ODP: Ampak AP6356S with WPA3

From: Piotr Lobacz <piotr lobacz softgent com>
To: Alan Tu <8libra gmail com>
Cc: "networkmanager-list gnome org" <networkmanager-list gnome org>
Subject: ODP: Ampak AP6356S with WPA3
Date: Sat, 2 Oct 2021 23:20:19 +0000

One more thing, setting the logging level to trace in NetworkManager causes also problems with the connection... , but i have seen one difference in establishing the connection using Edit a connection and Activate a connection. The difference was in config, when i was using Edit... from nmtui there was no auth_alg parameter. In other case it was and it was assigned to OPEN.

Piotr

Od: Piotr Lobacz <piotr lobacz softgent com>
Wysłane: niedziela, 3 października 2021 00:50
Do: Alan Tu <8libra gmail com>
DW: networkmanager-list gnome org <networkmanager-list gnome org>
Temat: ODP: Ampak AP6356S with WPA3

Hi Alan,

thx for quick reply. In fact i have made some few more tests and it occurs that there is something wrong with auth_type detection. When i'm adding the connection manualy in nmtui and setting the Security parameter to WPA3 Personal for AP with only WPA3 support the connection is being established with no problem. Problem occurs when i'm trying to establish connection chosing the AP from the list in nmtui. Now i don't know if AP possible auth types are being being detected by NM, driver or wpa_supplicant. But this is the appropriate problem of this issue - authentication type detection is broken... If someone could point me on the right direction together we could solve the issue.

Piotr Łobacz

Od: Alan Tu <8libra gmail com>
Wysłane: niedziela, 3 października 2021 00:05
Do: Piotr Lobacz <piotr lobacz softgent com>
DW: networkmanager-list gnome org <networkmanager-list gnome org>
Temat: Re: Ampak AP6356S with WPA3

Piotr, I don't have experience with your specific problem, but I had a tricky NM and wpasupplicant issue. I had to turn on debug and logging for both. This is how I did it on my Debian system, instructions will have to be adapted to other distributions but this could provide a guide to you.

This is how to turn on full logging for NetworkManager and wpa_supplicant, at least under current versions of Debian.

(a) Set the logging level to trace in NetworkManager. Add this stanza to /etc/NetworkManager/NetworkManager.conf:

[logging]

level=trace

(b) Turn on debug level logging in wpa_supplicant. Edit /lib/systemd/system/wpa_supplicant.service:

Edit the command line in the ExecStart option to add -ddd as an argument.

Set RateLimitBurst=0

Restart everything for the nm, wpasupplicant and journald changes to take affect.

After collecting the logs for analysis, revert all these changes for normal operation.

Sent from my iPhone

On Oct 2, 2021, at 12:44, Piotr Lobacz <piotr lobacz softgent com> wrote:

Ok i have sucessfully found, why this problem occurs. When you look at these two log files you will find that when DEAUTH_LEAVING error occurs on wpa_supplicant with NM case, because of wrong AUTH_TYPE being set. For SAE it should be set to value 4, just like it is in wpa_supplicant-2.9/src/drivers/nl80211_copy.h enum nl80211_auth_type as NL80211_AUTHTYPE_SAE, but for some reason it is NL80211_AUTHTYPE_OPEN_SYSTEM and because of this i am unable to establish a connection.

I think that something is wrong in NM, but currently i don't know even where to look....

BR

Piotr Łobacz

Od: Piotr Lobacz
Wysłane: sobota, 2 października 2021 03:48
Do: networkmanager-list gnome org <networkmanager-list gnome org>
Temat: Ampak AP6356S with WPA3

Hi all,

I am using firefly-rk3399 board with Ampak AP6356S wifi chip. The kernel is mainline 5.4.18 release with patches from cypress/infineon for wpa3 feature. I'm running on buildroot 2018.08 mainline release with systemd-249.1, wpa-supplicant-2.9 and network-manager-1.32.2. The problem i have observed using NM is that if i have mi AP set to WPA2/WPA3 the connection is being established by default using WPA2 not WPA3 encryption scheme. If add by myself a WPA3 connection to given ssid it doesn't connect, just keep asking me for network password. Connection to network with WPA3 works after first connection with the usage of WPA2. Than i can even modify my AP to be only WPA3 and connection is being established.

If i try to establish the connection straightforward to WPA3 i'm getting a request to deauthenticate which looks like this:

....
Oct 02 01:05:07 firefly-rk3399 wpa_supplicant[586]: nl80211: Connect request send successfully
Oct 02 01:05:07 firefly-rk3399 wpa_supplicant[586]: wlan0: Setting authentication timeout: 10 sec 0 usec

Oct 02 01:05:07 firefly-rk3399 wpa_supplicant[586]: EAPOL: External notification - EAP success=0

Oct 02 01:05:07 firefly-rk3399 wpa_supplicant[586]: EAPOL: External notification - EAP fail=0

Oct 02 01:05:07 firefly-rk3399 wpa_supplicant[586]: EAPOL: External notification - portControl=Auto

Oct 02 01:05:07 firefly-rk3399 wpa_supplicant[586]: dbus: flush_object_timeout_handler: Timeout - sending changed properties of object /fi/w1/wpa_supplicant1/Interfaces/0

Oct 02 01:05:07 firefly-rk3399 wpa_supplicant[586]: dbus: flush_object_timeout_handler: Timeout - sending changed properties of object /fi/w1/wpa_supplicant1/Interfaces/0/BSSs/0

Oct 02 01:05:07 firefly-rk3399 wpa_supplicant[586]: dbus: flush_object_timeout_handler: Timeout - sending changed properties of object /fi/w1/wpa_supplicant1/Interfaces/0/BSSs/1

Oct 02 01:05:07 firefly-rk3399 wpa_supplicant[586]: dbus: flush_object_timeout_handler: Timeout - sending changed properties of object /fi/w1/wpa_supplicant1/Interfaces/0/BSSs/7

Oct 02 01:05:07 firefly-rk3399 wpa_supplicant[586]: dbus: flush_object_timeout_handler: Timeout - sending changed properties of object /fi/w1/wpa_supplicant1/Interfaces/0/BSSs/2

Oct 02 01:05:07 firefly-rk3399 wpa_supplicant[586]: dbus: flush_object_timeout_handler: Timeout - sending changed properties of object /fi/w1/wpa_supplicant1/Interfaces/0/BSSs/3

Oct 02 01:05:07 firefly-rk3399 wpa_supplicant[586]: dbus: flush_object_timeout_handler: Timeout - sending changed properties of object /fi/w1/wpa_supplicant1/Interfaces/0/BSSs/8

Oct 02 01:05:07 firefly-rk3399 wpa_supplicant[586]: dbus: flush_object_timeout_handler: Timeout - sending changed properties of object /fi/w1/wpa_supplicant1/Interfaces/0/BSSs/4

Oct 02 01:05:09 firefly-rk3399 wpa_supplicant[586]: dbus: fi.w1.wpa_supplicant1.Interface.Disconnect (/fi/w1/wpa_supplicant1/Interfaces/0) []

Oct 02 01:05:09 firefly-rk3399 wpa_supplicant[586]: wlan0: Cancelling scan request

Oct 02 01:05:09 firefly-rk3399 wpa_supplicant[586]: wlan0: Request to deauthenticate - bssid=00:00:00:00:00:00 pending_bssid=c0:c9:e3:3b:64:e2 reason=3 (DEAUTH_LEAVING) state=ASSOCIATING

Oct 02 01:05:09 firefly-rk3399 wpa_supplicant[586]: wpa_driver_nl80211_disconnect(reason_code=3)

Oct 02 01:05:09 firefly-rk3399 wpa_supplicant[586]: nl80211: Ignored event 127 (NL80211_CMD_EXTERNAL_AUTH) for foreign interface (ifindex 3 wdev 0x0)

Oct 02 01:05:09 firefly-rk3399 wpa_supplicant[586]: nl80211: Drv Event 127 (NL80211_CMD_EXTERNAL_AUTH) received for wlan0

Oct 02 01:05:09 firefly-rk3399 wpa_supplicant[586]: wlan0: nl80211: Ignored unknown event (cmd=127)

Oct 02 01:05:09 firefly-rk3399 wpa_supplicant[586]: wlan0: Event DEAUTH (11) received

Oct 02 01:05:09 firefly-rk3399 wpa_supplicant[586]: wlan0: Deauthentication notification

Oct 02 01:05:09 firefly-rk3399 wpa_supplicant[586]: wlan0: * reason 3 (DEAUTH_LEAVING) locally_generated=1

Oct 02 01:05:09 firefly-rk3399 wpa_supplicant[586]: Deauthentication frame IE(s) - hexdump(len=0): [NULL]
Oct 02 01:05:09 firefly-rk3399 wpa_supplicant[586]: wlan0: CTRL-EVENT-DISCONNECTED bssid=c0:c9:e3:3b:64:e2 reason=3 locally_generated=1

...

Btw. if i'm using wpa_supplicant without the usage of NM and systemd just simply by making my wpa_supplicant.conf file:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev

eapol_version=1

ap_scan=1

fast_reauth=1

country=PL

pmf=1

network={

ssid="OpenWrt"

proto=RSN

key_mgmt=SAE

sae_password="12345678"
}

and running it by command:

wpa_supplicant -c wpa_supplicant.conf -dd -i wlan0 &

I can see that connection is being established without any issue what you can see in the attached file wpa_supplicant-without-nm-logfile.txt. I'm also attaching a logfile from wpa_supplicant if connection is being performed with NM - wpa_supplicant-with-nm-logfile.txt. The difference between these two files is after EAPOL: External notification - portControl=Auto call. With the usage of NM a dbus flush_object_timeout_handler with Timeout is being called which i suspect breakes the authentication and DEAUTH_LEAVING is returned.

Now the question is, what what can cause this situation?

BR

Piotr Łobacz

Softgent Sp. z o.o., Budowlanych 31d, 80-298 Gdansk, POLAND

KRS: 0000674406, NIP: 9581679801, REGON: 367090912
www.softgent.com
Sąd Rejonowy Gdańsk-Północ w Gdańsku, VII Wydział Gospodarczy Krajowego Rejestru Sądowego

KRS 0000674406, Kapitał zakładowy: 25 000,00 zł wpłacony w całości.

Jesteśmy uczestnikiem Programu
RZETELNA Firma
Sprawdź naszą rzetelność na
https://www.rzetelnafirma.pl/F5IA32UW
_______________________________________________
networkmanager-list mailing list
networkmanager-list gnome org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Follow-Ups:
- Re: ODP: Ampak AP6356S with WPA3
  - From: Beniamino Galvani

References:
- ODP: Ampak AP6356S with WPA3
  - From: Piotr Lobacz
- Re: Ampak AP6356S with WPA3
  - From: Alan Tu
- ODP: Ampak AP6356S with WPA3
  - From: Piotr Lobacz

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]