[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-bugs
Subject: Re: ath(4): Cannot use WPA in 802.11a mode
From: Stefan Ott <stefan () ott ! net>
Date: 2017-06-12 21:43:05
Message-ID: 20170612214305.GA64823 () greebo ! asti ! ch
[Download RAW message or body]
On Mon, Jun 12, 2017 at 12:19:09PM +0200, Stefan Sperling wrote:
>
> Reason 15 means the WPA 4-way handshake timed out from the AP's point of view.
> This indicates the AP is unable to receive any (or some) frames sent by the
> client during the WPA authentication phase.
>
> Are you sure that communication on 5 GHz works well in general?
> Does an unecrypted network on 5GHz perform worse than a 2GHz one?
> What is the packet loss rate for a ping to the AP's IP address on
> unencrypted 5GHz?
You are right, I only tested whether the client can connect to the AP,
I didn't try to actually use the connection. Now that I tried it seems
that the 5 Ghz mode does not work correctly at all, i.e. I can't even
run DHCP.
> Can you run 'ifconfig ath0 debug' on the AP and show additional lines
> printed to dmesg while a client tries to connect?
Sure. This is what a connection attempts looks like on the AP side
in debug mode:
ath0: sending auth to 04:f0:21:17:39:92 on channel 48 mode 11a
ath0: station 04:f0:21:17:39:92 already authenticated (open)
ath0: sending assoc_resp to 04:f0:21:17:39:92 on channel 48 mode 11a
ath0: sending msg 1/4 of the 4-way handshake to 04:f0:21:17:39:92
ath0: received auth from 04:f0:21:17:39:92 rssi 56 mode 11a
ath0: received assoc_req from 04:f0:21:17:39:92 rssi 50 mode 11a
ath0: sending msg 1/4 of the 4-way handshake to 04:f0:21:17:39:92
ath0: sending msg 1/4 of the 4-way handshake to 04:f0:21:17:39:92
ath0: station 04:f0:21:17:39:92 deauthenticate (reason 15)
ath0: sending deauth to 04:f0:21:17:39:92 on channel 48 mode 11a
> Can you show the output of 'netstat -W ath0' and 'netstat -I ath0' twice?
> Once from before the client tries to connect, and once after.
Before:
# netstat -W ath0
ieee80211 on ath0:
0 input packets with bad version
0 input packets too short
0 input packets from wrong bssid
30 input packet duplicates discarded
34 input packets with wrong direction
0 input multicast echo packets discarded
13 input packets from unassociated station discarded
0 input encrypted packets without wep/wpa config discarded
34 input unencrypted packets with wep/wpa config discarded
0 input wep/wpa packets processing failed
16 input packet decapsulations failed
2 input management packets discarded
3 input control packets discarded
0 input packets with truncated rate set
0 input packets with missing elements
0 input packets with elements too big
0 input packets with elements too small
11 input packets with invalid channel
241 input packets with mismatched channel
0 node allocations failed
157 input packets with mismatched ssid
0 input packets with unsupported auth algorithm
0 input authentications failed
0 input associations from wrong bssid
0 input associations without authentication
0 input associations with mismatched capabilities
0 input associations without matching rates
0 input associations with bad rsn ie
1 input deauthentication packet
8 input disassociation packets
0 input packets with unknown subtype
0 input packets failed for lack of mbufs
0 input decryptions failed on crc
0 input ahdemo management packets discarded
0 input packets with bad auth request
4 input eapol-key packets
0 input eapol-key packets with bad mic
0 input eapol-key packets replayed
0 input packets with bad tkip mic
0 input tkip mic failure notifications
0 input packets on unauthenticated port
0 output packets failed for lack of mbufs
15 output packets failed for no nodes
0 output packets of unknown management type
1 output packet on unauthenticated port
1 active scan started
2 passive scans started
6 nodes timed out
0 failures with no memory for crypto ctx
0 ccmp decryption errors
0 ccmp replayed frames
0 cmac icv errors
0 cmac replayed frames
0 tkip icv errors
0 tkip replays
0 pbac errors
0 HT negotiation failures because peer does not support MCS 0-7
0 HT negotiation failures because we do not support basic MCS set
0 HT negotiation failures because peer uses bad crypto
0 HT protection changes
0 new input block ack agreements
0 new output block ack agreements
0 input frames below block ack window start
0 input frames above block ack window end
0 input block ack window slides
0 input block ack window jumps
0 duplicate input block ack frames
0 expected input block ack frames never arrived
0 input block ack window gaps timed out
0 input block ack agreements timed out
0 output block ack agreements timed out
# netstat -I ath0
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Colls
ath0 1500 <Link> 00:0b:6b:23:35:a5 6696 47 4215 16 0
After:
# netstat -W ath0
ieee80211 on ath0:
0 input packets with bad version
0 input packets too short
0 input packets from wrong bssid
30 input packet duplicates discarded
34 input packets with wrong direction
0 input multicast echo packets discarded
13 input packets from unassociated station discarded
0 input encrypted packets without wep/wpa config discarded
34 input unencrypted packets with wep/wpa config discarded
0 input wep/wpa packets processing failed
16 input packet decapsulations failed
2 input management packets discarded
3 input control packets discarded
0 input packets with truncated rate set
0 input packets with missing elements
0 input packets with elements too big
0 input packets with elements too small
11 input packets with invalid channel
241 input packets with mismatched channel
0 node allocations failed
161 input packets with mismatched ssid
0 input packets with unsupported auth algorithm
0 input authentications failed
0 input associations from wrong bssid
0 input associations without authentication
0 input associations with mismatched capabilities
0 input associations without matching rates
0 input associations with bad rsn ie
1 input deauthentication packet
8 input disassociation packets
0 input packets with unknown subtype
0 input packets failed for lack of mbufs
0 input decryptions failed on crc
0 input ahdemo management packets discarded
0 input packets with bad auth request
4 input eapol-key packets
0 input eapol-key packets with bad mic
0 input eapol-key packets replayed
0 input packets with bad tkip mic
0 input tkip mic failure notifications
0 input packets on unauthenticated port
0 output packets failed for lack of mbufs
15 output packets failed for no nodes
0 output packets of unknown management type
1 output packet on unauthenticated port
1 active scan started
2 passive scans started
6 nodes timed out
0 failures with no memory for crypto ctx
0 ccmp decryption errors
0 ccmp replayed frames
0 cmac icv errors
0 cmac replayed frames
0 tkip icv errors
0 tkip replays
0 pbac errors
0 HT negotiation failures because peer does not support MCS 0-7
0 HT negotiation failures because we do not support basic MCS set
0 HT negotiation failures because peer uses bad crypto
0 HT protection changes
0 new input block ack agreements
0 new output block ack agreements
0 input frames below block ack window start
0 input frames above block ack window end
0 input block ack window slides
0 input block ack window jumps
0 duplicate input block ack frames
0 expected input block ack frames never arrived
0 input block ack window gaps timed out
0 input block ack agreements timed out
0 output block ack agreements timed out
# netstat -I ath0
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Colls
ath0 1500 <Link> 00:0b:6b:23:35:a5 6708 47 4241 16 0
--
Stefan Ott
http://www.ott.net/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic