Re: athn0 works in 6.6, fails in 6.7

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: athn0 works in 6.6, fails in 6.7

Stefan Sperling-5
On Thu, Jun 11, 2020 at 10:14:34AM -0500, Tim Chase wrote:

> On booting 6.7 I see
>
> -----------------------------
> athn0: no link........
> athn0: no link... got link
> athn0: no link... sleeping
> -----------------------------
>
> which is not a surprise having seen the "no network" in the ifconfig
> output.
>
> I'm not sure how to go about diagnosing what changed here.

One thing you could do is adding 'debug' to your hostname.athn0 file,
or running 'ifconfig athn0 debug', and then trying to connect.
This should make debug messages appear in dmesg and /var/log/messages,
which might contain clues.

Perhaps the problem has already been fixed in -current? To verify this you
could boot a -current bsd.rd kernel and check if the interface works with it
(choose 'shell' at the initial prompt, then configure the interface manually
with ifconfig, and run 'dhclient athn0').

Reply | Threaded
Open this post in threaded view
|

Re: athn0 works in 6.6, fails in 6.7

Stefan Sperling-5
On Thu, Jun 11, 2020 at 06:08:31PM -0500, Tim Chase wrote:

> and it works fine there.  The big distinction is that after
>
>   sending msg 4/4 of the 4-way handshake
>
> my `ifconfig athn0 debug` output is giving me these two lines in the
> 6.6 bsd.rd:
>
>   received msg 1/2 of the group key handshake from [MAC]
>   sending msg 2/2 of the group key handshake to [same MAC]
>
> that never happen in the 6.7 (both -RELEASE and -CURRENT snap) output.

Can you please boot into 6.7, let it fail to connect, and then get the
output of the following command and show it to me?

        netstat -W athn0

Reply | Threaded
Open this post in threaded view
|

Re: athn0 works in 6.6, fails in 6.7

Stefan Sperling-5
On Fri, Jun 12, 2020 at 07:13:39AM -0500, Tim Chase wrote:
> On 2020-06-12 09:19, Stefan Sperling wrote:
> > Can you please boot into 6.7, let it fail to connect, and then get
> > the output of the following command and show it to me?
> >
> > netstat -W athn0
>
> The machine currently has a bit less than 13hr of uptime to put this
> output in perspective of frequency in case that matters.

It would help me to see what these counters look like after boot + 1 failed
connection attempt. What I'll be doing is go through the code and check where
relevenant counters get incremented. Then maybe, just maybe, I will be able
to deduce where your problem is coming from.

I'm not going to try to do that based on counters which have been updating
for 13 hours.

Reply | Threaded
Open this post in threaded view
|

Re: athn0 works in 6.6, fails in 6.7

Matej Nanut
> > On 2020-06-12 09:19, Stefan Sperling wrote:
> > > Can you please boot into 6.7, let it fail to connect, and then get
> > > the output of the following command and show it to me?
> > >
> > >     netstat -W athn0

Hello, I seem to have the same issue running latest -current from
ftp2.eu.openbsd.org:
$ uname -a
OpenBSD asus 6.7 GENERIC.MP#268 amd64

I executed the following two commands on a fresh boot:
$ doas ifconfig athn0 debug nwid **** wpakey **** up
$ doas dhclient athn0
and waited for "... sleeping".

My (greater than 0) counters from "netstat -W athn0" are:
14 input packets with mismatched channel
2 input eapol-key packets
1 active scan started
43 ccmp decryption errors
1 HT negotiation failure because peer does not support MCS 0-7

And here's an excerpt from "dmesg" after scans:
athn0: SCAN -> AUTH
athn0: sending auth to 00:23:69:ea:49:3d on channel 7 mode 11g
athn0: AUTH -> ASSOC
athn0: sending assoc_req to 00:23:69:ea:49:3d on channel 7 mode 11g
athn0: ASSOC -> RUN
athn0: associated with 00:23:69:ea:49:3d ssid "****" channel 7 start
1Mb long preamble short slot time
athn0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU
athn0: received msg 1/4 of the 4-way handshake from 00:23:69:ea:49:3d
athn0: sending msg 2/4 of the 4-way handshake to 00:23:69:ea:49:3d
athn0: received msg 3/4 of the 4-way handshake from 00:23:69:ea:49:3d
athn0: sending msg 4/4 of the 4-way handshake to 00:23:69:ea:49:3d

I hope this is in any way useful.
Matej

Reply | Threaded
Open this post in threaded view
|

Re: athn0 works in 6.6, fails in 6.7

Stefan Sperling-5
In reply to this post by Stefan Sperling-5
On Wed, Jul 01, 2020 at 06:14:50PM -0500, Tim Chase wrote:
> Just wanted to check back in if there's anything else I can get you
> to help diagnose this.

Please try this patch. It fixes the issue for me.

It looks like my CCMP offload patch for athn(4) broke client mode,
even though it would occasionally work if the stars were aligned right.
It depends on the value the AP chooses for this client's "association ID".
That value factors into the slot we use in the on-device key table.
This is the correct approach when we are acting as AP ourselves and
choose the association IDs for our clients. But in client mode we should
be using the first key table slot only.

I am sorry about this. I should have tested client mode better :-/

Regarding "athn needs cold boot to work":
Code comments I've seen in Linux suggest that the key table is not cleared
automatically on some athn devices. There is code in our driver which is
supposed to clear the on-device crypto key table when the interface comes up.
This code ran very close in time after a full device reset. I suspect it could
have run while the device wasn't fully initialized yet, and hence fail to
reset keys which were installed earlier, or write garbage to the key table.
Combined with the above bug this would lead to hardware using bad key table
entries which results in decryption failures.
This patch should fix that problem as well. It clears the table later in the
startup sequence, and clears on-device keys when the interface is put down.

I have tested this fix on AR9280 (PCI) and AR9271 (USB), both in client and
in hostap mode.

diff refs/heads/master refs/heads/athn-ccmpfix
blob - 3a28d87bc88a0e7b9ed6c873bd7a07682cc91a0b
blob + 1d739529d7d214bea314e50e847594dc01021a41
--- sys/dev/ic/ar5008.c
+++ sys/dev/ic/ar5008.c
@@ -811,12 +811,20 @@ ar5008_ccmp_decap(struct athn_softc *sc, struct mbuf *
  /* Sanity checks to ensure this is really a key we installed. */
  entry = (uintptr_t)k->k_priv;
  if (k->k_flags & IEEE80211_KEY_GROUP) {
- if (k->k_id > IEEE80211_WEP_NKID ||
+ if (k->k_id >= IEEE80211_WEP_NKID ||
     entry != k->k_id)
  return 1;
- } else if (entry != IEEE80211_WEP_NKID +
-    IEEE80211_AID(ni->ni_associd))
- return 1;
+ } else {
+#ifndef IEEE80211_STA_ONLY
+ if (ic->ic_opmode == IEEE80211_M_HOSTAP) {
+ if (entry != IEEE80211_WEP_NKID +
+    IEEE80211_AID(ni->ni_associd))
+ return 1;
+ } else
+#endif
+ if (entry != IEEE80211_WEP_NKID)
+ return 1;
+ }
 
  /* Check that ExtIV bit is set. */
  if (!(ivp[3] & IEEE80211_WEP_EXTIV))
blob - 40725b02c43b54e10a87de333acdfd3b8270534d
blob + f7aa77ba15cae787a42fdbffb8a9d9cd2d0226d2
--- sys/dev/ic/athn.c
+++ sys/dev/ic/athn.c
@@ -1037,12 +1037,17 @@ athn_set_key(struct ieee80211com *ic, struct ieee80211
  }
 
  if (!(k->k_flags & IEEE80211_KEY_GROUP)) {
- entry = IEEE80211_WEP_NKID + IEEE80211_AID(ni->ni_associd);
+#ifndef IEEE80211_STA_ONLY
+ if (ic->ic_opmode == IEEE80211_M_HOSTAP)
+ entry = IEEE80211_WEP_NKID + IEEE80211_AID(ni->ni_associd);
+ else
+#endif
+ entry = IEEE80211_WEP_NKID;
  if (entry >= sc->kc_entries - IEEE80211_WEP_NKID)
  return ENOSPC;
  } else {
  entry = k->k_id;
- if (entry > IEEE80211_WEP_NKID)
+ if (entry >= IEEE80211_WEP_NKID)
  return ENOSPC;
  }
  k->k_priv = (void *)entry;
@@ -3056,10 +3061,6 @@ athn_init(struct ifnet *ifp)
  else
  athn_config_pcie(sc);
 
- /* Reset HW key cache entries. */
- for (i = 0; i < sc->kc_entries; i++)
- athn_reset_key(sc, i);
-
  ops->enable_antenna_diversity(sc);
 
 #ifdef ATHN_BT_COEXISTENCE
@@ -3086,6 +3087,10 @@ athn_init(struct ifnet *ifp)
  /* Enable Rx. */
  athn_rx_start(sc);
 
+ /* Reset HW key cache entries. */
+ for (i = 0; i < sc->kc_entries; i++)
+ athn_reset_key(sc, i);
+
  /* Enable interrupts. */
  athn_enable_interrupts(sc);
 
@@ -3121,7 +3126,7 @@ athn_stop(struct ifnet *ifp, int disable)
 {
  struct athn_softc *sc = ifp->if_softc;
  struct ieee80211com *ic = &sc->sc_ic;
- int qid;
+ int qid, i;
 
  ifp->if_timer = sc->sc_tx_timer = 0;
  ifp->if_flags &= ~IFF_RUNNING;
@@ -3158,6 +3163,10 @@ athn_stop(struct ifnet *ifp, int disable)
  AR_WRITE_BARRIER(sc);
  athn_set_rxfilter(sc, 0);
  athn_stop_rx_dma(sc);
+
+ /* Reset HW key cache entries. */
+ for (i = 0; i < sc->kc_entries; i++)
+ athn_reset_key(sc, i);
 
  athn_reset(sc, 0);
  athn_init_pll(sc, NULL);