<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt'>
<p><a href="mailto:Hi@all,">Hi@all,</a></p>
<p>I am running wpa_supplicant 2.4 with ath9k on Linux ARM 3.10.17 with wireless backports 3.18.1 and I get sporadic rekeying problems.</p>
<p>Normal key exchange upon connection establishment seems to work flawlessly, the rekeying procedure however is not always completed successfully.</p>
<p>I set the PTK rekeying intervall to 15 seconds on my access point and get about ~15 errors in an hour. The wpa_supplicant log shows no errors at all, the 4-way handshake is successfully completed and a few seconds later the AP sends a deauthentification frame to the client.</p>
<p>I sniffed the traffic with wireshark and see all 4 key frames exchanged between AP and client, all packets got acknowledged by the AP and client, even the 4th key frame. However, after receiving key 4/4 and sending an ACK to the client, the AP repeats key 3 a few times (which all get ACKed by the client but do not appear in wpa_supplicant, I guess the encryption/decryption key has already been changed to the new value and therefore these frames can't be decrypted anymore). Debug information obtained from the APs log shows that keyframe 4/4 has never been received and the rekeying procedure finishes with a timeout.</p>
<p>Unfortunately Wireshark can't decrypt captured frames anymore after a rekeying sequence but I was "lucky" to sniff a rekeying error directly after the connection has been established. I noticed that key 1,2 and 3 could be decrypted by Wireshark, key 4 however was shown as "data" frame, without any further information about its payload. This made me think about a timing error between installation of the new key and transmission of the 4th key frame. I put a usleep of 50ms between the commands to send key 4 and the install ptk call and I get less errors, I observed this in several tests. Does this make any sense?</p>
<p>My accesspoint is a linux box with Intel7260ac wifi (iwlwifi-mvm) and hostapd. The same problem occurs with the Cisco APs of our customer.</p>
<p>I observed a similiar behaviour with my Ubuntu Laptop with wpa_supplicant 2.2 and Intel Wifi 6235 (iwlwifi-dvm).</p>
<p>Any ideas?</p>
<p> </p>
<p>Tobi</p>
<div> </div>
</body></html>