From: Jan Hendrik Farr <kernel@jfarr.cc>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: James Prestwood <prestwoj@gmail.com>,
linux-wireless@vger.kernel.org,
Miri Korenblit <miriam.rachel.korenblit@intel.com>,
iwd@lists.linux.dev
Subject: Re: wifi: iwlwifi: SAE fails when AP sends confirm before STA
Date: Tue, 13 May 2025 13:29:12 +0200 [thread overview]
Message-ID: <aCMtCCYtNNl4dL5Q@archlinux> (raw)
In-Reply-To: <8a1c5172bc0fd9d2a33522294d1a2a4c4ceb313a.camel@sipsolutions.net>
On 13 09:35:13, Johannes Berg wrote:
> On Fri, 2025-05-09 at 22:42 +0200, Jan Hendrik Farr wrote:
> > > Could you do trace and sniffer at the same time? According to the trace
> > > there was no authentication frame from the AP. In the sniffer capture it
> > > _is_ there, of course, but I'd like to look at the timing.
> >
> >
> > Ok, I did another capture.
> >
> > 1. iwd only knows credentials for a single SSID: kepler_test
> > 2. kepler_test is the only SSID broadcasting on 6GHz channel 37 (or any
> > 6GHz channel)
> > 3. I captured 802.11 frames using a second device
> > 4. I did a trace on the client in question
> > 5. I captured dmesg and iwd logs
> > 6. All captures were done simultaneously
> >
>
> I'm confused now, this all looks fine from a driver perspective.
>
> We send SAE commit, receive SAE commit, send SAE confirm, never receive
> a response. There's no response in sniffer nor tracing data, so that
> matches up. There are a couple of retries of the confirm response, but
> that seems OK.
There is a an SAE confirm sent by the AP. It's frame 170 in
capture2.pcapng. It's also retried a number of times after that.
There is however no ACK from the client in response to it and it also never
shows up in iwd.
The SAE confirm by the AP (frame 170) is before the SAE confirm by the
STA (frame 174) however. In all cases where the connection actually
works (maybe every 10th attempt or so) this happens to be in the
opposite order (first SAE confirm by the STA, then SAE confirm
by the AP). This is making me think that the order is causing
this issue somewhere in the stack.
The spec [1] seems to allow the SAE confirms to come in any order.
12.4.5.1 says that "[a] party confirms after it has committed and its peer
has committed". So the AP does not have to wait for the confrim from STA
before sending it's own confirm.
[1] https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7786995
Best Regards
Jan
>
> Seems like maybe iwd builds an SAE confirm that the AP doesn't like, try
> wpa_supplicant I guess.
>
> johannes
next prev parent reply other threads:[~2025-05-13 11:29 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-09 12:24 wifi: iwlwifi: SAE fails when AP sends confirm before STA Jan Hendrik Farr
2025-05-09 13:12 ` James Prestwood
2025-05-09 13:45 ` Jan Hendrik Farr
2025-05-09 14:10 ` James Prestwood
2025-05-09 15:37 ` Jan Hendrik Farr
2025-05-09 18:39 ` Johannes Berg
2025-05-09 20:42 ` Jan Hendrik Farr
2025-05-12 20:52 ` Jan Hendrik Farr
2025-05-12 21:20 ` Jan Hendrik Farr
2025-05-13 7:35 ` Johannes Berg
2025-05-13 11:29 ` Jan Hendrik Farr [this message]
2025-05-13 11:46 ` Johannes Berg
2025-05-13 11:56 ` Jan Hendrik Farr
2025-05-13 16:33 ` Jan Hendrik Farr
2025-05-13 17:07 ` Johannes Berg
2025-05-13 17:36 ` Jan Hendrik Farr
2025-05-13 17:45 ` Johannes Berg
2025-05-15 12:36 ` Jan Hendrik Farr
2025-05-15 12:40 ` Johannes Berg
2025-05-13 14:03 ` Denis Kenzior
2025-05-13 14:19 ` Jan Hendrik Farr
2025-05-13 14:25 ` Jan Hendrik Farr
2025-05-13 14:53 ` Johannes Berg
2025-05-13 15:04 ` Denis Kenzior
2025-05-13 15:14 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aCMtCCYtNNl4dL5Q@archlinux \
--to=kernel@jfarr.cc \
--cc=iwd@lists.linux.dev \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=miriam.rachel.korenblit@intel.com \
--cc=prestwoj@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox