wifi join and wpaprotos

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

wifi join and wpaprotos

Solene Rapenne
Hello,

I can't connect to wpa1 networks using join. From the man page, I understand
that "wpaprotos" parameter isn't supported.

    The id can either be any text string up to 32 characters in
    length, or a series of hexadecimal digits up to 64 digits.  Any
    necessary wpakey or nwkey arguments should be specified on the
    same line.  May not be used with nwid.

The SSID when I use "ifconfig iwm0 scan":

    nwid freeboxSSID chan 11 bssid 16:fa:ca:a1:ba:3c 67% HT-MCS15 privacy,short_slottime,wpa1


With this line in /etc/hostname.iwm0:

    join "freeboxSSID" wpakey somekeyhere

It won't connect until I type "ifconfig iwm0 wpaprotos wpa1".


If I add the wpaprotos parameters to the /etc/hostname.iwm0 line, when
rebooting, the ifconfig command output is the following.

    iwm0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
            lladdr 8c:16:45:9b:c9:fe
            index 1 priority 4 llprio 3
            trunk: trunkdev trunk0
            groups: wlan
            media: IEEE802.11 autoselect (DS1)
            status: no network
            ieee80211: join freeboxSSID

I'm not sure it's a bug, but I prefer to report it.

Here is my dmesg output, using latest snapshot on amd64:

OpenBSD 6.4-current (GENERIC.MP) #421: Thu Nov  1 15:30:46 MDT 2018
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8322478080 (7936MB)
avail mem = 8060973056 (7687MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xaf04c000 (63 entries)
bios0: vendor LENOVO version "N24ET37W (1.12 )" date 03/14/2018
bios0: LENOVO 20L5CTO1WW
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT SSDT TPM2 UEFI SSDT SSDT HPET APIC MCFG ECDT SSDT SSDT SSDT BOOT BATB SLIC SSDT SSDT SSDT LPIT WSMT SSDT SSDT SSDT DBGP DBG2 MSDM DMAR ASF! FPDT UEFI BGRT
acpi0: wakeup devices GLAN(S4) XHC_(S3) XDCI(S4) HDAS(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 23999999 Hz
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz, 1382.26 MHz, 06-8e-0a
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz, 1246.75 MHz, 06-8e-0a
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz, 1043.08 MHz, 06-8e-0a
cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz, 998.95 MHz, 06-8e-0a
cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 1 (application processor)
cpu4: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz, 997.69 MHz, 06-8e-0a
cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 1, core 0, package 0
cpu5 at mainbus0: apid 3 (application processor)
cpu5: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz, 997.69 MHz, 06-8e-0a
cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu5: 256KB 64b/line 8-way L2 cache
cpu5: smt 1, core 1, package 0
cpu6 at mainbus0: apid 5 (application processor)
cpu6: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz, 997.69 MHz, 06-8e-0a
cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu6: 256KB 64b/line 8-way L2 cache
cpu6: smt 1, core 2, package 0
cpu7 at mainbus0: apid 7 (application processor)
cpu7: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz, 997.69 MHz, 06-8e-0a
cpu7: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu7: 256KB 64b/line 8-way L2 cache
cpu7: smt 1, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 120 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf8000000, bus 0-63
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (RP01)
acpiprt2 at acpi0: bus -1 (RP02)
acpiprt3 at acpi0: bus -1 (RP03)
acpiprt4 at acpi0: bus -1 (RP04)
acpiprt5 at acpi0: bus -1 (RP05)
acpiprt6 at acpi0: bus -1 (RP06)
acpiprt7 at acpi0: bus 3 (RP07)
acpiprt8 at acpi0: bus -1 (RP08)
acpiprt9 at acpi0: bus 4 (RP09)
acpiprt10 at acpi0: bus -1 (RP10)
acpiprt11 at acpi0: bus 61 (RP11)
acpiprt12 at acpi0: bus -1 (RP12)
acpiprt13 at acpi0: bus -1 (RP13)
acpiprt14 at acpi0: bus -1 (RP14)
acpiprt15 at acpi0: bus -1 (RP15)
acpiprt16 at acpi0: bus -1 (RP16)
acpiprt17 at acpi0: bus -1 (RP17)
acpiprt18 at acpi0: bus -1 (RP18)
acpiprt19 at acpi0: bus -1 (RP19)
acpiprt20 at acpi0: bus -1 (RP20)
acpiprt21 at acpi0: bus -1 (RP21)
acpiprt22 at acpi0: bus -1 (RP22)
acpiprt23 at acpi0: bus -1 (RP23)
acpiprt24 at acpi0: bus -1 (RP24)
acpicpu0 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu4 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu5 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu6 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu7 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PUBS, resource for XHC_
acpitz0 at acpi0: critical temperature is 128 degC
acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
acpithinkpad0 at acpi0
acpiac0 at acpi0: AC unit offline
acpibat0 at acpi0: BAT0 model "01AV489" serial  1098 type LiP oem "LGC"
acpibat1 at acpi0: BAT1 model "01AV490" serial  2833 type LiP oem "LGC"
"LEN0100" at acpi0 not configured
"INT3403" at acpi0 not configured
acpicmos0 at acpi0
"INT0E0C" at acpi0 not configured
acpibtn0 at acpi0: SLPB
"PNP0C14" at acpi0 not configured
acpibtn1 at acpi0: LID_
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"INT3400" at acpi0 not configured
"STM7304" at acpi0 not configured
acpivideo0 at acpi0: GFX0
acpivout at acpivideo0 not configured
cpu0: Enhanced SpeedStep 1382 MHz: speeds: 2001, 2000, 1900, 1800, 1700, 1500, 1400, 1300, 1200, 1100, 1000, 800, 700, 600, 500, 400 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 8G Host" rev 0x08
inteldrm0 at pci0 dev 2 function 0 "Intel UHD Graphics 620" rev 0x07
drm0 at inteldrm0
inteldrm0: msi
error: [drm:pid0:i915_firmware_load_error_print] *ERROR* failed to load firmware i915/kbl_dmc_ver1.bin (-22)
inteldrm0: 1920x1080, 32bpp
error: [drm:pid0:intel_dp_link_training_clock_recovery] *ERROR* too many full retries, give up
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel Core 6G Thermal" rev 0x08 at pci0 dev 4 function 0 not configured
"Intel Core GMM" rev 0x00 at pci0 dev 8 function 0 not configured
xhci0 at pci0 dev 20 function 0 "Intel 100 Series xHCI" rev 0x21: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
pchtemp0 at pci0 dev 20 function 2 "Intel 100 Series Thermal" rev 0x21
dwiic0 at pci0 dev 21 function 0 "Intel 100 Series I2C" rev 0x21: apic 2 int 16
iic0 at dwiic0
"Intel 100 Series MEI" rev 0x21 at pci0 dev 22 function 0 not configured
ppb0 at pci0 dev 28 function 0 "Intel 100 Series PCIE" rev 0xf1: msi
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 6 "Intel 100 Series PCIE" rev 0xf1: msi
pci2 at ppb1 bus 3
iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless-AC 8265" rev 0x78, msi
ppb2 at pci0 dev 29 function 0 "Intel 100 Series PCIE" rev 0xf1
pci3 at ppb2 bus 4
ppb3 at pci0 dev 29 function 2 "Intel 100 Series PCIE" rev 0xf1: msi
pci4 at ppb3 bus 61
nvme0 at pci4 dev 0 function 0 "Samsung SM981/PM981 NVMe" rev 0x00: msi, NVMe 1.2
nvme0: SAMSUNG MZVLB512HAJQ-000L7, firmware 3L2QEXA7, serial S3TNNF0K510294
scsibus1 at nvme0: 1 targets
sd0 at scsibus1 targ 0 lun 0: <NVMe, SAMSUNG MZVLB512, 3L2Q> SCSI4 0/direct fixed
sd0: 488386MB, 512 bytes/sector, 1000215216 sectors
pcib0 at pci0 dev 31 function 0 "Intel 200 Series LPC" rev 0x21
"Intel 100 Series PMC" rev 0x21 at pci0 dev 31 function 2 not configured
azalia0 at pci0 dev 31 function 3 "Intel 200 Series HD Audio" rev 0x21: msi
azalia0: codecs: Realtek/0x0257, Intel/0x280b, using Realtek/0x0257
audio0 at azalia0
ichiic0 at pci0 dev 31 function 4 "Intel 100 Series SMBus" rev 0x21: apic 2 int 16
iic1 at ichiic0
em0 at pci0 dev 31 function 6 "Intel I219-V" rev 0x21: msi, address 8c:16:45:9b:c9:fe
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
wsmouse1 at pms0 mux 0
pms0: Synaptics clickpad, firmware 8.16, 0x1e2b1 0x940300
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vmm0 at mainbus0: VMX/EPT
efifb at mainbus0 not configured
ugen0 at uhub0 port 3 "Generic EMV Smartcard Reader" rev 2.01/1.20 addr 2
ugen1 at uhub0 port 7 "Intel Bluetooth" rev 2.00/0.10 addr 3
uvideo0 at uhub0 port 8 configuration 1 interface 0 "Chicony Electronics Co.,Ltd. Integrated Camera" rev 2.01/0.27 addr 4
video0 at uvideo0
umass0 at uhub0 port 15 configuration 1 interface 0 "Generic USB3.0-CRW" rev 3.00/2.04 addr 5
umass0: using SCSI over Bulk-Only
scsibus2 at umass0: 2 targets, initiator 0
sd1 at scsibus2 targ 1 lun 0: <Generic-, SD/MMC, 1.00> SCSI4 0/direct removable serial.0bda0316501030900000
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
sd2 at scsibus4 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006> SCSI2 0/direct fixed
sd2: 488385MB, 512 bytes/sector, 1000213601 sectors
root on sd2a (52fdd1ce48744600.a) swap on sd2b dump on sd2b
iwm0: hw rev 0x230, fw ver 22.361476.0, address b4:6b:fc:f3:e4:13

Reply | Threaded
Open this post in threaded view
|

Re: wifi join and wpaprotos

Stefan Sperling-5
On Fri, Nov 02, 2018 at 03:41:57PM +0100, Solene Rapenne wrote:

> Hello,
>
> I can't connect to wpa1 networks using join. From the man page, I understand
> that "wpaprotos" parameter isn't supported.
>
>     The id can either be any text string up to 32 characters in
>     length, or a series of hexadecimal digits up to 64 digits.  Any
>     necessary wpakey or nwkey arguments should be specified on the
>     same line.  May not be used with nwid.
>
> The SSID when I use "ifconfig iwm0 scan":
>
>     nwid freeboxSSID chan 11 bssid 16:fa:ca:a1:ba:3c 67% HT-MCS15 privacy,short_slottime,wpa1
>
>
> With this line in /etc/hostname.iwm0:
>
>     join "freeboxSSID" wpakey somekeyhere
>
> It won't connect until I type "ifconfig iwm0 wpaprotos wpa1".
>
>
> If I add the wpaprotos parameters to the /etc/hostname.iwm0 line, when
> rebooting, the ifconfig command output is the following.
>
>     iwm0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
>             lladdr 8c:16:45:9b:c9:fe
>             index 1 priority 4 llprio 3
>             trunk: trunkdev trunk0
>             groups: wlan
>             media: IEEE802.11 autoselect (DS1)
>             status: no network
>             ieee80211: join freeboxSSID
>
> I'm not sure it's a bug, but I prefer to report it.

That's probably a bug. Using wpaprotos with join in hostname.if is supposed
to work as long as you're specifying it on the same line, like this:

     join "freeboxSSID" wpakey somekeyhere wpaprotos wpa1

Reply | Threaded
Open this post in threaded view
|

Re: wifi join and wpaprotos

Solene Rapenne
Stefan Sperling <[hidden email]> wrote:

> On Fri, Nov 02, 2018 at 03:41:57PM +0100, Solene Rapenne wrote:
> > Hello,
> >
> > I can't connect to wpa1 networks using join. From the man page, I understand
> > that "wpaprotos" parameter isn't supported.
> >
> >     The id can either be any text string up to 32 characters in
> >     length, or a series of hexadecimal digits up to 64 digits.  Any
> >     necessary wpakey or nwkey arguments should be specified on the
> >     same line.  May not be used with nwid.
> >
> > The SSID when I use "ifconfig iwm0 scan":
> >
> >     nwid freeboxSSID chan 11 bssid 16:fa:ca:a1:ba:3c 67% HT-MCS15 privacy,short_slottime,wpa1
> >
> >
> > With this line in /etc/hostname.iwm0:
> >
> >     join "freeboxSSID" wpakey somekeyhere
> >
> > It won't connect until I type "ifconfig iwm0 wpaprotos wpa1".
> >
> >
> > If I add the wpaprotos parameters to the /etc/hostname.iwm0 line, when
> > rebooting, the ifconfig command output is the following.
> >
> >     iwm0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> >             lladdr 8c:16:45:9b:c9:fe
> >             index 1 priority 4 llprio 3
> >             trunk: trunkdev trunk0
> >             groups: wlan
> >             media: IEEE802.11 autoselect (DS1)
> >             status: no network
> >             ieee80211: join freeboxSSID
> >
> > I'm not sure it's a bug, but I prefer to report it.
>
> That's probably a bug. Using wpaprotos with join in hostname.if is supposed
> to work as long as you're specifying it on the same line, like this:
>
>      join "freeboxSSID" wpakey somekeyhere wpaprotos wpa1

With this line, it doesn't find the SSID after reboot or using netstart.

Reply | Threaded
Open this post in threaded view
|

Re: wifi join and wpaprotos

Peter Hessler
On 2018 Nov 02 (Fri) at 17:59:05 +0100 (+0100), Solene Rapenne wrote:
:Stefan Sperling <[hidden email]> wrote:
:> On Fri, Nov 02, 2018 at 03:41:57PM +0100, Solene Rapenne wrote:
:> > Hello,
:> >
:> > I can't connect to wpa1 networks using join. From the man page, I understand
:> > that "wpaprotos" parameter isn't supported.
:> >
:> >     The id can either be any text string up to 32 characters in
:> >     length, or a series of hexadecimal digits up to 64 digits.  Any
:> >     necessary wpakey or nwkey arguments should be specified on the
:> >     same line.  May not be used with nwid.
:> >
:> > The SSID when I use "ifconfig iwm0 scan":
:> >
:> >     nwid freeboxSSID chan 11 bssid 16:fa:ca:a1:ba:3c 67% HT-MCS15 privacy,short_slottime,wpa1
:> >
:> >
:> > With this line in /etc/hostname.iwm0:
:> >
:> >     join "freeboxSSID" wpakey somekeyhere
:> >
:> > It won't connect until I type "ifconfig iwm0 wpaprotos wpa1".
:> >
:> >
:> > If I add the wpaprotos parameters to the /etc/hostname.iwm0 line, when
:> > rebooting, the ifconfig command output is the following.
:> >
:> >     iwm0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
:> >             lladdr 8c:16:45:9b:c9:fe
:> >             index 1 priority 4 llprio 3
:> >             trunk: trunkdev trunk0
:> >             groups: wlan
:> >             media: IEEE802.11 autoselect (DS1)
:> >             status: no network
:> >             ieee80211: join freeboxSSID
:> >
:> > I'm not sure it's a bug, but I prefer to report it.
:>
:> That's probably a bug. Using wpaprotos with join in hostname.if is supposed
:> to work as long as you're specifying it on the same line, like this:
:>
:>      join "freeboxSSID" wpakey somekeyhere wpaprotos wpa1
:
:With this line, it doesn't find the SSID after reboot or using netstart.
:

I'll look into it.  Thanks for the report!


--
Welcome thy neighbor into thy fallout shelter.  He'll come in handy if
you run out of food.
                -- Dean McLaughlin.

Reply | Threaded
Open this post in threaded view
|

Re: wifi join and wpaprotos

Peter Hessler
On 2018 Nov 02 (Fri) at 19:13:56 +0100 (+0100), Peter Hessler wrote:
:On 2018 Nov 02 (Fri) at 17:59:05 +0100 (+0100), Solene Rapenne wrote:
::Stefan Sperling <[hidden email]> wrote:
::> On Fri, Nov 02, 2018 at 03:41:57PM +0100, Solene Rapenne wrote:
::> > Hello,
::> >
::> > I can't connect to wpa1 networks using join. From the man page, I understand
::> > that "wpaprotos" parameter isn't supported.
::> >
::> >     The id can either be any text string up to 32 characters in
::> >     length, or a series of hexadecimal digits up to 64 digits.  Any
::> >     necessary wpakey or nwkey arguments should be specified on the
::> >     same line.  May not be used with nwid.
::> >
::> > The SSID when I use "ifconfig iwm0 scan":
::> >
::> >     nwid freeboxSSID chan 11 bssid 16:fa:ca:a1:ba:3c 67% HT-MCS15 privacy,short_slottime,wpa1
::> >
::> >
::> > With this line in /etc/hostname.iwm0:
::> >
::> >     join "freeboxSSID" wpakey somekeyhere
::> >
::> > It won't connect until I type "ifconfig iwm0 wpaprotos wpa1".
::> >
::> >
::> > If I add the wpaprotos parameters to the /etc/hostname.iwm0 line, when
::> > rebooting, the ifconfig command output is the following.
::> >
::> >     iwm0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
::> >             lladdr 8c:16:45:9b:c9:fe
::> >             index 1 priority 4 llprio 3
::> >             trunk: trunkdev trunk0
::> >             groups: wlan
::> >             media: IEEE802.11 autoselect (DS1)
::> >             status: no network
::> >             ieee80211: join freeboxSSID
::> >
::> > I'm not sure it's a bug, but I prefer to report it.
::>
::> That's probably a bug. Using wpaprotos with join in hostname.if is supposed
::> to work as long as you're specifying it on the same line, like this:
::>
::>      join "freeboxSSID" wpakey somekeyhere wpaprotos wpa1
::
::With this line, it doesn't find the SSID after reboot or using netstart.
::
:
:I'll look into it.  Thanks for the report!
:

Sorry for the delay, it took a while to get time to fix this.

There are two bugs masquarading as one.

First in the kernel, is that we didn't properly match what the node
(access point) is advertising to us, so we should match against that
instead.  Secondly, in ifconfig, we made all of the nice pretty
structures and stomped all over them when saving them.

You'll need to rebuild ifconfig and boot into a new kernel.

OK?

Index: sbin/ifconfig/ifconfig.c
===================================================================
RCS file: /cvs/openbsd/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.383
diff -u -p -u -p -r1.383 ifconfig.c
--- sbin/ifconfig/ifconfig.c 14 Nov 2018 21:25:04 -0000 1.383
+++ sbin/ifconfig/ifconfig.c 20 Nov 2018 18:58:35 -0000
@@ -1905,7 +1905,7 @@ setifwpa(const char *val, int d)
  wpa.i_enabled = d;
 
  if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
+ join.i_wpaparams.i_enabled = d;
  join.i_flags |= IEEE80211_JOIN_WPA;
  return;
  }
@@ -1936,6 +1936,12 @@ setifwpaprotos(const char *val, int d)
  }
  free(optlist);
 
+ if (actions & A_JOIN) {
+ join.i_wpaparams.i_protos = rval;
+ join.i_flags |= IEEE80211_JOIN_WPA;
+ return;
+ }
+
  memset(&wpa, 0, sizeof(wpa));
  (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
  if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
@@ -1945,12 +1951,6 @@ setifwpaprotos(const char *val, int d)
  wpa.i_ciphers = 0;
  wpa.i_groupcipher = 0;
 
- if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
- join.i_flags |= IEEE80211_JOIN_WPA;
- return;
- }
-
  if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
  err(1, "SIOCS80211WPAPARMS");
 }
@@ -1977,6 +1977,14 @@ setifwpaakms(const char *val, int d)
  }
  free(optlist);
 
+ if (actions & A_JOIN) {
+ join.i_wpaparams.i_akms = rval;
+ join.i_wpaparams.i_enabled =
+    ((rval & IEEE80211_WPA_AKM_8021X) != 0);
+ join.i_flags |= IEEE80211_JOIN_WPA;
+ return;
+ }
+
  memset(&wpa, 0, sizeof(wpa));
  (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
  if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
@@ -1985,12 +1993,6 @@ setifwpaakms(const char *val, int d)
  /* Enable WPA for 802.1x here. PSK case is handled in setifwpakey(). */
  wpa.i_enabled = ((rval & IEEE80211_WPA_AKM_8021X) != 0);
 
- if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
- join.i_flags |= IEEE80211_JOIN_WPA;
- return;
- }
-
  if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
  err(1, "SIOCS80211WPAPARMS");
 }
@@ -2038,18 +2040,18 @@ setifwpaciphers(const char *val, int d)
  }
  free(optlist);
 
+ if (actions & A_JOIN) {
+ join.i_wpaparams.i_ciphers = rval;
+ join.i_flags |= IEEE80211_JOIN_WPA;
+ return;
+ }
+
  memset(&wpa, 0, sizeof(wpa));
  (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
  if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
  err(1, "SIOCG80211WPAPARMS");
  wpa.i_ciphers = rval;
 
- if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
- join.i_flags |= IEEE80211_JOIN_WPA;
- return;
- }
-
  if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
  err(1, "SIOCS80211WPAPARMS");
 }
@@ -2072,7 +2074,7 @@ setifwpagroupcipher(const char *val, int
  wpa.i_groupcipher = cipher;
 
  if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
+ join.i_wpaparams.i_groupcipher = cipher;
  join.i_flags |= IEEE80211_JOIN_WPA;
  return;
  }
Index: sys/net80211/ieee80211_ioctl.c
===================================================================
RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_ioctl.c,v
retrieving revision 1.68
diff -u -p -u -p -r1.68 ieee80211_ioctl.c
--- sys/net80211/ieee80211_ioctl.c 27 Oct 2018 09:55:26 -0000 1.68
+++ sys/net80211/ieee80211_ioctl.c 20 Nov 2018 19:02:00 -0000
@@ -387,6 +387,48 @@ ieee80211_ioctl_getwpaparms(struct ieee8
  return 0;
 }
 
+static void
+ieee80211_ess_getwpaparms(struct ieee80211_ess *ess,
+    struct ieee80211_wpaparams *wpa)
+{
+ wpa->i_enabled = (ess->flags & IEEE80211_F_RSNON) ? 1 : 0;
+
+ wpa->i_protos = 0;
+ if (ess->rsnprotos & IEEE80211_PROTO_WPA)
+ wpa->i_protos |= IEEE80211_WPA_PROTO_WPA1;
+ if (ess->rsnprotos & IEEE80211_PROTO_RSN)
+ wpa->i_protos |= IEEE80211_WPA_PROTO_WPA2;
+
+ wpa->i_akms = 0;
+ if (ess->rsnakms & IEEE80211_AKM_PSK)
+ wpa->i_akms |= IEEE80211_WPA_AKM_PSK;
+ if (ess->rsnakms & IEEE80211_AKM_SHA256_PSK)
+ wpa->i_akms |= IEEE80211_WPA_AKM_SHA256_PSK;
+ if (ess->rsnakms & IEEE80211_AKM_8021X)
+ wpa->i_akms |= IEEE80211_WPA_AKM_8021X;
+ if (ess->rsnakms & IEEE80211_AKM_SHA256_8021X)
+ wpa->i_akms |= IEEE80211_WPA_AKM_SHA256_8021X;
+
+ if (ess->rsngroupcipher == IEEE80211_CIPHER_WEP40)
+ wpa->i_groupcipher = IEEE80211_WPA_CIPHER_WEP40;
+ else if (ess->rsngroupcipher == IEEE80211_CIPHER_TKIP)
+ wpa->i_groupcipher = IEEE80211_WPA_CIPHER_TKIP;
+ else if (ess->rsngroupcipher == IEEE80211_CIPHER_CCMP)
+ wpa->i_groupcipher = IEEE80211_WPA_CIPHER_CCMP;
+ else if (ess->rsngroupcipher == IEEE80211_CIPHER_WEP104)
+ wpa->i_groupcipher = IEEE80211_WPA_CIPHER_WEP104;
+ else
+ wpa->i_groupcipher = IEEE80211_WPA_CIPHER_NONE;
+
+ wpa->i_ciphers = 0;
+ if (ess->rsnciphers & IEEE80211_CIPHER_TKIP)
+ wpa->i_ciphers |= IEEE80211_WPA_CIPHER_TKIP;
+ if (ess->rsnciphers & IEEE80211_CIPHER_CCMP)
+ wpa->i_ciphers |= IEEE80211_WPA_CIPHER_CCMP;
+ if (ess->rsnciphers & IEEE80211_CIPHER_USEGROUP)
+ wpa->i_ciphers = IEEE80211_WPA_CIPHER_USEGROUP;
+}
+
 int
 ieee80211_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 {
@@ -506,6 +548,7 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
  memset(&join, 0, sizeof(join));
  join.i_len = ess->esslen;
  memcpy(&join.i_nwid, ess->essid, join.i_len);
+ ieee80211_ess_getwpaparms(ess, &join.i_wpaparams);
  error = copyout(&join, &ja->ja_node[ja->ja_nodes],
     sizeof(ja->ja_node[0]));
  if (error)
Index: sys/net80211/ieee80211_node.c
===================================================================
RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_node.c,v
retrieving revision 1.156
diff -u -p -u -p -r1.156 ieee80211_node.c
--- sys/net80211/ieee80211_node.c 20 Nov 2018 10:00:15 -0000 1.156
+++ sys/net80211/ieee80211_node.c 20 Nov 2018 19:00:36 -0000
@@ -509,18 +509,19 @@ ieee80211_ess_is_better(struct ieee80211
 int
 ieee80211_match_ess(struct ieee80211_ess *ess, struct ieee80211_node *ni)
 {
- if (ess->esslen != ni->ni_esslen)
+ if (!ISSET(ess->flags, IEEE80211_JOIN_ANY) &&
+    (ess->esslen != ni->ni_esslen ||
+    memcmp(ess->essid, ni->ni_essid, ess->esslen) != 0))
  return 0;
- if (memcmp(ess->essid, ni->ni_essid, ess->esslen) != 0)
+
+ if (ess->esslen != 0 &&
+    (ess->esslen != ni->ni_esslen ||
+    memcmp(ess->essid, ni->ni_essid, ess->esslen) != 0))
  return 0;
 
  if (ess->flags & (IEEE80211_F_PSK | IEEE80211_F_RSNON)) {
- /* Ensure same WPA version. */
- if ((ni->ni_rsnprotos & IEEE80211_PROTO_RSN) &&
-    (ess->rsnprotos & IEEE80211_PROTO_RSN) == 0)
- return 0;
- if ((ni->ni_rsnprotos & IEEE80211_PROTO_WPA) &&
-    (ess->rsnprotos & IEEE80211_PROTO_WPA) == 0)
+ /* Ensure a compatible WPA version. */
+ if ((ni->ni_supported_rsnprotos & ess->rsnprotos) == 0)
  return 0;
  } else if (ess->flags & IEEE80211_F_WEPON) {
  if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)




--
My mother loved children -- she would
have given anything if I had been one.
                -- Groucho Marx

Reply | Threaded
Open this post in threaded view
|

Re: wifi join and wpaprotos

Peter Hessler
On 2018 Nov 20 (Tue) at 20:06:25 +0100 (+0100), Peter Hessler wrote:
:On 2018 Nov 02 (Fri) at 19:13:56 +0100 (+0100), Peter Hessler wrote:
::On 2018 Nov 02 (Fri) at 17:59:05 +0100 (+0100), Solene Rapenne wrote:
:::Stefan Sperling <[hidden email]> wrote:
:::> On Fri, Nov 02, 2018 at 03:41:57PM +0100, Solene Rapenne wrote:
:::> > Hello,
:::> >
:::> > I can't connect to wpa1 networks using join. From the man page, I understand
:::> > that "wpaprotos" parameter isn't supported.
:::> >
:::> >     The id can either be any text string up to 32 characters in
:::> >     length, or a series of hexadecimal digits up to 64 digits.  Any
:::> >     necessary wpakey or nwkey arguments should be specified on the
:::> >     same line.  May not be used with nwid.
:::> >
:::> > The SSID when I use "ifconfig iwm0 scan":
:::> >
:::> >     nwid freeboxSSID chan 11 bssid 16:fa:ca:a1:ba:3c 67% HT-MCS15 privacy,short_slottime,wpa1
:::> >
:::> >
:::> > With this line in /etc/hostname.iwm0:
:::> >
:::> >     join "freeboxSSID" wpakey somekeyhere
:::> >
:::> > It won't connect until I type "ifconfig iwm0 wpaprotos wpa1".
:::> >
:::> >
:::> > If I add the wpaprotos parameters to the /etc/hostname.iwm0 line, when
:::> > rebooting, the ifconfig command output is the following.
:::> >
:::> >     iwm0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
:::> >             lladdr 8c:16:45:9b:c9:fe
:::> >             index 1 priority 4 llprio 3
:::> >             trunk: trunkdev trunk0
:::> >             groups: wlan
:::> >             media: IEEE802.11 autoselect (DS1)
:::> >             status: no network
:::> >             ieee80211: join freeboxSSID
:::> >
:::> > I'm not sure it's a bug, but I prefer to report it.
:::>
:::> That's probably a bug. Using wpaprotos with join in hostname.if is supposed
:::> to work as long as you're specifying it on the same line, like this:
:::>
:::>      join "freeboxSSID" wpakey somekeyhere wpaprotos wpa1
:::
:::With this line, it doesn't find the SSID after reboot or using netstart.
:::
::
::I'll look into it.  Thanks for the report!
::
:
:Sorry for the delay, it took a while to get time to fix this.
:
:There are two bugs masquarading as one.
:
:First in the kernel, is that we didn't properly match what the node
:(access point) is advertising to us, so we should match against that
:instead.  Secondly, in ifconfig, we made all of the nice pretty
:structures and stomped all over them when saving them.
:
:You'll need to rebuild ifconfig and boot into a new kernel.
:
:OK?
:

Sorry, I attached the wrong diff, too many other things were intertwined
in it.

Here's a diff that compiles, and should fix your issue.

OK?


Index: sys/net80211/ieee80211_node.c
===================================================================
RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_node.c,v
retrieving revision 1.157
diff -u -p -u -p -r1.157 ieee80211_node.c
--- sys/net80211/ieee80211_node.c 20 Nov 2018 20:26:01 -0000 1.157
+++ sys/net80211/ieee80211_node.c 21 Nov 2018 07:36:51 -0000
@@ -515,12 +515,8 @@ ieee80211_match_ess(struct ieee80211_ess
  return 0;
 
  if (ess->flags & (IEEE80211_F_PSK | IEEE80211_F_RSNON)) {
- /* Ensure same WPA version. */
- if ((ni->ni_rsnprotos & IEEE80211_PROTO_RSN) &&
-    (ess->rsnprotos & IEEE80211_PROTO_RSN) == 0)
- return 0;
- if ((ni->ni_rsnprotos & IEEE80211_PROTO_WPA) &&
-    (ess->rsnprotos & IEEE80211_PROTO_WPA) == 0)
+ /* Ensure a compatible WPA version. */
+ if ((ni->ni_supported_rsnprotos & ess->rsnprotos) == 0)
  return 0;
  } else if (ess->flags & IEEE80211_F_WEPON) {
  if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
Index: sbin/ifconfig/ifconfig.c
===================================================================
RCS file: /cvs/openbsd/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.384
diff -u -p -u -p -r1.384 ifconfig.c
--- sbin/ifconfig/ifconfig.c 20 Nov 2018 20:49:26 -0000 1.384
+++ sbin/ifconfig/ifconfig.c 21 Nov 2018 07:36:00 -0000
@@ -1909,7 +1909,7 @@ setifwpa(const char *val, int d)
  wpa.i_enabled = d;
 
  if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
+ join.i_wpaparams.i_enabled = d;
  join.i_flags |= IEEE80211_JOIN_WPA;
  return;
  }
@@ -1940,6 +1940,12 @@ setifwpaprotos(const char *val, int d)
  }
  free(optlist);
 
+ if (actions & A_JOIN) {
+ join.i_wpaparams.i_protos = rval;
+ join.i_flags |= IEEE80211_JOIN_WPA;
+ return;
+ }
+
  memset(&wpa, 0, sizeof(wpa));
  (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
  if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
@@ -1949,12 +1955,6 @@ setifwpaprotos(const char *val, int d)
  wpa.i_ciphers = 0;
  wpa.i_groupcipher = 0;
 
- if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
- join.i_flags |= IEEE80211_JOIN_WPA;
- return;
- }
-
  if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
  err(1, "SIOCS80211WPAPARMS");
 }
@@ -1981,6 +1981,14 @@ setifwpaakms(const char *val, int d)
  }
  free(optlist);
 
+ if (actions & A_JOIN) {
+ join.i_wpaparams.i_akms = rval;
+ join.i_wpaparams.i_enabled =
+    ((rval & IEEE80211_WPA_AKM_8021X) != 0);
+ join.i_flags |= IEEE80211_JOIN_WPA;
+ return;
+ }
+
  memset(&wpa, 0, sizeof(wpa));
  (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
  if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
@@ -1989,12 +1997,6 @@ setifwpaakms(const char *val, int d)
  /* Enable WPA for 802.1x here. PSK case is handled in setifwpakey(). */
  wpa.i_enabled = ((rval & IEEE80211_WPA_AKM_8021X) != 0);
 
- if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
- join.i_flags |= IEEE80211_JOIN_WPA;
- return;
- }
-
  if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
  err(1, "SIOCS80211WPAPARMS");
 }
@@ -2042,18 +2044,18 @@ setifwpaciphers(const char *val, int d)
  }
  free(optlist);
 
+ if (actions & A_JOIN) {
+ join.i_wpaparams.i_ciphers = rval;
+ join.i_flags |= IEEE80211_JOIN_WPA;
+ return;
+ }
+
  memset(&wpa, 0, sizeof(wpa));
  (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
  if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
  err(1, "SIOCG80211WPAPARMS");
  wpa.i_ciphers = rval;
 
- if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
- join.i_flags |= IEEE80211_JOIN_WPA;
- return;
- }
-
  if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
  err(1, "SIOCS80211WPAPARMS");
 }
@@ -2076,7 +2078,7 @@ setifwpagroupcipher(const char *val, int
  wpa.i_groupcipher = cipher;
 
  if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
+ join.i_wpaparams.i_groupcipher = cipher;
  join.i_flags |= IEEE80211_JOIN_WPA;
  return;
  }


--
To iterate is human, to recurse, divine.
                -- Robert Heller

Reply | Threaded
Open this post in threaded view
|

Re: wifi join and wpaprotos

Solene Rapenne
Peter Hessler <[hidden email]> wrote:

