e14>] dev_queue_xmit+0xdc/0x374 [<80360000>] ip_auto_config_setup+0x64/0x240 [<802a2944>] arp_process+0x7f8/0xa6c [] hostap_80211_rx+0x1034/0x1f04 [hostap] [<80251978>] netif_receive_skb+0x1c4/0x3d4 [<80251978>] netif_receive_skb+0x1c4/0x3d4 [<80251c98>] process_backlog+0x110/0x2f0 [<80250000>] dev_change_name+0x34/0x2ec [] hostap_rx_tasklet+0x228/0x2bc [hostap_cs] [<80251f44>] net_rx_action+0xcc/0x294 [<8012c818>] tasklet_action+0xc4/0x194 [<801479f4>] handle_IRQ_event+0x7c/0x134 [<8012c1dc>] __do_softirq+0x8c/0x14c [<80147c40>] __do_IRQ+0x194/0x1b4 [<80360000>] ip_auto_config_setup+0x64/0x240 [<80360000>] ip_auto_config_setup+0x64/0x240 [<8012c328>] do_softirq+0x8c/0xb8 [<80360000>] ip_auto_config_setup+0x64/0x240 [<80100e2c>] au1000_IRQ+0x16c/0x1a0 [<80360000>] ip_auto_config_setup+0x64/0x240 [<80104a90>] cpu_idle+0x48/0x50 [<80104a60>] cpu_idle+0x18/0x50 [<801f4980>] idr_cache_ctor+0x0/0xc [<80360000>] ip_auto_config_setup+0x64/0x240 [<803437ac>] start_kernel+0x200/0x2c0 [<803430fc>] unknown_bootoption+0x0/0x310 If anyone has any ideas on resolving these issues or can confirm them I'd appreciate the info. Best regards, Josh Green -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050202/e1783e29/attachment.pgp From ged at jubileegroup.co.uk Wed Feb 2 03:49:26 2005 From: ged at jubileegroup.co.uk (Ged Haywood) Date: Wed, 2 Feb 2005 08:49:26 +0000 (GMT) Subject: Error during hostapd compilation. (Jim Cromie) In-Reply-To: <20050202082142.C29AD38FA6@mail.iocaine.com> References: <20050202082142.C29AD38FA6@mail.iocaine.com> Message-ID: Hi there, On Wed, 2 Feb 2005 Jim Cromie wrote: > name wrote: > > > I am getting following error when building hostspd. > > In file included from ieee802_1x.c:34: > > md5.h:6:25: openssl/md5.h: No such file or directory > > U probly need something like this rpm: openssl-devel-0.9.7a-40 Yes, you probably need to install the sources (at least some headers). For security reasons at least you should also take care to keep your version of OpenSSL up to date. Version 0.9.7a is rather old, take a look at http://www.openssl.org/ which says "25-oct-2004: OpenSSL 0.9.7e is now available, including important bugfixes" You can download the OpenSSL source from that site. If you need to convert source tarballs to RPMs, Checkinstall is reputed to be able to do it: http://asic-linux.com.mx/~izto/checkinstall/. I do not use RPMs if I can avoid it so I can't vouch for it personally, but it looks to be very well presented and there is a good report from a user at http://www.webservertalk.com/archive200-2004-5-235866.html HTH 73, Ged. From brix at gentoo.org Wed Feb 2 04:49:36 2005 From: brix at gentoo.org (Henrik Brix Andersen) Date: Wed, 02 Feb 2005 10:49:36 +0100 Subject: wpa supplicant v0.3.4 and WEP issue In-Reply-To: <20050122051220.GL8365@jm.kir.nu> References: <1106148729.15377.8.camel@sponge.fungus> <20050122051220.GL8365@jm.kir.nu> Message-ID: <1107337777.19863.21.camel@sponge.fungus> Hi, Sorry about the long delay in replying - work overload :/ On Fri, 2005-01-21 at 21:12 -0800, Jouni Malinen wrote: > The debug log from wpa_supplicant does not show any kind of > authentication timeout; actually, it is showing the timeout being > cancelled properly.. As far as this debug log is concerned, everything > is going fine.. Can you reproduce this with any other driver than > ipw2100? Odd thing is - I can no longer reproduce the problem here; not with the ipw2100 driver nor with the hostap-driver. Sincerely, Brix -- Henrik Brix Andersen Gentoo Linux -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050202/0bf11878/attachment.pgp From brix at gentoo.org Wed Feb 2 04:54:32 2005 From: brix at gentoo.org (Henrik Brix Andersen) Date: Wed, 02 Feb 2005 10:54:32 +0100 Subject: Patch: running external commands from wpa_supplicant In-Reply-To: <20050114043602.GB8380@jm.kir.nu> References: <1105470539.11819.12.camel@sponge.fungus> <20050114043602.GB8380@jm.kir.nu> Message-ID: <1107338072.19863.27.camel@sponge.fungus> Hi, On Thu, 2005-01-13 at 20:36 -0800, Jouni Malinen wrote: > I have not gone through the process of thinking about all common use > cases, so I may have missed something here. Please let me know if there > are operations that you believe would benefit from the use of external > commands from wpa_supplicant. The main purpose of my patch is to allow using wpa_supplicant as a complete replacement for waproamd - allowing wpa_supplicant to control the distribution specific networking scripts when associating to a new network. > These hooks were not described explicitly, but I would guess that by > auth_cmd you mean the moment when the data connection becomes usable > for the first time after starting wpa_supplicant and by reauth_cmd the > moment when data connection becomes (again) usable after roaming to > another AP. Correct. > At the moment, there is no clear location for this. This depends on the > selected security policy and the most likely places are the locations > calling wpa_supplicant_cancel_auth_timeout(). Ok, I'll try that... > different implementation for cases where this is not available. One > could even consider forking a background job (when fork() or something > similar is supported) in order to avoid blocking wpa_supplicant. I'll modify the patch to do so. > That should probably be in driver deinit() handler (see driver_madwifi.c > for an example). Ok. Thank you for commenting on this. I'll try to find the time to finish the patch soonish. Sincerely, Brix -- Henrik Brix Andersen Gentoo Linux -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050202/cb831409/attachment.pgp From dan at adelix.com Wed Feb 2 05:26:28 2005 From: dan at adelix.com (Dan Searle) Date: Wed, 2 Feb 2005 10:26:28 +0000 Subject: Porting hostapd to a completely new (closed source :-( ) driver Message-ID: <328904850.20050202102628@adelix.com> Hi, I am trying to port the hostapd (0.3 branch) to a new 802.11a/b/g radio driver, which unfortunately is closed source. I have the sources and am working with the manufacturer on driver development for Linux, however they seem to think the easiest way to implement 802.1x/WPA2/802.11i is to write a new driver abstraction layer (driver_xxx.c) for hostapd. I see from analysing the driver_xxx.c files in the hostapd sources that the common interface between all driver_xxx.c files is as follows: { .init = xxx_init, .deinit = xxx_deinit, .wireless_event_init = xxx_wireless_event_init, .wireless_event_deinit = xxx_wireless_event_deinit, .set_ieee8021x = xxx_set_ieee8021x, .set_privacy = xxx_set_privacy, .set_encryption = xxx_set_key, .get_seqnum = xxx_get_seqnum, .flush = xxx_flush, .set_generic_elem = xxx_set_opt_ie, .read_sta_data = xxx_read_sta_driver_data, .send_eapol = xxx_send_eapol, .set_sta_authorized = xxx_set_sta_authorized, .sta_deauth = xxx_sta_deauth, .sta_disassoc = xxx_sta_disassoc, .set_ssid = xxx_set_ssid, .get_ssid = xxx_get_ssid } Is there any detailed development documentation on exactly what these functions are supposed to implement? I could try to reverse engineer the other driver_xxx.c sources and infer the semantics but some docs would be preferable. The radio driver I'm trying to port to hostapd has it's own 802.11 stack and AP management functions so all I need the hostapd to do is handle the 802.1x/WPA2/802.11i (TKIP, CCMP, EAP etc...) stuff. Am I right in thinking that the bsd and madwifi radio drivers are similar? in that they implement the AP and basic 802.11 management, and all hostapd does is the advanced encryption/key management/radius/802.1x EA-POL stuff? Any pointers much appreciated, regards, Dan... -- Dan Searle Adelix Ltd dan.searle at adelix.com web: www.adelix.com tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. Any views expressed in this email communication are those of the individual sender, except where the sender specifically states them to be the views of a member of Adelix Ltd. Adelix Ltd. does not represent, warrant or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors or interference. From masustec at yahoo.co.uk Wed Feb 2 06:40:47 2005 From: masustec at yahoo.co.uk (Mr Asustec) Date: Wed, 2 Feb 2005 11:40:47 +0000 (GMT) Subject: Hostap in promiscous mode? Message-ID: <20050202114047.50129.qmail@web25802.mail.ukl.yahoo.com> Hello All I use hostap-0.2.6 driver with prism card in promiscous mode. My topology consists of three stations A, B and C. The transmission is between A and B: A <---> B ......... ....C.... Which hostap driver function in station C is called when frame A-B is captured? Is it prism2_rx? I would be grateful for any help. Regards, Asustec ___________________________________________________________ ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com From togg at togg.de Wed Feb 2 07:19:19 2005 From: togg at togg.de (Sebastian Weitzel) Date: Wed, 2 Feb 2005 13:19:19 +0100 (CET) Subject: [solved] hostapd groupkey problem with madwifi Message-ID: <4720.213.146.118.69.1107346759.squirrel@flinky.home> The problem with wpa groupkey handshake introduced in december 2004 is solved now. Please read my mail to madwifi-users mailinglist from today. The solution is to disable encryption of EAPOL packets in madwifi. Jouni, can you state that this is a correct solution? I couldnt find documentation about this. Please remove the patch which commented out setting of default groupkey in driver_madwifi.c. After patching madwifi and taking back the change from hostapd you will notice that clients connected to one accesspoint can ping each other, what they couldnt do before. Regards, Sebastian Weitzel From lobo at mucharuina.com Tue Feb 1 20:41:54 2005 From: lobo at mucharuina.com (=?ISO-8859-15?Q?Rub=E9n_G=F3mez_Antol=ED?=) Date: Wed, 02 Feb 2005 02:41:54 +0100 Subject: "wifi0: invalid skb->cb magic" on Sitecom wn-pcc-01 Message-ID: <42002FE2.8070503@mucharuina.com> Hi all, Please CC me, I'm not on the list, and sorry for my very bad english. Well, I have a Sitecom Wn-pcc-01 pcmcia card based on prism 2 chip: hostap_cs: 0.2.6 - 2004-12-25 (Jouni Malinen ) hostap_cs: setting Vcc=33 (constant) hostap_cs: CS_EVENT_CARD_INSERTION hostap_cs: setting Vcc=50 (from config) Checking CFTABLE_ENTRY 0x01 (default 0x01) IO window settings: cfg->io.nwin=1 dflt.io.nwin=1 io->flags = 0x0046, io.base=0x0000, len=64 hostap_cs: Registered netdevice wifi0 hostap_cs: index 0x01: Vcc 5.0, irq 3, io 0x0100-0x013f prism2_hw_init: initialized in 108 ms My system is Debian Sid with a 2.6.10 kernel running in a Dell Inspiron 8100: razer at puerto-lobo:~$ uname -a Linux puerto-lobo 2.6.10+31.i.2005-0 #1 Tue Feb 1 13:42:19 CET 2005 i686 GNU/Linux And, hostap version: razer at puerto-lobo:~$ COLUMNS=100 dpkg -l |grep -i hostap ii hostap-modules-2.6. 0.2.6-1+puerto.lobo Host AP driver for Intersil Prism2/2.5/3 (kernel 2.6.1 ii hostap-modules-2.6. 0.2.6-1+puerto.lobo Host AP driver for Intersil Prism2/2.5/3 (kernel 2.6.1 ii hostap-source 0.2.6-1 Host AP driver for Intersil Prism2/2.5/3 ii hostap-utils 0.2.6-1 Utility programs for Host AP driver for Intersil Prism I compiled kernel and modules with fakeroot and make-kpkg: fakeroot make-kpkg --initrd --revision puerto.lobo.0.1 --append_to_version +31.i.2005-0 kernel-image modules_image This card had working with orinoco driver and 2.6.7 kernel, and with Knoppix v3.3 and 2.4.27 kernel. With Knoppix, card yet runs, but in my debian system it anymore works. When I look for in the network, I found some docs where recommend to update firmware of the card. Today, i test and update firmware with prism2_srec utility: prism2_srec -v -f wlan0 s1010701.hex with this result: puerto-lobo:~# hostap_diag wlan0 Host AP driver diagnostics information for 'wlan0' NICID: id=0x8002 v1.0.0 (HWB3163-01,02,03,04 Rev A) PRIID: id=0x0015 v0.3.0 STAID: id=0x001f v1.7.1 (station firmware) But, when I reinsert my card and I test, I get same error that I got. No network for me in this laptop. prism2: wlan0: operating mode changed 3 -> 2 wlan0: Preferred AP (SIOCSIWAP) is used only in Managed mode when host_roaming is enabled wlan0: Preferred AP (SIOCSIWAP) is used only in Managed mode when host_roaming is enabled wifi0: invalid skb->cb magic (0x00000000, expected 0xf08a36a2) wifi0: TXEXC - status=0x0004 ([Discon]) tx_control=000c retry_count=0 tx_rate=0 fc=0x4108 (Data::0 ToDS) A1=00:00:00:00:00:00 A2=00:60:b3:68:f6:e0 A3=ff:ff:ff:ff:ff:ff A4=00:00:00:00:00:00 wifi0: invalid skb->cb magic (0x00000000, expected 0xf08a36a2) wifi0: TXEXC - status=0x0004 ([Discon]) tx_control=000c retry_count=0 tx_rate=0 fc=0x4108 (Data::0 ToDS) I'm looking for with no results. I test some things how that: http://lists.shmoo.com/pipermail/hostap/2003-November/004813.html ------------ cut ------------ I was using the wifi interface. wifi0 is the interface name sent to /etc/pcmcia/network (along with 'start'). I edited that file thusly: if [ "$DEVICE" = "wifi0" ]; then DEVICE="wlan0" fi and everything now works. -------- end of cut ---------- Any ideas are gracefully accepted. If you need more date, please, let's me know. Thanks in advance, and sorry for the big mail. Salud y Revoluci?n. Lobo. -- Libertad es poder elegir en cualquier momento. Ahora yo elijo GNU/Linux, para no atar mis manos con las cadenas del soft propietario. --------- Desde El Ejido, en Almer?a, usuario registrado linux #294013 http://www.counter.li.org From jkmaline at cc.hut.fi Wed Feb 2 09:27:29 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 2 Feb 2005 06:27:29 -0800 Subject: [solved] hostapd groupkey problem with madwifi In-Reply-To: <4720.213.146.118.69.1107346759.squirrel@flinky.home> References: <4720.213.146.118.69.1107346759.squirrel@flinky.home> Message-ID: <20050202142729.GA8368@jm.kir.nu> On Wed, Feb 02, 2005 at 01:19:19PM +0100, Sebastian Weitzel wrote: > The solution is to disable encryption of EAPOL packets in madwifi. Jouni, > can you state that this is a correct solution? I couldnt find > documentation about this. No, that is not correct. EAPOL frames, including Group Key Handshake, has to be encrypted when WPA is used and pairwise keys are set. In other words, EAPOL frames are never encrypted with non-WPA IEEE 802.1X or during the initial WPA 4-Way Handshake (or IEEE 802.1X/EAP authentication before this), but they are encrypted during rekeying and reauthentication (including IEEE 802.1X re-authentication with WPA). -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Wed Feb 2 09:34:33 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 2 Feb 2005 06:34:33 -0800 Subject: Hostap in promiscous mode? In-Reply-To: <20050202114047.50129.qmail@web25802.mail.ukl.yahoo.com> References: <20050202114047.50129.qmail@web25802.mail.ukl.yahoo.com> Message-ID: <20050202143433.GB8368@jm.kir.nu> On Wed, Feb 02, 2005 at 11:40:47AM +0000, Mr Asustec wrote: > I use hostap-0.2.6 driver with prism card in > promiscous mode. Host AP driver does not enable promiscuous mode in the firmware because of stability problems with some firmware versions. > A <---> B > ......... > ....C.... > > Which hostap driver function in station C is called > when frame A-B is captured? Is it prism2_rx? Assuming C is not an access point, that frame is dropped at the firmware and the driver will not be notified. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Wed Feb 2 09:39:50 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 2 Feb 2005 06:39:50 -0800 Subject: "NOT READY" issue In-Reply-To: References: Message-ID: <20050202143950.GC8368@jm.kir.nu> On Wed, Feb 02, 2005 at 01:49:32PM +0530, sudha.ramachandra at wipro.com wrote: > i compiled the latest version prism54 driver with 2.4.19 version of linux kernel...i was also able to insmod prism54.o...but when i gave the command iwconfig eth0 this is what the output i get... I don't see any connection with the topic of this email and the topic of this mailing list.. How about asking this on the Prism54.org mailing lists? > Confidentiality Notice Please do not include this kind of notices when sending email to this mailing list (or directly to me, for that matter). -- Jouni Malinen PGP id EFC895FA From techie at whiterocker.com Wed Feb 2 13:01:28 2005 From: techie at whiterocker.com (Chris) Date: Wed, 02 Feb 2005 10:01:28 -0800 Subject: Two Senao PCMCIA cards in Mips AMD Alchemy board In-Reply-To: <1107333629.26094.28.camel@SillyPuddy.localdomain> References: <1107333629.26094.28.camel@SillyPuddy.localdomain> Message-ID: <42011578.8030904@whiterocker.com> Josh Green wrote: >Hello, I'm attempting to turn an embedded AMD Alchemy board into a >wireless access point and bridge between a point to point link. For >this I am using 2 Senao 200mW 802.11b cards (the one with 2 antenna > > > >When this happens, one card will function correctly (wlan0 available, >etc) but the other one will not (no wlan1). I can get things to work >sometimes if I start PCMCIA then insert one card, wait a bit and then >the other. I've posted this to the Linux MIPS list also, in case its a >MIPS related problem, but I thought I'd check here as well. >I noticed in the hostap_cs.c file this: > > > I know nothing about the Alchemy product, but I can tell you that I have two Prism2.5-based PCMCIA cards in an x86-based board, with TI PCI1520 PCI/PCMCIA bridge chips and the cards both come up properly. The kernel module used for the PCMCIA hardware is yenta, hostap_cs is v 0.2.4, kernel 2.4.26. >If anyone has any ideas on resolving these issues or can confirm them > > One thing that springs to mind is the maturity of PCMCIA support provided for the Alchemy... perhaps this is a more generic problem with multiple PCMCIA cards on that platform? Chris. From jgreen at users.sourceforge.net Wed Feb 2 13:38:20 2005 From: jgreen at users.sourceforge.net (Josh Green) Date: Wed, 02 Feb 2005 10:38:20 -0800 Subject: Two Senao PCMCIA cards in Mips AMD Alchemy board In-Reply-To: <42011578.8030904@whiterocker.com> References: <1107333629.26094.28.camel@SillyPuddy.localdomain> <42011578.8030904@whiterocker.com> Message-ID: <1107369500.12610.8.camel@SillyPuddy.localdomain> On Wed, 2005-02-02 at 10:01 -0800, Chris wrote: > Josh Green wrote: > > >Hello, I'm attempting to turn an embedded AMD Alchemy board into a > >wireless access point and bridge between a point to point link. For > >this I am using 2 Senao 200mW 802.11b cards (the one with 2 antenna > > > > > > > > > >When this happens, one card will function correctly (wlan0 available, > >etc) but the other one will not (no wlan1). I can get things to work > >sometimes if I start PCMCIA then insert one card, wait a bit and then > >the other. I've posted this to the Linux MIPS list also, in case its a > >MIPS related problem, but I thought I'd check here as well. > >I noticed in the hostap_cs.c file this: > > > > > > > I know nothing about the Alchemy product, but I can tell you that I have > two Prism2.5-based PCMCIA cards in an x86-based board, with TI PCI1520 > PCI/PCMCIA bridge chips and the cards both come up properly. The kernel > module used for the PCMCIA hardware is yenta, hostap_cs is v 0.2.4, > kernel 2.4.26. > > >If anyone has any ideas on resolving these issues or can confirm them > > > > > One thing that springs to mind is the maturity of PCMCIA support > provided for the Alchemy... perhaps this is a more generic problem with > multiple PCMCIA cards on that platform? > > Chris. > Thats also what I suspect, just wanted to make sure. I am using kernel 2.6.11-rc2 though, so I suppose it could still be possible there is some faulty interaction in regards to the kernel version and hostap. I'll look into it more. I am curious if the problem is that pcmcia_request_io() gets called twice with the same client_handle_t pointer. Looking at the PCMCIA docs, it sounds as if a client handle is bound to a particular PCMCIA socket, so it would seem there should be two client handles then? Anyways, thanks for the info. Best regards, Josh Green -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050202/e8c66940/attachment.pgp From jgreen at users.sourceforge.net Wed Feb 2 15:12:21 2005 From: jgreen at users.sourceforge.net (Josh Green) Date: Wed, 02 Feb 2005 12:12:21 -0800 Subject: [solved] Two Senao PCMCIA cards in Mips AMD Alchemy board In-Reply-To: <42011578.8030904@whiterocker.com> References: <1107333629.26094.28.camel@SillyPuddy.localdomain> <42011578.8030904@whiterocker.com> Message-ID: <1107375141.15000.5.camel@SillyPuddy.localdomain> On Wed, 2005-02-02 at 10:01 -0800, Chris wrote: > Josh Green wrote: > > >Hello, I'm attempting to turn an embedded AMD Alchemy board into a > >wireless access point and bridge between a point to point link. For > >this I am using 2 Senao 200mW 802.11b cards (the one with 2 antenna > > > > > > > > > >When this happens, one card will function correctly (wlan0 available, > >etc) but the other one will not (no wlan1). I can get things to work > >sometimes if I start PCMCIA then insert one card, wait a bit and then > >the other. I've posted this to the Linux MIPS list also, in case its a > >MIPS related problem, but I thought I'd check here as well. > >I noticed in the hostap_cs.c file this: > > > > > > > I know nothing about the Alchemy product, but I can tell you that I have > two Prism2.5-based PCMCIA cards in an x86-based board, with TI PCI1520 > PCI/PCMCIA bridge chips and the cards both come up properly. The kernel > module used for the PCMCIA hardware is yenta, hostap_cs is v 0.2.4, > kernel 2.4.26. > > >If anyone has any ideas on resolving these issues or can confirm them > > > > > One thing that springs to mind is the maturity of PCMCIA support > provided for the Alchemy... perhaps this is a more generic problem with > multiple PCMCIA cards on that platform? > > Chris. > Just for the record, it turned out to be a general PCMCIA bug in the kernel I'm using, which is surprising (so I suppose its not a hostap issue, just wanted to complete the thread for those reading it). Here is a patch to drivers/pcmcia/ds.c to fix it: --- ds.c.orig 2005-01-13 06:06:18.000000000 -0800 +++ ds.c 2005-02-02 11:58:29.125469160 -0800 @@ -660,7 +660,7 @@ p_dev = pcmcia_get_dev(p_dev); if (!p_dev) continue; - if ((!p_dev->client.state & CLIENT_UNBOUND) || + if ((!(p_dev->client.state & CLIENT_UNBOUND)) || (!p_dev->dev.driver)) { pcmcia_put_dev(p_dev); continue; Best regards, Josh Green -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050202/7e8decac/attachment.pgp From drdoom at drdoom.net Wed Feb 2 17:34:28 2005 From: drdoom at drdoom.net (DrDoom) Date: Wed, 02 Feb 2005 22:34:28 +0000 Subject: mini tutorial: hostap+fedora core-3 Message-ID: <42015574.5000302@drdoom.net> Here it's my little contribution: howto configure hostap in Fedora Core-3 http://www.sorgonet.com/modules.php?name=News&file=article&sid=152&mode=&order=0&thold=0 -- ------------------------ David Martos (DrDoom) http://www.sorgonet.com ------------------------ From proski at gnu.org Wed Feb 2 17:11:36 2005 From: proski at gnu.org (Pavel Roskin) Date: Wed, 2 Feb 2005 17:11:36 -0500 (EST) Subject: mini tutorial: hostap+fedora core-3 In-Reply-To: <42015574.5000302@drdoom.net> References: <42015574.5000302@drdoom.net> Message-ID: Hi! On Wed, 2 Feb 2005, DrDoom wrote: > Here it's my little contribution: howto configure hostap in Fedora Core-3 > > http://www.sorgonet.com/modules.php?name=News&file=article&sid=152&mode=&order=0&thold=0 A little improvement: there is no need to type the kernel version manually. There is a more universal way to find the sources of the current kernel: KERNEL_PATH=$(shell readlink -f /lib/modules/`uname -r`/source) "source" is preferred over "build" because kernels can now be built outside the source tree (not important for stock FC3 kernels). "readlink -f" resolves all symlinks, just for prettiness. Those using own kernels will see paths under /usr/src/linux, which is mode readable than e.g. /lib/modules/2.6.11-rc2/source. I don't think wifi0 is a "virtual dumb device". It should be sufficient to say that is should not be used except for purposes outside of scope of your document. -- Regards, Pavel Roskin From larry.leblanc at shaw.ca Wed Feb 2 18:36:09 2005 From: larry.leblanc at shaw.ca (Larry@Home) Date: Wed, 02 Feb 2005 15:36:09 -0800 Subject: 802.1x required for WPA-PSK? Message-ID: <420163E9.7020502@shaw.ca> Hello, I'm running hostapd 0.3.5 with madwifi in an AP configuration (i.e. Master). I am trying to use WPA-PSK but my connections are failing in 802.1x negotiation. I've got 802.1x disabled in hostapd.conf since I didn't expect to need 802.1x with WPA-PSK - only with WPA-EAP. I thought maybe the problem was on the client side, but the debug messages from hostapd showed it was enabling 802.1x in the madwifi driver and I subsequently found the following code in ieee8021x.c: ... if ((hapd->conf->ieee802_1x || hapd->conf->wpa) && hostapd_set_ieee8021x(hapd, 1)) return -1; ... Note that enabling any form of WPA overrides the explicit 802.1x configuration - was this intended? And is it necessary? I tried modifying that code segment to only enable 802.1x if wpa_key_mgmt included WPA_KEY_MGMT_IEEE8021X without success - no error messages but my AP was no longer visible (never mind connect-able) from the client, so there is something more to it. Am I confused? Is 802.1x required even for WPA-PSK operation? Thanks, Larry From dan at adelix.com Thu Feb 3 04:00:52 2005 From: dan at adelix.com (Dan Searle) Date: Thu, 3 Feb 2005 09:00:52 +0000 Subject: Porting hostapd to a completely new (closed source :-( ) driver In-Reply-To: <328904850.20050202102628@adelix.com> References: <328904850.20050202102628@adelix.com> Message-ID: <1434676766.20050203090052@adelix.com> Hi, Anyone? I can't believe that there is no documentation on the wifi-driver<->hostapd API? Pretty please? Dan... Wednesday, February 2, 2005, 10:26:28 AM, you wrote: > Hi, > I am trying to port the hostapd (0.3 branch) to a new 802.11a/b/g > radio driver, which unfortunately is closed source. I have the sources > and am working with the manufacturer on driver development for Linux, > however they seem to think the easiest way to implement > 802.1x/WPA2/802.11i is to write a new driver abstraction layer > (driver_xxx.c) for hostapd. > I see from analysing the driver_xxx.c files in the hostapd sources that > the common interface between all driver_xxx.c files is as follows: > { > .init = xxx_init, > .deinit = xxx_deinit, > .wireless_event_init = xxx_wireless_event_init, > .wireless_event_deinit = xxx_wireless_event_deinit, > .set_ieee8021x = xxx_set_ieee8021x, > .set_privacy = xxx_set_privacy, > .set_encryption = xxx_set_key, > .get_seqnum = xxx_get_seqnum, > .flush = xxx_flush, > .set_generic_elem = xxx_set_opt_ie, > .read_sta_data = xxx_read_sta_driver_data, > .send_eapol = xxx_send_eapol, > .set_sta_authorized = xxx_set_sta_authorized, > .sta_deauth = xxx_sta_deauth, > .sta_disassoc = xxx_sta_disassoc, > .set_ssid = xxx_set_ssid, > .get_ssid = xxx_get_ssid > } > Is there any detailed development documentation on exactly what these > functions are supposed to implement? I could try to reverse engineer > the other driver_xxx.c sources and infer the semantics but some docs > would be preferable. > The radio driver I'm trying to port to hostapd has it's own 802.11 > stack and AP management functions so all I need the hostapd to do is > handle the 802.1x/WPA2/802.11i (TKIP, CCMP, EAP etc...) stuff. Am I > right in thinking that the bsd and madwifi radio drivers are similar? > in that they implement the AP and basic 802.11 management, and all > hostapd does is the advanced encryption/key management/radius/802.1x > EA-POL stuff? > Any pointers much appreciated, regards, Dan... > -- > Dan Searle > Adelix Ltd > dan.searle at adelix.com web: www.adelix.com > tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 > snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. > Any views expressed in this email communication are those > of the individual sender, except where the sender specifically states > them to be the views of a member of Adelix Ltd. Adelix Ltd. does not > represent, warrant or guarantee that the integrity of this communication > has been maintained nor that the communication is free of errors or > interference. > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > This message has been scanned for viruses by MailController - www.MailController.altohiway.com -- Dan Searle Adelix Ltd dan.searle at adelix.com web: www.adelix.com tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. Any views expressed in this email communication are those of the individual sender, except where the sender specifically states them to be the views of a member of Adelix Ltd. Adelix Ltd. does not represent, warrant or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors or interference. From eaglecz at tiscali.cz Thu Feb 3 04:08:06 2005 From: eaglecz at tiscali.cz (Tomas Charvat) Date: Thu, 3 Feb 2005 10:08:06 +0100 Subject: WDS + WL1120AP References: <1091408281.410d91996d966@www.brlan.com.br> <20040802083251.GB15382@kaos.in-kiel.de> Message-ID: <000b01c509cf$df716cc0$050314ac@rip> greeting i had some problems with WDS between XI-626 and Ovislink 1120AP. However i have several WDS lines between Xi626 on hostap. Did anyone here made WDS link between Hostap and WL1120AP ? thanks for info tomas From gbur at informatik.uni-rostock.de Thu Feb 3 04:26:05 2005 From: gbur at informatik.uni-rostock.de (Gunter Burchardt) Date: Thu, 3 Feb 2005 10:26:05 +0100 Subject: Porting hostapd to a completely new (closed source :-( ) driver In-Reply-To: <1434676766.20050203090052@adelix.com> References: <328904850.20050202102628@adelix.com> <1434676766.20050203090052@adelix.com> Message-ID: <20050203092605.GC14883@informatik.uni-rostock.de> > Anyone? I can't believe that there is no documentation on the > wifi-driver<->hostapd API? There is no documentation for this API. This api is in most cases self explaining. Simply take driver_madwifi for your driver. madwifi has its own 802.11 handling too. If you have questions ask here. I will help you. regards gunter From romanol at upco.es Thu Feb 3 04:51:15 2005 From: romanol at upco.es (Romano Giannetti) Date: Thu, 3 Feb 2005 10:51:15 +0100 Subject: ndiswrapper rtl8180 + IEEE802.1x PEAP/MSCHAPv2 success: thanks to everybody! Message-ID: <20050203095115.GA13672@pern.dea.icai.upco.es> Hi, I simply would like to thanks all people on the lists, and especially Giridar and Jouni for the help given, and to say that I finally managed to connect to my wireless net. This net is a Cisco-based wireless, with PEAP/MSCHAPv2 authentication and dynamic WEP keys, and I am said that it is a quite widespread configuration. So, I jotted down some note here: http://www.dea.icai.upco.es/romano/linux/wireless.html which I hope could be helpful to somebody, as a (little) give-back for the help received. Thanks again, have a nice day, Romano -- Romano Giannetti - Univ. Pontificia Comillas (Madrid, Spain) Electronic Engineer - phone +34 915 422 800 ext 2416 fax +34 915 596 569 From dan at adelix.com Thu Feb 3 10:15:59 2005 From: dan at adelix.com (Dan Searle) Date: Thu, 3 Feb 2005 15:15:59 +0000 Subject: Porting hostapd to a completely new (closed source :-( ) driver In-Reply-To: <20050203092605.GC14883@informatik.uni-rostock.de> References: <328904850.20050202102628@adelix.com> <1434676766.20050203090052@adelix.com> <20050203092605.GC14883@informatik.uni-rostock.de> Message-ID: <943683323.20050203151559@adelix.com> Hi, The new driver does not have any IOCTL support for the hostapd interface yet, so... I see that the driver_madwifi.c includes the net80211 header files ieee80211.h, ieee80211_ioctl.h and ieee80211_crypto.h. Are the IOCTLs defined in these headers standard, or are they Atheros specific? What I'm getting at is, would it be best if the kernel driver for this proprietary radio card was adapted to provide the same IOCTLs and Netlink socket as outlined in the net80211 header files from the madwifi sources? Or would it be better to implement a completely new driver_xxx.c abstraction layer for the hostapd to interface with propriotry IOCTLs which already exist in our proprietary wifi driver? I'll admit I'm a bit confused. Regards, Dan... Thursday, February 3, 2005, 9:26:05 AM, you wrote: >> Anyone? I can't believe that there is no documentation on the >> wifi-driver<->hostapd API? > There is no documentation for this API. This api is in most cases self explaining. > Simply take driver_madwifi for your driver. madwifi has its own 802.11 > handling too. If you have questions ask here. I will help you. > regards > gunter > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > This message has been scanned for viruses by MailController - www.MailController.altohiway.com -- Dan Searle Adelix Ltd dan.searle at adelix.com web: www.adelix.com tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. Any views expressed in this email communication are those of the individual sender, except where the sender specifically states them to be the views of a member of Adelix Ltd. Adelix Ltd. does not represent, warrant or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors or interference. From gbur at informatik.uni-rostock.de Thu Feb 3 11:34:45 2005 From: gbur at informatik.uni-rostock.de (Gunter Burchardt) Date: Thu, 3 Feb 2005 17:34:45 +0100 Subject: Porting hostapd to a completely new (closed source :-( ) driver In-Reply-To: <943683323.20050203151559@adelix.com> References: <328904850.20050202102628@adelix.com> <1434676766.20050203090052@adelix.com> <20050203092605.GC14883@informatik.uni-rostock.de> <943683323.20050203151559@adelix.com> Message-ID: <20050203163445.GD14883@informatik.uni-rostock.de> > Hi, > > The new driver does not have any IOCTL support for the hostapd > interface yet, so... I see that the driver_madwifi.c includes the > net80211 header files ieee80211.h, ieee80211_ioctl.h and > ieee80211_crypto.h. Are the IOCTLs defined in these headers standard, > or are they Atheros specific? Linux has standard IOCTRLs which work on each card. But there are some private IOCTRLs which are driver dependend. Some of these IOCTRLs are used in hostapd to communicate with madwifi driver. To use these private IOCTRLs hosapd has to include header files of madwifi. Another way to communicate with kernel space are netlink messages. For wireless there are special netlink messages defined in wireless-extensions. Especialy to inform hostapd that a station appears and disappears netlinkmessages are used. > What I'm getting at is, would it be best if the kernel driver for this > proprietary radio card was adapted to provide the same IOCTLs and > Netlink socket as outlined in the net80211 header files from the > madwifi sources? Or would it be better to implement a completely new > driver_xxx.c abstraction layer for the hostapd to interface with > propriotry IOCTLs which already exist in our proprietary wifi driver? Well, its on you how you will implement it. For the way from driver to hostapd (station or leave, replay detection, etc) netlinkmessages are best choise. To set things in driver from hostapd (setting keys, (de)authorize stations, etc) IOCTRLs are ok. > I'll admit I'm a bit confused. I hope i could help. regards gunter From malk at sidehack.sat.gweep.net Thu Feb 3 12:15:44 2005 From: malk at sidehack.sat.gweep.net (malk at sidehack.sat.gweep.net) Date: Thu, 3 Feb 2005 12:15:44 -0500 (EST) Subject: Success: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant Message-ID: <20050203171544.47007.qmail@sidehack.sat.gweep.net> Let's try again w/ the right e-mail list addr :) Forwarded message: > From malk Thu Feb 3 01:01:16 2005 > Message-ID: <20050203060115.90982.qmail at sidehack.sat.gweep.net> > From: malk at sidehack.sat.gweep.net > Subject: Success: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant > To: hostap at schmoo.com > Date: Thu, 3 Feb 2005 01:01:15 -0500 (EST) > Cc: malk at gweep.net > X-Mailer: ELM [version 2.5 PL6] > MIME-Version: 1.0 > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > > As the subject says, I've got hostapd 0.3.5 latest devel release working > with madwifi (02/01/2005 CVS sync) with EAP-PEAP/MSCHAPv2 with the built > in 802.1x auth w/ Windows XP pro client. I'm supplying a > username/password/domain (the test one under phase 2 of the eapusers > config file) to authenticate and I've got WEP broadcast and unicast > re-keying active (changing keys every minute) and from the logging it > all seems to be working just fine. > > I couldn't get the WinXP client to authenticate with MSCHAPv2 w/ only a > username and password -- it seems I need to supply a DOMAIN for auth > to work. > > Correct me if I'm wrong, but this should be pretty secure -- the 128 bit > WEP keys are changing every minute for traffic, and the 802.1x auth EAP > packets are tunneled in PEAP which are exchanged in an SSL style manner? > (hence a "tunnel" like setup) > > Plus the password within the PEAP SSL encryption is MSCHAPv2 so yet > another layer of auth security -- pretty tough to break the SSL session > plus the MSCHAPv2 to get the credentials. > > Seems if someone breaks a WEP key, it's only good until the next re-key > which I've configured for 60 seconds. I would think it would be impractical > to try and break in and use the network... > > Way cool ... I'm hoping I'll have time to get the radius based setup working. > Since the internal authenticater is new I thought I report success. > > -Eric Malkowski > From romanol at upco.es Thu Feb 3 12:32:43 2005 From: romanol at upco.es (Romano Giannetti) Date: Thu, 3 Feb 2005 18:32:43 +0100 Subject: Success: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant In-Reply-To: <20050203171544.47007.qmail@sidehack.sat.gweep.net> References: <20050203171544.47007.qmail@sidehack.sat.gweep.net> Message-ID: <20050203173243.GA28819@pern.dea.icai.upco.es> On Thu, Feb 03, 2005 at 12:15:44PM -0500, malk at sidehack.sat.gweep.net wrote: > > > > I couldn't get the WinXP client to authenticate with MSCHAPv2 w/ only a > > username and password -- it seems I need to supply a DOMAIN for auth > > to work. > > Maybe this is a shot in the dark, but the network configuration here is that domain and username of WinXP client is completely equivalente to an "identity" of "domain\username" (separated by a backslash) for wpa_supplicant. I do not know if it's a standard or just us. Romano -- Romano Giannetti - Univ. Pontificia Comillas (Madrid, Spain) Electronic Engineer - phone +34 915 422 800 ext 2416 fax +34 915 596 569 From W20040 at motorola.com Fri Feb 4 02:37:55 2005 From: W20040 at motorola.com (SHI YU-SONG-W20040) Date: Fri, 4 Feb 2005 15:37:55 +0800 Subject: which companies provide Licensed WPA supplicant? Message-ID: Hi,all: Would anyone pls tell me the vendor's information of wpa supplicant? Which companies provide licensed WPA supplicant? Thanks Yusong From dan at adelix.com Fri Feb 4 03:36:02 2005 From: dan at adelix.com (Dan Searle) Date: Fri, 4 Feb 2005 08:36:02 +0000 Subject: which companies provide Licensed WPA supplicant? In-Reply-To: References: Message-ID: <9010508592.20050204083602@adelix.com> Hi, There's the Funk Software Odyssey client and the Meeting House software from Aegis. Both commercial Win32 802.1x/WPA/WPA2 supplicants. Dan... Friday, February 4, 2005, 7:37:55 AM, you wrote: > Hi,all: > Would anyone pls tell me the vendor's information of wpa > supplicant? Which companies provide licensed WPA supplicant? > Thanks > Yusong > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > This message has been scanned for viruses by MailController - www.MailController.altohiway.com -- Dan Searle Adelix Ltd dan.searle at adelix.com web: www.adelix.com tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. Any views expressed in this email communication are those of the individual sender, except where the sender specifically states them to be the views of a member of Adelix Ltd. Adelix Ltd. does not represent, warrant or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors or interference. From maccari-thisaintpartofmyaddress- at lenst.det.unifi.it Fri Feb 4 10:16:18 2005 From: maccari-thisaintpartofmyaddress- at lenst.det.unifi.it (Leonardo Maccari) Date: Fri, 4 Feb 2005 16:16:18 +0100 Subject: portStatus variable Message-ID: <20050204151618.GA7334@lenst.det.unifi.it> I've noticed that in the supplicant, the state variable suppPortStatus is implemented as a variable of the state machine, while in the authenticator authPortStatus is set using a call from the driver interface: from driver.h static inline int hostapd_set_sta_authorized(struct hostapd_data *hapd, u8 *addr, int authorized) { if (hapd->driver == NULL || hapd->driver->set_sta_authorized == NULL) return 0; return hapd->driver->set_sta_authorized(hapd->driver, addr, authorized); } so actually the set_sta_authorized looks like setting the portStatus variable of 802.1X, and not just authPortStatus, am I right? I'm porting some code from the authenticator to the supplicant, still it is messed code, when it takes a better form and starts workin, should I just post the patches? ciao, leonardo. -- Key fingerprint = 3129 C583 F03B 2E73 0115 C040 3489 0185 B592 19FE Obviously -thisaintpartofmyaddress- is not part of my real email address From crdobbs at eracew.net Fri Feb 4 15:28:29 2005 From: crdobbs at eracew.net (Christopher Dobbs) Date: Fri, 04 Feb 2005 12:28:29 -0800 Subject: SuSE 9.1 Problems Message-ID: <4203DAED.5090407@eracew.net> I am running SuSE 9.1. When I try to use the hostap driver with a PCI card, The computer starts having problems. The mechine does not lock up per say, because i can still log in, but if I try to do anything with the network settings (Wireless or other), The application just hangs. The orinoco driver will load correctly and I can use it, but I need to use the hostap driver with these cards (orinoco driver wont let me flash the fw on the card) I get no error messages when loading the module, but modprobe never returns. Any help I can get would be helpfull. -- Christopher Dobbs From crdobbs at eracew.net Fri Feb 4 17:12:19 2005 From: crdobbs at eracew.net (Christopher Dobbs) Date: Fri, 04 Feb 2005 14:12:19 -0800 Subject: SuSE 9.1 Problems In-Reply-To: <4203DAED.5090407@eracew.net> References: <4203DAED.5090407@eracew.net> Message-ID: <4203F343.2050807@eracew.net> Also, something I forgot to mention, lsmod, and any further insmods fail to produce any output and fail to exit. ctrl-c wont kill any of the locked up procedures. I have tried this with the standard SuSE 9.1 kernel and with linux 2.6.10. -- Christopher Dobbs Christopher Dobbs wrote: > I am running SuSE 9.1. > > When I try to use the hostap driver with a PCI card, The computer > starts having problems. > > The mechine does not lock up per say, because i can still log in, > but if I try to do anything with the network settings (Wireless or > other), > The application just hangs. > > The orinoco driver will load correctly and I can use it, but I need to > use the hostap driver > with these cards (orinoco driver wont let me flash the fw on the card) > > I get no error messages when loading the module, but modprobe never > returns. > > Any help I can get would be helpfull. > > -- > Christopher Dobbs > > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap From jkmaline at cc.hut.fi Fri Feb 4 23:30:08 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Fri, 4 Feb 2005 20:30:08 -0800 Subject: patch for hostap-driver Makefile In-Reply-To: <41FEF80B.1020604@divsol.com> References: <41FEF80B.1020604@divsol.com> Message-ID: <20050205043008.GC9685@jm.kir.nu> On Mon, Jan 31, 2005 at 08:31:23PM -0700, Jim Cromie wrote: > this patch works-for-me, > its based upon whats done in ndiswrapper, > I think its the modern way of doing things now. > > It will still work the old way if you do this.. > KERNEL_PATH=/usr/src/linux make Thanks, applied. -- Jouni Malinen PGP id EFC895FA From ndhegde at yahoo.com Sat Feb 5 00:37:22 2005 From: ndhegde at yahoo.com (nikhil hegde) Date: Fri, 4 Feb 2005 21:37:22 -0800 (PST) Subject: power management using iwconfig In-Reply-To: <20050117213325.CB48438F79@mail.iocaine.com> Message-ID: <20050205053722.8041.qmail@web53109.mail.yahoo.com> Hi, I am using a US Robotics card with hostap driver(0.2.4).I want to accept only broadcast/multicast packets for some particular time. I tried iwconfig wlan0 power multicast "Error for wireless request "Set Power Management" (8B2C) : SET failed on device wlan0 ; Invalid argument." I get the above error.Could anyone please help me in getting over this problem? thanks and regards Nikhil __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From ognjen at mailshack.com Sat Feb 5 07:11:49 2005 From: ognjen at mailshack.com (Ognjen Bezanov) Date: Sat, 05 Feb 2005 12:11:49 +0000 Subject: Wireless drops out and takes all bridged interfaces with it Message-ID: <4204B805.5070808@mailshack.com> Hi all, I am running hostap-0.2.6 with kernel 2.6.2 (only kernel i could get it working with) and i find that when the wireless if being heavily used (i.e. almost all of its bandwidth is used up for greater then 4 minutes) the wireless will drop out, no clients can connect to the access point, and all nodes on the wired network cannot connect to the server (via 10mbit interface briged with the wireless), the only way to fix this is to reboot the pc. This time round i got something out of dmesg: wifi0: STA 00:40:96:5a:50:fa did not ACK activity poll frame wifi0: sending disassociation info to STA 00:40:96:5a:50:fa(last=55804583, jiffies=56105583) wifi0: sending deauthentication info to STA 00:40:96:5a:50:fa(last=55804583, jiffies=56106583) wifi0: Could not find STA 00:40:96:5a:50:fa for this TX error (@56106594) ================ After this I couldnt access the wireless (but for once the bridged 10mbit link was still up) What could have caused this? is it a hostap, kernel or client caused error? From coert.vonk at gmail.com Sat Feb 5 23:09:33 2005 From: coert.vonk at gmail.com (Coert Vonk) Date: Sat, 5 Feb 2005 20:09:33 -0800 Subject: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant Message-ID: <5f5c317a050205200979900eb7@mail.gmail.com> I have been trying to get the following config working: - todays (2/5/2005 CVS) for madwifi and hostapd - Windows XP Pro SP2 client (802.1x, PEAP/MSCHAPv2) The last debug messages show that it is sending an EAPoL, but it never receives a reply. My AP is an embedded (soekris-like) box with not enough memory to spare for tcpdump. I have not been able to find a debug switch to enable debugging in WinXP. I do see "invalid nwid" count on the iwconfig, but I am not sure if this is related IEEE 802.1X: 00:90:4b:2f:6e:d4 AUTH_PAE entering state CONNECTING IEEE 802.1X: 00:90:4b:2f:6e:d4 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:90:4b:2f:6e:d4 AUTH_PAE entering state AUTHENTICATING IEEE 802.1X: 00:90:4b:2f:6e:d4 BE_AUTH entering state REQUEST IEEE 802.1X: Sending EAP Packet to 00:90:4b:2f:6e:d4 (identifier 194) TX EAPOL - hexdump(len=23): 00 90 4b 2f 6e d4 00 02 6f 21 df ff 88 8e 02 00 00 05 01 c2 00 05 01 IEEE 802.1X: 00:90:4b:2f:6e:d4 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:90:4b:2f:6e:d4 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:90:4b:2f:6e:d4 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:90:4b:2f:6e:d4 Port Timers TICK (timers: 0 0 3599) Can someone send a working configuration file for this? Do I need patches that are not in CVS yet? thx, /coert > From: malk at sidehack.sat.gweep.net > Subject: Success: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant > Date: Thu, 3 Feb 2005 01:01:15 -0500 (EST) > > As the subject says, I've got hostapd 0.3.5 latest devel release working > with madwifi (02/01/2005 CVS sync) with EAP-PEAP/MSCHAPv2 with the built > in 802.1x auth w/ Windows XP pro client. I'm supplying a > username/password/domain (the test one under phase 2 of the eapusers > config file) to authenticate and I've got WEP broadcast and unicast > re-keying active (changing keys every minute) and from the logging it > all seems to be working just fine. > > I couldn't get the WinXP client to authenticate with MSCHAPv2 w/ only a > username and password -- it seems I need to supply a DOMAIN for auth > to work. > > Correct me if I'm wrong, but this should be pretty secure -- the 128 bit > WEP keys are changing every minute for traffic, and the 802.1x auth EAP > packets are tunneled in PEAP which are exchanged in an SSL style manner? > (hence a "tunnel" like setup) > > Plus the password within the PEAP SSL encryption is MSCHAPv2 so yet > another layer of auth security -- pretty tough to break the SSL session > plus the MSCHAPv2 to get the credentials. > > Seems if someone breaks a WEP key, it's only good until the next re-key > which I've configured for 60 seconds. I would think it would be impractical > to try and break in and use the network... > > Way cool ... I'm hoping I'll have time to get the radius based setup working. > Since the internal authenticater is new I thought I report success. > > -Eric Malkowski From gangis at gmail.com Sun Feb 6 14:12:03 2005 From: gangis at gmail.com (Craig L) Date: Sun, 6 Feb 2005 19:12:03 +0000 Subject: wpa_supplicant associates but dhcpcd cannot get IP address Message-ID: <95a7962e050206111251b1c481@mail.gmail.com> Hello, I've tried browsing the list archives and while I've found similar issues with the same setup (D-Link G650 (atheros), madwifi and wpa_supplicant) none of them reported the same issues I'm having now. wpa_supplicant (with the -dd flag turned on, output below) seems to be able to associate with my AP (essid "hinatasou") but dhcpcd fails to get an IP. Here are the workarounds I've tried: 1) Tried latest stable, developmental and CVS versions of ndiswrapper. None of them worked. 2) Ditched ndiswrapper and went for madwifi, tried the developmental and CVS version, same result. 3) Tried both the stable and developmental versions of wpa_supplicant. I can't help but feel that it's something wrong with how I have wpa_supplicant set up. It's possible that dhcpcd is the culprit, but I'm not sure if that's very likely. My system: Toshiba Satellite 1135-S155 Gentoo Linux 2.6.10-r7 with custom kernel #################################################### OUTPUT OF WPA_SUPPLICANT AND DHCPCD #################################################### Initializing interface 'ath0' conf '/etc/wpa_supplicant.conf' driver 'default' Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' eapol_version=1 ap_scan=2 fast_reauth=1 Line: 8 - start of a new network block ssid - hexdump_ascii(len=9): 68 69 6e 61 74 61 73 6f 75 hinatasou pairwise: 0x18 group: 0x1e PSK (ASCII passphrase) - hexdump_ascii(len=15): [REMOVED] key_mgmt: 0x2 priority=5 (0x5) proto: 0x1 PSK (from passphrase) - hexdump(len=32): [REMOVED] Line: 21 - start of a new network block ssid - hexdump_ascii(len=10): 44 69 65 74 72 69 63 68 30 31 Dietrich01 key_mgmt: 0x4 priority=0 (0x0) Line: 27 - start of a new network block ssid - hexdump_ascii(len=3): 75 63 66 ucf key_mgmt: 0x4 Priority group 5 id=0 ssid='hinatasou' Priority group 0 id=1 ssid='Dietrich01' id=2 ssid='ucf' Daemonize.. dhcpcd: MAC address = 00:0f:3d:a0:21:b7 mitsuki-kouyama gangis # ##################################################### CONTENTS OF /ETC/WPA_SUPPLICANT.CONF ##################################################### #ctrl_interface=/var/run/wpa_supplicant #ctrl_interface_group=wheel eapol_version=1 ap_scan=2 fast_reauth=1 # Only WPA-PSK is used. Any valid cipher combination is accepted. network={ ssid="hinatasou" pairwise=CCMP TKIP group=CCMP TKIP WEP104 WEP40 # psk=(hidden) psk="hidden" key_mgmt=WPA-PSK priority=5 proto=WPA } # Plaintext connection (no WPA, no IEEE 802.1X) network={ ssid="Dietrich01" key_mgmt=NONE priority=0 } network={ ssid="ucf" key_mgmt=NONE } ##################################################### CONTENTS OF /ETC/CONF.D/NET.ATH0 ##################################################### # /etc/conf.d/wireless: # Global wireless config file for net.* rc-scripts modules=( "wpa_supplicant" "!iwconfig" ) wpa_supplicant_ath0="-dd" preferred_aps=( "hinatasou" "ucf" "Dietrich01" ) associate_order="any" ##################################################### Whew... I think I covered everything... I hope. Well, I hope all this information will be able to help you guys figure out this issue. Any help would be greatly appreciated. Thank you very much! -Craig From jkmaline at cc.hut.fi Sun Feb 6 14:29:22 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sun, 6 Feb 2005 11:29:22 -0800 Subject: wpa_supplicant associates but dhcpcd cannot get IP address In-Reply-To: <95a7962e050206111251b1c481@mail.gmail.com> References: <95a7962e050206111251b1c481@mail.gmail.com> Message-ID: <20050206192922.GL8386@jm.kir.nu> On Sun, Feb 06, 2005 at 07:12:03PM +0000, Craig L wrote: > Initializing interface 'ath0' conf '/etc/wpa_supplicant.conf' driver 'default' > Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' > Reading configuration file '/etc/wpa_supplicant.conf' > eapol_version=1 > ap_scan=2 Please re-test with ap_scan=1 (the default value). I don't think madwifi driver or driver interface in wpa_supplicant work with ap_scan=2. If this does not work, please run wpa_supplicant manually with debugging enabled (-dd) and without daemonizing it so that you can get full debug log. -- Jouni Malinen PGP id EFC895FA From gangis at gmail.com Sun Feb 6 14:43:21 2005 From: gangis at gmail.com (Craig L) Date: Sun, 6 Feb 2005 14:43:21 -0500 Subject: wpa_supplicant associates but dhcpcd cannot get IP address In-Reply-To: <20050206192922.GL8386@jm.kir.nu> References: <95a7962e050206111251b1c481@mail.gmail.com> <20050206192922.GL8386@jm.kir.nu> Message-ID: <95a7962e05020611435dda4365@mail.gmail.com> Jouni, Apparently changing ap_scan to 1 and not letting it daemonize worked. I shut it off, added the -Bw switch to let it daemonize and I'm still experiencing the same issue. I then removed -Bw and tried again. It apparently worked. From what I'm seeing, it only works if wpa_supplicant doesn't run as a daemon. Any ideas? Thank you very much! On Sun, 6 Feb 2005 11:29:22 -0800, Jouni Malinen wrote: > On Sun, Feb 06, 2005 at 07:12:03PM +0000, Craig L wrote: > > > Initializing interface 'ath0' conf '/etc/wpa_supplicant.conf' driver 'default' > > Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' > > Reading configuration file '/etc/wpa_supplicant.conf' > > eapol_version=1 > > ap_scan=2 > > Please re-test with ap_scan=1 (the default value). I don't think madwifi > driver or driver interface in wpa_supplicant work with ap_scan=2. If > this does not work, please run wpa_supplicant manually with debugging > enabled (-dd) and without daemonizing it so that you can get full debug > log. > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > From coert.vonk at gmail.com Sun Feb 6 15:03:47 2005 From: coert.vonk at gmail.com (Coert Vonk) Date: Sun, 6 Feb 2005 12:03:47 -0800 Subject: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant In-Reply-To: <5f5c317a050205200979900eb7@mail.gmail.com> References: <5f5c317a050205200979900eb7@mail.gmail.com> Message-ID: <5f5c317a05020612036d5a4d3@mail.gmail.com> I got a little further along by applying the tmp patch mentioned in http://sourceforge.net/mailarchive/message.php?msg_id=10728087 Still, the authentication failes, as shown in the trace from hostapd: EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 02 EAP-TLV: Result TLV - hexdump(len=2): 00 02 EAP-TLV: TLV Result - Failure - requested Failure EAP-PEAP: PHASE2_TLV -> FAILURE I found a bug fix for the WinXP/SP2 client that they want you to pay for: http://support.microsoft.com/?kbid=885453 Is there another way to making this work? thanks Coert On Sat, 5 Feb 2005 20:09:33 -0800, Coert Vonk wrote: > I have been trying to get the following config working: > - todays (2/5/2005 CVS) for madwifi and hostapd > - Windows XP Pro SP2 client (802.1x, PEAP/MSCHAPv2) > > The last debug messages show that it is sending an EAPoL, but it never > receives a reply. My AP is an embedded (soekris-like) box with not > enough memory to spare for tcpdump. I have not been able to find a > debug switch to enable debugging in WinXP. I do see "invalid nwid" > count on the iwconfig, but I am not sure if this is related > > IEEE 802.1X: 00:90:4b:2f:6e:d4 AUTH_PAE entering state CONNECTING > IEEE 802.1X: 00:90:4b:2f:6e:d4 REAUTH_TIMER entering state INITIALIZE > IEEE 802.1X: 00:90:4b:2f:6e:d4 AUTH_PAE entering state AUTHENTICATING > IEEE 802.1X: 00:90:4b:2f:6e:d4 BE_AUTH entering state REQUEST > IEEE 802.1X: Sending EAP Packet to 00:90:4b:2f:6e:d4 (identifier 194) > TX EAPOL - hexdump(len=23): 00 90 4b 2f 6e d4 00 02 6f 21 df ff 88 8e > 02 00 00 05 01 c2 00 05 01 > IEEE 802.1X: 00:90:4b:2f:6e:d4 REAUTH_TIMER entering state INITIALIZE > IEEE 802.1X: 00:90:4b:2f:6e:d4 REAUTH_TIMER entering state INITIALIZE > IEEE 802.1X: 00:90:4b:2f:6e:d4 REAUTH_TIMER entering state INITIALIZE > IEEE 802.1X: 00:90:4b:2f:6e:d4 Port Timers TICK (timers: 0 0 3599) > > Can someone send a working configuration file for this? Do I need > patches that are not in CVS yet? > > thx, > /coert > > > From: malk at sidehack.sat.gweep.net > > Subject: Success: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant > > Date: Thu, 3 Feb 2005 01:01:15 -0500 (EST) > > > > As the subject says, I've got hostapd 0.3.5 latest devel release working > > with madwifi (02/01/2005 CVS sync) with EAP-PEAP/MSCHAPv2 with the built > > in 802.1x auth w/ Windows XP pro client. I'm supplying a > > username/password/domain (the test one under phase 2 of the eapusers > > config file) to authenticate and I've got WEP broadcast and unicast > > re-keying active (changing keys every minute) and from the logging it > > all seems to be working just fine. > > > > I couldn't get the WinXP client to authenticate with MSCHAPv2 w/ only a > > username and password -- it seems I need to supply a DOMAIN for auth > > to work. > > > > Correct me if I'm wrong, but this should be pretty secure -- the 128 bit > > WEP keys are changing every minute for traffic, and the 802.1x auth EAP > > packets are tunneled in PEAP which are exchanged in an SSL style manner? > > (hence a "tunnel" like setup) > > > > Plus the password within the PEAP SSL encryption is MSCHAPv2 so yet > > another layer of auth security -- pretty tough to break the SSL session > > plus the MSCHAPv2 to get the credentials. > > > > Seems if someone breaks a WEP key, it's only good until the next re-key > > which I've configured for 60 seconds. I would think it would be impractical > > to try and break in and use the network... > > > > Way cool ... I'm hoping I'll have time to get the radius based setup working. > > Since the internal authenticater is new I thought I report success. > > > > -Eric Malkowski > From imcdnzl at gmail.com Sun Feb 6 15:25:16 2005 From: imcdnzl at gmail.com (Ian McDonald) Date: Mon, 7 Feb 2005 09:25:16 +1300 Subject: wpa_supplicant associates but dhcpcd cannot get IP address In-Reply-To: <95a7962e05020611435dda4365@mail.gmail.com> References: <95a7962e050206111251b1c481@mail.gmail.com> <20050206192922.GL8386@jm.kir.nu> <95a7962e05020611435dda4365@mail.gmail.com> Message-ID: >From a previous thread it was suggested to use dhclient to get an IP address after wpa_supplicant started successfully. I have a similar problem but I haven't yet tested - I just resorted to putting in a static IP address which is a nasty hack... On Sun, 6 Feb 2005 14:43:21 -0500, Craig L wrote: > Jouni, > > Apparently changing ap_scan to 1 and not letting it daemonize worked. > I shut it off, added the -Bw switch to let it daemonize and I'm still > experiencing the same issue. I then removed -Bw and tried again. It > apparently worked. From what I'm seeing, it only works if > wpa_supplicant doesn't run as a daemon. Any ideas? Thank you very > much! > > > On Sun, 6 Feb 2005 11:29:22 -0800, Jouni Malinen wrote: > > On Sun, Feb 06, 2005 at 07:12:03PM +0000, Craig L wrote: > > > > > Initializing interface 'ath0' conf '/etc/wpa_supplicant.conf' driver 'default' > > > Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' > > > Reading configuration file '/etc/wpa_supplicant.conf' > > > eapol_version=1 > > > ap_scan=2 > > > > Please re-test with ap_scan=1 (the default value). I don't think madwifi > > driver or driver interface in wpa_supplicant work with ap_scan=2. If > > this does not work, please run wpa_supplicant manually with debugging > > enabled (-dd) and without daemonizing it so that you can get full debug > > log. > > > > -- > > Jouni Malinen PGP id EFC895FA > > _______________________________________________ > > HostAP mailing list > > HostAP at shmoo.com > > http://lists.shmoo.com/mailman/listinfo/hostap > > > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > From jkmaline at cc.hut.fi Sun Feb 6 15:29:00 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sun, 6 Feb 2005 12:29:00 -0800 Subject: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant In-Reply-To: <5f5c317a05020612036d5a4d3@mail.gmail.com> References: <5f5c317a050205200979900eb7@mail.gmail.com> <5f5c317a05020612036d5a4d3@mail.gmail.com> Message-ID: <20050206202900.GM8386@jm.kir.nu> On Sun, Feb 06, 2005 at 12:03:47PM -0800, Coert Vonk wrote: > I got a little further along by applying the tmp patch mentioned in > http://sourceforge.net/mailarchive/message.php?msg_id=10728087 > > Still, the authentication failes, as shown in the trace from hostapd: > EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 02 > EAP-TLV: Result TLV - hexdump(len=2): 00 02 > EAP-TLV: TLV Result - Failure - requested Failure > EAP-PEAP: PHASE2_TLV -> FAILURE > > I found a bug fix for the WinXP/SP2 client that they want you to pay for: > http://support.microsoft.com/?kbid=885453 Could you please send a bit more complete debug log from hostapd (i.e., what happened before this)? I have been able to authenticate successfully with the intergrated EAP-PEAP/MSCHAPv2 in hostapd using WinXP SP2. Then again, I may already have that hotfix applied since I use a newer test version of the WinXP supplicant in most tests. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Sun Feb 6 15:32:48 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sun, 6 Feb 2005 12:32:48 -0800 Subject: wpa_supplicant associates but dhcpcd cannot get IP address In-Reply-To: <95a7962e05020611435dda4365@mail.gmail.com> References: <95a7962e050206111251b1c481@mail.gmail.com> <20050206192922.GL8386@jm.kir.nu> <95a7962e05020611435dda4365@mail.gmail.com> Message-ID: <20050206203248.GN8386@jm.kir.nu> On Sun, Feb 06, 2005 at 02:43:21PM -0500, Craig L wrote: > Apparently changing ap_scan to 1 and not letting it daemonize worked. > I shut it off, added the -Bw switch to let it daemonize and I'm still > experiencing the same issue. I then removed -Bw and tried again. It > apparently worked. From what I'm seeing, it only works if > wpa_supplicant doesn't run as a daemon. Any ideas? Thank you very > much! Hmm.. Works for me with -wq.. Then again, I'm using Host AP driver and my own changes in /etc/pcmcia/wireless to start wpa_supplicant and allow Gentoo network scripts to start dhcpcd. -- Jouni Malinen PGP id EFC895FA From gangis at gmail.com Sun Feb 6 15:46:41 2005 From: gangis at gmail.com (Craig L) Date: Sun, 6 Feb 2005 15:46:41 -0500 Subject: wpa_supplicant associates but dhcpcd cannot get IP address In-Reply-To: <20050206203248.GN8386@jm.kir.nu> References: <95a7962e050206111251b1c481@mail.gmail.com> <20050206192922.GL8386@jm.kir.nu> <95a7962e05020611435dda4365@mail.gmail.com> <20050206203248.GN8386@jm.kir.nu> Message-ID: <95a7962e05020612466ed3bb01@mail.gmail.com> Wow. Adding -wq and then letting it daemonize solved the problem perfectly! Thanks a bunch for your help. :D Cheers, Craig On Sun, 6 Feb 2005 12:32:48 -0800, Jouni Malinen wrote: > On Sun, Feb 06, 2005 at 02:43:21PM -0500, Craig L wrote: > > > Apparently changing ap_scan to 1 and not letting it daemonize worked. > > I shut it off, added the -Bw switch to let it daemonize and I'm still > > experiencing the same issue. I then removed -Bw and tried again. It > > apparently worked. From what I'm seeing, it only works if > > wpa_supplicant doesn't run as a daemon. Any ideas? Thank you very > > much! > > Hmm.. Works for me with -wq.. Then again, I'm using Host AP driver and > my own changes in /etc/pcmcia/wireless to start wpa_supplicant and allow > Gentoo network scripts to start dhcpcd. > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > From jkmaline at cc.hut.fi Sun Feb 6 16:00:10 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sun, 6 Feb 2005 13:00:10 -0800 Subject: wpa_supplicant associates but dhcpcd cannot get IP address In-Reply-To: <95a7962e05020612466ed3bb01@mail.gmail.com> References: <95a7962e050206111251b1c481@mail.gmail.com> <20050206192922.GL8386@jm.kir.nu> <95a7962e05020611435dda4365@mail.gmail.com> <20050206203248.GN8386@jm.kir.nu> <95a7962e05020612466ed3bb01@mail.gmail.com> Message-ID: <20050206210010.GO8386@jm.kir.nu> On Sun, Feb 06, 2005 at 03:46:41PM -0500, Craig L wrote: > Wow. Adding -wq and then letting it daemonize solved the problem > perfectly! Thanks a bunch for your help. :D That was actually a typo ;-). It was supposed to be -Bw that I'm actually using in the start script.. Did I understand correctly: 'wpa_supplicant -Bw ...' does not work, but 'wpa_supplicant -w ... &' works? -- Jouni Malinen PGP id EFC895FA From gangis at gmail.com Sun Feb 6 16:54:19 2005 From: gangis at gmail.com (Craig L) Date: Sun, 6 Feb 2005 16:54:19 -0500 Subject: wpa_supplicant associates but dhcpcd cannot get IP address In-Reply-To: <20050206210010.GO8386@jm.kir.nu> References: <95a7962e050206111251b1c481@mail.gmail.com> <20050206192922.GL8386@jm.kir.nu> <95a7962e05020611435dda4365@mail.gmail.com> <20050206203248.GN8386@jm.kir.nu> <95a7962e05020612466ed3bb01@mail.gmail.com> <20050206210010.GO8386@jm.kir.nu> Message-ID: <95a7962e05020613547f7cb468@mail.gmail.com> Heh, funny how things work out, eh? ;) Yes, I dropped the B and went with -w and it works good so far. One issue I just noticed that I haven't tackled yet: On bootup it goes something like this: Starting ath0 [ok] Starting wpa_supplicant on ath0 ... /etc/wpa_supplicant.conf must set ctrl_interface=/var/run/wpa_supplicant [!!] And when I uncomment that line: Starting ath0 [ok] Starting wpa_supplicant on ath0 ... Line 1: Invalid configuration line 'ctrl_interface=/var/run/wpa_supplicant'. Failed to read configuration file '/etc/wpa_supplicant.conf'. [!!] Sorta contradicts itself, eh? I'm using the latest CVS version, which apparently works better than the 3.6 developmental release that's on the site. And here's the funny thing... If I comment out that particular line in /etc/wpa_supplicant.conf and execute it in the command line, it works perfectly without any complaints, dhcpcd grabs an IP and wpa_supplicant daemonizes. Weird, huh? It's not that pressing of an issue, I don't mind executing my script 'wlan-home' by hand everytime I need to use it (for now.) Thanks, Craig On Sun, 6 Feb 2005 13:00:10 -0800, Jouni Malinen wrote: > On Sun, Feb 06, 2005 at 03:46:41PM -0500, Craig L wrote: > > > Wow. Adding -wq and then letting it daemonize solved the problem > > perfectly! Thanks a bunch for your help. :D > > That was actually a typo ;-). It was supposed to be -Bw that I'm > actually using in the start script.. > > Did I understand correctly: > > 'wpa_supplicant -Bw ...' does not work, but > 'wpa_supplicant -w ... &' works? > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > From coert.vonk at gmail.com Sun Feb 6 16:57:32 2005 From: coert.vonk at gmail.com (Coert Vonk) Date: Sun, 6 Feb 2005 13:57:32 -0800 Subject: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant In-Reply-To: <5f5c317a05020613067443a5fe@mail.gmail.com> References: <5f5c317a050205200979900eb7@mail.gmail.com> <5f5c317a05020612036d5a4d3@mail.gmail.com> <20050206202900.GM8386@jm.kir.nu> <5f5c317a05020613067443a5fe@mail.gmail.com> Message-ID: <5f5c317a0502061357e35cbad@mail.gmail.com> Thanks for the reply. Attached are the configuration files and log. Sorry for the delay. My initial reply bounced because the email exceeded 25kB. This time the log file is compressed (use gunzip to uncompress). Coert On Sun, 6 Feb 2005 13:06:49 -0800, Coert Vonk wrote: > I attached the complete log and configuration files. > > Thanks for the reply, > Coert > > On Sun, 6 Feb 2005 12:29:00 -0800, Jouni Malinen wrote: > > On Sun, Feb 06, 2005 at 12:03:47PM -0800, Coert Vonk wrote: > > > > > I got a little further along by applying the tmp patch mentioned in > > > http://sourceforge.net/mailarchive/message.php?msg_id=10728087 > > > > > > Still, the authentication failes, as shown in the trace from hostapd: > > > EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 02 > > > EAP-TLV: Result TLV - hexdump(len=2): 00 02 > > > EAP-TLV: TLV Result - Failure - requested Failure > > > EAP-PEAP: PHASE2_TLV -> FAILURE > > > > > > I found a bug fix for the WinXP/SP2 client that they want you to pay for: > > > http://support.microsoft.com/?kbid=885453 > > > > Could you please send a bit more complete debug log from hostapd (i.e., > > what happened before this)? I have been able to authenticate > > successfully with the intergrated EAP-PEAP/MSCHAPv2 in hostapd using > > WinXP SP2. Then again, I may already have that hotfix applied since I > > use a newer test version of the WinXP supplicant in most tests. > > > > -- > > Jouni Malinen PGP id EFC895FA > > _______________________________________________ > > HostAP mailing list > > HostAP at shmoo.com > > http://lists.shmoo.com/mailman/listinfo/hostap > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: log.gz Type: application/x-gzip Size: 4643 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050206/bdc5ea40/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: hostapd.conf Type: application/octet-stream Size: 605 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050206/bdc5ea40/attachment.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: hostapd.eap_user Type: application/octet-stream Size: 82 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050206/bdc5ea40/attachment-0001.obj From jkmaline at cc.hut.fi Sun Feb 6 18:41:04 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sun, 6 Feb 2005 15:41:04 -0800 Subject: wpa_supplicant associates but dhcpcd cannot get IP address In-Reply-To: <95a7962e05020613547f7cb468@mail.gmail.com> References: <95a7962e050206111251b1c481@mail.gmail.com> <20050206192922.GL8386@jm.kir.nu> <95a7962e05020611435dda4365@mail.gmail.com> <20050206203248.GN8386@jm.kir.nu> <95a7962e05020612466ed3bb01@mail.gmail.com> <20050206210010.GO8386@jm.kir.nu> <95a7962e05020613547f7cb468@mail.gmail.com> Message-ID: <20050206234104.GB8398@jm.kir.nu> On Sun, Feb 06, 2005 at 04:54:19PM -0500, Craig L wrote: > Starting ath0 [ok] > Starting wpa_supplicant on ath0 ... > /etc/wpa_supplicant.conf must set > ctrl_interface=/var/run/wpa_supplicant [!!] I would assume this is something from Gentoo scripts, since I haven't seen it before. > And when I uncomment that line: > > Starting ath0 [ok] > Starting wpa_supplicant on ath0 ... > Line 1: Invalid configuration line 'ctrl_interface=/var/run/wpa_supplicant'. > Failed to read configuration file '/etc/wpa_supplicant.conf'. [!!] Looks like your wpa_supplicant is built without support for the control interface. If you add CONFIG_CTRL_IFACE=y to .config when building wpa_supplicant this should work. > the site. And here's the funny thing... If I comment out that > particular line in /etc/wpa_supplicant.conf and execute it in the > command line, it works perfectly without any complaints, dhcpcd grabs > an IP and wpa_supplicant daemonizes. Weird, huh? It's not that > pressing of an issue, I don't mind executing my script 'wlan-home' by > hand everytime I need to use it (for now.) That's odd.. I need to test the Gentoo start up scripts a some point with madwifi driver. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Sun Feb 6 18:48:17 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sun, 6 Feb 2005 15:48:17 -0800 Subject: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant In-Reply-To: <5f5c317a0502061357e35cbad@mail.gmail.com> References: <5f5c317a050205200979900eb7@mail.gmail.com> <5f5c317a05020612036d5a4d3@mail.gmail.com> <20050206202900.GM8386@jm.kir.nu> <5f5c317a05020613067443a5fe@mail.gmail.com> <5f5c317a0502061357e35cbad@mail.gmail.com> Message-ID: <20050206234817.GC8398@jm.kir.nu> On Sun, Feb 06, 2005 at 01:57:32PM -0800, Coert Vonk wrote: > Thanks for the reply. Attached are the configuration files and log. > Sorry for the delay. My initial reply bounced because the email > exceeded 25kB. This time the log file is compressed (use gunzip to > uncompress). Thanks. It looks like you have configured the phase 2 authentication to use MD5, but the Windows XP supplicant does not support this. Please re-test after replacing MD5 with MSCHAPV2 in hostapd.eap_user. In hostapd log, you can see this failure in negotiation for phase 2 EAP method: hostapd tries MD5: EAP-Identity: Peer identity - hexdump_ascii(len=15): 43 52 4f 58 5c 43 6f 65 72 74 20 56 6f 6e 6b CROX\Coert Vonk EAP-PEAP: PHASE2_ID -> PHASE2_METHOD EAP-PEAP: try EAP type 4 client does not support it, asks for MSCHAPv2: EAP-PEAP: received Phase 2: code=2 identifier=108 length=6 EAP-PEAP: Phase2 type Nak'ed; allowed types - hexdump(len=1): 1a EAP: processing NAK (current EAP method index 1) hostapd was configured not to allow MSCHAPv2 so it rejects authentication (not very clear from the debug log, but that is what is happening here): EAP: list of methods supported by the peer - hexdump(len=1): 1a EAP: new list of configured methods - hexdump(len=8): 04 00 00 00 00 00 00 00 EAP-PEAP: PHASE2_METHOD -> PHASE2_TLV client acknowledges this: EAP-TLV: Result TLV - hexdump(len=2): 00 02 EAP-TLV: TLV Result - Failure - requested Failure -- Jouni Malinen PGP id EFC895FA From gangis at gmail.com Sun Feb 6 20:43:13 2005 From: gangis at gmail.com (Craig L) Date: Mon, 7 Feb 2005 01:43:13 +0000 Subject: wpa_supplicant associates but dhcpcd cannot get IP address In-Reply-To: <20050206234104.GB8398@jm.kir.nu> References: <95a7962e050206111251b1c481@mail.gmail.com> <20050206192922.GL8386@jm.kir.nu> <95a7962e05020611435dda4365@mail.gmail.com> <20050206203248.GN8386@jm.kir.nu> <95a7962e05020612466ed3bb01@mail.gmail.com> <20050206210010.GO8386@jm.kir.nu> <95a7962e05020613547f7cb468@mail.gmail.com> <20050206234104.GB8398@jm.kir.nu> Message-ID: <95a7962e0502061743c57c5a6@mail.gmail.com> I recompiled wpa_supplicant with the extra .config flags that you instructed me to add, and it worked. :D Even associates and gets an IP the first time during bootup. So now I have the net.ath0 like this: modules=( "wpa_supplicant" "!iwconfig" ) wpa_supplicant_ath0="-Dmadwifi -w" It works great, and goes into background even without the -B switch. Thank you Jouni, you've been a great help. Have a good day! :) -Craig On Sun, 6 Feb 2005 15:41:04 -0800, Jouni Malinen wrote: > On Sun, Feb 06, 2005 at 04:54:19PM -0500, Craig L wrote: > > > Starting ath0 [ok] > > Starting wpa_supplicant on ath0 ... > > /etc/wpa_supplicant.conf must set > > ctrl_interface=/var/run/wpa_supplicant [!!] > > I would assume this is something from Gentoo scripts, since I haven't > seen it before. > > > And when I uncomment that line: > > > > Starting ath0 [ok] > > Starting wpa_supplicant on ath0 ... > > Line 1: Invalid configuration line 'ctrl_interface=/var/run/wpa_supplicant'. > > Failed to read configuration file '/etc/wpa_supplicant.conf'. [!!] > > Looks like your wpa_supplicant is built without support for the control > interface. If you add CONFIG_CTRL_IFACE=y to .config when building > wpa_supplicant this should work. > > > the site. And here's the funny thing... If I comment out that > > particular line in /etc/wpa_supplicant.conf and execute it in the > > command line, it works perfectly without any complaints, dhcpcd grabs > > an IP and wpa_supplicant daemonizes. Weird, huh? It's not that > > pressing of an issue, I don't mind executing my script 'wlan-home' by > > hand everytime I need to use it (for now.) > > That's odd.. I need to test the Gentoo start up scripts a some point > with madwifi driver. > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > From jkmaline at cc.hut.fi Sun Feb 6 23:16:45 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sun, 6 Feb 2005 20:16:45 -0800 Subject: Pre-release testing for v0.3.7 Message-ID: <20050207041645.GR8398@jm.kir.nu> I'm planning to change the status of future 0.3.x versions to "stable" and create a new stable branch for these releases. CVS mainline will continue to be used as the development branch with eventual 0.4.x releases. I made a pre-release available for testing before the official 0.3.7 release. All packages are now available for testing from http://hostap.epitest.fi/releases/testing/ My goal is to release 0.3.7 in about a week or so with more or less the same contents as the 0.3.7-pre version. As far as code is concerned, only critical bug fixes and obviously correct fixes are accepted before the next release. Everything else will wait for the creation of the new 0.3.x branch, after which changes will first go through the development branch. After this, some changes may be merged into 0.3.x branch on case by case basis. In other words, now would be a good time to do some final testing so that possibly remaining critical issues can be resolved before the first 0.3.x release from the "stable branch". -- Jouni Malinen PGP id EFC895FA From coert.vonk at gmail.com Mon Feb 7 00:39:54 2005 From: coert.vonk at gmail.com (Coert Vonk) Date: Sun, 6 Feb 2005 21:39:54 -0800 Subject: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant In-Reply-To: <20050206234817.GC8398@jm.kir.nu> References: <5f5c317a050205200979900eb7@mail.gmail.com> <5f5c317a05020612036d5a4d3@mail.gmail.com> <20050206202900.GM8386@jm.kir.nu> <5f5c317a05020613067443a5fe@mail.gmail.com> <5f5c317a0502061357e35cbad@mail.gmail.com> <20050206234817.GC8398@jm.kir.nu> Message-ID: <5f5c317a0502062139344e15ef@mail.gmail.com> Thanks, this got me a step further It now appears to disagree during MSCHAPV2 I included the updated config and users file. Sometimes it appears to be looking for the username without the PC name, and other times it includes the PC name. I added both to the users file to be sure. thanks for the help Coert On Sun, 6 Feb 2005 15:48:17 -0800, Jouni Malinen wrote: > On Sun, Feb 06, 2005 at 01:57:32PM -0800, Coert Vonk wrote: > > > Thanks for the reply. Attached are the configuration files and log. > > Sorry for the delay. My initial reply bounced because the email > > exceeded 25kB. This time the log file is compressed (use gunzip to > > uncompress). > > Thanks. > > It looks like you have configured the phase 2 authentication to use MD5, > but the Windows XP supplicant does not support this. Please re-test > after replacing MD5 with MSCHAPV2 in hostapd.eap_user. > > In hostapd log, you can see this failure in negotiation for phase 2 EAP > method: > > hostapd tries MD5: > > EAP-Identity: Peer identity - hexdump_ascii(len=15): > 43 52 4f 58 5c 43 6f 65 72 74 20 56 6f 6e 6b CROX\Coert Vonk > EAP-PEAP: PHASE2_ID -> PHASE2_METHOD > EAP-PEAP: try EAP type 4 > > client does not support it, asks for MSCHAPv2: > > EAP-PEAP: received Phase 2: code=2 identifier=108 length=6 > EAP-PEAP: Phase2 type Nak'ed; allowed types - hexdump(len=1): 1a > EAP: processing NAK (current EAP method index 1) > > hostapd was configured not to allow MSCHAPv2 so it rejects > authentication (not very clear from the debug log, but that is what is > happening here): > > EAP: list of methods supported by the peer - hexdump(len=1): 1a > EAP: new list of configured methods - hexdump(len=8): 04 00 00 00 00 00 00 00 > EAP-PEAP: PHASE2_METHOD -> PHASE2_TLV > > client acknowledges this: > > EAP-TLV: Result TLV - hexdump(len=2): 00 02 > EAP-TLV: TLV Result - Failure - requested Failure > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > -------------- next part -------------- A non-text attachment was scrubbed... Name: log.gz Type: application/x-gzip Size: 6775 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050206/dbbe3418/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: hostapd.conf Type: application/octet-stream Size: 660 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050206/dbbe3418/attachment.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: hostapd.eap_user Type: application/octet-stream Size: 212 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050206/dbbe3418/attachment-0001.obj From jkmaline at cc.hut.fi Mon Feb 7 01:46:34 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sun, 6 Feb 2005 22:46:34 -0800 Subject: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant In-Reply-To: <5f5c317a0502062139344e15ef@mail.gmail.com> References: <5f5c317a050205200979900eb7@mail.gmail.com> <5f5c317a05020612036d5a4d3@mail.gmail.com> <20050206202900.GM8386@jm.kir.nu> <5f5c317a05020613067443a5fe@mail.gmail.com> <5f5c317a0502061357e35cbad@mail.gmail.com> <20050206234817.GC8398@jm.kir.nu> <5f5c317a0502062139344e15ef@mail.gmail.com> Message-ID: <20050207064634.GT8398@jm.kir.nu> On Sun, Feb 06, 2005 at 09:39:54PM -0800, Coert Vonk wrote: > It now appears to disagree during MSCHAPV2 Invalid NT-Response usually means that the peer and the authenticator did not agree on the password.. > I included the updated config and users file. Sometimes it appears to > be looking for the username without the PC name, and other times it > includes the PC name. I added both to the users file to be sure. Do you mean domain name with "PC name"? How did you enter the user name/domain/password? Manually into a dialog box during authentication or using the same user name and password that was used to login into Windows (single sign-on)? You can configure this in the authentication tab and details for MSCHAPv2 (e.g., whether to try to authenticate as host, etc.). PS. You seem to have both WEP keys and TKIP/CCMP configured in hostapd.conf. If you are using WPA with TKIP/CCMP, you should not configure wep_key_len_broadcast, wep_key_len_unicast, or wep_rekey_period. -- Jouni Malinen PGP id EFC895FA From brix at gentoo.org Mon Feb 7 04:12:11 2005 From: brix at gentoo.org (Henrik Brix Andersen) Date: Mon, 07 Feb 2005 10:12:11 +0100 Subject: Pre-release testing for v0.3.7 In-Reply-To: <20050207041645.GR8398@jm.kir.nu> References: <20050207041645.GR8398@jm.kir.nu> Message-ID: <1107767531.11208.22.camel@sponge.fungus> Hi, On Sun, 2005-02-06 at 20:16 -0800, Jouni Malinen wrote: > My goal is to release 0.3.7 in about a week or so with more or less the > same contents as the 0.3.7-pre version. As far as code is concerned, > only critical bug fixes and obviously correct fixes are accepted before > the next release. Everything else will wait for the creation of the new > 0.3.x branch, after which changes will first go through the development > branch. After this, some changes may be merged into 0.3.x branch on > case by case basis. Apropos code changed; the ChangeLog for wpa_supplicant says "enamed driver_ipw2100.c to driver_ipw.c since it now supports both ipw2100 and ipw2200" - that's pretty neat taking into consideration that the ipw2200 driver doesn't support WPA yet? Sincerely, Brix -- Henrik Brix Andersen Gentoo Linux -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050207/757a528e/attachment.pgp From Jonathan.Buschmann at ericsson.com Mon Feb 7 05:14:54 2005 From: Jonathan.Buschmann at ericsson.com (Jonathan Buschmann) Date: Mon, 07 Feb 2005 11:14:54 +0100 Subject: initing FC3 system with wpa supplicant Message-ID: <42073F9E.1070502@ericsson.com> Hi, Got my madwifi driver and wpa_supplicant (WPA_PSK) to work smoothly. I'd like some suggestion on how, using FC's initialization via ifup, I can cleanly get my connection correctly set up. I get the IP from the AP. The problem is that if I run wpa_supplicant before the card is initialized (via ifup) it exits with an error. If I run it after it's too late because the dhcp client times out (not having yet authorized with the AP), and so I have to run dhcp_client again. Not a big problem I know - just wondering if someone else figured aout a clean solution, other than modifying the ifup script of course. jonathan From gorakha at fastmail.fm Mon Feb 7 07:12:23 2005 From: gorakha at fastmail.fm (fake) Date: Mon, 07 Feb 2005 04:12:23 -0800 Subject: Integrated EAP authentication and CA, Server and Cleint certificates Message-ID: <1107778343.22176.214490094@webmail.messagingengine.com> I want to know do i need the certificates(CA and Server) when using hostapd's integrated EAP authentication, or it can just ignore the certificates. Also same question on wpa_supplicant side that do i need to CA and client certificates when on other side it is integrated EAP authenticator of hostapd. I want to test just EAP/TLS functionality. Regards. sonu. From jkmaline at cc.hut.fi Mon Feb 7 09:26:29 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Mon, 7 Feb 2005 06:26:29 -0800 Subject: Pre-release testing for v0.3.7 In-Reply-To: <1107767531.11208.22.camel@sponge.fungus> References: <20050207041645.GR8398@jm.kir.nu> <1107767531.11208.22.camel@sponge.fungus> Message-ID: <20050207142629.GA8398@jm.kir.nu> On Mon, Feb 07, 2005 at 10:12:11AM +0100, Henrik Brix Andersen wrote: > Apropos code changed; the ChangeLog for wpa_supplicant says "enamed > driver_ipw2100.c to driver_ipw.c since it now supports both ipw2100 and > ipw2200" - that's pretty neat taking into consideration that the ipw2200 > driver doesn't support WPA yet? The driver requires a patch for this, but it was claimed to work. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Mon Feb 7 09:28:16 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Mon, 7 Feb 2005 06:28:16 -0800 Subject: Integrated EAP authentication and CA, Server and Cleint certificates In-Reply-To: <1107778343.22176.214490094@webmail.messagingengine.com> References: <1107778343.22176.214490094@webmail.messagingengine.com> Message-ID: <20050207142816.GB8398@jm.kir.nu> On Mon, Feb 07, 2005 at 04:12:23AM -0800, fake wrote: > I want to know do i need the certificates(CA and Server) when using > hostapd's integrated EAP authentication, or it can just ignore the > certificates. Yes, if you care about security. > Also same question on wpa_supplicant side that do i need > to CA and client certificates when on other side it is integrated EAP > authenticator of hostapd. I want to test just EAP/TLS functionality. EAP-TLS requires both client and server certificates. -- Jouni Malinen PGP id EFC895FA From coert.vonk at gmail.com Mon Feb 7 10:40:15 2005 From: coert.vonk at gmail.com (Coert Vonk) Date: Mon, 7 Feb 2005 07:40:15 -0800 Subject: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant In-Reply-To: <20050207064634.GT8398@jm.kir.nu> References: <5f5c317a050205200979900eb7@mail.gmail.com> <5f5c317a05020612036d5a4d3@mail.gmail.com> <20050206202900.GM8386@jm.kir.nu> <5f5c317a05020613067443a5fe@mail.gmail.com> <5f5c317a0502061357e35cbad@mail.gmail.com> <20050206234817.GC8398@jm.kir.nu> <5f5c317a0502062139344e15ef@mail.gmail.com> <20050207064634.GT8398@jm.kir.nu> Message-ID: <5f5c317a0502070740370ef81f@mail.gmail.com> Of cause, the WEP rekeying is not needed. I said "PC-name" because the client is not connected to a domain. It used the hostname as the domain name. It was using the user/passwd used to signin to XP. That passwd was not set. Correcting this got me to the point where the connection comes up. It only stays up for a few seconds though, before it reauthenticates. Looking at the traces, I see these messenges that might be related: SSL: SSL_accept:error in SSLv3 read client certificate A I used the same certificates that I use for IPsec. This describes how I generated them: http://www.cybcon.com/~coert/linux/wrap/ch-ipsec.html#s2-ipsec-ca-winxp Thanks again Coert On Sun, 6 Feb 2005 22:46:34 -0800, Jouni Malinen wrote: > On Sun, Feb 06, 2005 at 09:39:54PM -0800, Coert Vonk wrote: > > > It now appears to disagree during MSCHAPV2 > > Invalid NT-Response usually means that the peer and the authenticator > did not agree on the password.. > > > I included the updated config and users file. Sometimes it appears to > > be looking for the username without the PC name, and other times it > > includes the PC name. I added both to the users file to be sure. > > Do you mean domain name with "PC name"? How did you enter the user > name/domain/password? Manually into a dialog box during authentication > or using the same user name and password that was used to login into > Windows (single sign-on)? You can configure this in the authentication > tab and details for MSCHAPv2 (e.g., whether to try to authenticate as > host, etc.). > > PS. > > You seem to have both WEP keys and TKIP/CCMP configured in > hostapd.conf. If you are using WPA with TKIP/CCMP, you should not > configure wep_key_len_broadcast, wep_key_len_unicast, or > wep_rekey_period. > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > -------------- next part -------------- A non-text attachment was scrubbed... Name: hostapd.conf Type: application/octet-stream Size: 570 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050207/ba761ca6/attachment.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: hostapd.eap_user Type: application/octet-stream Size: 124 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050207/ba761ca6/attachment-0001.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: log.gz Type: application/x-gzip Size: 12822 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050207/ba761ca6/attachment.bin From ramalhais at serrado.net Mon Feb 7 12:33:33 2005 From: ramalhais at serrado.net (Pedro Ramalhais) Date: Mon, 07 Feb 2005 17:33:33 +0000 Subject: Pre-release testing for v0.3.7 In-Reply-To: <20050207142629.GA8398@jm.kir.nu> References: <20050207041645.GR8398@jm.kir.nu> <1107767531.11208.22.camel@sponge.fungus> <20050207142629.GA8398@jm.kir.nu> Message-ID: <1107797613.3582.10.camel@rootix> On Mon, 2005-02-07 at 14:26, Jouni Malinen wrote: > On Mon, Feb 07, 2005 at 10:12:11AM +0100, Henrik Brix Andersen wrote: > > > Apropos code changed; the ChangeLog for wpa_supplicant says "enamed > > driver_ipw2100.c to driver_ipw.c since it now supports both ipw2100 and > > ipw2200" - that's pretty neat taking into consideration that the ipw2200 > > driver doesn't support WPA yet? > > The driver requires a patch for this, but it was claimed to work. Where's this patch? Thanks! -- Pedro Ramalhais From brix at gentoo.org Mon Feb 7 12:55:55 2005 From: brix at gentoo.org (Henrik Brix Andersen) Date: Mon, 07 Feb 2005 18:55:55 +0100 Subject: Pre-release testing for v0.3.7 In-Reply-To: <1107797613.3582.10.camel@rootix> References: <20050207041645.GR8398@jm.kir.nu> <1107767531.11208.22.camel@sponge.fungus> <20050207142629.GA8398@jm.kir.nu> <1107797613.3582.10.camel@rootix> Message-ID: <1107798955.11619.16.camel@sponge.fungus> On Mon, 2005-02-07 at 17:33 +0000, Pedro Ramalhais wrote: > Where's this patch? Apparently Yi Zhu has had a busy weekend. ./Brix -- Henrik Brix Andersen Gentoo Linux -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050207/0f66ed57/attachment.pgp From coert.vonk at gmail.com Mon Feb 7 18:44:48 2005 From: coert.vonk at gmail.com (Coert Vonk) Date: Mon, 7 Feb 2005 15:44:48 -0800 Subject: [success] hostapd 1.3.7-pre, madwifi-cvs +patch, internal EAP-PEAP/MSCHAPv2 w/ WinXP SP2 supplicant In-Reply-To: <5f5c317a0502070740370ef81f@mail.gmail.com> References: <5f5c317a050205200979900eb7@mail.gmail.com> <5f5c317a05020612036d5a4d3@mail.gmail.com> <20050206202900.GM8386@jm.kir.nu> <5f5c317a05020613067443a5fe@mail.gmail.com> <5f5c317a0502061357e35cbad@mail.gmail.com> <20050206234817.GC8398@jm.kir.nu> <5f5c317a0502062139344e15ef@mail.gmail.com> <20050207064634.GT8398@jm.kir.nu> <5f5c317a0502070740370ef81f@mail.gmail.com> Message-ID: <5f5c317a05020715443145ded5@mail.gmail.com> I wrote down some of my notes on madwifi and hostapd as authenticator: http://www.cybcon.com/~coert/linux/wrap/ch-wireless.html thanks for he help Jouni, Coert Vonk (PS I am still working on getting the certificate based authentication working.) From ingo at hoffmann-augsburg.de Mon Feb 7 19:28:23 2005 From: ingo at hoffmann-augsburg.de (Ingo Hoffmann) Date: Tue, 08 Feb 2005 01:28:23 +0100 Subject: Reason for ioctl[PRISM2_IOCTL_HOSTAPD]: Inappropriate ioctl for device Message-ID: <420807A7.6000405@hoffmann-augsburg.de> Jouni, in November 2003 I got following description to reanimate my pci wlan card, which I have used very often successfully since then. I changed only recently to SuSE 9.2 including kernel 2.6.8 and I tried to use the same commands from your description. Unfortunately i got following error message: falzeben:[~](1005)# /tmp/HOSTAP/hostap-utils-0.2.6/prism2_srec -gp wlan0 /home/imh/TXT/Firmware/WLAN/Intersil/1.7.4/ak010101.hex srec summary for ak010101.hex Included file name: ak010101.hex Component: 0x0015 1.1.1 (primary firmware) ioctl[PRISM2_IOCTL_HOSTAPD]: Inappropriate ioctl for device Missing wlan component info Could not read wlan RIDs Ergebnis:0x100 falzeben:[~](1006)# I'm using hostap as it is included in SuSE 9.2. (latest updates included) Unfortunately I didn't find out easily so far which version. Do you have any ideas what the reason might be? Is your description still valid or do I have to use different commands? Thanks for any help! Ingo -------- Original-Nachricht -------- Betreff: Re: Severe problem during download of Firmware makes PCI card useless Datum: Tue, 04 Nov 2003 01:10:57 +0100 Von: Ingo Hoffmann An: hostap at shmoo.com Referenzen: <3FA579AE.3050708 at hoffmann-augsburg.de> <20031103003716.GC3583 at jm.kir.nu> <20031103033047.GA7032 at jm.kir.nu> Jouni, it took some time to build everything but now I have finished your proposed procedure and everything seems to work again! (For now I have just performed a short test, I'll test more tomorrow!) So thank you very much for this excellent support! (I really was afraid that I couldn't use the card anymore, so I really appreciate your immediate help!) Regards Ingo PS: The compilation of the driver works also with the latest snapshot, I'm talking about the thread: Problem with compiling hostap-driver-0.1.1.tar.gz Thanks again! Jouni Malinen schrieb: >On Sun, Nov 02, 2003 at 04:37:16PM -0800, Jouni Malinen wrote: > > > >>I will take a look at what would be needed to change the driver to allow >>Genesis-mode operations with corrupted PRI f/w (i.e., continue minimal >>operation mode even if initialization fails). >> >> > >I added some preliminary code for this. A new module parameter, >no_primary, can be used to allow initialization continue even if the >card initialization times out. This might not be enough for all cases, >but at least it was enough for this particular case. > > > >>I'll try to reproduce this issue by flashing a PCI Prism2.5 card with >>the images you used.. In the mean while, you could also consider >>upgrading the flash with the DOS-based tool. Depending on what get >>corrupted in flash, it might be enough to just write the PRI and STA >>images again. Then again, it is also possible that PDA was corrupted >>and it would also need to be fixed. >> >> > >I was able to reproduce the issue by downloading the same images. I had >a bit newer versions in the card before doing this, so the results may >in theory be different, but I would assume we have the cards pretty much >in identical state now. > >It looks like the PRI image was not completely destroyed, but something >is broken.. Trying to write anything to flash at this point fails. >However, I was able to download another PRI image to RAM using Genesis >mode. Unfortunately, this did not fix flash download, but at least I >could download RAM downloadable STA image afterwards. Thus, the card is >actually working again. > >So, the bad news is that I don't yet know how to fix the flash contents. >The good news is that the card can be made to work with RAM downloadable >images. In addition, since I now have one of my cards in the same state, >I have some extra motivation to figure out a way to fix the flash.. ;-) > >You can use following steps to get the card into working state using RAM >download (this is of course assuming your card ended up in the same >state than mine): > >- update to the latest CVS snapshot >- load hostap_pci with no_primary set: insmod hostap_pci.o no_primary=1 >- download volatile primary firmware using Genesis mode; optionally, > make it persist hardware reset (but not driver unload): > prism2_srec -gp wlan0 ak010101.hex >- download volatile STA firmware (again, with persist mode): > prism2_srec -rp wlan0 rf010704.hex > >Card should now be in fully operational state (well, apart from flash >download). Please let me know, if this does not work with your card >(include dmesg and prism2_srec output). > > > _______________________________________________ HostAP mailing list HostAP at shmoo.com http://lists.shmoo.com/mailman/listinfo/hostap From oluap at autolatina.com.br Mon Feb 7 18:59:58 2005 From: oluap at autolatina.com.br (Paulo Sergio Lemes Queiroz) Date: Mon, 07 Feb 2005 23:59:58 +0000 Subject: Problem with two cards Message-ID: <420800FE.3070001@autolatina.com.br> Hi, I'm trying to setup a box with two cards but I'm getting some continuos erros... The first card worked fine, but the second one never works... I think its a problem with pcmcia-cs or the kernel, but I'm not an especialist... I tried with PCI and ISA, controllers. I'm using kernel 2.6.8-1, pcmcia-cs 3.2.8 and hostap 0.2.5 on a Pentium III with a soyo 7vba board. The PCI controllers are Ricoh, The ISA ones are Vadem I, already searched on the list and found similar problems, but I could't found the solution... If, anyone solved this, please help.... Here is the kernel messages: Feb 5 09:44:53 border_13_1 kernel: hostap_cs: Registered netdevice wifi1 Feb 5 09:44:53 border_13_1 kernel: hostap_cs: index 0x01: Vcc 5.0, irq 3, io 0x0140-0x017f Feb 5 09:44:53 border_13_1 kernel: wifi1: prism2_enable_aux_port - timeout - reg=0x8000 Feb 5 09:44:53 border_13_1 kernel: wifi1: prism2_enable_aux_port - timeout - reg=0xffff Feb 5 09:44:53 border_13_1 kernel: hostap_cs: Initialization failed --------------------------- Feb 5 09:21:50 border_13_1 kernel: cs: memory probe 0xa0000000-0xa0ffffff: clean. Feb 5 09:21:50 border_13_1 kernel: hostap_cs: RequestIO: Configuration locked Feb 5 09:21:50 border_13_1 kernel: hostap_cs: GetNextTuple: No more items Feb 5 09:21:51 border_13_1 cardmgr[8713]: get dev info on socket 2 failed: Resource temporarily unavailable Feb 5 09:22:25 border_13_1 cardmgr[8713]: socket 2: Samsung SWL2000-N 11Mb/s WLAN Card Feb 5 09:22:25 border_13_1 kernel: hostap_cs: RequestIO: Configuration locked Feb 5 09:22:25 border_13_1 kernel: hostap_cs: GetNextTuple: No more items Feb 5 09:22:26 border_13_1 cardmgr[8713]: get dev info on socket 2 failed: Resource temporarily unavailable --------------------------- Feb 5 09:33:16 border_13_1 kernel: hostap_cs: setting Vcc=33 (constant) Feb 5 09:33:16 border_13_1 kernel: hostap_cs: CS_EVENT_CARD_INSERTION Feb 5 09:33:16 border_13_1 kernel: hostap_cs: setting Vcc=33 (from config) Feb 5 09:33:16 border_13_1 kernel: Checking CFTABLE_ENTRY 0x01 (default 0x01) Feb 5 09:33:16 border_13_1 kernel: IO window settings: cfg->io.nwin=1 dflt.io.nwin=1 Feb 5 09:33:16 border_13_1 kernel: io->flags = 0x0046, io.base=0x0000, len=64 Feb 5 09:33:16 border_13_1 kernel: divert: not allocating divert_blk for non-ethernet device wifi1 Feb 5 09:33:16 border_13_1 /etc/hotplug/net.agent: NET add event not supported Feb 5 09:33:16 border_13_1 kernel: hostap_cs: Registered netdevice wifi1 Feb 5 09:33:16 border_13_1 kernel: hostap_cs: index 0x01: Vcc 3.3, irq 11, io 0x0140-0x017f Feb 5 09:33:16 border_13_1 kernel: wifi1: init command completed too quickly - retrying Feb 5 09:33:16 border_13_1 kernel: hostap_cs: assuming no Primary image in flash - card initialization not completed Feb 5 09:33:16 border_13_1 kernel: wifi1: test Genesis mode with HCR 0x1f Feb 5 09:33:16 border_13_1 kernel: prism2_pccard_cor_sreset: original COR 41 Feb 5 09:33:16 border_13_1 kernel: prism2_pccard_genesis_sreset: original COR 41 Feb 5 09:33:16 border_13_1 kernel: Readback test succeeded, HCR 0x1f Feb 5 09:33:16 border_13_1 kernel: prism2_pccard_genesis_sreset: original COR 41 Feb 5 09:33:16 border_13_1 kernel: divert: allocating divert_blk for wlan1 Feb 5 09:33:16 border_13_1 kernel: wifi1: registered netdevice wlan1 Feb 5 09:33:26 border_13_1 kernel: wifi1: cannot get RID fdc6 (len=12) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wifi1: cannot get RID fdc1 (len=2) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wifi1: cannot get RID fdc6 (len=12) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wifi1: cannot get RID fc06 (len=2) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wifi1: cannot get RID fd42 (len=6) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wifi1: cannot get RID fc0e (len=34) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wifi1: cannot get RID fc84 (len=2) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wifi1: cannot get RID fc83 (len=2) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wifi1: cannot get RID fc82 (len=2) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wifi1: cannot get RID fc09 (len=2) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wifi1: cannot get RID fd48 (len=2) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fdc6 (len=12) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fdc1 (len=2) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fdc6 (len=12) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc06 (len=2) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fd42 (len=6) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc0e (len=34) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc84 (len=2) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc83 (len=2) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc82 (len=2) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc09 (len=2) - no PRI f/w Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fd48 (len=2) - no PRI f/w Tks.... a lot... From gangis at gmail.com Tue Feb 8 00:08:47 2005 From: gangis at gmail.com (Craig L) Date: Tue, 8 Feb 2005 00:08:47 -0500 Subject: More issues (wpa_supplicant 0.3.7pre, madwifi AND ndiswrapper, dropping after a period of inactivity) Message-ID: <95a7962e05020721084a7ec5d1@mail.gmail.com> Well, I'm back. :P While wpa_supplicant DOES connect to my WPA access pont and gets an IP through dhcpcd now, it seems to have trouble maintaining a connection after a brief period of inactivity. As always, I try different combinations with different drivers, with/without wpa_supplicant and this is what I found: (btw, emerged 0.3.7pre through gentoo portage, but it still reports as 3.6) 1) wpa_supplicant and madwifi - Connects to AP and gets an IP address, everything works. After a couple of minutes when there's nothing going on, it will suddenly lose connection and try the other AP within range (even though THAT AP is under my blacklist now, wpa_supplicant seems to ignore it.) That other AP, btw, has no protection at all, and after a couple of minutes, it disconnects again and looks for other access points, cannot find my own (hinatasou), then tries to connect to Dietrich01 again. Lather, rinse, repeat. 2) madwifi only, no wpa_supplicant - Connects to Dietrich01 and maintains the connection without any problems. Had it sit for over an hour. 3) wpa_supplicant and ndiswrapper - Same problem as #1, though with ndiswrapper it seems to connect and gets the IP address faster than with madwifi) Below is the output: mitsuki-kouyama gangis # /etc/init.d/net.ath0 restart * Stopping ath0 * Bringing down ath0 * Shutting down ath0 ... [ ok ] * Stopping wpa_supplicant on ath0 ... [ ok ] * Starting ath0 * Starting wpa_supplicant on ath0 ... [ ok ] * ath0 connected to "hinatasou" at 00:0D:88:89:21:79 * Bringing up ath0 * Configuration not set for ath0 - assuming dhcp * dhcp * Running dhcpcd ... [ ok ] * ath0 received address 192.168.0.102 mitsuki-kouyama gangis # wpa_cli wpa_cli v0.3.6 Copyright (c) 2004-2005, Jouni Malinen and contributors This program is free software. You can distribute it and/or modify it under the terms of the GNU General Public License version 2. Alternatively, this software may be distributed under the terms of the BSD license. See README and COPYING for more details. Selected interface 'ath0' Interactive mode > status bssid=00:0d:88:89:21:79 ssid=hinatasou pairwise_cipher=TKIP group_cipher=TKIP key_mgmt=WPA-PSK wpa_state=COMPLETED Supplicant PAE state=AUTHENTICATED suppPortStatus=Authorized EAP state=SUCCESS > <2>Disconnect event - remove keys <2>Trying to associate with 00:09:5b:dc:ca:84 (SSID='Dietrich01' freq=2462 MHz) <2>Associated with 00:09:5b:dc:ca:84 *whew* I try to be complete when I do these things, but perhaps I got carried away? :P Thank you very much, as always. -Craig From mrcool at stupidgamerz.com Tue Feb 8 07:58:58 2005 From: mrcool at stupidgamerz.com (Jerry) Date: Tue, 8 Feb 2005 06:58:58 -0600 Subject: Problem with two cards References: <420800FE.3070001@autolatina.com.br> Message-ID: <004201c50ddd$f473f220$c500a8c0@Home> > Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc06 (len=2) - no PRI f/w > Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fd42 (len=6) - no PRI f/w > Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc0e (len=34) - no PRI f/w > Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc84 (len=2) - no PRI f/w > Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc83 (len=2) - no PRI f/w > Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc82 (len=2) - no PRI f/w > Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc09 (len=2) - no PRI f/w > Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fd48 (len=2) - no PRI f/w This would appear to be a prism3 without primary firmware on the card. You need to get the firmware and load it at card initialization time using hostap_fw_load (edit the file for your configuration). Now if this isnt a prism3 without firmware, then the 'get next tupple' usually indicates the need for 'ignore_cis_vcc=0' in the /etc/pcmcia/hostap_cs.conf file (edit the file and look at the bottom for an example) Good luck Jerryf From oluap at autolatina.com.br Tue Feb 8 09:07:35 2005 From: oluap at autolatina.com.br (Paulo Sergio Lemes Queiroz) Date: Tue, 08 Feb 2005 14:07:35 +0000 Subject: Problem with two cards In-Reply-To: <004201c50ddd$f473f220$c500a8c0@Home> References: <420800FE.3070001@autolatina.com.br> <004201c50ddd$f473f220$c500a8c0@Home> Message-ID: <4208C7A7.9050408@autolatina.com.br> Jerry wrote: >>Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc06 (len=2) - >> >> >no PRI f/w > > >>Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fd42 (len=6) - >> >> >no PRI f/w > > >>Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc0e (len=34) - >> >> >no PRI f/w > > >>Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc84 (len=2) - >> >> >no PRI f/w > > >>Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc83 (len=2) - >> >> >no PRI f/w > > >>Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc82 (len=2) - >> >> >no PRI f/w > > >>Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fc09 (len=2) - >> >> >no PRI f/w > > >>Feb 5 09:33:26 border_13_1 kernel: wlan1: cannot get RID fd48 (len=2) - >> >> >no PRI f/w > > >This would appear to be a prism3 without primary firmware on the card. You >need to get the firmware and load it at card initialization time using >hostap_fw_load (edit the file for your configuration). > >Now if this isnt a prism3 without firmware, then the 'get next tupple' >usually indicates the need for 'ignore_cis_vcc=0' in the >/etc/pcmcia/hostap_cs.conf file (edit the file and look at the bottom for an >example) > >Good luck > >Jerryf > > > > > The primary firmware is: v1.1.1 and the Station one is 1.8.0 on the both cards.. Should I change the firmware ? I already tried 'ignore_cis_vcc=0' but the error persists... Tks a lot.... From espy at pepper.com Tue Feb 8 15:37:51 2005 From: espy at pepper.com (Tony Espy) Date: Tue, 08 Feb 2005 15:37:51 -0500 Subject: HostAP Homepage -- busted links... Message-ID: <4209231F.1020408@pepper.com> FYI... it seems that a few of the links on the HostAP homepage are busted. Specifically the "COPYING", "README" and "FAQ" links just above the download links. I'm running Firefox 1.0 on Fedora Core 1. Here are the URL values (using FF 'Copy Link Location') of the links: COPYING: http://hostap.epitest.fi/cgi-bin/viewcvs.cgi/*checkout*/hostap/COPYING?rev=HEAD&content-type=text/plain FAQ: http://hostap.epitest.fi/cgi-bin/viewcvs.cgi/*checkout*/hostap/FAQ?rev=HEAD&content-type=text/plain README: http://hostap.epitest.fi/cgi-bin/viewcvs.cgi/*checkout*/hostap/README?rev=HEAD&content-type=text/plain All three links result in: Page not found." thanks, Tony Espy Pepper Computer, Inc. From antovar at gmail.com Tue Feb 8 16:11:16 2005 From: antovar at gmail.com (Antonio Tovar) Date: Tue, 8 Feb 2005 22:11:16 +0100 Subject: Intel Pro/Wireless 2200 and WPA-PSK Message-ID: <20050208211116.388D538F7A@mail.iocaine.com> Hi, can anybody confirm that IPW2200 driver does not support WPA-PSK please? I have read a lot, but I am not sure. Thanks you. From jwright at hasborg.com Tue Feb 8 16:55:47 2005 From: jwright at hasborg.com (Joshua Wright) Date: Tue, 08 Feb 2005 16:55:47 -0500 Subject: Unable to associate with Prism2 PCI card Message-ID: <42093563.8000700@hasborg.com> I recently purchased a Senao 2511 MP PLUS miniPCI card for a Dell X200 laptop running a 2.6.10 kernel (Slackware) and hostap-driver 0.2.6. After connecting the card and antenna and booting, the system recognized the card as reported by iwconfig/ifconfig/dmesg. Unfortunately, I haven't had any luck getting the card to associate to any networks. I setup an AP with open authentication and confirmed with a PCMCIA card on the same system (using HostAP) that the AP was working OK. The miniPCI card does not allow me to associate however (no connectivity, AP is listed as 44:44:44:44:44:44), reporting this error in the dmesg logs: wifi0: TXEXC - status=0x0004 ([Discon]) tx_control=000c retry_count=0 tx_rate=0 fc=0x0108 (Data::0 ToDS) A1=44:44:44:44:44:44 A2=00:02:6f:33:bc:41 A3=ff:ff:ff:ff:ff:ff A4=00:00:00:00:00:00 Where 00:02:6f:33:bc:41 is the MAC address of the new miniPCI card. "lsmod" indicated that hostap_pci and hostap were loaded, as well as orinoco_pci, orinoco and hermes. I removed all the modules and did a "modprobe hostap_pci", but I am still unable to connect. Sniffing with another system on the same channel, it appears the miniPCI card is transmitting probe requests, but is not receiving probe responses. I can see other activity on the network (along with the occasional "Invalid misc:" reported by "iwconfig wlan0". Firmware on the card is reported as: wifi0: NIC: id=0x8013 v1.0.0 wifi0: PRI: id=0x15 v1.1.0 wifi0: STA: id=0x1f v1.8.0 I've attached an excerpt from "dmesg" and the output from "lspci" and "lsmod" to the end of this message. Does anyone have any troubleshooting suggestions? Thanks, -Josh -- -Joshua Wright jwright at hasborg.com http://home.jwu.edu/jwright/ pgpkey: http://home.jwu.edu/jwright/pgpkey.htm fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73 Today I stumbled across the world's largest hotspot. The SSID is "linksys". --- partial dmesg --- Linux version 2.6.10 (root at antimony) (gcc version 3.3.4) #13 Fri Feb 4 21:32:31 EST 2005 Kernel command line: BOOT_IMAGE=Linux_2610 ro root=302 pci=usepirqmask Local APIC disabled by BIOS -- you can enable it with "lapic" mapped APIC to ffffd000 (014f7000) PCI: Probing PCI hardware PCI: Probing PCI hardware (bus 00) PCI: Ignoring BAR0-3 of IDE controller 0000:00:1f.1 PCI: Transparent bridge - 0000:00:1e.0 PCI: Using IRQ router PIIX/ICH [8086/248c] at 0000:00:1f.0 PCI: Found IRQ 11 for device 0000:00:1f.1 PCI: Sharing IRQ 11 with 0000:00:1d.2 PCI: Sharing IRQ 11 with 0000:02:03.1 PCI: Found IRQ 10 for device 0000:02:03.0 PCI: Sharing IRQ 10 with 0000:00:02.0 PCI: Sharing IRQ 10 with 0000:00:1d.0 pnp: 00:0a: ioport range 0x4d0-0x4d1 has been reserved pnp: 00:0a: ioport range 0x8000-0x805f has been reserved pnp: 00:0a: ioport range 0x2180-0x218f has been reserved pnp: 00:0a: ioport range 0x8060-0x807f has been reserved pnp: 00:0a: ioport range 0x8080-0x80bf has been reserved PCI: Found IRQ 11 for device 0000:02:05.0 PCI: Sharing IRQ 11 with 0000:00:1d.1 3c59x: Donald Becker and others. www.scyld.com/network/vortex.html 0000:02:05.0: 3Com PCI 3c905C Tornado at 0x9000. Vers LK1.1.19 Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2 ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx ICH3M: IDE controller at PCI slot 0000:00:1f.1 PCI: Enabling device 0000:00:1f.1 (0005 -> 0007) PCI: Found IRQ 11 for device 0000:00:1f.1 PCI: Sharing IRQ 11 with 0000:00:1d.2 PCI: Sharing IRQ 11 with 0000:02:03.1 PCI: Found IRQ 10 for device 0000:02:03.0 PCI: Sharing IRQ 10 with 0000:00:02.0 PCI: Sharing IRQ 10 with 0000:00:1d.0 Yenta: CardBus bridge found at 0000:02:03.0 [1028:0122] Yenta: ISA IRQ mask 0x02b8, PCI irq 10 Socket status: 30000006 hostap_crypt: registered algorithm 'NULL' hostap_pci: 0.2.6 - 2004-12-25 (Jouni Malinen ) PCI: Found IRQ 10 for device 0000:02:07.0 hostap_pci: Registered netdevice wifi0 wifi0: Original COR value: 0x65 prism2_hw_init: initialized in 195 ms wifi0: NIC: id=0x8013 v1.0.0 wifi0: PRI: id=0x15 v1.1.0 wifi0: STA: id=0x1f v1.8.0 wifi0: Intersil Prism2.5 PCI: mem=0xe0500000, irq=10 wifi0: registered netdevice wlan0 orinoco 0.13e (David Gibson , Pavel Roskin , et al) orinoco_pci 0.13e (Pavel Roskin , David Gibson & Jean Tourrilhes ) PCI: Found IRQ 10 for device 0000:00:1f.5 PCI: Sharing IRQ 10 with 0000:00:1f.3 PCI: Setting latency timer of device 0000:00:1f.5 to 64 prism2: wlan0: operating mode changed 3 -> 2 --- end dmesg --- --- lspci --- 02:07.0 Network controller: Harris Semiconductor Prism 2.5 Wavelan chipset (rev 01) Subsystem: Harris Semiconductor Prism 2.5 Wavelan chipset Flags: bus master, medium devsel, latency 64, IRQ 10 Memory at e0500000 (32-bit, prefetchable) [size=4K] Capabilities: --- end lspci --- --- lsmod --- Module Size Used by snd_pcm_oss 48484 0 snd_mixer_oss 17504 1 snd_pcm_oss ohci_hcd 18920 0 snd_intel8x0 27968 2 snd_ac97_codec 73120 1 snd_intel8x0 snd_pcm 82696 3 snd_pcm_oss,snd_intel8x0,snd_ac97_codec snd_timer 20164 1 snd_pcm snd 45348 10 snd_pcm_oss,snd_mixer_oss,snd_intel8x0,snd_ac97_codec,snd_pcm,snd_timer snd_page_alloc 7524 2 snd_intel8x0,snd_pcm hostap_pci 52240 2 hostap 112680 1 hostap_pci pcmcia 18532 2 yenta_socket 19136 0 pcmcia_core 49280 2 pcmcia,yenta_socket cloop 11680 1 zlib_inflate 17120 1 cloop --- end lsmod --- From ranabasheer at gmail.com Tue Feb 8 17:37:43 2005 From: ranabasheer at gmail.com (Rana Basheer) Date: Tue, 8 Feb 2005 16:37:43 -0600 Subject: Checking WEP Status after scannig for SSIDs Message-ID: I have the prism driver development document. I am unable to find any information in the document regarding a way to interrogate the WEP status of a wirless SSID that was retrieved through scanning. I am using prism driver to run a PCMCIA based 802.11b card from an Atmega 128 processor. I am trying to list all the available wireless networks in the vicinity and their WEP status. This is similar to the Windows XP zero configuration interface which list the available network with information about whether security is enabled for that network or not. I am trying to do exactly the same with my Atmega128 + PCMCIA setup. The only problem is, I do not know how to check the scanned network has encryption enabled or not. (Of course I can just try to connect to the network and if it fails then the network is encrypted. But that does not seem to be an elegant solution. Please let me know if that is the only solution or there is something better ) Any help is appreciated. Thanks and Regards Rana Basheer From ramalhais at serrado.net Tue Feb 8 18:06:41 2005 From: ramalhais at serrado.net (Pedro Ramalhais) Date: Tue, 08 Feb 2005 23:06:41 +0000 Subject: Intel Pro/Wireless 2200 and WPA-PSK In-Reply-To: <20050208211116.388D538F7A@mail.iocaine.com> References: <20050208211116.388D538F7A@mail.iocaine.com> Message-ID: <1107904001.2900.1.camel@rootix> On Tue, 2005-02-08 at 21:11, Antonio Tovar wrote: > Hi, > > can anybody confirm that IPW2200 driver does not support WPA-PSK please? > > I have read a lot, but I am not sure. > > Thanks you. WPA support was just added in the ipw2200-1.0.1 release. Please test it and report if it worked and what hardware do you use (card, driver version, supplicant version, AP model, AP firmware version). Good luck! -- Pedro Ramalhais From jkmaline at cc.hut.fi Tue Feb 8 22:25:20 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Tue, 8 Feb 2005 19:25:20 -0800 Subject: HostAP Homepage -- busted links... In-Reply-To: <4209231F.1020408@pepper.com> References: <4209231F.1020408@pepper.com> Message-ID: <20050209032520.GB8366@jm.kir.nu> On Tue, Feb 08, 2005 at 03:37:51PM -0500, Tony Espy wrote: > FYI... it seems that a few of the links on the HostAP homepage are > busted. Specifically the "COPYING", "README" and "FAQ" links just above > the download links. There was a power outage in Helsinki last night and the server had some problems recovering from this. Let's just say that fixing a system with corrupted /var partition over a remote connection while being more than 6000 km away from the said server is not exactly what I would call fun. I believe everything is fixed now. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Tue Feb 8 22:29:59 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Tue, 8 Feb 2005 19:29:59 -0800 Subject: Checking WEP Status after scannig for SSIDs In-Reply-To: References: Message-ID: <20050209032959.GC8366@jm.kir.nu> On Tue, Feb 08, 2005 at 04:37:43PM -0600, Rana Basheer wrote: > I have the prism driver development document. I am unable to find any > information in the document regarding a way to interrogate the WEP > status of a wirless SSID that was retrieved through scanning. I am > using prism driver to run a PCMCIA based 802.11b card from an Atmega > 128 processor. I am trying to list all the available wireless networks > in the vicinity and their WEP status. This is similar to the Windows > XP zero configuration interface which list the available network with > information about whether security is enabled for that network or not. > I am trying to do exactly the same with my Atmega128 + PCMCIA setup. > The only problem is, I do not know how to check the scanned network > has encryption enabled or not. Since this is Host AP mailing list, I would assume a pointer to the driver source code would be enough: see __prism2_translate_scan() in hostap_ioctl.c for an example on how to check fro privacy bit in capabilities field.. -- Jouni Malinen PGP id EFC895FA From forspam at david.wd107.tamaris.tm.fr Wed Feb 9 04:56:19 2005 From: forspam at david.wd107.tamaris.tm.fr (David Minodier) Date: Wed, 9 Feb 2005 10:56:19 +0100 Subject: Multiple wired interfaces Message-ID: <005701c50e8d$9aeb0bc0$0a6310ac@wd107.tamaris.tm.fr> Hi, is it possible to run *one* instance of hostap that performs access control on *more than one* Ethernet cards (wired) ? If so, what does the 'interface=eth0' line looks like in the wired.conf ? Thanks, Dave From gbur at informatik.uni-rostock.de Wed Feb 9 05:20:30 2005 From: gbur at informatik.uni-rostock.de (Gunter Burchardt) Date: Wed, 9 Feb 2005 11:20:30 +0100 Subject: Multiple wired interfaces In-Reply-To: <005701c50e8d$9aeb0bc0$0a6310ac@wd107.tamaris.tm.fr> References: <005701c50e8d$9aeb0bc0$0a6310ac@wd107.tamaris.tm.fr> Message-ID: <20050209102030.GE14883@informatik.uni-rostock.de> > Hi, > is it possible to run *one* instance of hostap that performs access control > on *more than one* Ethernet cards (wired) ? Yes! > If so, what does the 'interface=eth0' line looks like in the wired.conf ? This line specifies the interface hostapd works on. To run one instance of hostapd on more than one interface simply write one wired.conf for each interface (eg. wired.eth0.conf wired.eth1.conf) and start hostapd with following command: hostapd wired.eth0.conf wired.eth1.conf regards gunter From fromkth+hostap at fastmail.fm Wed Feb 9 06:52:43 2005 From: fromkth+hostap at fastmail.fm (Ajeet) Date: Wed, 09 Feb 2005 12:52:43 +0100 Subject: txpower settings. Message-ID: <4209F98B.5000104@fastmail.fm> Hi, I am building a WLAN testbed(2 prism2 based APs and one prism2based STA ) in a small room, so need to reduce the power of APs so i can do handover in a small room while moving away from one AP to the other AP. I tried to used txpower option in iwconfig, but except "auto" and "off" other options gives following error, Error for wireless request "Set Tx Power" (8B27): GET failed on device wlan0 ; Operation not supoorted. So what do i need to do to reduce trasmitt power of APs. is it something related with ALC? there is no info about what ALC is, in README's or FAQ's. Thanks. -ajeet. From forspam at david.wd107.tamaris.tm.fr Wed Feb 9 08:04:53 2005 From: forspam at david.wd107.tamaris.tm.fr (David Minodier) Date: Wed, 9 Feb 2005 14:04:53 +0100 Subject: Radius Dictionary Message-ID: <005601c50ea7$f2d7e690$0a6310ac@wd107.tamaris.tm.fr> Hi all, has anyone thought of allowing hostapd to refer to an external Radius Dictionary rather than hard-coding the minimum dictionary in ? If not, i'd be glad to help a bit in doing that... David. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/hostap/attachments/20050209/2ffc0fd4/attachment.htm From michael.walter at polit-web.de Wed Feb 9 08:52:56 2005 From: michael.walter at polit-web.de (Michael Walter) Date: Wed, 09 Feb 2005 14:52:56 +0100 Subject: Radius Dictionary In-Reply-To: <005601c50ea7$f2d7e690$0a6310ac@wd107.tamaris.tm.fr> References: <005601c50ea7$f2d7e690$0a6310ac@wd107.tamaris.tm.fr> Message-ID: I run such a configuration on my debian machine. The configuration file '/etc/hostapd.conf' points to a radius server which runs on the same box and makes use of X.509 certificates of a CA to authenticate user access. I run version 0.2.6 and my "hostapd.conf"-file looks like this: > ##### hostapd configuration file #### > > # AP netdevice name (without 'ap' prefix, i.e., wlan0 uses wlan0ap for > # management frames) > interface=wlan0 > > # hostapd event logger configuration > # > # Two output method: syslog and stdout (only usable if not forking to > # background). > # > # Module bitfield (ORed bitfield of modules that will be logged; -1 = all > # modules): > # bit 0 (1) = IEEE 802.11 > # bit 1 (2) = IEEE 802.1X > # bit 2 (4) = RADIUS > # > # Levels (minimum value for logged events): > # 0 = verbose debugging > # 1 = debugging > # 2 = informational messages > # 3 = notification > # 4 = warning > # > logger_syslog=-1 > logger_syslog_level=2 > logger_stdout=-1 > logger_stdout_level=2 > > # Debugging: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps > debug=0 > > # Dump file for state information (on SIGUSR1) > dump_file=/tmp/hostapd.dump > > # Daemonize hostapd process (i.e., fork to background) > daemonize=1 > > > ##### IEEE 802.11 related configuration #### > > # SSID to be used in IEEE 802.11 management frames > ssid=privat > > # Station MAC address -based authentication > # 0 = accept unless in deny list > # 1 = deny unless in accept list > # 2 = use external RADIUS server (accept/deny lists are searched first) > macaddr_acl=0 > > # IEEE 802.11 specifies two authentication algorithms. hostapd can be > # configured to allow both of these or only one. Open system > authentication > # should be used with IEEE 802.1X. > # Bit fields of allowed authentication algorithms: > # bit 0 = Open System Authentication > # bit 1 = Shared Key Authentication (requires WEP) > auth_algs=3 > > ##### IEEE 802.1X (and IEEE 802.1aa/D4) related configuration #### > > # Require IEEE 802.1X authorization > ieee8021x=1 > > # Use internal minimal EAP Authentication Server for testing IEEE 802.1X. > # This should only be used for testing since it authorizes all users that > # suppot IEEE 802.1X without any keys or certificates. > minimal_eap=0 > > # Optional displayable message sent with EAP Request-Identity > eap_message=hello > > # WEP rekeying (disabled if key lengths are not set or are set to 0) > # Key lengths for default/broadcast and individual/unicast keys: > # 5 = 40-bit WEP (also known as 64-bit WEP with 40 secret bits) > # 13 = 104-bit WEP (also known as 128-bit WEP with 104 secret bits) > wep_key_len_broadcast=13 > wep_key_len_unicast=13 > # Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once) > wep_rekey_period=0 > > # EAPOL-Key index workaround (set bit7) for WinXP Supplicant (needed > only if > # only broadcast keys are used) > eapol_key_index_workaround=1 > > ##### RADIUS configuration #### > # for IEEE 802.1X with external Authentication Server, IEEE 802.11 > # authentication with external ACL for MAC addresses, and accounting > > # The own IP address of the access point (used as NAS-IP-Address) > own_ip_addr=127.0.0.1 > > # RADIUS authentication server > auth_server_addr=127.0.0.1 > auth_server_port=1812 > auth_server_shared_secret=mypassword On Wed, 09 Feb 2005 14:04:53 +0100 "David Minodier" wrote: > > Hi all, > has anyone thought of allowing hostapd to refer to an external > Radius Dictionary rather than hard-coding the minimum dictionary in > ? If not, i'd be glad to help a bit in doing that... David. > From jkmaline at cc.hut.fi Wed Feb 9 09:22:22 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 9 Feb 2005 06:22:22 -0800 Subject: Radius Dictionary In-Reply-To: <005601c50ea7$f2d7e690$0a6310ac@wd107.tamaris.tm.fr> References: <005601c50ea7$f2d7e690$0a6310ac@wd107.tamaris.tm.fr> Message-ID: <20050209142222.GA8378@jm.kir.nu> On Wed, Feb 09, 2005 at 02:04:53PM +0100, David Minodier wrote: > has anyone thought of allowing hostapd to refer to an external Radius Dictionary rather than hard-coding the minimum dictionary in ? > If not, i'd be glad to help a bit in doing that... I'm not aware of such work being done. If you can do it without increasing the size of the program considerable, it could be interesting. -- Jouni Malinen PGP id EFC895FA From andreaf at cs.columbia.edu Wed Feb 9 10:13:02 2005 From: andreaf at cs.columbia.edu (Andrea G Forte) Date: Wed, 09 Feb 2005 10:13:02 -0500 Subject: multiple wireless cards. Message-ID: <420A287E.6020704@cs.columbia.edu> Hi all. Is it possible to run two istances of the hostap driver one for each wireless card? Can hostap "control" more than one wireless card in the same machine? Thank you, Andrea From dan at adelix.com Wed Feb 9 10:20:10 2005 From: dan at adelix.com (Dan Searle) Date: Wed, 9 Feb 2005 15:20:10 +0000 Subject: multiple wireless cards. In-Reply-To: <420A287E.6020704@cs.columbia.edu> References: <420A287E.6020704@cs.columbia.edu> Message-ID: <1245865497.20050209152010@adelix.com> Hi, Of cause, just like you can have multiple ethernet interfaces using the same driver module. Dan... Wednesday, February 9, 2005, 3:13:02 PM, you wrote: > Hi all. > Is it possible to run two istances of the hostap driver one for each > wireless card? Can hostap "control" more than one wireless card in the > same machine? > Thank you, > Andrea > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > This message has been scanned for viruses by MailController - www.MailController.altohiway.com -- Dan Searle Adelix Ltd dan.searle at adelix.com web: www.adelix.com tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. Any views expressed in this email communication are those of the individual sender, except where the sender specifically states them to be the views of a member of Adelix Ltd. Adelix Ltd. does not represent, warrant or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors or interference. From andreaf at cs.columbia.edu Wed Feb 9 10:20:33 2005 From: andreaf at cs.columbia.edu (Andrea G Forte) Date: Wed, 09 Feb 2005 10:20:33 -0500 Subject: multiple wireless cards. In-Reply-To: <1245865497.20050209152010@adelix.com> References: <420A287E.6020704@cs.columbia.edu> <1245865497.20050209152010@adelix.com> Message-ID: <420A2A41.8010707@cs.columbia.edu> Thank you for the fast response. How would I do that? Is there a special command I have to issue? When I insert the first card (PCMCIA), hostap is loaded, when I insert the second one nothing happens. I am not sure how I can tell hostap to control the second card as well. Thank you, Andrea Dan Searle wrote: >Hi, > >Of cause, just like you can have multiple ethernet interfaces using >the same driver module. > >Dan... > >Wednesday, February 9, 2005, 3:13:02 PM, you wrote: > > > >>Hi all. >>Is it possible to run two istances of the hostap driver one for each >>wireless card? Can hostap "control" more than one wireless card in the >>same machine? >> >> > > > >>Thank you, >>Andrea >>_______________________________________________ >>HostAP mailing list >>HostAP at shmoo.com >>http://lists.shmoo.com/mailman/listinfo/hostap >> >> > > > > >>This message has been scanned for viruses by MailController - www.MailController.altohiway.com >> >> > > >-- > >Dan Searle >Adelix Ltd >dan.searle at adelix.com web: www.adelix.com >tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 >snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. > >Any views expressed in this email communication are those >of the individual sender, except where the sender specifically states >them to be the views of a member of Adelix Ltd. Adelix Ltd. does not >represent, warrant or guarantee that the integrity of this communication >has been maintained nor that the communication is free of errors or >interference. > > From dan at adelix.com Wed Feb 9 10:28:20 2005 From: dan at adelix.com (Dan Searle) Date: Wed, 9 Feb 2005 15:28:20 +0000 Subject: multiple wireless cards. In-Reply-To: <420A2A41.8010707@cs.columbia.edu> References: <420A287E.6020704@cs.columbia.edu> <1245865497.20050209152010@adelix.com> <420A2A41.8010707@cs.columbia.edu> Message-ID: <672204621.20050209152820@adelix.com> Hi, Very strange, is the card being detected by the system card manager? I.e. after inserting the second card run: # cardctl status before and after inserting the second card and see if the PCMCIA hot-plug sub-system is even detecting the card or not. Regards, Dan... Wednesday, February 9, 2005, 3:20:33 PM, you wrote: > Thank you for the fast response. > How would I do that? Is there a special command I have to issue? When I > insert the first card (PCMCIA), hostap is loaded, when I insert the > second one nothing happens. I am not sure how I can tell hostap to > control the second card as well. > Thank you, > Andrea > Dan Searle wrote: >>Hi, >> >>Of cause, just like you can have multiple ethernet interfaces using >>the same driver module. >> >>Dan... >> >>Wednesday, February 9, 2005, 3:13:02 PM, you wrote: >> >> >> >>>Hi all. >>>Is it possible to run two istances of the hostap driver one for each >>>wireless card? Can hostap "control" more than one wireless card in the >>>same machine? >>> >>> >> >> >> >>>Thank you, >>>Andrea >>>_______________________________________________ >>>HostAP mailing list >>>HostAP at shmoo.com >>>http://lists.shmoo.com/mailman/listinfo/hostap >>> >>> >> >> >> >> >>>This message has been scanned for viruses by MailController - >>>www.MailController.altohiway.com >>> >>> >> >> >>-- >> >>Dan Searle >>Adelix Ltd >>dan.searle at adelix.com web: www.adelix.com >>tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 >>snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. >> >>Any views expressed in this email communication are those >>of the individual sender, except where the sender specifically states >>them to be the views of a member of Adelix Ltd. Adelix Ltd. does not >>represent, warrant or guarantee that the integrity of this communication >>has been maintained nor that the communication is free of errors or >>interference. >> >> > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap -- Dan Searle Adelix Ltd dan.searle at adelix.com web: www.adelix.com tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. Any views expressed in this email communication are those of the individual sender, except where the sender specifically states them to be the views of a member of Adelix Ltd. Adelix Ltd. does not represent, warrant or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors or interference. From andreaf at cs.columbia.edu Wed Feb 9 11:21:12 2005 From: andreaf at cs.columbia.edu (Andrea G Forte) Date: Wed, 09 Feb 2005 11:21:12 -0500 Subject: multiple wireless cards. In-Reply-To: <672204621.20050209152820@adelix.com> References: <420A287E.6020704@cs.columbia.edu> <1245865497.20050209152010@adelix.com> <420A2A41.8010707@cs.columbia.edu> <672204621.20050209152820@adelix.com> Message-ID: <420A3878.8040500@cs.columbia.edu> Yes, now it worked. I guess it was a problem with the card manager. Thank you very much. Andrea Dan Searle wrote: >Hi, > >Very strange, is the card being detected by the system card manager? >I.e. after inserting the second card run: > ># cardctl status > >before and after inserting the second card and see if the PCMCIA >hot-plug sub-system is even detecting the card or not. > >Regards, Dan... > >Wednesday, February 9, 2005, 3:20:33 PM, you wrote: > > > >>Thank you for the fast response. >>How would I do that? Is there a special command I have to issue? When I >>insert the first card (PCMCIA), hostap is loaded, when I insert the >>second one nothing happens. I am not sure how I can tell hostap to >>control the second card as well. >> >> > > > >>Thank you, >>Andrea >> >> > > > > >>Dan Searle wrote: >> >> > > > >>>Hi, >>> >>>Of cause, just like you can have multiple ethernet interfaces using >>>the same driver module. >>> >>>Dan... >>> >>>Wednesday, February 9, 2005, 3:13:02 PM, you wrote: >>> >>> >>> >>> >>> >>>>Hi all. >>>>Is it possible to run two istances of the hostap driver one for each >>>>wireless card? Can hostap "control" more than one wireless card in the >>>>same machine? >>>> >>>> >>>> >>>> >>> >>> >>> >>> >>>>Thank you, >>>>Andrea >>>>_______________________________________________ >>>>HostAP mailing list >>>>HostAP at shmoo.com >>>>http://lists.shmoo.com/mailman/listinfo/hostap >>>> >>>> >>>> >>>> >>> >>> >>> >>> >>>>This message has been scanned for viruses by MailController - >>>>www.MailController.altohiway.com >>>> >>>> >>>> >>>> >>>-- >>> >>>Dan Searle >>>Adelix Ltd >>>dan.searle at adelix.com web: www.adelix.com >>>tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 >>>snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. >>> >>>Any views expressed in this email communication are those >>>of the individual sender, except where the sender specifically states >>>them to be the views of a member of Adelix Ltd. Adelix Ltd. does not >>>represent, warrant or guarantee that the integrity of this communication >>>has been maintained nor that the communication is free of errors or >>>interference. >>> >>> >>> >>> > > > >>_______________________________________________ >>HostAP mailing list >>HostAP at shmoo.com >>http://lists.shmoo.com/mailman/listinfo/hostap >> >> > > >-- > >Dan Searle >Adelix Ltd >dan.searle at adelix.com web: www.adelix.com >tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 >snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. > >Any views expressed in this email communication are those >of the individual sender, except where the sender specifically states >them to be the views of a member of Adelix Ltd. Adelix Ltd. does not >represent, warrant or guarantee that the integrity of this communication >has been maintained nor that the communication is free of errors or >interference. > > From gbur at informatik.uni-rostock.de Wed Feb 9 11:46:49 2005 From: gbur at informatik.uni-rostock.de (Gunter Burchardt) Date: Wed, 9 Feb 2005 17:46:49 +0100 Subject: Radius Dictionary In-Reply-To: <005601c50ea7$f2d7e690$0a6310ac@wd107.tamaris.tm.fr> References: <005601c50ea7$f2d7e690$0a6310ac@wd107.tamaris.tm.fr> Message-ID: <20050209164649.GF14883@informatik.uni-rostock.de> > Hi all, > has anyone thought of allowing hostapd to refer to an external Radius Dictionary rather than hard-coding the minimum dictionary in ? > If not, i'd be glad to help a bit in doing that... > David. I planed to this work. But i have no time to do it. Freeradius has a good library of parsing such dictionaries. It would be realativly easy to include this into hostapd. But where do you need this fields? There is (at the moment) no way to use radius values out of hostapd. regards gunter From ged at jubileegroup.co.uk Wed Feb 9 12:49:22 2005 From: ged at jubileegroup.co.uk (Ged Haywood) Date: Wed, 9 Feb 2005 17:49:22 +0000 (GMT) Subject: txpower settings. (Ajeet) In-Reply-To: <20050209135518.6F06B2BFB2@mail.iocaine.com> References: <20050209135518.6F06B2BFB2@mail.iocaine.com> Message-ID: Hi there, On Wed, 9 Feb 2005 Ajeet wrote: > I am building a WLAN testbed(2 prism2 based APs and one prism2based STA) > in a small room, so need to reduce the power of APs so i can do > handover in a small room while moving away from one AP to the other AP. > ... > So what do i need to do to reduce trasmitt power of APs. I think you might need to do more than reduce the AP transmit power, since you would not be reducing the AP receiver sensitivity at the same time. It might be better to put a simple divider network between the antenna and the AP. You could also try for example simply using a dummy load instead of an antenna on the APs. 73, Ged. From gbaker at cs.mun.ca Wed Feb 9 13:53:05 2005 From: gbaker at cs.mun.ca (Greg Baker) Date: Wed, 9 Feb 2005 15:23:05 -0330 Subject: WPA+EAP-PEAP+MSCHAPv2 Problem Message-ID: <200502091523.05278.gbaker@cs.mun.ca> Hi guys, this is my first post to this list. Apologies if this is a known issue.. I'm trying to connect to the wireless network at my school and am having problems. It connects fine in Windows, but not Linux. I'm not sure what is relevant for help, so I'll post the output from wpa_supplicant: ------- [root at nimba greg]# wpa_supplicant -dw -c /etc/wpa_supplicant.conf -i ath0 -D madwifi Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group=0 eapol_version=1 ap_scan=1 Priority group 0 id=0 ssid='stu' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 wpa_driver_madwifi_set_wpa: enabled=1 wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_del_key: keyidx=1 wpa_driver_madwifi_del_key: keyidx=2 wpa_driver_madwifi_del_key: keyidx=3 wpa_driver_madwifi_set_countermeasures: enabled=0 wpa_driver_madwifi_set_drop_unencrypted: enabled=1 Setting scan request: 0 sec 100000 usec l2_packet_receive - recv: Network is down Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=3): 73 74 75 stu RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added Wireless event: cmd=0x8b1a len=15 Wireless event: cmd=0x8b19 len=12 Received 538 bytes of scan results (2 BSSes) Scan results: 2 Selecting BSS from priority group 0 0: 00:11:92:49:54:20 ssid='stu' wpa_ie_len=26 rsn_ie_len=0 selected Trying to associate with 00:11:92:49:54:20 (SSID='stu' freq=2412 MHz) Cancelling scan request WPA: using IEEE 802.11i/D3.0 WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_del_key: keyidx=1 wpa_driver_madwifi_del_key: keyidx=2 wpa_driver_madwifi_del_key: keyidx=3 wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_set_drop_unencrypted: enabled=1 wpa_driver_madwifi_associate Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=15 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:11:92:49:54:20 Association event - clear replay counter Associated to a new BSS: BSSID=00:11:92:49:54:20 wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_del_key: keyidx=1 wpa_driver_madwifi_del_key: keyidx=2 wpa_driver_madwifi_del_key: keyidx=3 wpa_driver_madwifi_del_key: keyidx=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec RX EAPOL from 00:11:92:49:54:20 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=1 EAP: EAP entering state IDENTITY EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=6): 67 62 61 6b 65 72 gbaker EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 50, expecting at least 99 RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:11:92:49:54:20 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=2 EAP: EAP entering state IDENTITY EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=6): 67 62 61 6b 65 72 gbaker EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 50, expecting at least 99 RX EAPOL from 00:11:92:49:54:20 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=17 id=118 EAP: EAP entering state GET_METHOD EAP: Building EAP-Nak (requested type 17 not allowed) EAP: allowed methods - hexdump(len=1): 19 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 50, expecting at least 99 RX EAPOL from 00:11:92:49:54:20 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=25 id=119 EAP: EAP entering state GET_METHOD EAP-PEAP: Forced PEAP version 1 EAP-PEAP: Phase2 type: MSCHAPV2 EAP: EAP entering state METHOD EAP-PEAP: Received packet(len=6) - Flags 0x21 EAP-PEAP: Start (server ver=1, own ver=1) EAP-PEAP: Using PEAP version 1 SSL: (where=0x10 ret=0x1) SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:before/connect initialization SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client hello A SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read server hello A SSL: SSL_connect - want more data SSL: 102 bytes left to be sent out (of total 102 bytes) EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 50, expecting at least 99 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Setting scan request: 0 sec 100000 usec EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 Disconnect event - remove keys wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_del_key: keyidx=1 wpa_driver_madwifi_del_key: keyidx=2 wpa_driver_madwifi_del_key: keyidx=3 wpa_driver_madwifi_del_key: keyidx=0 RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added Starting AP scan (broadcast SSID) Wireless event: cmd=0x8b1a len=12 Wireless event: cmd=0x8b19 len=12 Received 392 bytes of scan results (2 BSSes) Scan results: 2 Selecting BSS from priority group 0 0: 00:11:92:49:54:20 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 1: 00:11:92:49:5d:00 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE No suitable AP found. Setting scan request: 5 sec 0 usec Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=3): 73 74 75 stu Wireless event: cmd=0x8b1a len=15 Wireless event: cmd=0x8b19 len=12 Received 465 bytes of scan results (2 BSSes) Scan results: 2 Selecting BSS from priority group 0 0: 00:11:92:49:54:20 ssid='stu' wpa_ie_len=26 rsn_ie_len=0 selected Trying to associate with 00:11:92:49:54:20 (SSID='stu' freq=2412 MHz) Cancelling scan request WPA: using IEEE 802.11i/D3.0 WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_del_key: keyidx=1 wpa_driver_madwifi_del_key: keyidx=2 wpa_driver_madwifi_del_key: keyidx=3 wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_set_drop_unencrypted: enabled=1 wpa_driver_madwifi_associate Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=15 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:11:92:49:54:20 Association event - clear replay counter Associated to a new BSS: BSSID=00:11:92:49:54:20 wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_del_key: keyidx=1 wpa_driver_madwifi_del_key: keyidx=2 wpa_driver_madwifi_del_key: keyidx=3 wpa_driver_madwifi_del_key: keyidx=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec RX EAPOL from 00:11:92:49:54:20 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=1 EAP: EAP entering state IDENTITY EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=6): 67 62 61 6b 65 72 gbaker EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 50, expecting at least 99 RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:11:92:49:54:20 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=2 EAP: EAP entering state IDENTITY EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=6): 67 62 61 6b 65 72 gbaker EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 50, expecting at least 99 RX EAPOL from 00:11:92:49:54:20 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=17 id=131 EAP: EAP entering state GET_METHOD EAP: Building EAP-Nak (requested type 17 not allowed) EAP: allowed methods - hexdump(len=1): 19 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 50, expecting at least 99 RX EAPOL from 00:11:92:49:54:20 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=25 id=132 EAP: EAP entering state GET_METHOD EAP-PEAP: Forced PEAP version 1 EAP-PEAP: Phase2 type: MSCHAPV2 EAP: EAP entering state METHOD EAP-PEAP: Received packet(len=6) - Flags 0x21 EAP-PEAP: Start (server ver=1, own ver=1) EAP-PEAP: Using PEAP version 1 SSL: (where=0x10 ret=0x1) SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:before/connect initialization SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client hello A SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read server hello A SSL: SSL_connect - want more data SSL: 102 bytes left to be sent out (of total 102 bytes) EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 50, expecting at least 99 Signal 2 received - terminating wpa_driver_madwifi_deauthenticate wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_del_key: keyidx=1 wpa_driver_madwifi_del_key: keyidx=2 wpa_driver_madwifi_del_key: keyidx=3 wpa_driver_madwifi_del_key: keyidx=0 EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 wpa_driver_madwifi_set_wpa: enabled=0 wpa_driver_madwifi_set_drop_unencrypted: enabled=0 wpa_driver_madwifi_set_countermeasures: enabled=0 ...and so on ad infinitum.. Most of this is gibberish to me..... So hopefully someone can figure out exactly where this is dying.. Here's my wpa_supplicant.conf file: ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=0 eapol_version=1 # <-- not sure what this does ap_scan=1 # <-- needed to associate with ap network={ ssid="stu" scan_ssid=1 key_mgmt=WPA-EAP eap=PEAP pairwise=TKIP group=TKIP identity="gbaker" password="........." phase1="peapver=1 peaplabel=1" phase2="auth=MSCHAPV2" } Now, I've tried changing some of the settings above (like peapver and peaplabel) but don't ever get any farther. One thing I'm not sure about, do I need to have a certificate defined? The APs here provide the certificate, and they are not validated. One last thing, after doing an analysis of packets from both windows and linux, here is a summary of what happens me: EAPOL-Start AP: EAP Request ID me: EAP Response ID AP: EAP Request, EAP-Cisco Wireless (LEAP) [Norman] me: EAP Response NAK AP: EAP Request PEAP [Palekar] Here's where it begins to get funky.. Windows and the AP discuss a couple of more PEAP things while in linux it goes straight to "TLS Client Hello"... There are two more packets from both windows and the AP here before the TLS hello.. Can anyone give me some insight as to what I'm missing?? Thanks, and really sorry about the long post. Greg From andreaf at cs.columbia.edu Wed Feb 9 14:17:08 2005 From: andreaf at cs.columbia.edu (Andrea G Forte) Date: Wed, 09 Feb 2005 14:17:08 -0500 Subject: Null function when scanning. Message-ID: <420A61B4.6040407@cs.columbia.edu> Hi all, I am wondering if you have any idea why when scanning, a few "Null function (No Data)" packets are sent. Do you know if this is a firmware bug or why are we sending such packets? It always happens when probe frames are sent/received. Thank you, Andrea From gbaker at cs.mun.ca Wed Feb 9 14:25:14 2005 From: gbaker at cs.mun.ca (Greg Baker) Date: Wed, 9 Feb 2005 15:55:14 -0330 Subject: WPA+EAP-PEAP+MSCHAPv2 Problem In-Reply-To: <200502091523.05278.gbaker@cs.mun.ca> References: <200502091523.05278.gbaker@cs.mun.ca> Message-ID: <200502091555.14600.gbaker@cs.mun.ca> Sorry to reply to my own post, but I wanted to add something.. I ran a packet dump on another wireless computer and realized that when doing the TLS handshake, the PEAP version is actually switched to version 0. I changed the phase1 line in my config file to use peapver=0, but it still dies after it sends the TLS handshake. Actually, it's almost as if it doesn't even wait for the AP to reply, it almost instantly begins the entire process over again. Thanks, Greg On February 9, 2005 03:23 pm, Greg Baker wrote: > Hi guys, this is my first post to this list. Apologies if this is a known > issue.. > > I'm trying to connect to the wireless network at my school and am having > problems. It connects fine in Windows, but not Linux. > > I'm not sure what is relevant for help, so I'll post the output from > wpa_supplicant: > > ------- > [root at nimba greg]# wpa_supplicant -dw -c /etc/wpa_supplicant.conf -i ath0 > -D madwifi > Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' > Reading configuration file '/etc/wpa_supplicant.conf' > ctrl_interface='/var/run/wpa_supplicant' > ctrl_interface_group=0 > eapol_version=1 > ap_scan=1 > Priority group 0 > id=0 ssid='stu' > EAPOL: SUPP_PAE entering state DISCONNECTED > EAPOL: KEY_RX entering state NO_KEY_RECEIVE > EAPOL: SUPP_BE entering state INITIALIZE > EAP: EAP entering state DISABLED > EAPOL: External notification - portEnabled=0 > EAPOL: External notification - portValid=0 > wpa_driver_madwifi_set_wpa: enabled=1 > wpa_driver_madwifi_del_key: keyidx=0 > wpa_driver_madwifi_del_key: keyidx=1 > wpa_driver_madwifi_del_key: keyidx=2 > wpa_driver_madwifi_del_key: keyidx=3 > wpa_driver_madwifi_set_countermeasures: enabled=0 > wpa_driver_madwifi_set_drop_unencrypted: enabled=1 > Setting scan request: 0 sec 100000 usec > l2_packet_receive - recv: Network is down > Starting AP scan (specific SSID) > Scan SSID - hexdump_ascii(len=3): > 73 74 75 stu > RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added > RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added > Wireless event: cmd=0x8b1a len=15 > Wireless event: cmd=0x8b19 len=12 > Received 538 bytes of scan results (2 BSSes) > Scan results: 2 > Selecting BSS from priority group 0 > 0: 00:11:92:49:54:20 ssid='stu' wpa_ie_len=26 rsn_ie_len=0 > selected > Trying to associate with 00:11:92:49:54:20 (SSID='stu' freq=2412 MHz) > Cancelling scan request > WPA: using IEEE 802.11i/D3.0 > WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 > 00 00 50 f2 02 01 00 00 50 f2 01 > wpa_driver_madwifi_del_key: keyidx=0 > wpa_driver_madwifi_del_key: keyidx=1 > wpa_driver_madwifi_del_key: keyidx=2 > wpa_driver_madwifi_del_key: keyidx=3 > wpa_driver_madwifi_del_key: keyidx=0 > wpa_driver_madwifi_set_drop_unencrypted: enabled=1 > wpa_driver_madwifi_associate > Setting authentication timeout: 5 sec 0 usec > EAPOL: External notification - portControl=Auto > Wireless event: cmd=0x8b1a len=15 > Wireless event: cmd=0x8b15 len=20 > Wireless event: new AP: 00:11:92:49:54:20 > Association event - clear replay counter > Associated to a new BSS: BSSID=00:11:92:49:54:20 > wpa_driver_madwifi_del_key: keyidx=0 > wpa_driver_madwifi_del_key: keyidx=1 > wpa_driver_madwifi_del_key: keyidx=2 > wpa_driver_madwifi_del_key: keyidx=3 > wpa_driver_madwifi_del_key: keyidx=0 > EAPOL: External notification - portValid=0 > EAPOL: External notification - portEnabled=1 > EAPOL: SUPP_PAE entering state CONNECTING > EAPOL: txStart > EAPOL: SUPP_BE entering state IDLE > EAP: EAP entering state INITIALIZE > EAP: EAP entering state IDLE > Setting authentication timeout: 10 sec 0 usec > RX EAPOL from 00:11:92:49:54:20 > Setting authentication timeout: 70 sec 0 usec > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_PAE entering state RESTART > EAP: EAP entering state INITIALIZE > EAP: EAP entering state IDLE > EAPOL: SUPP_PAE entering state AUTHENTICATING > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request method=1 id=1 > EAP: EAP entering state IDENTITY > EAP: EAP-Request Identity data - hexdump_ascii(len=0): > EAP: using real identity - hexdump_ascii(len=6): > 67 62 61 6b 65 72 gbaker > EAP: EAP entering state SEND_RESPONSE > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RESPONSE > EAPOL: txSuppRsp > EAPOL: SUPP_BE entering state RECEIVE > WPA: EAPOL frame too short, len 50, expecting at least 99 > RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added > RX EAPOL from 00:11:92:49:54:20 > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request method=1 id=2 > EAP: EAP entering state IDENTITY > EAP: EAP-Request Identity data - hexdump_ascii(len=0): > EAP: using real identity - hexdump_ascii(len=6): > 67 62 61 6b 65 72 gbaker > EAP: EAP entering state SEND_RESPONSE > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RESPONSE > EAPOL: txSuppRsp > EAPOL: SUPP_BE entering state RECEIVE > WPA: EAPOL frame too short, len 50, expecting at least 99 > RX EAPOL from 00:11:92:49:54:20 > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request method=17 id=118 > EAP: EAP entering state GET_METHOD > EAP: Building EAP-Nak (requested type 17 not allowed) > EAP: allowed methods - hexdump(len=1): 19 > EAP: EAP entering state SEND_RESPONSE > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RESPONSE > EAPOL: txSuppRsp > EAPOL: SUPP_BE entering state RECEIVE > WPA: EAPOL frame too short, len 50, expecting at least 99 > RX EAPOL from 00:11:92:49:54:20 > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request method=25 id=119 > EAP: EAP entering state GET_METHOD > EAP-PEAP: Forced PEAP version 1 > EAP-PEAP: Phase2 type: MSCHAPV2 > EAP: EAP entering state METHOD > EAP-PEAP: Received packet(len=6) - Flags 0x21 > EAP-PEAP: Start (server ver=1, own ver=1) > EAP-PEAP: Using PEAP version 1 > SSL: (where=0x10 ret=0x1) > SSL: (where=0x1001 ret=0x1) > SSL: SSL_connect:before/connect initialization > SSL: (where=0x1001 ret=0x1) > SSL: SSL_connect:SSLv3 write client hello A > SSL: (where=0x1002 ret=0xffffffff) > SSL: SSL_connect:error in SSLv3 read server hello A > SSL: SSL_connect - want more data > SSL: 102 bytes left to be sent out (of total 102 bytes) > EAP: EAP entering state SEND_RESPONSE > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RESPONSE > EAPOL: txSuppRsp > EAPOL: SUPP_BE entering state RECEIVE > WPA: EAPOL frame too short, len 50, expecting at least 99 > Wireless event: cmd=0x8b15 len=20 > Wireless event: new AP: 00:00:00:00:00:00 > Setting scan request: 0 sec 100000 usec > EAPOL: External notification - portEnabled=0 > EAPOL: SUPP_PAE entering state DISCONNECTED > EAPOL: SUPP_BE entering state INITIALIZE > EAP: EAP entering state DISABLED > EAPOL: External notification - portValid=0 > Disconnect event - remove keys > wpa_driver_madwifi_del_key: keyidx=0 > wpa_driver_madwifi_del_key: keyidx=1 > wpa_driver_madwifi_del_key: keyidx=2 > wpa_driver_madwifi_del_key: keyidx=3 > wpa_driver_madwifi_del_key: keyidx=0 > RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added > Starting AP scan (broadcast SSID) > Wireless event: cmd=0x8b1a len=12 > Wireless event: cmd=0x8b19 len=12 > Received 392 bytes of scan results (2 BSSes) > Scan results: 2 > Selecting BSS from priority group 0 > 0: 00:11:92:49:54:20 ssid='' wpa_ie_len=0 rsn_ie_len=0 > skip - no WPA/RSN IE > 1: 00:11:92:49:5d:00 ssid='' wpa_ie_len=0 rsn_ie_len=0 > skip - no WPA/RSN IE > No suitable AP found. > Setting scan request: 5 sec 0 usec > Starting AP scan (specific SSID) > Scan SSID - hexdump_ascii(len=3): > 73 74 75 stu > Wireless event: cmd=0x8b1a len=15 > Wireless event: cmd=0x8b19 len=12 > Received 465 bytes of scan results (2 BSSes) > Scan results: 2 > Selecting BSS from priority group 0 > 0: 00:11:92:49:54:20 ssid='stu' wpa_ie_len=26 rsn_ie_len=0 > selected > Trying to associate with 00:11:92:49:54:20 (SSID='stu' freq=2412 MHz) > Cancelling scan request > WPA: using IEEE 802.11i/D3.0 > WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 > 00 00 50 f2 02 01 00 00 50 f2 01 > wpa_driver_madwifi_del_key: keyidx=0 > wpa_driver_madwifi_del_key: keyidx=1 > wpa_driver_madwifi_del_key: keyidx=2 > wpa_driver_madwifi_del_key: keyidx=3 > wpa_driver_madwifi_del_key: keyidx=0 > wpa_driver_madwifi_set_drop_unencrypted: enabled=1 > wpa_driver_madwifi_associate > Setting authentication timeout: 5 sec 0 usec > EAPOL: External notification - portControl=Auto > Wireless event: cmd=0x8b1a len=15 > Wireless event: cmd=0x8b15 len=20 > Wireless event: new AP: 00:11:92:49:54:20 > Association event - clear replay counter > Associated to a new BSS: BSSID=00:11:92:49:54:20 > wpa_driver_madwifi_del_key: keyidx=0 > wpa_driver_madwifi_del_key: keyidx=1 > wpa_driver_madwifi_del_key: keyidx=2 > wpa_driver_madwifi_del_key: keyidx=3 > wpa_driver_madwifi_del_key: keyidx=0 > EAPOL: External notification - portValid=0 > EAPOL: External notification - portEnabled=1 > EAPOL: SUPP_PAE entering state CONNECTING > EAPOL: txStart > EAPOL: SUPP_BE entering state IDLE > EAP: EAP entering state INITIALIZE > EAP: EAP entering state IDLE > Setting authentication timeout: 10 sec 0 usec > RX EAPOL from 00:11:92:49:54:20 > Setting authentication timeout: 70 sec 0 usec > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_PAE entering state RESTART > EAP: EAP entering state INITIALIZE > EAP: EAP entering state IDLE > EAPOL: SUPP_PAE entering state AUTHENTICATING > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request method=1 id=1 > EAP: EAP entering state IDENTITY > EAP: EAP-Request Identity data - hexdump_ascii(len=0): > EAP: using real identity - hexdump_ascii(len=6): > 67 62 61 6b 65 72 gbaker > EAP: EAP entering state SEND_RESPONSE > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RESPONSE > EAPOL: txSuppRsp > EAPOL: SUPP_BE entering state RECEIVE > WPA: EAPOL frame too short, len 50, expecting at least 99 > RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added > RX EAPOL from 00:11:92:49:54:20 > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request method=1 id=2 > EAP: EAP entering state IDENTITY > EAP: EAP-Request Identity data - hexdump_ascii(len=0): > EAP: using real identity - hexdump_ascii(len=6): > 67 62 61 6b 65 72 gbaker > EAP: EAP entering state SEND_RESPONSE > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RESPONSE > EAPOL: txSuppRsp > EAPOL: SUPP_BE entering state RECEIVE > WPA: EAPOL frame too short, len 50, expecting at least 99 > RX EAPOL from 00:11:92:49:54:20 > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request method=17 id=131 > EAP: EAP entering state GET_METHOD > EAP: Building EAP-Nak (requested type 17 not allowed) > EAP: allowed methods - hexdump(len=1): 19 > EAP: EAP entering state SEND_RESPONSE > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RESPONSE > EAPOL: txSuppRsp > EAPOL: SUPP_BE entering state RECEIVE > WPA: EAPOL frame too short, len 50, expecting at least 99 > RX EAPOL from 00:11:92:49:54:20 > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request method=25 id=132 > EAP: EAP entering state GET_METHOD > EAP-PEAP: Forced PEAP version 1 > EAP-PEAP: Phase2 type: MSCHAPV2 > EAP: EAP entering state METHOD > EAP-PEAP: Received packet(len=6) - Flags 0x21 > EAP-PEAP: Start (server ver=1, own ver=1) > EAP-PEAP: Using PEAP version 1 > SSL: (where=0x10 ret=0x1) > SSL: (where=0x1001 ret=0x1) > SSL: SSL_connect:before/connect initialization > SSL: (where=0x1001 ret=0x1) > SSL: SSL_connect:SSLv3 write client hello A > SSL: (where=0x1002 ret=0xffffffff) > SSL: SSL_connect:error in SSLv3 read server hello A > SSL: SSL_connect - want more data > SSL: 102 bytes left to be sent out (of total 102 bytes) > EAP: EAP entering state SEND_RESPONSE > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RESPONSE > EAPOL: txSuppRsp > EAPOL: SUPP_BE entering state RECEIVE > WPA: EAPOL frame too short, len 50, expecting at least 99 > Signal 2 received - terminating > wpa_driver_madwifi_deauthenticate > wpa_driver_madwifi_del_key: keyidx=0 > wpa_driver_madwifi_del_key: keyidx=1 > wpa_driver_madwifi_del_key: keyidx=2 > wpa_driver_madwifi_del_key: keyidx=3 > wpa_driver_madwifi_del_key: keyidx=0 > EAPOL: External notification - portEnabled=0 > EAPOL: SUPP_PAE entering state DISCONNECTED > EAPOL: SUPP_BE entering state INITIALIZE > EAP: EAP entering state DISABLED > EAPOL: External notification - portValid=0 > wpa_driver_madwifi_set_wpa: enabled=0 > wpa_driver_madwifi_set_drop_unencrypted: enabled=0 > wpa_driver_madwifi_set_countermeasures: enabled=0 > > > ...and so on ad infinitum.. > > Most of this is gibberish to me..... So hopefully someone can figure out > exactly where this is dying.. > > Here's my wpa_supplicant.conf file: > > ctrl_interface=/var/run/wpa_supplicant > ctrl_interface_group=0 > eapol_version=1 # <-- not sure what this does > ap_scan=1 # <-- needed to associate with ap > network={ > ssid="stu" > scan_ssid=1 > key_mgmt=WPA-EAP > eap=PEAP > pairwise=TKIP > group=TKIP > identity="gbaker" > password="........." > phase1="peapver=1 peaplabel=1" > phase2="auth=MSCHAPV2" > } > > Now, I've tried changing some of the settings above (like peapver and > peaplabel) but don't ever get any farther. > > One thing I'm not sure about, do I need to have a certificate defined? The > APs here provide the certificate, and they are not validated. > > One last thing, after doing an analysis of packets from both windows and > linux, here is a summary of what happens > > me: EAPOL-Start > AP: EAP Request ID > me: EAP Response ID > AP: EAP Request, EAP-Cisco Wireless (LEAP) [Norman] > me: EAP Response NAK > AP: EAP Request PEAP [Palekar] > > Here's where it begins to get funky.. Windows and the AP discuss a couple > of more PEAP things while in linux it goes straight to "TLS Client > Hello"... > > There are two more packets from both windows and the AP here before the TLS > hello.. > > Can anyone give me some insight as to what I'm missing?? > > Thanks, and really sorry about the long post. > Greg > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap From nomesigas at gmail.com Wed Feb 9 15:06:55 2005 From: nomesigas at gmail.com (Nomellames nunca) Date: Wed, 9 Feb 2005 15:06:55 -0500 Subject: Multiple wired interfaces In-Reply-To: <20050209102030.GE14883@informatik.uni-rostock.de> References: <005701c50e8d$9aeb0bc0$0a6310ac@wd107.tamaris.tm.fr> <20050209102030.GE14883@informatik.uni-rostock.de> Message-ID: <6fd9cabb050209120676bdb3a6@mail.gmail.com> Hello, I am going to test the PAE module (and patches) in 2.6.9. Just to check, what is the current status? anybody had any success using the wired hostapd driver with 2.6.x kernels? I saw the thread earlier this month, that why I am asking, Thanks!!!! Jesus On Wed, 9 Feb 2005 11:20:30 +0100, Gunter Burchardt wrote: > > Hi, > > is it possible to run *one* instance of hostap that performs access control > > on *more than one* Ethernet cards (wired) ? > > Yes! > > > If so, what does the 'interface=eth0' line looks like in the wired.conf ? > > This line specifies the interface hostapd works on. To run one instance > of hostapd on more than one interface simply write one wired.conf for > each interface (eg. wired.eth0.conf wired.eth1.conf) and start hostapd > with following command: > > hostapd wired.eth0.conf wired.eth1.conf > > regards > gunter > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > From gbur at informatik.uni-rostock.de Wed Feb 9 15:12:25 2005 From: gbur at informatik.uni-rostock.de (Gunter Burchardt) Date: Wed, 9 Feb 2005 21:12:25 +0100 Subject: Multiple wired interfaces In-Reply-To: <6fd9cabb050209120676bdb3a6@mail.gmail.com> References: <005701c50e8d$9aeb0bc0$0a6310ac@wd107.tamaris.tm.fr> <20050209102030.GE14883@informatik.uni-rostock.de> <6fd9cabb050209120676bdb3a6@mail.gmail.com> Message-ID: <20050209201225.GG14883@informatik.uni-rostock.de> > I am going to test the PAE module (and patches) in 2.6.9. Just to > check, what is the current status? anybody had any success using the > wired hostapd driver with 2.6.x kernels? I saw the thread earlier this > month, that why I am asking, Yes, there are success with pae and kernel 2.6 . The main problem was to bring layer2 patch to kernel 2.6 . Im maintainer of pae module. I will release pae version 0.0.3 in next day which will support kernel 2.6. regards gunter From sime at anticd.org Wed Feb 9 20:11:37 2005 From: sime at anticd.org (Simon Males) Date: Thu, 10 Feb 2005 12:11:37 +1100 Subject: 0.3.6 conf error Message-ID: <420AB4C9.8060402@anticd.org> I cannot use the same wpa_supplicant.conf file for 0.3.6 and 0.2.6. 0.3.6 gives the following error: # ./wpa_supplicant -ieth0 -c/etc/wpa_supplicant.conf -Dipw2100 Line 17: Invalid configuration line 'ctrl_interface=/var/run/wpa_supplicant'. Line 32: Invalid configuration line 'ctrl_interface_group=0'. Failed to read configuration file '/etc/wpa_supplicant.conf'. 