As already discussed with adrian on IRC. Background: I just changed my home AP from a Linksys WRT54GL (802.11g) running dd-wrt to a TP-Link TL-WR1043ND (IEEE 802.11n) also with dd-wrt. When I configured the new AP with WPA or WPA2 using TKIP or AES encryption ifconfig shows that I am connected, but I can't get an IP address from DHCP or can ping the AP when I configure an IP address manually: ifconfig wlan1 wlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 00:24:2b:0e:a8:5f inet6 fe80::224:2bff:fe0e:a85f%wlan1 prefixlen 64 scopeid 0x6 inet 0.0.0.0 netmask 0xffffffff broadcast 192.168.10.255 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g status: associated ssid hafenkneipe channel 6 (2437 MHz 11g) bssid d8:5d:4c:9c:35:50 regdomain 101 indoor ecm authmode WPA privacy ON deftxkey UNDEF AES-CCM 2:128-bit txpower 20 bmiss 7 scanvalid 450 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme burst roaming MANUAL wpa_supplicant.conf: network={ ssid="hafenkneipe" psk="foobar" } With wlandebug turned on I see this in /var/log/messages: Feb 8 21:54:25 maggie kernel: wlan1: Ethernet address: 00:24:2b:0e:a8:5f Feb 8 21:54:28 maggie kernel: wlan1: link state changed to UP Feb 8 21:58:05 maggie kernel: ath0: ath_key_update_begin: Feb 8 21:58:05 maggie kernel: ath0: ath_key_delete: delete key 4 Feb 8 21:58:05 maggie kernel: ath0: ath_key_update_end: Feb 8 21:58:05 maggie kernel: wlan1: link state changed to DOWN Feb 8 21:58:05 maggie kernel: ath0: ath_stop_locked: invalid 0 if_flags 0x8802 Feb 8 21:58:05 maggie kernel: ar5212GetChipPowerLimits: no min/max power for 2312/0xa0 Feb 8 21:58:05 maggie kernel: ath0: ath_key_update_begin: Feb 8 21:58:05 maggie kernel: ath0: ath_key_update_end: Feb 8 21:58:05 maggie kernel: ath0: ath_key_update_begin: Feb 8 21:58:05 maggie kernel: ath0: ath_key_update_end: Feb 8 21:58:05 maggie kernel: ath0: ath_key_update_begin: Feb 8 21:58:05 maggie kernel: ath0: ath_key_update_end: Feb 8 21:58:05 maggie kernel: ath0: ath_key_update_begin: Feb 8 21:58:05 maggie kernel: ath0: ath_key_update_end: Feb 8 21:58:05 maggie kernel: ath0: ath_init: if_flags 0x8803 Feb 8 21:58:05 maggie kernel: ath0: ath_stop_locked: invalid 0 if_flags 0x8803 Feb 8 21:58:07 maggie wpa_supplicant[2855]: Trying to associate with d8:5d:4c:9c:35:50 (SSID='hafenkneipe' freq=2437 MHz) Feb 8 21:58:07 maggie wpa_supplicant[2855]: Associated with d8:5d:4c:9c:35:50 Feb 8 21:58:07 maggie kernel: wlan1: link state changed to UP Feb 8 21:58:07 maggie kernel: ar5212GetNf: NF did not complete in calibration window Feb 8 21:58:07 maggie kernel: ath0: ath_key_update_begin: Feb 8 21:58:07 maggie kernel: ath0: key_alloc_single: key 4 Feb 8 21:58:07 maggie kernel: ath_keyset: [04] AES-CCM 937e65e30ebd9cce6a66e55ebe205e6c mac d8:5d:4c:9c:35:50 Feb 8 21:58:07 maggie kernel: ath0: ath_key_update_end: Feb 8 21:58:07 maggie kernel: ath0: ath_key_update_begin: Feb 8 21:58:07 maggie kernel: ath_keyset: [01] AES-CCM 0351763e51f414f841430904f7eb7126 mac d8:5d:4c:9c:35:50 Feb 8 21:58:07 maggie kernel: ath0: ath_key_update_end: Feb 8 21:58:07 maggie wpa_supplicant[2855]: WPA: Key negotiation completed with d8:5d:4c:9c:35:50 [PTK=CCMP GTK=CCMP] Feb 8 21:58:07 maggie wpa_supplicant[2855]: CTRL-EVENT-CONNECTED - Connection to d8:5d:4c:9c:35:50 completed (auth) [id=1 id_str=] If I disable WPA and use an unencrypted network the connection works. With the same configuration a USB stick (if_rum) works.