> On 2018 Nov 20 (Tue) at 20:06:25 +0100 (+0100), Peter Hessler wrote:
> :On 2018 Nov 02 (Fri) at 19:13:56 +0100 (+0100), Peter Hessler wrote:
> ::On 2018 Nov 02 (Fri) at 17:59:05 +0100 (+0100), Solene Rapenne wrote:
> :::Stefan Sperling <[hidden email]> wrote:
> :::> On Fri, Nov 02, 2018 at 03:41:57PM +0100, Solene Rapenne wrote:
> :::> > Hello,
> :::> >
> :::> > I can't connect to wpa1 networks using join. From the man page, I understand
> :::> > that "wpaprotos" parameter isn't supported.
> :::> >
> :::> >     The id can either be any text string up to 32 characters in
> :::> >     length, or a series of hexadecimal digits up to 64 digits.  Any
> :::> >     necessary wpakey or nwkey arguments should be specified on the
> :::> >     same line.  May not be used with nwid.
> :::> >
> :::> > The SSID when I use "ifconfig iwm0 scan":
> :::> >
> :::> >     nwid freeboxSSID chan 11 bssid 16:fa:ca:a1:ba:3c 67% HT-MCS15 privacy,short_slottime,wpa1
> :::> >
> :::> >
> :::> > With this line in /etc/hostname.iwm0:
> :::> >
> :::> >     join "freeboxSSID" wpakey somekeyhere
> :::> >
> :::> > It won't connect until I type "ifconfig iwm0 wpaprotos wpa1".
> :::> >
> :::> >
> :::> > If I add the wpaprotos parameters to the /etc/hostname.iwm0 line, when
> :::> > rebooting, the ifconfig command output is the following.
> :::> >
> :::> >     iwm0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> :::> >             lladdr 8c:16:45:9b:c9:fe
> :::> >             index 1 priority 4 llprio 3
> :::> >             trunk: trunkdev trunk0
> :::> >             groups: wlan
> :::> >             media: IEEE802.11 autoselect (DS1)
> :::> >             status: no network
> :::> >             ieee80211: join freeboxSSID
> :::> >
> :::> > I'm not sure it's a bug, but I prefer to report it.
> :::>
> :::> That's probably a bug. Using wpaprotos with join in hostname.if is supposed
> :::> to work as long as you're specifying it on the same line, like this:
> :::>
> :::>      join "freeboxSSID" wpakey somekeyhere wpaprotos wpa1
> :::
> :::With this line, it doesn't find the SSID after reboot or using netstart.
> :::
> ::
> ::I'll look into it.  Thanks for the report!
> ::
> :
> :Sorry for the delay, it took a while to get time to fix this.
> :
> :There are two bugs masquarading as one.
> :
> :First in the kernel, is that we didn't properly match what the node
> :(access point) is advertising to us, so we should match against that
> :instead.  Secondly, in ifconfig, we made all of the nice pretty
> :structures and stomped all over them when saving them.
> :
> :You'll need to rebuild ifconfig and boot into a new kernel.
> :
> :OK?
> :
>
> Sorry, I attached the wrong diff, too many other things were intertwined
> in it.
>
> Here's a diff that compiles, and should fix your issue.
>
> OK?

I can't test the diff properly, I won't have access to the wpa1 access point
until a few months.

Reply | Threaded
Open this post in threaded view
|

Re: wifi join and wpaprotos

Stefan Sperling-5
In reply to this post by Peter Hessler
On Wed, Nov 21, 2018 at 08:50:00AM +0100, Peter Hessler wrote:

> Index: sys/net80211/ieee80211_node.c
> ===================================================================
> RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_node.c,v
> retrieving revision 1.157
> diff -u -p -u -p -r1.157 ieee80211_node.c
> --- sys/net80211/ieee80211_node.c 20 Nov 2018 20:26:01 -0000 1.157
> +++ sys/net80211/ieee80211_node.c 21 Nov 2018 07:36:51 -0000
> @@ -515,12 +515,8 @@ ieee80211_match_ess(struct ieee80211_ess
>   return 0;
>  
>   if (ess->flags & (IEEE80211_F_PSK | IEEE80211_F_RSNON)) {
> - /* Ensure same WPA version. */
> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_RSN) &&
> -    (ess->rsnprotos & IEEE80211_PROTO_RSN) == 0)
> - return 0;
> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_WPA) &&
> -    (ess->rsnprotos & IEEE80211_PROTO_WPA) == 0)
> + /* Ensure a compatible WPA version. */

In what way does "compatible version" differ from "same version"?

> + if ((ni->ni_supported_rsnprotos & ess->rsnprotos) == 0)

Logically, this looks like a no-op change to me.
Any AP will offer both WPA1|WPA2 or WPA1 only or WPA2 only.

So we have the following cases:

WPA1 & WPA1 -> 1
WPA2 & WPA2 -> 1
WPA1 & WPA2 -> 0
(WPA1|WPA2) & WPA1 -> 0
(WPA1|WPA1) & WPA2 -> 0
(WPA1|WPA2) & (WPA1|WPA2) -> 1

The previous logic specifically checked for:

WPA2 & WPA2 -> 1
WPA1 & WPA1 -> 1

and it rejected any other combination.
Which gives the same result, doesn't it?

So is this kernel change really needed? Isn't the actual fix
in your ifconfig changes, which makes ifconfig gather join
parameters without also running intermediate ioctls?

>   return 0;
>   } else if (ess->flags & IEEE80211_F_WEPON) {
>   if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
> Index: sbin/ifconfig/ifconfig.c

OK stsp@ for the ifconfig parts.

> ===================================================================
> RCS file: /cvs/openbsd/src/sbin/ifconfig/ifconfig.c,v
> retrieving revision 1.384
> diff -u -p -u -p -r1.384 ifconfig.c
> --- sbin/ifconfig/ifconfig.c 20 Nov 2018 20:49:26 -0000 1.384
> +++ sbin/ifconfig/ifconfig.c 21 Nov 2018 07:36:00 -0000
> @@ -1909,7 +1909,7 @@ setifwpa(const char *val, int d)
>   wpa.i_enabled = d;
>  
>   if (actions & A_JOIN) {
> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
> + join.i_wpaparams.i_enabled = d;
>   join.i_flags |= IEEE80211_JOIN_WPA;
>   return;
>   }
> @@ -1940,6 +1940,12 @@ setifwpaprotos(const char *val, int d)
>   }
>   free(optlist);
>  
> + if (actions & A_JOIN) {
> + join.i_wpaparams.i_protos = rval;
> + join.i_flags |= IEEE80211_JOIN_WPA;
> + return;
> + }
> +
>   memset(&wpa, 0, sizeof(wpa));
>   (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
>   if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
> @@ -1949,12 +1955,6 @@ setifwpaprotos(const char *val, int d)
>   wpa.i_ciphers = 0;
>   wpa.i_groupcipher = 0;
>  
> - if (actions & A_JOIN) {
> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
> - join.i_flags |= IEEE80211_JOIN_WPA;
> - return;
> - }
> -
>   if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
>   err(1, "SIOCS80211WPAPARMS");
>  }
> @@ -1981,6 +1981,14 @@ setifwpaakms(const char *val, int d)
>   }
>   free(optlist);
>  
> + if (actions & A_JOIN) {
> + join.i_wpaparams.i_akms = rval;
> + join.i_wpaparams.i_enabled =
> +    ((rval & IEEE80211_WPA_AKM_8021X) != 0);
> + join.i_flags |= IEEE80211_JOIN_WPA;
> + return;
> + }
> +
>   memset(&wpa, 0, sizeof(wpa));
>   (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
>   if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
> @@ -1989,12 +1997,6 @@ setifwpaakms(const char *val, int d)
>   /* Enable WPA for 802.1x here. PSK case is handled in setifwpakey(). */
>   wpa.i_enabled = ((rval & IEEE80211_WPA_AKM_8021X) != 0);
>  
> - if (actions & A_JOIN) {
> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
> - join.i_flags |= IEEE80211_JOIN_WPA;
> - return;
> - }
> -
>   if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
>   err(1, "SIOCS80211WPAPARMS");
>  }
> @@ -2042,18 +2044,18 @@ setifwpaciphers(const char *val, int d)
>   }
>   free(optlist);
>  
> + if (actions & A_JOIN) {
> + join.i_wpaparams.i_ciphers = rval;
> + join.i_flags |= IEEE80211_JOIN_WPA;
> + return;
> + }
> +
>   memset(&wpa, 0, sizeof(wpa));
>   (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
>   if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
>   err(1, "SIOCG80211WPAPARMS");
>   wpa.i_ciphers = rval;
>  
> - if (actions & A_JOIN) {
> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
> - join.i_flags |= IEEE80211_JOIN_WPA;
> - return;
> - }
> -
>   if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
>   err(1, "SIOCS80211WPAPARMS");
>  }
> @@ -2076,7 +2078,7 @@ setifwpagroupcipher(const char *val, int
>   wpa.i_groupcipher = cipher;
>  
>   if (actions & A_JOIN) {
> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
> + join.i_wpaparams.i_groupcipher = cipher;
>   join.i_flags |= IEEE80211_JOIN_WPA;
>   return;
>   }
>
>
> --
> To iterate is human, to recurse, divine.
> -- Robert Heller

Reply | Threaded
Open this post in threaded view
|

Re: wifi join and wpaprotos

Peter Hessler
On 2018 Nov 25 (Sun) at 10:48:37 +0100 (+0100), Stefan Sperling wrote:
:On Wed, Nov 21, 2018 at 08:50:00AM +0100, Peter Hessler wrote:
:> Index: sys/net80211/ieee80211_node.c
:> ===================================================================
:> RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_node.c,v
:> retrieving revision 1.157
:> diff -u -p -u -p -r1.157 ieee80211_node.c
:> --- sys/net80211/ieee80211_node.c 20 Nov 2018 20:26:01 -0000 1.157
:> +++ sys/net80211/ieee80211_node.c 21 Nov 2018 07:36:51 -0000
:> @@ -515,12 +515,8 @@ ieee80211_match_ess(struct ieee80211_ess
:>   return 0;
:>  
:>   if (ess->flags & (IEEE80211_F_PSK | IEEE80211_F_RSNON)) {
:> - /* Ensure same WPA version. */
:> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_RSN) &&
:> -    (ess->rsnprotos & IEEE80211_PROTO_RSN) == 0)
:> - return 0;
:> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_WPA) &&
:> -    (ess->rsnprotos & IEEE80211_PROTO_WPA) == 0)
:> + /* Ensure a compatible WPA version. */
:
:In what way does "compatible version" differ from "same version"?
:

WPA1|WPA2 != WPA2.  But if we are choosing one of them, then it is
compatible.


:> + if ((ni->ni_supported_rsnprotos & ess->rsnprotos) == 0)
:
:Logically, this looks like a no-op change to me.
:Any AP will offer both WPA1|WPA2 or WPA1 only or WPA2 only.
:

WPA3 is a thing and even though we don't yet support it, this makes
that support easier.  I also find this check easier to follow.


:So we have the following cases:
:
:WPA1 & WPA1 -> 1
:WPA2 & WPA2 -> 1
:WPA1 & WPA2 -> 0
:(WPA1|WPA2) & WPA1 -> 0
:(WPA1|WPA1) & WPA2 -> 0
:(WPA1|WPA2) & (WPA1|WPA2) -> 1
:
:The previous logic specifically checked for:
:
:WPA2 & WPA2 -> 1
:WPA1 & WPA1 -> 1
:
:and it rejected any other combination.
:Which gives the same result, doesn't it?
:
:So is this kernel change really needed? Isn't the actual fix
:in your ifconfig changes, which makes ifconfig gather join
:parameters without also running intermediate ioctls?
:

Yes, it is really needed.  ni->ni_rsnprotos vs ni->ni_supported_rsnprotos
is the important part.

On a WPA1|WPA2 AP I was testing against ni_rsnprotos is set to only wpa2,
but ni_supported_rsnprotos is set to WPA1|WPA2.


:>   return 0;
:>   } else if (ess->flags & IEEE80211_F_WEPON) {
:>   if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
:> Index: sbin/ifconfig/ifconfig.c
:
:OK stsp@ for the ifconfig parts.
:
:> ===================================================================
:> RCS file: /cvs/openbsd/src/sbin/ifconfig/ifconfig.c,v
:> retrieving revision 1.384
:> diff -u -p -u -p -r1.384 ifconfig.c
:> --- sbin/ifconfig/ifconfig.c 20 Nov 2018 20:49:26 -0000 1.384
:> +++ sbin/ifconfig/ifconfig.c 21 Nov 2018 07:36:00 -0000
:> @@ -1909,7 +1909,7 @@ setifwpa(const char *val, int d)
:>   wpa.i_enabled = d;
:>  
:>   if (actions & A_JOIN) {
:> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
:> + join.i_wpaparams.i_enabled = d;
:>   join.i_flags |= IEEE80211_JOIN_WPA;
:>   return;
:>   }
:> @@ -1940,6 +1940,12 @@ setifwpaprotos(const char *val, int d)
:>   }
:>   free(optlist);
:>  
:> + if (actions & A_JOIN) {
:> + join.i_wpaparams.i_protos = rval;
:> + join.i_flags |= IEEE80211_JOIN_WPA;
:> + return;
:> + }
:> +
:>   memset(&wpa, 0, sizeof(wpa));
:>   (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
:>   if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
:> @@ -1949,12 +1955,6 @@ setifwpaprotos(const char *val, int d)
:>   wpa.i_ciphers = 0;
:>   wpa.i_groupcipher = 0;
:>  
:> - if (actions & A_JOIN) {
:> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
:> - join.i_flags |= IEEE80211_JOIN_WPA;
:> - return;
:> - }
:> -
:>   if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
:>   err(1, "SIOCS80211WPAPARMS");
:>  }
:> @@ -1981,6 +1981,14 @@ setifwpaakms(const char *val, int d)
:>   }
:>   free(optlist);
:>  
:> + if (actions & A_JOIN) {
:> + join.i_wpaparams.i_akms = rval;
:> + join.i_wpaparams.i_enabled =
:> +    ((rval & IEEE80211_WPA_AKM_8021X) != 0);
:> + join.i_flags |= IEEE80211_JOIN_WPA;
:> + return;
:> + }
:> +
:>   memset(&wpa, 0, sizeof(wpa));
:>   (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
:>   if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
:> @@ -1989,12 +1997,6 @@ setifwpaakms(const char *val, int d)
:>   /* Enable WPA for 802.1x here. PSK case is handled in setifwpakey(). */
:>   wpa.i_enabled = ((rval & IEEE80211_WPA_AKM_8021X) != 0);
:>  
:> - if (actions & A_JOIN) {
:> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
:> - join.i_flags |= IEEE80211_JOIN_WPA;
:> - return;
:> - }
:> -
:>   if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
:>   err(1, "SIOCS80211WPAPARMS");
:>  }
:> @@ -2042,18 +2044,18 @@ setifwpaciphers(const char *val, int d)
:>   }
:>   free(optlist);
:>  
:> + if (actions & A_JOIN) {
:> + join.i_wpaparams.i_ciphers = rval;
:> + join.i_flags |= IEEE80211_JOIN_WPA;
:> + return;
:> + }
:> +
:>   memset(&wpa, 0, sizeof(wpa));
:>   (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
:>   if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
:>   err(1, "SIOCG80211WPAPARMS");
:>   wpa.i_ciphers = rval;
:>  
:> - if (actions & A_JOIN) {
:> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
:> - join.i_flags |= IEEE80211_JOIN_WPA;
:> - return;
:> - }
:> -
:>   if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
:>   err(1, "SIOCS80211WPAPARMS");
:>  }
:> @@ -2076,7 +2078,7 @@ setifwpagroupcipher(const char *val, int
:>   wpa.i_groupcipher = cipher;
:>  
:>   if (actions & A_JOIN) {
:> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
:> + join.i_wpaparams.i_groupcipher = cipher;
:>   join.i_flags |= IEEE80211_JOIN_WPA;
:>   return;
:>   }
:>
:>
:> --
:> To iterate is human, to recurse, divine.
:> -- Robert Heller

--
Electrical Engineers do it with less resistance.

Reply | Threaded
Open this post in threaded view
|

Re: wifi join and wpaprotos

Stefan Sperling-5
On Sun, Nov 25, 2018 at 11:27:03AM +0100, Peter Hessler wrote:

> On 2018 Nov 25 (Sun) at 10:48:37 +0100 (+0100), Stefan Sperling wrote:
> :On Wed, Nov 21, 2018 at 08:50:00AM +0100, Peter Hessler wrote:
> :> Index: sys/net80211/ieee80211_node.c
> :> ===================================================================
> :> RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_node.c,v
> :> retrieving revision 1.157
> :> diff -u -p -u -p -r1.157 ieee80211_node.c
> :> --- sys/net80211/ieee80211_node.c 20 Nov 2018 20:26:01 -0000 1.157
> :> +++ sys/net80211/ieee80211_node.c 21 Nov 2018 07:36:51 -0000
> :> @@ -515,12 +515,8 @@ ieee80211_match_ess(struct ieee80211_ess
> :>   return 0;
> :>  
> :>   if (ess->flags & (IEEE80211_F_PSK | IEEE80211_F_RSNON)) {
> :> - /* Ensure same WPA version. */
> :> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_RSN) &&
> :> -    (ess->rsnprotos & IEEE80211_PROTO_RSN) == 0)
> :> - return 0;
> :> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_WPA) &&
> :> -    (ess->rsnprotos & IEEE80211_PROTO_WPA) == 0)
> :> + /* Ensure a compatible WPA version. */
> :
> :In what way does "compatible version" differ from "same version"?
> :
>
> WPA1|WPA2 != WPA2.  But if we are choosing one of them, then it is
> compatible.

What happens if we have WPA2-only AP A on our joinlist, and WPA1-only AP B
with the same ESSID pops up? Could we now be choosing this ESSID in favour
of another ESSID which offers WPA2, provided the user has manually enabled
WPA1 support?

We don't want 'join' to choose a WPA1 network if it could choose a WPA2
network instead.

> :So is this kernel change really needed? Isn't the actual fix
> :in your ifconfig changes, which makes ifconfig gather join
> :parameters without also running intermediate ioctls?
> :
>
> Yes, it is really needed.  ni->ni_rsnprotos vs ni->ni_supported_rsnprotos
> is the important part.

Ah, indeed. I missed that part.

> On a WPA1|WPA2 AP I was testing against ni_rsnprotos is set to only wpa2,
> but ni_supported_rsnprotos is set to WPA1|WPA2.

But such networks didn't have a problem in the first place, did they?

I think the question we should be asking is:
Why does choosing a WPA1-only network not work without this change?
I don't yet understand why.

I doesn't seem right to match networks on advertised capabilities, instead of
matching on negotiated (and our preferred) capabilities, as we do now.

Reply | Threaded
Open this post in threaded view
|

Re: wifi join and wpaprotos

Peter Hessler
On 2018 Nov 25 (Sun) at 12:32:39 +0100 (+0100), Stefan Sperling wrote:
:On Sun, Nov 25, 2018 at 11:27:03AM +0100, Peter Hessler wrote:
:> On 2018 Nov 25 (Sun) at 10:48:37 +0100 (+0100), Stefan Sperling wrote:
:> :On Wed, Nov 21, 2018 at 08:50:00AM +0100, Peter Hessler wrote:
:> :> Index: sys/net80211/ieee80211_node.c
:> :> ===================================================================
:> :> RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_node.c,v
:> :> retrieving revision 1.157
:> :> diff -u -p -u -p -r1.157 ieee80211_node.c
:> :> --- sys/net80211/ieee80211_node.c 20 Nov 2018 20:26:01 -0000 1.157
:> :> +++ sys/net80211/ieee80211_node.c 21 Nov 2018 07:36:51 -0000
:> :> @@ -515,12 +515,8 @@ ieee80211_match_ess(struct ieee80211_ess
:> :>   return 0;
:> :>  
:> :>   if (ess->flags & (IEEE80211_F_PSK | IEEE80211_F_RSNON)) {
:> :> - /* Ensure same WPA version. */
:> :> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_RSN) &&
:> :> -    (ess->rsnprotos & IEEE80211_PROTO_RSN) == 0)
:> :> - return 0;
:> :> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_WPA) &&
:> :> -    (ess->rsnprotos & IEEE80211_PROTO_WPA) == 0)
:> :> + /* Ensure a compatible WPA version. */
:> :
:> :In what way does "compatible version" differ from "same version"?
:> :
:>
:> WPA1|WPA2 != WPA2.  But if we are choosing one of them, then it is
:> compatible.
:
:What happens if we have WPA2-only AP A on our joinlist, and WPA1-only AP B
:with the same ESSID pops up? Could we now be choosing this ESSID in favour
:of another ESSID which offers WPA2, provided the user has manually enabled
:WPA1 support?
:
:We don't want 'join' to choose a WPA1 network if it could choose a WPA2
:network instead.
:

Correct, we don't want that.

In ieee80211_ess_calculate_score(), we do consider WPA2 vs WPA1, and
give many more points for WPA2 compatible APs.  Assuming both were
visible, and both were compatible with our desired configuration, we
would choose the WPA2 compatible AP.


:> :So is this kernel change really needed? Isn't the actual fix
:> :in your ifconfig changes, which makes ifconfig gather join
:> :parameters without also running intermediate ioctls?
:> :
:>
:> Yes, it is really needed.  ni->ni_rsnprotos vs ni->ni_supported_rsnprotos
:> is the important part.
:
:Ah, indeed. I missed that part.
:
:> On a WPA1|WPA2 AP I was testing against ni_rsnprotos is set to only wpa2,
:> but ni_supported_rsnprotos is set to WPA1|WPA2.
:
:But such networks didn't have a problem in the first place, did they?
:

No, a WPA1-only network shouldn't have this problem, because
ni_rsnprotos won't override to WPA2 if it isn't available.


:I think the question we should be asking is:
:Why does choosing a WPA1-only network not work without this change?
:I don't yet understand why.
:
:I doesn't seem right to match networks on advertised capabilities, instead of
:matching on negotiated (and our preferred) capabilities, as we do now.

ni_rsnprotos is hard-coded to just WPA2 or WPA1 based on what is
configured in the ic.  We have not yet adjusted the ic, so that can't be
used to compare.

In my test case, I have disabled wpa2 and only accept wpa1 as the
configuration for the essid.  with ni_rsnprotos being set to wpa2 only,
it can't match.


--
I don't mind going nowhere as long as it's an interesting path.
                -- Ronald Mabbitt