From: James Prestwood <prestwoj@gmail.com>
To: KeithG <ys3al35l@gmail.com>
Cc: Denis Kenzior <denkenz@gmail.com>, iwd@lists.linux.dev
Subject: Re: brcmfmac SAE/WPA3 negotiation - Part 2
Date: Tue, 28 Jan 2025 10:06:13 -0800 [thread overview]
Message-ID: <fdc44a38-27d4-4dd5-993f-318c8ce52202@gmail.com> (raw)
In-Reply-To: <CAG17S_MxYjoYBGmNDPPuVUTBfRmksfiJ4X==SAPF+6Hz3j8eKg@mail.gmail.com>
Hi Keith,
On 1/27/25 8:47 PM, KeithG wrote:
> James,
>
> I patched the latest iwd-git. First time after reboot, it will
> connect. If I remove the config in connman:
> connmanctl
> config wifi_blah_blah --remove
> then try again:
> connect wifi_blah_blah
> it will not connect and I get the error:
>
> Jan 27 22:24:01 Pi4 kernel: ieee80211 phy0:
> brcmf_cfg80211_external_auth: External authentication failed: status=1
>
> It will not get a DHCP address.
>
> When I add the directive in the main.conf, even with this patch, it
> seems to connect every time.
> DisablePMKSA=true
Thanks for testing this. I've got yet another patch which should avoid
the need to use DisablePMKSA anymore. If you have a chance to try it out
to confirm that would be appreciated. Again, remove the DisablePMKSA
option for this test and IWD _should_ be able to connect/reconnect
without an issue.
Thanks,
James
>
> Keith
>
> On Mon, Jan 27, 2025 at 10:21 AM James Prestwood <prestwoj@gmail.com> wrote:
>> Hi Keith,
>>
>> On 1/27/25 7:09 AM, KeithG wrote:
>>> I just tried this and it connected 2x once from a saved key and a
>>> second time from a new key.
>>> Will continue testing and let you know, but this may be it!
>>> Thanks so much for all the support.
>> Would you mind testing the latest RFC patch I put on the mailing list?
>> Please remove the DisablePMKSA option in main.conf with that patch. I'd
>> like to see if PMKSA will actually function with brcmfmac without
>> external auth, or if we're stuck disabling it entirely.
>>
>> Thanks,
>>
>> James
>>
>>> On Mon, Jan 27, 2025 at 8:29 AM James Prestwood <prestwoj@gmail.com> wrote:
>>>> Hi Keith,
>>>>
>>>> On 1/25/25 8:37 AM, KeithG wrote:
>>>>
>>>> <snip>
>>>>>> With wpa_supplincant, before the AP sends the 'PAE:', we get this
>>>>>> which is not in any of the iwmon logs with iwd:
>>>>>> < Request: Set PMKSA (0x34) len 92 [ack] 14.561627
>>>>>> Interface Index: 3 (0x00000003)
>>>>>> PMKID: len 16
>>>>>> 05 cb 9d 0d 9a c6 7c 42 77 b5 d2 23 f0 62 f7 4d ......|Bw..#.b.M
>>>>>> MAC Address D8:3A:DD:60:A3:0C
>>>>>> Unknown: 287 len 4
>>>>>> c0 a8 00 00 ....
>>>>>> Unknown: 288 len 1
>>>>>> 46 F
>>>>>> PMK: 254 len 32
>>>>>> 35 28 07 cb 94 de 82 e7 0a 5c 73 d3 e4 1f 88 ae 5(.......\s.....
>>>>>> 74 84 82 66 86 8d b5 aa 79 cb 75 d9 75 8d da 3a t..f....y.u.u..:
>>>>>>> Response: Set PMKSA (0x34) len 4 [0x100] 14.562171
>>>>>> Status: Success (0)
>>>>>>
>>>>>> Is there any more info or help I can provide?
>>>> Looks like the only difference between IWD working and not working is
>>>> when it includes the PMKID. This is due to the new PMKSA feature which
>>>> looks like it requires some extra work on brcmfmac (using SET_PMKSA).
>>>> Try disabling PMKSA in main.conf with:
>>>>
>>>> [General].DisablePMKSA=true
>>>>
>>>> This should hopefully get IWD reliably connecting.
>>>>
>>>> Thanks,
>>>>
>>>> James
>>>>
prev parent reply other threads:[~2025-01-28 18:06 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAG17S_OwtNxetb7XzsxkZcygH_CWkZx15evQZkThb3WjqpiKTQ@mail.gmail.com>
[not found] ` <CAG17S_NVmXZsAShc1VFh6iTgtT30CdHSBNxhmT=xs4q41--tcw@mail.gmail.com>
[not found] ` <fc4c196b-1f55-43a0-90ac-ca282aa6eb7d@gmail.com>
[not found] ` <CAG17S_O7rJLXiLv8OcRaoxQWu4jk=L_ut3HpY7BbwkSbRfMWjA@mail.gmail.com>
[not found] ` <c586f9fe-e1f8-44dd-a867-ec21c78c7de9@gmail.com>
[not found] ` <CAG17S_N6Gw1G8e5dh_1cm3P2DNt_gSbQSAKWd27hvpMZui4yxg@mail.gmail.com>
[not found] ` <CAG17S_NgkTQ5wT5nb=6FZZ9gnVMTqOWfWJve47JmfOoVAHZy8A@mail.gmail.com>
[not found] ` <CAG17S_Oq+RGOZpE+xa-CV8=VtmJu7G8GWxfVYqg1edEG9wC+yA@mail.gmail.com>
[not found] ` <CAG17S_NdA9LdwmA_XfvPOVrhCdqp+BOtAssH0=RE-VSjg=WFnA@mail.gmail.com>
[not found] ` <CAG17S_O6Bpc+JhhUuDvE70a+ef9wt9D7jG1gMJDNo1qZCUOg8w@mail.gmail.com>
[not found] ` <194115affe0.279b.9b12b7fc0a3841636cfb5e919b41b954@broadcom.com>
[not found] ` <CAG17S_O7HbPFB0gubWWP9P-Oecps8K_LG0Y7YDo5DbNGKSLjpA@mail.gmail.com>
[not found] ` <CAG17S_MwJC+h7O-htyUxEgB4zHKeGf+9B4QaQ6ZLiVStU_Egkw@mail.gmail.com>
[not found] ` <CAG17S_NfqFjjaWj6vGS1HXux6JDy0QKcg8aQAR=aOzNGhO0a3w@mail.gmail.com>
[not found] ` <eace9233-1b65-4793-8abe-abd3c640dba8@gmail.com>
[not found] ` <CAG17S_MfQ+FjWQJoiNs30rt4u1O9Z_FXFB7BiS6RAQsG9ReNkA@mail.gmail.com>
[not found] ` <CAG17S_OigLj3j=tS2BKYpoKOWKVs=XOBS-YFn26SzF9r+ZpLzA@mail.gmail.com>
2025-01-25 16:37 ` brcmfmac SAE/WPA3 negotiation - Part 2 KeithG
2025-01-27 14:28 ` James Prestwood
2025-01-27 15:09 ` KeithG
2025-01-27 15:20 ` James Prestwood
2025-01-27 16:21 ` James Prestwood
2025-01-28 4:47 ` KeithG
2025-01-28 18:06 ` James Prestwood [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fdc44a38-27d4-4dd5-993f-318c8ce52202@gmail.com \
--to=prestwoj@gmail.com \
--cc=denkenz@gmail.com \
--cc=iwd@lists.linux.dev \
--cc=ys3al35l@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox