Re: NM can't see WEP access point



On Thu, 2016-06-09 at 16:47 -0500, Dan Williams wrote:
On Thu, 2016-06-09 at 17:28 +0200, Bastien Nocera wrote:

On Thu, 2016-06-09 at 10:23 -0500, Dan Williams wrote:


On Thu, 2016-06-09 at 17:13 +0200, Bastien Nocera wrote:


On Thu, 2016-06-09 at 10:00 -0500, Dan Williams wrote:




<snip>



So I missed it before.  But your AP isn't actually set for
WEP,
it's
set for WPA/TKIP.  If it's actually using just WEP, you won't
see
any
of the RSN/WPA IEs in the beacon.
Still isn't right that it's not showing though, is it?
Yeah.  Can you 'nmcli g log', then:

nmcli g log level debug domains <output from 'g log'
domains>,WIFI_SCAN

and then turn on airplane mode, turn it off, and wait for a bit
until
you're sure the AP doesn't get found by NM.  Then send me the
logs
and
I'll take a look to see if I can figure out why NM doesn't find
it.
 If
the supplicant sees it, but NM does not, then there's an NM bug
somewhere.
Well, wpa_supplicant is throwing an error when you try to get the
RSN,
so I don't really expect NM to be able to process that access
point.
The AP's beacon indicates that it is using TSN (Transition Security
Network), since it's indicating WEP-104 as the group cipher (00 0f ac
05).  It looks like wpa_supplicant tries to handle that in some
places,
but ultimately the IE parsing in wpa_parse_wpa_ie_rsn() doesn't allow
that, so the IE won't parse, and the supplicant wouldn't allow
assocaiting to that network either.

So it's a bug in the supplicant for TSN networks.  For other testing,
try disabling RSN/WPA2?  If the AP allows a "WEP-only" mode that's
what
I'd use.  You want *nothing* in the beacon that indicates RSN or WPA
capabilities.

Jouni confirmed that there is a bug in the supplicant.  The
commit ce8963fc9f197771cd51ba2834fbdf711189641a ('Remove WEP40/WEP104
cipher suite support for WPA/WPA2') appears to have broken this
functionality (where the AP advertises WEP support in WPA/RSN IEs), but
it will still work for WEP-only APs.  Not sure what his solution will
be, since this behavior (TSN) is technically allowed by the standards
for WPA1 (but not necessarily for WPA2/RSN, I believe).

We should likely also modify NM to not reject the AP if the RSN IE
fails to parse, but to simply ignore WPA2/RSN on that AP and only allow
using TKIP, if present.  If the RSN IE fails to parse and the AP does
not support TKIP, then NM should correctly reject the AP, since RSN+WEP
is not really a valid mode.

Dan


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]