0.2.6 doesn't have a problem with the conf, but does have another problem: # ./wpa_supplicant -ieth0 -c/etc/wpa_supplicant.conf -Dipw2100 Failed to initiate AP scan. I'm using IPW2200 1.0.1. Below are links to the -dd output of the above commands. http://anticd.org/wifi/ -- Simon Males No More AOL CDs Australia - www.anticd.org From andreaf at cs.columbia.edu Wed Feb 9 20:22:55 2005 From: andreaf at cs.columbia.edu (Andrea G Forte) Date: Wed, 09 Feb 2005 20:22:55 -0500 Subject: hostap passive scanning. Message-ID: <420AB76F.6070606@cs.columbia.edu> Hi all, I have been reading the past threads but I could not find anything about my specific problem. If you know of a past thread about my same problem please let me know and I wont bug the list any longer. :) I noticed that passive scanning works correctly (writing the results of the scan to file) only if hostAP is in Master mode. When hostap is in Managed mode the channels are changed but no results are written to file. I am using hostap 0.1.3. and the commands I use are: iwpriv wlan0 ap_scan 1 iwpriv wlan0 other_ap_policy 2 (and 3 as well). Then I check the file: /proc/net/hostap/wlan0/ap In Master mode I have the results, in Managed mode the file is empty. Your help is very much appreciated. Thank you, Andrea From jkmaline at cc.hut.fi Wed Feb 9 22:15:34 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 9 Feb 2005 19:15:34 -0800 Subject: WPA+EAP-PEAP+MSCHAPv2 Problem In-Reply-To: <200502091523.05278.gbaker@cs.mun.ca> References: <200502091523.05278.gbaker@cs.mun.ca> Message-ID: <20050210031533.GA8371@jm.kir.nu> On Wed, Feb 09, 2005 at 03:23:05PM -0330, Greg Baker wrote: > I'm trying to connect to the wireless network at my school and am having > problems. It connects fine in Windows, but not Linux. Do you have any idea what authentication server is used in this network? If it is CiscoACS, please try the 0.3.7-pre version of wpa_supplicant from http://hostap.epitest.fi/releases/testing/ and add include_tls_length=1 into the phase1 configuration variable in the network block. Based on the debug log, it looked like the access point disconnected the station immediately after receiving the first PEAP frame (TLS client hello). At least one version of the CiscoACS is believed to do this unless the frames are send in non-standard way which can now be enabled with include_tls_length=1 option. > eapol_version=1 # <-- not sure what this does Workaround for some access points that do not like EAPOL version 2. > network={ > ssid="stu" > scan_ssid=1 > key_mgmt=WPA-EAP > eap=PEAP > pairwise=TKIP > group=TKIP > identity="gbaker" > password="........." > phase1="peapver=1 peaplabel=1" > phase2="auth=MSCHAPV2" > } If this is indeed CiscoACS, it may also not like MSCHAPV2 in Phase 2 (at least when using PEAPv1), so you may also need to change that phase2 auth option to select GTC. > One thing I'm not sure about, do I need to have a certificate defined? The > APs here provide the certificate, and they are not validated. If you care about security, yes, you really do need to get the correct CA certificate and validate the server certificate. Without this, the connection is open for man-in-the-middle attack. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Wed Feb 9 22:19:03 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 9 Feb 2005 19:19:03 -0800 Subject: 0.3.6 conf error In-Reply-To: <420AB4C9.8060402@anticd.org> References: <420AB4C9.8060402@anticd.org> Message-ID: <20050210031903.GB8371@jm.kir.nu> On Thu, Feb 10, 2005 at 12:11:37PM +1100, Simon Males wrote: > I cannot use the same wpa_supplicant.conf file for 0.3.6 and 0.2.6. > 0.3.6 gives the following error: > > # ./wpa_supplicant -ieth0 -c/etc/wpa_supplicant.conf -Dipw2100 > Line 17: Invalid configuration line > 'ctrl_interface=/var/run/wpa_supplicant'. Did you include CONFIG_CTRL_IFACE=y option in .config when building wpa_supplicant? If not, support for control interface is not included. > 0.2.6 doesn't have a problem with the conf, but does have another problem: > > # ./wpa_supplicant -ieth0 -c/etc/wpa_supplicant.conf -Dipw2100 > Failed to initiate AP scan. > > I'm using IPW2200 1.0.1. Below are links to the -dd output of the above > commands. Is ipw2200 driver supposed to work with wpa_supplicant v0.2.6 and ipw2100 interface code? -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Wed Feb 9 22:21:01 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 9 Feb 2005 19:21:01 -0800 Subject: hostap passive scanning. In-Reply-To: <420AB76F.6070606@cs.columbia.edu> References: <420AB76F.6070606@cs.columbia.edu> Message-ID: <20050210032101.GC8371@jm.kir.nu> On Wed, Feb 09, 2005 at 08:22:55PM -0500, Andrea G Forte wrote: > I noticed that passive scanning works correctly (writing the results of > the scan to file) only if hostAP is in Master mode. When hostap is in > Managed mode the channels are changed but no results are written to file. > > I am using hostap 0.1.3. and the commands I use are: > iwpriv wlan0 ap_scan 1 > iwpriv wlan0 other_ap_policy 2 (and 3 as well). > Then I check the file: /proc/net/hostap/wlan0/ap > > In Master mode I have the results, in Managed mode the file is empty. This is expected behavior since this ap_scan functionality is only supported in Master mode. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Wed Feb 9 22:22:09 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 9 Feb 2005 19:22:09 -0800 Subject: Null function when scanning. In-Reply-To: <420A61B4.6040407@cs.columbia.edu> References: <420A61B4.6040407@cs.columbia.edu> Message-ID: <20050210032209.GD8371@jm.kir.nu> On Wed, Feb 09, 2005 at 02:17:08PM -0500, Andrea G Forte wrote: > I am wondering if you have any idea why when scanning, a few "Null > function (No Data)" packets are sent. Normally, these frames are used to notify the current AP that the client is moving to power save mode and the AP should buffer frames. This can be used to avoid dropping packets when the station is scanning on another channel. -- Jouni Malinen PGP id EFC895FA From david.mattes at boeing.com Wed Feb 9 22:16:22 2005 From: david.mattes at boeing.com (David Mattes) Date: Wed, 09 Feb 2005 19:16:22 -0800 Subject: Atmel and wpa_supplicant Message-ID: <420AD206.1050409@boeing.com> I have a few questions about some problems with my Atmel device and WPA: Running Fedora Core 3 with custom kernel 2.6.9. atmelwlandriver-3.4.1.0 wpa_supplicant-0.2.6 Atmel AT76C503A is an internal USB device in a PC. I think the part number is 1000WU221P02, but I have no idea who the manufacturer is. The lsusb output: Bus 002 Device 003: ID 03eb:7605 Atmel Corp. AT76c503a 802.11b Adapter I added this ID to usb/config.h USB Hub module is uhci-hcd I did no usb kernel patch I'm using Atmel module usbvnetr Is a USB patch still required for kernel 2.6.9? If trying WEP (separately from WPA) I get the following message trying to set WEP key, and strangely there is some mysterious key set(???): Error for wireless request "Set Encode" (8B2A) : SET failed on device atml0 ; Invalid argument. Below is Atmel debug output and wpa_supplicant output. Can anyone see any problems? Also, on the AP logs for WPA I see the error: Feb 9 18:50:29 airespace [ERROR] File: apf_utils.c : Line: 1146 : Received an invalid Multicast WPA OUI type. Feb 9 18:50:29 airespace [SECURITY] File: apf_80211.c : Line: 1604 : Error processing WPA Info Element from 00:06:f4:03:36:89 syslog for Atmel debug output: ------------------------------------------------------------------------------------------------------------------- eb 9 18:57:49 fctwsdev kernel: ======================= WPA Info ======================= Feb 9 18:57:49 fctwsdev kernel: airespacewpa Feb 9 18:57:49 fctwsdev kernel: ======================= WPA Info Element======================= Feb 9 18:57:49 fctwsdev kernel: dd18 050f2 1 1 0 050f2 2 1 0 050f2 2 1 0 050f2 1 0 0 Feb 9 18:57:49 fctwsdev kernel: ======================================================== Feb 9 18:57:49 fctwsdev kernel: Group Suite: 2 Feb 9 18:57:49 fctwsdev kernel: Pairwise Suite Cnt: 1 - Pairwise Suites: 02 Feb 9 18:57:49 fctwsdev kernel: Authentication Suite Cnt: 1 - Authentication Suites: 01 Feb 9 18:57:49 fctwsdev kernel: WPA Capabilities: 00-00 Feb 9 18:57:49 fctwsdev kernel: ======================================================== Feb 9 18:57:49 fctwsdev kernel: [ 6 ] : SSID: airespacewpa Feb 9 18:57:49 fctwsdev kernel: [ 7 ] : SSID: Feb 9 18:57:49 fctwsdev kernel: [ 8 ] : SSID: Feb 9 18:57:49 fctwsdev kernel: last cmd: Scan Feb 9 18:57:49 fctwsdev kernel: desired ssid airespacewpa, opmode infrastructure, 9 bss in list Feb 9 18:57:49 fctwsdev kernel: ********************************************************************* Feb 9 18:57:49 fctwsdev kernel: [ 0 ] : BSS_INFO.SSIDsize : 12 Feb 9 18:57:49 fctwsdev kernel: DesiredSSIDsize : 12 Feb 9 18:57:49 fctwsdev kernel: ********************************************************************* Feb 9 18:57:49 fctwsdev kernel: SelectedBSSId : BSSID 00:0b:85:03:11:1f, ssid airespacewpa Feb 9 18:57:49 fctwsdev kernel: !Found : 9 BSSID's , Desired BSSID found Feb 9 18:57:49 fctwsdev kernel: WepIsSet is set Feb 9 18:57:49 fctwsdev kernel: JoinReq: ssid airespacewpa bsstype 2 bssid 00:0b:85:03:11:1f Feb 9 18:57:49 fctwsdev kernel: Join OK (ctrl_urb->status 0 flags 0212e121) Feb 9 18:57:49 fctwsdev kernel: Deauthentication from BSSID 00:0b:85:03:11:1f, flags x212e131, state 2, op mode 2 Feb 9 18:57:49 fctwsdev kernel: Remove ALL Keys Feb 9 18:57:49 fctwsdev kernel: SetEncryptionStatus Feb 9 18:57:49 fctwsdev kernel: ________ INSIDE ChangeEncryption() Remove-All-Keys________ Feb 9 18:57:49 fctwsdev kernel: Sending Authentication Request with Transaction Sequence Number:1... Feb 9 18:57:49 fctwsdev kernel: AuthReq to bssid 00:0b:85:03:11:1f, WEP no, algorithm nr 0, seq nr 1, challenge text len 198 Feb 9 18:57:49 fctwsdev kernel: last cmd: SetMib Feb 9 18:57:49 fctwsdev kernel: Auth response from BSSID 00:0b:85:03:11:1f, status 0, trans_seq x2 Feb 9 18:57:49 fctwsdev kernel: Authentication Response Success (no WEP) Feb 9 18:57:49 fctwsdev kernel: AssocReq to bssid 00:0b:85:03:11:1f, ssid airespacewpa, capa x31, rates 82840b16 Feb 9 18:57:49 fctwsdev kernel: Auth response from BSSID 00:0b:85:03:11:1f, status 0, trans_seq x2 Feb 9 18:57:49 fctwsdev kernel: Auth response from BSSID 00:0b:85:03:11:1f, status 0, trans_seq x2 Feb 9 18:57:49 fctwsdev kernel: last cmd: SetMib Feb 9 18:57:49 fctwsdev kernel: ________ INSIDE GetEncryptionMIB() ________ Feb 9 18:57:49 fctwsdev kernel: Assoc response from BSSID 00:0b:85:03:11:1f, status 17, assoc id 0 Feb 9 18:57:49 fctwsdev kernel: AssocReq to bssid 00:0b:85:03:11:1f, ssid airespacewpa, capa x31, rates 82840b16 Feb 9 18:57:49 fctwsdev kernel: Get Encryption MIB Feb 9 18:57:49 fctwsdev kernel: CipherDefaultGroupKeyID:0 Feb 9 18:57:49 fctwsdev kernel: CipherDefaultKeyID:0 Feb 9 18:57:49 fctwsdev kernel: PrivacyInvoked:1 Feb 9 18:57:49 fctwsdev kernel: CipherDefaultKeyValue: Feb 9 18:57:49 fctwsdev kernel: 00 06 F4 03 36 89 00 06 F4 03 36 89 00 06 F4 03 36 89 00 06 F4 03 36 89 00 06 F4 03 36 89 00 06 00 00 00 00 00 00 00 00 Feb 9 18:57:49 fctwsdev kernel: 19 00 00 00 00 00 00 00 00 00 00 00 0E 09 00 00 00 40 0F C1 0F 10 00 00 00 00 0B C0 25 F5 19 C0 94 3D 35 C0 46 00 00 00 Feb 9 18:57:49 fctwsdev kernel: 18 D1 11 C0 20 7D 34 C0 46 00 00 00 00 40 0F C1 00 00 00 00 00 00 00 00 45 0D 1D C0 94 3D 35 C0 53 36 18 00 58 FE 1C C0 Feb 9 18:57:49 fctwsdev kernel: D1 0A 00 00 20 92 0B C0 86 00 00 00 86 00 00 00 E0 8F 02 00 48 00 C5 C3 82 00 00 00 82 00 00 00 60 48 34 C0 0F 00 00 00 Feb 9 18:57:49 fctwsdev kernel: RSC: Feb 9 18:57:49 fctwsdev kernel: 00 00 00 00 00 00 00 00 Feb 9 18:57:49 fctwsdev last message repeated 3 times Feb 9 18:57:49 fctwsdev kernel: TKIPBSSID: 00:00:00:00:00:00 Feb 9 18:57:49 fctwsdev kernel: Exclude Unencrypted: 1: Feb 9 18:57:49 fctwsdev kernel: Wep Encryption Type: 0: Feb 9 18:57:49 fctwsdev kernel: Assoc response from BSSID 00:0b:85:03:11:1f, status 1, assoc id 0 Feb 9 18:57:49 fctwsdev kernel: ScanReq for ssid airespacewpa international 0 type infrastructure (ch 1) Feb 9 18:57:49 fctwsdev kernel: Scan OK (rx_urb->status -115 StationState 01) Feb 9 18:57:49 fctwsdev kernel: wpa_supplicant output ---------------------------------------------------------------------------------------------------- Setting scan request: 0 sec 0 usec Starting AP scan (broadcast SSID) EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 Scan timeout - try to get results Received 1155 bytes of scan results (9 BSSes) Scan results: 9 Selecting BSS from priority group 1 0: 00:0b:85:03:11:1f ssid='airespacewpa' wpa_ie_len=26 rsn_ie_len=0 selected Trying to associate with 00:0b:85:03:11:1f (SSID='airespacewpa' freq=0 MHz) Cancelling scan request WPA: using IEEE 802.11i/D3.0 WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 wpa_driver_atmel_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_atmel_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_atmel_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_atmel_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_atmel_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_atmel_set_drop_unencrypted - not yet implemented Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=25 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 Authentication with 00:00:00:00:00:00 timed out. -- ----------------------------------------------------------------------- David Mattes The Boeing Company PO Box 3707 MC 7L-40 Phantom Works Seattle, WA 98124-2207 M&CT 425-865-4166 Advanced Manufacturing Systems 425-213-4691 (cell) 425-865-2965 (fax) david.mattes at boeing.com From andreaf at cs.columbia.edu Wed Feb 9 23:28:57 2005 From: andreaf at cs.columbia.edu (Andrea G. Forte) Date: Wed, 09 Feb 2005 23:28:57 -0500 Subject: hostap passive scanning. In-Reply-To: <20050210032101.GC8371@jm.kir.nu> References: <420AB76F.6070606@cs.columbia.edu> <20050210032101.GC8371@jm.kir.nu> Message-ID: <420AE309.7070604@cs.columbia.edu> Does this mean that I cannot perform passive scanning in managed mode at all? What is the use of passive scanning in Master mode? Perhaps is related to IAPP??? Is there a particular reason for choosing not to support passive scanning in managed mode? Could I have a pointer to the function collecting the passive scanning results? Thanks a lot, Andrea Jouni Malinen wrote: >On Wed, Feb 09, 2005 at 08:22:55PM -0500, Andrea G Forte wrote: > > > >>I noticed that passive scanning works correctly (writing the results of >>the scan to file) only if hostAP is in Master mode. When hostap is in >>Managed mode the channels are changed but no results are written to file. >> >>I am using hostap 0.1.3. and the commands I use are: >>iwpriv wlan0 ap_scan 1 >>iwpriv wlan0 other_ap_policy 2 (and 3 as well). >>Then I check the file: /proc/net/hostap/wlan0/ap >> >>In Master mode I have the results, in Managed mode the file is empty. >> >> > >This is expected behavior since this ap_scan functionality is only >supported in Master mode. > > > From andreaf at cs.columbia.edu Wed Feb 9 23:39:21 2005 From: andreaf at cs.columbia.edu (Andrea G. Forte) Date: Wed, 09 Feb 2005 23:39:21 -0500 Subject: Null function when scanning. In-Reply-To: <20050210032209.GD8371@jm.kir.nu> References: <420A61B4.6040407@cs.columbia.edu> <20050210032209.GD8371@jm.kir.nu> Message-ID: <420AE579.7060901@cs.columbia.edu> >Normally, these frames are used to notify the current AP that the client >is moving to power save mode and the AP should buffer frames. This can >be used to avoid dropping packets when the station is scanning on >another channel. > > Since I am not using power save mode I believe the second point you mentioned is what it's happening for me. Does this mean that the firmware takes care of this? Is there a way in the driver to disable this "forced" buffering? This behaviour does not help much for real time applications such as VoIP since these frames introduce a delay in the handoff process. Andrea From jkmaline at cc.hut.fi Wed Feb 9 23:43:34 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 9 Feb 2005 20:43:34 -0800 Subject: hostap passive scanning. In-Reply-To: <420AE309.7070604@cs.columbia.edu> References: <420AB76F.6070606@cs.columbia.edu> <20050210032101.GC8371@jm.kir.nu> <420AE309.7070604@cs.columbia.edu> Message-ID: <20050210044334.GS8371@jm.kir.nu> On Wed, Feb 09, 2005 at 11:28:57PM -0500, Andrea G. Forte wrote: > Does this mean that I cannot perform passive scanning in managed mode at > all? Exactly what do you mean with passive scanning? > Is there a particular reason for choosing not to support passive > scanning in managed mode? What is this based on? I wrote that ap_scan functionality is not supported in managed mode, not passive scanning in general.. Firmware takes care of scanning in managed mode. I don't remember whether there was separate options for active vs. passive scanning, but then again, I don't really know what functionality you were looking for. > Could I have a pointer to the function collecting the passive scanning > results? Which passive scanning? -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Wed Feb 9 23:52:14 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 9 Feb 2005 20:52:14 -0800 Subject: Null function when scanning. In-Reply-To: <420AE579.7060901@cs.columbia.edu> References: <420A61B4.6040407@cs.columbia.edu> <20050210032209.GD8371@jm.kir.nu> <420AE579.7060901@cs.columbia.edu> Message-ID: <20050210045214.GT8371@jm.kir.nu> On Wed, Feb 09, 2005 at 11:39:21PM -0500, Andrea G. Forte wrote: > >Normally, these frames are used to notify the current AP that the client > >is moving to power save mode and the AP should buffer frames. This can > >be used to avoid dropping packets when the station is scanning on > >another channel. > > > > > Since I am not using power save mode I believe the second point you > mentioned is what it's happening for me. Please note that I did not say this would require power save mode being enabled.. > Does this mean that the firmware takes care of this? Is there a way in > the driver to disable this "forced" buffering? Yes, station mode scanning is in firmware and no, I don't think there is configuration option for this part in the driver. > This behaviour does not help much for real time applications such as > VoIP since these frames introduce a delay in the handoff process. Not necessarily.. Background scans are supposed to happen before the station needs to roam and at this point, it is useful to stop the current AP from sending data frames. This may not be that useful if the connection is already lost, though, but in that case it is already too late to avoid VoIP issues, if a new scan is required. -- Jouni Malinen PGP id EFC895FA From fromkth+hostap at fastmail.fm Thu Feb 10 03:37:05 2005 From: fromkth+hostap at fastmail.fm (Ajeet) Date: Thu, 10 Feb 2005 09:37:05 +0100 Subject: txpower settings. (Ajeet) In-Reply-To: References: <20050209135518.6F06B2BFB2@mail.iocaine.com> Message-ID: <420B1D31.2020005@fastmail.fm> Ged Haywood wrote: > Hi there, > > On Wed, 9 Feb 2005 Ajeet wrote: > > >>I am building a WLAN testbed(2 prism2 based APs and one prism2based STA) >>in a small room, so need to reduce the power of APs so i can do >>handover in a small room while moving away from one AP to the other AP. >>... >>So what do i need to do to reduce trasmitt power of APs. > > > I think you might need to do more than reduce the AP transmit power, > since you would not be reducing the AP receiver sensitivity at the > same time. It might be better to put a simple divider network between > the antenna and the AP. These are not commercial APs but are built using Prism2.5 PC-card in a laptops, and i am quite new to this area, so i dont understand what you mean by divider network between antenna and the AP....can you explain a little bit more. > > You could also try for example simply using a dummy load instead of an > antenna on the APs. Again i dont get your point here about dummy load. -ajeet. From oluap at autolatina.com.br Thu Feb 10 05:40:16 2005 From: oluap at autolatina.com.br (Paulo Sergio Lemes Queiroz) Date: Thu, 10 Feb 2005 10:40:16 +0000 Subject: Problem with two cards In-Reply-To: <003201c50e35$e6ffb360$c500a8c0@Home> References: <420800FE.3070001@autolatina.com.br><004201c50ddd$f473f220$c500a8c0@Home> <4208C7A7.9050408@autolatina.com.br> <003201c50e35$e6ffb360$c500a8c0@Home> Message-ID: <420B3A10.2080809@autolatina.com.br> Jerry wrote: >>The primary firmware is: v1.1.1 and the Station one is 1.8.0 on the >>both cards.. >> >>Should I change the firmware ? >> >> > >No, i wouldnt, should be fine... > > > >>I already tried 'ignore_cis_vcc=0' but the error persists... >> >> > >you might try vcc=1, I have sometimes needed that to make it work, worth a >shot, if you havent already... > > > >>Tks a lot.... >> >> > >Good luck... > >Jerryf > > > > > Now, worked.... Sorry, for these dummy questions.... but what the option "ignore_cis_vcc" do ? From jar at pcuf.fi Thu Feb 10 08:14:25 2005 From: jar at pcuf.fi (Jar) Date: Thu, 10 Feb 2005 15:14:25 +0200 (EET) Subject: Problem with two cards In-Reply-To: <420B3A10.2080809@autolatina.com.br> References: <420800FE.3070001@autolatina.com.br><004201c50ddd$f473f220$c500a8c0@Home><4208C7A7.9050408@autolatina.com.br><003201c50e35$e6ffb360$c500a8c0@Home> <420B3A10.2080809@autolatina.com.br> Message-ID: <39643.194.157.0.2.1108041265.squirrel@netlandzone.dyndns.org> > Jerry wrote: > >>>The primary firmware is: v1.1.1 and the Station one is 1.8.0 on the >>>both cards.. What says lspci -v ? -- Best Regards, Jar From emmendes at cpdee.ufmg.br Thu Feb 10 09:12:09 2005 From: emmendes at cpdee.ufmg.br (Eduardo Mendes) Date: Thu, 10 Feb 2005 14:12:09 +0000 Subject: Problems with WPA-PSK and madwifi driver Message-ID: <200502101412.09344.emmendes@cpdee.ufmg.br> Hello I have the following setup: a) wireless router airplus 315W - WPA=PSK - Channel 11 b) notebook with a WG511T (Netgear). The notebbok is dual boot machine with Windows XP (wireless works just fine) and mandrake 10.1. I have downloaded and installed madwifi (wlan, ath-pci and ath_hal modules) and also wpa_supplicant. The wpa_supplicant.conf is as follows: # Same as previous, but request SSID-specific scanning (for APs that reject # broadcast SSID) network={ ssid="eacghome.airlink" scan_ssid=1 psk="klklklklklklkl&&^^klklklklklklklklklklkl" priority=2 } To start device ath0 I have typed /sbin/ifconfig ath0 up /sbin/iwconfig ath0 channel 11 /usr/sbin/wpa_supplicant -c/etc/wpa_supplicant.conf -Dmadwifi -iath0 -d Here is part of the ouput : 00:e0:98:4f:d8:b2 ssid='eacghome.airlink' wpa_ie_len=24 rsn_ie_len=0 selected Trying to associate with 00:e0:98:4f:d8:b2 (SSID='eacghome.airlink' freq=2462 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT WPA-PSK WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 No keys have been configured - skip key clearing wpa_driver_madwifi_set_drop_unencrypted: enabled=1 wpa_driver_madwifi_associate Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - EAP success=0 EAPOL: External notification - EAP fail=0 EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=29 Wireless event: cmd=0x8b19 len=12 Received 278 bytes of scan results (1 BSSes) Scan results: 1 Selecting BSS from priority group 2 0: 00:e0:98:4f:d8:b2 ssid='eacghome.airlink' wpa_ie_len=24 rsn_ie_len=0 selected Trying to associate with 00:e0:98:4f:d8:b2 (SSID='eacghome.airlink' freq=2462 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT WPA-PSK WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 No keys have been configured - skip key clearing wpa_driver_madwifi_set_drop_unencrypted: enabled=1 wpa_driver_madwifi_associate Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - EAP success=0 EAPOL: External notification - EAP fail=0 EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=29 Wireless event: cmd=0x8b19 len=12 Received 278 bytes of scan results (1 BSSes) Scan results: 1 Selecting BSS from priority group 2 0: 00:e0:98:4f:d8:b2 ssid='eacghome.airlink' wpa_ie_len=24 rsn_ie_len=0 selected Trying to associate with 00:e0:98:4f:d8:b2 (SSID='eacghome.airlink' freq=2462 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT WPA-PSK WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 No keys have been configured - skip key clearing wpa_driver_madwifi_set_drop_unencrypted: enabled=1 wpa_driver_madwifi_associate Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - EAP success=0 EAPOL: External notification - EAP fail=0 EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=29 Wireless event: cmd=0x8b19 len=12 Received 278 bytes of scan results (1 BSSes) Scan results: 1 Selecting BSS from priority group 2 0: 00:e0:98:4f:d8:b2 ssid='eacghome.airlink' wpa_ie_len=24 rsn_ie_len=0 selected Trying to associate with 00:e0:98:4f:d8:b2 (SSID='eacghome.airlink' freq=2462 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT WPA-PSK WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 No keys have been configured - skip key clearing wpa_driver_madwifi_set_drop_unencrypted: enabled=1 wpa_driver_madwifi_associate Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - EAP success=0 EAPOL: External notification - EAP fail=0 EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=29 Ath0 doesn't get a valid ip address. What am I doing wrong? Have I missed something? Many thanks Ed From linuxcruiser at yahoo.com Thu Feb 10 10:06:33 2005 From: linuxcruiser at yahoo.com (Gilbert Mendoza) Date: Thu, 10 Feb 2005 07:06:33 -0800 (PST) Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <200502101412.09344.emmendes@cpdee.ufmg.br> Message-ID: <20050210150634.27036.qmail@web50807.mail.yahoo.com> --- Eduardo Mendes wrote: > > The wpa_supplicant.conf is as follows: > > # Same as previous, but request SSID-specific scanning (for APs that > reject > # broadcast SSID) > network={ > ssid="eacghome.airlink" > scan_ssid=1 > psk="klklklklklklkl&&^^klklklklklklklklklklkl" > priority=2 > } In your netwoirk config, try: network={ ssid="eacghome.airlink" scan_ssid=1 proto=WPA key_mgmt=WPA-PSK pairwise=CCMP TKIP group=CCMP TKIP WEP104 WEP40 psk="klklklklklklkl&&^^klklklklklklklklklklkl" priority=2 } P.S. Ummm... you may want to change yer password at some point. Being that we know it and all. ;-) ===== - Gilbert Mendoza - PGP Key ID: 7987FCA8 __________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo From fromkth+hostap at fastmail.fm Thu Feb 10 10:19:52 2005 From: fromkth+hostap at fastmail.fm (Ajeet Nankani) Date: Thu, 10 Feb 2005 07:19:52 -0800 Subject: Monitoring mode gets frames from more than one channel! Message-ID: <1108048792.6629.214778087@webmail.messagingengine.com> Even though i am monitoring on particular channel(channel 1), but i also get frames(not all but most) from AP operating on other channel(channel 6). Why is like that? What to do to capture frames "only" on particular channel? I have prism2.5 based card and using ethereal to capture the packets. first i set it in monitor mode by iwconfig wlan0 mode monitor then i set the channel iwconfig wlan0 channel 1 Thanks. -ajeet. From emmendes at cpdee.ufmg.br Thu Feb 10 10:43:58 2005 From: emmendes at cpdee.ufmg.br (Eduardo Mendes) Date: Thu, 10 Feb 2005 15:43:58 +0000 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <20050210150634.27036.qmail@web50807.mail.yahoo.com> References: <20050210150634.27036.qmail@web50807.mail.yahoo.com> Message-ID: <200502101543.58812.emmendes@cpdee.ufmg.br> Hello Many thanks but unfortunately it didn't work. The two lights are blinking together but ifconfig shows that no valid ip was assigned to ath0. More info: my linux box is the dhcp server and not the wireless router. I have assigned a specific ip address for the notebook (i have named it VAIO). As I said windows doesn't have any problems to get the ip. Is there any kind of tools that could be used to trace the whole connection process? Here is part of dhcpd.conf # # Linux Box # host vaiobox { hardware ethernet 00:09:5B:C4:1A:E2; option host-name "VAIO"; fixed-address 192.168.1.4; } } Ed PS. I certainly change my passphrase as soon as wireless works on linux. On Thursday 10 February 2005 03:06 pm, Gilbert Mendoza wrote: > --- Eduardo Mendes wrote: > > The wpa_supplicant.conf is as follows: > > > > # Same as previous, but request SSID-specific scanning (for APs that > > reject > > # broadcast SSID) > > network={ > > ssid="eacghome.airlink" > > scan_ssid=1 > > psk="klklklklklklkl&&^^klklklklklklklklklklkl" > > priority=2 > > } > > In your netwoirk config, try: > > network={ > ssid="eacghome.airlink" > scan_ssid=1 > proto=WPA > key_mgmt=WPA-PSK > pairwise=CCMP TKIP > group=CCMP TKIP WEP104 WEP40 > psk="klklklklklklkl&&^^klklklklklklklklklklkl" > priority=2 > } > > P.S. Ummm... you may want to change yer password at some point. Being > that we know it and all. ;-) > > > > > ===== > - Gilbert Mendoza > - PGP Key ID: 7987FCA8 > > > > __________________________________ > Do you Yahoo!? > Take Yahoo! Mail with you! Get it on your mobile phone. > http://mobile.yahoo.com/maildemo -- Dr. Eduardo Mazoni A. M. Mendes Departamento de Engenharia Eletr?nica Universidade Federal de Minas Gerais Av. Ant?nio Carlos, 6627, Pampulha 31270-901, Belo Horizonte - MG - Brazil mailto: emmendes at cpdee.ufmg.br Tel: +55 (31)3499-4862 FAX: +55 (31)3499-4850 **************************************************** From ged at jubileegroup.co.uk Thu Feb 10 10:59:40 2005 From: ged at jubileegroup.co.uk (Ged Haywood) Date: Thu, 10 Feb 2005 15:59:40 +0000 (GMT) Subject: txpower settings. (Ajeet) In-Reply-To: <420B1D31.2020005@fastmail.fm> References: <20050209135518.6F06B2BFB2@mail.iocaine.com> <420B1D31.2020005@fastmail.fm> Message-ID: Hello there, On Thu, 10 Feb 2005, Ajeet wrote: > >>So what do i need to do to reduce trasmitt power of APs. > > > > I think you might need to do more than reduce the AP transmit power, > > since you would not be reducing the AP receiver sensitivity at the > > same time. It might be better to put a simple divider network between > > the antenna and the AP. > > These are not commercial APs but are built using Prism2.5 PC-card in a > laptops That makes no difference. > and i am quite new to this area So I gather. :) > so i dont understand what you mean by divider network between > antenna and the AP....can you explain a little bit more. The idea is to throw away some of the transmitted and/or received RF power by using (for example) a resistor network connected between the radio device and its antenna. Another way would be to put the radio device and its antenna into a metal box. You could make a few holes in the box to let some of the radio energy leak in and out - I don't think the results would be very predictable but I'd be interested to hear your experience. :) You might find this useful: http://www.qsl.net/n9zia/wireless/appendixF.html > > You could also try for example simply using a dummy load instead of an > > antenna on the APs. > > Again i dont get your point here about dummy load. See for example http://www.pcs-electronics.com/en/guide.php?sub=antennas and try Googling, there is a lot of information out there on this kind of subject. Be aware that what works at 10MHz or 100Mz might not work at 2.4GHz. You will need to do some reading on the subjects before you can make really useful RF measurements. :) 73, Ged. From andreaf at cs.columbia.edu Thu Feb 10 11:08:22 2005 From: andreaf at cs.columbia.edu (Andrea G Forte) Date: Thu, 10 Feb 2005 11:08:22 -0500 Subject: hostap passive scanning. In-Reply-To: <20050210044334.GS8371@jm.kir.nu> References: <420AB76F.6070606@cs.columbia.edu> <20050210032101.GC8371@jm.kir.nu> <420AE309.7070604@cs.columbia.edu> <20050210044334.GS8371@jm.kir.nu> Message-ID: <420B86F6.4060806@cs.columbia.edu> >Exactly what do you mean with passive scanning? > > > Passive scanning as opposed to active scanning. The STA listens for beacons on each channel periodically in order to decide which AP is the best one to connect to. No probe messages are issued at all. >What is this based on? I wrote that ap_scan functionality is not >supported in managed mode, not passive scanning in general.. Firmware >takes care of scanning in managed mode. I don't remember whether there >was separate options for active vs. passive scanning, but then again, I >don't really know what functionality you were looking for. > > In manual mode "host_roaming 2" we have "more" control on the scanning process. In particular (as you know), in the driver there are two commands for forcing the firmware to start the probing part of the scanning (_RID_HOSTSCAN) and for forcing the Auth./Ass. part of the scanning (_RID_JOINREQUEST). However, the first one is for active scanning only (i.e. probes are sent to force APs to answer). Does the ap_scan functionality send probes on each channel (in which case it is active scanning)? Or does it use passive scanning (listens for beacons and records the results)? To be more clear, I would like to know if instead of triggering active scanning (sending probes with _RID_HOSTSCAN), I can use the hostap_passive_scan function in hostAP to change channel and then use (or write if not already there) some other code to listen for beacons on each channel and record the APs found with the signal strenght (measured from the beacon). All of this while being in Managed mode. Thank you, Andrea From michaelr at cisco.com Thu Feb 10 14:00:07 2005 From: michaelr at cisco.com (Michael Reilly) Date: Thu, 10 Feb 2005 11:00:07 -0800 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <200502101412.09344.emmendes@cpdee.ufmg.br> References: <200502101412.09344.emmendes@cpdee.ufmg.br> Message-ID: <420BAF37.90500@cisco.com> Atheros based cards have not worked with madwifi and wpa_supplicant for me for several months. I have been forced to purchased a driverloader license which does work with wpa_supplicant and my Atheros based cards I also tried ndisdriver but it wouldn't even find the APs (Cisco, Linksys, D-Link) then. michael Eduardo Mendes wrote: > Hello > > I have the following setup: > a) wireless router airplus 315W - WPA=PSK - Channel 11 > b) notebook with a WG511T (Netgear). > > The notebbok is dual boot machine with Windows XP (wireless works just fine) > and mandrake 10.1. > > I have downloaded and installed madwifi (wlan, ath-pci and ath_hal modules) > and also wpa_supplicant. > > The wpa_supplicant.conf is as follows: > > # Same as previous, but request SSID-specific scanning (for APs that reject > # broadcast SSID) > network={ > ssid="eacghome.airlink" > scan_ssid=1 > psk="klklklklklklkl&&^^klklklklklklklklklklkl" > priority=2 > } > > To start device ath0 I have typed > > /sbin/ifconfig ath0 up > /sbin/iwconfig ath0 channel 11 > /usr/sbin/wpa_supplicant -c/etc/wpa_supplicant.conf -Dmadwifi -iath0 -d > > Here is part of the ouput > > : 00:e0:98:4f:d8:b2 ssid='eacghome.airlink' wpa_ie_len=24 rsn_ie_len=0 > selected > Trying to associate with 00:e0:98:4f:d8:b2 (SSID='eacghome.airlink' freq=2462 > MHz) > Cancelling scan request > Automatic auth_alg selection: 0x1 > WPA: using IEEE 802.11i/D3.0 > WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 > WPA: using GTK TKIP > WPA: using PTK TKIP > WPA: using KEY_MGMT WPA-PSK > WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 > 00 50 f2 02 01 00 00 50 f2 02 > No keys have been configured - skip key clearing > wpa_driver_madwifi_set_drop_unencrypted: enabled=1 > wpa_driver_madwifi_associate > Setting authentication timeout: 5 sec 0 usec > EAPOL: External notification - EAP success=0 > EAPOL: External notification - EAP fail=0 > EAPOL: External notification - portControl=Auto > Wireless event: cmd=0x8b1a len=29 > Wireless event: cmd=0x8b19 len=12 > Received 278 bytes of scan results (1 BSSes) > Scan results: 1 > Selecting BSS from priority group 2 > 0: 00:e0:98:4f:d8:b2 ssid='eacghome.airlink' wpa_ie_len=24 rsn_ie_len=0 > selected > Trying to associate with 00:e0:98:4f:d8:b2 (SSID='eacghome.airlink' freq=2462 > MHz) > Cancelling scan request > Automatic auth_alg selection: 0x1 > WPA: using IEEE 802.11i/D3.0 > WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 > WPA: using GTK TKIP > WPA: using PTK TKIP > WPA: using KEY_MGMT WPA-PSK > WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 > 00 50 f2 02 01 00 00 50 f2 02 > No keys have been configured - skip key clearing > wpa_driver_madwifi_set_drop_unencrypted: enabled=1 > wpa_driver_madwifi_associate > Setting authentication timeout: 5 sec 0 usec > EAPOL: External notification - EAP success=0 > EAPOL: External notification - EAP fail=0 > EAPOL: External notification - portControl=Auto > Wireless event: cmd=0x8b1a len=29 > Wireless event: cmd=0x8b19 len=12 > Received 278 bytes of scan results (1 BSSes) > Scan results: 1 > Selecting BSS from priority group 2 > 0: 00:e0:98:4f:d8:b2 ssid='eacghome.airlink' wpa_ie_len=24 rsn_ie_len=0 > selected > Trying to associate with 00:e0:98:4f:d8:b2 (SSID='eacghome.airlink' freq=2462 > MHz) > Cancelling scan request > Automatic auth_alg selection: 0x1 > WPA: using IEEE 802.11i/D3.0 > WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 > WPA: using GTK TKIP > WPA: using PTK TKIP > WPA: using KEY_MGMT WPA-PSK > WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 > 00 50 f2 02 01 00 00 50 f2 02 > No keys have been configured - skip key clearing > wpa_driver_madwifi_set_drop_unencrypted: enabled=1 > wpa_driver_madwifi_associate > Setting authentication timeout: 5 sec 0 usec > EAPOL: External notification - EAP success=0 > EAPOL: External notification - EAP fail=0 > EAPOL: External notification - portControl=Auto > Wireless event: cmd=0x8b1a len=29 > Wireless event: cmd=0x8b19 len=12 > Received 278 bytes of scan results (1 BSSes) > Scan results: 1 > Selecting BSS from priority group 2 > 0: 00:e0:98:4f:d8:b2 ssid='eacghome.airlink' wpa_ie_len=24 rsn_ie_len=0 > selected > Trying to associate with 00:e0:98:4f:d8:b2 (SSID='eacghome.airlink' freq=2462 > MHz) > Cancelling scan request > Automatic auth_alg selection: 0x1 > WPA: using IEEE 802.11i/D3.0 > WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 > WPA: using GTK TKIP > WPA: using PTK TKIP > WPA: using KEY_MGMT WPA-PSK > WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 > 00 50 f2 02 01 00 00 50 f2 02 > No keys have been configured - skip key clearing > wpa_driver_madwifi_set_drop_unencrypted: enabled=1 > wpa_driver_madwifi_associate > Setting authentication timeout: 5 sec 0 usec > EAPOL: External notification - EAP success=0 > EAPOL: External notification - EAP fail=0 > EAPOL: External notification - portControl=Auto > Wireless event: cmd=0x8b1a len=29 > > Ath0 doesn't get a valid ip address. > > What am I doing wrong? Have I missed something? > > Many thanks > > Ed > > > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap -- ---- ---- ---- Michael Reilly michaelr at cisco.com Cisco Systems, California From michaelr at cisco.com Thu Feb 10 14:01:57 2005 From: michaelr at cisco.com (Michael Reilly) Date: Thu, 10 Feb 2005 11:01:57 -0800 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <20050210150634.27036.qmail@web50807.mail.yahoo.com> References: <20050210150634.27036.qmail@web50807.mail.yahoo.com> Message-ID: <420BAFA5.90202@cisco.com> Didn't help for me. I think wpa_supplicant is fine since it works with driverloader. My cards fail in different ways with ndiswrapper and madwifi. michael Gilbert Mendoza wrote: > --- Eduardo Mendes wrote: > > >>The wpa_supplicant.conf is as follows: >> >># Same as previous, but request SSID-specific scanning (for APs that >>reject >># broadcast SSID) >>network={ >> ssid="eacghome.airlink" >> scan_ssid=1 >> psk="klklklklklklkl&&^^klklklklklklklklklklkl" >> priority=2 >>} > > > > In your netwoirk config, try: > > network={ > ssid="eacghome.airlink" > scan_ssid=1 > proto=WPA > key_mgmt=WPA-PSK > pairwise=CCMP TKIP > group=CCMP TKIP WEP104 WEP40 > psk="klklklklklklkl&&^^klklklklklklklklklklkl" > priority=2 > } > > P.S. Ummm... you may want to change yer password at some point. Being > that we know it and all. ;-) > > > > > ===== > - Gilbert Mendoza > - PGP Key ID: 7987FCA8 > > > > __________________________________ > Do you Yahoo!? > Take Yahoo! Mail with you! Get it on your mobile phone. > http://mobile.yahoo.com/maildemo > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap -- ---- ---- ---- Michael Reilly michaelr at cisco.com Cisco Systems, California From michaelr at cisco.com Thu Feb 10 14:04:52 2005 From: michaelr at cisco.com (Michael Reilly) Date: Thu, 10 Feb 2005 11:04:52 -0800 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <200502101543.58812.emmendes@cpdee.ufmg.br> References: <20050210150634.27036.qmail@web50807.mail.yahoo.com> <200502101543.58812.emmendes@cpdee.ufmg.br> Message-ID: <420BB054.5030104@cisco.com> Eduardo Mendes wrote: > Hello > > Many thanks but unfortunately it didn't work. The two lights are blinking > together but ifconfig shows that no valid ip was assigned to ath0. My lights both blink together for a second and then they stop blinking together with madwifi. A few seconds later they blink together again and then stop again. Are they blinking together continuously for you? michael > > More info: my linux box is the dhcp server and not the wireless router. I have > assigned a specific ip address for the notebook (i have named it VAIO). As I > said windows doesn't have any problems to get the ip. > > Is there any kind of tools that could be used to trace the whole connection > process? > > Here is part of dhcpd.conf > > # > # Linux Box > # > host vaiobox { > hardware ethernet 00:09:5B:C4:1A:E2; > option host-name "VAIO"; > fixed-address 192.168.1.4; > } > > } > > Ed > > PS. I certainly change my passphrase as soon as wireless works on linux. > > > > > On Thursday 10 February 2005 03:06 pm, Gilbert Mendoza wrote: > >>--- Eduardo Mendes wrote: >> >>>The wpa_supplicant.conf is as follows: >>> >>># Same as previous, but request SSID-specific scanning (for APs that >>>reject >>># broadcast SSID) >>>network={ >>> ssid="eacghome.airlink" >>> scan_ssid=1 >>> psk="klklklklklklkl&&^^klklklklklklklklklklkl" >>> priority=2 >>>} >> >>In your netwoirk config, try: >> >>network={ >> ssid="eacghome.airlink" >> scan_ssid=1 >> proto=WPA >> key_mgmt=WPA-PSK >> pairwise=CCMP TKIP >> group=CCMP TKIP WEP104 WEP40 >> psk="klklklklklklkl&&^^klklklklklklklklklklkl" >> priority=2 >>} >> >>P.S. Ummm... you may want to change yer password at some point. Being >>that we know it and all. ;-) >> >> >> >> >>===== >>- Gilbert Mendoza >>- PGP Key ID: 7987FCA8 >> >> >> >>__________________________________ >>Do you Yahoo!? >>Take Yahoo! Mail with you! Get it on your mobile phone. >>http://mobile.yahoo.com/maildemo > > -- ---- ---- ---- Michael Reilly michaelr at cisco.com Cisco Systems, California From coert.vonk at gmail.com Thu Feb 10 14:18:36 2005 From: coert.vonk at gmail.com (Coert Vonk) Date: Thu, 10 Feb 2005 11:18:36 -0800 Subject: wpa_supplicant + ndiswrapper = Failed to enable WPA in the driver Message-ID: <5f5c317a050210111874bc6d53@mail.gmail.com> I am trying wpa_supplicant (both the cvs and 0.3.6) with ndiswrapper for my wireless card. It appears to have problems setting WPA mode as seen in the debug trace: ./wpa_supplicant -ddddd -i wlan0 -c /etc/802.11i/wpa_supplicant.conf : Initializing interface (2) 'wlan0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 Own MAC address: 00:90:4b:2f:6e:d4 wpa_driver_wext_set_wpa ioctl[SIOCSIWAUTH]: No such device Failed to enable WPA in the driver. wpa_driver_wext_set_wpa ioctl[SIOCSIWAUTH]: No such device Failed to disable WPA in the driver. wpa_driver_wext_set_drop_unencrypted ioctl[SIOCSIWAUTH]: No such device wpa_driver_wext_set_countermeasures ioctl[SIOCSIWAUTH]: No such device rmdir[ctrl_interface]: No such file or directory The Win/XP driver does support WPA. I just got that working with hostapd on the access point (see an earlier email). Using iwpriv, the wlan0 interface appears to support "setwpa". wlan0 Available private ioctl : setwpa (8BE1) : set 1 int & get 0 setkey (8BE2) : set 1 int & get 0 associate (8BE3) : set 1 int & get 0 disassociate (8BE4) : set 1 int & get 0 drop_unencrypted (8BE5) : set 1 int & get 0 countermeaures (8BE6) : set 1 int & get 0 deauthenticate (8BE7) : set 1 int & get 0 auth_alg (8BE8) : set 1 int & get 0 ndis_reset (8BF0) : set 0 & get 0 power_profile (8BF1) : set 1 int & get 0 setting WPA mode using iwpriv appears to work [root at crox wpa_supplicant]# iwpriv wlan0 setwpa 1 [root at crox wpa_supplicant]# echo $? 0 can you point my nose in the right direction? Thanks, Coert From coert.vonk at gmail.com Thu Feb 10 14:22:26 2005 From: coert.vonk at gmail.com (Coert Vonk) Date: Thu, 10 Feb 2005 11:22:26 -0800 Subject: [fixed] wpa_supplicant + ndiswrapper = Failed to enable WPA in the driver In-Reply-To: <5f5c317a050210111874bc6d53@mail.gmail.com> References: <5f5c317a050210111874bc6d53@mail.gmail.com> Message-ID: <5f5c317a050210112218e9995a@mail.gmail.com> I hit that "send" button a few secs to early. Just discovered the "-D ndiswrapper" option. (the 0.2.5 version that I used earlier did not need that.) /c On Thu, 10 Feb 2005 11:18:36 -0800, Coert Vonk wrote: > I am trying wpa_supplicant (both the cvs and 0.3.6) with ndiswrapper > for my wireless card. It appears to have problems setting WPA mode as > seen in the debug trace: > > ./wpa_supplicant -ddddd -i wlan0 -c /etc/802.11i/wpa_supplicant.conf > : > Initializing interface (2) 'wlan0' > EAPOL: SUPP_PAE entering state DISCONNECTED > EAPOL: KEY_RX entering state NO_KEY_RECEIVE > EAPOL: SUPP_BE entering state INITIALIZE > EAP: EAP entering state DISABLED > EAPOL: External notification - portEnabled=0 > EAPOL: External notification - portValid=0 > Own MAC address: 00:90:4b:2f:6e:d4 > wpa_driver_wext_set_wpa > ioctl[SIOCSIWAUTH]: No such device > Failed to enable WPA in the driver. > wpa_driver_wext_set_wpa > ioctl[SIOCSIWAUTH]: No such device > Failed to disable WPA in the driver. > wpa_driver_wext_set_drop_unencrypted > ioctl[SIOCSIWAUTH]: No such device > wpa_driver_wext_set_countermeasures > ioctl[SIOCSIWAUTH]: No such device > rmdir[ctrl_interface]: No such file or directory > > The Win/XP driver does support WPA. I just got that working with > hostapd on the access point (see an earlier email). > > Using iwpriv, the wlan0 interface appears to support "setwpa". > > wlan0 Available private ioctl : > setwpa (8BE1) : set 1 int & get 0 > setkey (8BE2) : set 1 int & get 0 > associate (8BE3) : set 1 int & get 0 > disassociate (8BE4) : set 1 int & get 0 > drop_unencrypted (8BE5) : set 1 int & get 0 > countermeaures (8BE6) : set 1 int & get 0 > deauthenticate (8BE7) : set 1 int & get 0 > auth_alg (8BE8) : set 1 int & get 0 > ndis_reset (8BF0) : set 0 & get 0 > power_profile (8BF1) : set 1 int & get 0 > > setting WPA mode using iwpriv appears to work > > [root at crox wpa_supplicant]# iwpriv wlan0 setwpa 1 > [root at crox wpa_supplicant]# echo $? > 0 > > can you point my nose in the right direction? Thanks, > Coert > From marlonx80 at hotmail.com Thu Feb 10 15:12:30 2005 From: marlonx80 at hotmail.com (Angelo .) Date: Thu, 10 Feb 2005 21:12:30 +0100 Subject: fast & selective & active scanning Message-ID: Hello people, i have a Senao 2511 Plus card (firmware 1.3.6) and i'm using HostAP drivers to implement experimental algorithms in scanning/handoff process. I measured that an association to an access point, from the HFA384X_RID_JOINREQUEST command, to notification handled by hostap_info_process(), is about 14 ms long.... this is the good thing. The bad one is that to do handoff, i have to scan for other access points, then i measured that to scan a single channel with a fixed essid using HFA384X_RID_HOSTSCAN command, card needs further on 80 ms!! this is too much considering that channels are 11 and that i have to periodically (1-2 seconds) scan all of them. Analyzing kismet and ethereal results, i see that probe request/response happen in less than 1 ms. when card is scanning, it sends a broadcast probe request and evidently waits for responses with a fixed timeout. i would be able to modify dinamically this timeout or to interrupt scanning a channel, i.e. when a probe request is received, but i fear that this code can be handled only by the firmware... is it possible to forge probe requests in a channel, and handle responses, without loosing actual ap association in another channel? Regards, Angelo From shawn_adams at web.de Thu Feb 10 15:50:21 2005 From: shawn_adams at web.de (Shawn Adams) Date: Thu, 10 Feb 2005 21:50:21 +0100 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <200502101543.58812.emmendes@cpdee.ufmg.br> References: <20050210150634.27036.qmail@web50807.mail.yahoo.com> <200502101543.58812.emmendes@cpdee.ufmg.br> Message-ID: <420BC90D.5080202@web.de> On the same topic, I have a fairly late MADWIFI driver, and the CVS wpa_supplicant 0.3.6 Have never gotten past the following error: No keys have been configured - skip key clearing etc.. etc... Authentication with 00:00:00:00:00:00 timed out. The AP reports a message that usually indicates a wireless card trying to connect in open mode, while the AP expects restricted mode. is it possible that the card is not properly set before the WPA request goes out ? does the "no key have been configured mean the WPA expects the card to already be configured with an encryption key ? (sounds plausible for static WEP anyhow) iwconfig shows the card using no encryption, or should this only happen after the WPA is complete ? ath0 IEEE 802.11a ESSID:"" Nickname:"kappa" Mode:Managed Frequency:2.427 GHz Access Point: FF:FF:FF:FF:FF:FF Bit Rate:0 kb/s Tx-Power:50 dBm Sensitivity=0/3 Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=31/94 Signal level=-64 dBm Noise level=-95 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 config being used: network={ ssid="test" scan_ssid=1 proto=WPA key_mgmt=WPA-PSK IEEE8021X NONE pairwise=CCMP TKIP group=CCMP TKIP WEP104 WEP40 psk="test" } any hints would be appreciated. thanks Eduardo Mendes wrote: > Hello > > Many thanks but unfortunately it didn't work. The two lights are blinking > together but ifconfig shows that no valid ip was assigned to ath0. > > More info: my linux box is the dhcp server and not the wireless router. I have > assigned a specific ip address for the notebook (i have named it VAIO). As I > said windows doesn't have any problems to get the ip. > > Is there any kind of tools that could be used to trace the whole connection > process? > > Here is part of dhcpd.conf > > # > # Linux Box > # > host vaiobox { > hardware ethernet 00:09:5B:C4:1A:E2; > option host-name "VAIO"; > fixed-address 192.168.1.4; > } > > } > > Ed > > PS. I certainly change my passphrase as soon as wireless works on linux. > > > > > On Thursday 10 February 2005 03:06 pm, Gilbert Mendoza wrote: > >>--- Eduardo Mendes wrote: >> >>>The wpa_supplicant.conf is as follows: >>> >>># Same as previous, but request SSID-specific scanning (for APs that >>>reject >>># broadcast SSID) >>>network={ >>> ssid="eacghome.airlink" >>> scan_ssid=1 >>> psk="klklklklklklkl&&^^klklklklklklklklklklkl" >>> priority=2 >>>} >> >>In your netwoirk config, try: >> >>network={ >> ssid="eacghome.airlink" >> scan_ssid=1 >> proto=WPA >> key_mgmt=WPA-PSK >> pairwise=CCMP TKIP >> group=CCMP TKIP WEP104 WEP40 >> psk="klklklklklklkl&&^^klklklklklklklklklklkl" >> priority=2 >>} >> >>P.S. Ummm... you may want to change yer password at some point. Being >>that we know it and all. ;-) >> >> >> >> >>===== >>- Gilbert Mendoza >>- PGP Key ID: 7987FCA8 >> >> >> >>__________________________________ >>Do you Yahoo!? >>Take Yahoo! Mail with you! Get it on your mobile phone. >>http://mobile.yahoo.com/maildemo > > -- Shawn Adams shawn_adams at web.de From linuxcruiser at yahoo.com Thu Feb 10 18:51:35 2005 From: linuxcruiser at yahoo.com (Gilbert Mendoza) Date: Thu, 10 Feb 2005 15:51:35 -0800 (PST) Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <420BAF37.90500@cisco.com> Message-ID: <20050210235135.42434.qmail@web50808.mail.yahoo.com> --- Michael Reilly wrote: > Atheros based cards have not worked with madwifi and wpa_supplicant > for me for > several months. I have been forced to purchased a driverloader > license which > does work with wpa_supplicant and my Atheros based cards > > I also tried ndisdriver but it wouldn't even find the APs (Cisco, > Linksys, > D-Link) then. > Madwifi CVS + wpa_supplicant 0.3.6 works great for me. I had no need for ndiswrapper in this case. I currently use a couple different Atheros Chipset cards: Cisco A/B/G Card (AIR-CB21AG-A-K9) Proxim GOLD ORiNOCO 11b/g (8470-FC) I currently switch between a few wireless security configurations without problems: 1. WPA+PSK TKIP (Linksys WRT54G Access point), non-broadcasted SSID. 2. Enterprise WPA, EAP-PEAP, MSCHAPv2, Cisco Aironet 1200 AP's, Cisco ACS servers v3.2 and v3.3, non-broadcasted SSID's. 3. Enterprise WPA, EAP-PEAP, EAP-GTC, Cisco Aironet 1200 AP's, Cisco ACS servers v3.2 and v3.3, non-broadcasted SSID's. ===== - Gilbert Mendoza - PGP Key ID: 7987FCA8 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From michaelr at cisco.com Thu Feb 10 19:47:02 2005 From: michaelr at cisco.com (Michael Reilly) Date: Thu, 10 Feb 2005 16:47:02 -0800 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <20050210235135.42434.qmail@web50808.mail.yahoo.com> References: <20050210235135.42434.qmail@web50808.mail.yahoo.com> Message-ID: <420C0086.1030607@cisco.com> Gilbert Mendoza wrote: > --- Michael Reilly wrote: > > >>Atheros based cards have not worked with madwifi and wpa_supplicant >>for me for >>several months. I have been forced to purchased a driverloader >>license which >>does work with wpa_supplicant and my Atheros based cards >> >>I also tried ndisdriver but it wouldn't even find the APs (Cisco, >>Linksys, >>D-Link) then. >> > > > > > Madwifi CVS + wpa_supplicant 0.3.6 works great for me. I had no need > for ndiswrapper in this case. Same here - madwifi CVS and wpa_supplicant 0.3.6. I updated madwifi last friday - maybe here is a fix in there. It used to work last August/early september before I did an update. > > I currently use a couple different Atheros Chipset cards: > Cisco A/B/G Card (AIR-CB21AG-A-K9) This is one of the cards I have. I also have a Linksys 55AG > Proxim GOLD ORiNOCO 11b/g (8470-FC) > > I currently switch between a few wireless security configurations > without problems: > > 1. WPA+PSK TKIP (Linksys WRT54G Access point), non-broadcasted SSID. WPA-PSK AES fails. for me. Works with driverloader and with windows. > > 2. Enterprise WPA, EAP-PEAP, MSCHAPv2, Cisco Aironet 1200 AP's, Cisco > ACS servers v3.2 and v3.3, non-broadcasted SSID's. WPA-PSK in all variants fails with Cisco 1x00 APs running the latest IOS SW. I have 802.11g radios. Are you running IOS or VxWRKs on the 1200's 802.11B, G or A? michael > > 3. Enterprise WPA, EAP-PEAP, EAP-GTC, Cisco Aironet 1200 AP's, Cisco > ACS servers v3.2 and v3.3, non-broadcasted SSID's. > > ===== > - Gilbert Mendoza > - PGP Key ID: 7987FCA8 > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com -- ---- ---- ---- Michael Reilly michaelr at cisco.com Cisco Systems, California From coert.vonk at gmail.com Thu Feb 10 22:40:14 2005 From: coert.vonk at gmail.com (Coert Vonk) Date: Thu, 10 Feb 2005 19:40:14 -0800 Subject: EAP-TLS hostapd<>wpa_supplicant 0.3.7-pre fails Message-ID: <5f5c317a050210194033e8443a@mail.gmail.com> Running the 0.3.7-pre version of both wpa_supplicant and hostapd, I appear to have problems with the supplicant authenticating. I am fairly sure that the hostapd is running fine, because the native Windows/XP SP2 supplicant connects fine (with the help that I received early). I notice the following in both wpa_supplicant and hostapd traces: SSL: SSL_connect:error in SSLv3 read server hello A I am using an unencrypted private key, so I specified an empty password I only see WPA: sending 1/4 msg of 4-Way Handshake WPA: sending 3/4 msg of 4-Way Handshake More background: the hostapd is running with the madwifi driver with an altheros nic the wpa_supplicant is running with the ndiswrapper around a broadcom wifi nic (dell true mobile 1400) the certificates are the same that I use with the WinXP supplicant (the same dual boot host) Traces and configurations are attached. I gzip'ed the log files, to make this email fit the 25 kByte limit. Passwords are replaces by "secret" Suggestions? /coert -------------- next part -------------- A non-text attachment was scrubbed... Name: hostapd.conf Type: application/octet-stream Size: 832 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050210/396394c4/attachment.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: hostapd.config Type: application/octet-stream Size: 358 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050210/396394c4/attachment-0001.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: hostapd.eap_user Type: application/octet-stream Size: 78 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050210/396394c4/attachment-0002.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: hostapd.log.gz Type: application/x-gzip Size: 7150 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050210/396394c4/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: wpa_supplicant.conf Type: application/octet-stream Size: 334 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050210/396394c4/attachment-0003.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: wpa_supplicant.config Type: application/octet-stream Size: 218 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050210/396394c4/attachment-0004.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: wpa_supplicant.log.gz Type: application/x-gzip Size: 5835 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050210/396394c4/attachment-0001.bin From jkmaline at cc.hut.fi Thu Feb 10 23:32:41 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Thu, 10 Feb 2005 20:32:41 -0800 Subject: EAP-TLS hostapd<>wpa_supplicant 0.3.7-pre fails In-Reply-To: <5f5c317a050210194033e8443a@mail.gmail.com> References: <5f5c317a050210194033e8443a@mail.gmail.com> Message-ID: <20050211043241.GE8371@jm.kir.nu> On Thu, Feb 10, 2005 at 07:40:14PM -0800, Coert Vonk wrote: > Running the 0.3.7-pre version of both wpa_supplicant and hostapd, I > appear to have problems with the supplicant authenticating. I am > fairly sure that the hostapd is running fine, because the native > Windows/XP SP2 supplicant connects fine (with the help that I received > early). > > I notice the following in both wpa_supplicant and hostapd traces: > SSL: SSL_connect:error in SSLv3 read server hello A That's ok. EAP-TLS part succeeds without any problems. > More background: > the hostapd is running with the madwifi driver with an altheros nic It looks like the AP could be sending different WPA IE in Beacon and/or Probe Response frames: WPA: IE in 3/4 msg does not match with IE in Beacon/ProbeResp (src=00:02:6f:21:df:ff) WPA: WPA IE in Beacon/ProbeResp - hexdump(len=30): dd 1c 00 50 f2 01 01 00 00 50 f2 02 02 00 00 50 f2 04 00 50 f2 02 01 00 00 50 f2 01 01 00 WPA: WPA IE in 3/4 msg - hexdump(len=28): dd 1a 00 50 f2 01 01 00 00 50 f2 02 02 00 00 50 f2 04 00 50 f2 02 01 00 00 50 f2 01 This has been a known issue with the madwifi driver since it does not provide mechanism for synchronizing IEs between the driver (which is generating Beacon and Probe Response frames) and hostapd (which is generating the EAPOL-Key frames used in 4-Way Handshake). In other words, this requires a change in the driver and I would recommend asking this question on madwifi mailing lists. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Thu Feb 10 23:41:56 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Thu, 10 Feb 2005 20:41:56 -0800 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <420BAF37.90500@cisco.com> References: <200502101412.09344.emmendes@cpdee.ufmg.br> <420BAF37.90500@cisco.com> Message-ID: <20050211044156.GF8371@jm.kir.nu> On Thu, Feb 10, 2005 at 11:00:07AM -0800, Michael Reilly wrote: > Atheros based cards have not worked with madwifi and wpa_supplicant for me > for several months. I have been forced to purchased a driverloader license > which does work with wpa_supplicant and my Atheros based cards madwifi + wpa_supplicant has worked fine in my tests during the last months and number of different APs and different security policies etc. This has been with numerous CVS versions of both madwifi and wpa_supplicant. > I also tried ndisdriver but it wouldn't even find the APs (Cisco, Linksys, > D-Link) then. I could repeat my comment above for ndiswrapper + wpa_supplicant case. However, in this case there have been a bit more variance based on which NDIS driver version was used. In other words, there a lots of known cases where both of these combinations work fine. In order to resolve possibly remaining issues, more detailed reports are needed. These should include exact description of the used configuration (both the AP and client sides) and debug logs from all the possible sources (AP, authentication server, client (both driver and wpa_supplicant debug). -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Fri Feb 11 00:03:35 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Thu, 10 Feb 2005 21:03:35 -0800 Subject: Monitoring mode gets frames from more than one channel! In-Reply-To: <1108048792.6629.214778087@webmail.messagingengine.com> References: <1108048792.6629.214778087@webmail.messagingengine.com> Message-ID: <20050211050335.GH8371@jm.kir.nu> On Thu, Feb 10, 2005 at 07:19:52AM -0800, Ajeet Nankani wrote: > Even though i am monitoring on particular channel(channel 1), but i also > get frames(not all but most) from AP operating on other channel(channel > 6). > Why is like that? That's the way IEEE 802.11b works.. Different channels are using different center frequencies, but they are overlapping and radios can receive frames from other channel, although with limited signal strength. > What to do to capture frames "only" on particular channel? That would be a bit difficult since you would need to have a receiver on all channels in order to find out which one is actually sending the frame (e.g., based on the signal strength). -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Fri Feb 11 00:13:10 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Thu, 10 Feb 2005 21:13:10 -0800 Subject: hostap passive scanning. In-Reply-To: <420B86F6.4060806@cs.columbia.edu> References: <420AB76F.6070606@cs.columbia.edu> <20050210032101.GC8371@jm.kir.nu> <420AE309.7070604@cs.columbia.edu> <20050210044334.GS8371@jm.kir.nu> <420B86F6.4060806@cs.columbia.edu> Message-ID: <20050211051310.GI8371@jm.kir.nu> On Thu, Feb 10, 2005 at 11:08:22AM -0500, Andrea G Forte wrote: > In manual mode "host_roaming 2" we have "more" control on the scanning > process. > In particular (as you know), in the driver there are two commands for > forcing the firmware to start the probing part of the scanning > (_RID_HOSTSCAN) and for forcing the Auth./Ass. part of the scanning > (_RID_JOINREQUEST). However, the first one is for active scanning only > (i.e. probes are sent to force APs to answer). > Does the ap_scan functionality send probes on each channel (in which > case it is active scanning)? Or does it use passive scanning (listens > for beacons and records the results)? It does not send Probe Requests. > To be more clear, I would like to know if instead of triggering active > scanning (sending probes with _RID_HOSTSCAN), I can use the > hostap_passive_scan function in hostAP to change channel and then use > (or write if not already there) some other code to listen for beacons on > each channel and record the APs found with the signal strenght (measured > from the beacon). All of this while being in Managed mode. Changing channels in managed mode is somewhat complex issue since this is usually done only to go to the same channel with the current AP. In other words, firmware may try to change channels based on this. I'm still somewhat unclear on why you would like to use passive scanning in this way. It takes much more time to scan passively. If you really want to do it and don't care about the gaps in connectivity, you could as well just move to Master mode and do the scanning there. For Managed mode, it would probably be better to use firmware to take care of the passive scanning. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Fri Feb 11 00:16:49 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Thu, 10 Feb 2005 21:16:49 -0800 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <200502101412.09344.emmendes@cpdee.ufmg.br> References: <200502101412.09344.emmendes@cpdee.ufmg.br> Message-ID: <20050211051649.GJ8371@jm.kir.nu> On Thu, Feb 10, 2005 at 02:12:09PM +0000, Eduardo Mendes wrote: > I have the following setup: > a) wireless router airplus 315W - WPA=PSK - Channel 11 > b) notebook with a WG511T (Netgear). > > The notebbok is dual boot machine with Windows XP (wireless works just fine) > and mandrake 10.1. > > I have downloaded and installed madwifi (wlan, ath-pci and ath_hal modules) > and also wpa_supplicant. The wpa_supplicant debug log seems to indicate that the driver is unable to complete association with the AP. I would recommend madwifi mailing lists as a better starting point for finding out what is happening. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Fri Feb 11 00:38:29 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Thu, 10 Feb 2005 21:38:29 -0800 Subject: fast & selective & active scanning In-Reply-To: References: Message-ID: <20050211053829.GK8371@jm.kir.nu> On Thu, Feb 10, 2005 at 09:12:30PM +0100, Angelo . wrote: > Analyzing kismet and ethereal results, i see that probe request/response > happen in less than 1 ms. when card is scanning, it sends a broadcast probe > request and evidently waits for responses with a fixed timeout. i would be > able to modify dinamically this timeout or to interrupt scanning a channel, > i.e. when a probe request is received, but i fear that this code can be > handled only by the firmware... Yes, this is done in firmware. If you want to do this yourself, you would be better off using a card that has scanning implemented in the driver (e.g., madwifi). > is it possible to forge probe requests in a channel, and handle responses, > without loosing actual ap association in another channel? HostScan should do this. -- Jouni Malinen PGP id EFC895FA From michaelr at cisco.com Fri Feb 11 02:51:34 2005 From: michaelr at cisco.com (Michael Reilly) Date: Thu, 10 Feb 2005 23:51:34 -0800 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <20050211044156.GF8371@jm.kir.nu> References: <200502101412.09344.emmendes@cpdee.ufmg.br> <420BAF37.90500@cisco.com> <20050211044156.GF8371@jm.kir.nu> Message-ID: <420C6406.5050808@cisco.com> Ok. Lets do this. One configuration which a number of us all have problems with - AP is a Cisco 1100 or 1200 with an 802.11b or 802.11g radio running the latest version of IOS SW. Client is a Cisco CB21A/B/G card (vendor 0x168c, device 0x0013 using madwifi CVS from last friday. Kernel is 2.4.28. wpa_supplicant.conf is eapol_version=1 ap_scan=1 network={ ssid="MySSID" proto=WPA key_mgmt=WPA-PSK pairwise=CCMP TKIP group=CCMP TKIP WEP104 psk="The key" priority=4 scan_ssid=1 } bash# wpa_supplicant -c/etc/wpa_supplicant.conf -iath0 -Dmadwifi -dd The wpa_supplicant log is - Initializing interface 'ath0' conf '/etc/wpa_supplicant.conf' driver 'madwifi' Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group=0 eapol_version=1 ap_scan=1 Line: 185 - start of a new network block ssid - hexdump_ascii(len=11): 4d 69 6b 6f 56 6c 61 6e 31 30 67 MySSID proto: 0x1 key_mgmt: 0x2 pairwise: 0x18 group: 0x1c PSK - hexdump(len=32): [REMOVED] priority=4 (0x4) scan_ssid=1 (0x1) Priority group 4 id=0 ssid='MySSID' Initializing interface (2) 'ath0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 Own MAC address: 00:40:96:a4:72:52 wpa_driver_madwifi_set_wpa: enabled=1 wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_del_key: keyidx=1 wpa_driver_madwifi_del_key: keyidx=2 wpa_driver_madwifi_del_key: keyidx=3 wpa_driver_madwifi_set_countermeasures: enabled=0 wpa_driver_madwifi_set_drop_unencrypted: enabled=1 Setting scan request: 0 sec 100000 usec Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=11): 4d 69 6b 6f 56 6c 61 6e 31 30 67 MySSID Wireless event: cmd=0x8b1a len=24 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 Wireless event: cmd=0x8b19 len=12 Received 277 bytes of scan results (1 BSSes) Scan results: 1 Selecting BSS from priority group 4 0: 00:12:43:b9:58:20 ssid='MySSID' wpa_ie_len=26 rsn_ie_len=0 selected Trying to associate with 00:12:43:b9:58:20 (SSID='MySSID' freq=2442 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT WPA-PSK WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 No keys have been configured - skip key clearing wpa_driver_madwifi_set_drop_unencrypted: enabled=1 wpa_driver_madwifi_associate Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - EAP success=0 EAPOL: External notification - EAP fail=0 EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=24 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:12:43:b9:58:20 Association event - clear replay counter Associated to a new BSS: BSSID=00:12:43:b9:58:20 No keys have been configured - skip key clearing Associated with 00:12:43:b9:58:20 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0) EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=29 idleWhile=59 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=28 idleWhile=58 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=27 idleWhile=57 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Setting scan request: 0 sec 100000 usec Added BSSID 00:12:43:b9:58:20 into blacklist EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 Disconnect event - remove keys wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_del_key: keyidx=1 wpa_driver_madwifi_del_key: keyidx=2 wpa_driver_madwifi_del_key: keyidx=3 wpa_driver_madwifi_del_key: keyidx=0 Starting AP scan (broadcast SSID) Wireless event: cmd=0x8b1a len=12 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=26 idleWhile=56 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=25 idleWhile=55 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=24 idleWhile=54 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=23 idleWhile=53 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=22 idleWhile=52 Wireless event: cmd=0x8b19 len=12 Received 277 bytes of scan results (1 BSSes) Scan results: 1 Selecting BSS from priority group 4 0: 00:12:43:b9:58:20 ssid='MySSID' wpa_ie_len=26 rsn_ie_len=0 skip - blacklisted No APs found - clear blacklist and try again Removed BSSID 00:12:43:b9:58:20 from blacklist (clear) Selecting BSS from priority group 4 0: 00:12:43:b9:58:20 ssid='MySSID' wpa_ie_len=26 rsn_ie_len=0 selected Trying to associate with 00:12:43:b9:58:20 (SSID='MySSID' freq=2442 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT WPA-PSK WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 No keys have been configured - skip key clearing wpa_driver_madwifi_set_drop_unencrypted: enabled=1 wpa_driver_madwifi_associate Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - EAP success=0 EAPOL: External notification - EAP fail=0 EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=24 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:12:43:b9:58:20 Association event - clear replay counter Associated to a new BSS: BSSID=00:12:43:b9:58:20 No keys have been configured - skip key clearing Associated with 00:12:43:b9:58:20 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0) EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=29 idleWhile=59 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=28 idleWhile=58 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=27 idleWhile=57 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Setting scan request: 0 sec 100000 usec Added BSSID 00:12:43:b9:58:20 into blacklist EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 Disconnect event - remove keys wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_del_key: keyidx=1 wpa_driver_madwifi_del_key: keyidx=2 wpa_driver_madwifi_del_key: keyidx=3 wpa_driver_madwifi_del_key: keyidx=0 Anyone have this working? if so what are we doing wrong? Thanks, michael Jouni Malinen wrote: > On Thu, Feb 10, 2005 at 11:00:07AM -0800, Michael Reilly wrote: > > >>Atheros based cards have not worked with madwifi and wpa_supplicant for me >>for several months. I have been forced to purchased a driverloader license >>which does work with wpa_supplicant and my Atheros based cards > > > madwifi + wpa_supplicant has worked fine in my tests during the last > months and number of different APs and different security policies etc. > This has been with numerous CVS versions of both madwifi and > wpa_supplicant. > > >>I also tried ndisdriver but it wouldn't even find the APs (Cisco, Linksys, >>D-Link) then. > > > I could repeat my comment above for ndiswrapper + wpa_supplicant case. > However, in this case there have been a bit more variance based on which > NDIS driver version was used. > > > In other words, there a lots of known cases where both of these > combinations work fine. In order to resolve possibly remaining issues, > more detailed reports are needed. These should include exact description > of the used configuration (both the AP and client sides) and debug logs > from all the possible sources (AP, authentication server, client (both > driver and wpa_supplicant debug). > -- ---- ---- ---- Michael Reilly michaelr at cisco.com Cisco Systems, California From emmendes at cpdee.ufmg.br Fri Feb 11 05:23:25 2005 From: emmendes at cpdee.ufmg.br (Eduardo Mendes) Date: Fri, 11 Feb 2005 08:23:25 -0200 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <420BB054.5030104@cisco.com> References: <20050210150634.27036.qmail@web50807.mail.yahoo.com> <200502101543.58812.emmendes@cpdee.ufmg.br> <420BB054.5030104@cisco.com> Message-ID: <200502110823.25079.emmendes@cpdee.ufmg.br> On Thursday 10 February 2005 05:04 pm, Michael Reilly wrote: > Eduardo Mendes wrote: > > Hello > > > > Many thanks but unfortunately it didn't work. The two lights are blinking > > together but ifconfig shows that no valid ip was assigned to ath0. > > My lights both blink together for a second and then they stop blinking > together with madwifi. A few seconds later they blink together again and > then stop again. Are they blinking together continuously for you? > In my case the lights blink together in equal time intervals. It seems that the card is somehow connected to the router but it can't get a valid ip address. I don't know what I am doing wrong. Here is the output of iwconfig and ifconfig after issuing the commands: ifconfig ath0, iwconfig ath0 channel 1, wpa_supplicant -c/etc/wpa_supplicant.conf -Dmadwifi -iath0 -d ath0 IEEE 802.11g ESSID:"eacghome.airlink" Mode:Managed Frequency:2.412GHz Access Point: 00:E0:98:4F:D8:B2 Bit Rate:36Mb/s Tx-Power:50 dBm Sensitivity=0/3 Retry:off RTS thr:off Fragment thr:off Encryption key:DF6D-E315-877A-4A16-22FD-239D-A8A8-0B6F Security mode:restricted Power Management:off Link Quality:49/94 Signal level:-46 dBm Noise level:-95 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 ath0 Link encap:Ethernet HWaddr 00:09:5B:C4:1A:E2 inet6 addr: fe80::209:5bff:fec4:1ae2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:25 errors:19 dropped:0 overruns:0 frame:19 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:199 RX bytes:2418 (2.3 Kb) TX bytes:1194 (1.1 Kb) Interrupt:9 Memory:d0a4a000-d0a5a000 Any hints? Cheers Ed From gbur at informatik.uni-rostock.de Fri Feb 11 06:21:38 2005 From: gbur at informatik.uni-rostock.de (Gunter Burchardt) Date: Fri, 11 Feb 2005 12:21:38 +0100 Subject: EAP-TLS hostapd<>wpa_supplicant 0.3.7-pre fails In-Reply-To: <5f5c317a050210194033e8443a@mail.gmail.com> References: <5f5c317a050210194033e8443a@mail.gmail.com> Message-ID: <20050211112138.GA19361@informatik.uni-rostock.de> An easy workaround is to use only TKIP or CCMP, not both together. regards gunter From fromkth+hostap at fastmail.fm Fri Feb 11 06:51:40 2005 From: fromkth+hostap at fastmail.fm (Ajeet) Date: Fri, 11 Feb 2005 12:51:40 +0100 Subject: txpower settings + ALC option In-Reply-To: References: <20050209135518.6F06B2BFB2@mail.iocaine.com> <420B1D31.2020005@fastmail.fm> Message-ID: <420C9C4C.4030606@fastmail.fm> Thanks for the advice and links. Fortunately my PC-card's(Zyxell B-101) antenna is detachable, so i detached it from STA's PC-CARD and now i am able to make a handoff between two APs placed at opposite corners in a room of 15 feet. but I have not tested it yet when data being transfered between STAs and a host on DS. But my original question about info on ALC option(in iwpriv) and if there is any relation between ALC and txpower option(in iwconfig) still remains unanswered. Also when i do "iwpriv wlan0 getalc" it gives error that Operation not supported. Does it depend on PC-Cards model/manufacturer or only the firmware. I have 1.8.0 firmware. Any clues? -ajeet. Ged Haywood wrote: > Hello there, > > On Thu, 10 Feb 2005, Ajeet wrote: > > >>>>So what do i need to do to reduce trasmitt power of APs. >>> >>>I think you might need to do more than reduce the AP transmit power, >>>since you would not be reducing the AP receiver sensitivity at the >>>same time. It might be better to put a simple divider network between >>>the antenna and the AP. >> >>These are not commercial APs but are built using Prism2.5 PC-card in a >>laptops > > > That makes no difference. > > >>and i am quite new to this area > > > So I gather. :) > > >>so i dont understand what you mean by divider network between >>antenna and the AP....can you explain a little bit more. > > > The idea is to throw away some of the transmitted and/or received RF > power by using (for example) a resistor network connected between the > radio device and its antenna. Another way would be to put the radio > device and its antenna into a metal box. You could make a few holes > in the box to let some of the radio energy leak in and out - I don't > think the results would be very predictable but I'd be interested to > hear your experience. :) > > You might find this useful: > > http://www.qsl.net/n9zia/wireless/appendixF.html > > >>>You could also try for example simply using a dummy load instead of an >>>antenna on the APs. >> >>Again i dont get your point here about dummy load. > > > See for example > > http://www.pcs-electronics.com/en/guide.php?sub=antennas > > and try Googling, there is a lot of information out there on this kind > of subject. > > Be aware that what works at 10MHz or 100Mz might not work at 2.4GHz. > You will need to do some reading on the subjects before you can make > really useful RF measurements. :) > > 73, > Ged. From fromkth+hostap at fastmail.fm Fri Feb 11 06:54:12 2005 From: fromkth+hostap at fastmail.fm (Ajeet) Date: Fri, 11 Feb 2005 12:54:12 +0100 Subject: Monitoring mode gets frames from more than one channel! In-Reply-To: <20050211050335.GH8371@jm.kir.nu> References: <1108048792.6629.214778087@webmail.messagingengine.com> <20050211050335.GH8371@jm.kir.nu> Message-ID: <420C9CE4.8040004@fastmail.fm> Jouni Malinen wrote: > On Thu, Feb 10, 2005 at 07:19:52AM -0800, Ajeet Nankani wrote: > > >>Even though i am monitoring on particular channel(channel 1), but i also >>get frames(not all but most) from AP operating on other channel(channel >>6). >>Why is like that? > > > That's the way IEEE 802.11b works.. Different channels are using > different center frequencies, but they are overlapping and radios can > receive frames from other channel, although with limited signal > strength. > But my APs are on channel 1 and 6, hence does not overlap AFAIK, so if i set a PC-card in monitor mode on channel 1 it should not pickup frames from channel 6...am i right here? Also there are not any other APs or STAs in vicinity operating on any channels. > >>What to do to capture frames "only" on particular channel? > > > That would be a bit difficult since you would need to have a receiver on > all channels in order to find out which one is actually sending the > frame (e.g., based on the signal strength). > As i already said that i know that there are not any other APs in my area so i know which channels are actually sending. The other use of dedicated monitoring on every channel is to analyze how the STA is scanning(active scanning), by receiving probe requests on every channel and analyzing the timings of those frames. Any comments?? -ajeet. From gbaker at cs.mun.ca Fri Feb 11 06:56:55 2005 From: gbaker at cs.mun.ca (Greg Baker) Date: Fri, 11 Feb 2005 08:26:55 -0330 Subject: WPA+EAP-PEAP+MSCHAPv2 Problem In-Reply-To: <20050210031533.GA8371@jm.kir.nu> References: <200502091523.05278.gbaker@cs.mun.ca> <20050210031533.GA8371@jm.kir.nu> Message-ID: <200502110826.56073.gbaker@cs.mun.ca> Thanks for your reply, Jouni.. On February 9, 2005 11:45 pm, Jouni Malinen wrote: > On Wed, Feb 09, 2005 at 03:23:05PM -0330, Greg Baker wrote: > > I'm trying to connect to the wireless network at my school and am having > > problems. It connects fine in Windows, but not Linux. > > Do you have any idea what authentication server is used in this network? > If it is CiscoACS, please try the 0.3.7-pre version of wpa_supplicant > from http://hostap.epitest.fi/releases/testing/ and add > include_tls_length=1 into the phase1 configuration variable in the > network block. > I don't, but can call the network admin and find out. I will ask him today and get back to you. > [snip] > > > network={ > > ssid="stu" > > scan_ssid=1 > > key_mgmt=WPA-EAP > > eap=PEAP > > pairwise=TKIP > > group=TKIP > > identity="gbaker" > > password="........." > > phase1="peapver=1 peaplabel=1" > > phase2="auth=MSCHAPV2" > > } > > If this is indeed CiscoACS, it may also not like MSCHAPV2 in Phase 2 (at > least when using PEAPv1), so you may also need to change that phase2 > auth option to select GTC. Hmm.. I can only go by what the windows setup looks like, and that uses MSCHAPv2. If I do select GTC, will that work with an AP that does MSCHAP? > > > One thing I'm not sure about, do I need to have a certificate defined? > > The APs here provide the certificate, and they are not validated. > > If you care about security, yes, you really do need to get the correct > CA certificate and validate the server certificate. Without this, the > connection is open for man-in-the-middle attack. I understand the security part.. Unfortunately, our network at school is configured with an unofficial certificate. So, I simply cannot verify it. What I meant was, will wpa_supplicant actually work without verifying the certificate. Thanks for all your help, Jouni. From marlonx80 at hotmail.com Fri Feb 11 06:57:49 2005 From: marlonx80 at hotmail.com (Angelo .) Date: Fri, 11 Feb 2005 12:57:49 +0100 Subject: fast & selective & active scanning In-Reply-To: <20050211053829.GK8371@jm.kir.nu> Message-ID: > >Yes, this is done in firmware. If you want to do this yourself, you >would be better off using a card that has scanning implemented in the >driver (e.g., madwifi). > nothing todo...i have only a senao and a ipw2100 (!)