bin/128001: wpa_supplicant(8), wlan(4), and wi(4) issues

David Wolfskill david at catwhisker.org
Fri Oct 10 14:20:11 UTC 2008 

>Number:         128001
>Category:       bin
>Synopsis:       wpa_supplicant(8), wlan(4), and wi(4) issues
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 10 14:20:10 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     David Wolfskill
>Release:        FreeBSD 8.0-CURRENT i386
>Organization:
Woflskill & Dowling Residence
>Environment:
System: FreeBSD g1-37.catwhisker.org 8.0-CURRENT FreeBSD 8.0-CURRENT #829: Thu Oct  9 17:04:36 PDT 2008     root at localhost:/common/S4/obj/usr/src/sys/CANARY  i386

>Description:
	wpa_supplicant(8) fails to properly associate with a WEP-only
	access point, and its man page fails to document command-line
	arguments with which it is invoked by default on a FreeBSD system.
>How-To-Repeat:
	For the former, set up an access point to use WEP.  In my case, I
	have a couple of access points, one on channel 1; the other
	on channel 11, each of which uses the same static WEP key and the same
	list of permitted MAC addresses for clients.  Each uses the same
	SSID, and neither broadcasts it.

	This has worked well for years for plain WEP, and it still works for
	an an(4) device, as seen in the following ifconfig(8) output:

g1-37(8.0-C)[1] ifconfig
xl0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=9<RXCSUM,VLAN_MTU>
        ether 00:08:74:e9:c9:41
        media: Ethernet autoselect (none)
        status: no carrier
fwe0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 42:4f:c0:2c:30:41
        ch 1 dma -1
fwip0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        lladdr 42.4f.c0.0.7.2c.30.41.a.2.ff.fe.0.0.0.0
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 
        inet6 ::1 prefixlen 128 
        inet 127.0.0.1 netmask 0xff000000 
wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 2290
        ether 00:02:2d:5b:2c:78
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11b
        status: associated
an0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:40:96:40:5d:44
        inet 172.17.1.37 netmask 0xffff0000 broadcast 172.17.255.255
        media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps)
        status: associated
        ssid  1:lmdhw-net channel 1 (2412 Mhz 11b)
        stationname FreeBSD
        authmode OPEN privacy ON deftxkey 1 txpower 0 rtsthreshold 0
        fragthreshold 0 bmiss 0 ucastrate 0 mcastrate 0 mgmtrate 0 maxretry 0
        roaming DEVICE bintval 0
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:02:2d:5b:2c:78
        media: IEEE 802.11 Wireless Ethernet DS/2Mbps mode 11b
        status: associated
        ssid "" channel 3 (2422 Mhz 11b) bssid 00:02:2d:5b:2c:78
        country US authmode WPA1+WPA2/802.11i privacy ON deftxkey UNDEF
        txpower 0 bmiss 7 scanvalid 60 roaming MANUAL bintval 0
g1-37(8.0-C)[2] ancontrol -S | grep -i bssid
Current BSSID:          [ 00:04:5a:cd:d4:17 ]
g1-37(8.0-C)[3] 

	The highest-priority stanza in /etc/wpa_supplicant.conf -- slightly
	redacted (to hide the static WEP key) reads:

network={
        ssid="lmdhw-net"
        scan_ssid=1
        key_mgmt=NONE
        wep_tx_keyidx=0
        wep_key0=fedcba9876
        auth_alg=OPEN
        group=WEP40
        priority=127
}

	but as you see above, the wi0 NIC claims to be associated with 
	some other access point.

	The wi0 NIC in question works -- without the assistance of
	wpa_supplicant -- in the same environment when the same
	machine is running RELENG_6, so it isn't merely a matter
	of the access points not being configured to accept the MAC
	address of the NIC.

	Also, as I was preparing to try to debug this, I checked the
	curently-running wpa_supplicant process and saw:

g1-37(8.0-C)[3] ps ax | grep wpa
  529  ??  Ss     0:00.50 /usr/sbin/wpa_supplicant -s -B -i wlan0 -c /etc/wpa_supplicant.conf -D bsd -P /var/run/wpa_supplicant
  g1-37(8.0-C)[4] 

	but the wpa_supplicant man page does not document the -D or -P
	options:

g1-37(8.0-C)[5] man wpa_supplicant | egrep -- '-(s|B|D|P)'
     wpa_supplicant [-BdehLqsvw] -i ifname -c config-file
     -s      Send log messages through syslog(3) instead of to the terminal.
     -B      Detach from the controlling terminal and run as a daemon process
g1-37(8.0-C)[6] 

>Fix:
	Use a different NIC, though that isn't an attractive option,
	and may not always be feasible.

	I'll be happy to test.
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list