Responsible Changed From-To: freebsd-bugs->adrian over to adrian
Author: adrian Date: Wed Feb 9 15:23:16 2011 New Revision: 218483 URL: http://svn.freebsd.org/changeset/base/218483 Log: Fix the keycache behaviour for multicast keycache search. The correct bit to set is 0x1 in the high MAC address byte, not 0x80. The hardware isn't programmed with that bit (which is the multicast adress bit.) The linux ath9k keycache code uses that bit in the MAC as a "this is a multicast key!" and doesn't set the AR_KEYTABLE_VALID bit. This tells the hardware the MAC isn't to be used for unicast destination matching but it can be used for multicast bssid traffic. This fixes some encryption problems in station mode. PR: kern/154598 Modified: head/sys/dev/ath/ath_hal/ar5212/ar5212_keycache.c head/sys/dev/ath/if_ath.c Modified: head/sys/dev/ath/ath_hal/ar5212/ar5212_keycache.c ============================================================================== --- head/sys/dev/ath/ath_hal/ar5212/ar5212_keycache.c Wed Feb 9 14:37:33 2011 (r218482) +++ head/sys/dev/ath/ath_hal/ar5212/ar5212_keycache.c Wed Feb 9 15:23:16 2011 (r218483) @@ -99,11 +99,18 @@ ar5212ResetKeyCacheEntry(struct ath_hal /* * Sets the mac part of the specified key cache entry (and any * associated MIC entry) and mark them valid. + * + * Since mac[0] is shifted off and not presented to the hardware, + * it does double duty as a "don't use for unicast, use for multicast + * matching" flag. This interface should later be extended to + * explicitly do that rather than overloading a bit in the MAC + * address. */ HAL_BOOL ar5212SetKeyCacheEntryMac(struct ath_hal *ah, uint16_t entry, const uint8_t *mac) { uint32_t macHi, macLo; + uint32_t unicast_flag = AR_KEYTABLE_VALID; if (entry >= AH_PRIVATE(ah)->ah_caps.halKeyCacheSize) { HALDEBUG(ah, HAL_DEBUG_ANY, "%s: entry %u out of range\n", @@ -115,6 +122,16 @@ ar5212SetKeyCacheEntryMac(struct ath_hal * the 4 MSBs, and MacHi is the 2 LSBs. */ if (mac != AH_NULL) { + /* + * AR_KEYTABLE_VALID indicates that the address is a unicast + * address, which must match the transmitter address for + * decrypting frames. + * Not setting this bit allows the hardware to use the key + * for multicast frame decryption. + */ + if (mac[0] & 0x01) + unicast_flag = 0; + macHi = (mac[5] << 8) | mac[4]; macLo = (mac[3] << 24)| (mac[2] << 16) | (mac[1] << 8) | mac[0]; @@ -125,7 +142,7 @@ ar5212SetKeyCacheEntryMac(struct ath_hal macLo = macHi = 0; } OS_REG_WRITE(ah, AR_KEYTABLE_MAC0(entry), macLo); - OS_REG_WRITE(ah, AR_KEYTABLE_MAC1(entry), macHi | AR_KEYTABLE_VALID); + OS_REG_WRITE(ah, AR_KEYTABLE_MAC1(entry), macHi | unicast_flag); return AH_TRUE; } Modified: head/sys/dev/ath/if_ath.c ============================================================================== --- head/sys/dev/ath/if_ath.c Wed Feb 9 14:37:33 2011 (r218482) +++ head/sys/dev/ath/if_ath.c Wed Feb 9 15:23:16 2011 (r218483) @@ -1938,10 +1938,10 @@ ath_keyset(struct ath_softc *sc, const s /* * Group keys on hardware that supports multicast frame * key search use a MAC that is the sender's address with - * the high bit set instead of the app-specified address. + * the multicast bit set instead of the app-specified address. */ IEEE80211_ADDR_COPY(gmac, bss->ni_macaddr); - gmac[0] |= 0x80; + gmac[0] |= 0x01; mac = gmac; } else mac = k->wk_macaddr; _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
State Changed From-To: open->patched committed in head (r218483)
Responsible Changed From-To: adrian->freebsd-wireless bump to mailing-list
Adrian is this complete?
^Triage: overcome by events.