...:( > > > is it possible to forge probe requests in a channel, and handle >responses, > > without loosing actual ap association in another channel? > >HostScan should do this. > yes, but i can't set probe response timeout, because it is decided by the firmware. i measured more accurately that this timeout is 28 ms when no ap replies, and 70 when at least one sends a probe response. however, it is not too bad. but because i want to improve performance, do you think that upgrading the firmware (or driver) could help me? i'm using 1.3.6 firmware and 0.1.3 HostAP driver on my Senao 2511 Plus if yes, how can i flash it? Regards, Angelo From ognjen at mailshack.com Fri Feb 11 07:07:07 2005 From: ognjen at mailshack.com (Ognjen Bezanov) Date: Fri, 11 Feb 2005 12:07:07 +0000 Subject: Wireless drops out and takes all bridged interfaces with it In-Reply-To: <420C3403.3050802@divsol.com> References: <4204B805.5070808@mailshack.com> <420C3403.3050802@divsol.com> Message-ID: <420C9FEB.50109@mailshack.com> Jim Cromie wrote: > Ognjen Bezanov wrote: > >> Hi all, >> >> I am running hostap-0.2.6 with kernel 2.6.2 (only kernel i could get >> it working with) and i find that when the wireless if being heavily >> used (i.e. almost all of its bandwidth is used up for greater then 4 >> minutes) the wireless will drop out, no clients can connect to the >> access point, and all nodes on the wired network cannot connect to >> the server (via 10mbit interface briged with the wireless), the only >> way to fix this is to reboot the pc. >> > honestly, Jouni is much more interested in working on current release, > w a current kernel. > > Id jump straight to bleading edge - and did. > its probably easier, not harder. > think of all those bugs fixed between then and 2.6.10 .. > > 2.6.10, > 0.3.5 hostap > 1.0 ndiswrapper > > > > Since my last email, i tried the development version (0.3.5) with a new 2.6.10 kernel but still the same problems also upgraded the firmware to v1.1.1 (pri) and v1.7.4 (station) Only improvement is that when the wireless goes down it doesnt take the server with it (everything is still up and running, can access everything via wired eth0, but i cannot associate to the ap anymore without a reboot). Also i do not get any error messaged anymore... Im continuing with attempts to isolate the problem, im beginning to think that my client is causing it somehow. But at the same time my client works with my campus access points just fine (which are 'normal' hardware access points) so im not sure, but ill keep trying.. From eduardgv at gmail.com Fri Feb 11 07:35:17 2005 From: eduardgv at gmail.com (eduardgv) Date: Fri, 11 Feb 2005 13:35:17 +0100 Subject: Monitoring mode gets frames from more than one channel! In-Reply-To: <420C9CE4.8040004@fastmail.fm> References: <1108048792.6629.214778087@webmail.messagingengine.com> <20050211050335.GH8371@jm.kir.nu> <420C9CE4.8040004@fastmail.fm> Message-ID: <66c3877d05021104354c0188c4@mail.gmail.com> > >>Even though i am monitoring on particular channel(channel 1), but i also > >>get frames(not all but most) from AP operating on other channel(channel > >>6). > >>Why is like that? > > > > > > That's the way IEEE 802.11b works.. Different channels are using > > different center frequencies, but they are overlapping and radios can > > receive frames from other channel, although with limited signal > > strength. > > > I think 5 channel separation is enough not to allow packet decodification on physical layer, even though it is not enough to avoid interferences. I suspect it is a firmware issue. The card keeps collecting statistics from other channels in orther to perform future handovers. Setting mode 2 roaming (iwpriv wlan0 host_roaming 2) still produces the same behaviour? Edu From fromkth+hostap at fastmail.fm Fri Feb 11 08:17:27 2005 From: fromkth+hostap at fastmail.fm (Ajeet) Date: Fri, 11 Feb 2005 14:17:27 +0100 Subject: Monitoring mode gets frames from more than one channel! In-Reply-To: <66c3877d05021104354c0188c4@mail.gmail.com> References: <1108048792.6629.214778087@webmail.messagingengine.com> <20050211050335.GH8371@jm.kir.nu> <420C9CE4.8040004@fastmail.fm> <66c3877d05021104354c0188c4@mail.gmail.com> Message-ID: <420CB067.8050909@fastmail.fm> eduardgv wrote: >>>>Even though i am monitoring on particular channel(channel 1), but i also >>>>get frames(not all but most) from AP operating on other channel(channel >>>>6). >>>>Why is like that? >>> >>> >>>That's the way IEEE 802.11b works.. Different channels are using >>>different center frequencies, but they are overlapping and radios can >>>receive frames from other channel, although with limited signal >>>strength. >>> >> > > I think 5 channel separation is enough not to allow packet > decodification on physical layer, even though it is not enough to > avoid interferences. I suspect it is a firmware issue. The card keeps > collecting statistics from other channels in orther to perform future > handovers. > I think it is only in "iwconfig wlan0 monitor" mode when it collects frames from channels other than it is currently on. But when you are in managed mode it does not or it should not collects frames from "the other" channel if that "other channel" is 5 channel apart. Like if STA is on channel 1 and the other channel being 6. Ofcourse when the STA makes decision to search for other APs becuase of weak signal(or some other reason) with current APs then it scans, hence collects frames from every other channel. So it is likely that when that card is in manged mode you found it collecting statistics(frames) from "the other" channels (channels which are 5 or more channels apart from current associated channel) because it made decision to scan. > Setting mode 2 roaming (iwpriv wlan0 host_roaming 2) still produces > the same behaviour? > but here if you have instructed the card not to scan or the other case that STA is being stationary and not moving to get signal quality degraded, and even if after that it is collecting frames from 5 channels apart other channels, then i suspect it might be the issue with how fine tuned is the receiver to the current channel, but i dont have any radio knowledge so someone here with good radio knowledge can explain better if that is the issue. One more question to eduardgv that how you were able to see 802.11 packets on the card in managed mode, beacuse in my setup i can see 802.11 header in ethereal only when i set the card in monitor mode, in other modes(master or manged) it only shows ethernet header. Thanks. -ajeet. From Jonathan.Buschmann at ericsson.com Fri Feb 11 09:05:01 2005 From: Jonathan.Buschmann at ericsson.com (Jonathan Buschmann) Date: Fri, 11 Feb 2005 15:05:01 +0100 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <200502110823.25079.emmendes@cpdee.ufmg.br> References: <200502110823.25079.emmendes@cpdee.ufmg.br> Message-ID: <420CBB8D.7070409@ericsson.com> I don't know what Mandrake uses for a dhcp client (fedora uses dhclient), but maybe you need to run it (again) after starting wpa_supplicant. jonathan Eduardo Mendes waxed wise and spake thus on 02/11/2005 11:23 AM: >On Thursday 10 February 2005 05:04 pm, Michael Reilly wrote: > > >>Eduardo Mendes wrote: >> >> >>>Hello >>> >>>Many thanks but unfortunately it didn't work. The two lights are >>> >>> >blinking > > >>>together but ifconfig shows that no valid ip was assigned to ath0. >>> >>> >>My lights both blink together for a second and then they stop blinking >>together with madwifi. A few seconds later they blink together again >> >> >and > > >>then stop again. Are they blinking together continuously for you? >> >> >> > >In my case the lights blink together in equal time intervals. It seems >that >the card is somehow connected to the router but it can't get a valid ip >address. I don't know what I am doing wrong. > >Here is the output of iwconfig and ifconfig after issuing the commands: >ifconfig ath0, iwconfig ath0 channel 1, wpa_supplicant >-c/etc/wpa_supplicant.conf -Dmadwifi -iath0 -d > >ath0 IEEE 802.11g ESSID:"eacghome.airlink" > Mode:Managed Frequency:2.412GHz Access Point: >00:E0:98:4F:D8:B2 > Bit Rate:36Mb/s Tx-Power:50 dBm Sensitivity=0/3 > Retry:off RTS thr:off Fragment thr:off > Encryption key:DF6D-E315-877A-4A16-22FD-239D-A8A8-0B6F >Security >mode:restricted > Power Management:off > Link Quality:49/94 Signal level:-46 dBm Noise level:-95 dBm > Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 > Tx excessive retries:0 Invalid misc:0 Missed beacon:0 > > > >ath0 Link encap:Ethernet HWaddr 00:09:5B:C4:1A:E2 > inet6 addr: fe80::209:5bff:fec4:1ae2/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:25 errors:19 dropped:0 overruns:0 frame:19 > TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:199 > RX bytes:2418 (2.3 Kb) TX bytes:1194 (1.1 Kb) > Interrupt:9 Memory:d0a4a000-d0a5a000 > >Any hints? > >Cheers > >Ed > > > >_______________________________________________ >HostAP mailing list >HostAP at shmoo.com >http://lists.shmoo.com/mailman/listinfo/hostap > > From eduardgv at gmail.com Fri Feb 11 09:10:01 2005 From: eduardgv at gmail.com (eduardgv) Date: Fri, 11 Feb 2005 15:10:01 +0100 Subject: Monitoring mode gets frames from more than one channel! In-Reply-To: <420CB067.8050909@fastmail.fm> References: <1108048792.6629.214778087@webmail.messagingengine.com> <20050211050335.GH8371@jm.kir.nu> <420C9CE4.8040004@fastmail.fm> <66c3877d05021104354c0188c4@mail.gmail.com> <420CB067.8050909@fastmail.fm> Message-ID: <66c3877d05021106102b130b0d@mail.gmail.com> > One more question to eduardgv that how you were able to see 802.11 > packets on the card in managed mode, beacuse in my setup i can see > 802.11 header in ethereal only when i set the card in monitor mode, in > other modes(master or manged) it only shows ethernet header. > OK, that could be a little confising...No, I wasn't able to see 802.11 headers in managed mode. I just was wondering if even in monitor mode, the firmware was still passive scanning or something. Edu From fromkth+hostap at fastmail.fm Fri Feb 11 10:00:03 2005 From: fromkth+hostap at fastmail.fm (Ajeet) Date: Fri, 11 Feb 2005 16:00:03 +0100 Subject: Monitoring mode gets frames from more than one channel! In-Reply-To: <66c3877d05021106102b130b0d@mail.gmail.com> References: <1108048792.6629.214778087@webmail.messagingengine.com> <20050211050335.GH8371@jm.kir.nu> <420C9CE4.8040004@fastmail.fm> <66c3877d05021104354c0188c4@mail.gmail.com> <420CB067.8050909@fastmail.fm> <66c3877d05021106102b130b0d@mail.gmail.com> Message-ID: <420CC873.9050009@fastmail.fm> eduardgv wrote: >>One more question to eduardgv that how you were able to see 802.11 >>packets on the card in managed mode, beacuse in my setup i can see >>802.11 header in ethereal only when i set the card in monitor mode, in >>other modes(master or manged) it only shows ethernet header. >> > > > > OK, that could be a little confising...No, I wasn't able to see 802.11 > headers in managed mode. I just was wondering if even in monitor mode, > the firmware was still passive scanning or something. > > > Edu In monitor mode card does not transfer any frames, it only listens, so scanning while in monitor mode is out of question. Here are some of my observations while in monitor mode. APs is on channel 11 and i was able to capture frames of this channel no. 11 on every channel from 4 onwards to 11 on the other card in Monitor mode. So may be in Monitor mode card tries to captures frames from channels as far as it can though more far the channel is less number of frames it captures. It would be interesting to see that when card is in managed mode, whether it collects frames from other channels which are 5 or more channels apart from its own channel. I dont know how to collect frames with 802.11 headers while in managed mode. or if it is possible? -ajeet. From forspam at david.wd107.tamaris.tm.fr Fri Feb 11 10:48:59 2005 From: forspam at david.wd107.tamaris.tm.fr (David Minodier) Date: Fri, 11 Feb 2005 16:48:59 +0100 Subject: Radius Dictionary References: <005601c50ea7$f2d7e690$0a6310ac@wd107.tamaris.tm.fr> <20050209164649.GF14883@informatik.uni-rostock.de> Message-ID: <008801c51051$34adadc0$0a6310ac@wd107.tamaris.tm.fr> > I planed to this work. But i have no time to do it. Freeradius has a > good library of parsing such dictionaries. It would be realativly easy > to include this into hostapd. Well, I tried to... It's not as easy as it seems... at least for me ! But, yes, definitely, the source code exists in Freeradius. But before grabing it, maybe it would be a good idea that the hostapd project manager asks Alan DeKoK, *THE* Freeardius project main developper... > But where do you need this fields? There > is (at the moment) no way to use radius values out of hostapd. Well. I changed a bit the hostapd radius.c file. It sends the attributes received to another process... Still under development... but its seems to work... so the second process can do some stuff with the attributes received... The radius client is still the one of hostapd. Ok, this is *not* clean at all... but funny to play with :-) Dave. From lorenzo at colitti.com Fri Feb 11 10:42:30 2005 From: lorenzo at colitti.com (Lorenzo Colitti) Date: Fri, 11 Feb 2005 16:42:30 +0100 Subject: [patch] wpa_supplicant + madwifi can't associate to non-WEP network Message-ID: <420CD266.6070700@colitti.com> Hi, I am using wpa_supplicant 0.3.2 with the madwifi driver, but I can't get it to associate with a non-WEP (i.e. completely insecure) network with a Cisco Aironet 1200 BS (details below). The problem is that the BS refuses the association request because the request specifies WEP and the BS has WEP disabled. The attached patch fixes the problem by explicitly enabling and disabling WEP in the driver when set_drop_unencrypted() is called. Can it be applied? Cheers, Lorenzo =======================8<------------------------ Network entry in wpa_supplicant.conf: > network={ > ssid="xxx" > key_mgmt=NONE > } Output of wpa_supplicant -dddd: > Trying to associate with 00:0e:84:92:7d:f0 (SSID='xxx' freq=2412 MHz) > Cancelling scan request > Automatic auth_alg selection: 0x1 > No keys have been configured - skip key clearing > wpa_driver_madwifi_set_drop_unencrypted: enabled=0 > wpa_driver_madwifi_associate > Setting authentication timeout: 5 sec 0 usec > EAPOL: External notification - portControl=ForceAuthorized > Wireless event: cmd=0x8b1a len=21 If I turn on debugging in the madwifi driver I see the following error message: > Feb 10 17:15:39 localhost kernel: association failed (reason 10) for 00:0e:84:92:74:70 Reason 10 is "Cannot support all requested capabilities in the Capability Information field". Packet dumps of the association request and response (2104 is without WEP, 3104 is with WEP): > Feb 10 17:31:49 localhost kernel: NODS 00:11:0a:81:6b:64->00:0e:84:92:74:70(00:0e:84:92:74:70) assoc_req 1M > [...] 0000 3a01 000e 8492 7470 0011 0a81 6b64 000e 8492 7470 1000 3104 [...] > ^^^^ > Feb 10 17:31:49 localhost kernel: NODS 00:0e:84:92:74:70->ff:ff:ff:ff:ff:ff(00:0e:84:92:74:70) beacon 1M +2 > [...] 8000 0000 ffff ffff ffff 000e 8492 7470 000e 8492 7470 d069 91e1 baef 0a01 0000 6400 2104 [...] > ^^^^ -------------- next part -------------- A non-text attachment was scrubbed... Name: patch-wpa_supplicant-madwifi-wep.diff Type: text/x-patch Size: 506 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050211/722d51cc/attachment.bin From fromkth+hostap at fastmail.fm Fri Feb 11 10:56:31 2005 From: fromkth+hostap at fastmail.fm (Ajeet) Date: Fri, 11 Feb 2005 16:56:31 +0100 Subject: Scanning, hostscan option and .../wlan0/scan_results Message-ID: <420CD5AF.7080307@fastmail.fm> Am i right when i say that the file ../proc/net/hostap/wlan0/scan_results contains results of Wireless Event "SCAN" only when triggered manually either by iwlist wlan0 scan or iwpriv wlan0 hostscan x means it does not contains results of scan done by firmware, which usualy scans when in begning the card is enabaled/set in managed mode or when while in a managed mode, it(firmware) decides to roam hence tries to scan for other APs. Also when i do iwpriv wlan0 gethostscan on my card, it gives error that operation not supported, but when i do iwpriv wlan0 hostscan 1 it perfoms scan. I have firmware 1.8.0 In the driver readme it is written that hostscan option is to perform no-destructive AP scanning, but when i do iwlist wlan0 scan it does not break my current assosication, so are both commands(iwlist wlan0 scan and iwpriv wlan0 hostscan x) doing same thing that performing non-destructive scanning? I know that in hostscan we have liberty to set the rate at which we perform non-destructive scanning. But then what is the rate when we perfom scanning using iwlist wlan0 scan? -ajeet. From gbaker at cs.mun.ca Fri Feb 11 11:18:45 2005 From: gbaker at cs.mun.ca (Greg Baker) Date: Fri, 11 Feb 2005 12:48:45 -0330 Subject: WPA+EAP-PEAP+MSCHAPv2 Problem + ETHEREAL DUMPS In-Reply-To: <200502110826.56073.gbaker@cs.mun.ca> References: <200502091523.05278.gbaker@cs.mun.ca> <20050210031533.GA8371@jm.kir.nu> <200502110826.56073.gbaker@cs.mun.ca> Message-ID: <200502111248.45906.gbaker@cs.mun.ca> To help diagnose my problem, I have saved two ethereal dumps. One is a dump of a successful connect, and the other unsuccessful. As you can see in the dump, the spot where it dies is at the initial TLS handshake. The only difference I can see is that the successful connect sends the TLS length in the packet, while the unsuccessful connect does not. I AM using the 0.3.7-pre version, and here is my config file... ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=0 eapol_version=1 ap_scan=1 network={ ssid="stu" scan_ssid=1 key_mgmt=WPA-EAP eap=PEAP pairwise=TKIP group=TKIP identity="gbaker" password="...." phase1="include_tls_length=1 peapver=1 peaplabel=1" phase2="auth=MSCHAPv2" } It seems as though the include_tls_length=1 settings is not working... Thanks again to everyone. Greg On February 11, 2005 08:26 am, Greg Baker wrote: > Thanks for your reply, Jouni.. > > On February 9, 2005 11:45 pm, Jouni Malinen wrote: > > On Wed, Feb 09, 2005 at 03:23:05PM -0330, Greg Baker wrote: > > > I'm trying to connect to the wireless network at my school and am > > > having problems. It connects fine in Windows, but not Linux. > > > > Do you have any idea what authentication server is used in this network? > > If it is CiscoACS, please try the 0.3.7-pre version of wpa_supplicant > > from http://hostap.epitest.fi/releases/testing/ and add > > include_tls_length=1 into the phase1 configuration variable in the > > network block. > > I don't, but can call the network admin and find out. I will ask him today > and get back to you. > > > [snip] > > > > > network={ > > > ssid="stu" > > > scan_ssid=1 > > > key_mgmt=WPA-EAP > > > eap=PEAP > > > pairwise=TKIP > > > group=TKIP > > > identity="gbaker" > > > password="........." > > > phase1="peapver=1 peaplabel=1" > > > phase2="auth=MSCHAPV2" > > > } > > > > If this is indeed CiscoACS, it may also not like MSCHAPV2 in Phase 2 (at > > least when using PEAPv1), so you may also need to change that phase2 > > auth option to select GTC. > > Hmm.. I can only go by what the windows setup looks like, and that uses > MSCHAPv2. If I do select GTC, will that work with an AP that does MSCHAP? > > > > One thing I'm not sure about, do I need to have a certificate defined? > > > The APs here provide the certificate, and they are not validated. > > > > If you care about security, yes, you really do need to get the correct > > CA certificate and validate the server certificate. Without this, the > > connection is open for man-in-the-middle attack. > > I understand the security part.. Unfortunately, our network at school is > configured with an unofficial certificate. So, I simply cannot verify it. > What I meant was, will wpa_supplicant actually work without verifying the > certificate. > > Thanks for all your help, Jouni. > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap From eduardgv at gmail.com Fri Feb 11 11:21:50 2005 From: eduardgv at gmail.com (eduardgv) Date: Fri, 11 Feb 2005 17:21:50 +0100 Subject: Monitoring mode gets frames from more than one channel! In-Reply-To: <420CC873.9050009@fastmail.fm> References: <1108048792.6629.214778087@webmail.messagingengine.com> <20050211050335.GH8371@jm.kir.nu> <420C9CE4.8040004@fastmail.fm> <66c3877d05021104354c0188c4@mail.gmail.com> <420CB067.8050909@fastmail.fm> <66c3877d05021106102b130b0d@mail.gmail.com> <420CC873.9050009@fastmail.fm> Message-ID: <66c3877d0502110821109b5ad2@mail.gmail.com> > > In monitor mode card does not transfer any frames, it only listens, so > scanning while in monitor mode is out of question. why scanning while in monitor mode is out of question? Passive scanning implies no frame transfer. In passive scanning the firmware just listens for Beacon messages and no frame is transmitted, and therefore it can be compatible with rfmon. From gbaker at cs.mun.ca Fri Feb 11 11:22:50 2005 From: gbaker at cs.mun.ca (Greg Baker) Date: Fri, 11 Feb 2005 12:52:50 -0330 Subject: WPA+EAP-PEAP+MSCHAPv2 Problem + ETHEREAL DUMPS In-Reply-To: <200502111248.45906.gbaker@cs.mun.ca> References: <200502091523.05278.gbaker@cs.mun.ca> <200502110826.56073.gbaker@cs.mun.ca> <200502111248.45906.gbaker@cs.mun.ca> Message-ID: <200502111252.50384.gbaker@cs.mun.ca> Oops.. Forgot to attach the dumps.... These can be opened in ethereal, BTW. On February 11, 2005 12:48 pm, Greg Baker wrote: > To help diagnose my problem, I have saved two ethereal dumps. One is a > dump of a successful connect, and the other unsuccessful. > > As you can see in the dump, the spot where it dies is at the initial TLS > handshake. The only difference I can see is that the successful connect > sends the TLS length in the packet, while the unsuccessful connect does > not. > > I AM using the 0.3.7-pre version, and here is my config file... > > ctrl_interface=/var/run/wpa_supplicant > ctrl_interface_group=0 > eapol_version=1 > ap_scan=1 > network={ > ssid="stu" > scan_ssid=1 > key_mgmt=WPA-EAP > eap=PEAP > pairwise=TKIP > group=TKIP > identity="gbaker" > password="...." > phase1="include_tls_length=1 peapver=1 peaplabel=1" > phase2="auth=MSCHAPv2" > } > > It seems as though the include_tls_length=1 settings is not working... > > Thanks again to everyone. > Greg > > On February 11, 2005 08:26 am, Greg Baker wrote: > > Thanks for your reply, Jouni.. > > > > On February 9, 2005 11:45 pm, Jouni Malinen wrote: > > > On Wed, Feb 09, 2005 at 03:23:05PM -0330, Greg Baker wrote: > > > > I'm trying to connect to the wireless network at my school and am > > > > having problems. It connects fine in Windows, but not Linux. > > > > > > Do you have any idea what authentication server is used in this > > > network? If it is CiscoACS, please try the 0.3.7-pre version of > > > wpa_supplicant from http://hostap.epitest.fi/releases/testing/ and add > > > include_tls_length=1 into the phase1 configuration variable in the > > > network block. > > > > I don't, but can call the network admin and find out. I will ask him > > today and get back to you. > > > > > [snip] > > > > > > > network={ > > > > ssid="stu" > > > > scan_ssid=1 > > > > key_mgmt=WPA-EAP > > > > eap=PEAP > > > > pairwise=TKIP > > > > group=TKIP > > > > identity="gbaker" > > > > password="........." > > > > phase1="peapver=1 peaplabel=1" > > > > phase2="auth=MSCHAPV2" > > > > } > > > > > > If this is indeed CiscoACS, it may also not like MSCHAPV2 in Phase 2 > > > (at least when using PEAPv1), so you may also need to change that > > > phase2 auth option to select GTC. > > > > Hmm.. I can only go by what the windows setup looks like, and that uses > > MSCHAPv2. If I do select GTC, will that work with an AP that does > > MSCHAP? > > > > > > One thing I'm not sure about, do I need to have a certificate > > > > defined? The APs here provide the certificate, and they are not > > > > validated. > > > > > > If you care about security, yes, you really do need to get the correct > > > CA certificate and validate the server certificate. Without this, the > > > connection is open for man-in-the-middle attack. > > > > I understand the security part.. Unfortunately, our network at school is > > configured with an unofficial certificate. So, I simply cannot verify > > it. What I meant was, will wpa_supplicant actually work without verifying > > the certificate. > > > > Thanks for all your help, Jouni. > > _______________________________________________ > > HostAP mailing list > > HostAP at shmoo.com > > http://lists.shmoo.com/mailman/listinfo/hostap > > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap -------------- next part -------------- A non-text attachment was scrubbed... Name: Fail Type: application/octet-stream Size: 605 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050211/7d14b206/attachment.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: Success Type: application/octet-stream Size: 2552 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050211/7d14b206/attachment-0001.obj From gbaker at cs.mun.ca Fri Feb 11 11:32:50 2005 From: gbaker at cs.mun.ca (Greg Baker) Date: Fri, 11 Feb 2005 13:02:50 -0330 Subject: WPA+EAP-PEAP+MSCHAPv2 Problem + ETHEREAL DUMPS In-Reply-To: <200502111248.45906.gbaker@cs.mun.ca> References: <200502091523.05278.gbaker@cs.mun.ca> <200502110826.56073.gbaker@cs.mun.ca> <200502111248.45906.gbaker@cs.mun.ca> Message-ID: <200502111302.50670.gbaker@cs.mun.ca> Very sorry... I'm an idiot... It turns out that I wasn't putting the "./" in front of the wpa_supplicant command, and therefore was using the installed version (an older one)..... Again, quite sorry.. It turns out that with the 0.3.7-pre version, the problem has disappeared!! WooHoo! Thanks again guys.. Greg On February 11, 2005 12:48 pm, Greg Baker wrote: > To help diagnose my problem, I have saved two ethereal dumps. One is a > dump of a successful connect, and the other unsuccessful. > > As you can see in the dump, the spot where it dies is at the initial TLS > handshake. The only difference I can see is that the successful connect > sends the TLS length in the packet, while the unsuccessful connect does > not. > > I AM using the 0.3.7-pre version, and here is my config file... > > ctrl_interface=/var/run/wpa_supplicant > ctrl_interface_group=0 > eapol_version=1 > ap_scan=1 > network={ > ssid="stu" > scan_ssid=1 > key_mgmt=WPA-EAP > eap=PEAP > pairwise=TKIP > group=TKIP > identity="gbaker" > password="...." > phase1="include_tls_length=1 peapver=1 peaplabel=1" > phase2="auth=MSCHAPv2" > } > > It seems as though the include_tls_length=1 settings is not working... > > Thanks again to everyone. > Greg > > On February 11, 2005 08:26 am, Greg Baker wrote: > > Thanks for your reply, Jouni.. > > > > On February 9, 2005 11:45 pm, Jouni Malinen wrote: > > > On Wed, Feb 09, 2005 at 03:23:05PM -0330, Greg Baker wrote: > > > > I'm trying to connect to the wireless network at my school and am > > > > having problems. It connects fine in Windows, but not Linux. > > > > > > Do you have any idea what authentication server is used in this > > > network? If it is CiscoACS, please try the 0.3.7-pre version of > > > wpa_supplicant from http://hostap.epitest.fi/releases/testing/ and add > > > include_tls_length=1 into the phase1 configuration variable in the > > > network block. > > > > I don't, but can call the network admin and find out. I will ask him > > today and get back to you. > > > > > [snip] > > > > > > > network={ > > > > ssid="stu" > > > > scan_ssid=1 > > > > key_mgmt=WPA-EAP > > > > eap=PEAP > > > > pairwise=TKIP > > > > group=TKIP > > > > identity="gbaker" > > > > password="........." > > > > phase1="peapver=1 peaplabel=1" > > > > phase2="auth=MSCHAPV2" > > > > } > > > > > > If this is indeed CiscoACS, it may also not like MSCHAPV2 in Phase 2 > > > (at least when using PEAPv1), so you may also need to change that > > > phase2 auth option to select GTC. > > > > Hmm.. I can only go by what the windows setup looks like, and that uses > > MSCHAPv2. If I do select GTC, will that work with an AP that does > > MSCHAP? > > > > > > One thing I'm not sure about, do I need to have a certificate > > > > defined? The APs here provide the certificate, and they are not > > > > validated. > > > > > > If you care about security, yes, you really do need to get the correct > > > CA certificate and validate the server certificate. Without this, the > > > connection is open for man-in-the-middle attack. > > > > I understand the security part.. Unfortunately, our network at school is > > configured with an unofficial certificate. So, I simply cannot verify > > it. What I meant was, will wpa_supplicant actually work without verifying > > the certificate. > > > > Thanks for all your help, Jouni. > > _______________________________________________ > > HostAP mailing list > > HostAP at shmoo.com > > http://lists.shmoo.com/mailman/listinfo/hostap > > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap From jkmaline at cc.hut.fi Fri Feb 11 12:02:05 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Fri, 11 Feb 2005 09:02:05 -0800 Subject: Radius Dictionary In-Reply-To: <008801c51051$34adadc0$0a6310ac@wd107.tamaris.tm.fr> References: <005601c50ea7$f2d7e690$0a6310ac@wd107.tamaris.tm.fr> <20050209164649.GF14883@informatik.uni-rostock.de> <008801c51051$34adadc0$0a6310ac@wd107.tamaris.tm.fr> Message-ID: <20050211170205.GA8377@jm.kir.nu> On Fri, Feb 11, 2005 at 04:48:59PM +0100, David Minodier wrote: > > I planed to this work. But i have no time to do it. Freeradius has a > > good library of parsing such dictionaries. It would be realativly easy > > to include this into hostapd. > Well, I tried to... It's not as easy as it seems... at least for me ! But, > yes, definitely, the source code exists in Freeradius. Please note that FreeRADIUS is licensed under GPL and as such code from it is not going to be merged into hostapd (dual GPL and BSD license). -- Jouni Malinen PGP id EFC895FA From emmendes at cpdee.ufmg.br Fri Feb 11 12:08:34 2005 From: emmendes at cpdee.ufmg.br (Eduardo Mendes) Date: Fri, 11 Feb 2005 15:08:34 -0200 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <420CBB8D.7070409@ericsson.com> References: <200502110823.25079.emmendes@cpdee.ufmg.br> <420CBB8D.7070409@ericsson.com> Message-ID: <200502111508.34449.emmendes@cpdee.ufmg.br> Hello Thanks. I have tried dhclient -1 ath0 but the message was: Unable to obtain a lease on the first time. Is there anything else that I can try? Many thanks Ed . On Friday 11 February 2005 12:05 pm, Jonathan Buschmann wrote: > I don't know what Mandrake uses for a dhcp client (fedora uses > dhclient), but maybe you need to run it (again) after starting > wpa_supplicant. > jonathan > > Eduardo Mendes waxed wise and spake thus on 02/11/2005 11:23 AM: > >On Thursday 10 February 2005 05:04 pm, Michael Reilly wrote: > >>Eduardo Mendes wrote: > >>>Hello > >>> > >>>Many thanks but unfortunately it didn't work. The two lights are > > > >blinking > > > >>>together but ifconfig shows that no valid ip was assigned to ath0. > >> > >>My lights both blink together for a second and then they stop blinking > >>together with madwifi. A few seconds later they blink together again > > > >and > > > >>then stop again. Are they blinking together continuously for you? > > > >In my case the lights blink together in equal time intervals. It seems > >that > >the card is somehow connected to the router but it can't get a valid ip > >address. I don't know what I am doing wrong. > > > >Here is the output of iwconfig and ifconfig after issuing the commands: > >ifconfig ath0, iwconfig ath0 channel 1, wpa_supplicant > >-c/etc/wpa_supplicant.conf -Dmadwifi -iath0 -d > > > >ath0 IEEE 802.11g ESSID:"eacghome.airlink" > > Mode:Managed Frequency:2.412GHz Access Point: > >00:E0:98:4F:D8:B2 > > Bit Rate:36Mb/s Tx-Power:50 dBm Sensitivity=0/3 > > Retry:off RTS thr:off Fragment thr:off > > Encryption key:DF6D-E315-877A-4A16-22FD-239D-A8A8-0B6F > >Security > >mode:restricted > > Power Management:off > > Link Quality:49/94 Signal level:-46 dBm Noise level:-95 dBm > > Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 > > Tx excessive retries:0 Invalid misc:0 Missed beacon:0 > > > > > > > >ath0 Link encap:Ethernet HWaddr 00:09:5B:C4:1A:E2 > > inet6 addr: fe80::209:5bff:fec4:1ae2/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:25 errors:19 dropped:0 overruns:0 frame:19 > > TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:199 > > RX bytes:2418 (2.3 Kb) TX bytes:1194 (1.1 Kb) > > Interrupt:9 Memory:d0a4a000-d0a5a000 > > > >Any hints? > > > >Cheers > > > >Ed > > > > > > > >_______________________________________________ > >HostAP mailing list > >HostAP at shmoo.com > >http://lists.shmoo.com/mailman/listinfo/hostap -- From ged at jubileegroup.co.uk Fri Feb 11 13:02:29 2005 From: ged at jubileegroup.co.uk (Ged Haywood) Date: Fri, 11 Feb 2005 18:02:29 +0000 (GMT) Subject: txpower settings + ALC option In-Reply-To: <420C9C4C.4030606@fastmail.fm> References: <20050209135518.6F06B2BFB2@mail.iocaine.com> <420B1D31.2020005@fastmail.fm> <420C9C4C.4030606@fastmail.fm> Message-ID: Hello again Ajeet, On Fri, 11 Feb 2005, Ajeet wrote: > Fortunately my PC-card's(Zyxell B-101) antenna is detachable, so i > detached it from STA's PC-CARD and now i am able to make a handoff > between two APs placed at opposite corners in a room of 15 feet. :) > But my original question about info on ALC option(in iwpriv) and if > there is any relation between ALC and txpower option(in iwconfig) still > remains unanswered. Try looking at these links, I found them with Google - you should try it! http://lists.freebsd.org/pipermail/freebsd-mobile/2003-June/000963.html http://www.jikos.cz/~jbohac/hostap/index-old.html > Also when i do "iwpriv wlan0 getalc" it gives error that Operation not > supported. Does it depend on PC-Cards model/manufacturer or only the > firmware. I have 1.8.0 firmware. Have you looked at the iwpriv documentation? http://www.fehu.org/iwpriv.html 73, Ged. From hiphin at cat-net.co.yu Fri Feb 11 15:06:20 2005 From: hiphin at cat-net.co.yu (hiphin at cat-net.co.yu) Date: Fri, 11 Feb 2005 21:06:20 +0100 Subject: bridge again ?... Message-ID: <20050211210620.c32ecf27@mail> Can't bealive, I'm stoped againg on bridging :) I have wlan0, wlan0wds0, wlan0wds1 in bridge and want to control traffic width HTB, ... does some one now how to do this. regards From togg at togg.de Fri Feb 11 14:52:25 2005 From: togg at togg.de (Sebastian Weitzel) Date: Fri, 11 Feb 2005 20:52:25 +0100 (CET) Subject: bridge again ?... In-Reply-To: <20050211210620.c32ecf27@mail> References: <20050211210620.c32ecf27@mail> Message-ID: <53400.127.0.0.1.1108151545.squirrel@flinky.home> > I have wlan0, wlan0wds0, wlan0wds1 in bridge and want to control traffic > width HTB, ... does some one now how to do this. shaping doesnt belong to this mailinglist. Go to http://www.lartc.org for an introduction to linux routing and traffic control. Regards, Sebastian Weitzel From andreaf at cs.columbia.edu Fri Feb 11 16:09:41 2005 From: andreaf at cs.columbia.edu (Andrea G. Forte) Date: Fri, 11 Feb 2005 16:09:41 -0500 (EST) Subject: hostap passive scanning. In-Reply-To: <20050211051310.GI8371@jm.kir.nu> References: <420AB76F.6070606@cs.columbia.edu> <20050210032101.GC8371@jm.kir.nu> <420AE309.7070604@cs.columbia.edu> <20050210044334.GS8371@jm.kir.nu> <420B86F6.4060806@cs.columbia.edu> <20050211051310.GI8371@jm.kir.nu> Message-ID: Actually that is a good idea. I will see if I can use passive scanning in Master mode. I want to monitor the APs and the channels without interfering. If I do it in Master mode, other STAs will try to associate with me. Is there a way to prevent this? Is there a way to use passive scanning in monitor mode? Thank you, Andrea On Thu, 10 Feb 2005, Jouni Malinen wrote: > On Thu, Feb 10, 2005 at 11:08:22AM -0500, Andrea G Forte wrote: > > > In manual mode "host_roaming 2" we have "more" control on the scanning > > process. > > In particular (as you know), in the driver there are two commands for > > forcing the firmware to start the probing part of the scanning > > (_RID_HOSTSCAN) and for forcing the Auth./Ass. part of the scanning > > (_RID_JOINREQUEST). However, the first one is for active scanning only > > (i.e. probes are sent to force APs to answer). > > > Does the ap_scan functionality send probes on each channel (in which > > case it is active scanning)? Or does it use passive scanning (listens > > for beacons and records the results)? > > It does not send Probe Requests. > > > I'm still somewhat unclear on why you would like to use passive scanning > in this way. It takes much more time to scan passively. If you really > want to do it and don't care about the gaps in connectivity, you could > as well just move to Master mode and do the scanning there. For > Managed mode, it would probably be better to use firmware to take care > of the passive scanning. > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > From fromkth+hostap at fastmail.fm Fri Feb 11 18:17:40 2005 From: fromkth+hostap at fastmail.fm (Ajeet Nankani) Date: Sat, 12 Feb 2005 00:17:40 +0100 Subject: Monitoring mode gets frames from more than one channel! In-Reply-To: <66c3877d0502110821109b5ad2@mail.gmail.com> References: <1108048792.6629.214778087@webmail.messagingengine.com> <20050211050335.GH8371@jm.kir.nu> <420C9CE4.8040004@fastmail.fm> <66c3877d05021104354c0188c4@mail.gmail.com> <420CB067.8050909@fastmail.fm> <66c3877d05021106102b130b0d@mail.gmail.com> <420CC873.9050009@fastmail.fm> <66c3877d0502110821109b5ad2@mail.gmail.com> Message-ID: <420D3D14.1070500@fastmail.fm> Sorry, when i said scanning i meant active. But even passive scanning requires you to go through all channels, and usually monitor mode is used to capture the packets on particular channels, so no channels changing and if you do change channels to get beacon frames on other channels then you would miss frames from your original channel where you want to monitor! -ajeet. eduardgv wrote: >>In monitor mode card does not transfer any frames, it only listens, so >>scanning while in monitor mode is out of question. > > > > why scanning while in monitor mode is out of question? Passive > scanning implies no frame transfer. In passive scanning the firmware > just listens for Beacon messages and no frame is transmitted, and > therefore it can be compatible with rfmon. From coert.vonk at gmail.com Fri Feb 11 18:24:15 2005 From: coert.vonk at gmail.com (Coert) Date: Fri, 11 Feb 2005 15:24:15 -0800 Subject: EAP-TLS hostapd<>wpa_supplicant 0.3.7-pre fails In-Reply-To: <5f5c317a0502111032b57c8b0@mail.gmail.com> References: <5f5c317a050210194033e8443a@mail.gmail.com> <20050211112138.GA19361@informatik.uni-rostock.de> <5f5c317a0502111032b57c8b0@mail.gmail.com> Message-ID: <5f5c317a05021115245682d263@mail.gmail.com> I am trying to read the WPA IE. I found IEEE 802.11i, but that only has the definition of the RSN IE. Can you point me to the WPA IE spec? On Fri, 11 Feb 2005 10:32:08 -0800, Coert wrote: > A workaround would be nice. Maybe I am doing something wrong, but I > switched to TKIP on both the authenticator and the supplicant, and > still see these messages: > > WPA: RX message 3 of 4-Way Handshake from 00:02:6f:21:df:ff (ver=1) > WPA: IE KeyData - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 > 02 01 00 00 50 f2 02 01 00 00 50 f2 01 > WPA: No WPA/RSN IE for this AP known. Trying to get from scan results > WPA: Found the current AP from updated scan results > WPA: IE in 3/4 msg does not match with IE in Beacon/ProbeResp > (src=00:02:6f:21:df:ff) > WPA: WPA IE in Beacon/ProbeResp - hexdump(len=26): dd 18 00 50 f2 01 > 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 01 00 > WPA: WPA IE in 3/4 msg - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 > 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 > > Updated traces and .conf files are attached > > BTW I cross posted it on the madwifi-users list, as Jouni suggested. > > /coert > > On Fri, 11 Feb 2005 12:21:38 +0100, Gunter Burchardt > wrote: > > An easy workaround is to use only TKIP or CCMP, not both together. > > > > regards > > gunter > > _______________________________________________ > > HostAP mailing list > > HostAP at shmoo.com > > http://lists.shmoo.com/mailman/listinfo/hostap > > > > > From acinonyxs at yahoo.gr Fri Feb 11 19:38:33 2005 From: acinonyxs at yahoo.gr (Acinonyx Jubatus) Date: Sat, 12 Feb 2005 02:38:33 +0200 Subject: txpower settings. References: <4209F98B.5000104@fastmail.fm> Message-ID: <00e901c5109b$3354d4e0$3c10020a@acinonyx> ----- Original Message ----- From: "Ajeet" To: Sent: Wednesday, February 09, 2005 1:52 PM Subject: txpower settings. > Hi, > > I am building a WLAN testbed(2 prism2 based APs and one prism2based STA > ) in a small room, so need to reduce the power of APs so i can do > handover in a small room while moving away from one AP to the other AP. > > I tried to used txpower option in iwconfig, but except "auto" and "off" > other options gives following error, > > Error for wireless request "Set Tx Power" (8B27): > GET failed on device wlan0 ; Operation not supoorted. > > So what do i need to do to reduce trasmitt power of APs. > is it something related with ALC? there is no info about what ALC is, in > README's or FAQ's. > > Thanks. > > -ajeet. Hello ajeet, you have to patch hostap to support tx power setting. With command iwconfig wlan0 txpower 127 you have minimum tx power With command iwconfig wlan0 txpower -128 you have maximum tx power You may see a warning during compilation. It is OK. The diff for 0.2.6 (don't know if it patches 0.3.x also): diff -Naur hostap-driver-0.2.5/driver/modules/hostap.c hostap-driver-0.2.5-patched/driver/modules/hostap.c --- hostap-driver-0.2.5/driver/modules/hostap.c 2004-07-12 05:06:14.000000000 +0300 +++ hostap-driver-0.2.5-patched/driver/modules/hostap.c 2004-12-19 13:13:40.000000000 +0200 @@ -1155,6 +1155,36 @@ return ret; } +/* BUG FIX: Restore power setting value when lost due to F/W bug */ + +int hostap_restore_power(struct net_device *dev) +{ + struct hostap_interface *iface = dev->priv; + local_info_t *local = iface->local; + + u16 val; + int ret = 0; + + if (local->txpower_type == PRISM2_TXPOWER_OFF) { + val = 0xff; /* use all standby and sleep modes */ + ret = local->func->cmd(dev, HFA384X_CMDCODE_WRITEMIF, + HFA386X_CR_A_D_TEST_MODES2, + &val, NULL); + } + +#ifdef RAW_TXPOWER_SETTING + if (local->txpower_type == PRISM2_TXPOWER_FIXED) { + val = HFA384X_TEST_CFG_BIT_ALC; + local->func->cmd(dev, HFA384X_CMDCODE_TEST | + (HFA384X_TEST_CFG_BITS << 8), 0, &val, NULL); + val = prism2_txpower_dBm_to_hfa386x(local->txpower); + ret = (local->func->cmd(dev, HFA384X_CMDCODE_WRITEMIF, + HFA386X_CR_MANUAL_TX_POWER, &val, NULL)); + } +#endif /* RAW_TXPOWER_SETTING */ + return (ret ? -EOPNOTSUPP : 0); +} + struct proc_dir_entry *hostap_proc; @@ -1205,6 +1235,7 @@ EXPORT_SYMBOL(hostap_set_hostapd_sta); EXPORT_SYMBOL(hostap_add_interface); EXPORT_SYMBOL(hostap_remove_interface); +EXPORT_SYMBOL(hostap_restore_power); EXPORT_SYMBOL(prism2_update_comms_qual); module_init(hostap_init); diff -Naur hostap-driver-0.2.5/driver/modules/hostap.h hostap-driver-0.2.5-patched/driver/modules/hostap.h --- hostap-driver-0.2.5/driver/modules/hostap.h 2003-11-30 04:14:26.000000000 +0200 +++ hostap-driver-0.2.5-patched/driver/modules/hostap.h 2004-12-19 13:14:28.000000000 +0200 @@ -36,6 +36,7 @@ const char *prefix, const char *name); void hostap_remove_interface(struct net_device *dev, int rtnl_locked, int remove_from_list); +int hostap_restore_power(struct net_device *dev); int prism2_update_comms_qual(struct net_device *dev); int prism2_sta_send_mgmt(local_info_t *local, u8 *dst, u8 stype, u8 *body, size_t bodylen); diff -Naur hostap-driver-0.2.5/driver/modules/hostap_ap.c hostap-driver-0.2.5-patched/driver/modules/hostap_ap.c --- hostap-driver-0.2.5/driver/modules/hostap_ap.c 2004-07-18 02:34:23.000000000 +0300 +++ hostap-driver-0.2.5-patched/driver/modules/hostap_ap.c 2004-12-19 22:42:35.000000000 +0200 @@ -2346,13 +2346,13 @@ addr[count].sa_family = ARPHRD_ETHER; memcpy(addr[count].sa_data, sta->addr, ETH_ALEN); if (sta->last_rx_silence == 0) - qual[count].qual = sta->last_rx_signal < 27 ? - 0 : (sta->last_rx_signal - 27) * 92 / 127; + qual[count].qual = sta->last_rx_signal < 156 ? + 0 : (sta->last_rx_signal - 156) * 92 / 64; else - qual[count].qual = sta->last_rx_signal - - sta->last_rx_silence - 35; - qual[count].level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal); - qual[count].noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence); + qual[count].qual = (sta->last_rx_signal - + sta->last_rx_silence) * 92 / 64; + qual[count].level = sta->last_rx_signal; + qual[count].noise = sta->last_rx_silence; qual[count].updated = sta->last_rx_updated; sta->last_rx_updated = 0; @@ -2413,13 +2413,13 @@ memset(&iwe, 0, sizeof(iwe)); iwe.cmd = IWEVQUAL; if (sta->last_rx_silence == 0) - iwe.u.qual.qual = sta->last_rx_signal < 27 ? - 0 : (sta->last_rx_signal - 27) * 92 / 127; + iwe.u.qual.qual = sta->last_rx_signal < 156 ? + 0 : (sta->last_rx_signal - 156) * 92 / 64; else - iwe.u.qual.qual = sta->last_rx_signal - - sta->last_rx_silence - 35; - iwe.u.qual.level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal); - iwe.u.qual.noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence); + iwe.u.qual.qual = (sta->last_rx_signal - + sta->last_rx_silence) * 92 / 64; + iwe.u.qual.level = sta->last_rx_signal; + iwe.u.qual.noise = sta->last_rx_silence; iwe.u.qual.updated = sta->last_rx_updated; iwe.len = IW_EV_QUAL_LEN; current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe, diff -Naur hostap-driver-0.2.5/driver/modules/hostap_config.h hostap-driver-0.2.5-patched/driver/modules/hostap_config.h --- hostap-driver-0.2.5/driver/modules/hostap_config.h 2004-10-04 02:36:26.000000000 +0300 +++ hostap-driver-0.2.5-patched/driver/modules/hostap_config.h 2004-12-19 16:04:09.000000000 +0200 @@ -94,6 +94,12 @@ */ /* #define PRISM2_NO_STATION_MODES */ +/* Enable TX power Setting functions + * (min att = -128 , max att = 127) + */ + +#define RAW_TXPOWER_SETTING + /* Use Linux crypto API instead of own encryption implementation whenever * possible. */ /* #define HOSTAP_USE_CRYPTO_API */ diff -Naur hostap-driver-0.2.5/driver/modules/hostap_hw.c hostap-driver-0.2.5-patched/driver/modules/hostap_hw.c --- hostap-driver-0.2.5/driver/modules/hostap_hw.c 2004-10-04 02:20:57.000000000 +0300 +++ hostap-driver-0.2.5-patched/driver/modules/hostap_hw.c 2004-12-19 21:10:23.000000000 +0200 @@ -1039,6 +1039,7 @@ dev->name, local->fragm_threshold); } + hostap_restore_power(dev); return res; } diff -Naur hostap-driver-0.2.5/driver/modules/hostap_info.c hostap-driver-0.2.5-patched/driver/modules/hostap_info.c --- hostap-driver-0.2.5/driver/modules/hostap_info.c 2004-02-29 20:05:44.000000000 +0200 +++ hostap-driver-0.2.5-patched/driver/modules/hostap_info.c 2004-12-19 22:00:46.000000000 +0200 @@ -418,6 +418,11 @@ } /* Get BSSID if we have a valid AP address */ + + if ( val == HFA384X_LINKSTATUS_CONNECTED || + val == HFA384X_LINKSTATUS_DISCONNECTED ) + hostap_restore_power(local->dev); + if (connected) { netif_carrier_on(local->dev); netif_carrier_on(local->ddev); diff -Naur hostap-driver-0.2.5/driver/modules/hostap_ioctl.c hostap-driver-0.2.5-patched/driver/modules/hostap_ioctl.c --- hostap-driver-0.2.5/driver/modules/hostap_ioctl.c 2004-10-04 02:20:57.000000000 +0300 +++ hostap-driver-0.2.5-patched/driver/modules/hostap_ioctl.c 2004-12-19 16:11:42.000000000 +0200 @@ -1429,23 +1429,20 @@ val = 255; tmp = val; - tmp >>= 2; - return -12 - tmp; + return tmp; } static u16 prism2_txpower_dBm_to_hfa386x(int val) { signed char tmp; - if (val > 20) - return 128; - else if (val < -43) + if (val > 127) return 127; + else if (val < -128) + return 128; tmp = val; - tmp = -12 - tmp; - tmp <<= 2; return (unsigned char) tmp; } From tanuja_iv at hotmail.com Fri Feb 11 19:34:55 2005 From: tanuja_iv at hotmail.com (tanuja ingale) Date: Sat, 12 Feb 2005 06:04:55 +0530 Subject: Changing EDCF parameters Message-ID: Hi, Is it possible to modify/tweak the EDCF parameter values like those of DIFS, SIFS, Backoff counter? If yes, how can create a .hex file as a firmware file to be downloaded onto the card. I'm using DLink 520 PCI card. Thanks, Tanuja _________________________________________________________________ Trailblazer Narain Karthikeyan. Know more about him ?n his life. http://server1.msn.co.in/sp04/tataracing/ Stay in the loop with Tata Racing! From coert.vonk at gmail.com Fri Feb 11 22:22:34 2005 From: coert.vonk at gmail.com (Coert) Date: Fri, 11 Feb 2005 19:22:34 -0800 Subject: EAP-TLS hostapd<>wpa_supplicant 0.3.7-pre fails In-Reply-To: <5f5c317a05021115245682d263@mail.gmail.com> References: <5f5c317a050210194033e8443a@mail.gmail.com> <20050211112138.GA19361@informatik.uni-rostock.de> <5f5c317a0502111032b57c8b0@mail.gmail.com> <5f5c317a05021115245682d263@mail.gmail.com> Message-ID: <5f5c317a05021119223c7139e0@mail.gmail.com> I analyzed the WPA IE (based on the "WPA IE version 1" comments in wpa.c), and found that my Authenticator was advertising pre-auth in its beacon/probe response, but did not include this in the WPA key handshake. I disabled pre-authentication on the Authenticator, and now the connection is coming up. WPA: WPA IE in 3/4 msg - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04 01 00 00 50 f2 01 WPA: WPA IE in Beacon/ProbeResp - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04 01 00 00 50 f2 01 01 00 ----- WPA capabilities=pre-auth ----------- auth key mng suite list=802.1X ----- auth key mng suite count=1 ----------- pairwise suite list=CCMP ----- pair wise suite count=1 ----------- group selecter CCMP ----- version=1 -- OUI type -------- OUI -- length -- generic id On Fri, 11 Feb 2005 15:24:15 -0800, Coert wrote: > I am trying to read the WPA IE. I found IEEE 802.11i, but that only > has the definition of the RSN IE. Can you point me to the WPA IE > spec? > > > On Fri, 11 Feb 2005 10:32:08 -0800, Coert wrote: > > A workaround would be nice. Maybe I am doing something wrong, but I > > switched to TKIP on both the authenticator and the supplicant, and > > still see these messages: > > > > WPA: RX message 3 of 4-Way Handshake from 00:02:6f:21:df:ff (ver=1) > > WPA: IE KeyData - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 > > 02 01 00 00 50 f2 02 01 00 00 50 f2 01 > > WPA: No WPA/RSN IE for this AP known. Trying to get from scan results > > WPA: Found the current AP from updated scan results > > WPA: IE in 3/4 msg does not match with IE in Beacon/ProbeResp > > (src=00:02:6f:21:df:ff) > > WPA: WPA IE in Beacon/ProbeResp - hexdump(len=26): dd 18 00 50 f2 01 > > 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 01 00 > > WPA: WPA IE in 3/4 msg - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 > > 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 > > > > Updated traces and .conf files are attached > > > > BTW I cross posted it on the madwifi-users list, as Jouni suggested. > > > > /coert > > > > On Fri, 11 Feb 2005 12:21:38 +0100, Gunter Burchardt > > wrote: > > > An easy workaround is to use only TKIP or CCMP, not both together. > > > > > > regards > > > gunter > > > _______________________________________________ > > > HostAP mailing list > > > HostAP at shmoo.com > > > http://lists.shmoo.com/mailman/listinfo/hostap From brad at langhorst.com Sat Feb 12 10:22:53 2005 From: brad at langhorst.com (Brad Langhorst) Date: Sat, 12 Feb 2005 10:22:53 -0500 Subject: wpa_supplicant + hostap -- won't associate with open APs. In-Reply-To: <877jmp4lyu.fsf@obelix.mork.no> References: <41C4D2EC.6000202@pepper.com> <20041220020447.GA7070@jm.kir.nu> <877jmp4lyu.fsf@obelix.mork.no> Message-ID: <1108221773.12253.92.camel@up> On Fri, 2005-01-07 at 10:39 +0100, Bj?rn Mork wrote: > It's not clear to me how the problem should be properly fixed, but > the simple hack I've attached lets me associate so I am pretty sure > the problem is identified: I want to report that I experienced the same problem with -Dmadwifi and wpa_supplicant v0.3.2 I applied your patch and am now able to associate ... though i do see this sort of thing Trying to associate with 00:60:1d:11:26:5d (SSID='CTS_net' freq=2437 MHz) Authentication with 00:00:00:00:00:00 timed out. Trying to associate with 00:60:1d:11:26:5d (SSID='CTS_net' freq=2437 MHz) Authentication with 00:00:00:00:00:00 timed out. Trying to associate with 00:60:1d:11:26:5d (SSID='CTS_net' freq=2437 MHz) Authentication with 00:00:00:00:00:00 timed out. Trying to associate with 00:60:1d:11:26:5d (SSID='CTS_net' freq=2437 MHz) Authentication with 00:00:00:00:00:00 timed out. Trying to associate with 00:60:1d:11:26:5d (SSID='CTS_net' freq=2437 MHz) Associated with 00:60:1d:11:26:5d thanks for a great program brad From jkmaline at cc.hut.fi Sat Feb 12 10:45:27 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sat, 12 Feb 2005 07:45:27 -0800 Subject: WPA+EAP-PEAP+MSCHAPv2 Problem + ETHEREAL DUMPS In-Reply-To: <200502111248.45906.gbaker@cs.mun.ca> References: <200502091523.05278.gbaker@cs.mun.ca> <20050210031533.GA8371@jm.kir.nu> <200502110826.56073.gbaker@cs.mun.ca> <200502111248.45906.gbaker@cs.mun.ca> Message-ID: <20050212154527.GA8394@jm.kir.nu> On Fri, Feb 11, 2005 at 12:48:45PM -0330, Greg Baker wrote: > To help diagnose my problem, I have saved two ethereal dumps. One is a dump > of a successful connect, and the other unsuccessful. Please note that the successful one used PEAPv0, not PEAPv1. It is common to use PEAPv0 with MSCHAPv2 and PEAPv1 with GTC. In other words, if you are using MSCHAPv2, it might be worth trying peapver=0 in phase1 configuration. > As you can see in the dump, the spot where it dies is at the initial TLS > handshake. The only difference I can see is that the successful connect > sends the TLS length in the packet, while the unsuccessful connect does not. Yes, and I believe that is the most likely explanation for the connection getting rejected here and the exact reason for adding include_tls_length option to wpa_supplicant. > I AM using the 0.3.7-pre version, and here is my config file... > > ctrl_interface=/var/run/wpa_supplicant > ctrl_interface_group=0 > eapol_version=1 > ap_scan=1 > network={ > ssid="stu" > scan_ssid=1 > key_mgmt=WPA-EAP > eap=PEAP > pairwise=TKIP > group=TKIP > identity="gbaker" > password="...." > phase1="include_tls_length=1 peapver=1 peaplabel=1" > phase2="auth=MSCHAPv2" > } > > It seems as though the include_tls_length=1 settings is not working... It should work, but yes, the capture log in Fail certainly did not look like this was enabled. I believe that is the most likely explanation for the connection getting rejected here. Could you please verify that the wpa_supplicant debug log shows "TLS: Include TLS Message Length in unfragmented packets" when using this configuration? If not, please make sure that the wpa_supplicant version is indeed correct and post the debug log. When I used this configuration file in a test, the debug log showed following lines in beginning of PEAP initialization: EAP: initialize selected EAP method (25, PEAP) EAP-PEAP: Forced PEAP version 1 EAP-PEAP: Force new label for key derivation EAP-PEAP: Unsupported Phase2 method 'MSCHAPv2' EAP-PEAP: Phase2 EAP types - hexdump(len=8): 04 1a 06 05 12 11 ff 17 TLS: Include TLS Message Length in unfragmented packets EAP: EAP entering state METHOD In other words, include_tls_length option was noticed (and TLS Length was indeed added to messages) and so was a typo in the EAP method name (it should be MSCHAPV2). -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Sat Feb 12 12:04:02 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sat, 12 Feb 2005 09:04:02 -0800 Subject: hostap/hostapd/wpa_supplicant - new stable release v0.3.7 Message-ID: <20050212170402.GB8394@jm.kir.nu> New versions of the Host AP driver, hostapd, and wpa_supplicant were just released and are now available from http://hostap.epitest.fi/ This release is the first v0.3.x stable release and beginning of a new stable branch. This 0.3.x branch replaces 0.2.x as the current stable branch. Development continues in CVS trunk. Most of the new features in 0.3.x (when compared to 0.2.x) are in wpa_supplicant and hostapd. Host AP driver and hostap-utils got only minor changes and most of the bug fixes were already merged into 0.2.x versions. wpa_supplicant: - new operation system support: FreeBSD and Windows - new driver interface: driver_broadcom - new EAP methods: EAP-PSK, EAP-AKA, EAP-FAST - DH/DSA parasmeters configuration and ephemeral DH key exchange (TLS) (dh_file) - matching subject of the authentication server certificate (subject_match) - private key as PKCS#12 (PFX) file - new EAP workaround for EAP-PEAP interoperability with CiscoACS (includes_tls_length=1 in phase1 variable) - support for larger scan results report - improved driver interface API - multiple interfaces (radios) can be controlled with one wpa_supplicant process - new operation mode (ap_scan=2) to allow drivers to take care of association and roaming (e.g., for ndiswrapper and NDIS drivers) - control interface (e.g., for wpa_cli) can be removed at build time; add CONFIG_CTRL_IFACE=y to .config to include it in order to match 0.2.x behavior hostapd: - RADIUS accounting improvements - RADIUS authentication and accounting client MIB (RFC2618, RFC2620) - added support for FreeBSD - support for multiple drivers: madwifi, Prism54, wired, bsd - support multiple WPA pre-shared keys - updated from IEEE 802.1X-2001 to IEEE 802.1X-REV (not d11) - updated minimal IAPP support from draft 3 to IEEE 802.11F-2003 - control interface and example CLI, hostapd_cli - dual-licensed under GPLv2 and BSD licenses - added integrated EAP authenticator that can be used as a replacement for an external RADIUS authentication server; in addition, this can be used as a RADIUS authentication server for other devices; supported EAP methods: EAP-MD5, EAP-TLS, EAP-MSCHAPv2, EAP-GTC, EAP-PEAP, EAP-TTLS, EAP-SIM - new configuration variables: driver, eap_reauth_period, wpa_strict_rekey, eap_authenticator, eap_user_file, ca_cert, server_cert, private_key, private_key_passwd See ChangeLogs for 0.3.x development versions for more details. -- Jouni Malinen PGP id EFC895FA From coert.vonk at gmail.com Sat Feb 12 14:14:48 2005 From: coert.vonk at gmail.com (Coert) Date: Sat, 12 Feb 2005 11:14:48 -0800 Subject: [success] EAP-TLS hostapd<>wpa_supplicant 0.3.7-pre fails In-Reply-To: <5f5c317a05021119223c7139e0@mail.gmail.com> References: <5f5c317a050210194033e8443a@mail.gmail.com> <20050211112138.GA19361@informatik.uni-rostock.de> <5f5c317a0502111032b57c8b0@mail.gmail.com> <5f5c317a05021115245682d263@mail.gmail.com> <5f5c317a05021119223c7139e0@mail.gmail.com> Message-ID: <5f5c317a05021211143782fc82@mail.gmail.com> I am happy to announce that hostapd<>wpa_supplicant is now working in my setup. It is using EAP-TLS. The hostapd authenticator is running with the latest madwifi driver from cvs. The supplicant is running with ndiswrapper on top of a dell truewireless card (broadcom). Notes about my configuration can be found at: http://www.cybcon.com/~coert/linux/wrap/wireless.html Thanks for the help, /coert On Fri, 11 Feb 2005 19:22:34 -0800, Coert wrote: > I analyzed the WPA IE (based on the "WPA IE version 1" comments in > wpa.c), and found that my Authenticator was advertising pre-auth in > its beacon/probe response, but did not include this in the WPA key > handshake. I disabled pre-authentication on the Authenticator, and > now the connection is coming up. > > WPA: WPA IE in 3/4 msg - hexdump(len=24): > dd 16 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04 01 00 00 50 f2 01 > > WPA: WPA IE in Beacon/ProbeResp - hexdump(len=26): > dd 18 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04 01 00 00 50 f2 01 01 00 > > ----- WPA capabilities=pre-auth > > ----------- auth key mng suite list=802.1X > ----- auth key > mng suite count=1 > ----------- pairwise suite list=CCMP > ----- pair wise suite count=1 > ----------- group selecter CCMP > ----- version=1 > -- OUI type > -------- OUI > -- length > -- generic id > > > On Fri, 11 Feb 2005 15:24:15 -0800, Coert wrote: > > I am trying to read the WPA IE. I found IEEE 802.11i, but that only > > has the definition of the RSN IE. Can you point me to the WPA IE > > spec? > > > > > > On Fri, 11 Feb 2005 10:32:08 -0800, Coert wrote: > > > A workaround would be nice. Maybe I am doing something wrong, but I > > > switched to TKIP on both the authenticator and the supplicant, and > > > still see these messages: > > > > > > WPA: RX message 3 of 4-Way Handshake from 00:02:6f:21:df:ff (ver=1) > > > WPA: IE KeyData - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 > > > 02 01 00 00 50 f2 02 01 00 00 50 f2 01 > > > WPA: No WPA/RSN IE for this AP known. Trying to get from scan results > > > WPA: Found the current AP from updated scan results > > > WPA: IE in 3/4 msg does not match with IE in Beacon/ProbeResp > > > (src=00:02:6f:21:df:ff) > > > WPA: WPA IE in Beacon/ProbeResp - hexdump(len=26): dd 18 00 50 f2 01 > > > 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 01 00 > > > WPA: WPA IE in 3/4 msg - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 > > > 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 > > > > > > Updated traces and .conf files are attached > > > > > > BTW I cross posted it on the madwifi-users list, as Jouni suggested. > > > > > > /coert > > > > > > On Fri, 11 Feb 2005 12:21:38 +0100, Gunter Burchardt > > > wrote: > > > > An easy workaround is to use only TKIP or CCMP, not both together. > > > > > > > > regards > > > > gunter > > > > _______________________________________________ > > > > HostAP mailing list > > > > HostAP at shmoo.com > > > > http://lists.shmoo.com/mailman/listinfo/hostap > From coert.vonk at gmail.com Sat Feb 12 14:37:20 2005 From: coert.vonk at gmail.com (Coert) Date: Sat, 12 Feb 2005 11:37:20 -0800 Subject: hostapd <> Intel ProSet = authentication fails Message-ID: <5f5c317a05021211375ca10528@mail.gmail.com> My last venture for a while. Trying to get my wife's laptop authenticated using WPA. The laptop is using version 7.1 of Intel ProSet supplicant that claims to support WPA. In the attached hostapd traces, I see it sending an authentication request. There is no answer from the supplicant. The only debugging that I can enable for ProSet is not very helpful when trying to get WPA running (it is about the physical interface). Do you know how to enable WPA debugging in ProSet? Are the "known issues" with this supplicant? thanks Coert From coert.vonk at gmail.com Sat Feb 12 15:44:52 2005 From: coert.vonk at gmail.com (Coert) Date: Sat, 12 Feb 2005 12:44:52 -0800 Subject: hostapd <> Intel ProSet = authentication fails In-Reply-To: <5f5c317a05021211375ca10528@mail.gmail.com> References: <5f5c317a05021211375ca10528@mail.gmail.com> Message-ID: <5f5c317a05021212445f5bd04@mail.gmail.com> Sorry, I forgot to attach the traces and conf On Sat, 12 Feb 2005 11:37:20 -0800, Coert wrote: > My last venture for a while. Trying to get my wife's laptop > authenticated using WPA. The laptop is using version 7.1 of Intel > ProSet supplicant that claims to support WPA. > > In the attached hostapd traces, I see it sending an authentication > request. There is no answer from the supplicant. The only debugging > that I can enable for ProSet is not very helpful when trying to get > WPA running (it is about the physical interface). > > Do you know how to enable WPA debugging in ProSet? Are the "known > issues" with this supplicant? > > thanks > Coert > -------------- next part -------------- A non-text attachment was scrubbed... Name: hostapd.conf Type: application/octet-stream Size: 740 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050212/b51f2239/attachment.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: hostapd.eap_user Type: application/octet-stream Size: 170 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050212/b51f2239/attachment-0001.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: hostapd.proset.log.gz Type: application/x-gzip Size: 1861 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050212/b51f2239/attachment.bin From jkmaline at cc.hut.fi Sat Feb 12 17:00:47 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sat, 12 Feb 2005 14:00:47 -0800 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <200502111049.27486.emmendes@cpdee.ufmg.br> References: <200502101412.09344.emmendes@cpdee.ufmg.br> <20050211051649.GJ8371@jm.kir.nu> <200502111049.27486.emmendes@cpdee.ufmg.br> Message-ID: <20050212220047.GD8394@jm.kir.nu> On Fri, Feb 11, 2005 at 10:49:27AM -0200, Eduardo Mendes wrote: > I am seinding below all the info I've got from the debug option. Would you be > so kind to tell me where it is shown that the driver is unable to complete > association with the AP, please? This debug log shows a successfully completed authentication or to be more exact, two of them. > Mutex destroy failure: Device or resource busy > ICE default IO error handler doing an exit(), pid = 4230, errno = 0 I don't know where that came to the log, but it is not from wpa_supplicant.. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Sat Feb 12 20:27:16 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sat, 12 Feb 2005 17:27:16 -0800 Subject: hostapd <> Intel ProSet = authentication fails In-Reply-To: <5f5c317a05021211375ca10528@mail.gmail.com> References: <5f5c317a05021211375ca10528@mail.gmail.com> Message-ID: <20050213012716.GA8389@jm.kir.nu> On Sat, Feb 12, 2005 at 11:37:20AM -0800, Coert wrote: > My last venture for a while. Trying to get my wife's laptop > authenticated using WPA. The laptop is using version 7.1 of Intel > ProSet supplicant that claims to support WPA. > > In the attached hostapd traces, I see it sending an authentication > request. There is no answer from the supplicant. The only debugging > that I can enable for ProSet is not very helpful when trying to get > WPA running (it is about the physical interface). > > Do you know how to enable WPA debugging in ProSet? Are the "known > issues" with this supplicant? Yes, there is a known issue with that supplicant. It does not seem to like EAPOL version 2 even though IEEE 802.1X standard requires that newer version numbers are processed.. A quick workaround is to change hostapd to claim it is using version 1 by modifying following line in hostapd/ieee802_1x.h: #define EAPOL_VERSION 2 to #define EAPOL_VERSION 1 Please let me know if this allows you to complete authentication with the Intel ProSet supplicant. -- Jouni Malinen PGP id EFC895FA From coert.vonk at gmail.com Sat Feb 12 21:07:33 2005 From: coert.vonk at gmail.com (Coert) Date: Sat, 12 Feb 2005 18:07:33 -0800 Subject: [success] hostapd <> Intel ProSet = authentication fails In-Reply-To: <20050213012716.GA8389@jm.kir.nu> References: <5f5c317a05021211375ca10528@mail.gmail.com> <20050213012716.GA8389@jm.kir.nu> Message-ID: <5f5c317a050212180732bd976b@mail.gmail.com> It is working for me. Just before I got your email, I updated the PROSet supplicant to the latest and greatest version 7.1.3.2, and that solved the problem. I noticed something about server certificates in the release notes. That means that all my wireless systems are up and running using WPA. hostapd running on the access point, and wpa_supplicant running on the linux supplicants. For others trying to configure something simular, I added the Intel PROSet config to my notes at: http://www.cybcon.com/~coert/linux/wrap/wireless.html Thanks for all the help, Coert Vonk On Sat, 12 Feb 2005 17:27:16 -0800, Jouni Malinen wrote: > On Sat, Feb 12, 2005 at 11:37:20AM -0800, Coert wrote: > > > My last venture for a while. Trying to get my wife's laptop > > authenticated using WPA. The laptop is using version 7.1 of Intel > > ProSet supplicant that claims to support WPA. > > > > In the attached hostapd traces, I see it sending an authentication > > request. There is no answer from the supplicant. The only debugging > > that I can enable for ProSet is not very helpful when trying to get > > WPA running (it is about the physical interface). > > > > Do you know how to enable WPA debugging in ProSet? Are the "known > > issues" with this supplicant? > > Yes, there is a known issue with that supplicant. It does not seem to > like EAPOL version 2 even though IEEE 802.1X standard requires that > newer version numbers are processed.. > > A quick workaround is to change hostapd to claim it is using version 1 > by modifying following line in hostapd/ieee802_1x.h: > > #define EAPOL_VERSION 2 > > to > > #define EAPOL_VERSION 1 > > Please let me know if this allows you to complete authentication with > the Intel ProSet supplicant. > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > From jkmaline at cc.hut.fi Sat Feb 12 22:11:47 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sat, 12 Feb 2005 19:11:47 -0800 Subject: Patch: running external commands from wpa_supplicant In-Reply-To: <1107338072.19863.27.camel@sponge.fungus> References: <1105470539.11819.12.camel@sponge.fungus> <20050114043602.GB8380@jm.kir.nu> <1107338072.19863.27.camel@sponge.fungus> Message-ID: <20050213031147.GB8389@jm.kir.nu> On Wed, Feb 02, 2005 at 10:54:32AM +0100, Henrik Brix Andersen wrote: > The main purpose of my patch is to allow using wpa_supplicant as a > complete replacement for waproamd - allowing wpa_supplicant to control > the distribution specific networking scripts when associating to a new > network. OK. Though, I'm still not very happy about executing external programs for two reasons: blocking wpa_supplicant and potential security problems when running something else with root privileges. Blocking can be resolved by forking a child process to run the commands (on OSes that support this). This can also be used to close all file descriptors to prevent external commands from having access to them. I'm hoping to be able to drop root privileges from most of the wpa_supplicant operation. If I understood correctly, you would like to be able to run external commands that are likely to require root privileges, which is against the goal of getting wpa_supplicant to not need root privileges for most of the code.. Please also note that the current development version has a new function, wpa_supplicant_set_state(), which has knowledge of when then connection is truly completed, i.e., when data packets can be sent, and even when this happened after a roam to a new AP. Currently, external programs can get an event through the wpa_supplicant control interface when connection has been established. This should take care of the cases where there is another daemon processing network events. If you believe that it would be better to to get calls to external programs, one option would be to write a minimal daemon that opens a connection to wpa_supplicant control interface and takes care of calling these external programs. This should eliminate both of my objections about blocking wpa_supplicant and extra requirement for root privileges. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Sun Feb 13 21:35:31 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sun, 13 Feb 2005 18:35:31 -0800 Subject: wpa_supplicant - new stable releases v0.3.8 and v0.2.7 Message-ID: <20050214023531.GB8397@jm.kir.nu> New versions of wpa_supplicant stable branches were just released and are now available from http://hostap.epitest.fi/ This release is a bug fix release for all current stable branches. A missing validation of received EAPOL-Key frames was found during code review. This omission makes it possible to construct a packet that will cause wpa_supplicant to crash with segmentation fault due to buffer overflow when reading the invalid EAPOL-Key packet data. This omission of required validation step happened during addition of WPA2 support and is thus present in all released versions of wpa_supplicant except for the first v0.2.0 release that did not yet have WPA2 support. If WPA2 is enabled ('proto' configuration variable includes WPA2 or RSN, or is commented out in configuration), an unauthenticated EAPOL-Key frame (message 1 of 4-Way Handshake) can trigger this failure. If WPA2 is not enabled, only authenticated frames (message 3 of 4-Way Handshake) trigger this failure, i.e., AP must be able to determine the correct PMK and PTK to send such a frame. All users of wpa_supplicant are recommended to update to the new versions, either v0.3.8 or v0.2.7. Alternatively, the attached patch can be used to add the missing validation for EAPOL-Key frames. This patch should apply to all versions starting from v0.2.2 (with some offset differences). This change is also included in the current development snapshot. wpa_supplicant: * fixed EAPOL-Key validation to drop packets with invalid Key Data Length; such frames could have crashed wpa_supplicant due to buffer overflow -- Jouni Malinen PGP id EFC895FA -------------- next part -------------- diff -upr wpa_supplicant-0.3.7/wpa.c wpa_supplicant-0.3.8/wpa.c --- wpa_supplicant-0.3.7/wpa.c 2005-01-30 20:25:36.000000000 -0800 +++ wpa_supplicant-0.3.8/wpa.c 2005-02-13 10:47:25.000000000 -0800 @@ -1961,6 +1961,13 @@ static void wpa_sm_rx_eapol(struct wpa_s extra_len = data_len - sizeof(*hdr) - sizeof(*key); + if (be_to_host16(key->key_data_length) > extra_len) { + wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid EAPOL-Key frame - " + "key_data overflow (%d > %d)", + be_to_host16(key->key_data_length), extra_len); + return; + } + if (wpa_s->proto == WPA_PROTO_RSN && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) && wpa_supplicant_decrypt_key_data(wpa_s, key, ver)) From hs4233 at mail.mn-solutions.de Mon Feb 14 04:13:15 2005 From: hs4233 at mail.mn-solutions.de (Holger Schurig) Date: Mon, 14 Feb 2005 10:13:15 +0100 Subject: Config example for wpa_supplicant / Cisco 1200 Message-ID: <200502141013.16070.hs4233@mail.mn-solutions.de> Hi Guys ! Does anybody have a sample config.txt from a Cisco 1200 and a wpa_supplicant configuration combo? It is not that easy to match the terms used in the web page based configuration of the Cisco and to the configuration entries of wpa_supplicants config file. So I wondered if somebody already made this work ... From Jonathan.Buschmann at ericsson.com Mon Feb 14 05:32:32 2005 From: Jonathan.Buschmann at ericsson.com (Jonathan Buschmann) Date: Mon, 14 Feb 2005 11:32:32 +0100 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <200502111508.34449.emmendes@cpdee.ufmg.br> References: <200502111508.34449.emmendes@cpdee.ufmg.br> Message-ID: <42107E40.9050209@ericsson.com> Hi, Be sure first that wpa_client has succesfully authenticated. Try dhclient without the -1. BTW, is your dhcp server on the same subnetwork as your client? jonathan Eduardo Mendes waxed wise and spake thus on 02/11/2005 06:08 PM: >Hello > >Thanks. I have tried dhclient -1 ath0 but the message was: > >Unable to obtain a lease on the first time. > > >Is there anything else that I can try? > >Many thanks > >Ed >. > > >On Friday 11 February 2005 12:05 pm, Jonathan Buschmann wrote: > > >>I don't know what Mandrake uses for a dhcp client (fedora uses >>dhclient), but maybe you need to run it (again) after starting >>wpa_supplicant. >>jonathan >> >>Eduardo Mendes waxed wise and spake thus on 02/11/2005 11:23 AM: >> >> >>>On Thursday 10 February 2005 05:04 pm, Michael Reilly wrote: >>> >>> >>>>Eduardo Mendes wrote: >>>> >>>> >>>>>Hello >>>>> >>>>>Many thanks but unfortunately it didn't work. The two lights are >>>>> >>>>> >>>blinking >>> >>> >>> >>>>>together but ifconfig shows that no valid ip was assigned to ath0. >>>>> >>>>> >>>>My lights both blink together for a second and then they stop >>>> >>>> >blinking > > >>>>together with madwifi. A few seconds later they blink together >>>> >>>> >again > > >>>and >>> >>> >>> >>>>then stop again. Are they blinking together continuously for you? >>>> >>>> >>>In my case the lights blink together in equal time intervals. It >>> >>> >seems > > >>>that >>>the card is somehow connected to the router but it can't get a valid >>> >>> >ip > > >>>address. I don't know what I am doing wrong. >>> >>>Here is the output of iwconfig and ifconfig after issuing the >>> >>> >commands: > > >>>ifconfig ath0, iwconfig ath0 channel 1, wpa_supplicant >>>-c/etc/wpa_supplicant.conf -Dmadwifi -iath0 -d >>> >>>ath0 IEEE 802.11g ESSID:"eacghome.airlink" >>> Mode:Managed Frequency:2.412GHz Access Point: >>>00:E0:98:4F:D8:B2 >>> Bit Rate:36Mb/s Tx-Power:50 dBm Sensitivity=0/3 >>> Retry:off RTS thr:off Fragment thr:off >>> Encryption key:DF6D-E315-877A-4A16-22FD-239D-A8A8-0B6F >>>Security >>>mode:restricted >>> Power Management:off >>> Link Quality:49/94 Signal level:-46 dBm Noise level:-95 >>> >>> >dBm > > >>> Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 >>> Tx excessive retries:0 Invalid misc:0 Missed beacon:0 >>> >>> >>> >>>ath0 Link encap:Ethernet HWaddr 00:09:5B:C4:1A:E2 >>> inet6 addr: fe80::209:5bff:fec4:1ae2/64 Scope:Link >>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>> RX packets:25 errors:19 dropped:0 overruns:0 frame:19 >>> TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:199 >>> RX bytes:2418 (2.3 Kb) TX bytes:1194 (1.1 Kb) >>> Interrupt:9 Memory:d0a4a000-d0a5a000 >>> >>>Any hints? >>> >>>Cheers >>> >>>Ed >>> >>> >>> >>>_______________________________________________ >>>HostAP mailing list >>>HostAP at shmoo.com >>>http://lists.shmoo.com/mailman/listinfo/hostap >>> >>> > > > From yenjung at gmail.com Mon Feb 14 05:33:19 2005 From: yenjung at gmail.com (YenJung Chang) Date: Mon, 14 Feb 2005 18:33:19 +0800 Subject: can not connect to Cisco 1231 with WPA-PSK(wpa_supplicant 0.3.8 and madwifi) Message-ID: <32653c97050214023343209248@mail.gmail.com> Hi, List, I can not connect to Cisco 1231 with WPA-PSK. Following is my configure file, wpa_supplicant.conf, and output message. Any advice is appreciated. I used wpa_supplicant 0.3.8 and madwifi. --------wpa_supplicant.conf------------- eapol_version=1 ap_scan=1 fast_reauth=1 network={ proto=WPA ssid="Cisco1231g" psk="12345678" auth_alg=OPEN key_mgmt=WPA-PSK pairwise=TKIP group=TKIP } --------------------------------------------------------- --------output message----------- Initializing interface 'ath0' conf '/etc/wpa_supplicant.conf' driver 'default' Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' eapol_version=1 ap_scan=1 fast_reauth=1 Priority group 0 id=0 ssid='Cisco1231g' Initializing interface (2) 'ath0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 Own MAC address: 00:30:ab:24:fc:ef wpa_driver_madwifi_set_wpa: enabled=1 wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_del_key: keyidx=1 wpa_driver_madwifi_del_key: keyidx=2 wpa_driver_madwifi_del_key: keyidx=3 wpa_driver_madwifi_set_countermeasures: enabled=0 wpa_driver_madwifi_set_drop_unencrypted: enabled=1 Setting scan request: 0 sec 100000 usec Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added Starting AP scan (broadcast SSID) Wireless event: cmd=0x8b1a len=12 Wireless event: cmd=0x8b19 len=12 Received 4095 bytes of scan results (18 BSSes) Scan results: 18 Selecting BSS from priority group 0 0: 00:0f:b5:36:c7:fd ssid='spencer-602v3' wpa_ie_len=0 rsn_ie_len=22 skip - SSID mismatch 1: 00:0f:b5:0f:27:df ssid='*spencer*' wpa_ie_len=24 rsn_ie_len=0 skip - SSID mismatch 2: 00:09:5b:f7:14:8c ssid='3067' wpa_ie_len=24 rsn_ie_len=0 skip - SSID mismatch 3: 00:03:7f:bf:06:f4 ssid='test goose' wpa_ie_len=26 rsn_ie_len=0 skip - SSID mismatch 4: 00:0f:b5:35:4f:19 ssid='wifi' wpa_ie_len=0 rsn_ie_len=22 skip - SSID mismatch 5: 00:12:00:d7:4f:20 ssid='Cisco1231g' wpa_ie_len=26 rsn_ie_len=0 selected Trying to associate with 00:12:00:d7:4f:20 (SSID='Cisco1231g' freq=2462 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 Overriding auth_alg selection: 0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT WPA-PSK WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 No keys have been configured - skip key clearing wpa_driver_madwifi_set_drop_unencrypted: enabled=1 wpa_driver_madwifi_associate Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - EAP success=0 EAPOL: External notification - EAP fail=0 EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=23 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:12:00:d7:4f:20 Association event - clear replay counter Associated to a new BSS: BSSID=00:12:00:d7:4f:20 No keys have been configured - skip key clearing Associated with 00:12:00:d7:4f:20 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0) EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec RX EAPOL from 00:12:00:d7:4f:20 Setting authentication timeout: 10 sec 0 usec EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=95 EAPOL-Key type=254 WPA: RX message 1 of 4-Way Handshake from 00:12:00:d7:4f:20 (ver=1) WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 WPA: Renewed SNonce - hexdump(len=32): df df 5b 9d 46 26 d7 ca 57 89 44 08 50 4c 9c 4f 9d a8 95 e8 33 37 76 55 c7 e6 9b b7 ee b2 4c b4 WPA: PMK - hexdump(len=32): [REMOVED] WPA: PTK - hexdump(len=64): [REMOVED] WPA: EAPOL-Key MIC - hexdump(len=16): 4a 6a c1 75 b3 8e 72 6c af 64 eb eb ea 1a 2e 96 WPA: Sending EAPOL-Key 2/4 RX EAPOL from 00:12:00:d7:4f:20 EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=121 EAPOL-Key type=254 WPA: RX message 3 of 4-Way Handshake from 00:12:00:d7:4f:20 (ver=1) WPA: IE KeyData - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 28 00 WPA: Sending EAPOL-Key 4/4 WPA: Installing PTK to the driver. WPA: RSC - hexdump(len=6): 00 00 00 00 00 00 wpa_driver_madwifi_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32 RX EAPOL from 00:12:00:d7:4f:20 EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=127 EAPOL-Key type=254 WPA: RX message 1 of Group Key Handshake from 00:12:00:d7:4f:20 (ver=1) WPA: Group Key - hexdump(len=32): [REMOVED] WPA: Installing GTK to the driver (keyidx=1 tx=0). WPA: RSC - hexdump(len=6): 3e 00 00 00 00 00 wpa_driver_madwifi_set_key: alg=TKIP key_idx=1 set_tx=0 seq_len=6 key_len=32 WPA: Sending EAPOL-Key 2/2 WPA: Key negotiation completed with 00:12:00:d7:4f:20 [PTK=TKIP GTK=TKIP] Cancelling authentication timeout EAPOL: External notification - portValid=1 EAPOL: External notification - EAP success=1 EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state SUCCESS EAPOL: SUPP_PAE entering state AUTHENTICATED EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:12:00:d7:4f:20 EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=127 EAPOL-Key type=254 WPA: RX message 1 of Group Key Handshake from 00:12:00:d7:4f:20 (ver=1) WPA: Group Key - hexdump(len=32): [REMOVED] WPA: Installing GTK to the driver (keyidx=1 tx=0). WPA: RSC - hexdump(len=6): 3e 00 00 00 00 00 wpa_driver_madwifi_set_key: alg=TKIP key_idx=1 set_tx=0 seq_len=6 key_len=32 WPA: Sending EAPOL-Key 2/2 WPA: Group rekeying completed with 00:12:00:d7:4f:20 [GTK=TKIP] RX EAPOL from 00:12:00:d7:4f:20 EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=127 EAPOL-Key type=254 WPA: RX message 1 of Group Key Handshake from 00:12:00:d7:4f:20 (ver=1) WPA: Group Key - hexdump(len=32): [REMOVED] WPA: Installing GTK to the driver (keyidx=1 tx=0). WPA: RSC - hexdump(len=6): 3e 00 00 00 00 00 wpa_driver_madwifi_set_key: alg=TKIP key_idx=1 set_tx=0 seq_len=6 key_len=32 WPA: Sending EAPOL-Key 2/2 WPA: Group rekeying completed with 00:12:00:d7:4f:20 [GTK=TKIP] Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Setting scan request: 0 sec 100000 usec Added BSSID 00:12:00:d7:4f:20 into blacklist EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 Disconnect event - remove keys ------------------------------------------------------------------------------ Regards, YJ. From jasin at telnet-ri.es Mon Feb 14 06:50:20 2005 From: jasin at telnet-ri.es (Jesus Asin) Date: Mon, 14 Feb 2005 12:50:20 +0100 Subject: bridge in Ad-Hoc Mode Message-ID: <1108381820.1794.14.camel@jasin> Is possible use the bridge with a card in Ad-Hoc mode ? I try to all ways with the last hostap driver but I can't work with it. If is not possible use the brigde with a card in Ad-Hoc mode, That posibilities are ? Thanks Jesus Asin From gbaker at cs.mun.ca Mon Feb 14 07:25:09 2005 From: gbaker at cs.mun.ca (Greg Baker) Date: Mon, 14 Feb 2005 08:55:09 -0330 Subject: [success] WPA+EAP-PEAP+MSCHAPv2 Problem In-Reply-To: <20050212154527.GA8394@jm.kir.nu> References: <200502091523.05278.gbaker@cs.mun.ca> <200502111248.45906.gbaker@cs.mun.ca> <20050212154527.GA8394@jm.kir.nu> Message-ID: <200502140855.09653.gbaker@cs.mun.ca> Thanks for everything guys. I can now connect to the wireless fine with the new 0.3.8 version of wpa_supplicant. One other question though, I just did an ifconfig and noticed this: RX packets:1382 errors:1826 dropped:0 overruns:0 frame:1301 TX packets:634 errors:0 dropped:0 overruns:0 carrier:0 That seems like a lot of incoming errors. What could this be caused by? Is it inherent to wireless networks (perhaps interference or something)? Thanks.. Greg On February 12, 2005 12:15 pm, Jouni Malinen wrote: > On Fri, Feb 11, 2005 at 12:48:45PM -0330, Greg Baker wrote: > > To help diagnose my problem, I have saved two ethereal dumps. One is a > > dump of a successful connect, and the other unsuccessful. > > Please note that the successful one used PEAPv0, not PEAPv1. It is > common to use PEAPv0 with MSCHAPv2 and PEAPv1 with GTC. In other words, > if you are using MSCHAPv2, it might be worth trying peapver=0 in phase1 > configuration. > > > As you can see in the dump, the spot where it dies is at the initial TLS > > handshake. The only difference I can see is that the successful connect > > sends the TLS length in the packet, while the unsuccessful connect does > > not. > > Yes, and I believe that is the most likely explanation for > the connection getting rejected here and the exact reason for adding > include_tls_length option to wpa_supplicant. > > > I AM using the 0.3.7-pre version, and here is my config file... > > > > ctrl_interface=/var/run/wpa_supplicant > > ctrl_interface_group=0 > > eapol_version=1 > > ap_scan=1 > > network={ > > ssid="stu" > > scan_ssid=1 > > key_mgmt=WPA-EAP > > eap=PEAP > > pairwise=TKIP > > group=TKIP > > identity="gbaker" > > password="...." > > phase1="include_tls_length=1 peapver=1 peaplabel=1" > > phase2="auth=MSCHAPv2" > > } > > > > It seems as though the include_tls_length=1 settings is not working... > > It should work, but yes, the capture log in Fail certainly did not look > like this was enabled. I believe that is the most likely explanation for > the connection getting rejected here. Could you please verify that the > wpa_supplicant debug log shows "TLS: Include TLS Message Length in > unfragmented packets" when using this configuration? If not, please make > sure that the wpa_supplicant version is indeed correct and post the > debug log. > > When I used this configuration file in a test, the debug log showed > following lines in beginning of PEAP initialization: > > EAP: initialize selected EAP method (25, PEAP) > EAP-PEAP: Forced PEAP version 1 > EAP-PEAP: Force new label for key derivation > EAP-PEAP: Unsupported Phase2 method 'MSCHAPv2' > EAP-PEAP: Phase2 EAP types - hexdump(len=8): 04 1a 06 05 12 11 ff 17 > TLS: Include TLS Message Length in unfragmented packets > EAP: EAP entering state METHOD > > > In other words, include_tls_length option was noticed (and TLS Length > was indeed added to messages) and so was a typo in the EAP method name > (it should be MSCHAPV2). From emmendes at cpdee.ufmg.br Mon Feb 14 10:58:43 2005 From: emmendes at cpdee.ufmg.br (Eduardo Mendes) Date: Mon, 14 Feb 2005 13:58:43 -0200 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <42107E40.9050209@ericsson.com> References: <200502111508.34449.emmendes@cpdee.ufmg.br> <42107E40.9050209@ericsson.com> Message-ID: <200502141358.43917.emmendes@cpdee.ufmg.br> Hi ya Many thanks. I am not sure what to do. How can I be sure that wpa_client has succesfully authenticated? When I try dhclient atho, the system returns NO DCHPOFFERS received. No working leases in persistent data base sleeping. What funny is that etho can get the ip address from the same dhcp server without a problem. Any ideas? Many thanks Ed On Monday 14 February 2005 08:32 am, Jonathan Buschmann wrote: > Hi, > Be sure first that wpa_client has succesfully authenticated. > Try dhclient without the -1. > BTW, is your dhcp server on the same subnetwork as your client? > jonathan > > Eduardo Mendes waxed wise and spake thus on 02/11/2005 06:08 PM: > >Hello > > > >Thanks. I have tried dhclient -1 ath0 but the message was: > > > >Unable to obtain a lease on the first time. > > > > > >Is there anything else that I can try? > > > >Many thanks > > > >Ed > >. > > > >On Friday 11 February 2005 12:05 pm, Jonathan Buschmann wrote: > >>I don't know what Mandrake uses for a dhcp client (fedora uses > >>dhclient), but maybe you need to run it (again) after starting > >>wpa_supplicant. > >>jonathan > >> > >>Eduardo Mendes waxed wise and spake thus on 02/11/2005 11:23 AM: > >>>On Thursday 10 February 2005 05:04 pm, Michael Reilly wrote: > >>>>Eduardo Mendes wrote: > >>>>>Hello > >>>>> > >>>>>Many thanks but unfortunately it didn't work. The two lights are > >>> > >>>blinking > >>> > >>>>>together but ifconfig shows that no valid ip was assigned to ath0. > >>>> > >>>>My lights both blink together for a second and then they stop > > > >blinking > > > >>>>together with madwifi. A few seconds later they blink together > > > >again > > > >>>and > >>> > >>>>then stop again. Are they blinking together continuously for you? > >>> > >>>In my case the lights blink together in equal time intervals. It > > > >seems > > > >>>that > >>>the card is somehow connected to the router but it can't get a valid > > > >ip > > > >>>address. I don't know what I am doing wrong. > >>> > >>>Here is the output of iwconfig and ifconfig after issuing the > > > >commands: > >>>ifconfig ath0, iwconfig ath0 channel 1, wpa_supplicant > >>>-c/etc/wpa_supplicant.conf -Dmadwifi -iath0 -d > >>> > >>>ath0 IEEE 802.11g ESSID:"eacghome.airlink" > >>> Mode:Managed Frequency:2.412GHz Access Point: > >>>00:E0:98:4F:D8:B2 > >>> Bit Rate:36Mb/s Tx-Power:50 dBm Sensitivity=0/3 > >>> Retry:off RTS thr:off Fragment thr:off > >>> Encryption key:DF6D-E315-877A-4A16-22FD-239D-A8A8-0B6F > >>>Security > >>>mode:restricted > >>> Power Management:off > >>> Link Quality:49/94 Signal level:-46 dBm Noise level:-95 > > > >dBm > > > >>> Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 > >>> Tx excessive retries:0 Invalid misc:0 Missed beacon:0 > >>> > >>> > >>> > >>>ath0 Link encap:Ethernet HWaddr 00:09:5B:C4:1A:E2 > >>> inet6 addr: fe80::209:5bff:fec4:1ae2/64 Scope:Link > >>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > >>> RX packets:25 errors:19 dropped:0 overruns:0 frame:19 > >>> TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > >>> collisions:0 txqueuelen:199 > >>> RX bytes:2418 (2.3 Kb) TX bytes:1194 (1.1 Kb) > >>> Interrupt:9 Memory:d0a4a000-d0a5a000 > >>> > >>>Any hints? > >>> > >>>Cheers > >>> > >>>Ed > >>> > >>> > >>> > >>>_______________________________________________ > >>>HostAP mailing list > >>>HostAP at shmoo.com > >>>http://lists.shmoo.com/mailman/listinfo/hostap -- Dr. Eduardo Mazoni A. M. Mendes Departamento de Engenharia Eletr?nica Universidade Federal de Minas Gerais Av. Ant?nio Carlos, 6627, Pampulha 31270-901, Belo Horizonte - MG - Brazil mailto: emmendes at cpdee.ufmg.br Tel: +55 (31)3499-4862 FAX: +55 (31)3499-4850 **************************************************** From gbaker at cs.mun.ca Mon Feb 14 11:01:27 2005 From: gbaker at cs.mun.ca (Greg Baker) Date: Mon, 14 Feb 2005 12:31:27 -0330 Subject: Mandrake 10.1 + Netprofile Message-ID: <200502141231.27670.gbaker@cs.mun.ca> I'm just wondering if anyone has had any luck with getting wpa_supplicant to automatically do its thing when using netprofile on mandrake 10.1.. I made an init.d script to start wpa_supplicant, but it doesn't work right because of the way set-netprofile restarts the network. It first stops all required daemons, then issues a network restart, then starts the daemons. Doing it this way causes dhcp to fail when my wireless card comes up. Thanks, Greg From gbaker at cs.mun.ca Mon Feb 14 11:04:16 2005 From: gbaker at cs.mun.ca (Greg Baker) Date: Mon, 14 Feb 2005 12:34:16 -0330 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <200502141358.43917.emmendes@cpdee.ufmg.br> References: <200502111508.34449.emmendes@cpdee.ufmg.br> <42107E40.9050209@ericsson.com> <200502141358.43917.emmendes@cpdee.ufmg.br> Message-ID: <200502141234.17073.gbaker@cs.mun.ca> You can check that it authenticated fine by running "wpa_cli status".. It will give you some info. I could also not get "dhclient ath0" to work, instead I gave it the following command: /sbin/dhclient \ -1 -q -lf /var/lib/dhcp/dhclient-ath0.leases \ -pf /var/run/dhclient-ath0.pid -cf /etc/dhcli ath0 which made it come up. Maybe that will work for you. Greg On February 14, 2005 12:28 pm, Eduardo Mendes wrote: > Hi ya > > Many thanks. > > I am not sure what to do. > > How can I be sure that wpa_client has succesfully authenticated? > > When I try dhclient atho, the system returns > > NO DCHPOFFERS received. > No working leases in persistent data base sleeping. > > What funny is that etho can get the ip address from the same dhcp server > without a problem. > > Any ideas? > > Many thanks > > Ed > > On Monday 14 February 2005 08:32 am, Jonathan Buschmann wrote: > > Hi, > > Be sure first that wpa_client has succesfully authenticated. > > Try dhclient without the -1. > > BTW, is your dhcp server on the same subnetwork as your client? > > jonathan > > > > Eduardo Mendes waxed wise and spake thus on 02/11/2005 06:08 PM: > > >Hello > > > > > >Thanks. I have tried dhclient -1 ath0 but the message was: > > > > > >Unable to obtain a lease on the first time. > > > > > > > > >Is there anything else that I can try? > > > > > >Many thanks > > > > > >Ed > > >. > > > > > >On Friday 11 February 2005 12:05 pm, Jonathan Buschmann wrote: > > >>I don't know what Mandrake uses for a dhcp client (fedora uses > > >>dhclient), but maybe you need to run it (again) after starting > > >>wpa_supplicant. > > >>jonathan > > >> > > >>Eduardo Mendes waxed wise and spake thus on 02/11/2005 11:23 AM: > > >>>On Thursday 10 February 2005 05:04 pm, Michael Reilly wrote: > > >>>>Eduardo Mendes wrote: > > >>>>>Hello > > >>>>> > > >>>>>Many thanks but unfortunately it didn't work. The two lights are > > >>> > > >>>blinking > > >>> > > >>>>>together but ifconfig shows that no valid ip was assigned to ath0. > > >>>> > > >>>>My lights both blink together for a second and then they stop > > > > > >blinking > > > > > >>>>together with madwifi. A few seconds later they blink together > > > > > >again > > > > > >>>and > > >>> > > >>>>then stop again. Are they blinking together continuously for you? > > >>> > > >>>In my case the lights blink together in equal time intervals. It > > > > > >seems > > > > > >>>that > > >>>the card is somehow connected to the router but it can't get a valid > > > > > >ip > > > > > >>>address. I don't know what I am doing wrong. > > >>> > > >>>Here is the output of iwconfig and ifconfig after issuing the > > > > > >commands: > > >>>ifconfig ath0, iwconfig ath0 channel 1, wpa_supplicant > > >>>-c/etc/wpa_supplicant.conf -Dmadwifi -iath0 -d > > >>> > > >>>ath0 IEEE 802.11g ESSID:"eacghome.airlink" > > >>> Mode:Managed Frequency:2.412GHz Access Point: > > >>>00:E0:98:4F:D8:B2 > > >>> Bit Rate:36Mb/s Tx-Power:50 dBm Sensitivity=0/3 > > >>> Retry:off RTS thr:off Fragment thr:off > > >>> Encryption key:DF6D-E315-877A-4A16-22FD-239D-A8A8-0B6F > > >>>Security > > >>>mode:restricted > > >>> Power Management:off > > >>> Link Quality:49/94 Signal level:-46 dBm Noise level:-95 > > > > > >dBm > > > > > >>> Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 > > >>> Tx excessive retries:0 Invalid misc:0 Missed beacon:0 > > >>> > > >>> > > >>> > > >>>ath0 Link encap:Ethernet HWaddr 00:09:5B:C4:1A:E2 > > >>> inet6 addr: fe80::209:5bff:fec4:1ae2/64 Scope:Link > > >>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > >>> RX packets:25 errors:19 dropped:0 overruns:0 frame:19 > > >>> TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > > >>> collisions:0 txqueuelen:199 > > >>> RX bytes:2418 (2.3 Kb) TX bytes:1194 (1.1 Kb) > > >>> Interrupt:9 Memory:d0a4a000-d0a5a000 > > >>> > > >>>Any hints? > > >>> > > >>>Cheers > > >>> > > >>>Ed > > >>> > > >>> > > >>> > > >>>_______________________________________________ > > >>>HostAP mailing list > > >>>HostAP at shmoo.com > > >>>http://lists.shmoo.com/mailman/listinfo/hostap From geek at suid0.com Mon Feb 14 11:17:37 2005 From: geek at suid0.com (geek at suid0.com) Date: Mon, 14 Feb 2005 08:17:37 -0800 (PST) Subject: Mandrake 10.1 + Netprofile In-Reply-To: <200502141231.27670.gbaker@cs.mun.ca> Message-ID: I just figured out my own recipe to get wpa_supplicant to work with mandrake 10.0 (with ipw2200, no less!) I did resort to a start up script to get it to work and did some careful crafting to make sure that the drivers loaded just before the wpa_supplicant (in the same start up script.... too many problems still with the firmware for ipw2200 not loading via the booting of the kernel because hotplug isn't setup yet). brian On Mon, 14 Feb 2005, Greg Baker wrote: > I'm just wondering if anyone has had any luck with getting wpa_supplicant to > automatically do its thing when using netprofile on mandrake 10.1.. > > I made an init.d script to start wpa_supplicant, but it doesn't work right > because of the way set-netprofile restarts the network. It first stops all > required daemons, then issues a network restart, then starts the daemons. > Doing it this way causes dhcp to fail when my wireless card comes up. > > Thanks, > Greg > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > > From Jonathan.Buschmann at ericsson.com Mon Feb 14 11:21:58 2005 From: Jonathan.Buschmann at ericsson.com (Jonathan Buschmann) Date: Mon, 14 Feb 2005 17:21:58 +0100 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <200502141358.43917.emmendes@cpdee.ufmg.br> References: <200502141358.43917.emmendes@cpdee.ufmg.br> Message-ID: <4210D026.9020202@ericsson.com> Eduardo Mendes waxed wise and spake thus on 02/14/2005 04:58 PM: >Hi ya > >Many thanks. > >I am not sure what to do. > >How can I be sure that wpa_client has succesfully authenticated? > > Run it in the foreground with degugging on, and you'll see a success message (or not) >When I try dhclient atho, the system returns > >NO DCHPOFFERS received. >No working leases in persistent data base sleeping. > >What funny is that etho can get the ip address from the same dhcp server > >without a problem. > > Is the dhcp server directly connected to the wlan? If so is it authenticated and connected properly? If not, how is it connected? OTOH you said in a previous post that under windoze it works, so the other parts of your net should be ok. >Any ideas? > > If your system uses ifup when it boots, you may want to see if there is a dhclient on ath0 running already in the background. If so try killing it first, do an ifconfig ath0 down, then ifconfig ath0 up, and then wpa_supplicant, dhclient ath0. >Many thanks > >Ed > > > >On Monday 14 February 2005 08:32 am, Jonathan Buschmann wrote: > > >>Hi, >>Be sure first that wpa_client has succesfully authenticated. >>Try dhclient without the -1. >>BTW, is your dhcp server on the same subnetwork as your client? >>jonathan >> >>Eduardo Mendes waxed wise and spake thus on 02/11/2005 06:08 PM: >> >> >>>Hello >>> >>>Thanks. I have tried dhclient -1 ath0 but the message was: >>> >>>Unable to obtain a lease on the first time. >>> >>> >>>Is there anything else that I can try? >>> >>>Many thanks >>> >>>Ed >>>. >>> >>>On Friday 11 February 2005 12:05 pm, Jonathan Buschmann wrote: >>> >>> >>>>I don't know what Mandrake uses for a dhcp client (fedora uses >>>>dhclient), but maybe you need to run it (again) after starting >>>>wpa_supplicant. >>>>jonathan >>>> >>>>Eduardo Mendes waxed wise and spake thus on 02/11/2005 11:23 AM: >>>> >>>> >>>>>On Thursday 10 February 2005 05:04 pm, Michael Reilly wrote: >>>>> >>>>> >>>>>>Eduardo Mendes wrote: >>>>>> >>>>>> >>>>>>>Hello >>>>>>> >>>>>>>Many thanks but unfortunately it didn't work. The two lights are >>>>>>> >>>>>>> >>>>>blinking >>>>> >>>>> >>>>> >>>>>>>together but ifconfig shows that no valid ip was assigned to >>>>>>> >>>>>>> >ath0. > > >>>>>>My lights both blink together for a second and then they stop >>>>>> >>>>>> >>>blinking >>> >>> >>> >>>>>>together with madwifi. A few seconds later they blink together >>>>>> >>>>>> >>>again >>> >>> >>> >>>>>and >>>>> >>>>> >>>>> >>>>>>then stop again. Are they blinking together continuously for you? >>>>>> >>>>>> >>>>>In my case the lights blink together in equal time intervals. It >>>>> >>>>> >>>seems >>> >>> >>> >>>>>that >>>>>the card is somehow connected to the router but it can't get a >>>>> >>>>> >valid > > >>>ip >>> >>> >>> >>>>>address. I don't know what I am doing wrong. >>>>> >>>>>Here is the output of iwconfig and ifconfig after issuing the >>>>> >>>>> >>>commands: >>> >>> >>>>>ifconfig ath0, iwconfig ath0 channel 1, wpa_supplicant >>>>>-c/etc/wpa_supplicant.conf -Dmadwifi -iath0 -d >>>>> >>>>>ath0 IEEE 802.11g ESSID:"eacghome.airlink" >>>>> Mode:Managed Frequency:2.412GHz Access Point: >>>>>00:E0:98:4F:D8:B2 >>>>> Bit Rate:36Mb/s Tx-Power:50 dBm Sensitivity=0/3 >>>>> Retry:off RTS thr:off Fragment thr:off >>>>> Encryption key:DF6D-E315-877A-4A16-22FD-239D-A8A8-0B6F >>>>>Security >>>>>mode:restricted >>>>> Power Management:off >>>>> Link Quality:49/94 Signal level:-46 dBm Noise level:-95 >>>>> >>>>> >>>dBm >>> >>> >>> >>>>> Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 >>>>> Tx excessive retries:0 Invalid misc:0 Missed beacon:0 >>>>> >>>>> >>>>> >>>>>ath0 Link encap:Ethernet HWaddr 00:09:5B:C4:1A:E2 >>>>> inet6 addr: fe80::209:5bff:fec4:1ae2/64 Scope:Link >>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>>>> RX packets:25 errors:19 dropped:0 overruns:0 frame:19 >>>>> TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 >>>>> collisions:0 txqueuelen:199 >>>>> RX bytes:2418 (2.3 Kb) TX bytes:1194 (1.1 Kb) >>>>> Interrupt:9 Memory:d0a4a000-d0a5a000 >>>>> >>>>>Any hints? >>>>> >>>>>Cheers >>>>> >>>>>Ed >>>>> >>>>> >>>>> >>>>>_______________________________________________ >>>>>HostAP mailing list >>>>>HostAP at shmoo.com >>>>>http://lists.shmoo.com/mailman/listinfo/hostap >>>>> >>>>> From emmendes at cpdee.ufmg.br Mon Feb 14 11:30:56 2005 From: emmendes at cpdee.ufmg.br (Eduardo Mendes) Date: Mon, 14 Feb 2005 14:30:56 -0200 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <200502141234.17073.gbaker@cs.mun.ca> References: <200502111508.34449.emmendes@cpdee.ufmg.br> <200502141358.43917.emmendes@cpdee.ufmg.br> <200502141234.17073.gbaker@cs.mun.ca> Message-ID: <200502141430.56513.emmendes@cpdee.ufmg.br> h On Monday 14 February 2005 02:04 pm, Greg Baker wrote: > You can check that it authenticated fine by running "wpa_cli status".. It > will give you some info. It returned an error: Failed to connect to wpa_supplicant - wpa_ctrtl_open: no such file or directory > > I could also not get "dhclient ath0" to work, instead I gave it the > following command: > > /sbin/dhclient \ > -1 -q -lf /var/lib/dhcp/dhclient-ath0.leases \ > -pf /var/run/dhclient-ath0.pid -cf /etc/dhcli ath0 > > which made it come up. Maybe that will work for you. > It didnt'work! Many thanks Ed > Greg > > On February 14, 2005 12:28 pm, Eduardo Mendes wrote: > > Hi ya > > > > Many thanks. > > > > I am not sure what to do. > > > > How can I be sure that wpa_client has succesfully authenticated? > > > > When I try dhclient atho, the system returns > > > > NO DCHPOFFERS received. > > No working leases in persistent data base sleeping. > > > > What funny is that etho can get the ip address from the same dhcp server > > without a problem. > > > > Any ideas? > > > > Many thanks > > > > Ed > > > > On Monday 14 February 2005 08:32 am, Jonathan Buschmann wrote: > > > Hi, > > > Be sure first that wpa_client has succesfully authenticated. > > > Try dhclient without the -1. > > > BTW, is your dhcp server on the same subnetwork as your client? > > > jonathan > > > > > > Eduardo Mendes waxed wise and spake thus on 02/11/2005 06:08 PM: > > > >Hello > > > > > > > >Thanks. I have tried dhclient -1 ath0 but the message was: > > > > > > > >Unable to obtain a lease on the first time. > > > > > > > > > > > >Is there anything else that I can try? > > > > > > > >Many thanks > > > > > > > >Ed > > > >. > > > > > > > >On Friday 11 February 2005 12:05 pm, Jonathan Buschmann wrote: > > > >>I don't know what Mandrake uses for a dhcp client (fedora uses > > > >>dhclient), but maybe you need to run it (again) after starting > > > >>wpa_supplicant. > > > >>jonathan > > > >> > > > >>Eduardo Mendes waxed wise and spake thus on 02/11/2005 11:23 AM: > > > >>>On Thursday 10 February 2005 05:04 pm, Michael Reilly wrote: > > > >>>>Eduardo Mendes wrote: > > > >>>>>Hello > > > >>>>> > > > >>>>>Many thanks but unfortunately it didn't work. The two lights are > > > >>> > > > >>>blinking > > > >>> > > > >>>>>together but ifconfig shows that no valid ip was assigned to ath0. > > > >>>> > > > >>>>My lights both blink together for a second and then they stop > > > > > > > >blinking > > > > > > > >>>>together with madwifi. A few seconds later they blink together > > > > > > > >again > > > > > > > >>>and > > > >>> > > > >>>>then stop again. Are they blinking together continuously for you? > > > >>> > > > >>>In my case the lights blink together in equal time intervals. It > > > > > > > >seems > > > > > > > >>>that > > > >>>the card is somehow connected to the router but it can't get a valid > > > > > > > >ip > > > > > > > >>>address. I don't know what I am doing wrong. > > > >>> > > > >>>Here is the output of iwconfig and ifconfig after issuing the > > > > > > > >commands: > > > >>>ifconfig ath0, iwconfig ath0 channel 1, wpa_supplicant > > > >>>-c/etc/wpa_supplicant.conf -Dmadwifi -iath0 -d > > > >>> > > > >>>ath0 IEEE 802.11g ESSID:"eacghome.airlink" > > > >>> Mode:Managed Frequency:2.412GHz Access Point: > > > >>>00:E0:98:4F:D8:B2 > > > >>> Bit Rate:36Mb/s Tx-Power:50 dBm Sensitivity=0/3 > > > >>> Retry:off RTS thr:off Fragment thr:off > > > >>> Encryption key:DF6D-E315-877A-4A16-22FD-239D-A8A8-0B6F > > > >>>Security > > > >>>mode:restricted > > > >>> Power Management:off > > > >>> Link Quality:49/94 Signal level:-46 dBm Noise level:-95 > > > > > > > >dBm > > > > > > > >>> Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 > > > >>> Tx excessive retries:0 Invalid misc:0 Missed beacon:0 > > > >>> > > > >>> > > > >>> > > > >>>ath0 Link encap:Ethernet HWaddr 00:09:5B:C4:1A:E2 > > > >>> inet6 addr: fe80::209:5bff:fec4:1ae2/64 Scope:Link > > > >>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > >>> RX packets:25 errors:19 dropped:0 overruns:0 frame:19 > > > >>> TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > > > >>> collisions:0 txqueuelen:199 > > > >>> RX bytes:2418 (2.3 Kb) TX bytes:1194 (1.1 Kb) > > > >>> Interrupt:9 Memory:d0a4a000-d0a5a000 > > > >>> > > > >>>Any hints? > > > >>> > > > >>>Cheers > > > >>> > > > >>>Ed > > > >>> > > > >>> > > > >>> > > > >>>_______________________________________________ > > > >>>HostAP mailing list > > > >>>HostAP at shmoo.com > > > >>>http://lists.shmoo.com/mailman/listinfo/hostap > > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap -- Dr. Eduardo Mazoni A. M. Mendes Departamento de Engenharia Eletr?nica Universidade Federal de Minas Gerais Av. Ant?nio Carlos, 6627, Pampulha 31270-901, Belo Horizonte - MG - Brazil mailto: emmendes at cpdee.ufmg.br Tel: +55 (31)3499-4862 FAX: +55 (31)3499-4850 **************************************************** From gbaker at cs.mun.ca Mon Feb 14 11:36:53 2005 From: gbaker at cs.mun.ca (Greg Baker) Date: Mon, 14 Feb 2005 16:36:53 +0000 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <200502141430.56513.emmendes@cpdee.ufmg.br> References: <200502111508.34449.emmendes@cpdee.ufmg.br> <200502141234.17073.gbaker@cs.mun.ca> <200502141430.56513.emmendes@cpdee.ufmg.br> Message-ID: <200502141636.53990.gbaker@cs.mun.ca> It may not be configured or compiled to use the ctrl interface.. Do a "ps ax" and see that wpa_supplicant is running, if it is and you still get that error you can recompile with ctrl_interface support. Greg On February 14, 2005 04:30 pm, Eduardo Mendes wrote: > h > > On Monday 14 February 2005 02:04 pm, Greg Baker wrote: > > You can check that it authenticated fine by running "wpa_cli status".. > > It will give you some info. > > It returned an error: > > Failed to connect to wpa_supplicant - wpa_ctrtl_open: no such file or > directory > > > I could also not get "dhclient ath0" to work, instead I gave it the > > following command: > > > > /sbin/dhclient \ > > -1 -q -lf /var/lib/dhcp/dhclient-ath0.leases \ > > -pf /var/run/dhclient-ath0.pid -cf /etc/dhcli ath0 > > > > which made it come up. Maybe that will work for you. > > It didnt'work! > > > Many thanks > > Ed > > > Greg > > > > On February 14, 2005 12:28 pm, Eduardo Mendes wrote: > > > Hi ya > > > > > > Many thanks. > > > > > > I am not sure what to do. > > > > > > How can I be sure that wpa_client has succesfully authenticated? > > > > > > When I try dhclient atho, the system returns > > > > > > NO DCHPOFFERS received. > > > No working leases in persistent data base sleeping. > > > > > > What funny is that etho can get the ip address from the same dhcp > > > server without a problem. > > > > > > Any ideas? > > > > > > Many thanks > > > > > > Ed > > > > > > On Monday 14 February 2005 08:32 am, Jonathan Buschmann wrote: > > > > Hi, > > > > Be sure first that wpa_client has succesfully authenticated. > > > > Try dhclient without the -1. > > > > BTW, is your dhcp server on the same subnetwork as your client? > > > > jonathan > > > > > > > > Eduardo Mendes waxed wise and spake thus on 02/11/2005 06:08 PM: > > > > >Hello > > > > > > > > > >Thanks. I have tried dhclient -1 ath0 but the message was: > > > > > > > > > >Unable to obtain a lease on the first time. > > > > > > > > > > > > > > >Is there anything else that I can try? > > > > > > > > > >Many thanks > > > > > > > > > >Ed > > > > >. > > > > > > > > > >On Friday 11 February 2005 12:05 pm, Jonathan Buschmann wrote: > > > > >>I don't know what Mandrake uses for a dhcp client (fedora uses > > > > >>dhclient), but maybe you need to run it (again) after starting > > > > >>wpa_supplicant. > > > > >>jonathan > > > > >> > > > > >>Eduardo Mendes waxed wise and spake thus on 02/11/2005 11:23 AM: > > > > >>>On Thursday 10 February 2005 05:04 pm, Michael Reilly wrote: > > > > >>>>Eduardo Mendes wrote: > > > > >>>>>Hello > > > > >>>>> > > > > >>>>>Many thanks but unfortunately it didn't work. The two lights are > > > > >>> > > > > >>>blinking > > > > >>> > > > > >>>>>together but ifconfig shows that no valid ip was assigned to > > > > >>>>> ath0. > > > > >>>> > > > > >>>>My lights both blink together for a second and then they stop > > > > > > > > > >blinking > > > > > > > > > >>>>together with madwifi. A few seconds later they blink together > > > > > > > > > >again > > > > > > > > > >>>and > > > > >>> > > > > >>>>then stop again. Are they blinking together continuously for > > > > >>>> you? > > > > >>> > > > > >>>In my case the lights blink together in equal time intervals. It > > > > > > > > > >seems > > > > > > > > > >>>that > > > > >>>the card is somehow connected to the router but it can't get a > > > > >>> valid > > > > > > > > > >ip > > > > > > > > > >>>address. I don't know what I am doing wrong. > > > > >>> > > > > >>>Here is the output of iwconfig and ifconfig after issuing the > > > > > > > > > >commands: > > > > >>>ifconfig ath0, iwconfig ath0 channel 1, wpa_supplicant > > > > >>>-c/etc/wpa_supplicant.conf -Dmadwifi -iath0 -d > > > > >>> > > > > >>>ath0 IEEE 802.11g ESSID:"eacghome.airlink" > > > > >>> Mode:Managed Frequency:2.412GHz Access Point: > > > > >>>00:E0:98:4F:D8:B2 > > > > >>> Bit Rate:36Mb/s Tx-Power:50 dBm Sensitivity=0/3 > > > > >>> Retry:off RTS thr:off Fragment thr:off > > > > >>> Encryption key:DF6D-E315-877A-4A16-22FD-239D-A8A8-0B6F > > > > >>>Security > > > > >>>mode:restricted > > > > >>> Power Management:off > > > > >>> Link Quality:49/94 Signal level:-46 dBm Noise level:-95 > > > > > > > > > >dBm > > > > > > > > > >>> Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 > > > > >>> Tx excessive retries:0 Invalid misc:0 Missed beacon:0 > > > > >>> > > > > >>> > > > > >>> > > > > >>>ath0 Link encap:Ethernet HWaddr 00:09:5B:C4:1A:E2 > > > > >>> inet6 addr: fe80::209:5bff:fec4:1ae2/64 Scope:Link > > > > >>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > > >>> RX packets:25 errors:19 dropped:0 overruns:0 frame:19 > > > > >>> TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > > > > >>> collisions:0 txqueuelen:199 > > > > >>> RX bytes:2418 (2.3 Kb) TX bytes:1194 (1.1 Kb) > > > > >>> Interrupt:9 Memory:d0a4a000-d0a5a000 > > > > >>> > > > > >>>Any hints? > > > > >>> > > > > >>>Cheers > > > > >>> > > > > >>>Ed > > > > >>> > > > > >>> > > > > >>> > > > > >>>_______________________________________________ > > > > >>>HostAP mailing list > > > > >>>HostAP at shmoo.com > > > > >>>http://lists.shmoo.com/mailman/listinfo/hostap > > > > _______________________________________________ > > HostAP mailing list > > HostAP at shmoo.com > > http://lists.shmoo.com/mailman/listinfo/hostap From emmendes at cpdee.ufmg.br Mon Feb 14 11:42:25 2005 From: emmendes at cpdee.ufmg.br (Eduardo Mendes) Date: Mon, 14 Feb 2005 14:42:25 -0200 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <4210D026.9020202@ericsson.com> References: <200502141358.43917.emmendes@cpdee.ufmg.br> <4210D026.9020202@ericsson.com> Message-ID: <200502141442.25229.emmendes@cpdee.ufmg.br> > Run it in the foreground with degugging on, and you'll see a success > message (or not) There are so many messages that I am not sure what is the success message. > > >When I try dhclient atho, the system returns > > > >NO DCHPOFFERS received. > >No working leases in persistent data base sleeping. > > > >What funny is that etho can get the ip address from the same dhcp server > > > >without a problem. > > Is the dhcp server directly connected to the wlan? If so is it > authenticated and connected properly? If not, how is it connected? OTOH > you said in a previous post that under windoze it works, so the other > parts of your net should be ok. No it is not but all computers wired to it the router receive an ip address and can see the web. As I said, windows has no prblem to get an ip. > > >Any ideas? > > If your system uses ifup when it boots, you may want to see if there is > a dhclient on ath0 running already in the background. If so try killing > it first, do an ifconfig ath0 down, then ifconfig ath0 up, and then > wpa_supplicant, dhclient ath0. No success. Here is the ifcfg-atho STARTMODE=hotplug DEVICE=ath0 BOOTPROTO=dhcp NETMASK=255.255.255.0 ONBOOT=no WIRELESS=yes MII_NOT_SUPPORTED=no WIRELESS_MODE=Managed WIRELESS_ESSID=eacghome.airlink From emmendes at cpdee.ufmg.br Mon Feb 14 12:20:05 2005 From: emmendes at cpdee.ufmg.br (Eduardo Mendes) Date: Mon, 14 Feb 2005 15:20:05 -0200 Subject: Problems with WPA-PSK and madwifi driver In-Reply-To: <200502141636.53990.gbaker@cs.mun.ca> References: <200502111508.34449.emmendes@cpdee.ufmg.br> <200502141430.56513.emmendes@cpdee.ufmg.br> <200502141636.53990.gbaker@cs.mun.ca> Message-ID: <200502141520.05321.emmendes@cpdee.ufmg.br> Hello I checked the config file and as far as I know CONFIG_CTRL_IFACE=y Any other suggestion? Many thanks Ed On Monday 14 February 2005 02:36 pm, Greg Baker wrote: > It may not be configured or compiled to use the ctrl interface.. > > Do a "ps ax" and see that wpa_supplicant is running, if it is and you still > get that error you can recompile with ctrl_interface support. > > Greg > > On February 14, 2005 04:30 pm, Eduardo Mendes wrote: > > h > > > > On Monday 14 February 2005 02:04 pm, Greg Baker wrote: > > > You can check that it authenticated fine by running "wpa_cli status".. > > > It will give you some info. > > > > It returned an error: > > > > Failed to connect to wpa_supplicant - wpa_ctrtl_open: no such file or > > directory > > > > > I could also not get "dhclient ath0" to work, instead I gave it the > > > following command: > > > > > > /sbin/dhclient \ > > > -1 -q -lf /var/lib/dhcp/dhclient-ath0.leases \ > > > -pf /var/run/dhclient-ath0.pid -cf /etc/dhcli ath0 > > > > > > which made it come up. Maybe that will work for you. > > > > It didnt'work! > > > > > > Many thanks > > > > Ed > > > > > Greg > > > > > > On February 14, 2005 12:28 pm, Eduardo Mendes wrote: > > > > Hi ya > > > > > > > > Many thanks. > > > > > > > > I am not sure what to do. > > > > > > > > How can I be sure that wpa_client has succesfully authenticated? > > > > > > > > When I try dhclient atho, the system returns > > > > > > > > NO DCHPOFFERS received. > > > > No working leases in persistent data base sleeping. > > > > > > > > What funny is that etho can get the ip address from the same dhcp > > > > server without a problem. > > > > > > > > Any ideas? > > > > > > > > Many thanks > > > > > > > > Ed > > > > > > > > On Monday 14 February 2005 08:32 am, Jonathan Buschmann wrote: > > > > > Hi, > > > > > Be sure first that wpa_client has succesfully authenticated. > > > > > Try dhclient without the -1. > > > > > BTW, is your dhcp server on the same subnetwork as your client? > > > > > jonathan > > > > > > > > > > Eduardo Mendes waxed wise and spake thus on 02/11/2005 06:08 PM: > > > > > >Hello > > > > > > > > > > > >Thanks. I have tried dhclient -1 ath0 but the message was: > > > > > > > > > > > >Unable to obtain a lease on the first time. > > > > > > > > > > > > > > > > > >Is there anything else that I can try? > > > > > > > > > > > >Many thanks > > > > > > > > > > > >Ed > > > > > >. > > > > > > > > > > > >On Friday 11 February 2005 12:05 pm, Jonathan Buschmann wrote: > > > > > >>I don't know what Mandrake uses for a dhcp client (fedora uses > > > > > >>dhclient), but maybe you need to run it (again) after starting > > > > > >>wpa_supplicant. > > > > > >>jonathan > > > > > >> > > > > > >>Eduardo Mendes waxed wise and spake thus on 02/11/2005 11:23 AM: > > > > > >>>On Thursday 10 February 2005 05:04 pm, Michael Reilly wrote: > > > > > >>>>Eduardo Mendes wrote: > > > > > >>>>>Hello > > > > > >>>>> > > > > > >>>>>Many thanks but unfortunately it didn't work. The two lights > > > > > >>>>> are > > > > > >>> > > > > > >>>blinking > > > > > >>> > > > > > >>>>>together but ifconfig shows that no valid ip was assigned to > > > > > >>>>> ath0. > > > > > >>>> > > > > > >>>>My lights both blink together for a second and then they stop > > > > > > > > > > > >blinking > > > > > > > > > > > >>>>together with madwifi. A few seconds later they blink together > > > > > > > > > > > >again > > > > > > > > > > > >>>and > > > > > >>> > > > > > >>>>then stop again. Are they blinking together continuously for > > > > > >>>> you? > > > > > >>> > > > > > >>>In my case the lights blink together in equal time intervals. > > > > > >>> It > > > > > > > > > > > >seems > > > > > > > > > > > >>>that > > > > > >>>the card is somehow connected to the router but it can't get a > > > > > >>> valid > > > > > > > > > > > >ip > > > > > > > > > > > >>>address. I don't know what I am doing wrong. > > > > > >>> > > > > > >>>Here is the output of iwconfig and ifconfig after issuing the > > > > > > > > > > > >commands: > > > > > >>>ifconfig ath0, iwconfig ath0 channel 1, wpa_supplicant > > > > > >>>-c/etc/wpa_supplicant.conf -Dmadwifi -iath0 -d > > > > > >>> > > > > > >>>ath0 IEEE 802.11g ESSID:"eacghome.airlink" > > > > > >>> Mode:Managed Frequency:2.412GHz Access Point: > > > > > >>>00:E0:98:4F:D8:B2 > > > > > >>> Bit Rate:36Mb/s Tx-Power:50 dBm Sensitivity=0/3 > > > > > >>> Retry:off RTS thr:off Fragment thr:off > > > > > >>> Encryption key:DF6D-E315-877A-4A16-22FD-239D-A8A8-0B6F > > > > > >>>Security > > > > > >>>mode:restricted > > > > > >>> Power Management:off > > > > > >>> Link Quality:49/94 Signal level:-46 dBm Noise > > > > > >>> level:-95 > > > > > > > > > > > >dBm > > > > > > > > > > > >>> Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid > > > > > >>> frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 > > > > > >>> > > > > > >>> > > > > > >>> > > > > > >>>ath0 Link encap:Ethernet HWaddr 00:09:5B:C4:1A:E2 > > > > > >>> inet6 addr: fe80::209:5bff:fec4:1ae2/64 Scope:Link > > > > > >>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > > > >>> RX packets:25 errors:19 dropped:0 overruns:0 frame:19 > > > > > >>> TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > > > > > >>> collisions:0 txqueuelen:199 > > > > > >>> RX bytes:2418 (2.3 Kb) TX bytes:1194 (1.1 Kb) > > > > > >>> Interrupt:9 Memory:d0a4a000-d0a5a000 > > > > > >>> > > > > > >>>Any hints? > > > > > >>> > > > > > >>>Cheers > > > > > >>> > > > > > >>>Ed > > > > > >>> > > > > > >>> > > > > > >>> > > > > > >>>_______________________________________________ > > > > > >>>HostAP mailing list > > > > > >>>HostAP at shmoo.com > > > > > >>>http://lists.shmoo.com/mailman/listinfo/hostap > > > > > > _______________________________________________ > > > HostAP mailing list > > > HostAP at shmoo.com > > > http://lists.shmoo.com/mailman/listinfo/hostap > > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap -- Dr. Eduardo Mazoni A. M. Mendes Departamento de Engenharia Eletr?nica Universidade Federal de Minas Gerais Av. Ant?nio Carlos, 6627, Pampulha 31270-901, Belo Horizonte - MG - Brazil mailto: emmendes at cpdee.ufmg.br Tel: +55 (31)3499-4862 FAX: +55 (31)3499-4850 **************************************************** From gbaker at cs.mun.ca Mon Feb 14 15:45:09 2005 From: gbaker at cs.mun.ca (Greg Baker) Date: Mon, 14 Feb 2005 17:15:09 -0330 Subject: ...it works with madwifi, but not ipw2200? Message-ID: <200502141715.10002.gbaker@cs.mun.ca> Hey guys.. Just wondering if there's any weirdness with the ipw2200 drivers? After successfully setting up my own wireless using wpa_supplicant 0.3.8, I decided to try to set up my friend's... The APs that we use here do not broadcast the SSID, and I think that may be where the problem is coming from. His keeps saying "No suitable APs found". I can do an "iwlist eth1 scan" and see the APs, but their SSIDs are showing as hidden. Any comments? Does this card fully support WPA+TKIP? Here's our config file: ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel eapol_version=1 ap_scan=1 fast_reauth=1 network={ ssid="stu" scan_ssid=1 key_mgmt=WPA-EAP eap=PEAP pairwise=TKIP group=TKIP identity="gbaker" password="...." phase1="include_tls_length=1 peapver=0" phase2="auth=MSCHAPV2" } Also, one other thing, whenever I get an IP from DHCP, it messes up my hostname. Does anyone know the switch to dhclient that will let me keep my own hostname? Thanks, Greg From imcdnzl at gmail.com Mon Feb 14 15:51:07 2005 From: imcdnzl at gmail.com (Ian McDonald) Date: Tue, 15 Feb 2005 09:51:07 +1300 Subject: ...it works with madwifi, but not ipw2200? In-Reply-To: <200502141715.10002.gbaker@cs.mun.ca> References: <200502141715.10002.gbaker@cs.mun.ca> Message-ID: If you go back through the list archive (see URL at the bottome) you will see there are issues with IPW2200 and WPA and some suggestions. Also issues with non-broadcast of SSIDs as well so you will have double fun!! On Mon, 14 Feb 2005 17:15:09 -0330, Greg Baker wrote: > Hey guys.. Just wondering if there's any weirdness with the ipw2200 drivers? > After successfully setting up my own wireless using wpa_supplicant 0.3.8, I > decided to try to set up my friend's... > > The APs that we use here do not broadcast the SSID, and I think that may be > where the problem is coming from. His keeps saying "No suitable APs found". > > I can do an "iwlist eth1 scan" and see the APs, but their SSIDs are showing as > hidden. Any comments? Does this card fully support WPA+TKIP? > > Here's our config file: > > ctrl_interface=/var/run/wpa_supplicant > ctrl_interface_group=wheel > eapol_version=1 > ap_scan=1 > fast_reauth=1 > network={ > ssid="stu" > scan_ssid=1 > key_mgmt=WPA-EAP > eap=PEAP > pairwise=TKIP > group=TKIP > identity="gbaker" > password="...." > phase1="include_tls_length=1 peapver=0" > phase2="auth=MSCHAPV2" > } > > Also, one other thing, whenever I get an IP from DHCP, it messes up my > hostname. Does anyone know the switch to dhclient that will let me keep my > own hostname? > > Thanks, > Greg > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > From geek at suid0.com Mon Feb 14 17:56:53 2005 From: geek at suid0.com (geek at suid0.com) Date: Mon, 14 Feb 2005 14:56:53 -0800 (PST) Subject: ...it works with madwifi, but not ipw2200? In-Reply-To: <200502141715.10002.gbaker@cs.mun.ca> Message-ID: I ran into the same problem. When I was debugging, I noticed that the feature to scan explitly for the SSID was not yet implemented. I had to turn the broadcast of the SSID on my AP and then all was well. On Mon, 14 Feb 2005, Greg Baker wrote: > Hey guys.. Just wondering if there's any weirdness with the ipw2200 drivers? > After successfully setting up my own wireless using wpa_supplicant 0.3.8, I > decided to try to set up my friend's... > > The APs that we use here do not broadcast the SSID, and I think that may be > where the problem is coming from. His keeps saying "No suitable APs found". > > I can do an "iwlist eth1 scan" and see the APs, but their SSIDs are showing as > hidden. Any comments? Does this card fully support WPA+TKIP? From michaelr at cisco.com Mon Feb 14 23:13:19 2005 From: michaelr at cisco.com (Michael Reilly) Date: Mon, 14 Feb 2005 20:13:19 -0800 Subject: can not connect to Cisco 1231 with WPA-PSK(wpa_supplicant 0.3.8 and madwifi) In-Reply-To: <32653c97050214023343209248@mail.gmail.com> References: <32653c97050214023343209248@mail.gmail.com> Message-ID: <421176DF.1010200@cisco.com> Looks like the problem I've been having for several months. wpa_supplicant + madwifi doesn't work for me with a Cisco AP in 802.11b or 802.11g mode. michael YenJung Chang wrote: > Hi, List, > > I can not connect to Cisco 1231 with WPA-PSK. > > Following is my configure file, wpa_supplicant.conf, and output message. > Any advice is appreciated. > > I used wpa_supplicant 0.3.8 and madwifi. > > --------wpa_supplicant.conf------------- > eapol_version=1 > ap_scan=1 > fast_reauth=1 > network={ > proto=WPA > ssid="Cisco1231g" > psk="12345678" > auth_alg=OPEN > key_mgmt=WPA-PSK > pairwise=TKIP > group=TKIP > } > --------------------------------------------------------- > > --------output message----------- > Initializing interface 'ath0' conf '/etc/wpa_supplicant.conf' driver 'default' > Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' > Reading configuration file '/etc/wpa_supplicant.conf' > eapol_version=1 > ap_scan=1 > fast_reauth=1 > Priority group 0 > id=0 ssid='Cisco1231g' > Initializing interface (2) 'ath0' > EAPOL: SUPP_PAE entering state DISCONNECTED > EAPOL: KEY_RX entering state NO_KEY_RECEIVE > EAPOL: SUPP_BE entering state INITIALIZE > EAP: EAP entering state DISABLED > EAPOL: External notification - portEnabled=0 > EAPOL: External notification - portValid=0 > Own MAC address: 00:30:ab:24:fc:ef > wpa_driver_madwifi_set_wpa: enabled=1 > wpa_driver_madwifi_del_key: keyidx=0 > wpa_driver_madwifi_del_key: keyidx=1 > wpa_driver_madwifi_del_key: keyidx=2 > wpa_driver_madwifi_del_key: keyidx=3 > wpa_driver_madwifi_set_countermeasures: enabled=0 > wpa_driver_madwifi_set_drop_unencrypted: enabled=1 > Setting scan request: 0 sec 100000 usec > Wireless event: cmd=0x8b06 len=8 > RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added > RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added > Starting AP scan (broadcast SSID) > Wireless event: cmd=0x8b1a len=12 > Wireless event: cmd=0x8b19 len=12 > Received 4095 bytes of scan results (18 BSSes) > Scan results: 18 > Selecting BSS from priority group 0 > 0: 00:0f:b5:36:c7:fd ssid='spencer-602v3' wpa_ie_len=0 rsn_ie_len=22 > skip - SSID mismatch > 1: 00:0f:b5:0f:27:df ssid='*spencer*' wpa_ie_len=24 rsn_ie_len=0 > skip - SSID mismatch > 2: 00:09:5b:f7:14:8c ssid='3067' wpa_ie_len=24 rsn_ie_len=0 > skip - SSID mismatch > 3: 00:03:7f:bf:06:f4 ssid='test goose' wpa_ie_len=26 rsn_ie_len=0 > skip - SSID mismatch > 4: 00:0f:b5:35:4f:19 ssid='wifi' wpa_ie_len=0 rsn_ie_len=22 > skip - SSID mismatch > 5: 00:12:00:d7:4f:20 ssid='Cisco1231g' wpa_ie_len=26 rsn_ie_len=0 > selected > Trying to associate with 00:12:00:d7:4f:20 (SSID='Cisco1231g' freq=2462 MHz) > Cancelling scan request > Automatic auth_alg selection: 0x1 > Overriding auth_alg selection: 0x1 > WPA: using IEEE 802.11i/D3.0 > WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 > WPA: using GTK TKIP > WPA: using PTK TKIP > WPA: using KEY_MGMT WPA-PSK > WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 > 01 00 00 50 f2 02 01 00 00 50 f2 02 > No keys have been configured - skip key clearing > wpa_driver_madwifi_set_drop_unencrypted: enabled=1 > wpa_driver_madwifi_associate > Setting authentication timeout: 5 sec 0 usec > EAPOL: External notification - EAP success=0 > EAPOL: External notification - EAP fail=0 > EAPOL: External notification - portControl=Auto > Wireless event: cmd=0x8b1a len=23 > Wireless event: cmd=0x8b15 len=20 > Wireless event: new AP: 00:12:00:d7:4f:20 > Association event - clear replay counter > Associated to a new BSS: BSSID=00:12:00:d7:4f:20 > No keys have been configured - skip key clearing > Associated with 00:12:00:d7:4f:20 > EAPOL: External notification - portEnabled=0 > EAPOL: External notification - portValid=0 > EAPOL: External notification - EAP success=0 > EAPOL: External notification - portEnabled=1 > EAPOL: SUPP_PAE entering state CONNECTING > EAPOL: txStart > WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0) > EAPOL: SUPP_BE entering state IDLE > EAP: EAP entering state INITIALIZE > EAP: EAP entering state IDLE > Setting authentication timeout: 10 sec 0 usec > RX EAPOL from 00:12:00:d7:4f:20 > Setting authentication timeout: 10 sec 0 usec > EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines > IEEE 802.1X RX: version=1 type=3 length=95 > EAPOL-Key type=254 > WPA: RX message 1 of 4-Way Handshake from 00:12:00:d7:4f:20 (ver=1) > WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 > 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 > WPA: Renewed SNonce - hexdump(len=32): df df 5b 9d 46 26 d7 ca 57 89 > 44 08 50 4c 9c 4f 9d a8 95 e8 33 37 76 55 c7 e6 9b b7 ee b2 4c b4 > WPA: PMK - hexdump(len=32): [REMOVED] > WPA: PTK - hexdump(len=64): [REMOVED] > WPA: EAPOL-Key MIC - hexdump(len=16): 4a 6a c1 75 b3 8e 72 6c af 64 eb > eb ea 1a 2e 96 > WPA: Sending EAPOL-Key 2/4 > RX EAPOL from 00:12:00:d7:4f:20 > EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines > IEEE 802.1X RX: version=1 type=3 length=121 > EAPOL-Key type=254 > WPA: RX message 3 of 4-Way Handshake from 00:12:00:d7:4f:20 (ver=1) > WPA: IE KeyData - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 > 01 00 00 50 f2 02 01 00 00 50 f2 02 28 00 > WPA: Sending EAPOL-Key 4/4 > WPA: Installing PTK to the driver. > WPA: RSC - hexdump(len=6): 00 00 00 00 00 00 > wpa_driver_madwifi_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32 > RX EAPOL from 00:12:00:d7:4f:20 > EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines > IEEE 802.1X RX: version=1 type=3 length=127 > EAPOL-Key type=254 > WPA: RX message 1 of Group Key Handshake from 00:12:00:d7:4f:20 (ver=1) > WPA: Group Key - hexdump(len=32): [REMOVED] > WPA: Installing GTK to the driver (keyidx=1 tx=0). > WPA: RSC - hexdump(len=6): 3e 00 00 00 00 00 > wpa_driver_madwifi_set_key: alg=TKIP key_idx=1 set_tx=0 seq_len=6 key_len=32 > WPA: Sending EAPOL-Key 2/2 > WPA: Key negotiation completed with 00:12:00:d7:4f:20 [PTK=TKIP GTK=TKIP] > Cancelling authentication timeout > EAPOL: External notification - portValid=1 > EAPOL: External notification - EAP success=1 > EAPOL: SUPP_PAE entering state AUTHENTICATING > EAPOL: SUPP_BE entering state SUCCESS > EAPOL: SUPP_PAE entering state AUTHENTICATED > EAPOL: SUPP_BE entering state IDLE > RX EAPOL from 00:12:00:d7:4f:20 > EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines > IEEE 802.1X RX: version=1 type=3 length=127 > EAPOL-Key type=254 > WPA: RX message 1 of Group Key Handshake from 00:12:00:d7:4f:20 (ver=1) > WPA: Group Key - hexdump(len=32): [REMOVED] > WPA: Installing GTK to the driver (keyidx=1 tx=0). > WPA: RSC - hexdump(len=6): 3e 00 00 00 00 00 > wpa_driver_madwifi_set_key: alg=TKIP key_idx=1 set_tx=0 seq_len=6 key_len=32 > WPA: Sending EAPOL-Key 2/2 > WPA: Group rekeying completed with 00:12:00:d7:4f:20 [GTK=TKIP] > RX EAPOL from 00:12:00:d7:4f:20 > EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines > IEEE 802.1X RX: version=1 type=3 length=127 > EAPOL-Key type=254 > WPA: RX message 1 of Group Key Handshake from 00:12:00:d7:4f:20 (ver=1) > WPA: Group Key - hexdump(len=32): [REMOVED] > WPA: Installing GTK to the driver (keyidx=1 tx=0). > WPA: RSC - hexdump(len=6): 3e 00 00 00 00 00 > wpa_driver_madwifi_set_key: alg=TKIP key_idx=1 set_tx=0 seq_len=6 key_len=32 > WPA: Sending EAPOL-Key 2/2 > WPA: Group rekeying completed with 00:12:00:d7:4f:20 [GTK=TKIP] > Wireless event: cmd=0x8b15 len=20 > Wireless event: new AP: 00:00:00:00:00:00 > Setting scan request: 0 sec 100000 usec > Added BSSID 00:12:00:d7:4f:20 into blacklist > EAPOL: External notification - portEnabled=0 > EAPOL: SUPP_PAE entering state DISCONNECTED > EAPOL: SUPP_BE entering state INITIALIZE > EAP: EAP entering state DISABLED > EAPOL: External notification - portValid=0 > EAPOL: External notification - EAP success=0 > Disconnect event - remove keys > ------------------------------------------------------------------------------ > > Regards, > YJ. > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap -- ---- ---- ---- Michael Reilly michaelr at cisco.com Cisco Systems, California From jkmaline at cc.hut.fi Mon Feb 14 23:30:52 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Mon, 14 Feb 2005 20:30:52 -0800 Subject: can not connect to Cisco 1231 with WPA-PSK(wpa_supplicant 0.3.8 and madwifi) In-Reply-To: <32653c97050214023343209248@mail.gmail.com> References: <32653c97050214023343209248@mail.gmail.com> Message-ID: <20050215043052.GC8387@jm.kir.nu> On Mon, Feb 14, 2005 at 06:33:19PM +0800, YenJung Chang wrote: > I can not connect to Cisco 1231 with WPA-PSK. > > Following is my configure file, wpa_supplicant.conf, and output message. > Any advice is appreciated. > > I used wpa_supplicant 0.3.8 and madwifi. The debug log shows a successful WPA-PSK authentication with the AP, from the client view point. However, based on retries on group key handshake and the evetnual disconnect event, it looks like the AP did not like the Group Key EAPOL-Key frames from the client. Which version of madwifi is this? If I remember correctly, madwifi used to send plaintext EAPOL frames even though these Group Key messages are supposed to be encrypted. I would recommend asking for fix from the madwifi mailing lists if you are using the latest CVS version of the driver and it is still sending out only unencrypted EAPOL-Key frames. If you have full access to the AP, I would assume it would be possible to verify this by enabling some debugging at the AP. Anyway, I have successfully tested number of Cisco 12xx APs, so I believe that wpa_supplicant works fine with them. However, I have mostly tested with other drivers than madwifi. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Mon Feb 14 23:34:21 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Mon, 14 Feb 2005 20:34:21 -0800 Subject: can not connect to Cisco 1231 with WPA-PSK(wpa_supplicant 0.3.8 and madwifi) In-Reply-To: <421176DF.1010200@cisco.com> References: <32653c97050214023343209248@mail.gmail.com> <421176DF.1010200@cisco.com> Message-ID: <20050215043421.GD8387@jm.kir.nu> On Mon, Feb 14, 2005 at 08:13:19PM -0800, Michael Reilly wrote: > Looks like the problem I've been having for several months. wpa_supplicant > + madwifi doesn't work for me with a Cisco AP in 802.11b or 802.11g mode. I don't remember seeing a debug log from you with this kind of case, i.e., 4-Way Handshake completing successfully, but Group Key Handshake failing. Maybe I missed that one, though. Anyway, if you see something like this, I would point towards the direction of the driver not encrypting EAPOL-Key messages. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Mon Feb 14 23:43:56 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Mon, 14 Feb 2005 20:43:56 -0800 Subject: ...it works with madwifi, but not ipw2200? In-Reply-To: <200502141715.10002.gbaker@cs.mun.ca> References: <200502141715.10002.gbaker@cs.mun.ca> Message-ID: <20050215044356.GE8387@jm.kir.nu> On Mon, Feb 14, 2005 at 05:15:09PM -0330, Greg Baker wrote: > Hey guys.. Just wondering if there's any weirdness with the ipw2200 drivers? > I can do an "iwlist eth1 scan" and see the APs, but their SSIDs are showing as > hidden. Any comments? Does this card fully support WPA+TKIP? I don't think ipw2200 driver (or at least the driver interface in wpa_supplicant) supports scanning for specific SSID. If the driver supports association without wpa_supplicant selecting the BSSID, you could try ap_scan=2 to skip the scanning part. Another test could be to manually configure the SSID before doing the scan. I don't have test setup with ipw2200 (or ipw2100 for that matter), so I don't know whether either of these actually works. The ipw2200 mailing list could be more fruitful target for this question. -- Jouni Malinen PGP id EFC895FA From ramalhais at serrado.net Tue Feb 15 01:05:23 2005 From: ramalhais at serrado.net (Pedro Ramalhais) Date: Tue, 15 Feb 2005 06:05:23 +0000 Subject: ...it works with madwifi, but not ipw2200? In-Reply-To: <20050215044356.GE8387@jm.kir.nu> References: <200502141715.10002.gbaker@cs.mun.ca> <20050215044356.GE8387@jm.kir.nu> Message-ID: <1108447522.9245.1.camel@rootix> On Tue, 2005-02-15 at 04:43, Jouni Malinen wrote: > On Mon, Feb 14, 2005 at 05:15:09PM -0330, Greg Baker wrote: > > > Hey guys.. Just wondering if there's any weirdness with the ipw2200 drivers? > > > I can do an "iwlist eth1 scan" and see the APs, but their SSIDs are showing as > > hidden. Any comments? Does this card fully support WPA+TKIP? > > I don't think ipw2200 driver (or at least the driver interface in > wpa_supplicant) supports scanning for specific SSID. If the driver > supports association without wpa_supplicant selecting the BSSID, you > could try ap_scan=2 to skip the scanning part. Another test could be to > manually configure the SSID before doing the scan. I don't have test > setup with ipw2200 (or ipw2100 for that matter), so I don't know whether > either of these actually works. The ipw2200 mailing list could be more > fruitful target for this question. >From what i can remember testing with hidden SSID and WPA, i think it worked when i manually set the ESSID while running wpa_supplicant (ipw2200). -- Pedro Ramalhais From fromkth+hostap at fastmail.fm Tue Feb 15 04:57:36 2005 From: fromkth+hostap at fastmail.fm (Ajeet Nankani) Date: Tue, 15 Feb 2005 10:57:36 +0100 Subject: From 802.11 Authentication to (Re)Association Response - timings. Message-ID: <4211C790.9050903@fastmail.fm> Last week i did some experiments and found out that from the Authentication request from STA to (Re)Association response from AP it takes around 150ms to 200ms which is quite high, as it should be around anywhere between 5 to 20ms. Also note that these timings does not include any of scanning timings. I have 1.8.0 firmware I used HostAP 0.3.5 build I experimented separately with both, kernel level 802.11 management and with hostapd daemon 802.11 management. It was total open-authentication, no WEP, no WPA. There are not any other APs/STAs in vicinity. I used two APs(Channel 1 and 6), to be able to do handoff. What could be wrong in my setup? Anyone else observed the same or much less timings than these ones? -ajeet. From gbaker at cs.mun.ca Tue Feb 15 07:27:34 2005 From: gbaker at cs.mun.ca (Greg Baker) Date: Tue, 15 Feb 2005 08:57:34 -0330 Subject: ...it works with madwifi, but not ipw2200? In-Reply-To: References: Message-ID: <200502150857.35098.gbaker@cs.mun.ca> Thanks everyone for your reply.. Unfortunately, I do not have access to the APs here at my school, so I guess my friend is out of luck right now. Greg On February 14, 2005 07:26 pm, you wrote: > I ran into the same problem. When I was debugging, I noticed that the > feature to scan explitly for the SSID was not yet implemented. I had to > turn the broadcast of the SSID on my AP and then all was well. > > On Mon, 14 Feb 2005, Greg Baker wrote: > > Hey guys.. Just wondering if there's any weirdness with the ipw2200 > > drivers? After successfully setting up my own wireless using > > wpa_supplicant 0.3.8, I decided to try to set up my friend's... > > > > The APs that we use here do not broadcast the SSID, and I think that may > > be where the problem is coming from. His keeps saying "No suitable APs > > found". > > > > I can do an "iwlist eth1 scan" and see the APs, but their SSIDs are > > showing as hidden. Any comments? Does this card fully support WPA+TKIP? From fromkth+hostap at fastmail.fm Tue Feb 15 08:06:09 2005 From: fromkth+hostap at fastmail.fm (Ajeet Nankani) Date: Tue, 15 Feb 2005 05:06:09 -0800 Subject: From 802.11 Authentication to (Re)Association Response - timings. In-Reply-To: <33339.213.66.212.25.1108467772.squirrel@webmail.imit.kth.se> References: <4211C790.9050903@fastmail.fm> <33339.213.66.212.25.1108467772.squirrel@webmail.imit.kth.se> Message-ID: <1108472769.13418.215115544@webmail.messagingengine.com> Hello Vatn, On Tue, 15 Feb 2005 12:42:52 +0100 (CET), vatn at imit.kth.se said: > Hi Ajeet, > > Ajeet Nankani said: > > Last week i did some experiments and found out that from the > > Authentication request from STA to (Re)Association response from AP it > > takes around 150ms to 200ms which is quite high, as it should be around > > anywhere between 5 to 20ms. Also note that these timings does not > > include any of scanning timings. > > > > I have 1.8.0 firmware > > I used HostAP 0.3.5 build > > I experimented separately with both, kernel level 802.11 management and > > with hostapd daemon 802.11 management. > > It was total open-authentication, no WEP, no WPA. > > There are not any other APs/STAs in vicinity. > > I used two APs(Channel 1 and 6), to be able to do handoff. > > > > What could be wrong in my setup? > > > > Anyone else observed the same or much less timings than these ones? > > I have documented similar tests, but with older hostap driver and > firmware in a report "An experimental study of IEEE 802.11b handover > performance and its effect on voice traffic", see > http://www.it.kth.se/~vatn/research/handover-perf.pdf > See also Velayos and Karlsson, "Techniques to Reduce IEEE 802.11b MAC > Layer Handover Time", who use HostAP at the AP side. > http://www.it.kth.se/~hvelayos/papers/TRITA-IMIT-LCN%20R%2003-02%20Handover%20in%20IEEE%20802.pdf > > Both papers show "execution delays" below 10 ms (1-7 ms). Yeah, i have already gone through the above and many other research papers and articles about handoff process and measurements, the latest being from the guys at Maryland University. But i could not find what is the problem in my setup, should i downgrade my firmware and see if it helps?? or something else?? Best Regards. -ajeet From dhskhoo at yahoo.com Tue Feb 15 14:28:43 2005 From: dhskhoo at yahoo.com (dennis khoo) Date: Tue, 15 Feb 2005 11:28:43 -0800 (PST) Subject: hostapd PRISM2_IOCTL_HOSTAPD failures In-Reply-To: <1108472769.13418.215115544@webmail.messagingengine.com> Message-ID: <20050215192843.20229.qmail@web30806.mail.mud.yahoo.com> Hi all, I am trying to get hostapd to act as an authenticator between an external Radius server a Windows client doing EAP-TTLS MD5. I have verified that the Radius server and Windows client work using another authenticator. I am seeing "[PRISM2_IOCTL_HOSTAPD]: Invalid argument Failed to set encryption." output when I set wpa=1 in hostapd.conf. Is this pritout normal? Can anyone give me a clue as to what might be wrong? I am using hostap and hostapd 0.2.6. wifi0: NIC: id=0x8013 v1.0.0 wifi0: PRI: id=0x15 v1.1.1 wifi0: STA: id=0x1f v1.7.4 I've insmod hostap, hostap_pci, hostap_crypt, hostap_crypt_tkip, hostap_crypt_ccmp hostapd.conf changes ------------------------------ interface=wlan0 ssid=dennis macaddr_acl=0 accept_mac_file=/etc/hostapd.accept deny_mac_file=/etc/hostapd.deny auth_algs=3 ieee8021x=1 eapol_key_index_workaround=0 own_ip_addr=192.168.1.1 auth_server_addr=192.168.1.2 auth_server_port=1812 auth_server_shared_secret=mysecret acct_server_addr=192.168.1.2 acct_server_port=1813 acct_server_shared_secret=mysecret wpa=1 wpa_key_mgmt=WPA-EAP wpa_pairwise=TKIP CCMP wpa_group_rekey=300 wpa_gmk_rekey=6400 dmesg ------------- wlan0: RADIUS Authentication server 192.168.1.2:1812 wlan0: RADIUS Accounting server 192.168.1.2:1813 ioctl[PRISM2_IOCTL_HOSTAPD]: Invalid argument Failed to set encryption. Flushing old station entries Deauthenticate all stations wlan0: RADIUS Authentication server 192.168.1.2:1812 wlan0: RADIUS Accounting server 192.168.1.2:1813 ioctl[PRISM2_IOCTL_HOSTAPD]: Invalid argument Failed to set encryption. Flushing old station entries Deauthenticate all stations wlan0: STA 00:0f:a3:1b:4b:10 IEEE 802.11: authenticated wlan0: STA 00:0f:a3:1b:4b:10 IEEE 802.11: associated (aid 1, accounting session 386D4A93-00000000) ioctl[PRISM2_IOCTL_HOSTAPD]: Invalid argument Failed to set encryption. wlan0: STA 00:0f:a3:1b:4b:10 IEEE 802.11: deauthenticated due to local deauth request ioctl[PRISM2_IOCTL_HOSTAPD]: No such file or directory Could not set station flags for kernel driver. ioctl[PRISM2_IOCTL_HOSTAPD]: No such file or directory Could not remove station from kernel driver. wlan0: STA 00:0f:a3:1b:4b:10 IEEE 802.11: authenticated wlan0: STA 00:0f:a3:1b:4b:10 IEEE 802.11: associated (aid 1, accounting session 386D4A93-00000001) ioctl[PRISM2_IOCTL_HOSTAPD]: Invalid argument Failed to set encryption. ...... repeats............. Thanks in advance dennis __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From dhskhoo at yahoo.com Tue Feb 15 15:39:53 2005 From: dhskhoo at yahoo.com (dennis khoo) Date: Tue, 15 Feb 2005 12:39:53 -0800 (PST) Subject: hostapd PRISM2_IOCTL_HOSTAPD failures In-Reply-To: <20050215192843.20229.qmail@web30806.mail.mud.yahoo.com> Message-ID: <20050215203954.47844.qmail@web30806.mail.mud.yahoo.com> Hi all, Problem is resolved by loading the modules in the following order hostap, hostap_crypt_tkip, hostap_crypt_ccmp, hostap_crypt, hostap_pci > > I've insmod hostap, hostap_pci, hostap_crypt, > hostap_crypt_tkip, hostap_crypt_ccmp Thanks __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From jcui at skymv.com Tue Feb 15 17:12:31 2005 From: jcui at skymv.com (Jungle Cui) Date: Tue, 15 Feb 2005 14:12:31 -0800 Subject: wpa_supplicant WPA_PSK: not working with Value Point AP --HELP Message-ID: I am using wpa_supplicant 0.2.6 WPA_PSK. it works for NetGear and LinkSys AP. However, It can not work with Value Point AP. Looks it can associates with Value Point AP, but the authentication never happen. wap_supplicant authentication times out every 10 seconds repeatly. Please help on this. The following is the screen dump: ------------------------------------ wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -dd Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group=0 eapol_version=1 ap_scan=1 Line: 203 - start of a new network block SSID - hexdump_ascii(len=6): 6a 75 6e 67 6c 65 jungle proto: 0x1 key_mgmt: 0x2 pairwise: 0x8 group: 0x8 PSK (ASCII passphrase) - hexdump_ascii(len=9): 6a 75 6e 67 6c 65 63 75 69 junglecui priority=2 PSK (from passphrase) - hexdump(len=32): ca e4 98 a5 57 13 30 2d 2d 84 69 75 53 ca fd 30 21 aa 58 fe 34 02 fd bd 29 b0 6a 01 bc a0 73 c6 Priority group 2 id=0 ssid='jungle' wpa_driver_hostap_set_wpa: enabled=1 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_countermeasures: enabled=0 wpa_driver_hostap_set_drop_unencrypted: enabled=1 Setting scan request: 0 sec 100000 usec Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Disconnect event - remove keys wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Disconnect event - remove keys wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 Starting AP scan (broadcast SSID) Wireless event: cmd=0x8b19 len=12 Received 1340 bytes of scan results (7 BSSes) Scan results: 7 Selecting BSS from priority group 2 0: 00:09:92:01:46:ce ssid='jungle' wpa_ie_len=26 rsn_ie_len=0 selected Trying to associate with 00:09:92:01:46:ce (SSID='jungle' freq=2457 MHz) Cancelling scan request WPA: using IEEE 802.11i/D3.0 WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_drop_unencrypted: enabled=1 wpa_driver_hostap_associate Setting authentication timeout: 5 sec 0 usec Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Disconnect event - remove keys wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 Wireless event: cmd=0x8b04 len=12 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Disconnect event - remove keys wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 Wireless event: cmd=0x8b1a len=19 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:09:92:01:46:ce Association event - clear replay counter Associated to a new BSS: BSSID=00:09:92:01:46:ce wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 Associated with 00:09:92:01:46:ce Setting authentication timeout: 10 sec 0 usec Authentication with 00:09:92:01:46:ce timed out. Setting scan request: 0 sec 0 usec Starting AP scan (broadcast SSID) Wireless event: cmd=0x8b19 len=12 Received 1108 bytes of scan results (6 BSSes) Scan results: 6 Selecting BSS from priority group 2 0: 00:09:92:01:46:ce ssid='jungle' wpa_ie_len=26 rsn_ie_len=0 selected Trying to associate with 00:09:92:01:46:ce (SSID='jungle' freq=2457 MHz) Cancelling scan request WPA: using IEEE 802.11i/D3.0 WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_drop_unencrypted: enabled=1 wpa_driver_hostap_associate Setting authentication timeout: 5 sec 0 usec Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Disconnect event - remove keys wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 Wireless event: cmd=0x8b04 len=12 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Disconnect event - remove keys wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 Wireless event: cmd=0x8b1a len=19 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:09:92:01:46:ce Association event - clear replay counter Associated to a new BSS: BSSID=00:09:92:01:46:ce wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 Associated with 00:09:92:01:46:ce Setting authentication timeout: 10 sec 0 usec ..... ------------------------------------------------------------------- From marc at electronics-design.nl Tue Feb 15 19:58:48 2005 From: marc at electronics-design.nl (Marc Dirix) Date: Wed, 16 Feb 2005 01:58:48 +0100 Subject: hostap/iwconfig on Sun ultra10 Message-ID: <20050216005848.GB13110@angus.electronics-design.nl> I recently (as in today) tradet a i386-based server for a sun Utra10. To make a smooth switch I installed debian linux on this sun, and downloaded the stable version of hostap-driver and hostapd. The hostap-drivers inserted smoothly, and I've got the wlan0 and wifi0 interfaces up, and communication with my laptop is possible. (I don't know why but my card always generates these two interfaces both having same mac, and both respond the same on command, but this was also in the old setup present) However, the hostapd is yet another thing. It returns this message: alpha:/usr/src/hostapd-0.3.7# hostapd /etc/hostapd/hostapd.conf Configuration file: /etc/hostapd/hostapd.conf ioctl[PRISM2_IOCTL_PRISM2_PARAM]: Invalid argument Could not enable hostapd mode for interface wlan0 hostap driver initialization failed. rmdir[ctrl_interface]: Bad address The same version, 0.3.7 worked on the i386-system. Furthermore, whenn I use "iwconfig" I get a segfault: alpha:/usr/src/wireless_tools.27# ./iwconfig eth0 no wireless extensions. lo no wireless extensions. eth1 no wireless extensions. sit0 no wireless extensions. ip6tnl0 no wireless extensions. Segmentation fault alpha:/usr/src/wireless_tools.27# Any ideas? Or need more feedback? Are there more people trying to run hostap on linux-sparc? Although I would like to get hostapd back up and running, it isn't mandatory since I set up a mac-specfic iptables ruleset (and macaddress-spoofing is not commen in my neighbourhood ;). /Marc From jkmaline at cc.hut.fi Tue Feb 15 22:19:40 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Tue, 15 Feb 2005 19:19:40 -0800 Subject: wpa_supplicant WPA_PSK: not working with Value Point AP --HELP In-Reply-To: References: Message-ID: <20050216031940.GA8366@jm.kir.nu> On Tue, Feb 15, 2005 at 02:12:31PM -0800, Jungle Cui wrote: > I am using wpa_supplicant 0.2.6 WPA_PSK. it works for NetGear and LinkSys > AP. However, It can not work with Value Point AP. Looks it can associates > with Value Point AP, but the authentication never happen. wap_supplicant > authentication times out every 10 seconds repeatly. Please help on this. The debug log shows number of association events, but no EAPOL frames from the access point. Have you tested this AP with another client? Would you be able to use a wireless sniffer to capture the packets sent between the AP and the client using wpa_supplicant? -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Tue Feb 15 23:32:00 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Tue, 15 Feb 2005 20:32:00 -0800 Subject: Monitoring mode gets frames from more than one channel! In-Reply-To: <66c3877d05021104354c0188c4@mail.gmail.com> References: <1108048792.6629.214778087@webmail.messagingengine.com> <20050211050335.GH8371@jm.kir.nu> <420C9CE4.8040004@fastmail.fm> <66c3877d05021104354c0188c4@mail.gmail.com> Message-ID: <20050216043200.GD8366@jm.kir.nu> On Fri, Feb 11, 2005 at 01:35:17PM +0100, eduardgv wrote: > I think 5 channel separation is enough not to allow packet > decodification on physical layer, even though it is not enough to > avoid interferences. That depends somewhat on the hardware design. I've seen cards that can receive IEEE 802.11b frames from other stations when the devices are on channels 1 and 11.. Sure, they needed to be quite close to each other and lots of frames were dropped, but some were still getting through. In other words, even if the card does not jump around to different channels, you can easily get a frame or two from far away channels every now and then. -- Jouni Malinen PGP id EFC895FA From jcui at skymv.com Wed Feb 16 01:00:19 2005 From: jcui at skymv.com (Jungle Cui) Date: Tue, 15 Feb 2005 22:00:19 -0800 Subject: wpa_supplicant WPA_PSK: not working with Value Point AP --HELP Message-ID: Hi, Jouni, 1): We have verified that this AP can be accessed via WPA-PSK settings from many windows clients running Windows XP + SP2 2): While wpa_supplicant is running, we repeatedly use ifconfig and notice that there are a lot of dropping packets for RX. ( 10+ for every 10 seconds) 3): We suspect that after association, Value Point AP may sends some frames that are in certain formats or with certain types of encryption that the client side can not understand and then drops them. While Windows WiFi client software may be more fault tolerant and therefore can still manage to have the authentication process through. Not sure this is possible or not. 4): We will get sniffer trace and send to you. Regards, ________________________________ From: hostap-bounces+jcui=skymv.com at shmoo.com on behalf of Jouni Malinen Sent: Tue 2/15/2005 7:19 PM To: hostap at shmoo.com Subject: Re: wpa_supplicant WPA_PSK: not working with Value Point AP --HELP On Tue, Feb 15, 2005 at 02:12:31PM -0800, Jungle Cui wrote: > I am using wpa_supplicant 0.2.6 WPA_PSK. it works for NetGear and LinkSys > AP. However, It can not work with Value Point AP. Looks it can associates > with Value Point AP, but the authentication never happen. wap_supplicant > authentication times out every 10 seconds repeatly. Please help on this. The debug log shows number of association events, but no EAPOL frames from the access point. Have you tested this AP with another client? Would you be able to use a wireless sniffer to capture the packets sent between the AP and the client using wpa_supplicant? -- Jouni Malinen PGP id EFC895FA _______________________________________________ HostAP mailing list HostAP at shmoo.com http://lists.shmoo.com/mailman/listinfo/hostap From AMBILYN at nestec.net Wed Feb 16 02:35:30 2005 From: AMBILYN at nestec.net (AMBILY N) Date: Wed, 16 Feb 2005 13:05:30 +0530 Subject: adding supplicant support for new driver Message-ID: Hi, We have an NDIS based driver for AR5005 chipset. We are developing the linux driver for the same. We intend to add support for the newly developing linux driver in wpa supplicant. The driver has no option for setting the information element. From the documentation what I could understand was, in such scenarios, the driver wrapper has to update supplicant with the association information. We went through the broadcom driver wrapper implementation and ndis driver in supplicant. These are our current understandings: 1. In the driver init, the driver has to listen for events. On receiving events, the supplicant is to be informed. 2. We can not use the driver_wext.c custom event functionalities for that since it handles only the WPA IEs in it. If the above are correct, then what should be done for sending the events like ASSOCINFO from driver? Regards Ambily. --------------------------------------------------------------------------- "This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken upon this e-mail is strictly prohibited and may be unlawful." --------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/hostap/attachments/20050216/cd889cda/attachment.htm From yenjung at gmail.com Wed Feb 16 05:12:18 2005 From: yenjung at gmail.com (YenJung Chang) Date: Wed, 16 Feb 2005 18:12:18 +0800 Subject: can not connect to Cisco 1231 with WPA-PSK(wpa_supplicant 0.3.8 and madwifi) In-Reply-To: <20050215043421.GD8387@jm.kir.nu> References: <32653c97050214023343209248@mail.gmail.com> <421176DF.1010200@cisco.com> <20050215043421.GD8387@jm.kir.nu> Message-ID: <32653c97050216021237eac04f@mail.gmail.com> Thanks for your replies. Finally, I found the root cause. The WMM was enabled in Cisco AP. The wpa_supplicant behavior wa normal after closed the WMM in Cisco AP. :) Thanks again. On Mon, 14 Feb 2005 20:34:21 -0800, Jouni Malinen wrote: > On Mon, Feb 14, 2005 at 08:13:19PM -0800, Michael Reilly wrote: > > > Looks like the problem I've been having for several months. wpa_supplicant > > + madwifi doesn't work for me with a Cisco AP in 802.11b or 802.11g mode. > > I don't remember seeing a debug log from you with this kind of case, > i.e., 4-Way Handshake completing successfully, but Group Key Handshake > failing. Maybe I missed that one, though. Anyway, if you see something > like this, I would point towards the direction of the driver not > encrypting EAPOL-Key messages. > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > From dr.warrior at gmail.com Wed Feb 16 08:59:20 2005 From: dr.warrior at gmail.com (Anton Kupriyanov) Date: Wed, 16 Feb 2005 16:59:20 +0300 Subject: problems with ipw2200 or where the problem lies... Message-ID: <23d4eb53050216055959dfa0e8@mail.gmail.com> please look my post about wpa_supplicant here... http://forums.gentoo.org/viewtopic-t-296050.html -- warrior From ramalhais at serrado.net Wed Feb 16 13:48:46 2005 From: ramalhais at serrado.net (Pedro Ramalhais) Date: Wed, 16 Feb 2005 18:48:46 +0000 Subject: problems with ipw2200 or where the problem lies... In-Reply-To: <23d4eb53050216055959dfa0e8@mail.gmail.com> References: <23d4eb53050216055959dfa0e8@mail.gmail.com> Message-ID: <1108579725.1509.199.camel@gandalf.uninova.pt> On Wed, 2005-02-16 at 13:59, Anton Kupriyanov wrote: > please look my post about wpa_supplicant here... > http://forums.gentoo.org/viewtopic-t-296050.html Supply wpa_supplicant's log with -dddd -- Pedro Ramalhais From jcui at skymv.com Wed Feb 16 14:48:06 2005 From: jcui at skymv.com (Jungle Cui) Date: Wed, 16 Feb 2005 11:48:06 -0800 Subject: wpa_supplicant WPA_PSK: not working with Value Point AP --HELP Message-ID: Hi, Jouni, Attached is the sniffer dump for one round of WPA_PSK connection from wpa_supplicant to ValuePoint AP. Please take a look. It starts with beacons, then some activities, then beacons again... Please note: STA MAC ADDR: 00:04:E2:80:4A:5B AP MAC ADDR: 00:09:92:01:46:CD Best Regards, -----Original Message----- From: Jungle Cui Sent: Tue 2/15/2005 10:00 PM To: Jouni Malinen; hostap at shmoo.com Subject: RE: wpa_supplicant WPA_PSK: not working with Value Point AP --HELP Hi, Jouni, 1): We have verified that this AP can be accessed via WPA-PSK settings from many windows clients running Windows XP + SP2 2): While wpa_supplicant is running, we repeatedly use ifconfig and notice that there are a lot of dropping packets for RX. ( 10+ for every 10 seconds) 3): We suspect that after association, Value Point AP may sends some frames that are in certain formats or with certain types of encryption that the client side can not understand and then drops them. While Windows WiFi client software may be more fault tolerant and therefore can still manage to have the authentication process through. Not sure this is possible or not. 4): We will get sniffer trace and send to you. Regards, ________________________________ From: hostap-bounces+jcui=skymv.com at shmoo.com on behalf of Jouni Malinen Sent: Tue 2/15/2005 7:19 PM To: hostap at shmoo.com Subject: Re: wpa_supplicant WPA_PSK: not working with Value Point AP --HELP On Tue, Feb 15, 2005 at 02:12:31PM -0800, Jungle Cui wrote: > I am using wpa_supplicant 0.2.6 WPA_PSK. it works for NetGear and LinkSys > AP. However, It can not work with Value Point AP. Looks it can associates > with Value Point AP, but the authentication never happen. wap_supplicant > authentication times out every 10 seconds repeatly. Please help on this. The debug log shows number of association events, but no EAPOL frames from the access point. Have you tested this AP with another client? Would you be able to use a wireless sniffer to capture the packets sent between the AP and the client using wpa_supplicant? -- Jouni Malinen PGP id EFC895FA _______________________________________________ HostAP mailing list HostAP at shmoo.com http://lists.shmoo.com/mailman/listinfo/hostap -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ValuePointDump.txt Url: http://lists.shmoo.com/pipermail/hostap/attachments/20050216/971f4021/attachment.txt From joe at getsomewhere.net Wed Feb 16 18:51:43 2005 From: joe at getsomewhere.net (Joe Love) Date: Wed, 16 Feb 2005 17:51:43 -0600 Subject: eap authentication seems to fail on university network Message-ID: <4213DC8F.8040106@getsomewhere.net> After hours of searching and changing settings to get my wireless to work on my school network, I've finally hit a stumbling block where I simply don't know what is going wrong, and cannot begin to guess what to try next. wpa_supplicant runs and apparently connects to the unviersity wireless, however, to me it seems that it fails authenticating with the access points. I have verified that the username and password are correct, and have successfully connected to the wireless network on windows using Odyssey, however, that configuration simply doesn't meet my needs to connect using FreeBSD 6-current. So, if anyone can give me some pointers on what to try, it would be appreciated. I'm using: FreeBSD6.0-current built Feb 13th, wpa_supplicant 0.3.8 a linksys WPC11 Config file (password stripped for my security): ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel eapol_version=1 ap_scan=0 network={ ssid="UIC-Wireless" scan_ssid=1 key_mgmt=IEEE8021X WPA-EAP eap=TTLS identity="jlove1" password="[snipped]" anonymous_identity="anonymous" ca_cert="/usr/home/lyfe/thawte.pem" #phase1="include_tls_length=1" phase2="autheap=PAP auth=PAP" } Side note: I'm using ap_scan=0 because there's a bunch of APs that don't always properly report their ssids, so i just manually put that in using: ifconfig wi0 ssid UIC-Wireless And of course, output from wpa_supplicant. I included a bit of it in case someone might be able to see a pattern or something that I'm missing, which might give hints about what's going wrong. Initializing interface 'wi0' conf '/usr/home/lyfe/wpas.conf' driver 'default' Configuration file '/usr/home/lyfe/wpas.conf' -> '/usr/home/lyfe/wpas.conf' Reading configuration file '/usr/home/lyfe/wpas.conf' ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group=0 (from group name 'wheel') eapol_version=1 ap_scan=0 Priority group 0 id=0 ssid='UIC-Wireless' Initializing interface (2) 'wi0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 Own MAC address: 00:06:25:0b:cd:e2 wpa_driver_bsd_set_wpa: enabled=1 wpa_driver_bsd_del_key: keyidx=0 wpa_driver_bsd_del_key: keyidx=1 wpa_driver_bsd_del_key: keyidx=2 wpa_driver_bsd_del_key: keyidx=3 wpa_driver_bsd_set_countermeasures: enabled=0 wpa_driver_bsd_set_drop_unencrypted: enabled=1 Setting scan request: 0 sec 100000 usec Already associated with a configured network - generating associated event Association event - clear replay counter Associated to a new BSS: BSSID=00:0a:f4:9c:38:d3 No keys have been configured - skip key clearing Network configuration found for the current AP WPA: Set cipher suites based on configuration WPA: Selected cipher suites: group 30 pairwise 24 key_mgmt 9 WPA: using GTK CCMP WPA: using PTK CCMP WPA: using KEY_MGMT 802.1X WPA: Own WPA IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 EAPOL: External notification - portControl=Auto Associated with 00:0a:f4:9c:38:d3 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec RX EAPOL from 00:0a:f4:9c:38:d3 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=49 EAP: EAP entering state IDENTITY EAP: EAP-Request Identity data - hexdump_ascii(len=51): 00 6e 65 74 77 6f 72 6b 69 64 3d 55 49 43 2d 57 _networkid=UIC-W 69 72 65 6c 65 73 73 2c 6e 61 73 69 64 3d 4c 69 ireless,nasid=Li 62 2d 31 73 6f 75 74 68 2d 4e 2c 70 6f 72 74 69 b-1south-N,porti 64 3d 30 d=0 EAP: using anonymous identity - hexdump_ascii(len=9): 61 6e 6f 6e 79 6d 6f 75 73 anonymous EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 60, expecting at least 99 RX EAPOL from 00:0a:f4:9c:38:d3 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=21 id=50 EAP: EAP entering state GET_METHOD EAP: initialize selected EAP method (21, TTLS) EAP-TTLS: Phase2 type: EAP EAP-TTLS: Unsupported Phase2 EAP method 'PAP' EAP-TTLS: Phase2 EAP types - hexdump(len=5): 04 1a 06 05 11 TLS: Trusted root certificate(s) loaded TLS: Include TLS Message Length in unfragmented packets EAP: EAP entering state METHOD EAP-TTLS: Received packet(len=6) - Flags 0x20 EAP-TTLS: Start SSL: (where=0x10 ret=0x1) SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:before/connect initialization SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client hello A SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read server hello A SSL: SSL_connect - want more data SSL: 100 bytes pending from ssl_out SSL: 100 bytes left to be sent out (of total 100 bytes) EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 10, expecting at least 99 RX EAPOL from 00:0a:f4:9c:38:d3 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=21 id=51 EAP: EAP entering state METHOD EAP-TTLS: Received packet(len=1396) - Flags 0xc0 EAP-TTLS: TLS Message Length: 2138 SSL: Need 752 bytes more input data SSL: Building ACK EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE IEEE 802.1X RX: version=1 type=0 length=1396 WPA: EAPOL frame (type 0) discarded, not a Key frame RX EAPOL from 00:0a:f4:9c:38:d3 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=21 id=52 EAP: EAP entering state METHOD EAP-TTLS: Received packet(len=758) - Flags 0x00 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server hello A TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1 buf='/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Server CA/emailAddress=server-certs at thawte.com' TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0 buf='/C=US/ST=Illinois/L=Chicago/O=University of Illinois at Chicago/OU=ACCC Computer Center/CN=odyssey2.cc.uic.edu' SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server certificate A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server key exchange A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server done A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client key exchange A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write change cipher spec A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write finished A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 flush data SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read finished A SSL: SSL_connect - want more data SSL: 190 bytes pending from ssl_out SSL: 190 bytes left to be sent out (of total 190 bytes) EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE IEEE 802.1X RX: version=1 type=0 length=758 WPA: EAPOL frame (type 0) discarded, not a Key frame RX EAPOL from 00:0a:f4:9c:38:d3 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=21 id=53 EAP: EAP entering state METHOD EAP-TTLS: Received packet(len=61) - Flags 0x80 EAP-TTLS: TLS Message Length: 51 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read finished A SSL: (where=0x20 ret=0x1) SSL: (where=0x1002 ret=0x1) SSL: 0 bytes pending from ssl_out SSL: No data to be sent out EAP-TTLS: TLS done, proceed to Phase 2 EAP-TTLS: Derived key - hexdump(len=64): [REMOVED] EAP-TTLS: received 0 bytes encrypted data for Phase 2 EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request Identity EAP-TTLS: Phase 2 EAP Request: type=1 EAP: using real identity - hexdump_ascii(len=6): 6a 6c 6f 76 65 31 jlove1 EAP-TTLS: AVP encapsulate EAP Response - hexdump(len=11): 02 35 00 0b 01 6a 6c 6f 76 65 31 EAP-TTLS: Encrypting Phase 2 data - hexdump(len=20): [REMOVED] EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 65, expecting at least 99 RX EAPOL from 00:0a:f4:9c:38:d3 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 8, expecting at least 99 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:0a:f4:9c:38:d3 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (21, TTLS) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=55 EAP: EAP entering state IDENTITY EAP: EAP-Request Identity data - hexdump_ascii(len=51): 00 6e 65 74 77 6f 72 6b 69 64 3d 55 49 43 2d 57 _networkid=UIC-W 69 72 65 6c 65 73 73 2c 6e 61 73 69 64 3d 4c 69 ireless,nasid=Li 62 2d 31 73 6f 75 74 68 2d 4e 2c 70 6f 72 74 69 b-1south-N,porti 64 3d 30 d=0 EAP: using anonymous identity - hexdump_ascii(len=9): 61 6e 6f 6e 79 6d 6f 75 73 anonymous EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 60, expecting at least 99 RX EAPOL from 00:0a:f4:9c:38:d3 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=21 id=56 EAP: EAP entering state GET_METHOD EAP: initialize selected EAP method (21, TTLS) EAP-TTLS: Phase2 type: EAP EAP-TTLS: Unsupported Phase2 EAP method 'PAP' EAP-TTLS: Phase2 EAP types - hexdump(len=5): 04 1a 06 05 11 TLS: Trusted root certificate(s) loaded TLS - SSL error: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table TLS: Include TLS Message Length in unfragmented packets EAP: EAP entering state METHOD EAP-TTLS: Received packet(len=6) - Flags 0x20 EAP-TTLS: Start SSL: (where=0x10 ret=0x1) SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:before/connect initialization SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client hello A SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read server hello A SSL: SSL_connect - want more data SSL: 100 bytes pending from ssl_out SSL: 100 bytes left to be sent out (of total 100 bytes) EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 10, expecting at least 99 RX EAPOL from 00:0a:f4:9c:38:d3 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=21 id=57 EAP: EAP entering state METHOD EAP-TTLS: Received packet(len=1396) - Flags 0xc0 EAP-TTLS: TLS Message Length: 2138 SSL: Need 752 bytes more input data SSL: Building ACK EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE IEEE 802.1X RX: version=1 type=0 length=1396 WPA: EAPOL frame (type 0) discarded, not a Key frame RX EAPOL from 00:0a:f4:9c:38:d3 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=21 id=58 EAP: EAP entering state METHOD EAP-TTLS: Received packet(len=758) - Flags 0x00 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server hello A TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1 buf='/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Server CA/emailAddress=server-certs at thawte.com' TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0 buf='/C=US/ST=Illinois/L=Chicago/O=University of Illinois at Chicago/OU=ACCC Computer Center/CN=odyssey2.cc.uic.edu' SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server certificate A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server key exchange A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server done A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client key exchange A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write change cipher spec A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write finished A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 flush data SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read finished A SSL: SSL_connect - want more data SSL: 190 bytes pending from ssl_out SSL: 190 bytes left to be sent out (of total 190 bytes) EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE IEEE 802.1X RX: version=1 type=0 length=758 WPA: EAPOL frame (type 0) discarded, not a Key frame RX EAPOL from 00:0a:f4:9c:38:d3 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=21 id=59 EAP: EAP entering state METHOD EAP-TTLS: Received packet(len=61) - Flags 0x80 EAP-TTLS: TLS Message Length: 51 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read finished A SSL: (where=0x20 ret=0x1) SSL: (where=0x1002 ret=0x1) SSL: 0 bytes pending from ssl_out SSL: No data to be sent out EAP-TTLS: TLS done, proceed to Phase 2 EAP-TTLS: Derived key - hexdump(len=64): [REMOVED] EAP-TTLS: received 0 bytes encrypted data for Phase 2 EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request Identity EAP-TTLS: Phase 2 EAP Request: type=1 EAP: using real identity - hexdump_ascii(len=6): 6a 6c 6f 76 65 31 jlove1 EAP-TTLS: AVP encapsulate EAP Response - hexdump(len=11): 02 3b 00 0b 01 6a 6c 6f 76 65 31 EAP-TTLS: Encrypting Phase 2 data - hexdump(len=20): [REMOVED] EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 65, expecting at least 99 RX EAPOL from 00:0a:f4:9c:38:d3 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 8, expecting at least 99 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart EAPOL: SUPP_BE entering state IDLE Setting scan request: 0 sec 100000 usec Added BSSID 00:0a:f4:9c:38:d3 into blacklist EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 Disconnect event - remove keys wpa_driver_bsd_del_key: keyidx=0 wpa_driver_bsd_del_key: keyidx=1 wpa_driver_bsd_del_key: keyidx=2 wpa_driver_bsd_del_key: keyidx=3 wpa_driver_bsd_del_key: keyidx=0 Already associated with a configured network - generating associated event Association event - clear replay counter Associated with 00:00:00:00:00:00 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart BSSID not set when trying to send an EAPOL frame Using the source address of the last received EAPOL frame 00:0a:f4:9c:38:d3 as the EAPOL destination EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (21, TTLS) at INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec RX EAPOL from 00:12:43:92:9b:40 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=1 EAP: EAP entering state IDENTITY EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using anonymous identity - hexdump_ascii(len=9): 61 6e 6f 6e 79 6d 6f 75 73 anonymous EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp BSSID not set when trying to send an EAPOL frame Using current BSSID 00:12:43:92:9b:40 from the driver as the EAPOL destination EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 46, expecting at least 99 Signal 2 received - terminating No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 wpa_driver_bsd_set_wpa: enabled=0 wpa_driver_bsd_set_drop_unencrypted: enabled=0 wpa_driver_bsd_set_countermeasures: enabled=0 Removed BSSID 00:0a:f4:9c:38:d3 from blacklist (clear) There was another user who managed to use xsupplicant to connect to the university network, however, being a freebsd user, xsupplicant is not available to me, so I would like to get wpa_supplicant working. Their notes on how they did it with xsupplicant are available (in case there might be something else there I'm missing) here: http://listserv.uic.edu/htbin/wa?A2=ind0409&L=uic-lug&P=6805 Thanks for any feedback, -Joe From jkmaline at cc.hut.fi Wed Feb 16 22:44:07 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 16 Feb 2005 19:44:07 -0800 Subject: eap authentication seems to fail on university network In-Reply-To: <4213DC8F.8040106@getsomewhere.net> References: <4213DC8F.8040106@getsomewhere.net> Message-ID: <20050217034407.GA8386@jm.kir.nu> On Wed, Feb 16, 2005 at 05:51:43PM -0600, Joe Love wrote: > ctrl_interface=/var/run/wpa_supplicant > ctrl_interface_group=wheel > eapol_version=1 > ap_scan=0 > network={ > ssid="UIC-Wireless" > scan_ssid=1 > key_mgmt=IEEE8021X WPA-EAP This combination of ap_scan=0 and WPA-EAP is unlikely to work. However, based on the debug log, I would guess that you are actually not using WPA at all. Removing that WPA-EAP from here would make the config file easier to understand.. > eap=TTLS > identity="jlove1" > password="[snipped]" > anonymous_identity="anonymous" > ca_cert="/usr/home/lyfe/thawte.pem" > #phase1="include_tls_length=1" > phase2="autheap=PAP auth=PAP" This phase2 line here is causing the connection to fail. autheap=PAP is invalid option and removing it may make this actually work.. Now, wpa_supplicant assumes that you want to use another EAP method in Phase2, but in practice, I would assume you want to do PAP. In other word,s change this to phase2="auth=PAP". > Side note: I'm using ap_scan=0 because there's a bunch of APs that don't > always properly report their ssids, so i just manually put that in > using: ifconfig wi0 ssid UIC-Wireless Please note that WPA needs to get WPA IE set correctly for the association request and using ap_scan=0 is unlikely to work for that. ap_scan=2 might, but it depends on whether the driver supports such configuration. Anyway, it looks like you are not using WPA, so this should not matter for now. > EAP-TTLS: Phase2 type: EAP > EAP-TTLS: Unsupported Phase2 EAP method 'PAP' > EAP-TTLS: Phase2 EAP types - hexdump(len=5): 04 1a 06 05 11 This is the part where wpa_supplicant gets confused about the phase2 configuration. It ends up believe that you want EAP and since there is no EAP-PAP, it just default to allow all EAP methods that have been marked available for phase 2 use. > TLS: Include TLS Message Length in unfragmented packets This does not match wuith your configuration file example, i.e., I would assume you had the phase1 line actually uncommented when producing this debug log. > EAP-TTLS: TLS done, proceed to Phase 2 So TLS part was completed without problems. > EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request Identity > EAP-TTLS: Phase 2 EAP Request: type=1 > EAP: using real identity - hexdump_ascii(len=6): > 6a 6c 6f 76 65 31 jlove1 > EAP-TTLS: AVP encapsulate EAP Response - hexdump(len=11): 02 35 00 0b 01 > 6a 6c 6f 76 65 31 wpa_supplicant tries to start EAP in phase 2.. > EAP: Received EAP-Failure But authentication server does not like it.. I would assume it was configured to accept only PAP. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Wed Feb 16 22:51:47 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 16 Feb 2005 19:51:47 -0800 Subject: adding supplicant support for new driver In-Reply-To: References: Message-ID: <20050217035147.GB8386@jm.kir.nu> On Wed, Feb 16, 2005 at 01:05:30PM +0530, AMBILY N wrote: > The driver has no option for setting the information element. From the > documentation what I could understand was, in such scenarios, the driver > wrapper has to update supplicant with the association information. We went > through the broadcom driver wrapper implementation and ndis driver in > supplicant. Yes, that is correct. You might also want to take a look at ndiswrapper which is actually using driver_wext.c to get association information events. > 1. In the driver init, the driver has to listen for events. On > receiving events, the supplicant is to be informed. This is correct.. > 2. We can not use the driver_wext.c custom event > functionalities for that since it handles only the WPA IEs in it. but this is not.. > If the above are correct, then what should be done for sending the > events like ASSOCINFO from driver? You should be able to use the custom event from the driver with ASSOCINFO(ReqIEs=....) encoding. Both ndiswrapper and Linuxant driverloader are using that. I'm not sure what you mean by this only handling WPA IEs. driver_wext.c passes all IEs to core wpa_supplicant code which then takes care of extracting whatever information is needed (WPA IE or RSN IE if you are using WPA2). > "This e-mail and any files transmitted with it are for the sole use > of the intended recipient(s) and may contain confidential and privileged > information. Please try not to include this kind of bogus disclaimers into messages send to this mailing list (or directly to me, for that matter). -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Wed Feb 16 22:59:45 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 16 Feb 2005 19:59:45 -0800 Subject: wpa_supplicant WPA_PSK: not working with Value Point AP --HELP In-Reply-To: References: Message-ID: <20050217035945.GC8386@jm.kir.nu> On Wed, Feb 16, 2005 at 11:48:06AM -0800, Jungle Cui wrote: > Attached is the sniffer dump for one round of WPA_PSK connection from > wpa_supplicant to ValuePoint AP. Please take a look. Thanks. In general, I would prefer capture logs in a format that can be easily read with ethereal (e.g.., capture file from ethereal itself or tcpdump). The capture log was cut somewhat short, i.e., it continued only for about 130 ms after the association. During that time, the AP did not seem to send out any EAPOL frames. If no EAPOL frames is received even after this, it looks like the AP is doing something odd and there is not much that wpa_supplicant could do here. The association seemed work correctly and the next thing would be for the AP to send the first EAPOL-Key packet of the 4-Way Key Handshake. > 3): We suspect that after association, Value Point AP may sends some frames > that are in certain formats or with certain types of encryption that the client side > can not understand and then drops them. While Windows WiFi client software > may be more fault tolerant and therefore can still manage to have the authentication > process through. Not sure this is possible or not. The capture log did not indicate that anything like that would have been send out at least during the 130 ms period after the successful association. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Wed Feb 16 23:02:50 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 16 Feb 2005 20:02:50 -0800 Subject: can not connect to Cisco 1231 with WPA-PSK(wpa_supplicant 0.3.8 and madwifi) In-Reply-To: <32653c97050216021237eac04f@mail.gmail.com> References: <32653c97050214023343209248@mail.gmail.com> <421176DF.1010200@cisco.com> <20050215043421.GD8387@jm.kir.nu> <32653c97050216021237eac04f@mail.gmail.com> Message-ID: <20050217040250.GD8386@jm.kir.nu> On Wed, Feb 16, 2005 at 06:12:18PM +0800, YenJung Chang wrote: > Finally, I found the root cause. The WMM was enabled in Cisco AP. > The wpa_supplicant behavior wa normal after closed the WMM in Cisco AP. :) I have never tested madwifi with WMM, so I don't know what to expect from that. Based on this, it sounds like there could be some problems with such a combination. WMM adds more IEs to association, but I would not expect this to cause major problems. More likely cause could be in changes to TKIP and CCMP calculation for different ACs used in WMM. -- Jouni Malinen PGP id EFC895FA From ccellist at cashette.com Wed Feb 16 23:30:31 2005 From: ccellist at cashette.com (Arturo Araya) Date: Wed, 16 Feb 2005 20:30:31 -0800 (PST) Subject: Compaq WL200 card stopped working Message-ID: <31839203.1108614631703.JavaMail.Administrator@appsrv> My wlan0 has mysteriously stopped working. It was working beautifully as an access point, feeding an internet connection througout my apt. Then I opened up the PC case to install a second NIC (wired) and case fan, but when I turned on the PC, the wifi card stopped working. PCMCIA is working fine (except "cardctl reset" was causing a kernel panic consistently, resolved by recompiling the kernel), and the card itself is visible. The driver (hostap_cs v.3.5 I think) loads and everything, except whenever I try to bring the card up I get the following in /var/log/messages (excerpted) Feb 15 00:26:04 webern cardmgr[28600]: executing: 'modprobe hostap_cs' Feb 15 00:26:04 webern hostap_cs: 0.3.7 - 2005-02-12 (Jouni Malinen ) Feb 15 00:26:04 webern hostap_cs: setting Vcc=33 (constant) Feb 15 00:26:04 webern hostap_cs: CS_EVENT_CARD_INSERTION Feb 15 00:26:04 webern hostap_cs: setting Vcc=33 (from config) Feb 15 00:26:04 webern Checking CFTABLE_ENTRY 0x01 (default 0x01) Feb 15 00:26:04 webern Config has no IRQ info, but trying to enable IRQ anyway.. Feb 15 00:26:04 webern IO window settings: cfg->io.nwin=1 dflt.io.nwin=1 Feb 15 00:26:04 webern io->flags = 0x0046, io.base=0x0000, len=64 Feb 15 00:26:04 webern cs: IO port probe 0x0100-0x04ff: excluding 0x400-0x47f 0x4d0-0x4d7 Feb 15 00:26:04 webern cs: IO port probe 0x0800-0x08ff: clean. Feb 15 00:26:04 webern cs: IO port probe 0x0a00-0x0aff: clean. Feb 15 00:26:04 webern cs: IO port probe 0x0c00-0x0cff: clean. Feb 15 00:26:04 webern hostap_cs: Registered netdevice wifi0 Feb 15 00:26:04 webern hostap_cs: index 0x01: Vcc 3.3, irq 3, io 0x0100-0x013f Feb 15 00:26:04 webern net.agent[3488]: register event not handled Feb 15 00:26:05 webern hostap_cs: assuming no Primary image in flash - card initialization not completed Feb 15 00:26:05 webern wifi0: test Genesis mode with HCR 0x1f Feb 15 00:26:05 webern prism2_pccard_cor_sreset: original COR 41 Feb 15 00:26:05 webern prism2_pccard_genesis_sreset: original COR 41 Feb 15 00:26:05 webern Readback test failed, HCR 0x1f write 00 e1 a1 ff read 00 64 97 ff Feb 15 00:26:05 webern wifi0: test Genesis mode with HCR 0x0f Feb 15 00:26:05 webern prism2_pccard_cor_sreset: original COR 41 Feb 15 00:26:05 webern prism2_pccard_genesis_sreset: original COR 41 Feb 15 00:26:05 webern Readback test failed, HCR 0x0f write 00 e1 a1 ff read 00 64 97 ff Feb 15 00:26:05 webern prism2_pccard_genesis_sreset: original COR 41 Feb 15 00:26:05 webern wifi0: registered netdevice wlan0 Feb 15 00:26:05 webern cardmgr[28600]: executing: './network start wlan0' Feb 15 00:26:05 webern cardmgr[28600]: + * WARNING: "net.wlan0" has already been started. Feb 15 00:26:05 webern rc-scripts: WARNING: "net.wlan0" has already been started. Feb 15 00:26:05 webern wlan0: could not set interface UP - no PRI f/w Feb 15 00:26:05 webern wlan0: could not set interface UP - no PRI f/w Feb 15 00:26:13 webern wifi0: cannot get RID fdc6 (len=12) - no PRI f/w Feb 15 00:26:13 webern wifi0: cannot get RID fdc1 (len=2) - no PRI f/w Feb 15 00:26:13 webern wifi0: cannot get RID fdc6 (len=12) - no PRI f/w Feb 15 00:26:13 webern wifi0: cannot get RID fc06 (len=2) - no PRI f/w Feb 15 00:26:13 webern wifi0: cannot get RID fd42 (len=6) - no PRI f/w Feb 15 00:26:13 webern wifi0: cannot get RID fc0e (len=34) - no PRI f/w Feb 15 00:26:13 webern wifi0: cannot get RID fc84 (len=2) - no PRI f/w Feb 15 00:26:13 webern wifi0: cannot get RID fc83 (len=2) - no PRI f/w Feb 15 00:26:13 webern wifi0: cannot get RID fc82 (len=2) - no PRI f/w Feb 15 00:26:13 webern wifi0: cannot get RID fc09 (len=2) - no PRI f/w Feb 15 00:26:13 webern wifi0: cannot get RID fd48 (len=2) - no PRI f/w Feb 15 00:26:13 webern wlan0: cannot get RID fdc6 (len=12) - no PRI f/w Feb 15 00:26:13 webern wlan0: cannot get RID fdc1 (len=2) - no PRI f/w Feb 15 00:26:13 webern wlan0: cannot get RID fdc6 (len=12) - no PRI f/w Feb 15 00:26:13 webern wlan0: cannot get RID fc06 (len=2) - no PRI f/w Feb 15 00:26:13 webern wlan0: cannot get RID fd42 (len=6) - no PRI f/w Feb 15 00:26:13 webern wlan0: cannot get RID fc0e (len=34) - no PRI f/w Feb 15 00:26:13 webern wlan0: cannot get RID fc84 (len=2) - no PRI f/w Feb 15 00:26:13 webern wlan0: cannot get RID fc83 (len=2) - no PRI f/w Feb 15 00:26:13 webern wlan0: cannot get RID fc82 (len=2) - no PRI f/w Feb 15 00:26:13 webern wlan0: cannot get RID fc09 (len=2) - no PRI f/w Feb 15 00:26:13 webern wlan0: cannot get RID fd48 (len=2) - no PRI f/w (end excerpt) I don't understand how the card could have possibly lost it's primary firmware. I could understand if I'd touched a magnetic tip screwdriver to the card, but nothing of the sort happened! I can't seem to reload the firmware using hostap_srec either. I get an error message about it not being able to read the card's PDA or something. Is my card dead??? Thanks __________________________ Cashette stops spam. 100% effective and free! Go to http://home.cashette.com From dr.warrior at gmail.com Thu Feb 17 01:06:56 2005 From: dr.warrior at gmail.com (Anton Kupriyanov) Date: Thu, 17 Feb 2005 09:06:56 +0300 Subject: problems with ipw2200 or where the problem lies... In-Reply-To: <23d4eb5305021622054f35a9d0@mail.gmail.com> References: <23d4eb53050216055959dfa0e8@mail.gmail.com> <1108579725.1509.199.camel@gandalf.uninova.pt> <23d4eb5305021622054f35a9d0@mail.gmail.com> Message-ID: <23d4eb53050216220655b5fd0f@mail.gmail.com> On Wed, 16 Feb 2005 18:48:46 +0000, Pedro Ramalhais wrote: > On Wed, 2005-02-16 at 13:59, Anton Kupriyanov wrote: > > please look my post about wpa_supplicant here... > > http://forums.gentoo.org/viewtopic-t-296050.html > > Supply wpa_supplicant's log with -dddd > -- > Pedro Ramalhais here it is.... Initializing interface 'eth1' conf '/etc/wpa_supplicant.conf' driver 'ipw2100' Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group=0 eapol_version=1 ap_scan=1 fast_reauth=1 Line: 8 - start of a new network block ssid - hexdump_ascii(len=6): 4b 49 54 54 45 4e KITTEN scan_ssid=1 (0x1) PSK - hexdump(len=32): [REMOVED] Priority group 0 id=0 ssid='KITTEN' Initializing interface (2) 'eth1' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 Own MAC address: 00:0e:35:44:4f:7a wpa_driver_ipw2100_set_wpa: enabled=1 wpa_driver_ipw2100_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_countermeasures: enabled=0 wpa_driver_ipw2100_set_drop_unencrypted: enabled=1 Setting scan request: 0 sec 100000 usec Using existing control interface directory. Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=6): 4b 49 54 54 45 4e KITTEN Failed to initiate AP scan. Setting scan request: 10 sec 0 usec EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 Scan timeout - try to get results Received 256 bytes of scan results (1 BSSes) Scan results: 1 Selecting BSS from priority group 0 0: 00:0d:88:9d:6f:68 ssid='KITTEN' wpa_ie_len=26 rsn_ie_len=0 selected Trying to associate with 00:0d:88:9d:6f:68 (SSID='KITTEN' freq=0 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 wpa_driver_ipw2100_set_auth_alg: auth_alg=0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT WPA-PSK WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 No keys have been configured - skip key clearing wpa_driver_ipw2100_set_drop_unencrypted: enabled=1 Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - EAP success=0 EAPOL: External notification - EAP fail=0 EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=19 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:0d:88:9d:6f:68 Association event - clear replay counter Associated to a new BSS: BSSID=00:0d:88:9d:6f:68 No keys have been configured - skip key clearing Associated with 00:0d:88:9d:6f:68 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0) EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=29 idleWhile=59 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=28 idleWhile=58 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=27 idleWhile=57 RX EAPOL from 00:0d:88:9d:6f:68 RX EAPOL - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 ae 99 e4 7e 9b 66 9d c9 0e 3b 28 78 88 75 a3 69 63 12 8b 2e 6f c5 a8 f4 8e a3 3c ba 2e 22 1c fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Setting authentication timeout: 10 sec 0 usec EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=95 EAPOL-Key type=254 WPA: RX EAPOL-Key - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 ae 99 e4 7e 9b 66 9d c9 0e 3b 28 78 88 75 a3 69 63 12 8b 2e 6f c5 a8 f4 8e a3 3c ba 2e 22 1c fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 WPA: RX message 1 of 4-Way Handshake from 00:0d:88:9d:6f:68 (ver=1) WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 WPA: Renewed SNonce - hexdump(len=32): 14 b6 24 91 9d 58 a6 32 99 b5 a7 62 5a 98 81 6b aa 30 81 d8 31 c5 41 3a 6d 3e 09 32 96 27 76 c1 WPA: PMK - hexdump(len=32): [REMOVED] WPA: PTK - hexdump(len=64): [REMOVED] WPA: EAPOL-Key MIC - hexdump(len=16): 82 bf 46 2e 88 39 be 13 49 83 4c 72 e0 f4 8b d0 WPA: Sending EAPOL-Key 2/4 WPA: TX EAPOL-Key 2/4 - hexdump(len=137): 00 0d 88 9d 6f 68 00 0e 35 44 4f 7a 88 8e 01 03 00 77 fe 01 09 00 20 00 00 00 00 00 00 00 01 14 b6 24 91 9d 58 a6 32 99 b5 a7 62 5a 98 81 6b aa 30 81 d8 31 c5 41 3a 6d 3e 09 32 96 27 76 c1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 82 bf 46 2e 88 39 be 13 49 83 4c 72 e0 f4 8b d0 00 18 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 RX EAPOL from 00:0d:88:9d:6f:68 RX EAPOL - hexdump(len=125): 01 03 00 79 fe 01 c9 00 20 00 00 00 00 00 00 00 02 ae 99 e4 7e 9b 66 9d c9 0e 3b 28 78 88 75 a3 69 63 12 8b 2e 6f c5 a8 f4 8e a3 3c ba 2e 22 1c fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 c9 a9 72 c9 c1 84 85 8a 76 5f 94 ef 8b 6f a4 00 1a dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00 EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=121 EAPOL-Key type=254 WPA: RX EAPOL-Key - hexdump(len=125): 01 03 00 79 fe 01 c9 00 20 00 00 00 00 00 00 00 02 ae 99 e4 7e 9b 66 9d c9 0e 3b 28 78 88 75 a3 69 63 12 8b 2e 6f c5 a8 f4 8e a3 3c ba 2e 22 1c fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 c9 a9 72 c9 c1 84 85 8a 76 5f 94 ef 8b 6f a4 00 1a dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00 WPA: RX message 3 of 4-Way Handshake from 00:0d:88:9d:6f:68 (ver=1) WPA: IE KeyData - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00 WPA: Sending EAPOL-Key 4/4 WPA: TX EAPOL-Key 4/4 - hexdump(len=113): 00 0d 88 9d 6f 68 00 0e 35 44 4f 7a 88 8e 01 03 00 5f fe 01 09 00 20 00 00 00 00 00 00 00 02 14 b6 24 91 9d 58 a6 32 99 b5 a7 62 5a 98 81 6b aa 30 81 d8 31 c5 41 3a 6d 3e 09 32 96 27 76 c1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d2 53 2c 3b 60 4e 2c 3a 66 69 ae b5 5f dc ee 9d 00 00 WPA: Installing PTK to the driver. WPA: RSC - hexdump(len=6): 00 00 00 00 00 00 wpa_driver_ipw2100_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=26 idleWhile=56 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=25 idleWhile=55 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=24 idleWhile=54 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=23 idleWhile=53 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=22 idleWhile=52 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=21 idleWhile=51 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=20 idleWhile=50 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=19 idleWhile=49 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=18 idleWhile=48 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=17 idleWhile=47 Authentication with 00:0d:88:9d:6f:68 timed out. Added BSSID 00:0d:88:9d:6f:68 into blacklist wpa_driver_ipw2100_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 Setting scan request: 0 sec 0 usec Starting AP scan (broadcast SSID) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 Disconnect event - remove keys wpa_driver_ipw2100_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=16 idleWhile=46 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=15 idleWhile=45 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=14 idleWhile=44 Scan timeout - try to get results Received 256 bytes of scan results (1 BSSes) Scan results: 1 Selecting BSS from priority group 0 0: 00:0d:88:9d:6f:68 ssid='KITTEN' wpa_ie_len=26 rsn_ie_len=0 skip - blacklisted No APs found - clear blacklist and try again Removed BSSID 00:0d:88:9d:6f:68 from blacklist (clear) Selecting BSS from priority group 0 0: 00:0d:88:9d:6f:68 ssid='KITTEN' wpa_ie_len=26 rsn_ie_len=0 selected Trying to associate with 00:0d:88:9d:6f:68 (SSID='KITTEN' freq=0 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 wpa_driver_ipw2100_set_auth_alg: auth_alg=0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT WPA-PSK WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 No keys have been configured - skip key clearing wpa_driver_ipw2100_set_drop_unencrypted: enabled=1 Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - EAP success=0 EAPOL: External notification - EAP fail=0 EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=19 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=13 idleWhile=43 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:0d:88:9d:6f:68 Association event - clear replay counter Associated to a new BSS: BSSID=00:0d:88:9d:6f:68 No keys have been configured - skip key clearing Associated with 00:0d:88:9d:6f:68 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0) EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=29 idleWhile=59 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=28 idleWhile=58 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=27 idleWhile=57 RX EAPOL from 00:0d:88:9d:6f:68 RX EAPOL - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 ef 67 17 1c 0b 08 67 ef 15 7c d9 c6 9d 5d e8 9b a0 12 2b 13 a5 b5 65 75 5b db 62 62 11 99 58 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Setting authentication timeout: 10 sec 0 usec EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=95 EAPOL-Key type=254 WPA: RX EAPOL-Key - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 ef 67 17 1c 0b 08 67 ef 15 7c d9 c6 9d 5d e8 9b a0 12 2b 13 a5 b5 65 75 5b db 62 62 11 99 58 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 WPA: RX message 1 of 4-Way Handshake from 00:0d:88:9d:6f:68 (ver=1) WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 WPA: Renewed SNonce - hexdump(len=32): 98 ec 95 06 e6 3d 5a 54 a8 9f 5f f6 38 7b 3d 39 79 0b 49 90 76 54 2a 51 5e cc a4 84 9f 03 5b 35 WPA: PMK - hexdump(len=32): [REMOVED] WPA: PTK - hexdump(len=64): [REMOVED] WPA: EAPOL-Key MIC - hexdump(len=16): 56 cd 24 22 87 3f bd 6b 17 d8 f0 69 d6 dd 58 42 WPA: Sending EAPOL-Key 2/4 WPA: TX EAPOL-Key 2/4 - hexdump(len=137): 00 0d 88 9d 6f 68 00 0e 35 44 4f 7a 88 8e 01 03 00 77 fe 01 09 00 20 00 00 00 00 00 00 00 01 98 ec 95 06 e6 3d 5a 54 a8 9f 5f f6 38 7b 3d 39 79 0b 49 90 76 54 2a 51 5e cc a4 84 9f 03 5b 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 cd 24 22 87 3f bd 6b 17 d8 f0 69 d6 dd 58 42 00 18 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 RX EAPOL from 00:0d:88:9d:6f:68 RX EAPOL - hexdump(len=125): 01 03 00 79 fe 01 c9 00 20 00 00 00 00 00 00 00 02 ef 67 17 1c 0b 08 67 ef 15 7c d9 c6 9d 5d e8 9b a0 12 2b 13 a5 b5 65 75 5b db 62 62 11 99 58 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97 d9 99 69 37 ab 4c f0 de 5b bf b0 16 66 65 ab 00 1a dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00 EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=121 EAPOL-Key type=254 WPA: RX EAPOL-Key - hexdump(len=125): 01 03 00 79 fe 01 c9 00 20 00 00 00 00 00 00 00 02 ef 67 17 1c 0b 08 67 ef 15 7c d9 c6 9d 5d e8 9b a0 12 2b 13 a5 b5 65 75 5b db 62 62 11 99 58 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97 d9 99 69 37 ab 4c f0 de 5b bf b0 16 66 65 ab 00 1a dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00 WPA: RX message 3 of 4-Way Handshake from 00:0d:88:9d:6f:68 (ver=1) WPA: IE KeyData - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00 WPA: Sending EAPOL-Key 4/4 WPA: TX EAPOL-Key 4/4 - hexdump(len=113): 00 0d 88 9d 6f 68 00 0e 35 44 4f 7a 88 8e 01 03 00 5f fe 01 09 00 20 00 00 00 00 00 00 00 02 98 ec 95 06 e6 3d 5a 54 a8 9f 5f f6 38 7b 3d 39 79 0b 49 90 76 54 2a 51 5e cc a4 84 9f 03 5b 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7b 74 0b 10 b4 00 b1 4e bc 0c 80 21 1d 34 71 ea 00 00 WPA: Installing PTK to the driver. WPA: RSC - hexdump(len=6): 00 00 00 00 00 00 wpa_driver_ipw2100_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=26 idleWhile=56 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=25 idleWhile=55 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=24 idleWhile=54 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=23 idleWhile=53 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=22 idleWhile=52 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=21 idleWhile=51 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=20 idleWhile=50 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=19 idleWhile=49 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=18 idleWhile=48 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=17 idleWhile=47 Authentication with 00:0d:88:9d:6f:68 timed out. Added BSSID 00:0d:88:9d:6f:68 into blacklist wpa_driver_ipw2100_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 -- warrior From jcui at skymv.com Thu Feb 17 01:31:41 2005 From: jcui at skymv.com (Jungle Cui) Date: Wed, 16 Feb 2005 22:31:41 -0800 Subject: wpa_supplicant WPA_PSK: not working with Value Point AP --HELP Message-ID: Hi, Jouni, Thanks for the analysis. The trace was what we got for one wpa_supplicant cycle (10 seconds). Looks it could be an AP issue. It just fails to response anything after association. Just not sure why Windows XP built-in client can successfully talk to this AP. Best Regards, ________________________________ From: hostap-bounces+jcui=skymv.com at shmoo.com on behalf of Jouni Malinen Sent: Wed 2/16/2005 7:59 PM To: hostap at shmoo.com Subject: Re: wpa_supplicant WPA_PSK: not working with Value Point AP --HELP On Wed, Feb 16, 2005 at 11:48:06AM -0800, Jungle Cui wrote: > Attached is the sniffer dump for one round of WPA_PSK connection from > wpa_supplicant to ValuePoint AP. Please take a look. Thanks. In general, I would prefer capture logs in a format that can be easily read with ethereal (e.g.., capture file from ethereal itself or tcpdump). The capture log was cut somewhat short, i.e., it continued only for about 130 ms after the association. During that time, the AP did not seem to send out any EAPOL frames. If no EAPOL frames is received even after this, it looks like the AP is doing something odd and there is not much that wpa_supplicant could do here. The association seemed work correctly and the next thing would be for the AP to send the first EAPOL-Key packet of the 4-Way Key Handshake. > 3): We suspect that after association, Value Point AP may sends some frames > that are in certain formats or with certain types of encryption that the client side > can not understand and then drops them. While Windows WiFi client software > may be more fault tolerant and therefore can still manage to have the authentication > process through. Not sure this is possible or not. The capture log did not indicate that anything like that would have been send out at least during the 130 ms period after the successful association. -- Jouni Malinen PGP id EFC895FA _______________________________________________ HostAP mailing list HostAP at shmoo.com http://lists.shmoo.com/mailman/listinfo/hostap From dan at adelix.com Thu Feb 17 04:34:24 2005 From: dan at adelix.com (Dan Searle) Date: Thu, 17 Feb 2005 09:34:24 +0000 Subject: Generic driver interface API for latest version of hostapd (0.3.7 or devel CVS snapshot) Message-ID: <120638140.20050217093424@adelix.com> Hi, I'm trying to get hostapd 0.3.7 to integrate with a closed source 802.11a/b/g WiFi driver written by a third party. The third party are sure that all they need to do to provide the necessary API for a stock (out-of-the-box) hostapd to work with their driver is for them to implement the Linux Wireless Extensions v.18 API in their driver. I fail to see this. From what I can see from the hostapd sources there are specific driver modules written to interface with specific WiFi drivers. The only possible common ground seems to be the Free BSD driver module, does this module (driver_bsd.c) have anything to do with version 18 of the Wireless Extensions API? I.e. If I have a Linux WiFi driver which implements all functions of the version 18 WE API, does this make it any easier for me to integrate it with hostapd? Or am I going to have to write another driver_mywifi.c abstraction layer? Any suggestions to clarify my confusion are much appreciated, Regards, Dan... -- Dan Searle Adelix Ltd dan.searle at adelix.com web: www.adelix.com tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. Any views expressed in this email communication are those of the individual sender, except where the sender specifically states them to be the views of a member of Adelix Ltd. Adelix Ltd. does not represent, warrant or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors or interference. From dr.warrior at gmail.com Thu Feb 17 08:57:20 2005 From: dr.warrior at gmail.com (Anton Kupriyanov) Date: Thu, 17 Feb 2005 16:57:20 +0300 Subject: problems with ipw2200 or where the problem lies... In-Reply-To: <1108579725.1509.199.camel@gandalf.uninova.pt> References: <23d4eb53050216055959dfa0e8@mail.gmail.com> <1108579725.1509.199.camel@gandalf.uninova.pt> Message-ID: <23d4eb530502170557621e0e3@mail.gmail.com> On Wed, 16 Feb 2005 18:48:46 +0000, Pedro Ramalhais wrote: > On Wed, 2005-02-16 at 13:59, Anton Kupriyanov wrote: > > please look my post about wpa_supplicant here... > > http://forums.gentoo.org/viewtopic-t-296050.html > > Supply wpa_supplicant's log with -dddd > -- > Pedro Ramalhais here it is.... Initializing interface 'eth1' conf '/etc/wpa_supplicant.conf' driver 'ipw2100' Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group=0 eapol_version=1 ap_scan=1 fast_reauth=1 Line: 8 - start of a new network block ssid - hexdump_ascii(len=6): 4b 49 54 54 45 4e KITTEN scan_ssid=1 (0x1) PSK - hexdump(len=32): [REMOVED] Priority group 0 id=0 ssid='KITTEN' Initializing interface (2) 'eth1' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 Own MAC address: 00:0e:35:44:4f:7a wpa_driver_ipw2100_set_wpa: enabled=1 wpa_driver_ipw2100_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_countermeasures: enabled=0 wpa_driver_ipw2100_set_drop_unencrypted: enabled=1 Setting scan request: 0 sec 100000 usec Using existing control interface directory. Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=6): 4b 49 54 54 45 4e KITTEN Failed to initiate AP scan. Setting scan request: 10 sec 0 usec EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 Scan timeout - try to get results Received 256 bytes of scan results (1 BSSes) Scan results: 1 Selecting BSS from priority group 0 0: 00:0d:88:9d:6f:68 ssid='KITTEN' wpa_ie_len=26 rsn_ie_len=0 selected Trying to associate with 00:0d:88:9d:6f:68 (SSID='KITTEN' freq=0 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 wpa_driver_ipw2100_set_auth_alg: auth_alg=0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT WPA-PSK WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 No keys have been configured - skip key clearing wpa_driver_ipw2100_set_drop_unencrypted: enabled=1 Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - EAP success=0 EAPOL: External notification - EAP fail=0 EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=19 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:0d:88:9d:6f:68 Association event - clear replay counter Associated to a new BSS: BSSID=00:0d:88:9d:6f:68 No keys have been configured - skip key clearing Associated with 00:0d:88:9d:6f:68 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0) EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=29 idleWhile=59 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=28 idleWhile=58 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=27 idleWhile=57 RX EAPOL from 00:0d:88:9d:6f:68 RX EAPOL - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 ae 99 e4 7e 9b 66 9d c9 0e 3b 28 78 88 75 a3 69 63 12 8b 2e 6f c5 a8 f4 8e a3 3c ba 2e 22 1c fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Setting authentication timeout: 10 sec 0 usec EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=95 EAPOL-Key type=254 WPA: RX EAPOL-Key - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 ae 99 e4 7e 9b 66 9d c9 0e 3b 28 78 88 75 a3 69 63 12 8b 2e 6f c5 a8 f4 8e a3 3c ba 2e 22 1c fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 WPA: RX message 1 of 4-Way Handshake from 00:0d:88:9d:6f:68 (ver=1) WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 WPA: Renewed SNonce - hexdump(len=32): 14 b6 24 91 9d 58 a6 32 99 b5 a7 62 5a 98 81 6b aa 30 81 d8 31 c5 41 3a 6d 3e 09 32 96 27 76 c1 WPA: PMK - hexdump(len=32): [REMOVED] WPA: PTK - hexdump(len=64): [REMOVED] WPA: EAPOL-Key MIC - hexdump(len=16): 82 bf 46 2e 88 39 be 13 49 83 4c 72 e0 f4 8b d0 WPA: Sending EAPOL-Key 2/4 WPA: TX EAPOL-Key 2/4 - hexdump(len=137): 00 0d 88 9d 6f 68 00 0e 35 44 4f 7a 88 8e 01 03 00 77 fe 01 09 00 20 00 00 00 00 00 00 00 01 14 b6 24 91 9d 58 a6 32 99 b5 a7 62 5a 98 81 6b aa 30 81 d8 31 c5 41 3a 6d 3e 09 32 96 27 76 c1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 82 bf 46 2e 88 39 be 13 49 83 4c 72 e0 f4 8b d0 00 18 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 RX EAPOL from 00:0d:88:9d:6f:68 RX EAPOL - hexdump(len=125): 01 03 00 79 fe 01 c9 00 20 00 00 00 00 00 00 00 02 ae 99 e4 7e 9b 66 9d c9 0e 3b 28 78 88 75 a3 69 63 12 8b 2e 6f c5 a8 f4 8e a3 3c ba 2e 22 1c fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 c9 a9 72 c9 c1 84 85 8a 76 5f 94 ef 8b 6f a4 00 1a dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00 EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=121 EAPOL-Key type=254 WPA: RX EAPOL-Key - hexdump(len=125): 01 03 00 79 fe 01 c9 00 20 00 00 00 00 00 00 00 02 ae 99 e4 7e 9b 66 9d c9 0e 3b 28 78 88 75 a3 69 63 12 8b 2e 6f c5 a8 f4 8e a3 3c ba 2e 22 1c fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 c9 a9 72 c9 c1 84 85 8a 76 5f 94 ef 8b 6f a4 00 1a dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00 WPA: RX message 3 of 4-Way Handshake from 00:0d:88:9d:6f:68 (ver=1) WPA: IE KeyData - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00 WPA: Sending EAPOL-Key 4/4 WPA: TX EAPOL-Key 4/4 - hexdump(len=113): 00 0d 88 9d 6f 68 00 0e 35 44 4f 7a 88 8e 01 03 00 5f fe 01 09 00 20 00 00 00 00 00 00 00 02 14 b6 24 91 9d 58 a6 32 99 b5 a7 62 5a 98 81 6b aa 30 81 d8 31 c5 41 3a 6d 3e 09 32 96 27 76 c1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d2 53 2c 3b 60 4e 2c 3a 66 69 ae b5 5f dc ee 9d 00 00 WPA: Installing PTK to the driver. WPA: RSC - hexdump(len=6): 00 00 00 00 00 00 wpa_driver_ipw2100_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=26 idleWhile=56 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=25 idleWhile=55 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=24 idleWhile=54 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=23 idleWhile=53 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=22 idleWhile=52 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=21 idleWhile=51 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=20 idleWhile=50 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=19 idleWhile=49 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=18 idleWhile=48 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=17 idleWhile=47 Authentication with 00:0d:88:9d:6f:68 timed out. Added BSSID 00:0d:88:9d:6f:68 into blacklist wpa_driver_ipw2100_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 Setting scan request: 0 sec 0 usec Starting AP scan (broadcast SSID) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 Disconnect event - remove keys wpa_driver_ipw2100_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_ipw2100_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=16 idleWhile=46 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=15 idleWhile=45 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=14 idleWhile=44 Scan timeout - try to get results Received 256 bytes of scan results (1 BSSes) Scan results: 1 Selecting BSS from priority group 0 0: 00:0d:88:9d:6f:68 ssid='KITTEN' wpa_ie_len=26 rsn_ie_len=0 skip - blacklisted No APs found - clear blacklist and try again Removed BSSID 00:0d:88:9d:6f:68 from blacklist (clear) Selecting BSS from priority group 0 0: 00:0d:88:9d:6f:68 ssid='KITTEN' wpa_ie_len=26 rsn_ie_len=0 selected Trying to associate with 00:0d:88:9d:6f:68 (SSID='KITTEN' freq=0 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 wpa_driver_ipw2100_set_auth_alg: auth_alg=0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT WPA-PSK WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 No keys have been configured - skip key clearing wpa_driver_ipw2100_set_drop_unencrypted: enabled=1 Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - EAP success=0 EAPOL: External notification - EAP fail=0 EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=19 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=13 idleWhile=43 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:0d:88:9d:6f:68 Association event - clear replay counter Associated to a new BSS: BSSID=00:0d:88:9d:6f:68 No keys have been configured - skip key clearing Associated with 00:0d:88:9d:6f:68 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0) EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=29 idleWhile=59 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=28 idleWhile=58 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=27 idleWhile=57 RX EAPOL from 00:0d:88:9d:6f:68 RX EAPOL - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 ef 67 17 1c 0b 08 67 ef 15 7c d9 c6 9d 5d e8 9b a0 12 2b 13 a5 b5 65 75 5b db 62 62 11 99 58 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Setting authentication timeout: 10 sec 0 usec EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=95 EAPOL-Key type=254 WPA: RX EAPOL-Key - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 ef 67 17 1c 0b 08 67 ef 15 7c d9 c6 9d 5d e8 9b a0 12 2b 13 a5 b5 65 75 5b db 62 62 11 99 58 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 WPA: RX message 1 of 4-Way Handshake from 00:0d:88:9d:6f:68 (ver=1) WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 WPA: Renewed SNonce - hexdump(len=32): 98 ec 95 06 e6 3d 5a 54 a8 9f 5f f6 38 7b 3d 39 79 0b 49 90 76 54 2a 51 5e cc a4 84 9f 03 5b 35 WPA: PMK - hexdump(len=32): [REMOVED] WPA: PTK - hexdump(len=64): [REMOVED] WPA: EAPOL-Key MIC - hexdump(len=16): 56 cd 24 22 87 3f bd 6b 17 d8 f0 69 d6 dd 58 42 WPA: Sending EAPOL-Key 2/4 WPA: TX EAPOL-Key 2/4 - hexdump(len=137): 00 0d 88 9d 6f 68 00 0e 35 44 4f 7a 88 8e 01 03 00 77 fe 01 09 00 20 00 00 00 00 00 00 00 01 98 ec 95 06 e6 3d 5a 54 a8 9f 5f f6 38 7b 3d 39 79 0b 49 90 76 54 2a 51 5e cc a4 84 9f 03 5b 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 cd 24 22 87 3f bd 6b 17 d8 f0 69 d6 dd 58 42 00 18 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 RX EAPOL from 00:0d:88:9d:6f:68 RX EAPOL - hexdump(len=125): 01 03 00 79 fe 01 c9 00 20 00 00 00 00 00 00 00 02 ef 67 17 1c 0b 08 67 ef 15 7c d9 c6 9d 5d e8 9b a0 12 2b 13 a5 b5 65 75 5b db 62 62 11 99 58 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97 d9 99 69 37 ab 4c f0 de 5b bf b0 16 66 65 ab 00 1a dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00 EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=121 EAPOL-Key type=254 WPA: RX EAPOL-Key - hexdump(len=125): 01 03 00 79 fe 01 c9 00 20 00 00 00 00 00 00 00 02 ef 67 17 1c 0b 08 67 ef 15 7c d9 c6 9d 5d e8 9b a0 12 2b 13 a5 b5 65 75 5b db 62 62 11 99 58 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97 d9 99 69 37 ab 4c f0 de 5b bf b0 16 66 65 ab 00 1a dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00 WPA: RX message 3 of 4-Way Handshake from 00:0d:88:9d:6f:68 (ver=1) WPA: IE KeyData - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00 WPA: Sending EAPOL-Key 4/4 WPA: TX EAPOL-Key 4/4 - hexdump(len=113): 00 0d 88 9d 6f 68 00 0e 35 44 4f 7a 88 8e 01 03 00 5f fe 01 09 00 20 00 00 00 00 00 00 00 02 98 ec 95 06 e6 3d 5a 54 a8 9f 5f f6 38 7b 3d 39 79 0b 49 90 76 54 2a 51 5e cc a4 84 9f 03 5b 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7b 74 0b 10 b4 00 b1 4e bc 0c 80 21 1d 34 71 ea 00 00 WPA: Installing PTK to the driver. WPA: RSC - hexdump(len=6): 00 00 00 00 00 00 wpa_driver_ipw2100_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=26 idleWhile=56 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=25 idleWhile=55 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=24 idleWhile=54 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=23 idleWhile=53 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=22 idleWhile=52 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=21 idleWhile=51 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=20 idleWhile=50 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=19 idleWhile=49 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=18 idleWhile=48 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=17 idleWhile=47 Authentication with 00:0d:88:9d:6f:68 timed out. Added BSSID 00:0d:88:9d:6f:68 into blacklist wpa_driver_ipw2100_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 -- warrior -- warrior From fromkth+hostap at fastmail.fm Thu Feb 17 09:53:05 2005 From: fromkth+hostap at fastmail.fm (Ajeet Nankani) Date: Thu, 17 Feb 2005 06:53:05 -0800 Subject: enabling IAPP interface gives error. Message-ID: <1108651985.23442.215306678@webmail.messagingengine.com> when i enable IAPP option in hostapd iapp_interface=eth0 it gives following error on starting hostapd. setsockopt[UDP,IP_ADD_MEMBERSHIP]: No such device IEEE 802.11F (IAPP) initialization failed. rmdir [ctrl_interface]: No such file or directory. I have enabaled eth0 interface and have assigned IP address to it. I am using 0.3.7 hostapd and 1.8.0 firmware. hostapd is working fine without enabling IAPP what could be wrong here? -ajeet. From jar at pcuf.fi Thu Feb 17 11:02:13 2005 From: jar at pcuf.fi (Jar) Date: Thu, 17 Feb 2005 18:02:13 +0200 (EET) Subject: Compaq WL200 card stopped working In-Reply-To: <31839203.1108614631703.JavaMail.Administrator@appsrv> References: <31839203.1108614631703.JavaMail.Administrator@appsrv> Message-ID: <3231.192.168.0.150.1108656133.squirrel@kone> > My wlan0 has mysteriously stopped working. It was working beautifully as an access > point, feeding an internet connection througout my apt. Then I opened up the PC case > to install a second NIC (wired) and case fan, but when I turned on the PC, the wifi > card stopped working. PCMCIA is working fine (except "cardctl reset" was causing a > kernel panic consistently, resolved by recompiling the kernel), and the card itself > is visible. The driver (hostap_cs v.3.5 I think) loads and everything, except > whenever I try to bring the card up I get the following in /var/log/messages > > I don't understand how the card could have possibly lost it's primary firmware. I > could understand if I'd touched a magnetic tip screwdriver to the card, but nothing > of the sort happened! I can't seem to reload the firmware using hostap_srec either. > I get an error message about it not being able to read the card's PDA or something. I don't think the firmwares are lost. Maybe some interrupt delivery problem? after you inserted the extra wired NIC. Does the Wlan card start to working again if you restore the original setup and uninstall the extra NIC card? Is the extra NIC card isa or pci ? -- Best Regards, Jar From marc at electronics-design.nl Thu Feb 17 18:23:31 2005 From: marc at electronics-design.nl (Marc Dirix) Date: Fri, 18 Feb 2005 00:23:31 +0100 Subject: ioctl[PRISM2_IOCTL_PRISM2_PARAM]: Invalid argument Message-ID: <20050217232331.GA2212@angus.electronics-design.nl> When I start hostapd it generates the following error: alpha:/usr/src/hostap-driver-0.3.7# hostapd /etc/hostapd/hostapd.conf Configuration file: /etc/hostapd/hostapd.conf ioctl[PRISM2_IOCTL_PRISM2_PARAM]: Invalid argument Could not enable hostapd mode for interface wlan0 hostap driver initialization failed. rmdir[ctrl_interface]: Bad address hostap_pci driver is working correctly. I have attached an strace, but can't see anything special why this problem occurs. Kernel version is 2.6.8, but 2.6.10 also generates the same problem. The card has functioned fine (with hostapd), in a different computer. Kind regards, Marc -------------- next part -------------- execve("/usr/local/bin/hostapd", ["hostapd", "/etc/hostapd/hostapd.conf"], [/* 17 vars */]) = 0 uname({sys="Linux", node="alpha", ...}) = 0 brk(0) = 0x52000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=22280, ...}) = 0 mmap(NULL, 22280, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7001c000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/v9/libssl.so.0.9.7", O_RDONLY) = 3 read(3, "\177ELF\1\2\1\0\0\0\0\0\0\0\0\0\0\3\0\22\0\0\0\1\0\0\234"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=195212, ...}) = 0 mmap(NULL, 261176, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x7002c000 mprotect(0x7005a000, 72760, PROT_NONE) = 0 mmap(0x7005c000, 65536, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0x20000) = 0x7005c000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/v9/libcrypto.so.0.9.7", O_RDONLY) = 3 read(3, "\177ELF\1\2\1\0\0\0\0\0\0\0\0\0\0\3\0\22\0\0\0\1\0\3\205"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=1081872, ...}) = 0 mmap(NULL, 1161136, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x7006c000 mprotect(0x70162000, 153520, PROT_NONE) = 0 mmap(0x7016c000, 98304, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0xf0000) = 0x7016c000 mmap(0x70184000, 14256, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x70184000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\2\1\0\0\0\0\0\0\0\0\0\0\3\0\2\0\0\0\1\0\1\316"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=1291948, ...}) = 0 mmap(NULL, 1361864, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x70188000 mprotect(0x702bc000, 100296, PROT_NONE) = 0 mmap(0x702c8000, 49152, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0x130000) = 0x702c8000 mmap(0x702d4000, 1992, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x702d4000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/libdl.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\2\1\0\0\0\0\0\0\0\0\0\0\3\0\2\0\0\0\1\0\0\36"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=10444, ...}) = 0 mmap(NULL, 74736, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x702d8000 mprotect(0x702dc000, 58352, PROT_NONE) = 0 mmap(0x702e8000, 16384, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x702e8000 close(3) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x702ec000 munmap(0x7001c000, 22280) = 0 brk(0) = 0x52000 brk(0x74000) = 0x74000 brk(0) = 0x74000 rt_sigaction(SIGHUP, {0x13e7c, [HUP], SA_RESTART}, {SIG_DFL}, 0x701bb010, 4294967295) = 0 rt_sigaction(SIGINT, {0x13e7c, [INT], SA_RESTART}, {SIG_DFL}, 0x701bb010, 4294967295) = 0 rt_sigaction(SIGTERM, {0x13e7c, [TERM], SA_RESTART}, {SIG_DFL}, 0x701bb010, 4294967295) = 0 rt_sigaction(SIGUSR1, {0x13e7c, [USR1], SA_RESTART}, {SIG_DFL}, 0x701bb010, 4294967295) = 0 fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7001c000 write(1, "Configuration file: /etc/hostapd"..., 46) = 46 open("/etc/hostapd/hostapd.conf", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=8118, ...}) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7001e000 read(3, "##### hostapd configuration file"..., 8192) = 8118 read(3, "", 8192) = 0 close(3) = 0 munmap(0x7001e000, 8192) = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3 ioctl(3, 0x8be0, 0xeffffad8) = -1 EINVAL (Invalid argument) dup(2) = 4 fcntl64(4, F_GETFL) = 0x40001 (flags O_WRONLY|O_LARGEFILE) close(4) = 0 write(2, "ioctl[PRISM2_IOCTL_PRISM2_PARAM]"..., 51ioctl[PRISM2_IOCTL_PRISM2_PARAM]: Invalid argument ) = 51 write(1, "Could not enable hostapd mode fo"..., 50) = 50 write(1, "hostap driver initialization fai"..., 37) = 37 close(0) = 0 rmdir(umovestr: Input/output error 0) = -1 EFAULT (Bad address) write(2, "rmdir[ctrl_interface]: Bad addre"..., 35rmdir[ctrl_interface]: Bad address ) = 35 munmap(0x7001c000, 8192) = 0 exit_group(1) = ? From jkmaline at cc.hut.fi Thu Feb 17 22:50:06 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Thu, 17 Feb 2005 19:50:06 -0800 Subject: Generic driver interface API for latest version of hostapd (0.3.7 or devel CVS snapshot) In-Reply-To: <120638140.20050217093424@adelix.com> References: <120638140.20050217093424@adelix.com> Message-ID: <20050218035006.GC8366@jm.kir.nu> On Thu, Feb 17, 2005 at 09:34:24AM +0000, Dan Searle wrote: > I'm trying to get hostapd 0.3.7 to integrate with a closed source > 802.11a/b/g WiFi driver written by a third party. The third party are > sure that all they need to do to provide the necessary API for a stock > (out-of-the-box) hostapd to work with their driver is for them to > implement the Linux Wireless Extensions v.18 API in their driver. Well, first of all, Linux Wireless Extensions v18 has not been released and is subject to change. In addition, the current proposal for v18 does not probably include all the functionality needed for access point mode, but many parts of it could be used to get partial functionality with whatever remains to be filled either as private extensions or an updated proposal for WE v18. > I fail to see this. From what I can see from the hostapd sources there > are specific driver modules written to interface with specific WiFi > drivers. Well, I would say specific to a driver interface, not to a driver, i.e., more than one driver can share the same interface for interaction with user space. > The only possible common ground seems to be the Free BSD > driver module, does this module (driver_bsd.c) have anything to do > with version 18 of the Wireless Extensions API? No. > I.e. If I have a Linux > WiFi driver which implements all functions of the version 18 WE API, > does this make it any easier for me to integrate it with hostapd? Or > am I going to have to write another driver_mywifi.c abstraction layer? There is no v18 WE API implementation in hostapd, so no, that would not make it easier for you. However, implementing a new driver_wext.c interface (in the same way as in wpa_supplicant) would help people doing the same thing in the future. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Thu Feb 17 23:16:08 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Thu, 17 Feb 2005 20:16:08 -0800 Subject: enabling IAPP interface gives error. In-Reply-To: <1108651985.23442.215306678@webmail.messagingengine.com> References: <1108651985.23442.215306678@webmail.messagingengine.com> Message-ID: <20050218041608.GD8366@jm.kir.nu> On Thu, Feb 17, 2005 at 06:53:05AM -0800, Ajeet Nankani wrote: > when i enable IAPP option in hostapd > iapp_interface=eth0 > it gives following error on starting hostapd. > > setsockopt[UDP,IP_ADD_MEMBERSHIP]: No such device > IEEE 802.11F (IAPP) initialization failed. > rmdir [ctrl_interface]: No such file or directory. Works for me.. Do you have IP multicast support enabled in the kernel (CONFIG_IP_MULTICAST=y in kernel .config)? -- Jouni Malinen PGP id EFC895FA From tanuja_iv at hotmail.com Thu Feb 17 17:43:50 2005 From: tanuja_iv at hotmail.com (tanuja ingale) Date: Fri, 18 Feb 2005 04:13:50 +0530 Subject: Any product with access (interface) to MAC params (DIFS, CW..)??...URGENT, PLZ!! In-Reply-To: <20050217063529.BBBD5391F1@mail.iocaine.com> Message-ID: Hi, I would like to know if there is any wireless product in market that provides access and user interface to certain MAC level parameters such as DIFS, backoff counter, CW etc. I learnt that D-Link's AirPlus DWL-9000AP+ Wireless Access Point provides access to the following settings: Beacon Interval, RTS Threshold, Fragmentation , DTIM interval, TX Rates , and Preamble Type. .....But no DIFS in that ....:-( Any help or info will be highly appreciated! Thanks in advance, --Tanuja _________________________________________________________________ Trailblazer Narain Karthikeyan. Know more about him ?n his life. http://server1.msn.co.in/sp04/tataracing/ Stay in the loop with Tata Racing! From joe at getsomewhere.net Fri Feb 18 02:18:40 2005 From: joe at getsomewhere.net (Joe Love) Date: Fri, 18 Feb 2005 01:18:40 -0600 Subject: eap authentication seems to fail on university network In-Reply-To: <20050217034407.GA8386@jm.kir.nu> References: <4213DC8F.8040106@getsomewhere.net> <20050217034407.GA8386@jm.kir.nu> Message-ID: <421596D0.7030602@getsomewhere.net> Thanks, this seems to have solve my issues logging into the system.. I guess I couldn't quite get my head wrapped around the settings to get them right. I'd be absolutely certain it worked, but I'm running into a freebsd-specific problem with my hardware. I'll pass the config settings I have on to a few other people who are trying to do the same thing with different hardware (and on Linux). Thanks again, -Joe Jouni Malinen wrote: >On Wed, Feb 16, 2005 at 05:51:43PM -0600, Joe Love wrote: > > > >>ctrl_interface=/var/run/wpa_supplicant >>ctrl_interface_group=wheel >>eapol_version=1 >>ap_scan=0 >>network={ >> ssid="UIC-Wireless" >> scan_ssid=1 >> key_mgmt=IEEE8021X WPA-EAP >> >> > >This combination of ap_scan=0 and WPA-EAP is unlikely to work. However, >based on the debug log, I would guess that you are actually not using >WPA at all. Removing that WPA-EAP from here would make the config file >easier to understand.. > > > >> eap=TTLS >> identity="jlove1" >> password="[snipped]" >> anonymous_identity="anonymous" >> ca_cert="/usr/home/lyfe/thawte.pem" >> #phase1="include_tls_length=1" >> phase2="autheap=PAP auth=PAP" >> >> > >This phase2 line here is causing the connection to fail. autheap=PAP is >invalid option and removing it may make this actually work.. Now, >wpa_supplicant assumes that you want to use another EAP method in >Phase2, but in practice, I would assume you want to do PAP. In other >word,s change this to phase2="auth=PAP". > > > >>Side note: I'm using ap_scan=0 because there's a bunch of APs that don't >>always properly report their ssids, so i just manually put that in >>using: ifconfig wi0 ssid UIC-Wireless >> >> > >Please note that WPA needs to get WPA IE set correctly for the >association request and using ap_scan=0 is unlikely to work for that. >ap_scan=2 might, but it depends on whether the driver supports such >configuration. Anyway, it looks like you are not using WPA, so this >should not matter for now. > > > >>EAP-TTLS: Phase2 type: EAP >>EAP-TTLS: Unsupported Phase2 EAP method 'PAP' >>EAP-TTLS: Phase2 EAP types - hexdump(len=5): 04 1a 06 05 11 >> >> > >This is the part where wpa_supplicant gets confused about the phase2 >configuration. It ends up believe that you want EAP and since there is >no EAP-PAP, it just default to allow all EAP methods that have been >marked available for phase 2 use. > > > >>TLS: Include TLS Message Length in unfragmented packets >> >> > >This does not match wuith your configuration file example, i.e., I would >assume you had the phase1 line actually uncommented when producing this >debug log. > > > >>EAP-TTLS: TLS done, proceed to Phase 2 >> >> > >So TLS part was completed without problems. > > > >>EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request Identity >>EAP-TTLS: Phase 2 EAP Request: type=1 >>EAP: using real identity - hexdump_ascii(len=6): >> 6a 6c 6f 76 65 31 jlove1 >>EAP-TTLS: AVP encapsulate EAP Response - hexdump(len=11): 02 35 00 0b 01 >>6a 6c 6f 76 65 31 >> >> > >wpa_supplicant tries to start EAP in phase 2.. > > > >>EAP: Received EAP-Failure >> >> > >But authentication server does not like it.. I would assume it was >configured to accept only PAP. > > > From ardhendu_nandan at yahoo.co.in Fri Feb 18 06:30:50 2005 From: ardhendu_nandan at yahoo.co.in (ardhendu nandan) Date: Fri, 18 Feb 2005 11:30:50 +0000 (GMT) Subject: Problems with hostap driver In-Reply-To: <20050217232555.0997F345FE@mail.iocaine.com> Message-ID: <20050218113050.3228.qmail@web8502.mail.in.yahoo.com> Hi, I am using Linux kernel-2.4.20-8. I wan to compile hostap-0.2.0 for my wireless card. Wireless card info: ?Cisco System ?,?350 series wireless adapter? Manfid:0x015f, 0x000a Here I am mentioning all the step which I did to compile hostap-0.2.0. #Cd /usr/src/hostap-0.2.0 #make -> No Error working fine. #make install -> No error working fine #service pcmcia restart -> pcmcia working #modprobe hostap_pci Here I am getting error-> [root at localhost root]# modprobe hostap_pci /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol register_netdevice /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol __netdev_watchdog_up /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol eth_type_trans /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol __wake_up /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol __kfree_skb /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol alloc_skb /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol pskb_expand_head /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol __write_lock_failed /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol ether_setup /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol skb_under_panic /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol unregister_netdevice /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol create_proc_entry /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol alloc_etherdev /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol remove_wait_queue /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol unregister_netdev /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol wireless_send_event /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol request_module /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol proc_mkdir /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol __read_lock_failed /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol dev_alloc_name /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol dev_queue_xmit /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol ___pskb_trim /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol remove_proc_entry /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol netif_rx /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol skb_over_panic /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol add_wait_queue /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol proc_net /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol skb_clone /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol softnet_data /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol irq_stat /lib/modules/2.4.20-8/net/hostap.o: insmod /lib/modules/2.4.20-8/net/hostap.o failed /lib/modules/2.4.20-8/net/hostap.o: insmod hostap_pci failed. Does anyone have any solution? Really I am straggling with it. ________________________________________________________________________ Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony From jwright at hasborg.com Fri Feb 18 06:55:20 2005 From: jwright at hasborg.com (Joshua Wright) Date: Fri, 18 Feb 2005 06:55:20 -0500 Subject: Problems with hostap driver In-Reply-To: <20050218113050.3228.qmail@web8502.mail.in.yahoo.com> References: <20050218113050.3228.qmail@web8502.mail.in.yahoo.com> Message-ID: <4215D7A8.8010005@hasborg.com> Ardhendu, ardhendu nandan wrote: > Wireless card info: > ?Cisco System ?,?350 series wireless adapter? > Manfid:0x015f, 0x000a The HostAP driver is designed for the Prism2 family of cards - you'll need to use a Cisco-compatible driver for this 350 series adapter. Check with your Linux distribution vendor for an appropriate driver, or you can try using the Cisco driver for Linux supplied at cisco.com. > [root at localhost root]# modprobe hostap_pci > /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol > register_netdevice It sounds like you are missing something in your kernel configuration, although I couldn't easily identify what is missing (sorry). Do you have CONFIG_HOTPLUG and CONFIG_HOTPLUG_PCI enabled in your kernel configuration? -Josh -- -Joshua Wright jwright at hasborg.com http://home.jwu.edu/jwright/ pgpkey: http://home.jwu.edu/jwright/pgpkey.htm fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73 Today I stumbled across the world's largest hotspot. The SSID is "linksys". From fromkth+hostap at fastmail.fm Fri Feb 18 07:05:56 2005 From: fromkth+hostap at fastmail.fm (Ajeet Nankani) Date: Fri, 18 Feb 2005 04:05:56 -0800 Subject: enabling IAPP interface gives error. In-Reply-To: <20050218041608.GD8366@jm.kir.nu> References: <1108651985.23442.215306678@webmail.messagingengine.com> <20050218041608.GD8366@jm.kir.nu> Message-ID: <1108728356.22052.215382361@webmail.messagingengine.com> On Thu, 17 Feb 2005 20:16:08 -0800, "Jouni Malinen" said: > On Thu, Feb 17, 2005 at 06:53:05AM -0800, Ajeet Nankani wrote: > > > when i enable IAPP option in hostapd > > iapp_interface=eth0 > > it gives following error on starting hostapd. > > > > setsockopt[UDP,IP_ADD_MEMBERSHIP]: No such device > > IEEE 802.11F (IAPP) initialization failed. > > rmdir [ctrl_interface]: No such file or directory. > > Works for me.. Do you have IP multicast support enabled in the kernel > (CONFIG_IP_MULTICAST=y in kernel .config)? > yes i just saw that this multicast option is enabled in .config, I am using FC3. I figured it out that the problem was with the default route, as i was setting the ip address statically, so default route was not in the routing table, but when i entered the default route, it does not give error on starting. -ajeet. From oluap at autolatina.com.br Fri Feb 18 08:08:20 2005 From: oluap at autolatina.com.br (Paulo Sergio Lemes Queiroz) Date: Fri, 18 Feb 2005 11:08:20 -0200 Subject: Problems with hostap driver In-Reply-To: <4215D7A8.8010005@hasborg.com> References: <20050218113050.3228.qmail@web8502.mail.in.yahoo.com> <4215D7A8.8010005@hasborg.com> Message-ID: <4215E8C4.3070305@autolatina.com.br> I don't know this card, but this error is caused by an error on kernel compilation, probably caused by a patch that you used. try download a new one from kernel.org or review your compile options. Joshua Wright wrote: > Ardhendu, > > ardhendu nandan wrote: > >> Wireless card info: >> ?Cisco System ?,?350 series wireless adapter? >> Manfid:0x015f, 0x000a > > > The HostAP driver is designed for the Prism2 family of cards - you'll > need to use a Cisco-compatible driver for this 350 series adapter. > Check with your Linux distribution vendor for an appropriate driver, > or you can try using the Cisco driver for Linux supplied at cisco.com. > >> [root at localhost root]# modprobe hostap_pci >> /lib/modules/2.4.20-8/net/hostap.o: unresolved symbol >> register_netdevice > > > It sounds like you are missing something in your kernel configuration, > although I couldn't easily identify what is missing (sorry). Do you > have CONFIG_HOTPLUG and CONFIG_HOTPLUG_PCI enabled in your kernel > configuration? > > -Josh From dave at kjellquist.com Fri Feb 18 08:57:48 2005 From: dave at kjellquist.com (dave at kjellquist.com) Date: Fri, 18 Feb 2005 05:57:48 -0800 Subject: wpa_supplicant - could not connect - hermes driver Message-ID: <20050218135022.39B5538FF3@mail.iocaine.com> I suppose it is something obvious but I have tried everything Fedora Core 3 using wpa_supplicant 0.2.3 card is Enterasys Roamabout DS PRODID_1="Cabletron" PRODID_2="RoamAbout 802.11 DS" PRODID_3="Version 01.01" PRODID_4="" MANFID=0156,0002 FUNCID=6 cardmgr works fine loading and unloading modules lsmod output orinoco_cs 9801 1 orinoco 45645 1 orinoco_cs hermes 7617 2 orinoco_cs,orinoco pcmcia 20805 5 orinoco_cs wpa_supplicant with hermes.c compiles fine and everything works backing down to WEP I am trying to run simple WPA-PSK. .conf file uses simple case with ssid and passphrase [dave]# wpa_supplicant -wdd -c/usr/local/bin/wpa_supplicant.conf -ieth1 -Dhermes Configuration file '/usr/local/bin/wpa_supplicant.conf' -> '/usr/local/bin/wpa_supplicant.conf' Reading configuration file '/usr/local/bin/wpa_supplicant.conf' ctrl_interface='/var/run/wpa_supplicant' eapol_version=1 Line: 130 - start of a new network block wpa_driver_hermes_set_wpa: enabled=1 Could not connect to the device, or LTV NULL Could not connect to the device, or LTV NULL Failed to enable WPA in the driver. wpa_driver_hermes_set_wpa: enabled=0 Could not connect to the device, or LTV NULL Failed to disable WPA in the driver. wpa_driver_hermes_set_drop_unencrypted: enabled=0 Could not connect to the device, or LTV NULL wpa_driver_hermes_set_countermeasures: enabled=0 Could not connect to the device, or LTV NULL Pointers/ suggestions will be much appreciated. From jkmaline at cc.hut.fi Fri Feb 18 09:54:33 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Fri, 18 Feb 2005 06:54:33 -0800 Subject: wpa_supplicant - could not connect - hermes driver In-Reply-To: <20050218135022.39B5538FF3@mail.iocaine.com> References: <20050218135022.39B5538FF3@mail.iocaine.com> Message-ID: <20050218145432.GA8366@jm.kir.nu> On Fri, Feb 18, 2005 at 05:57:48AM -0800, dave at kjellquist.com wrote: > lsmod output > orinoco_cs 9801 1 > orinoco 45645 1 orinoco_cs > hermes 7617 2 orinoco_cs,orinoco > pcmcia 20805 5 orinoco_cs This looks like the orinoco_cs driver from the kernel tree.. > wpa_supplicant with hermes.c compiles fine and everything works backing down to WEP Where did you get the "hermes.c"? Do you mean driver_hermes.c from the Agere driver package? If yes, you would also need to use the Agere driver, not orinoco_cs.. -- Jouni Malinen PGP id EFC895FA From timmy at invisibles.org Fri Feb 18 15:14:57 2005 From: timmy at invisibles.org (Tim Dodge) Date: Fri, 18 Feb 2005 20:14:57 +0000 Subject: wpa_supplicant not completely connecting Message-ID: <42164CC1.8080402@invisibles.org> Hi, I'm using a couple of prism2 based pcmcia cards that have been successfully using the hostap driver to connect to my Dlink DWL-900AP+ using WEP for a couple of years. I've been trying to get them connecting using WPA and wpa_supplicant. They kind of half work - I get a connection (which I'm using now), but its very slow, as the card never seems to connect completely. wpa_cli -iwlan0 status seems to alternate from: mrsix ~ # wpa_cli -iwlan0 status bssid=00:0d:88:99:aa:2e ssid=invisibles pairwise_cipher=TKIP group_cipher=TKIP key_mgmt=WPA-PSK wpa_state=GROUP_HANDSHAKE Supplicant PAE state=CONNECTING suppPortStatus=Unauthorized EAP state=IDLE to: mrsix ~ # wpa_cli -iwlan0 status bssid=00:0d:88:99:aa:2e ssid=invisibles pairwise_cipher=TKIP group_cipher=TKIP key_mgmt=WPA-PSK wpa_state=ASSOCIATED Supplicant PAE state=CONNECTING suppPortStatus=Unauthorized EAP state=IDLE Any idea what the problem is? Cheers, Tim From jcromie at divsol.com Fri Feb 18 17:16:21 2005 From: jcromie at divsol.com (Jim Cromie) Date: Fri, 18 Feb 2005 15:16:21 -0700 Subject: [patch] add MODULE_VERSION(PRISM2_VERSION) for kernels that define the macro (2.6.10 at least) Message-ID: <42166935.4040201@divsol.com> w patch, I get: [jimc at harpo hostap]$ modinfo hostap filename: /lib/modules/2.6.10-kad1/kernel/drivers/net/wireless/hostap.ko author: Jouni Malinen description: Host AP common routines license: GPL version: 0.3.7 - 2005-02-12 parm: other_ap_policy:Other AP beacon monitoring policy (0-3) parm: ap_max_inactivity:AP timeout (in seconds) for station inactivity parm: ap_bridge_packets:Bridge packets directly between stations parm: autom_ap_wds:Add WDS connections to other APs automatically vermagic: 2.6.10-kad1 PENTIUMM gcc-3.4 depends: srcversion: 773619752866E72541F35EC it also compiles wo errors on 2.4.29, which doesnt have the macro. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: patch.modinfo Url: http://lists.shmoo.com/pipermail/hostap/attachments/20050218/8287976e/attachment.txt From mail at marioland.it Fri Feb 18 18:20:59 2005 From: mail at marioland.it (Mario) Date: Sat, 19 Feb 2005 00:20:59 +0100 Subject: wpa_supplicant and pcmcia atmel driver (kernel embedded version) Message-ID: <4216785B.1020103@marioland.it> Hi all! I have a Sitecom WLAN-011 (with atmel chipset) and I use it with kernel (2.6.10) driver for pcmcia card with atmel chipset (atmel_cs). It loads automatically the firmware with hotplug and the loaded firmware claims to support WPA: mario at smeagol:~$ cat /proc/driver/atmel Driver version: 0.96 Firmware version: 4.1 build 13 Firmware location: atmel_at76c502-wpa.bin loaded by hotplug MAC memory type: EEPROM Regulatory domain: Europe Host CRC checking: Off WPA-capable firmware: Yes Current state: Ready If I launch wpa_supplicant (I would use WPA but also only use wpa_supplicant as a replacement of waproamd with WEP wlans) this is what I obtain: root at smeagol:~# wpa_supplicant -i eth1 -Datmel wpa_driver_atmel_set_wpa eth1 ioctl[ATMEL_WPA_IOCTL_PARAM]: Operation not supported ioctl[ATMEL_WPA_IOCTL_PARAM]: Operation not supported Failed to enable WPA in the driver. wpa_driver_atmel_set_wpa eth1 ioctl[ATMEL_WPA_IOCTL_PARAM]: Operation not supported ioctl[ATMEL_WPA_IOCTL_PARAM]: Operation not supported Failed to disable WPA in the driver. wpa_driver_atmel_set_drop_unencrypted - not yet implemented wpa_driver_atmel_set_countermeasures - not yet implemented root at smeagol:~# wpa_supplicant -i eth1 -Dwext ioctl[SIOCSIWAUTH]: Operation not supported Failed to enable WPA in the driver. ioctl[SIOCSIWAUTH]: Operation not supported Failed to disable WPA in the driver. ioctl[SIOCSIWAUTH]: Operation not supported ioctl[SIOCSIWAUTH]: Operation not supported Is it supposed to work? Can it work? Thanks for any information you can provide. root at smeagol:~# uname -a Linux smeagol 2.6.10-smgl #1 Tue Feb 15 16:03:03 CET 2005 i686 GNU/Linux root at smeagol:~# iwconfig --version iwconfig Wireless-Tools version 27 Compatible with Wireless Extension v11 to v17. Kernel Currently compiled with Wireless Extension v17. eth1 Recommend Wireless Extension v17 or later, Currently compiled with Wireless Extension v17. -- Home Page: http://www.marioland.it GnuPG/PGP key (ID BAC3EBB1) available on key-servers From jar at pcuf.fi Sat Feb 19 05:31:28 2005 From: jar at pcuf.fi (Jar) Date: Sat, 19 Feb 2005 12:31:28 +0200 (EET) Subject: hostap_driver-0.3.7 and wireless-tools Message-ID: <3564.192.168.0.150.1108809088.squirrel@kone> I tried to update hostap_driver from 0.2.6 to 0.3.7. But after that all iw* commands complains that I use only WE17 and the driver needs WE18. My wireles-tools is version wireless-tools-27-0.pre25.3 and iwconfig -v says: iwconfig Wireless-Tools version 27 Compatible with Wireless Extension v11 to v17. Kernel Currently compiled with Wireless Extension v17. wifi0 Recommend Wireless Extension v14 or later, Currently compiled with Wireless Extension v17. wlan0 Recommend Wireless Extension v14 or later, Currently compiled with Wireless Extension v17. I run some iw* commands from cron and now it sends mail to me all the time. Does this new driver version really require WE18? Where I can found kernel and wireless-tools package that supports WE18? -- Best Regards, Jar From jar at pcuf.fi Sat Feb 19 11:52:29 2005 From: jar at pcuf.fi (Jar) Date: Sat, 19 Feb 2005 18:52:29 +0200 (EET) Subject: wpa_supplicant - could not connect - hermes driver In-Reply-To: <20050218135022.39B5538FF3@mail.iocaine.com> References: <20050218135022.39B5538FF3@mail.iocaine.com> Message-ID: <4380.192.168.0.150.1108831949.squirrel@kone> > I suppose it is something obvious but I have tried everything > > Fedora Core 3 using wpa_supplicant 0.2.3 > card is Enterasys Roamabout DS > > PRODID_1="Cabletron" > PRODID_2="RoamAbout 802.11 DS" > PRODID_3="Version 01.01" > PRODID_4="" > MANFID=0156,0002 > FUNCID=6 I think you will need the proprietary agere driver http://www.agere.com/mobility/docs/wl_lkm_718_release.tar.gz, not the orinoco_cs driver found from standard kernel. -- Best Regards, Jar From denier at umr.edu Sat Feb 19 12:13:17 2005 From: denier at umr.edu (Robert Denier) Date: Sat, 19 Feb 2005 11:13:17 -0600 Subject: New Encryption System Design that works with wireless drivers. Message-ID: <1108833197.4715.27.camel@chidori.cephiro> This is slightly OT since this test system design works by minor patches to the orinoco drivers, however creating a patch for hostap, or perhaps coming up with a more generic interface for this shouldn't be that hard. Let me know if you use this and areas where you would like improvements. Actual work on it will depend on time available of course. As part of my PhD work at the University of Missouri Rolla I developed a new encryption system and released it under the GPL. It uses elliptic curve cryptography to create a system for secure and private communications at the network level. I have tested it and it works well in my test environment. (The html post was required to get the information copy pasted at the end to look right.) Specific Details 163 bit elliptic curve encryption -- equivalent to 1024bit RSA 128 bit AES encryption for established links. (Every possible path uses a unique key.) Elliptic Curve Digital Signature algorithm signatures for verification of packet sources as necessary. To the extent feasible, all insiders are limited in even determining the source or destination of packets. (The full design requires new hardware to perfect this idea.) The sourceforge page for the project is still pending since the unix name ses was in use. For now I am putting a release at. I'm using http://www.finiteinfinity.com/ses/index.html as a seperate web page for the project. http://www.finiteinfinity.com/ses/releases/ses-0.1.tar.gz >md5sum ses-0.1.tar.gz 42825beec7caea06e4ca896d7adfbe52 ses-0.1.tar.gz ------------------ For the curious a sample station printout from a running system follows. The traffic was fairly light. It was just an internet radio station to one pc and a couple pings to make sure the links from 2 other stations were current. I haven't decided how much documentation to put online or under what license at this time. ---------------------- Since this is somewhat off topic for this list it might be best to contact me off list with questions unless of course the maintainers are really interested in this topic. Note that I cannot accept any patches/additions that are not free code since I hope to eventually have a chance to sell a later version under another license so I can pay bills/loans/etc... --------------------- SES: Doing full printout of all stations. SES: ------------------Begin Listing ------------------------- SES: print_station() - [real_mac=00:06:25:2B:60:A4][fake_mac=E6:86:89:24:7B:F1][Ipv4=192.168.1.3] Public_Key=0700000068B077399FE7C6C75C93CD01BE5A67720432DBE602000000FEDFE15C0EE3D6E8427520203E5E16FF58DA9E5B [Age A = 028:10][Path A = 0x3F3019EA][Key confirmed][Up to date] Send A [key=FA65C0B3EE616CE9269BBDA784A27C16][iv=6B9D03A7D85CACB879D400BA51F1CC67] Received A [key=3088AF4F0DDA62B8FD5D9783827868EC][iv=A41CAEEF7FF91E19A2586D7870759FFE] [Age B = 059:40][Path B = 0x7FF0988D][Key confirmed][Useable] Send B [key=6072C239575E1224C0C7B9093E6F300B][iv=D1AFAEDBC4BF5067C002FEC33CAA81AC] Received B [key=CD733643AE6B0012CE9152B5E04F67E8][iv=CB9194827DF1D5E5430A30438D454507] A possible next key is the UNICAST_A key. SES: print_station() - [real_mac=00:09:5B:68:4D:62][fake_mac=00:00:00:00:00:00][Ipv4=192.168.1.4] Public_Key=0400000003603846BFCF5BDD3CD5310C5EB69A9C576E335A070000006B983178559D71C0E0018A472BDB5F05A8A6BE64 A possible next key is the UNKNOWN key. SES: print_station() - [real_mac=00:09:5B:91:66:82][fake_mac=00:00:00:00:00:00][Ipv4=192.168.1.11] Public_Key=07000000684F58E808B5BED186EDE5A467DDF2EAD2B49EEC0400000097548379788B7EF13769D78B8DEAC76D076A0F7B A possible next key is the UNKNOWN key. SES: print_station() - [real_mac=00:09:5B:67:91:EA][fake_mac=32:E7:7C:38:3E:08][Ipv4=192.168.1.2] Public_Key=01000000EB841297954D0A171E494E978E287128D52CD592060000002F84386C8C17CA033B4F98A89AD4CB06424C69A7 [Age B = 000:28][Path B = 0x4F0BE95F][Key confirmed][Up to date] Send B [key=6925EE7C77CAB63218B3376372743788][iv=7AB51628931DD26564EB79F49A96A382] Received B [key=DD72DE074F449E685D927A8EB7A7B5CE][iv=B54F6FE437829C331D5EDEDDF388CD63] [Age D = 000:19][Path D = 0x247D0A1A][Key confirmed][Up to date] Send D [key=9CF5D9C4CFB596FA4176F5C2A86D0017][iv=E6B3A198A0FF2DE0CE31D360640054D5] Received D [key=A5A25EE5482F15A871E4CB52AF087D81][iv=F1120B8C1D9E03F4FC2412B2D92E159E] A possible next key is the UNICAST_B key. SES: print_station() - [real_mac=00:09:5B:91:69:CE][fake_mac=E2:A8:07:5A:B6:23][Ipv4=192.168.1.1] Public_Key=03000000569F54F63EE3D277B0EAE3CFF015C58F1C7B619E07000000197E2C732E79A1D578AA107BE96B85AE8A16B297 [Age A = 000:39][Path A = 0x4F4FDA30][Key confirmed][Up to date] Send A [key=2BA71540441027AB259DB1B3CEEF9CA8][iv=3882A8300207A2453F6D0B48CF3F3A0F] Received A [key=1BA3D2801DABBFEE0AB4D361B511F80A][iv=6585995141F8B885143234007E345CE6] [Age B = 888:01][Path B = 0x48259293][Key confirmed][Expired] Send B [key=EDC26AAE216FEDD5E96356004863FD40][iv=BC04A0B63C2225791C84D66A03D4F82B] Received B [key=2537B8623A39CC525E6B924A1A540360][iv=CD0CFFF0B890CDCDA04F1A5F0F18F4D0] [Age C = 000:31][Path C = 0x3043EA4A][Key confirmed][Up to date] Send C [key=EEFD438DF405FDC93788E2B3B50FE7CC][iv=86AF4E18ADC845DCB68CA972D9146AB5] Received C [key=28AD6A27DA2E1FC6F4BE37827809DBB1][iv=342FC1C3C492ADE4681E22D939E1C2CF] [Age D = 887:53][Path D = 0x432B949B][Key confirmed][Expired] Send D [key=C1E132EC89A49C275CD819FE6A2DF930][iv=0136843C5AEA1F5B9987D9E77DCCBE43] Received D [key=AFF3D218CE944222B573C34836C4857F][iv=7B50256CA2C65B85E546C78FCD62A2EB] A possible next key is the UNICAST_A key. SES: -------------------End Listing--------------------------- SES: Moving average of pad bytes per packet multiplied by 1000 = 4416 SES: Listing Ends. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/hostap/attachments/20050219/bc03bd08/attachment.htm From jkmaline at cc.hut.fi Sat Feb 19 12:44:37 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sat, 19 Feb 2005 09:44:37 -0800 Subject: New Encryption System Design that works with wireless drivers. In-Reply-To: <1108833197.4715.27.camel@chidori.cephiro> References: <1108833197.4715.27.camel@chidori.cephiro> Message-ID: <20050219174437.GA8366@jm.kir.nu> On Sat, Feb 19, 2005 at 11:13:17AM -0600, Robert Denier wrote: > Let me know if you use this and areas where you would like improvements. > Actual work on it will depend on time available of course. > > As part of my PhD work at the University of Missouri Rolla I developed a > new encryption system and released it under the GPL. It uses elliptic > curve cryptography to create a system for secure and private > communications at the network level. Would you be willing to write something that compares this to IEEE 802.11i with CCMP (mainly from the security and privacy view point)? If desired, you could pick random MAC addresses for IEEE 802.11i, too, to match the privacy component in the current implementation. ECC key negotiation should fit the model that IEEE 802.11i has for adding new key management mechanisms. If done that way, this would have much better chance of interoperating with existing networks and would get more interested at least from me. The current design looks prorietary and reminds me of WAPI and let me just say that that may not be the best way of getting people interested in using this.. > were current. I haven't decided how much documentation to put online or > under what license at this time. See my comment about proprietary designs above.. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Sat Feb 19 12:46:18 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sat, 19 Feb 2005 09:46:18 -0800 Subject: hostap_driver-0.3.7 and wireless-tools In-Reply-To: <3564.192.168.0.150.1108809088.squirrel@kone> References: <3564.192.168.0.150.1108809088.squirrel@kone> Message-ID: <20050219174618.GB8366@jm.kir.nu> On Sat, Feb 19, 2005 at 12:31:28PM +0200, Jar wrote: > I tried to update hostap_driver from 0.2.6 to 0.3.7. But after that all iw* commands > complains that I use only WE17 and the driver needs WE18. My wireles-tools is > version wireless-tools-27-0.pre25.3 and iwconfig -v says: What do you mean by "needing WE18"? > I run some iw* commands from cron and now it sends mail to me all the time. Does > this new driver version really require WE18? Where I can found kernel and > wireless-tools package that supports WE18? There is no such requirement. For most parts, wireless extensions are compatibile between versions. -- Jouni Malinen PGP id EFC895FA From denier at umr.edu Sat Feb 19 13:11:56 2005 From: denier at umr.edu (Robert Denier) Date: Sat, 19 Feb 2005 12:11:56 -0600 Subject: New Encryption System Design that works with wireless drivers. In-Reply-To: <20050219174437.GA8366@jm.kir.nu> References: <1108833197.4715.27.camel@chidori.cephiro> <20050219174437.GA8366@jm.kir.nu> Message-ID: <1108836716.4715.49.camel@chidori.cephiro> On Sat, 2005-02-19 at 09:44 -0800, Jouni Malinen wrote: > On Sat, Feb 19, 2005 at 11:13:17AM -0600, Robert Denier wrote: > > > Let me know if you use this and areas where you would like improvements. > > Actual work on it will depend on time available of course. > > > > As part of my PhD work at the University of Missouri Rolla I developed a > > new encryption system and released it under the GPL. It uses elliptic > > curve cryptography to create a system for secure and private > > communications at the network level. > > Would you be willing to write something that compares this to IEEE > 802.11i with CCMP (mainly from the security and privacy view point)? Lets see very briefly. From a security point of view in closed mode. This is right off the top of my head. 1) Its impossible to fake any station. 2) In general, Its impossible even to determine who is sending packets to whom. (Note as soon as you add a mac address, even the fake ones this uses, then this point is severly weakened, but it has to work on real hardware that exists.) 3) Routers only need to know where the packet came from and where its going, and not the entire route so again secrecy is maintained. 4) Entropy is added into packet creation to prevent even identical packets from ever being identical once encrypted. 5) It should be impossible to piece together a valid packet from pieces of invalid packets. 6) Protection against replay attacks is included. To be honest I haven't looked at 802.11i recently. This is can work with wired or wireless. My main recall on 802.11i was it was based on the earlier 802.11 with some improvements to make it somewhat more secure. This is different in that its implementation is completely from scratch and attempts to solve every problem I could think of. I will most likely release a approximately 10 page summary of the technology behind the system in a few days. I'm just debating what if any license to release the documentation under. Then there will of course be my PhD dissertation in the library in a month or so. Yes if there is sufficient interest, and perhaps some donations so I can afford to pay bills I'm willing to work on it anyway people want although the next thing is the documentation, which will hopefully clarify some confusion. > If > desired, you could pick random MAC addresses for IEEE 802.11i, too, to > match the privacy component in the current implementation. > > ECC key negotiation should fit the model that IEEE 802.11i has for > adding new key management mechanisms. If done that way, this would have > much better chance of interoperating with existing networks and would The design right now only requires the packets to be in basic ethernet form. Since thats what the network layer provides it is already compatible with 802.11i although it ignores its existence completely. It is after all only a layer in processing the packets. The only potential problem is the packet will be longer once processed. > get more interested at least from me. The current design looks > prorietary and reminds me of WAPI and let me just say that that may not > be the best way of getting people interested in using this.. See previous comment. It is a filter on standard ethernet packets. Personally I found 802.11 in general to be a complete mess which is why I didn't use it at all. Often if you want to do something right, its best not to start on the to start from scratch and question everything. Sometimes compatibility comes at way too high a price especially from a security prospective when the more complex something is the harder it is to be sure its secure. > > > were current. I haven't decided how much documentation to put online or > > under what license at this time. > > See my comment about proprietary designs above.. > From jkmaline at cc.hut.fi Sat Feb 19 13:33:29 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sat, 19 Feb 2005 10:33:29 -0800 Subject: New Encryption System Design that works with wireless drivers. In-Reply-To: <1108836716.4715.49.camel@chidori.cephiro> References: <1108833197.4715.27.camel@chidori.cephiro> <20050219174437.GA8366@jm.kir.nu> <1108836716.4715.49.camel@chidori.cephiro> Message-ID: <20050219183329.GC8366@jm.kir.nu> On Sat, Feb 19, 2005 at 12:11:56PM -0600, Robert Denier wrote: > On Sat, 2005-02-19 at 09:44 -0800, Jouni Malinen wrote: > > Would you be willing to write something that compares this to IEEE > > 802.11i with CCMP (mainly from the security and privacy view point)? > > Lets see very briefly. From a security point of view in closed mode. > This is right off the top of my head. > > 1) Its impossible to fake any station. IEEE 802.11i/CCMP validates send and received MAC address. > 2) In general, Its impossible even to determine who is sending packets > to whom. (Note as soon as you add a mac address, even the fake ones > this uses, then this point is severly weakened, but it has to work on > real hardware that exists.) Well, in case of IEEE 802.11 you do need to use the correct source MAC address (which could be randomized, though) to get ACK packets working correctly, so I don't see much difference here. > 3) Routers only need to know where the packet came from and where its > going, and not the entire route so again secrecy is maintained. I don't know how this would differ from IEEE 802.11i. > 4) Entropy is added into packet creation to prevent even identical > packets from ever being identical once encrypted. CCMP uses packet numbers both to do this and replay protection. > 5) It should be impossible to piece together a valid packet from > pieces of invalid packets. Likewise for CCMP. > 6) Protection against replay attacks is included. Same for CCMP. > To be honest I haven't looked at 802.11i recently. This is can work > with wired or wireless. My main recall on 802.11i was it was based on > the earlier 802.11 with some improvements to make it somewhat more > secure. This is different in that its implementation is completely > from scratch and attempts to solve every problem I could think of. IEEE 802.11i is quite a bit more than something to make 802.11 somewhat more secure.. CCMP is using AES in Counter mode with CBC-MAC. I would assume your solution would be close to this as far as encrypting frames is concerned. I did not go through the key negotiation, but like I said, I would believe that the mechanism you used would fit IEEE 802.11i which allows key management suite to be negotiated. If the ECC mechanism you use is considered more secure or requires less computation without dropping security, it could be useful addition on top of what is currently available in IEEE 802.11i. Based on the list above, it does not look like the encryption part would provide additional benefit on top of what CCMP includes now. > I will most likely release a approximately 10 page summary of the > technology behind the system in a few days. OK, that would be helpful in understanding what is there without having to go through all the source code ;-). > See previous comment. It is a filter on standard ethernet packets. > Personally I found 802.11 in general to be a complete mess which is > why I didn't use it at all. Often if you want to do something right, > its best not to start on the to start from scratch and question > everything. Sometimes compatibility comes at way too high a price > especially from a security prospective when the more complex something > is the harder it is to be sure its secure. In this case, incompatibility may be too high a price.. Sure, a proprietary solution could be used for a separate network, but if it does not interoperate with whatever else is there, it is likely to be of limited use. -- Jouni Malinen PGP id EFC895FA From denier at umr.edu Sat Feb 19 14:02:02 2005 From: denier at umr.edu (Robert Denier) Date: Sat, 19 Feb 2005 13:02:02 -0600 Subject: New Encryption System Design that works with wireless drivers. In-Reply-To: <20050219183329.GC8366@jm.kir.nu> References: <1108833197.4715.27.camel@chidori.cephiro> <20050219174437.GA8366@jm.kir.nu> <1108836716.4715.49.camel@chidori.cephiro> <20050219183329.GC8366@jm.kir.nu> Message-ID: <1108839722.4713.74.camel@chidori.cephiro> On Sat, 2005-02-19 at 10:33 -0800, Jouni Malinen wrote: > On Sat, Feb 19, 2005 at 12:11:56PM -0600, Robert Denier wrote: > > On Sat, 2005-02-19 at 09:44 -0800, Jouni Malinen wrote: [snip] > > > 2) In general, Its impossible even to determine who is sending packets > > to whom. (Note as soon as you add a mac address, even the fake ones > > this uses, then this point is severly weakened, but it has to work on > > real hardware that exists.) > > Well, in case of IEEE 802.11 you do need to use the correct source MAC > address (which could be randomized, though) to get ACK packets working > correctly, so I don't see much difference here. I didn't read this carefully before, so I didn't add to this part. My design is based around the concept of paths. The fact that MAC addresses are still involved in the system is purely a necessary evil to get a test system working on hardware that actually exists. Paths are just some random number that is negotiated in secret with the ECC encryption and as such never available to anyone but the parties involved. Sure you can see path 0x1234ab23 in the stream but you have no way of associating it with an IP or mac or whatever. Only the destination of the path and the routers along the way need to be able to recognize that path. Keys are linked to paths so that decryption is handled automatically. Fake mac address help obfuscate things a little, but in reality they just don't get the job done since things like dhcp packets link it all together. (My design uses a fixed key for broadcast communications which one must assume will not be kept securely by someone, so broadcast communications must be assumed to be of lower security.) (I get the feeling that by the time I release the documentation I will have covered a lot of points, but oh well.) From jar at pcuf.fi Sat Feb 19 17:26:59 2005 From: jar at pcuf.fi (Jar) Date: Sat, 19 Feb 2005 22:26:59 +0000 Subject: hostap_driver-0.3.7 and wireless-tools In-Reply-To: <20050219174618.GB8366@jm.kir.nu> References: <3564.192.168.0.150.1108809088.squirrel@kone> <20050219174618.GB8366@jm.kir.nu> Message-ID: <4217BD33.3080907@pcuf.fi> Jouni Malinen wrote: > What do you mean by "needing WE18"? After update and fresh boot I get: (This is from a pc with one WL200 in Managed mode) #iwconfig lo no wireless extensions. Warning: Driver for device wifi0 recommend version 18 of Wireless Extension, but has been compiled with version 17, therefore some driver features may not be available... wifi0 IEEE 802.11b ESSID:"XXXXXX" Nickname:"xxxx" Mode:Managed Frequency:2.447GHz Access Point: 00:50:XX:XX:XX:XX Bit Rate:11Mb/s Sensitivity=1/3 Retry limit:14 RTS thr:off Fragment thr:off Encryption key:off Power Management:off wlan0 IEEE 802.11b ESSID:"XXXXXX" Nickname:"xxxx" Mode:Managed Frequency:2.447GHz Access Point: 00:50:XX:XX:XX:XX Bit Rate:11Mb/s Sensitivity=1/3 Retry limit:14 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=9/70 Signal level=-91 dBm Noise level=-100 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 eth0 no wireless extensions. (This is from pc with one WL200 in AP mode + one pci card in AP mode) #iwconfig -v iwconfig Wireless-Tools version 27 Compatible with Wireless Extension v11 to v17. Kernel Currently compiled with Wireless Extension v17. wifi0 Recommend Wireless Extension v18 or later, Currently compiled with Wireless Extension v17. wlan0 Recommend Wireless Extension v18 or later, Currently compiled with Wireless Extension v17. dev14422 Recommend Wireless Extension v18 or later, Currently compiled with Wireless Extension v17. wlan1 Recommend Wireless Extension v18 or later, Currently compiled with Wireless Extension v17. Best Regards, Jar From jkmaline at cc.hut.fi Sat Feb 19 15:43:49 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sat, 19 Feb 2005 12:43:49 -0800 Subject: hostap_driver-0.3.7 and wireless-tools In-Reply-To: <4217BD33.3080907@pcuf.fi> References: <3564.192.168.0.150.1108809088.squirrel@kone> <20050219174618.GB8366@jm.kir.nu> <4217BD33.3080907@pcuf.fi> Message-ID: <20050219204349.GD8366@jm.kir.nu> On Sat, Feb 19, 2005 at 10:26:59PM +0000, Jar wrote: > #iwconfig > lo no wireless extensions. > > Warning: Driver for device wifi0 recommend version 18 of Wireless Extension, > but has been compiled with version 17, therefore some driver features > may not be available... Please note the word "recommend", not "require". -- Jouni Malinen PGP id EFC895FA From dave at kjellquist.com Sat Feb 19 16:23:36 2005 From: dave at kjellquist.com (dave at kjellquist.com) Date: Sat, 19 Feb 2005 13:23:36 -0800 Subject: Agere Hermes I Driver for 2.6 Kernel?? Message-ID: <20050219211609.CFD1938FDF@mail.iocaine.com> Does anyone know where I can get Agere Hermes I drivers for the 2.6 kernel? From denier at umr.edu Sat Feb 19 16:21:06 2005 From: denier at umr.edu (Robert Denier) Date: Sat, 19 Feb 2005 15:21:06 -0600 Subject: SHA1 In-Reply-To: <20050219183329.GC8366@jm.kir.nu> References: <1108833197.4715.27.camel@chidori.cephiro> <20050219174437.GA8366@jm.kir.nu> <1108836716.4715.49.camel@chidori.cephiro> <20050219183329.GC8366@jm.kir.nu> Message-ID: <1108848066.4713.80.camel@chidori.cephiro> I'm not sure if SHA1 is used anywhere in host ap without looking, but I'm sure its used quiet widely. At any rate if anyone sees a free (non GPL) implementation of SHA256 could you please let me know and I will replace that code in my system. SHA1 is sufficiently broken that its better to just make the change now than deal with waiting until someone actually finds a way to exploit it. I don't think the later is too likely anytime soon, but why risk it. -Robert p.s. If anyones curious slashdot has links on SHA1's breaks. From jar at pcuf.fi Sat Feb 19 18:33:43 2005 From: jar at pcuf.fi (Jar) Date: Sat, 19 Feb 2005 23:33:43 +0000 Subject: hostap_driver-0.3.7 and wireless-tools In-Reply-To: <20050219210138.GE8366@jm.kir.nu> References: <3564.192.168.0.150.1108809088.squirrel@kone> <20050219174618.GB8366@jm.kir.nu> <4217BD33.3080907@pcuf.fi> <20050219204349.GD8366@jm.kir.nu> <4217C393.1090400@pcuf.fi> <20050219210138.GE8366@jm.kir.nu> Message-ID: <4217CCD7.3050906@pcuf.fi> Jouni Malinen wrote: > On Sat, Feb 19, 2005 at 10:54:11PM +0000, Jar wrote: > > >>OK, but I get those extra lines every time when scripts are running. >>Maybe I have to use old driver and wait until WE18 is supported in >>kernel and wireless-tools. Or is there another way to get wireless-tools >>happy? > > > Well, those scripts could be be modified to redirect stderr to > /dev/null.. Alternatively, you can patch either wireless-tools to ignore > this or the driver to report WE17. Hmmm..how I need to change the driver code that it reports WE17? Best Regards, Jar From reyk at vantronix.net Sat Feb 19 16:54:53 2005 From: reyk at vantronix.net (reyk at vantronix.net) Date: Sat, 19 Feb 2005 22:54:53 +0100 Subject: SHA1 In-Reply-To: <1108848066.4713.80.camel@chidori.cephiro> References: <1108833197.4715.27.camel@chidori.cephiro> <20050219174437.GA8366@jm.kir.nu> <1108836716.4715.49.camel@chidori.cephiro> <20050219183329.GC8366@jm.kir.nu> <1108848066.4713.80.camel@chidori.cephiro> Message-ID: <20050219215452.GA13242@mail1.vantronix.net> On Sat, Feb 19, 2005 at 03:21:06PM -0600, Robert Denier wrote: > I'm not sure if SHA1 is used anywhere in host ap without looking, but > I'm sure its used quiet widely. At any rate if anyone sees a free (non > GPL) implementation of SHA256 could you please let me know and I will > replace that code in my system. > you can a free implementation in the OpenBSD cvs repository: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/crypto/sha2.c http://www.openbsd.org/cgi-bin/cvsweb/src/sys/crypto/sha2.h reyk -- /* .vantronix|secure systems - (research & development) * reyk floeter - friendly known free software engineer * reyk at vantronix.net - http://team.vantronix.net/reyk/ */ From jar at pcuf.fi Sat Feb 19 19:31:31 2005 From: jar at pcuf.fi (Jar) Date: Sun, 20 Feb 2005 00:31:31 +0000 Subject: hostap_driver-0.3.7 and wireless-tools In-Reply-To: <4217CCD7.3050906@pcuf.fi> References: <3564.192.168.0.150.1108809088.squirrel@kone> <20050219174618.GB8366@jm.kir.nu> <4217BD33.3080907@pcuf.fi> <20050219204349.GD8366@jm.kir.nu> <4217C393.1090400@pcuf.fi> <20050219210138.GE8366@jm.kir.nu> <4217CCD7.3050906@pcuf.fi> Message-ID: <4217DA63.5080206@pcuf.fi> Jar wrote: > Jouni Malinen wrote: > >> On Sat, Feb 19, 2005 at 10:54:11PM +0000, Jar wrote: >> >> >>> OK, but I get those extra lines every time when scripts are running. >>> Maybe I have to use old driver and wait until WE18 is supported in >>> kernel and wireless-tools. Or is there another way to get >>> wireless-tools happy? >> >> >> >> Well, those scripts could be be modified to redirect stderr to >> /dev/null.. Alternatively, you can patch either wireless-tools to ignore >> this or the driver to report WE17. > > > Hmmm..how I need to change the driver code that it reports WE17? In hostap_ioctl.c -range->we_version_source = 18; +range->we_version_source = 17; Would this change be enough to change the driver to report WE17 ? --- Best Regards, Jar From timmy at invisibles.org Sat Feb 19 18:02:10 2005 From: timmy at invisibles.org (Tim Dodge) Date: Sat, 19 Feb 2005 23:02:10 +0000 Subject: wpa_supplicant not completely connecting In-Reply-To: <42164CC1.8080402@invisibles.org> References: <42164CC1.8080402@invisibles.org> Message-ID: <4217C572.4040600@invisibles.org> Tim Dodge wrote: > Hi, > > I'm using a couple of prism2 based pcmcia cards that have been > successfully using the hostap driver to connect to my Dlink DWL-900AP+ > using WEP for a couple of years. > > I've been trying to get them connecting using WPA and wpa_supplicant. > > They kind of half work - I get a connection (which I'm using now), but > its very slow, as the card never seems to connect completely. > > wpa_cli -iwlan0 status seems to alternate from: > > mrsix ~ # wpa_cli -iwlan0 status > bssid=00:0d:88:99:aa:2e > ssid=invisibles > pairwise_cipher=TKIP > group_cipher=TKIP > key_mgmt=WPA-PSK > wpa_state=GROUP_HANDSHAKE > Supplicant PAE state=CONNECTING > suppPortStatus=Unauthorized > EAP state=IDLE > > to: > > mrsix ~ # wpa_cli -iwlan0 status > bssid=00:0d:88:99:aa:2e > ssid=invisibles > pairwise_cipher=TKIP > group_cipher=TKIP > key_mgmt=WPA-PSK > wpa_state=ASSOCIATED > Supplicant PAE state=CONNECTING > suppPortStatus=Unauthorized > EAP state=IDLE > > Any idea what the problem is? > > Cheers, > Tim Here's some debug output. I'm using hostap v0.3.7 and wpa_supplicant v0.3.8. # wpa_supplicant -d -c/etc/wpa_supplicant.conf -Dhostap -iwlan0 Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 'hostap' Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group=0 eapol_version=1 ap_scan=1 fast_reauth=1 Priority group 5 id=0 ssid='invisibles' Initializing interface (2) 'wlan0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 Own MAC address: 00:20:e0:88:36:0c wpa_driver_hostap_set_wpa: enabled=1 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_countermeasures: enabled=0 wpa_driver_hostap_set_drop_unencrypted: enabled=1 Setting scan request: 0 sec 100000 usec Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Added BSSID 00:00:00:00:00:00 into blacklist EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 Disconnect event - remove keys wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=10): 69 6e 76 69 73 69 62 6c 65 73 invisibles Wireless event: cmd=0x8b19 len=12 Received 478 bytes of scan results (2 BSSes) Scan results: 2 Selecting BSS from priority group 5 0: 00:40:05:26:f3:1c ssid='' wpa_ie_len=26 rsn_ie_len=0 skip - SSID mismatch 1: 00:40:05:26:f3:1c ssid='invisibles' wpa_ie_len=26 rsn_ie_len=0 selected Trying to associate with 00:40:05:26:f3:1c (SSID='invisibles' freq=2442 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT WPA-PSK WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 No keys have been configured - skip key clearing wpa_driver_hostap_set_drop_unencrypted: enabled=1 wpa_driver_hostap_associate Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - EAP success=0 EAPOL: External notification - EAP fail=0 EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 Disconnect event - remove keys wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 Wireless event: cmd=0x8b06 len=8 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 Disconnect event - remove keys wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 Wireless event: cmd=0x8b04 len=12 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 Disconnect event - remove keys wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 Wireless event: cmd=0x8b1a len=23 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:40:05:26:f3:1c Association event - clear replay counter Associated to a new BSS: BSSID=00:40:05:26:f3:1c No keys have been configured - skip key clearing Associated with 00:40:05:26:f3:1c EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0) EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added RX EAPOL from 00:40:05:26:f3:1c Setting authentication timeout: 10 sec 0 usec EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=95 EAPOL-Key type=254 WPA: RX message 1 of 4-Way Handshake from 00:40:05:26:f3:1c (ver=1) WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 WPA: Renewed SNonce - hexdump(len=32): 4b d4 db e3 72 72 ab 76 21 4b 70 7f ca c2 9e 62 22 a2 26 48 3f f1 90 4f a9 bd d5 be fe fe 17 df WPA: PMK - hexdump(len=32): [REMOVED] WPA: PTK - hexdump(len=64): [REMOVED] WPA: EAPOL-Key MIC - hexdump(len=16): e5 5c 59 16 3b b2 9b 87 b0 8a 52 76 e6 af eb 67 WPA: Sending EAPOL-Key 2/4 RX EAPOL from 00:40:05:26:f3:1c EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=121 EAPOL-Key type=254 WPA: RX message 3 of 4-Way Handshake from 00:40:05:26:f3:1c (ver=1) WPA: IE KeyData - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00 WPA: Sending EAPOL-Key 4/4 WPA: Installing PTK to the driver. WPA: RSC - hexdump(len=6): 00 00 00 00 00 00 wpa_driver_hostap_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32 Authentication with 00:40:05:26:f3:1c timed out. Added BSSID 00:40:05:26:f3:1c into blacklist wpa_driver_hostap_disassociate wpa_driver_hostap_reset: type=2 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 Setting scan request: 0 sec 0 usec Starting AP scan (broadcast SSID) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 Disconnect event - remove keys wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added Wireless event: cmd=0x8b19 len=12 Received 280 bytes of scan results (2 BSSes) Scan results: 2 Selecting BSS from priority group 5 0: 00:40:05:26:f3:1c ssid='' wpa_ie_len=26 rsn_ie_len=0 skip - blacklisted 1: 00:40:05:26:f3:1c ssid='invisibles' wpa_ie_len=26 rsn_ie_len=0 skip - blacklisted No APs found - clear blacklist and try again Removed BSSID 00:40:05:26:f3:1c from blacklist (clear) Removed BSSID 00:00:00:00:00:00 from blacklist (clear) Selecting BSS from priority group 5 0: 00:40:05:26:f3:1c ssid='' wpa_ie_len=26 rsn_ie_len=0 skip - SSID mismatch 1: 00:40:05:26:f3:1c ssid='invisibles' wpa_ie_len=26 rsn_ie_len=0 selected Trying to associate with 00:40:05:26:f3:1c (SSID='invisibles' freq=2442 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT WPA-PSK WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 No keys have been configured - skip key clearing wpa_driver_hostap_set_drop_unencrypted: enabled=1 wpa_driver_hostap_associate Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - EAP success=0 EAPOL: External notification - EAP fail=0 EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Added BSSID 00:00:00:00:00:00 into blacklist EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 Disconnect event - remove keys wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0 Wireless event: cmd=0x8b06 len=8 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - EAP success=0 ...and so on. And help would be greatfully recieved. Tim From jkmaline at cc.hut.fi Sat Feb 19 19:25:45 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sat, 19 Feb 2005 16:25:45 -0800 Subject: [patch] add MODULE_VERSION(PRISM2_VERSION) for kernels that define the macro (2.6.10 at least) In-Reply-To: <42166935.4040201@divsol.com> References: <42166935.4040201@divsol.com> Message-ID: <20050220002545.GB8366@jm.kir.nu> On Fri, Feb 18, 2005 at 03:16:21PM -0700, Jim Cromie wrote: > [jimc at harpo hostap]$ modinfo hostap > version: 0.3.7 - 2005-02-12 Thanks, applied. -- Jouni Malinen PGP id EFC895FA From denier at umr.edu Sat Feb 19 19:27:09 2005 From: denier at umr.edu (Robert Denier) Date: Sat, 19 Feb 2005 18:27:09 -0600 Subject: Some Documentation for the New Encryption System Design In-Reply-To: <20050219183329.GC8366@jm.kir.nu> References: <1108833197.4715.27.camel@chidori.cephiro> <20050219174437.GA8366@jm.kir.nu> <1108836716.4715.49.camel@chidori.cephiro> <20050219183329.GC8366@jm.kir.nu> Message-ID: <1108859229.4713.93.camel@chidori.cephiro> A paper is now available on the web page that may answer some questions. http://www.finiteinfinity.com/ses/index.html (Scroll down to the files section. I'm still waiting on the sourceforge account of course, but at some point I presume I'll get one although its still possible I'll have to use a different unix name than ses. Is this documentation complete and does it describe every detail of what is going on in the code? Nope. Its not even close, but it should cover the majority of the theory for now. -Robert From bixlern at ecs.csus.edu Sat Feb 19 23:31:30 2005 From: bixlern at ecs.csus.edu (Nathan Bixler) Date: Sat, 19 Feb 2005 20:31:30 -0800 (PST) Subject: getting WE-18 going w/hostap-driver Message-ID: I'm looking to get WPA & WPA2 working in AP mode. To try and experiment with wireless extensions 18 (since I had WE-16 on FC3 & I want the most recent WPA features), I d/l'ed wireless-tools.27-pre25-netlink.tar.gz from Jean's site, but it's been a a bit rough... After hardcoding RTM_SETLINK to some arbitrary value to get past a compilation error from iwrtnlib.c, I got an error when running the tools e.g. Cannot talk to rtnetlink: Invalid Argument (sounds like my own fault for defining it). So I decided to replace wireless.h from in my kernel source:include/linux with a copy of the wireless.18.h from the tarball & recompiled the kernel & hostap-driver 0.3.7: hostap_pci: disagrees about version of symbol per_cpu__softnet_data hostap_pci: Unknown symbol per_cpu__softnet_data ... whoops my hostap driver won't load anymore ... but at least now iwconfig -v shows: iwconfig Wireless-Tools version 27 Compatible with Wirelss Extension v11 to v19 Kernel Currently compiled with Wireless Extension v18. ?'s : 1) did I get the best pre-release ver of wireless-tools w/ WE-18? 2) if I want WPA,WPA2,TKIP, & CCMP all functioning in AP mode, should I even bother upgrading wireless-tools? from what I understand WE-18 adds additional support for WPA/WPA2 which is my goal here... any other comments/criticism on my lame way of going about this? thanks, nathan From refixed at gmail.com Sun Feb 20 00:32:17 2005 From: refixed at gmail.com (Re Fixed) Date: Sun, 20 Feb 2005 16:02:17 +1030 Subject: Firmware: Samsung MagicLAN SWL-2100P Message-ID: <14a339d2050219213232d9e172@mail.gmail.com> Hi, Trying to upgrade the firmware on a Samsung MagicLAN SWL-2100P PCI card. The card, I think, is a Prism 2 card on a pd6729 PCI->PCMCIA bridge. With the right kernel modules, the card comes up fine and hostap sees it no problems (using 2.6.10 and latest HostAP). The firmware is very old though and I wish to upgrade it. wifi0: NIC: id=0x8002 v1.0.1 wifi0: PRI: id=0x15 v0.3.0 wifi0: STA: id=0x1f v0.8.3 I've tried various firmware from http://www.netgate.com/support/prism_firmware/ and I get this error every time I try to flash with prism2_srec: Verifying update compatibility and combining data: NICID was not found from the list of supported platforms. Incompatible update data. Any idea what firmware I can use to upgrade the card to something far more recent? Thanks! From parisc at gmail.com Sun Feb 20 00:37:26 2005 From: parisc at gmail.com (Max Grabert) Date: Sun, 20 Feb 2005 05:37:26 +0000 Subject: ioctl[PRISM2_IOCTL_PRISM2_PARAM]: Invalid argument In-Reply-To: <20050217232331.GA2212@angus.electronics-design.nl> References: <20050217232331.GA2212@angus.electronics-design.nl> Message-ID: On Fri, 18 Feb 2005 00:23:31 +0100, Marc Dirix wrote: > When I start hostapd it generates the following error: > > alpha:/usr/src/hostap-driver-0.3.7# hostapd /etc/hostapd/hostapd.conf > Configuration file: /etc/hostapd/hostapd.conf > ioctl[PRISM2_IOCTL_PRISM2_PARAM]: Invalid argument > Could not enable hostapd mode for interface wlan0 > hostap driver initialization failed. > rmdir[ctrl_interface]: Bad address > > hostap_pci driver is working correctly. Maybe you have the same problem I'm having. I just assume that you are trying to use hostap(d) on a DEC Alpha AXP (64bit, little-endian) architecture. I have a Netgear MA-311 (f/w 1.8.0) and it is working fine on a HP PA-RISC workstation running a 32bit (big-endian) linux-2.6.10. However when I'm using a 64bit kernel I'm getting similar/same errors as you when trying to use the userspace utilities (hostapd, prism2_param, ...). But the hostap kernel module is working fine. (N.B.: Linux/PA-RISC currently only supports/uses 32bit userland). IMHO this might indicate that there are some ioctl() issues in hostap, eg. when the (32bit) userspace utilities try to connect.to the (64bit) hostap kernel module. Greetings, Max From parisc at gmail.com Sun Feb 20 00:42:04 2005 From: parisc at gmail.com (Max Grabert) Date: Sun, 20 Feb 2005 05:42:04 +0000 Subject: ioctl[PRISM2_IOCTL_PRISM2_PARAM]: Invalid argument In-Reply-To: References: <20050217232331.GA2212@angus.electronics-design.nl> Message-ID: Sorry to reply to myself. > IMHO this might indicate that there are some ioctl() issues in hostap, > eg. when the (32bit) userspace utilities try to connect to the (64bit) > hostap kernel module. I forgot to mention that I'm using the latest CVS, and that it used to work on PA-RISC with 64bit kernels (32bit userland) before ... ... unfortunately I can't tell the exact hostap(d) version, but it must have been about 6 months ago. Thanks, Max From jar at pcuf.fi Sun Feb 20 04:07:10 2005 From: jar at pcuf.fi (Jar) Date: Sun, 20 Feb 2005 11:07:10 +0200 (EET) Subject: Firmware: Samsung MagicLAN SWL-2100P In-Reply-To: <14a339d2050219213232d9e172@mail.gmail.com> References: <14a339d2050219213232d9e172@mail.gmail.com> Message-ID: <3490.192.168.0.150.1108890430.squirrel@kone> > Hi, > > Trying to upgrade the firmware on a Samsung MagicLAN SWL-2100P PCI card. > > The card, I think, is a Prism 2 card on a pd6729 PCI->PCMCIA bridge. > With the right kernel modules, the card comes up fine and hostap sees > it no problems (using 2.6.10 and latest HostAP). > > The firmware is very old though and I wish to upgrade it. > > wifi0: NIC: id=0x8002 v1.0.1 > wifi0: PRI: id=0x15 v0.3.0 > wifi0: STA: id=0x1f v0.8.3 I am used the 1.5.6 version (s1010506.hex) from the http://www.red-bean.com/~proski/firmware/1.5.6.tar.gz. 1.5.6 works for me better than the 1.7.1. I flashed it via Windows utility because prism2_srec complains some incompatibility error. I think it is possible flash also with prism2_srec whne using the "-i" ignore parameter. -- Best Regards, Jar From refixed at gmail.com Sun Feb 20 04:56:22 2005 From: refixed at gmail.com (Re Fixed) Date: Sun, 20 Feb 2005 20:26:22 +1030 Subject: Firmware: Samsung MagicLAN SWL-2100P In-Reply-To: <3490.192.168.0.150.1108890430.squirrel@kone> References: <14a339d2050219213232d9e172@mail.gmail.com> <3490.192.168.0.150.1108890430.squirrel@kone> Message-ID: <14a339d205022001565e40ef0d@mail.gmail.com> Hi Jar, thanks for the quick reply. On Sun, 20 Feb 2005 11:07:10 +0200 (EET), Jar wrote: > > wifi0: NIC: id=0x8002 v1.0.1 > > wifi0: PRI: id=0x15 v0.3.0 > > wifi0: STA: id=0x1f v0.8.3 > > I am used the 1.5.6 version (s1010506.hex) from the > http://www.red-bean.com/~proski/firmware/1.5.6.tar.gz. 1.5.6 works for me better > than the 1.7.1. I flashed it via Windows utility because prism2_srec complains some > incompatibility error. That's only the STA firmware, correct? Is there a PRI/NIC upgrade, too? I've seen problems develop with other cards when only the STA is upgraded, or was this purely concidence and is not nessecary? I wish to upgrade as with the current firmware the card is (de)associating erratically when the card is put under load, despite signal being sufficient. I've fixed this before with other cards by updating to a much more recent firmware. From jar at pcuf.fi Sun Feb 20 05:50:47 2005 From: jar at pcuf.fi (Jar) Date: Sun, 20 Feb 2005 12:50:47 +0200 (EET) Subject: Firmware: Samsung MagicLAN SWL-2100P In-Reply-To: <14a339d205022001565e40ef0d@mail.gmail.com> References: <14a339d2050219213232d9e172@mail.gmail.com><3490.192.168.0.150.1108890430.squirrel@kone> <14a339d205022001565e40ef0d@mail.gmail.com> Message-ID: <4303.192.168.0.150.1108896647.squirrel@kone> > That's only the STA firmware, correct? Is there a PRI/NIC upgrade, too? > > I've seen problems develop with other cards when only the STA is > upgraded, or was this purely concidence and is not nessecary? There is no newer version than PRI=0.3.0. It is OK to update only the STA firmware for those prism2 cards. -- Best Regards, Jar From marc at electronics-design.nl Sun Feb 20 07:21:19 2005 From: marc at electronics-design.nl (Marc Dirix) Date: Sun, 20 Feb 2005 13:21:19 +0100 Subject: ioctl[PRISM2_IOCTL_PRISM2_PARAM]: Invalid argument In-Reply-To: References: <20050217232331.GA2212@angus.electronics-design.nl> Message-ID: <20050220122119.GD31488@angus.electronics-design.nl> > > Maybe you have the same problem I'm having. > I just assume that you are trying to use hostap(d) on a > DEC Alpha AXP (64bit, little-endian) architecture. Sun sparc, that's also 64bit. I'm currently investing some time in getting wireless-tools working. (it segfaults on my system with hostap-driver). The problem seems to disappear when I add a printf, or lower optimisation. Which makes me think of timing problems. When it doesn't segfaul, I kan make settings with the programm but one, the setting of the ESSID doesn't work at all. > > I have a Netgear MA-311 (f/w 1.8.0) and it is working fine on > a HP PA-RISC workstation running a 32bit (big-endian) linux-2.6.10. Formerlerly I used the same card, in an i386 system with same kernel, and same setup. After replacing the server with a Sun Ultra10 it stopped working. > However when I'm using a 64bit kernel I'm getting similar/same > errors as you when trying to use the userspace utilities (hostapd, > prism2_param, ...). But the hostap kernel module is working fine. > (N.B.: Linux/PA-RISC currently only supports/uses 32bit userland). I'm not sure, how this is done in Sparc-Linux. > > IMHO this might indicate that there are some ioctl() issues in hostap, > eg. when the (32bit) userspace utilities try to connect.to the (64bit) > hostap kernel module. Yes, I also think it might be time-related. We could try (as you describe in your next mail) to get back to the revision which was working, and trace code alteration. /Marc Pffoew, thought I was the only one having this problem..... From jcromie at divsol.com Sun Feb 20 20:57:26 2005 From: jcromie at divsol.com (Jim Cromie) Date: Sun, 20 Feb 2005 18:57:26 -0700 Subject: http://www.kerneltraffic.org/kernel-traffic/kt20050219_297.html#4 Message-ID: <42194006.9000401@divsol.com> FYI, http://www.kerneltraffic.org/kernel-traffic/kt20050219_297.html#4 talks about current shortcomings of linux wireless. it includes some mention of using netlink to notify hotplug that a link is up. This is apparently the right way to trigger external programs to do something, and hostap doesnt need to fork off an external, root-privileged, program to do that. # *Not all drivers have correct netlink support, if they even have it* 1. *orinoco is too twitchy, sends too many events (shouldn't send them during a scan for example)* 2. *atmel, airo, and others don't seem to have any netlink support* *Work Item: fix all drivers to ensure that when the card successfully associates with an access point, that it signals the kernel that its network link is "up".* # ** From jmi_1996 at yahoo.com Mon Feb 21 11:19:36 2005 From: jmi_1996 at yahoo.com (J I) Date: Mon, 21 Feb 2005 08:19:36 -0800 (PST) Subject: Problem using PEAP with CISCO AP with Odyssey Server for dynamic WEP scenario In-Reply-To: <42194006.9000401@divsol.com> Message-ID: <20050221161936.10752.qmail@web21424.mail.yahoo.com> Hi, I am having trouble using PEAP with the Cisco access point with dynam ic WEP scenarios. The problem occurs because after the PEAP authentication, the key frame information sent by the AP is not complete. In general, the Radius server provides key information to the AP, and the AP passes some of the information along to the supplicant to generate the session key. For the CISCO AP, I am not geeting the encrypted key, which is used to decrypt the provided key, using the key IV and other values. Does anyone have a similar problem with the CISCO AP? Thanks JMI --------------------------------- Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term' -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/hostap/attachments/20050221/03038530/attachment.htm From fromkth+hostap at fastmail.fm Mon Feb 21 12:09:52 2005 From: fromkth+hostap at fastmail.fm (Ajeet Nankani) Date: Mon, 21 Feb 2005 18:09:52 +0100 Subject: pre-authentication in RSN/WPA2 Message-ID: <421A15E0.8060304@fastmail.fm> what i understood by going through old mails on the above issue, that for pre-authentication to work, STA needs to have the new AP in the scan resutls at both times, one when it pre-authenticates with the new AP through the current AP and when it actually associate and do 4 way handshake with new AP, is it true? -ajeet. From jkmaline at cc.hut.fi Mon Feb 21 12:40:21 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Mon, 21 Feb 2005 09:40:21 -0800 Subject: Problem using PEAP with CISCO AP with Odyssey Server for dynamic WEP scenario In-Reply-To: <20050221161936.10752.qmail@web21424.mail.yahoo.com> References: <42194006.9000401@divsol.com> <20050221161936.10752.qmail@web21424.mail.yahoo.com> Message-ID: <20050221174021.GA8368@jm.kir.nu> On Mon, Feb 21, 2005 at 08:19:36AM -0800, J I wrote: > I am having trouble using PEAP with the Cisco access point with dynam ic WEP scenarios. The problem occurs because after the PEAP authentication, the key frame information sent by the AP is not complete. > > In general, the Radius server provides key information to the AP, and the AP passes some of the information along to the supplicant to generate the session key. For the CISCO AP, I am not geeting the encrypted key, which is used to decrypt the provided key, using the key IV and other values. Please send debug log from wpa_supplicant. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Mon Feb 21 12:44:21 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Mon, 21 Feb 2005 09:44:21 -0800 Subject: pre-authentication in RSN/WPA2 In-Reply-To: <421A15E0.8060304@fastmail.fm> References: <421A15E0.8060304@fastmail.fm> Message-ID: <20050221174421.GB8368@jm.kir.nu> On Mon, Feb 21, 2005 at 06:09:52PM +0100, Ajeet Nankani wrote: > what i understood by going through old mails on the above issue, that > for pre-authentication to work, STA needs to have the new AP in the scan > resutls at both times, one when it pre-authenticates with the new AP > through the current AP and when it actually associate and do 4 way > handshake with new AP, is it true? Well, in many cases, yes, but this is not really a requirement. Something needs to trigger the station to believe it should pre-authenticate with an AP. This may indeed be scan results showing another AP with pre-authentication enabled; or it could also be report from the current AP listing potential neighbors. As far as wpa_supplicant is concerned, scan results would not be needed for either when ap_scan=2 mode is used, but the driver will most likely have these results internally even in this case. -- Jouni Malinen PGP id EFC895FA From axel at zedx.org Mon Feb 21 13:14:37 2005 From: axel at zedx.org (Axel Christiansen) Date: Mon, 21 Feb 2005 19:14:37 +0100 Subject: hostapd 0.2.4 on a linux bridge Message-ID: <421A250D.9020608@zedx.org> Hello, i am trying to use a hostapd on a linux AP with multiple devices in one bridge. There is one bridge with devices: wlan0 Master wlan1 Master wlan0wds0 to other AP wlan1wds0 to other AP The hostapd.conf is configured to do WPA-PSK and rsn_preauth_interfaces= is set to wlan0wds0 wlan1wds0. Whenever the hostapd runs, the wds links become locked up. Seems like the hole bridge stops forwarding. I allso tried to include the bridge device in rsn_preauth_interfaces with no luck. Stopping the hostapd does not unlock the hole thing. The config works fine on a similar device with just not everything in a bridge. What can i do to have such a bridge with a working hostapd? Thx a lot, Axel From jkmaline at cc.hut.fi Mon Feb 21 15:13:22 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Mon, 21 Feb 2005 12:13:22 -0800 Subject: User reported problems with driver_madwifi/driver_ipw In-Reply-To: <20050218153823.GJ5599@roadwarrior.mcmartin.ca> References: <20050218153823.GJ5599@roadwarrior.mcmartin.ca> Message-ID: <20050221201322.GD8368@jm.kir.nu> On Fri, Feb 18, 2005 at 10:38:23AM -0500, Kyle McMartin wrote: > I'm the maintainer of the Debian packages of wpa_supplicant. A few users > reported needing the following patches to associate with open access points > using wpa_supplicant. However, this morning, some other users have > reported that the patch to driver_ipw breaks association with /ALL/ > access points, and only reverting the patch fixes things. Do you think this > is plausible, or just a case of a problem on the users end? The problems looks real, but the fix is not correct, neither for madwifi nor ipw. The main problem is in having only disable WPA operation, not a matching enable. In other words, if the card is configured even once for plaintext mode, there is no way back to WPA-enabled state without restarting wpa_supplicant. In case of driver_madwifi, the only thing that needed to be done in associate() is to set Privacy flag based on security policy, not the full set_wpa(disabled). I ended up removing the separate set_wpa() function (and actually even obsoleting it in the API) by moving other parts to init()/deinit(). This seems to work now, both for plaintext and WPA. The change is in CVS; development branch at the moment, likely to go into 0.3.x and maybe also 0.2.x after some more testing. In other words, I would like to hear from people using madwifi whether the current development snapshot of wpa_supplicant works. I do not have a test setup with ipw2100 or ipw2200, so the part about driver_ipw.c is somewhat less clear to me. The change you mentioned is here: > diff -urNad a/driver_ipw.c b/driver_ipw.c > --- a/driver_ipw.c 2005-02-06 12:06:23.000000000 -0500 > +++ b/driver_ipw.c 2005-02-15 00:45:59.000000000 -0500 > @@ -326,6 +326,9 @@ > int ret = 0; > int unencrypted_eapol; > > + if ((params->key_mgmt_suite == KEY_MGMT_NONE) && > + (wpa_driver_ipw_set_wpa(drv, 0) < 0)) > + ret = -1; > if (ipw_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0) > ret = -1; > if (wpa_driver_wext_set_ssid(drv->wext, params->ssid, In other words, this calls set_wpa(drv, 0) if key_mgmt is NONE. In case of madwifi, this would not have been correct, since set_wpa() was also enabling Privacy flag (which itself was not correct behavior). In case of ipw2100/2200, I did not fully understand what set_wpa() ends up doing because parts of it is in the firmware (I think). I would appreciate it if someone working with the ipw2100/2200 driver would take a closer look at this and test using wpa_supplicant in plaintext mode. associate() handler should configure the driver to allow plaintext associate if encryption is not enabled. set_wpa(0) may do more things that could explain why something else gets broken. -- Jouni Malinen PGP id EFC895FA From oluap at autolatina.com.br Tue Feb 22 07:31:47 2005 From: oluap at autolatina.com.br (Paulo Sergio Lemes Queiroz) Date: Tue, 22 Feb 2005 09:31:47 -0300 Subject: Tuning hostap configuration Message-ID: <421B2633.6080705@autolatina.com.br> Hi, I'm having a strange problem with my network Some times, some clients, get to lower tx rates. Initially, I think its a channel problem... but when I change the channel, the tx_rate don't change. I'm using this config: IWCONFIG=/sbin/iwconfig IFCE=wlan0 ${IWCONFIG} ${IFCE} essid MyNet ${IWCONFIG} ${IFCE} nick MyCard ${IWCONFIG} ${IFCE} mode Master ${IWCONFIG} ${IFCE} rate 11M auto ${IWCONFIG} ${IFCE} frag 512 ${IWCONFIG} ${IFCE} rts 65 ${IWPRIV} ${IFCE} beacon_int 100 ${IWPRIV} ${IFCE} dtim_period 20 ${IWCONFIG} ${IFCE} channel 3 ${IWPRIV} ${IFCE} prism2_param 30 1 Is anything wrong with config ? From fromkth+hostap at fastmail.fm Tue Feb 22 07:40:54 2005 From: fromkth+hostap at fastmail.fm (Ajeet Nankani) Date: Tue, 22 Feb 2005 13:40:54 +0100 Subject: RSN/WPA2 - PMKSA cache in STA and in AP Message-ID: <421B2856.3000400@fastmail.fm> If STA roams to other AP and makes a new PMKSA with new AP, then does STA keep previous PMKSAs which it made with previous AP(s), in its cache, if yes for how long and for how many previous APs? Same question on AP side, that for how long AP keeps PMKSA of STAs which associated with it previously but now have been roamed to other APs hence are not currently associated with this old AP. -ajeet. From marc at electronics-design.nl Tue Feb 22 09:31:18 2005 From: marc at electronics-design.nl (Marc Dirix) Date: Tue, 22 Feb 2005 15:31:18 +0100 Subject: ioctl not working correct Message-ID: <20050222143118.GC23838@angus.electronics-design.nl> Hi, Somehow some of the ioctl function aren't working 100% I've added some debugging to the hostapd "driver.c" and the hostap_ioctl.c file. In the later one I added some kernel messages to the prism2_ioctl_giwessid function. In the former one, I made an extra ioctl routine, to test some ioctl-get's for different types. When I do a SIOCGIWESSID on the driver, the kernel dmesg outputs: ESSID :thuis-wl where thuis-wl is actually my essid. However the ioctl call in driver.c returns: Ioctl GET returns: -1 error:7 Any pointers where this error could be generated? I'm not 100% familiar with ioctl calls. Note, the setting of ESSID works fine! I noticed, some ioctl addresses do work, but SIOCGIWESSID *and* PRISM2_IOCTL_PRISM2_PARAM where the latter one outputs: Ioctl returns: -1 error:22 Still this problem only occurs on 64bit proc. /Marc From marc at electronics-design.nl Tue Feb 22 10:04:05 2005 From: marc at electronics-design.nl (Marc Dirix) Date: Tue, 22 Feb 2005 16:04:05 +0100 Subject: ioctl[PRISM2_IOCTL_PRISM2_PARAM]: Invalid argument In-Reply-To: <20050220122119.GD31488@angus.electronics-design.nl> References: <20050217232331.GA2212@angus.electronics-design.nl> <20050220122119.GD31488@angus.electronics-design.nl> Message-ID: <20050222150405.GD23838@angus.electronics-design.nl> This about describes the problems we're experiencing: http://www.ussg.iu.edu/hypermail/linux/kernel/0302.0/0280.html /Marc From leblanc at inmotiontechnology.com Tue Feb 22 16:40:04 2005 From: leblanc at inmotiontechnology.com (Larry LeBlanc) Date: Tue, 22 Feb 2005 13:40:04 -0800 Subject: driver_madwifi problem? Message-ID: <421BA6B4.2050600@inmotiontechnology.com> I am using hostapd to control an AP using driver_madwifi. A while back I posted a message because I was having trouble getting WPA-PSK to work and I got a helpful message from Joseph Chen suggesting the following patch to driver_madwifi.c: 409c409 < wk.ik_flags |= IEEE80211_KEY_DEFAULT; --- > /*wk.ik_flags |= IEEE80211_KEY_DEFAULT;*/ Sure enough, after recompiling with this patch everything worked fine. Unfortunately, I have no idea what the ramifications of this change are. I thought I would ask before entering a bug report... Thanks, Larry P.S. I was originally using hostapd 0.3.5 but I see nothing has changed in this code in 0.3.7... From proski at gnu.org Tue Feb 22 18:10:47 2005 From: proski at gnu.org (Pavel Roskin) Date: Tue, 22 Feb 2005 18:10:47 -0500 Subject: [PATCH] missing "bind" in hostap_cs.conf Message-ID: <1109113847.3104.4.camel@localhost.localdomain> Hello! The current hostap_cs.conf is invalid. The attached path fixes it. -- Regards, Pavel Roskin -------------- next part -------------- A non-text attachment was scrubbed... Name: binding.diff Type: text/x-patch Size: 293 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050222/d992f5be/attachment.bin From jkmaline at cc.hut.fi Wed Feb 23 01:01:03 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Tue, 22 Feb 2005 22:01:03 -0800 Subject: [PATCH] missing "bind" in hostap_cs.conf In-Reply-To: <1109113847.3104.4.camel@localhost.localdomain> References: <1109113847.3104.4.camel@localhost.localdomain> Message-ID: <20050223060103.GA9332@jm.kir.nu> On Tue, Feb 22, 2005 at 06:10:47PM -0500, Pavel Roskin wrote: > The current hostap_cs.conf is invalid. The attached path fixes it. Thanks, applied. -- Jouni Malinen PGP id EFC895FA From togg at togg.de Wed Feb 23 02:42:40 2005 From: togg at togg.de (Sebastian Weitzel) Date: Wed, 23 Feb 2005 08:42:40 +0100 (CET) Subject: driver_madwifi problem? In-Reply-To: <421BA6B4.2050600@inmotiontechnology.com> References: <421BA6B4.2050600@inmotiontechnology.com> Message-ID: <36223.127.0.0.1.1109144560.squirrel@flinky.home> > I am using hostapd to control an AP using driver_madwifi. A while back I > posted a message because I was having trouble getting WPA-PSK to work > and I got a helpful message from Joseph Chen suggesting the following > patch to driver_madwifi.c: It's not a hostap issue. See the madwifi mailinglist archive (http://news.gmane.org/gmane.linux.drivers.madwifi.user/) for a solution to this problem. There is a patch for it. Regards, Sebastian Weitzel From fromkth+hostap at fastmail.fm Wed Feb 23 07:20:22 2005 From: fromkth+hostap at fastmail.fm (Ajeet Nankani) Date: Wed, 23 Feb 2005 13:20:22 +0100 Subject: Pre-authentication to an AP Message-ID: <421C7506.2010401@fastmail.fm> What happens when wpa_supplicant is forced(scan results are modified, so wpa_supplicant believfes that AP has pre-authentication) to pre-authenticate with an AP which does not have pre-authentication enable? I guess on wpa_supplicant side it times-out, but on the AP what it do with those pre-authentication(EAP) packets? just drop outs or send some replies back to wpa_supplicant?? any clue? -ajeet. From fromkth+hostap at fastmail.fm Wed Feb 23 08:53:17 2005 From: fromkth+hostap at fastmail.fm (Ajeet Nankani) Date: Wed, 23 Feb 2005 14:53:17 +0100 Subject: pre-authentication in RSN/WPA2 -- new subtype in Managementt Frame!! In-Reply-To: <20050221174421.GB8368@jm.kir.nu> References: <421A15E0.8060304@fastmail.fm> <20050221174421.GB8368@jm.kir.nu> Message-ID: <421C8ACD.2040300@fastmail.fm> Jouni Malinen wrote: > On Mon, Feb 21, 2005 at 06:09:52PM +0100, Ajeet Nankani wrote: > > >>what i understood by going through old mails on the above issue, that >>for pre-authentication to work, STA needs to have the new AP in the scan >>resutls at both times, one when it pre-authenticates with the new AP >>through the current AP and when it actually associate and do 4 way >>handshake with new AP, is it true? > > > Well, in many cases, yes, but this is not really a requirement. > Something needs to trigger the station to believe it should > pre-authenticate with an AP. This may indeed be scan results showing > another AP with pre-authentication enabled; or it could also be report > from the current AP listing potential neighbors. As far as > wpa_supplicant is concerned, scan results would not be needed for either > when ap_scan=2 mode is used, but the driver will most likely have these > results internally even in this case. > The main task, for taking full advantage of pre-authentication, actually is the building of that neighbours-list(BSSIDs, RSN IE or just Capabilities block?? or just pre-authentication flag??) and transfering of that list from AP to Associated STAs. IAPP cant help here as its neighbours lists contains only BSSIDs, and for pre-authentication we need BSSIDs and atleast pre-authentication flag. But in senarios where we know that all AP supports RSN and pre-authentication(like in corporate and campus networks) then we could exploit even that IAPP neighbor list by forcing wpa_supplicant to pre-authenticate with APs in the list, but again the problem is how to transfer that list from AP to STA?? For Jouni and other developers, can we use one of the reserved subtypes in mangement frame and transfer the list through that/those frame/frames to STA?.....or may be built new IE...just a thought. Ofcourse we have to modify AP and STA to handle that management frame or IE accoringly. But is it possible to modify hostap to accomplish above task?? -ajeet. From brix at gentoo.org Wed Feb 23 09:04:33 2005 From: brix at gentoo.org (Henrik Brix Andersen) Date: Wed, 23 Feb 2005 15:04:33 +0100 Subject: Patch: running external commands from wpa_supplicant In-Reply-To: <20050213031147.GB8389@jm.kir.nu> References: <1105470539.11819.12.camel@sponge.fungus> <20050114043602.GB8380@jm.kir.nu> <1107338072.19863.27.camel@sponge.fungus> <20050213031147.GB8389@jm.kir.nu> Message-ID: <1109167474.12284.8.camel@sponge.fungus> On Sat, 2005-02-12 at 19:11 -0800, Jouni Malinen wrote: > I'm hoping to be able to drop root privileges from most of the > wpa_supplicant operation. If I understood correctly, you would like to > be able to run external commands that are likely to require root > privileges, which is against the goal of getting wpa_supplicant to not > need root privileges for most of the code.. I see your point. > If you believe that it would be better to to get calls to external > programs, one option would be to write a minimal daemon that opens a > connection to wpa_supplicant control interface and takes care of calling > these external programs. This should eliminate both of my objections > about blocking wpa_supplicant and extra requirement for root privileges. Yes, this would solve the above issues and integrate well with the next-generation Gentoo networking scripts. Would you want to write this daemon yourself and include it in wpa_supplicant - or would you rather keep it as a separate project? Sincerely, Brix -- Henrik Brix Andersen Gentoo Linux -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050223/94d293ff/attachment.pgp From js at ddre.dk Wed Feb 23 09:15:29 2005 From: js at ddre.dk (Jens Stavnstrup) Date: Wed, 23 Feb 2005 15:15:29 +0100 (CET) Subject: Bug in madwifi communication Message-ID: In the mailing lists there have been an increasing number of statements regarding a bug in either wpa_supplicant or the madwifi driver. Originally I had no problems with these two running together back in November 2004, but now after upgrading wpa_supplicant (through debians apt-get) and the madwifi drive (manually), only part of the authentification phase seems to work, which of course means I cannot connect to the network. Most comment on the on the mailinglists seems to indicate that the problem must be with the madwifi driver. But replacing my current version of the madwifi driver with snapshots from October (which worked) does not make a difference. Unfortunately I do not have a debian package of wpa_supplicant ver. 0.2.5 (which I know worked with madwifi) So how about looking for the bug in the wpa_supplicant ? Is the following statement normal ? WPA: EAPOL frame too short, len 48, expecting at least 99 Here is my config file and a debug from wpa_supplicant Regards, Jens -------------------- eapol_version=1 ap_scan=1 fast_reauth=1 network={ ssid="054" scan_ssid=1 proto=WPA key_mgmt=WPA-EAP group=TKIP eap=MSCHAPV2 PEAP identity="SORT\js" password="???????????" } --------------------- Initializing interface 'ath0' conf '/etc/wpa_supplicant.conf' driver 'madwifi' Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group=0 eapol_version=1 ap_scan=1 eapol_version=1 ap_scan=1 fast_reauth=1 Priority group 0 id=0 ssid='054' Initializing interface (2) 'ath0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 Own MAC address: 00:05:4e:43:c3:fb wpa_driver_madwifi_set_wpa: enabled=1 wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_del_key: keyidx=1 wpa_driver_madwifi_del_key: keyidx=2 wpa_driver_madwifi_del_key: keyidx=3 wpa_driver_madwifi_set_countermeasures: enabled=0 wpa_driver_madwifi_set_drop_unencrypted: enabled=1 Setting scan request: 0 sec 100000 usec Using existing control interface directory. bind(PF_UNIX): Address already in use ctrl_iface exists, but does not allow connections - assuming it was leftover from forced program termination Successfully replaced leftover ctrl_iface socket '/var/run/wpa_supplicant/ath0' Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=3): 30 35 34 054 Wireless event: cmd=0x8b1a len=16 Wireless event: cmd=0x8b19 len=12 Received 1550 bytes of scan results (7 BSSes) Scan results: 7 Selecting BSS from priority group 0 0: 00:0b:0e:02:32:40 ssid='054' wpa_ie_len=30 rsn_ie_len=0 selected Trying to associate with 00:0b:0e:02:32:40 (SSID='054' freq=2462 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 WPA: using GTK TKIP WPA: using PTK CCMP WPA: using KEY_MGMT 802.1X WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 04 01 00 00 50 f2 01 No keys have been configured - skip key clearing wpa_driver_madwifi_set_drop_unencrypted: enabled=1 wpa_driver_madwifi_associate Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=16 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:0b:0e:02:32:40 Association event - clear replay counter Associated to a new BSS: BSSID=00:0b:0e:02:32:40 No keys have been configured - skip key clearing Associated with 00:0b:0e:02:32:40 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec RX EAPOL from 00:0b:0e:02:32:40 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=1 EAP: EAP entering state IDENTITY EAP: EAP-Request Identity data - hexdump_ascii(len=37): 00 6e 65 74 77 6f 72 6b 69 64 3d 30 35 34 2c 6e _networkid=054,n 61 73 69 64 3d 6e 6f 73 2d 32 2e 30 2c 70 6f 72 asid=nos-2.0,por 74 69 64 3d 30 tid=0 EAP: using real identity - hexdump_ascii(len=7): 53 4f 52 54 5c 6a 73 SORT\js EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 48, expecting at least 99 RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:0b:0e:02:32:40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=1 EAP: EAP entering state RETRANSMIT EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 48, expecting at least 99 RX EAPOL from 00:0b:0e:02:32:40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=25 id=2 EAP: EAP entering state GET_METHOD EAP: initialize selected EAP method (25, PEAP) EAP-PEAP: Phase2 EAP types - hexdump(len=8): 04 1a 06 05 12 11 ff 17 EAP: EAP entering state METHOD EAP-PEAP: Received packet(len=6) - Flags 0x20 EAP-PEAP: Start (server ver=0, own ver=1) EAP-PEAP: Using PEAP version 0 SSL: (where=0x10 ret=0x1) SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:before/connect initialization SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client hello A SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read server hello A SSL: SSL_connect - want more data SSL: 100 bytes pending from ssl_out SSL: 100 bytes left to be sent out (of total 100 bytes) EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 48, expecting at least 99 RX EAPOL from 00:0b:0e:02:32:40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=25 id=3 EAP: EAP entering state METHOD EAP-PEAP: Received packet(len=1496) - Flags 0xc0 EAP-PEAP: TLS Message Length: 3902 SSL: Need 2416 bytes more input data SSL: Building ACK EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE IEEE 802.1X RX: version=1 type=0 length=1496 WPA: EAPOL frame (type 0) discarded, not a Key frame RX EAPOL from 00:0b:0e:02:32:40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=25 id=4 EAP: EAP entering state METHOD EAP-PEAP: Received packet(len=1496) - Flags 0x40 SSL: Need 926 bytes more input data SSL: Building ACK EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE IEEE 802.1X RX: version=1 type=0 length=1496 WPA: EAPOL frame (type 0) discarded, not a Key frame RX EAPOL from 00:0b:0e:02:32:40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=25 id=5 EAP: EAP entering state METHOD EAP-PEAP: Received packet(len=932) - Flags 0x00 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server hello A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server certificate A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server certificate request A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server done A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client certificate A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client key exchange A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write change cipher spec A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write finished A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 flush data SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read finished A SSL: SSL_connect - want more data SSL: 194 bytes pending from ssl_out SSL: 194 bytes left to be sent out (of total 194 bytes) EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE IEEE 802.1X RX: version=1 type=0 length=932 WPA: EAPOL frame (type 0) discarded, not a Key frame RX EAPOL from 00:0b:0e:02:32:40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=25 id=6 EAP: EAP entering state METHOD EAP-PEAP: Received packet(len=53) - Flags 0x80 EAP-PEAP: TLS Message Length: 43 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read finished A SSL: (where=0x20 ret=0x1) SSL: (where=0x1002 ret=0x1) SSL: 0 bytes pending from ssl_out SSL: No data to be sent out EAP-PEAP: TLS done, proceed to Phase 2 EAP-PEAP: using label 'client EAP encryption' in key derivation EAP-PEAP: Derived key - hexdump(len=64): [REMOVED] SSL: Building ACK EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 57, expecting at least 99 RX EAPOL from 00:0b:0e:02:32:40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=25 id=7 EAP: EAP entering state METHOD EAP-PEAP: Received packet(len=28) - Flags 0x00 EAP-PEAP: received 22 bytes encrypted data for Phase 2 EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=1): 01 EAP-PEAP: received Phase 2: code=1 identifier=7 length=5 EAP-PEAP: Phase 2 Request: type=1 EAP: using real identity - hexdump_ascii(len=7): 53 4f 52 54 5c 6a 73 SORT\js EAP-PEAP: Encrypting Phase 2 data - hexdump(len=12): [REMOVED] EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 48, expecting at least 99 RX EAPOL from 00:0b:0e:02:32:40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=25 id=8 EAP: EAP entering state METHOD EAP-PEAP: Received packet(len=52) - Flags 0x00 EAP-PEAP: received 46 bytes encrypted data for Phase 2 EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=25): 1a 01 08 00 18 10 e9 87 ac 4f d0 fe dd b1 4a 6a 1b d2 c4 30 a9 48 4b 55 4c EAP-PEAP: received Phase 2: code=1 identifier=8 length=29 EAP-PEAP: Phase 2 Request: type=26 EAP-PEAP: Selected Phase 2 EAP method 26 EAP-MSCHAPV2: Received challenge EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=3): 4b 55 4c KUL EAP-MSCHAPV2: Generating Challenge Response EAP-MSCHAPV2: auth_challenge - hexdump(len=16): e9 87 ac 4f d0 fe dd b1 4a 6a 1b d2 c4 30 a9 48 EAP-MSCHAPV2: peer_challenge - hexdump(len=16): 25 77 ca 73 bc 33 a7 2f 39 59 4a 2c af 15 e0 d4 EAP-MSCHAPV2: username - hexdump_ascii(len=2): 6a 73 js EAP-MSCHAPV2: password - hexdump_ascii(len=11): [REMOVED] EAP-MSCHAPV2: response - hexdump(len=24): f1 e5 5d ca d9 a7 5f 19 81 5a 16 a5 1e 27 42 31 11 0e 4e 76 42 bb da ed EAP-PEAP: Encrypting Phase 2 data - hexdump(len=66): [REMOVED] EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 56, expecting at least 99 RX EAPOL from 00:0b:0e:02:32:40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=25 id=9 EAP: EAP entering state METHOD EAP-PEAP: Received packet(len=74) - Flags 0x00 EAP-PEAP: received 68 bytes encrypted data for Phase 2 EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=47): 1a 03 08 00 2e 53 3d 44 34 33 46 30 44 38 39 39 44 35 35 39 41 30 36 43 32 38 42 42 33 44 42 38 44 46 31 39 46 37 33 45 30 44 43 46 34 46 46 EAP-PEAP: received Phase 2: code=1 identifier=9 length=51 EAP-PEAP: Phase 2 Request: type=26 EAP-MSCHAPV2: Received success EAP-MSCHAPV2: Success message - hexdump_ascii(len=0): EAP-MSCHAPV2: Authentication succeeded EAP-PEAP: Encrypting Phase 2 data - hexdump(len=6): [REMOVED] EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 78, expecting at least 99 RX EAPOL from 00:0b:0e:02:32:40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=25 id=10 EAP: EAP entering state METHOD EAP-PEAP: Received packet(len=38) - Flags 0x00 EAP-PEAP: received 32 bytes encrypted data for Phase 2 EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 01 0a 00 0b 21 80 03 00 02 00 01 EAP-PEAP: received Phase 2: code=1 identifier=10 length=11 EAP-PEAP: Phase 2 Request: type=33 EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 01 EAP-TLV: Result TLV - hexdump(len=2): 00 01 EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): [REMOVED] EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 48, expecting at least 99 RX EAPOL from 00:0b:0e:02:32:40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Success EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 48, expecting at least 99 RX EAPOL from 00:0b:0e:02:32:40 EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=95 EAPOL-Key type=254 WPA: RX message 1 of 4-Way Handshake from 00:0b:0e:02:32:40 (ver=2) WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 04 01 00 00 50 f2 01 WPA: Renewed SNonce - hexdump(len=32): d3 4e ef 97 25 b2 99 85 5b d2 8e d2 79 07 81 b0 33 95 df c8 62 3b 07 74 75 72 8f db c4 41 96 14 WPA: Failed to get master session key from EAPOL state machines WPA: Key handshake aborted From peacebwitchu at gmail.com Wed Feb 23 09:18:59 2005 From: peacebwitchu at gmail.com (John Knoxville) Date: Wed, 23 Feb 2005 09:18:59 -0500 Subject: ndiswrapper,Cisco Radius PEAP Message-ID: I am having problems getting associated with my Cisco AP and Radius server. I am using the latest ndiswrapper with the centrino wireless card. Here is my config and debug output. eapol_version=1 ap_scan=1 network={ ssid="web" scan_ssid=1 key_mgmt=IEEE8021X eap=PEAP identity="ad\peace" password="password" phase2="auth=MSCHAPV2" wpa_supplicant -Dndiswrapper -iwlan0 -c/etc/wpa_supplicant.conf -ddd Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 'ndiswrapper' Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' eapol_version=1 ap_scan=1 Line: 4 - start of a new network block ssid - hexdump_ascii(len=9): 42 63 62 43 69 6f 42 72 72 web scan_ssid=1 (0x1) key_mgmt: 0x8 eap methods - hexdump(len=2): 19 00 identity - hexdump_ascii(len=13): 62 63 62 61 64 5c 67 72 69 73 77 6c 64 ad\peace password - hexdump_ascii(len=8): [REMOVED] phase2 - hexdump_ascii(len=13): 61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2 Priority group 0 id=0 ssid='web' Initializing interface (2) 'wlan0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 Own MAC address: 00:0c:f1:24:62:e2 Setting scan request: 0 sec 100000 usec Wireless event: cmd=0x8b06 len=8 Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=9): 42 63 62 43 69 6f 42 72 72 web ioctl[SIOCSIWSCAN{,EXT}]: No such device Failed to initiate AP scan. Setting scan request: 10 sec 0 usec EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 Scan timeout - try to get results Received 2171 bytes of scan results (11 BSSes) Scan results: 11 Selecting BSS from priority group 0 Thanks for the help. From peacebwitchu at gmail.com Wed Feb 23 11:31:58 2005 From: peacebwitchu at gmail.com (John Knoxville) Date: Wed, 23 Feb 2005 11:31:58 -0500 Subject: re ndiswrapper, Cisco Radius PEAP Message-ID: After doing iwconfig wlan0 essid web I get this change in messages. Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 'ndiswrapper' Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' eapol_version=1 ap_scan=1 Line: 4 - start of a new network block ssid - hexdump_ascii(len=9): 42 63 62 43 69 6f 42 72 72 web scan_ssid=1 (0x1) key_mgmt: 0x8 eap methods - hexdump(len=2): 19 00 identity - hexdump_ascii(len=13): 62 63 62 61 64 5c 67 72 69 73 77 6c 64 ad\peace password - hexdump_ascii(len=8): [REMOVED] phase2 - hexdump_ascii(len=13): 61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2 Priority group 0 id=0 ssid='web' Initializing interface (2) 'wlan0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 Own MAC address: 00:0c:f1:24:62:e2 Setting scan request: 0 sec 100000 usec Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=9): 42 63 62 43 69 6f 42 72 72 web Failed to initiate AP scan. Setting scan request: 10 sec 0 usec EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 Scan timeout - try to get results Received 3407 bytes of scan results (17 BSSes) Scan results: 17 Selecting BSS from priority group 0 0: 00:0e:83:fe:7c:90 ssid='web' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 1: 00:0e:83:fe:7c:f0 ssid='web' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 2: 00:0e:83:fe:7c:20 ssid='web' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 3: 00:0e:83:fe:7e:f0 ssid='web' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 4: 00:12:01:39:9b:c0 ssid='web' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 5: 00:0e:84:be:36:b0 ssid='web' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 6: 00:0e:83:fe:7c:50 ssid='web' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 7: 00:0f:23:d8:9a:d0 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 8: 00:0e:83:fe:7c:90 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 9: 00:0e:83:fe:7c:f0 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 10: 00:0e:83:fe:7c:20 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 11: 00:0e:84:be:36:b0 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 12: 00:0e:83:fe:7e:f0 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 13: 00:12:01:39:9b:c0 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 14: 00:0e:83:fe:7c:50 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 15: 02:00:29:83:fc:6e ssid='hpsetup' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 16: 00:0e:83:fe:7b:b0 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE selected non-WPA AP 00:0e:83:fe:7c:90 ssid='web' Trying to associate with 00:0e:83:fe:7c:90 (SSID='web' freq=2412 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 No keys have been configured - skip key clearing Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8c02 len=79 Custom wireless event: 'ASSOCINFO(ReqIEs=000942636243696f427272010482848b96 RespIEs=010196)' Association info event req_ies - hexdump(len=17): 00 09 42 63 62 43 69 6f 42 72 72 01 04 82 84 8b 96 resp_ies - hexdump(len=3): 01 01 96 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:0e:83:fe:7e:f0 Association event - clear replay counter Associated to a new BSS: BSSID=00:0e:83:fe:7e:f0 No keys have been configured - skip key clearing Associated with 00:0e:83:fe:7e:f0 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart TX EAPOL - hexdump(len=18): 00 0e 83 fe 7e f0 00 0c f1 24 62 e2 88 8e 01 01 00 00 EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Wireless event: cmd=0x8c02 len=79 Custom wireless event: 'ASSOCINFO(ReqIEs=000942636243696f427272010482848b96 RespIEs=010196)' Association info event req_ies - hexdump(len=17): 00 09 42 63 62 43 69 6f 42 72 72 01 04 82 84 8b 96 resp_ies - hexdump(len=3): 01 01 96 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:0e:83:fe:7e:f0 Association event - clear replay counter Associated with 00:0e:83:fe:7e:f0 EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart TX EAPOL - hexdump(len=18): 00 0e 83 fe 7e f0 00 0c f1 24 62 e2 88 8e 01 01 00 00 EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec RX EAPOL from 00:0e:83:fe:7e:f0 RX EAPOL - hexdump(len=46): 01 00 00 05 01 01 00 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=1 EAP: EAP entering state IDENTITY EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=13): 62 63 62 61 64 5c 67 72 69 73 77 6c 64 ad\peace EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=36): 00 0e 83 fe 7e f0 00 0c f1 24 62 e2 88 8e 01 00 00 12 02 01 00 12 01 62 63 62 61 64 5c 67 72 69 73 77 6c 64 EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 46, expecting at least 99 RX EAPOL from 00:0e:83:fe:7e:f0 RX EAPOL - hexdump(len=46): 01 00 00 05 01 02 00 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=2 EAP: EAP entering state IDENTITY EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=13): 62 63 62 61 64 5c 67 72 69 73 77 6c 64 ad\peace EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=36): 00 0e 83 fe 7e f0 00 0c f1 24 62 e2 88 8e 01 00 00 12 02 02 00 12 01 62 63 62 61 64 5c 67 72 69 73 77 6c 64 EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 46, expecting at least 99 RX EAPOL from 00:0e:83:fe:7e:f0 RX EAPOL - hexdump(len=46): 01 00 00 1d 01 ae 00 1d 11 01 00 08 56 c9 a3 a0 4e 03 27 82 62 63 62 61 64 5c 67 72 69 73 77 6c 64 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=17 id=174 EAP: EAP entering state GET_METHOD EAP: Building EAP-Nak (requested type 17 not allowed) EAP: allowed methods - hexdump(len=1): 19 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=24): 00 0e 83 fe 7e f0 00 0c f1 24 62 e2 88 8e 01 00 00 06 02 ae 00 06 03 19 EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 46, expecting at least 99 RX EAPOL from 00:0e:83:fe:7e:f0 RX EAPOL - hexdump(len=46): 01 00 00 06 01 af 00 06 19 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=25 id=175 EAP: EAP entering state GET_METHOD EAP: initialize selected EAP method (25, PEAP) EAP-PEAP: Phase2 EAP types - hexdump(len=1): 1a EAP: EAP entering state METHOD EAP-PEAP: Received packet(len=6) - Flags 0x21 EAP-PEAP: Start (server ver=1, own ver=1) EAP-PEAP: Using PEAP version 1 SSL: (where=0x10 ret=0x1) SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:before/connect initialization SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client hello A SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read server hello A SSL: SSL_connect - want more data SSL: 100 bytes pending from ssl_out SSL: 100 bytes left to be sent out (of total 100 bytes) EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=124): 00 0e 83 fe 7e f0 00 0c f1 24 62 e2 88 8e 01 00 00 6a 02 af 00 6a 19 01 16 03 01 00 5f 01 00 00 5b 03 01 42 1c a7 cf 27 a0 c3 3e dc ee 73 e8 d0 44 6d ad ca 0f 82 c7 f8 43 02 62 8e b1 3b 63 0d cd 34 5a 00 00 34 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 66 00 05 00 04 00 63 00 62 00 61 00 15 00 12 00 09 00 65 00 64 00 60 00 14 00 11 00 08 00 06 00 03 01 00 EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 46, expecting at least 99 EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=29 idleWhile=59 EAPOL: Port Timers tick - authWhile=28 heldWhile=0 startWhen=28 idleWhile=58 EAPOL: Port Timers tick - authWhile=27 heldWhile=0 startWhen=27 idleWhile=57 EAPOL: Port Timers tick - authWhile=26 heldWhile=0 startWhen=26 idleWhile=56 EAPOL: Port Timers tick - authWhile=25 heldWhile=0 startWhen=25 idleWhile=55 EAPOL: Port Timers tick - authWhile=24 heldWhile=0 startWhen=24 idleWhile=54 EAPOL: Port Timers tick - authWhile=23 heldWhile=0 startWhen=23 idleWhile=53 EAPOL: Port Timers tick - authWhile=22 heldWhile=0 startWhen=22 idleWhile=52 EAPOL: Port Timers tick - authWhile=21 heldWhile=0 startWhen=21 idleWhile=51 EAPOL: Port Timers tick - authWhile=20 heldWhile=0 startWhen=20 idleWhile=50 EAPOL: Port Timers tick - authWhile=19 heldWhile=0 startWhen=19 idleWhile=49 EAPOL: Port Timers tick - authWhile=18 heldWhile=0 startWhen=18 idleWhile=48 EAPOL: Port Timers tick - authWhile=17 heldWhile=0 startWhen=17 idleWhile=47 EAPOL: Port Timers tick - authWhile=16 heldWhile=0 startWhen=16 idleWhile=46 EAPOL: Port Timers tick - authWhile=15 heldWhile=0 startWhen=15 idleWhile=45 EAPOL: Port Timers tick - authWhile=14 heldWhile=0 startWhen=14 idleWhile=44 EAPOL: Port Timers tick - authWhile=13 heldWhile=0 startWhen=13 idleWhile=43 EAPOL: Port Timers tick - authWhile=12 heldWhile=0 startWhen=12 idleWhile=42 EAPOL: Port Timers tick - authWhile=11 heldWhile=0 startWhen=11 idleWhile=41 EAPOL: Port Timers tick - authWhile=10 heldWhile=0 startWhen=10 idleWhile=40 EAPOL: Port Timers tick - authWhile=9 heldWhile=0 startWhen=9 idleWhile=39 EAPOL: Port Timers tick - authWhile=8 heldWhile=0 startWhen=8 idleWhile=38 EAPOL: Port Timers tick - authWhile=7 heldWhile=0 startWhen=7 idleWhile=37 EAPOL: Port Timers tick - authWhile=6 heldWhile=0 startWhen=6 idleWhile=36 Signal 2 received - terminating No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit From jkmaline at cc.hut.fi Wed Feb 23 21:53:26 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 23 Feb 2005 18:53:26 -0800 Subject: Pre-authentication to an AP In-Reply-To: <421C7506.2010401@fastmail.fm> References: <421C7506.2010401@fastmail.fm> Message-ID: <20050224025326.GC9332@jm.kir.nu> On Wed, Feb 23, 2005 at 01:20:22PM +0100, Ajeet Nankani wrote: > What happens when wpa_supplicant is forced(scan results are modified, so > wpa_supplicant believfes that AP has pre-authentication) to > pre-authenticate with an AP which does not have pre-authentication enable? > > I guess on wpa_supplicant side it times-out, That's correct. > but on the AP what it do > with those pre-authentication(EAP) packets? just drop outs or send some > replies back to wpa_supplicant?? If the AP does not support RSN pre-authentication, it will most likely just ignore the frames since they are using a new ethertype that is reserved for this use. If the AP supports pre-authentication but it has been disabled in configuration, I would expect it to do same. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Wed Feb 23 21:58:39 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 23 Feb 2005 18:58:39 -0800 Subject: pre-authentication in RSN/WPA2 -- new subtype in Managementt Frame!! In-Reply-To: <421C8ACD.2040300@fastmail.fm> References: <421A15E0.8060304@fastmail.fm> <20050221174421.GB8368@jm.kir.nu> <421C8ACD.2040300@fastmail.fm> Message-ID: <20050224025839.GD9332@jm.kir.nu> On Wed, Feb 23, 2005 at 02:53:17PM +0100, Ajeet Nankani wrote: > For Jouni and other developers, can we use one of the reserved subtypes > in mangement frame and transfer the list through that/those frame/frames > to STA?.....or may be built new IE...just a thought. No, it is up to IEEE to define uses for the reserved subtypes and they are indeed doing exactly this.. See IEEE 802.11k draft and Action frames. > Ofcourse we have to > modify AP and STA to handle that management frame or IE accoringly. But > is it possible to modify hostap to accomplish above task?? For AP side, yes. For client side, I don't know; I haven't tested what the Prism2/2.5/3 firmware does with Action frames. If it sends them to the driver, yes, we could use the neighbor report frames from IEEE 802.11k. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Wed Feb 23 22:11:32 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 23 Feb 2005 19:11:32 -0800 Subject: ndiswrapper,Cisco Radius PEAP In-Reply-To: References: Message-ID: <20050224031132.GE9332@jm.kir.nu> On Wed, Feb 23, 2005 at 09:18:59AM -0500, John Knoxville wrote: > I am having problems getting associated with my Cisco AP and Radius > server. I am using the latest ndiswrapper with the centrino wireless > card. Here is my config and debug output. > > eapol_version=1 > ap_scan=1 > > network={ > ssid="web" > scan_ssid=1 > Starting AP scan (specific SSID) > Scan SSID - hexdump_ascii(len=9): > 42 63 62 43 69 6f 42 72 72 web > ioctl[SIOCSIWSCAN{,EXT}]: No such device > Failed to initiate AP scan. ndiswrapper and well, NDIS drivers in general do not support scan for a specific SSID (scan_ssid=1). You will either need to use broadcast scan or if you are using hidden SSID, ap_scan=2 to make the driver associate with the given SSID without wpa_supplicant having to request a scan. > Setting scan request: 10 sec 0 usec > EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 > EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 > EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 > Scan timeout - try to get results > Received 2171 bytes of scan results (11 BSSes) > Scan results: 11 > Selecting BSS from priority group 0 What happens after this line? -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Wed Feb 23 22:17:07 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 23 Feb 2005 19:17:07 -0800 Subject: VLAN & HosAP driver question In-Reply-To: <2080.213.130.89.252.1109193127.squirrel@webmail.infotel.bg> References: <2080.213.130.89.252.1109193127.squirrel@webmail.infotel.bg> Message-ID: <20050224031707.GF9332@jm.kir.nu> On Wed, Feb 23, 2005 at 11:12:07PM +0200, dancho wrote: > I have a project for implementing VLAN functionality in HostAP driver. > The idea is that the HostAP driver use different ESSID to simulate > multiple LANs(VLAN.) > My questions is if that is technically possible and eventually what > obstacle I could met in designing this feature. The current Prism2/2.5/3 firmware does not support this. > 1. The BEACON frames - I was told that the firmware generates these frames > and the driver does not have access to this frames. Is that true? Yes. > 2. Is it possible the driver to change ESSID on every frame? Well, you could try to switch between the different SSIDs, but it would be quite horrible hack and I would not really recommend trying to get this working with the current Prism2/2.5/3 firmware. Selecting a different wlan card design would make this much easier. The card would either need to provide Probe Request frames to the driver or support multiple SSIDs internally in firmware. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Thu Feb 24 00:31:34 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 23 Feb 2005 21:31:34 -0800 Subject: Bug in madwifi communication In-Reply-To: References: Message-ID: <20050224053134.GL9332@jm.kir.nu> On Wed, Feb 23, 2005 at 03:15:29PM +0100, Jens Stavnstrup wrote: > Originally I had no problems with these two running together back in > November 2004, but now after upgrading wpa_supplicant (through debians > apt-get) and the madwifi drive (manually), only part of the > authentification phase seems to work, which of course means I cannot > connect to the network. Which version of wpa_supplicant are you using? If it is not 0.3.8, could you please test this same configuration with 0.3.8? > Is the following statement normal ? > > WPA: EAPOL frame too short, len 48, expecting at least 99 Yes, that is normal. However, there's a problem in the end of the EAP authentication shown below in the debug log. Which authentication server are you using? > EAP: Received EAP-Request method=25 id=10 > EAP: EAP entering state METHOD > EAP-PEAP: Received packet(len=38) - Flags 0x00 > EAP-PEAP: received 32 bytes encrypted data for Phase 2 > EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 01 0a 00 0b 21 80 03 00 02 00 01 > EAP-PEAP: received Phase 2: code=1 identifier=10 length=11 > EAP-PEAP: Phase 2 Request: type=33 > EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 01 > EAP-TLV: Result TLV - hexdump(len=2): 00 01 > EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed > EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): [REMOVED] > EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC > EAP: EAP entering state SEND_RESPONSE > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RESPONSE > EAPOL: txSuppRsp This final part of PEAPv0, i.e., tunneled success notification seems to go through fine. > EAPOL: SUPP_BE entering state RECEIVE > WPA: EAPOL frame too short, len 48, expecting at least 99 > RX EAPOL from 00:0b:0e:02:32:40 > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Success > EAP: EAP entering state DISCARD However, this plaintext EAP-Success packet is being ignored which makes wpa_supplicant believe that the negotiation has not completed. Could you please send debug log with one more -d on the command line to get some more information about the reason for this. > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RECEIVE > WPA: EAPOL frame too short, len 48, expecting at least 99 > RX EAPOL from 00:0b:0e:02:32:40 > EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines > IEEE 802.1X RX: version=1 type=3 length=95 > EAPOL-Key type=254 > WPA: RX message 1 of 4-Way Handshake from 00:0b:0e:02:32:40 (ver=2) > WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 04 01 00 00 50 f2 01 > WPA: Renewed SNonce - hexdump(len=32): d3 4e ef 97 25 b2 99 85 5b d2 8e d2 79 07 81 b0 33 95 df c8 62 3b 07 74 75 72 8f db c4 41 96 14 > WPA: Failed to get master session key from EAPOL state machines > WPA: Key handshake aborted WPA handshake fails now since the EAP authentication has not been completed (due to that EAP-Success packet being discarded). -- Jouni Malinen PGP id EFC895FA From peacebwitchu at gmail.com Wed Feb 23 23:01:37 2005 From: peacebwitchu at gmail.com (John Knoxville) Date: Wed, 23 Feb 2005 20:01:37 -0800 Subject: ndiswrapper,Cisco Radius PEAP In-Reply-To: <20050224031132.GE9332@jm.kir.nu> References: <20050224031132.GE9332@jm.kir.nu> Message-ID: Here is my output after iwconfig wlan0 essid web and then running wpa_supplicant. I will try your suggestion as well. Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 'ndiswrapper' Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' eapol_version=1 ap_scan=1 Line: 4 - start of a new network block ssid - hexdump_ascii(len=9): 42 63 62 43 69 6f 42 72 72 web scan_ssid=1 (0x1) key_mgmt: 0x8 eap methods - hexdump(len=2): 19 00 identity - hexdump_ascii(len=13): 62 63 62 61 64 5c 67 72 69 73 77 6c 64 ad\peace password - hexdump_ascii(len=8): [REMOVED] phase2 - hexdump_ascii(len=13): 61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2 Priority group 0 id=0 ssid='web' Initializing interface (2) 'wlan0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 Own MAC address: 00:0c:f1:24:62:e2 Setting scan request: 0 sec 100000 usec Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=9): 42 63 62 43 69 6f 42 72 72 web Failed to initiate AP scan. Setting scan request: 10 sec 0 usec EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 Scan timeout - try to get results Received 3407 bytes of scan results (17 BSSes) Scan results: 17 Selecting BSS from priority group 0 0: 00:0e:83:fe:7c:90 ssid='web' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 1: 00:0e:83:fe:7c:f0 ssid='web' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 2: 00:0e:83:fe:7c:20 ssid='web' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 3: 00:0e:83:fe:7e:f0 ssid='web' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 4: 00:12:01:39:9b:c0 ssid='web' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 5: 00:0e:84:be:36:b0 ssid='web' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 6: 00:0e:83:fe:7c:50 ssid='web' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 7: 00:0f:23:d8:9a:d0 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 8: 00:0e:83:fe:7c:90 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 9: 00:0e:83:fe:7c:f0 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 10: 00:0e:83:fe:7c:20 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 11: 00:0e:84:be:36:b0 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 12: 00:0e:83:fe:7e:f0 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 13: 00:12:01:39:9b:c0 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 14: 00:0e:83:fe:7c:50 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 15: 02:00:29:83:fc:6e ssid='hpsetup' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE 16: 00:0e:83:fe:7b:b0 ssid='' wpa_ie_len=0 rsn_ie_len=0 skip - no WPA/RSN IE selected non-WPA AP 00:0e:83:fe:7c:90 ssid='web' Trying to associate with 00:0e:83:fe:7c:90 (SSID='web' freq=2412 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 No keys have been configured - skip key clearing Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8c02 len=79 Custom wireless event: 'ASSOCINFO(ReqIEs=000942636243696f427272010482848b96 RespIEs=010196)' Association info event req_ies - hexdump(len=17): 00 09 42 63 62 43 69 6f 42 72 72 01 04 82 84 8b 96 resp_ies - hexdump(len=3): 01 01 96 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:0e:83:fe:7e:f0 Association event - clear replay counter Associated to a new BSS: BSSID=00:0e:83:fe:7e:f0 No keys have been configured - skip key clearing Associated with 00:0e:83:fe:7e:f0 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart TX EAPOL - hexdump(len=18): 00 0e 83 fe 7e f0 00 0c f1 24 62 e2 88 8e 01 01 00 00 EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Wireless event: cmd=0x8c02 len=79 Custom wireless event: 'ASSOCINFO(ReqIEs=000942636243696f427272010482848b96 RespIEs=010196)' Association info event req_ies - hexdump(len=17): 00 09 42 63 62 43 69 6f 42 72 72 01 04 82 84 8b 96 resp_ies - hexdump(len=3): 01 01 96 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:0e:83:fe:7e:f0 Association event - clear replay counter Associated with 00:0e:83:fe:7e:f0 EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart TX EAPOL - hexdump(len=18): 00 0e 83 fe 7e f0 00 0c f1 24 62 e2 88 8e 01 01 00 00 EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec RX EAPOL from 00:0e:83:fe:7e:f0 RX EAPOL - hexdump(len=46): 01 00 00 05 01 01 00 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=1 EAP: EAP entering state IDENTITY EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=13): 62 63 62 61 64 5c 67 72 69 73 77 6c 64 ad\peace EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=36): 00 0e 83 fe 7e f0 00 0c f1 24 62 e2 88 8e 01 00 00 12 02 01 00 12 01 62 63 62 61 64 5c 67 72 69 73 77 6c 64 EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 46, expecting at least 99 RX EAPOL from 00:0e:83:fe:7e:f0 RX EAPOL - hexdump(len=46): 01 00 00 05 01 02 00 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=2 EAP: EAP entering state IDENTITY EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=13): 62 63 62 61 64 5c 67 72 69 73 77 6c 64 ad\peace EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=36): 00 0e 83 fe 7e f0 00 0c f1 24 62 e2 88 8e 01 00 00 12 02 02 00 12 01 62 63 62 61 64 5c 67 72 69 73 77 6c 64 EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 46, expecting at least 99 RX EAPOL from 00:0e:83:fe:7e:f0 RX EAPOL - hexdump(len=46): 01 00 00 1d 01 ae 00 1d 11 01 00 08 56 c9 a3 a0 4e 03 27 82 62 63 62 61 64 5c 67 72 69 73 77 6c 64 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=17 id=174 EAP: EAP entering state GET_METHOD EAP: Building EAP-Nak (requested type 17 not allowed) EAP: allowed methods - hexdump(len=1): 19 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=24): 00 0e 83 fe 7e f0 00 0c f1 24 62 e2 88 8e 01 00 00 06 02 ae 00 06 03 19 EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 46, expecting at least 99 RX EAPOL from 00:0e:83:fe:7e:f0 RX EAPOL - hexdump(len=46): 01 00 00 06 01 af 00 06 19 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=25 id=175 EAP: EAP entering state GET_METHOD EAP: initialize selected EAP method (25, PEAP) EAP-PEAP: Phase2 EAP types - hexdump(len=1): 1a EAP: EAP entering state METHOD EAP-PEAP: Received packet(len=6) - Flags 0x21 EAP-PEAP: Start (server ver=1, own ver=1) EAP-PEAP: Using PEAP version 1 SSL: (where=0x10 ret=0x1) SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:before/connect initialization SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client hello A SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read server hello A SSL: SSL_connect - want more data SSL: 100 bytes pending from ssl_out SSL: 100 bytes left to be sent out (of total 100 bytes) EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=124): 00 0e 83 fe 7e f0 00 0c f1 24 62 e2 88 8e 01 00 00 6a 02 af 00 6a 19 01 16 03 01 00 5f 01 00 00 5b 03 01 42 1c a7 cf 27 a0 c3 3e dc ee 73 e8 d0 44 6d ad ca 0f 82 c7 f8 43 02 62 8e b1 3b 63 0d cd 34 5a 00 00 34 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 66 00 05 00 04 00 63 00 62 00 61 00 15 00 12 00 09 00 65 00 64 00 60 00 14 00 11 00 08 00 06 00 03 01 00 EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 46, expecting at least 99 EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=29 idleWhile=59 EAPOL: Port Timers tick - authWhile=28 heldWhile=0 startWhen=28 idleWhile=58 EAPOL: Port Timers tick - authWhile=27 heldWhile=0 startWhen=27 idleWhile=57 EAPOL: Port Timers tick - authWhile=26 heldWhile=0 startWhen=26 idleWhile=56 EAPOL: Port Timers tick - authWhile=25 heldWhile=0 startWhen=25 idleWhile=55 EAPOL: Port Timers tick - authWhile=24 heldWhile=0 startWhen=24 idleWhile=54 EAPOL: Port Timers tick - authWhile=23 heldWhile=0 startWhen=23 idleWhile=53 EAPOL: Port Timers tick - authWhile=22 heldWhile=0 startWhen=22 idleWhile=52 EAPOL: Port Timers tick - authWhile=21 heldWhile=0 startWhen=21 idleWhile=51 EAPOL: Port Timers tick - authWhile=20 heldWhile=0 startWhen=20 idleWhile=50 EAPOL: Port Timers tick - authWhile=19 heldWhile=0 startWhen=19 idleWhile=49 EAPOL: Port Timers tick - authWhile=18 heldWhile=0 startWhen=18 idleWhile=48 EAPOL: Port Timers tick - authWhile=17 heldWhile=0 startWhen=17 idleWhile=47 EAPOL: Port Timers tick - authWhile=16 heldWhile=0 startWhen=16 idleWhile=46 EAPOL: Port Timers tick - authWhile=15 heldWhile=0 startWhen=15 idleWhile=45 EAPOL: Port Timers tick - authWhile=14 heldWhile=0 startWhen=14 idleWhile=44 EAPOL: Port Timers tick - authWhile=13 heldWhile=0 startWhen=13 idleWhile=43 EAPOL: Port Timers tick - authWhile=12 heldWhile=0 startWhen=12 idleWhile=42 EAPOL: Port Timers tick - authWhile=11 heldWhile=0 startWhen=11 idleWhile=41 EAPOL: Port Timers tick - authWhile=10 heldWhile=0 startWhen=10 idleWhile=40 EAPOL: Port Timers tick - authWhile=9 heldWhile=0 startWhen=9 idleWhile=39 EAPOL: Port Timers tick - authWhile=8 heldWhile=0 startWhen=8 idleWhile=38 EAPOL: Port Timers tick - authWhile=7 heldWhile=0 startWhen=7 idleWhile=37 EAPOL: Port Timers tick - authWhile=6 heldWhile=0 startWhen=6 idleWhile=36 Signal 2 received - terminating No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit On Wed, 23 Feb 2005 19:11:32 -0800, Jouni Malinen wrote: > On Wed, Feb 23, 2005 at 09:18:59AM -0500, John Knoxville wrote: > > > I am having problems getting associated with my Cisco AP and Radius > > server. I am using the latest ndiswrapper with the centrino wireless > > card. Here is my config and debug output. > > > > eapol_version=1 > > ap_scan=1 > > > > network={ > > ssid="web" > > scan_ssid=1 > > > Starting AP scan (specific SSID) > > Scan SSID - hexdump_ascii(len=9): > > 42 63 62 43 69 6f 42 72 72 web > > ioctl[SIOCSIWSCAN{,EXT}]: No such device > > Failed to initiate AP scan. > > ndiswrapper and well, NDIS drivers in general do not support scan for a > specific SSID (scan_ssid=1). You will either need to use broadcast scan > or if you are using hidden SSID, ap_scan=2 to make the driver associate > with the given SSID without wpa_supplicant having to request a scan. > > > Setting scan request: 10 sec 0 usec > > EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 > > EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 > > EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0 > > Scan timeout - try to get results > > Received 2171 bytes of scan results (11 BSSes) > > Scan results: 11 > > Selecting BSS from priority group 0 > > What happens after this line? > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > From batraraj22 at rediffmail.com Thu Feb 24 00:55:46 2005 From: batraraj22 at rediffmail.com (rajan batra) Date: Thu, 24 Feb 2005 05:55:46 -0000 Subject: Ref : HostAP IAPP Code Message-ID: <20050224055715.1487.qmail@webmail49.rediffmail.com> Hello Jouni, I am working on IAPP code, i have gone through previous discussions on IAPP code status, but still things are not crystal clear to me. I request you to pls if possible kindly put some light on this issues and this will save days for me.;) 1. Is any work being done in IAPP code developement. 2. As said by you, about uncertainity of IAPP being part of standard, is it recommended to proceed with deployment of IAPP and enhancing Hostapd code of IAPP. 3.Would like to know, if IAPP is not to be continued, then what are the issues which instigates this decision. 4. I somehow didn't find Developer mailing list for IAPP.! Mr Jouni, i want to start and finish with IAPP as a project ASAP, so to evaluate the feasibility and current status, i need your comments. Thanking you for ur time. Regards, Rajan Batra. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/hostap/attachments/20050224/dae06a79/attachment.htm From jkmaline at cc.hut.fi Thu Feb 24 01:04:51 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 23 Feb 2005 22:04:51 -0800 Subject: ndiswrapper,Cisco Radius PEAP In-Reply-To: References: <20050224031132.GE9332@jm.kir.nu> Message-ID: <20050224060451.GN9332@jm.kir.nu> On Wed, Feb 23, 2005 at 08:01:37PM -0800, John Knoxville wrote: > Here is my output after iwconfig wlan0 essid web and then running > wpa_supplicant. I will try your suggestion as well. Is the authentication server that is used here Cisco ACS? It starts PEAPv1 authentication, but drops the reply from wpa_supplicant. Unless you are already using wpa_supplicant v0.3.8, please upgrade to that. After that, try adding phase1="include_tls_length=1" line into the network configuration block. This makes wpa_supplicant use the non-standard format Cisco uses some of the PEAPv1 packets (requiring TLS Message Length field for TLS packets that are not fragmented). This is known to work around interoperability issues with some Cisco ACS versions. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Thu Feb 24 01:25:13 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Wed, 23 Feb 2005 22:25:13 -0800 Subject: Ref : HostAP IAPP Code In-Reply-To: <20050224055715.1487.qmail@webmail49.rediffmail.com> References: <20050224055715.1487.qmail@webmail49.rediffmail.com> Message-ID: <20050224062513.GO9332@jm.kir.nu> On Thu, Feb 24, 2005 at 05:57:15AM -0000, rajan batra wrote: > 1. Is any work being done in IAPP code developement. Difficult to say, I don't really know. > 2. As said by you, about uncertainity of IAPP being part of standard, is it recommended to proceed with deployment of IAPP and enhancing Hostapd code of IAPP. If by IAPP you mean IEEE 802.11F-2003, there is no uncertainty about whether it is part of the standard (IEEE Std 802.11); it is not. It is a recommended practice for trial-use and as such, it will expire in two years from publication (if I remember IEEE rules correctly) which would be in July 2005 unless it gets extended.. Since IEEE 802 does not work on standardizing on IP protocols (i.e., it is limited to layers one and two), I would assume IAPP could be considered to be out of scope and the more proper place for standardizing it would be IETF. Whether I would recommend that someone should work on enhancing IAPP implementations is a question for which I don't have a clear answer at the moment. The first step would probably be more in defining what needs to be transferred between APs (and/or other components of the network management). This could then be possible transferred with IAPP or some other context transfer protocol. I believe IETF is currently working on this area. Which protocol to use would also depend on what you are trying to do and what kind of expectations there are about interoperability with other implementations and likelyhood of the chosen protocol being in use at some point in the future. > 3.Would like to know, if IAPP is not to be continued, then what are the issues which instigates this decision. IAPP is not really very useful by itself. It is just providing a mechanism for sending out abstract date between APs. Someone would need to specify what to send before this can be used. > 4. I somehow didn't find Developer mailing list for IAPP.! If the answer for question 1 is "no", would this be so surprising? ;-) -- Jouni Malinen PGP id EFC895FA From peacebwitchu at gmail.com Thu Feb 24 07:52:54 2005 From: peacebwitchu at gmail.com (John Knoxville) Date: Thu, 24 Feb 2005 07:52:54 -0500 Subject: ndiswrapper,Cisco Radius PEAP In-Reply-To: <20050224060451.GN9332@jm.kir.nu> References: <20050224031132.GE9332@jm.kir.nu> <20050224060451.GN9332@jm.kir.nu> Message-ID: I was already at 0.3.8 but after adding the tls line it works perfectly. Thank You very much. On Wed, 23 Feb 2005 22:04:51 -0800, Jouni Malinen wrote: > On Wed, Feb 23, 2005 at 08:01:37PM -0800, John Knoxville wrote: > > > Here is my output after iwconfig wlan0 essid web and then running > > wpa_supplicant. I will try your suggestion as well. > > Is the authentication server that is used here Cisco ACS? It starts > PEAPv1 authentication, but drops the reply from wpa_supplicant. Unless > you are already using wpa_supplicant v0.3.8, please upgrade to that. > After that, try adding phase1="include_tls_length=1" line into the > network configuration block. This makes wpa_supplicant use the > non-standard format Cisco uses some of the PEAPv1 packets (requiring TLS > Message Length field for TLS packets that are not fragmented). This is > known to work around interoperability issues with some Cisco ACS > versions. > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > From jkmaline at cc.hut.fi Thu Feb 24 09:44:19 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Thu, 24 Feb 2005 06:44:19 -0800 Subject: Bug in madwifi communication In-Reply-To: References: <20050224053134.GL9332@jm.kir.nu> Message-ID: <20050224144418.GQ9332@jm.kir.nu> On Thu, Feb 24, 2005 at 10:58:33AM +0100, Jens Stavnstrup wrote: > I am told we are using something called Ringmaster version 2.1.2.0 OK. This is the first authentication server that I've seen doing this: > RX EAPOL from 00:0b:0e:02:32:40 > RX EAPOL - hexdump(len=48): 01 00 00 26 01 0a 00 26 19 00 17 03 01 00 1b 5c 7a 0b 1f 26 9d cc 10 e3 05 c9 61 61 83 57 d2 84 1c 06 30 11 98 1a b8 e7 82 ef ed 92 9b 1a 18 f9 > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request method=25 id=10 This is the protected success notification in EAP-TLV. EAP Id=10. The following message is EAP-Success: > RX EAPOL from 00:0b:0e:02:32:40 > RX EAPOL - hexdump(len=48): 01 00 00 04 03 0c 00 04 19 00 17 03 01 00 1b 5c 7a 0b 1f 26 9d cc 10 e3 05 c9 61 61 83 57 d2 84 1c 06 30 11 98 1a b8 e7 82 ef ed 92 9b 1a 18 f9 EAP Id=12. However, EAP RFC requires that EAP-Success uses the same Id that was used in previous EAP-Request, i.e., 10 in this case.. This makes wpa_supplicant ignore the frame: > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Success > EAP: EAP entering state DISCARD There is already a workaround for lastId+1 in EAP-Success, but not for lastId+2. Could you please try whether the attached patch removes this issue in your network? You can apply it with 'patch -p0 < eap_success_workaround.patch' in the wpa_supplicant directory. -- Jouni Malinen PGP id EFC895FA -------------- next part -------------- Index: eap.c =================================================================== RCS file: /home/jm/cvsroot/hostap/wpa_supplicant/eap.c,v retrieving revision 1.62 diff -u -p -u -p -r1.62 eap.c --- eap.c 22 Jan 2005 19:28:26 -0000 1.62 +++ eap.c 24 Feb 2005 14:38:04 -0000 @@ -458,19 +458,27 @@ SM_STATE(EAP, FAILURE) static int eap_success_workaround(struct eap_sm *sm, int reqId, int lastId) { - /* At least Microsoft IAS and Meetinghouse Aegis seem to be sending + /* + * At least Microsoft IAS and Meetinghouse Aegis seem to be sending * EAP-Success/Failure with lastId + 1 even though RFC 3748 and * draft-ietf-eap-statemachine-05.pdf require that reqId == lastId. + * In addition, it looks like Ringmaster v2.1.2.0 would be using + * lastId + 2 in EAP-Success. + * * Accept this kind of Id if EAP workarounds are enabled. These are * unauthenticated plaintext messages, so this should have minimal - * security implications (bit easier to fake EAP-Success/Failure). */ - if (sm->workaround && reqId == ((lastId + 1) & 0xff)) { + * security implications (bit easier to fake EAP-Success/Failure). + */ + if (sm->workaround && (reqId == ((lastId + 1) & 0xff) || + reqId == ((lastId + 2) & 0xff))) { wpa_printf(MSG_DEBUG, "EAP: Workaround for unexpected " "identifier field in EAP Success: " "reqId=%d lastId=%d (these are supposed to be " "same)", reqId, lastId); return 1; } + wpa_printf(MSG_DEBUG, "EAP: EAP-Success Id mismatch - reqId=%d " + "lastId=%d", reqId, lastId); return 0; } From eduardgv at gmail.com Thu Feb 24 11:07:50 2005 From: eduardgv at gmail.com (eduardgv) Date: Thu, 24 Feb 2005 17:07:50 +0100 Subject: Ref : HostAP IAPP Code In-Reply-To: <20050224062513.GO9332@jm.kir.nu> References: <20050224055715.1487.qmail@webmail49.rediffmail.com> <20050224062513.GO9332@jm.kir.nu> Message-ID: <66c3877d05022408071c26c1fb@mail.gmail.com> > > I believe IETF is currently working on this area. Which protocol to use > would also depend on what you are trying to do and what kind of > expectations there are about interoperability with other implementations > and likelyhood of the chosen protocol being in use at some point in the > future. > See the CAPWAP charter (1). I'd also recommend that you keep track of the future IEEE 802.11v and 802.11r. (1): http://www.ietf.org/html.charters/capwap-charter.html From lorenzo at colitti.com Thu Feb 24 18:15:03 2005 From: lorenzo at colitti.com (Lorenzo Colitti) Date: Fri, 25 Feb 2005 00:15:03 +0100 Subject: [RESEND] [patch] wpa_supplicant + madwifi can't associate to non-WEP network Message-ID: <421E5FF7.1050009@colitti.com> Hi, I sent this patch a couple of weeks ago, but got no response. I've been running on various types of wireless networks since then and it seems to work fine. It would be nice if it could be applied so I could go back to using the wpa_supplicant debian package instead of my patched version. :-) Cheers, Lorenzo =======================8<------------------------ Hi, I am using wpa_supplicant 0.3.2 with the madwifi driver, but I can't get it to associate with a non-WEP (i.e. completely insecure) network with a Cisco Aironet 1200 BS (details below). The problem is that the BS refuses the association request because the request specifies WEP and the BS has WEP disabled. The attached patch fixes the problem by explicitly enabling and disabling WEP in the driver when set_drop_unencrypted() is called. Can it be applied? Cheers, Lorenzo =======================8<------------------------ Network entry in wpa_supplicant.conf: > network={ > ssid="xxx" > key_mgmt=NONE > } Output of wpa_supplicant -dddd: > Trying to associate with 00:0e:84:92:7d:f0 (SSID='xxx' freq=2412 MHz) > Cancelling scan request > Automatic auth_alg selection: 0x1 > No keys have been configured - skip key clearing > wpa_driver_madwifi_set_drop_unencrypted: enabled=0 > wpa_driver_madwifi_associate > Setting authentication timeout: 5 sec 0 usec > EAPOL: External notification - portControl=ForceAuthorized > Wireless event: cmd=0x8b1a len=21 If I turn on debugging in the madwifi driver I see the following error message: > Feb 10 17:15:39 localhost kernel: association failed (reason 10) for 00:0e:84:92:74:70 Reason 10 is "Cannot support all requested capabilities in the Capability Information field". Packet dumps of the association request and response (2104 is without WEP, 3104 is with WEP): > Feb 10 17:31:49 localhost kernel: NODS 00:11:0a:81:6b:64->00:0e:84:92:74:70(00:0e:84:92:74:70) assoc_req 1M > [...] 0000 3a01 000e 8492 7470 0011 0a81 6b64 000e 8492 7470 1000 3104 [...] > ^^^^ > Feb 10 17:31:49 localhost kernel: NODS 00:0e:84:92:74:70->ff:ff:ff:ff:ff:ff(00:0e:84:92:74:70) beacon 1M +2 > [...] 8000 0000 ffff ffff ffff 000e 8492 7470 000e 8492 7470 d069 91e1 baef 0a01 0000 6400 2104 [...] > ^^^^ -------------- next part -------------- A non-text attachment was scrubbed... Name: patch-wpa_supplicant-madwifi-wep.diff Type: text/x-patch Size: 507 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050225/9c0270c1/attachment.bin From axel at zedx.org Thu Feb 24 18:40:43 2005 From: axel at zedx.org (Axel Christiansen) Date: Fri, 25 Feb 2005 00:40:43 +0100 Subject: hostapd wlan0 and wlan0wds0 in a linux bridge Message-ID: <421E65FB.8060001@zedx.org> Hello, i am using hostapd for WPA-PSK with a wlan0 and a wlan0ws0 interface. Works fine. I would like these 2 interfaces in a linux bridge. That works fine, too. As soon as the hostapd is involved the hole thing seems to block. Terminating the hostapd does not unlock the bridge. The device is running linux 2.4.27 a prism 2.5 card hostap 0.3.7 hostapd 0.3.7 What can i do? Thx a lot, Axel From ricardo.j.sanchez at intel.com Thu Feb 24 19:20:40 2005 From: ricardo.j.sanchez at intel.com (Sanchez, Ricardo J) Date: Thu, 24 Feb 2005 16:20:40 -0800 Subject: Using wpa_supplicant with a Non-WPA supporter interface (e.g., ethernet) Message-ID: <85514027246E4643A1B0780EC0F6F45801F4BA58@orsmsx410> Hello, Is this possible with wpa_supplicant? I want to use a plain Ethernet interface (which obviously provides no WPA support, much less wireless support), to exercise new authentication methods over the wpa_supplicant infrastructure. Thanks, - Ricardo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/hostap/attachments/20050224/210af496/attachment.htm From boavista54 at sbcglobal.net Thu Feb 24 20:02:30 2005 From: boavista54 at sbcglobal.net (Doug Bradford) Date: Thu, 24 Feb 2005 17:02:30 -0800 Subject: Installing HostAP on 2nd Computer? Message-ID: <4.2.2.20050224165201.01323dc8@localhost> I have the latest hostap driver and related programs successfully running on my development system. How do I install hostap driver and related programs on a second stripped down Linux machine that has no development environment? Thanks, Doug From jkmaline at cc.hut.fi Thu Feb 24 22:12:35 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Thu, 24 Feb 2005 19:12:35 -0800 Subject: [RESEND] [patch] wpa_supplicant + madwifi can't associate to non-WEP network In-Reply-To: <421E5FF7.1050009@colitti.com> References: <421E5FF7.1050009@colitti.com> Message-ID: <20050225031235.GR9332@jm.kir.nu> On Fri, Feb 25, 2005 at 12:15:03AM +0100, Lorenzo Colitti wrote: > I am using wpa_supplicant 0.3.2 with the madwifi driver, but I can't get > it to associate with a non-WEP (i.e. completely insecure) network with a > Cisco Aironet 1200 BS (details below). The problem is that the BS > refuses the association request because the request specifies WEP and > the BS has WEP disabled. > > The attached patch fixes the problem by explicitly enabling and > disabling WEP in the driver when set_drop_unencrypted() is called. Thanks. A patch with similar effect, but correct place for the operation (i.e., associate handler) was committed to CVS couple of days ago. This works for me and is currently in the development branch. I'll merge it into other branches after some more testing. If you would like to speed this up, please test whether the current development snapshot works. -- Jouni Malinen PGP id EFC895FA From jkmaline at cc.hut.fi Thu Feb 24 22:17:31 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Thu, 24 Feb 2005 19:17:31 -0800 Subject: Using wpa_supplicant with a Non-WPA supporter interface (e.g., ethernet) In-Reply-To: <85514027246E4643A1B0780EC0F6F45801F4BA58@orsmsx410> References: <85514027246E4643A1B0780EC0F6F45801F4BA58@orsmsx410> Message-ID: <20050225031731.GS9332@jm.kir.nu> On Thu, Feb 24, 2005 at 04:20:40PM -0800, Sanchez, Ricardo J wrote: > Is this possible with wpa_supplicant? I want to use a plain Ethernet > interface > > (which obviously provides no WPA support, much less wireless support), Yes, this is possible with the latest development snapshot. I just added a new driver interface, driver_wired.c, for wired IEEE 802.1X authentication. README file has an example on how to use this ("Authentication for wired Ethernet"). > to > > exercise new authentication methods over the wpa_supplicant > infrastructure. Is this just for testing a new EAP method or also for actually authenticating wired devices? For testing EAP, I'm usually using eapol_test which has an integrated IEEE 802.1X authenticator and RADIUS authentication client. This allows testing directly against an authentication server without need for an external authenticator. -- Jouni Malinen PGP id EFC895FA From coert.vonk at gmail.com Thu Feb 24 22:52:28 2005 From: coert.vonk at gmail.com (Coert) Date: Thu, 24 Feb 2005 19:52:28 -0800 Subject: Secure Internet for Small Office / Home Office HOWTO now available Message-ID: <5f5c317a0502241952717416b6@mail.gmail.com> Time for me to give back to the community .. I wrote down my notes about building a Firewall, Wireless Access Point and VPN Server. The wireless is using the madwifi driver and hostapd authenticator (WPA). It also includes configuration notes for wpa_supplicant and Windows/XP clients. The WPA uses X.509 certificates (TLS) or username/password (PEAP MSCHAPV2) The overall key features of the router: * Stateful Firewall - offers highly configurable protection for the internal network. * VPN Server - lets remote users access the resources on the internal network through their local Internet connection (Windows/XP can connect out of the box). * Office Interconnect - combined IPsec VPN server and client allows secure office interconnect. * Versitile Wireless Access Point - 802.11b/g (2.4 GHz) and 802.11a (5 GHz) with antenna diversity for extended range. * Wireless Security - WEP, WPA or IEEE 802.11i prevents unauthorized access. * Network Address Translation - lets all computers on the internal network share a single Internet connection. * Local Domain server - speeds up DNS lookups and resolves local domains. * Dynamic Host Configuration server - allows computers on the internal network to automatically configure their network interface. * Network Time Protocol server - keeps the clocks of computers on the internal network in sync. * Secure Shell - allows secure remote administratrion of this router. * Highly configurable - You have the source code; you can make any change you want. The HOWTO is available at: http://www.cybcon.com/~coert/linux/siso/ hope this helps, /coert From yenjung at gmail.com Thu Feb 24 22:56:52 2005 From: yenjung at gmail.com (YenJung Chang) Date: Fri, 25 Feb 2005 11:56:52 +0800 Subject: wpa_supplicant limitation with a large number of APs. Message-ID: <32653c970502241956123466f6@mail.gmail.com> Hi, List, wpa_supplicant has problem to connect to a connecting available AP if the AP is not in the scanned result. This problem would happen in the environment with much APs over than about 20. The memory size of passing scanning result between wpa_supplicant and driver is 4096, and the total number of APs can passed is only about 20. Therefore, wpa_supplicant could not connect to a connecting available AP if the AP is not in the scanned result passed from driver. Is it possible that wpa_supplicant tries to connect to target AP regardless of scanning result? Thanks. YJ. From jkmaline at cc.hut.fi Thu Feb 24 23:08:44 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Thu, 24 Feb 2005 20:08:44 -0800 Subject: wpa_supplicant limitation with a large number of APs. In-Reply-To: <32653c970502241956123466f6@mail.gmail.com> References: <32653c970502241956123466f6@mail.gmail.com> Message-ID: <20050225040844.GV9332@jm.kir.nu> On Fri, Feb 25, 2005 at 11:56:52AM +0800, YenJung Chang wrote: > wpa_supplicant has problem to connect to a connecting available AP if > the AP is not in the > scanned result. > This problem would happen in the environment with much APs over than about 20. > The memory size of passing scanning result between wpa_supplicant and driver is > 4096, and the total number of APs can passed is only about 20. That's not true with the latest wpa_supplicant version; or well, at least it is not true for the drivers that use wireless extensions for getting scan results. Yes, there is still a limit, but it is not 4k or 20 APs. > Is it possible that wpa_supplicant tries to connect to target AP > regardless of scanning result? Yes, if the driver supports ap_scan=2 mode, wpa_supplicant does not need to request scan results. Another option is to use scan_ssid=1 option to limit the scan to one SSID. -- Jouni Malinen PGP id EFC895FA From yenjung at gmail.com Fri Feb 25 00:12:48 2005 From: yenjung at gmail.com (YenJung Chang) Date: Fri, 25 Feb 2005 13:12:48 +0800 Subject: wpa_supplicant limitation with a large number of APs. In-Reply-To: <20050225040844.GV9332@jm.kir.nu> References: <32653c970502241956123466f6@mail.gmail.com> <20050225040844.GV9332@jm.kir.nu> Message-ID: <32653c9705022421126e81f5a0@mail.gmail.com> Thanks for your reply in advance. :) On Thu, 24 Feb 2005 20:08:44 -0800, Jouni Malinen wrote: > On Fri, Feb 25, 2005 at 11:56:52AM +0800, YenJung Chang wrote: > > > wpa_supplicant has problem to connect to a connecting available AP if > > the AP is not in the > > scanned result. > > This problem would happen in the environment with much APs over than about 20. > > The memory size of passing scanning result between wpa_supplicant and driver is > > 4096, and the total number of APs can passed is only about 20. > > That's not true with the latest wpa_supplicant version; or well, at > least it is not true for the drivers that use wireless extensions for > getting scan results. Yes, there is still a limit, but it is not 4k or > 20 APs. I said that the memory size of scanning result is 4096 is bcz the variable "res_buf_len" in funcion wpa_driver_wext_get_scan_results in driver_wext.c (wpa_supplicant 0.3.8) is assigned IW_SCAN_MAX_DATA (4096). And the max got number of AP is about 20 is the number I most saw when wpa_supplicant ran. So it is possible that wpa_supplicant gets more APs? > > Is it possible that wpa_supplicant tries to connect to target AP > > regardless of scanning result? > > Yes, if the driver supports ap_scan=2 mode, wpa_supplicant does not need > to request scan results. Another option is to use scan_ssid=1 option to > limit the scan to one SSID. I tried ap_scan=2 without security. Unfortunately, it failed. Is there any restrication on ap_scan=2 ? If no, I will post my log of failure to the list later. :) > -- > Jouni Malinen PGP id EFC895FA I apologize if you feel I am impolite. It is not my intention. :) My English is not good enough. Thanks, YJ. From jkmaline at cc.hut.fi Fri Feb 25 01:25:56 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Thu, 24 Feb 2005 22:25:56 -0800 Subject: wpa_supplicant limitation with a large number of APs. In-Reply-To: <32653c9705022421126e81f5a0@mail.gmail.com> References: <32653c970502241956123466f6@mail.gmail.com> <20050225040844.GV9332@jm.kir.nu> <32653c9705022421126e81f5a0@mail.gmail.com> Message-ID: <20050225062556.GX9332@jm.kir.nu> On Fri, Feb 25, 2005 at 01:12:48PM +0800, YenJung Chang wrote: > I said that the memory size of scanning result is 4096 is bcz the > variable "res_buf_len" in funcion wpa_driver_wext_get_scan_results in > driver_wext.c > (wpa_supplicant 0.3.8) is assigned IW_SCAN_MAX_DATA (4096). That is the initial value, but it will be incremented up to 65536 bytes if the driver returns E2BIG. > And the max got number of AP is about 20 is the number I most saw when > wpa_supplicant ran. Which driver are you using? I think I have seen much higher numbers, but this requires that the driver supports long scan results. Do you see more APs if you do a scan manually with 'iwlist scan'? The current hard limit on the wpa_supplicant side (SCAN_AP_LIMIT) is set to 128. > I tried ap_scan=2 without security. Unfortunately, it failed. > Is there any restrication on ap_scan=2 ? Yes, driver needs to support it and not all do. -- Jouni Malinen PGP id EFC895FA From yenjung at gmail.com Fri Feb 25 03:57:52 2005 From: yenjung at gmail.com (YenJung Chang) Date: Fri, 25 Feb 2005 16:57:52 +0800 Subject: wpa_supplicant limitation with a large number of APs. In-Reply-To: <20050225062556.GX9332@jm.kir.nu> References: <32653c970502241956123466f6@mail.gmail.com> <20050225040844.GV9332@jm.kir.nu> <32653c9705022421126e81f5a0@mail.gmail.com> <20050225062556.GX9332@jm.kir.nu> Message-ID: <32653c97050225005757ef2ab4@mail.gmail.com> On Thu, 24 Feb 2005 22:25:56 -0800, Jouni Malinen wrote: > On Fri, Feb 25, 2005 at 01:12:48PM +0800, YenJung Chang wrote: > > > I said that the memory size of scanning result is 4096 is bcz the > > variable "res_buf_len" in funcion wpa_driver_wext_get_scan_results in > > driver_wext.c > > (wpa_supplicant 0.3.8) is assigned IW_SCAN_MAX_DATA (4096). > > That is the initial value, but it will be incremented up to 65536 bytes > if the driver returns E2BIG. I am using Madwifi. It seems madwifi does not support this. I will check it. Thanks. :) > > And the max got number of AP is about 20 is the number I most saw when > > wpa_supplicant ran. > > Which driver are you using? I think I have seen much higher numbers, but > this requires that the driver supports long scan results. Do you see > more APs if you do a scan manually with 'iwlist scan'? The > current hard limit on the wpa_supplicant side (SCAN_AP_LIMIT) is set to > 128. > > > I tried ap_scan=2 without security. Unfortunately, it failed. > > Is there any restrication on ap_scan=2 ? > > Yes, driver needs to support it and not all do. In your memory, does madwifi support this? There are some strange behavior when I set it. :S However, thanks your reply. :) > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > From fromkth+hostap at fastmail.fm Fri Feb 25 08:54:58 2005 From: fromkth+hostap at fastmail.fm (Ajeet Nankani) Date: Fri, 25 Feb 2005 05:54:58 -0800 Subject: Experiments with different firmwares when card is in Master mode. Message-ID: <1109339698.7882.216015398@webmail.messagingengine.com> There are some differences in operation of the prism2.5 pc-card when different firmwares are used, at least in master(Access Point) mode. Here are my observations, PC-card in master mode. Pri 1.1.1 Sec 1.8.0 or 1.8.3 Authentication request from STA to Authentication Response from AP takes around 5ms to 70ms (Re)Association request from STA to (Re)Association response from AP takes around 100ms to 150ms PC-card in master mode. Pri 1.1.1 Sec 1.7.4 Authentication request from STA to Authentication Response from AP takes around 1ms to 2ms (Re)Association request from STA to (Re)Association response from AP takes around 1ms to 2ms So I guess 1.7.4 is the all time best to use. Does anybody have similar or different experiences? Does anybody know of any bug(s) with 1.7.4? I could not find on internet that what they have changed/improved from 1.7.4 to 1.8.x Does anybody know about firmware change log? Jouni, any comments on above results, questions. -ajeet. From peidran at iocaine.com Fri Feb 25 13:31:24 2005 From: peidran at iocaine.com (Peter Abrahamsen) Date: Fri, 25 Feb 2005 12:31:24 -0600 Subject: Senao txpower Message-ID: <20050225183124.GA7452@ometepe.net> Good day, I have a little bit of a problem. I'm in Nicaragua (convenient enough), building a wireless freenet on an island. As it turns out, the amps we're using will bust if fed the full 200mW of the Senao 2511MP plus. So, I either need to route around them, or set the power down on the radio. Routing around them would mean DHL'ing a couple pigtails from the states, which I'd really rather not do. I've built 0.3.7 with the patch posted here: http://lists.shmoo.com/pipermail/hostap/2005-February/009452.html I know that it's experimental and will probably blow my poor little island to smithereens if I cough on it, but I'd like to give it a try. Does anyone have any pointers for how to go about this? Specifically: a) has anyone determined what the correlation between txpower setting and actual output power is for this card, or one sufficiently similar? I don't have a spectrum analyzer. b) is there a way I can hard-code the txpower into the driver so that it NEVER goes above 50mW? If necessary, I'd be willing at this point to pay for someone to research this for me, and write a little bit of code. Many thanks, Peter Abrahamsen Red Libre de Ometepe Ometepe, Nicaragua From jim at terwee.com Fri Feb 25 14:06:00 2005 From: jim at terwee.com (Jim TerWee) Date: Fri, 25 Feb 2005 13:06:00 -0600 (CST) Subject: Senao txpower In-Reply-To: <20050225183124.GA7452@ometepe.net> References: <20050225183124.GA7452@ometepe.net> Message-ID: <16051.207.41.65.19.1109358360.squirrel@www.terwee.com> On Fri, February 25, 2005 12:31 pm, Peter Abrahamsen said: > Good day, > > I have a little bit of a problem. I'm in Nicaragua (convenient enough), > building a wireless freenet on an island. > > As it turns out, the amps we're using will bust if fed the full 200mW of > the > Senao 2511MP plus. So, I either need to route around them, or set the > power How close are you putting the amps to the radios. Generally you should only use an amp if you have a long cable run. For example every 50 feet of LMR400 will cost you 3db. You mount your amp next to your antenna 50 to 100 foot cable run to your radio will cause 3 to 6 db of loss. Every amp I have seen will handle 20db incoming so you would be okay. Cutting power to use an amp isn't making sense. A better choice would be to use a small embedded board from Soekris or PcEngines and mount your AP next to the antenna and skip the amps. I have about 30 amps that I have taken out I would give somebody a good deal on them if they really want to use an amp. A little more detail on your physical installation would help I don't think you should have to cut the power down to use an amp Jim TerWee From peter at amandrai.net Fri Feb 25 15:04:36 2005 From: peter at amandrai.net (Peter Abrahamsen) Date: Fri, 25 Feb 2005 12:04:36 -0800 Subject: Senao txpower In-Reply-To: <16051.207.41.65.19.1109358360.squirrel@www.terwee.com> References: <20050225183124.GA7452@ometepe.net> <16051.207.41.65.19.1109358360.squirrel@www.terwee.com> Message-ID: <20050225200436.GA23488@atypedigital.com> You're perfectly right. We ought not be using amps at all. However, that's the design I was given. In order to not use them at this point, I'd have to wait a few weeks for new connectors, and I'd rather not do that for business reasons. It certainly seems like getting rid of them is the best idea in the long range, though. Here is the physical situation: a soekris board with two minipci cards inside a custom waterproof case. Two amps are beneath the soekris board, in the box. The box will be about 4m from a 24dB parabolic. The remote site is about 8-9 miles away. So, theamp is over kill. Thanks, P On Fri, Feb 25, 2005 at 01:06:00PM -0600, Jim TerWee wrote: > How close are you putting the amps to the radios. Generally you should > only use an amp if you have a long cable run. For example every 50 feet of > LMR400 will cost you 3db. You mount your amp next to your antenna 50 to > 100 foot cable run to your radio will cause 3 to 6 db of loss. Every amp I > have seen will handle 20db incoming so you would be okay. Cutting power to > use an amp isn't making sense. > A better choice would be to use a small embedded board from Soekris or > PcEngines and mount your AP next to the antenna and skip the amps. > I have about 30 amps that I have taken out I would give somebody a good > deal on them if they really want to use an amp. > A little more detail on your physical installation would help I don't > think you should have to cut the power down to use an amp > > Jim TerWee > > > > From denier at umr.edu Fri Feb 25 17:44:36 2005 From: denier at umr.edu (Robert Denier) Date: Fri, 25 Feb 2005 16:44:36 -0600 Subject: SES development opinions request In-Reply-To: <421BA6B4.2050600@inmotiontechnology.com> References: <421BA6B4.2050600@inmotiontechnology.com> Message-ID: <1109371476.501.96.camel@chidori.cephiro> I'm still waiting on the sourceforge project approval. It should be just a matter of time now. The former users of ses said it was ok, but it looks like it still may be awhile. At any rate until then I presumably won't have a mailing list, so I apologize in advance for monopolizing this one. For those who don't already know my project is sitting at www.finiteinfinity.com/ses/index.html My intent is to make this system work on any network interface by placing a call at just before the kernel does driver calls to network hardware. It looks like /usr/src/linux/net/core/dev.c is where I need to be. My goals so far are 1) Keeping the modifications very minor here, but having it set such that if the ses and elliptic modules are present then packets are run through them if they originate or are intended for a specified interface. 2) If those modules are not present to simply work as usual. 3) If a computer is not listed as using SES (no public key found) then for packets to be optionally sent/received in unencrypted form. Opinions? Better ideas? Other ideas/suggestions? Has anyone tested the full system yet? If anyone uses this code in whole or in part for another GPL'd project I'd hope they would join the mailing list when I get it up and let me know. I'm going to setup a machine and run its terminal on a serial port for this work since I figure I'll manage to crash the system a few times before I figure out all I need to figure out. -Robert From oluap at autolatina.com.br Sun Feb 27 09:29:57 2005 From: oluap at autolatina.com.br (Paulo Sergio Lemes Queiroz) Date: Sun, 27 Feb 2005 14:29:57 +0000 Subject: Tuning hostap configuration In-Reply-To: <000c01c518df$86816dd0$0200a8c0@racunar02> References: <421B2633.6080705@autolatina.com.br> <000c01c518df$86816dd0$0200a8c0@racunar02> Message-ID: <4221D965.2030003@autolatina.com.br> I think... It's a interval that AP send packets to network determining if the hosts that are not sending data still alive ps.: sorry for the poor english... hiphin wrote: > please what is this, yes I read readme, but still if you have little > time and tell me about : > > ${IWPRIV} ${IFCE} dtim_period 20 > > > ----- Original Message ----- From: "Paulo Sergio Lemes Queiroz" > > To: > Sent: Tuesday, February 22, 2005 1:31 PM > Subject: Tuning hostap configuration > > >> Hi, >> >> I'm having a strange problem with my network >> >> Some times, some clients, get to lower tx rates. >> >> Initially, I think its a channel problem... but when I change the >> channel, the tx_rate don't change. >> >> I'm using this config: >> >> IWCONFIG=/sbin/iwconfig >> IFCE=wlan0 >> ${IWCONFIG} ${IFCE} essid MyNet >> ${IWCONFIG} ${IFCE} nick MyCard >> ${IWCONFIG} ${IFCE} mode Master >> ${IWCONFIG} ${IFCE} rate 11M auto >> ${IWCONFIG} ${IFCE} frag 512 >> ${IWCONFIG} ${IFCE} rts 65 >> ${IWPRIV} ${IFCE} beacon_int 100 >> ${IWPRIV} ${IFCE} dtim_period 20 >> ${IWCONFIG} ${IFCE} channel 3 >> ${IWPRIV} ${IFCE} prism2_param 30 1 >> >> Is anything wrong with config ? >> _______________________________________________ >> HostAP mailing list >> HostAP at shmoo.com >> http://lists.shmoo.com/mailman/listinfo/hostap >> > > > > Esta mensagem foi verificada pelo E-mail Protegido Terra. > Scan engine: McAfee VirusScan / Atualizado em 21/02/2005 / Vers?o: > 4.4.00 - Dat 4431 > Proteja o seu e-mail Terra: http://www.emailprotegido.terra.com.br/ > > From axel at zedx.org Sun Feb 27 18:00:18 2005 From: axel at zedx.org (Axel Christiansen) Date: Mon, 28 Feb 2005 00:00:18 +0100 Subject: wired authentication (kernel module) Message-ID: <42225102.2050702@zedx.org> Hi Gunter, hi all, > Have you looked into this from the view point of what would need to be > changed/added to existing solutions to make them work in the way needed > for PAE/accounting? Could that be less work than adding a new module? > Would it be enough to get ebtables/iptables match for dest MAC addr just > before passing the packet to driver? The PAE module sounds pretty interesting to me. I have been looking around for a working open/free wired 802.1x PAE for some time now. I hope your module will work well with hostapd. I would like to try it out. Have you made progress and are there more readings regarding your work? URL with current module/patch? BTW, i believe PAE should not/can not be done with ebtables/iptables. As said before, iptables works on layer 3 and hacks around it seem ugly. ebtables seem also usless unless you bridge. PAE is something bevore bridging and routing. What i want to try is to authenticate a bunch of bridges to each other. Will the module work on wlanXwdsX ? And will the hostap supplicant work on a wlanXwdsX ? I maybe mixing things up :) I gess the WPA/WPA2 hostapd functionality will not work on wds links, will they? Thx a lot, Axel From jkmaline at cc.hut.fi Sun Feb 27 22:31:21 2005 From: jkmaline at cc.hut.fi (Jouni Malinen) Date: Sun, 27 Feb 2005 19:31:21 -0800 Subject: Smartcards and wpa_supplicant In-Reply-To: <41F61B54.5060406@et.bocholt.fh-ge.de> References: <416BD7E9.7040403@et.bocholt.fh-ge.de> <20041013040555.GA21644@jm.kir.nu> <4173D26D.5080300@et.bocholt.fh-ge.de> <41F61B54.5060406@et.bocholt.fh-ge.de> Message-ID: <20050228033121.GB8836@jm.kir.nu> On Tue, Jan 25, 2005 at 11:11:32AM +0100, Gordon Hecker wrote: > First a short summary to get it all back to your mind: > The patch implements smartcard support for EAP-TLS in wpa_supplicant > using the Openssl Engine interface with the engines provided by the > Opensc project. So at least in theory every smartcard supported by > Opensc should be usable. I'm using a Cryptoflex Egate USB Token. Unfortunately, OpenSC does not seem to support PKCS#15 initialization for SetCOS and I happen to only have SetCOS cards. One of the cards is actually already initialized, but of course I don't remember PIN for it.. ;-) (nor do I have a private key that I could use in the authentication server). In other words, I don't currently have suitable hardware for testing the wpa_supplicant changes. I can try to find a source for supported cards at some point, but that may take some time. If you happen to know one, please let me know. I can also try to see if I could initialize the card with another tool since it is only the initialization part that is missing from OpenSC. > As I said, it would be great if you could integrate the code in one of > the next wpa_supplicant releases. I can start merging changes into wpa_supplicant. PIN through wpa_cli is a good starting point, since it is needed for EAP-SIM/AKA, too. Rest of the changes should be doable, but like I said, I won't be able to test them completely. Couple of changes needs to be done to the patch, though, before it can be merged in. I went through the changes and here's list of comments: eap.c: - must not include wpa_supplicant_i.h into this file (wpa_supplicant_i.h is internal header file for wpa_supplicant and eap.c is generic code that can be used without wpa_supplicant) - in other words, eap.c cannot read wpa_s->conf (which btw, must not be sent to tls_engine_load_engines() either) - needed parameters have to be passed through eapol_sm -> eap if they are really needed in eap.c; I would consider doing this outside eap and eapol_sm (e.g., in wpa_supplicant.c at the moment; maybe moved somewhere else at some point) based on the configuration tls.h: - must not include config.h - must not use struct wpa_ssid or struct wpa_config (i.e., need to get just the needed parameters as arguments to the functions) tls_openssl.c: + * tls_engine_load_dynamic_generic - + * This function is a generic function that loads any openssl engine. + * It's code is based upon an example found in the engine(3) manpage + * from openssl What license is used for that code? OpenSSL license is not compatible with the license used in wpa_supplicant as far as including code from OpenSSL to wpa_supplicant is concerned. +static void tls_engine_load_dynamic_pkcs11(char *pkcs11_so_path, + char *pkcs11_module_path) + //"NO_VCHECK", "1", Should that line be removed? If not, at least the commenting should be changed to use /* ... */ style. -- Jouni Malinen PGP id EFC895FA From fromkth+hostap at fastmail.fm Mon Feb 28 05:38:00 2005 From: fromkth+hostap at fastmail.fm (Ajeet Nankani) Date: Mon, 28 Feb 2005 11:38:00 +0100 Subject: Non destructive scanning while connected to current AP. Message-ID: <4222F488.5080908@fastmail.fm> I want to know that when a STA is connected to AP and is actively transferring and receiving data from AP, and during that when STA tries to scan network non-destructively then what happens to current data transfer while scanning, because for scanning, channel needs to be changed for active probes, so what happens with the current data frames from current channel? are they lost? or buffered at STA and at AP both? and if buffered, do STA indicates AP to buffer frames by sending PS frame to AP or some other procedure? -ajeet. From linuxup at email.it Mon Feb 28 07:42:35 2005 From: linuxup at email.it (linuxup at email.it) Date: Mon, 28 Feb 2005 13:42:35 +0100 Subject: WPA-PSK and hostapd Message-ID: Hello this is my hostapd.conf file configured for WPA-PSK authentication but it doesn' work I'm using a pci card DWL-G520. ------------------------------------------------------------------- interface=ath0 driver=madwifi logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 debug=4 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=0 ssid=test macaddr_acl=0 auth_algs=3 ieee8021x=0 eap_authenticator=0 eap_message=hello eapol_key_index_workaround=0 own_ip_addr=192.168.0.201 wpa=1 wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef wpa_psk_file=/etc/hostapd.wpa_psk wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP wpa_group_rekey=600 wpa_strict_rekey=1 wpa_gmk_rekey=86400 rsn_preauth=1 rsn_preauth_interfaces=eth0 ---------------------------------------------------------------------------- this the hostapd output ------------------------------------------------------------------------------ ath0: STA 00:0d:54:98:a8:2e IEEE 802.11: associated New STA WPA: 00:0d:54:98:a8:2e WPA_PTK entering state INITIALIZE madwifi_del_key: addr=00:0d:54:98:a8:2e key_idx=0 madwifi_set_sta_authorized: addr=00:0d:54:98:a8:2e authorized=0 WPA: 00:0d:54:98:a8:2e WPA_PTK_GROUP entering state IDLE WPA: 00:0d:54:98:a8:2e WPA_PTK entering state AUTHENTICATION WPA: 00:0d:54:98:a8:2e WPA_PTK entering state AUTHENTICATION2 WPA: 00:0d:54:98:a8:2e WPA_PTK entering state INITPSK WPA: 00:0d:54:98:a8:2e WPA_PTK entering state PTKSTART TX EAPOL - hexdump(len=113): 00 0d 54 98 a8 2e 00 0f 3d ae 55 70 88 8e 02 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 d9 42 ed a4 f9 02 36 33 82 44 2e 66 e8 21 fd 3a 22 ce 62 b2 30 c1 a8 27 5c 2e 27 42 43 ce 5e d7 00 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IEEE 802.1X: 99 bytes from 00:0d:54:98:a8:2e IEEE 802.1X: version=1 type=3 length=95 ath0: STA 00:0d:54:98:a8:2e WPA: received invalid EAPOL-Key: Key MIC not set WPA: 00:0d:54:98:a8:2e WPA_PTK entering state PTKSTART TX EAPOL - hexdump(len=113): 00 0d 54 98 a8 2e 00 0f 3d ae 55 70 88 8e 02 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 02 d9 42 ed a4 f9 02 36 33 82 44 2e 66 e8 21 fd 3a 22 ce 62 b2 30 c1 a8 27 5c 2e 27 42 43 ce 5e d7 00 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 WPA: 00:0d:54:98:a8:2e WPA_PTK entering state PTKSTART TX EAPOL - hexdump(len=113): 00 0d 54 98 a8 2e 00 0f 3d ae 55 70 88 8e 02 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 03 d9 42 ed a4 f9 02 36 33 82 44 2e 66 e8 21 fd 3a 22 ce 62 b2 30 c1 a8 27 5c 2e 27 42 43 ce 5e d7 00 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 WPA: 00:0d:54:98:a8:2e WPA_PTK entering state PTKSTART TX EAPOL - hexdump(len=113): 00 0d 54 98 a8 2e 00 0f 3d ae 55 70 88 8e 02 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 04 d9 42 ed a4 f9 02 36 33 82 44 2e 66 e8 21 fd 3a 22 ce 62 b2 30 c1 a8 27 5c 2e 27 42 43 ce 5e d7 00 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 WPA: 00:0d:54:98:a8:2e WPA_PTK entering state DISCONNECT madwifi_sta_deauth: addr=00:0d:54:98:a8:2e reason_code=2 WPA: 00:0d:54:98:a8:2e WPA_PTK entering state DISCONNECTED WPA: 00:0d:54:98:a8:2e WPA_PTK entering state INITIALIZE madwifi_del_key: addr=00:0d:54:98:a8:2e key_idx=0 madwifi_set_sta_authorized: addr=00:0d:54:98:a8:2e authorized=0 ath0: STA 00:0d:54:98:a8:2e IEEE 802.11: deauthenticated due to local deauth request Wireless event: cmd=0x8c04 len=20 ath0: STA 00:0d:54:98:a8:2e IEEE 802.11: deassociated -------------------------------------------------------------------------------------------------------------- I'm using a windows XP supplicant Why doesn't it work? -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Mal di schiena? Le nostre panche ad inversione sono la soluzione giusta per te: distendono la colonna vertebrale e rilassano i muscoli. Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2843&d=20050228 From fromkth+hostap at fastmail.fm Mon Feb 28 10:35:40 2005 From: fromkth+hostap at fastmail.fm (Ajeet Nankani) Date: Mon, 28 Feb 2005 16:35:40 +0100 Subject: PMKSA-cache and inclusion of PMKID(s) in Re-Association frame Message-ID: <42233A4C.9040903@fastmail.fm> When STA has around say 10 or more PMKSAs in its cache, and when STA roams to other AP with which STA has a PMKSA in its cache, then how do the STA selects which PMKID(s) to send in Re-Association Frame? Do STA matches new APs BSSID(MAC address) with all the MAC addresses, STA has in its PMKSA cache and sends the PMKID of the matched one or the STA sends all PMKIDs it has in its cache? -ajeet. From andreaf at cs.columbia.edu Mon Feb 28 11:11:02 2005 From: andreaf at cs.columbia.edu (Andrea G Forte) Date: Mon, 28 Feb 2005 11:11:02 -0500 Subject: Non destructive scanning while connected to current AP. In-Reply-To: <4222F488.5080908@fastmail.fm> References: <4222F488.5080908@fastmail.fm> Message-ID: <42234296.50504@cs.columbia.edu> It seems that everytime a handoff occurs, the STA sends Null function packets to the AP, one at the beginning of the scanning process and one at the end of the scanning process. These packets tell the old AP when to start and stop buffering packets for the STA. I had a thread earlier on the meaning of these frames and Jouni explained what I just told you. However, these packets can introduce a significant delay in the handoff process. This means that even though the packets are buffered, if the delay introduced by these null function frames is too big, the buffered packets are useless (at least for VoIP and other real-time applications). It would be better to not have them at all when using real-time applications. Unfortunately these frames are controlled by the firmware and not the driver. Furthermore if you read the 802.11 standard the particular mechanism that takes care of buffering is "out of the scope" of the standard, so I am not sure if using the null function frames is the "standard" way to do it. Regards, Andrea Ajeet Nankani wrote: > I want to know that when a STA is connected to AP and is actively > transferring and receiving data from AP, and during that when STA > tries to scan network non-destructively then what happens to current > data transfer while scanning, because for scanning, channel needs to > be changed for active probes, so what happens with the current data > frames from current channel? > > are they lost? or buffered at STA and at AP both? and if buffered, do > STA indicates AP to buffer frames by sending PS frame to AP or some > other procedure? > > -ajeet. > _______________________________________________ > HostAP mailing list > HostAP at shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap From fromkth+hostap at fastmail.fm Mon Feb 28 11:45:22 2005 From: fromkth+hostap at fastmail.fm (Ajeet Nankani) Date: Mon, 28 Feb 2005 17:45:22 +0100 Subject: Non destructive scanning while connected to current AP. In-Reply-To: <42234296.50504@cs.columbia.edu> References: <4222F488.5080908@fastmail.fm> <42234296.50504@cs.columbia.edu> Message-ID: <42234AA2.2000304@fastmail.fm> Thanks Forte for the detailed answer, but still i have few more question which are not explained in this or the old threads. Discussion does not mention that actually at what point STA sends authentication and then Re-Association request to new AP. I mean when it is currently attached to the AP, then first it sends Null Data Frame to curent AP to indicate start of buffering, then it scans, then it again send Null Data Frame to current AP to indicate stop of buffering, after that i am not sure what happens? I guess, then STA gets all buffered frames from AP(but does STA sends its buffered frames to the current AP or not??), then send De-Authentication Frame to current AP, then Sends Authentication Frame to the new selected AP from the Scan-Results, then upon successful authentication sends re-association frame. I guess Forte has a log of captured frames, can you look into your frame captures log and see, if it happens like what i described in the above para or not or something different? Best Regards, -ajeet. Andrea G Forte wrote: > It seems that everytime a handoff occurs, the STA sends Null function > packets to the AP, one at the beginning of the scanning process and one > at the end of the scanning process. These packets tell the old AP when > to start and stop buffering packets for the STA. I had a thread earlier > on the meaning of these frames and Jouni explained what I just told you. > However, these packets can introduce a significant delay in the handoff > process. This means that even though the packets are buffered, if the > delay introduced by these null function frames is too big, the buffered > packets are useless (at least for VoIP and other real-time applications). > It would be better to not have them at all when using real-time > applications. Unfortunately these frames are controlled by the firmware > and not the driver. > Furthermore if you read the 802.11 standard the particular mechanism > that takes care of buffering is "out of the scope" of the standard, so I > am not sure if using the null function frames is the "standard" way to > do it. > > Regards, > Andrea > > > > Ajeet Nankani wrote: > >> I want to know that when a STA is connected to AP and is actively >> transferring and receiving data from AP, and during that when STA >> tries to scan network non-destructively then what happens to current >> data transfer while scanning, because for scanning, channel needs to >> be changed for active probes, so what happens with the current data >> frames from current channel? >> >> are they lost? or buffered at STA and at AP both? and if buffered, do >> STA indicates AP to buffer frames by sending PS frame to AP or some >> other procedure? >> >> -ajeet. From brian at interlinx.bc.ca Mon Feb 28 11:51:33 2005 From: brian at interlinx.bc.ca (Brian J. Murrell) Date: Mon, 28 Feb 2005 11:51:33 -0500 Subject: what is wireless event cmd=0x8c00? Message-ID: <1109609493.6911.31.camel@pc> I am trying to figure out what is causing all the drops of my wireless device. I have a wpa_supplicant log, timestamped, and am correlating occurrences of small network outages (i.e. a few seconds or less) with the following message from wpa_supplicant: Wireless event: cmd=0x8c00 len=20 What does this mean? b. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050228/6866254b/attachment.pgp From andreaf at cs.columbia.edu Mon Feb 28 18:01:21 2005 From: andreaf at cs.columbia.edu (Andrea G Forte) Date: Mon, 28 Feb 2005 18:01:21 -0500 Subject: Non destructive scanning while connected to current AP. In-Reply-To: <42234AA2.2000304@fastmail.fm> References: <4222F488.5080908@fastmail.fm> <42234296.50504@cs.columbia.edu> <42234AA2.2000304@fastmail.fm> Message-ID: <4223A2C1.5070906@cs.columbia.edu> Actually the scenario I was referring to is different from the one you described. This buffering is particularly useful (if we talk about NOT real-time apps) when you want to do a pre-scanning. Meaning that you may want to do an active scanning before the time you may actually perform an handoff. The STA will send the null function frame to the AP (start buffering), it will then scan the channels and ultimately go back to the old AP. It will then send another null function (stop buffering and send me the buffered frames). The handoff process is not performed. When the handoff process is performed, buffered frames are not very useful. SOME of the buffered frames can be sent to the STA between the last probe response and the auth request by the old AP. An alternative is that the buffered frames can also be sent by the old AP to the new AP via IAPP if available. However, when the handoff is performed, the AP cannot assume that buffered frames will be delivered (unless IAPP is used for this). Regards, Andrea Ajeet Nankani wrote: > Thanks Forte for the detailed answer, but still i have few more > question which are not explained in this or the old threads. > > Discussion does not mention that actually at what point STA sends > authentication and then Re-Association request to new AP. I mean when > it is currently attached to the AP, then first it sends Null Data > Frame to curent AP to indicate start of buffering, then it scans, then > it again send Null Data Frame to current AP to indicate stop of > buffering, after that i am not sure what happens? > I guess, then STA gets all buffered frames from AP(but does STA sends > its buffered frames to the current AP or not??), then send > De-Authentication Frame to current AP, then Sends Authentication Frame > to the new selected AP from the Scan-Results, then upon successful > authentication sends re-association frame. > > I guess Forte has a log of captured frames, can you look into your > frame captures log and see, if it happens like what i described in the > above para or not or something different? > > Best Regards, > > -ajeet. > > Andrea G Forte wrote: > >> It seems that everytime a handoff occurs, the STA sends Null function >> packets to the AP, one at the beginning of the scanning process and >> one at the end of the scanning process. These packets tell the old AP >> when to start and stop buffering packets for the STA. I had a thread >> earlier on the meaning of these frames and Jouni explained what I >> just told you. However, these packets can introduce a significant >> delay in the handoff process. This means that even though the packets >> are buffered, if the delay introduced by these null function frames >> is too big, the buffered packets are useless (at least for VoIP and >> other real-time applications). >> It would be better to not have them at all when using real-time >> applications. Unfortunately these frames are controlled by the >> firmware and not the driver. >> Furthermore if you read the 802.11 standard the particular mechanism >> that takes care of buffering is "out of the scope" of the standard, >> so I am not sure if using the null function frames is the "standard" >> way to do it. >> >> Regards, >> Andrea >> >> >> >> Ajeet Nankani wrote: >> >>> I want to know that when a STA is connected to AP and is actively >>> transferring and receiving data from AP, and during that when STA >>> tries to scan network non-destructively then what happens to current >>> data transfer while scanning, because for scanning, channel needs to >>> be changed for active probes, so what happens with the current data >>> frames from current channel? >>> >>> are they lost? or buffered at STA and at AP both? and if buffered, >>> do STA indicates AP to buffer frames by sending PS frame to AP or >>> some other procedure? >>> >>> -ajeet. >> > From warren001 at pchome.com.tw Mon Feb 28 21:59:51 2005 From: warren001 at pchome.com.tw (wayne) Date: Tue, 1 Mar 2005 10:59:51 +0800 Subject: Ref : HostAP IAPP Code References: <20050224055715.1487.qmail@webmail49.rediffmail.com><20050224062513.GO9332@jm.kir.nu> <66c3877d05022408071c26c1fb@mail.gmail.com> Message-ID: <001301c51e0a$cf47c2a0$8a0310ac@Waynelai> > > I believe IETF is currently working on this area. Which protocol to use > > would also depend on what you are trying to do and what kind of > > expectations there are about interoperability with other implementations > > and likelyhood of the chosen protocol being in use at some point in the > > future. > > > > See the CAPWAP charter (1). I'd also recommend that you keep track of > the future IEEE 802.11v and 802.11r. > > > (1): http://www.ietf.org/html.charters/capwap-charter.html Hi there, I'm studying IAPP code right now. The 802.11F spec mentioned that the RADIUS server support some IAPP related functions. Does anyone know which RADIUS server support it ? Regards, Wayne