-
Notifications
You must be signed in to change notification settings - Fork 104
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BCM4345 (Rpi 3+,Rpi 4 ) - CTRL-EVENT-ASSOC-REJECT on WPA2 AP when using SWSUP and brcmfmac #34
Comments
Is this not just an aspect of raspberrypi/linux#3619, namely that our kernel trees don't currently support WPA3? |
After looking at the issue you mentionned, I can't be sure it's related, and I suspect it is not because the APs I tried to connect to where using neither WPA3 or 80211w/MFP to my knowledge. AP sideThe APs where configured via NetworkManager's CLI interface nmcli con add type wifi ifname wlo1 con-name $SSID autoconnect yes ssid $SSID
nmcli con modify $SSID 802-11-wireless.mode ap 802-11-wireless.band bg ipv4.method shared
nmcli con modify $SSID wifi-sec.key-mgmt wpa-psk # would have value 'sae' for WPA3
nmcli con modify $SSID 802-11-wireless-security.proto rsn
nmcli con modify $SSID 802-11-wireless-security.pairwise ccmp
nmcli con modify $SSID wifi-sec.psk $PASSWD
# Would have to use
# nmcli con modify $SSID 802-11-wireless-security.pmf 1
# to enable 'ieee80211w/MFP'
nmcli radio wifi on
nmcli con up $SSID
(I also tried without setting RSN/CCMP) Networkmanager's logs show no request coming from the RPI, Hardware wise, I tested setting an AP with a Intel Wireless 7265, a Realtek RT8821CU and an Intel Wireless-n 2200, all of which gave the same results. brcmfmac debug=2On the client side, running 'brcmfmac' with In 'dmesg_debug2_notworking.log', circa l.1128 :
The logs are attached below. wpa_supplicantIn the RPI's 'wpa_supplicant.conf' :
Running
where as it seems to loop back to an earlier initialization stage when not using the options :
Log files :DMESG with brcmfmac option debug=2 ( not connecting to AP )DMESG with brcmfmac option debug=2 roamoff=1 feature_disable=0x82000 ( connecting to AP )dmesg_debug2_roamoff_feat_disable.log wpa_supplicant log with brcmfmac option debug=2 ( not connecting to AP )wpa_supplicant log with brcmfmac option debug=2 roamoff=1 feature_disable=0x82000 ( connecting to AP ) |
@pelwell Do I understand correctly that WPA3 support is not available in Pi version of Linux kernel https://github.com/raspberrypi/linux and even using external USB wi-fi module with some other than 'brcmfmac' driver won't help? |
No, just the brcmfmac used by onboard WiFi interfaces, which is what this issue is about. |
@pelwell : If this was an issue with WPA3 support not being available in the kernel, which resulted in not being able to connect to an AP, even when that AP is not using/enabling WPA3, wouldn't that issue hit a lot more people, i.e ; every raspios user ? |
That doesn't make a lot of sense. I think what the original launchpad(*) bug reporter was saying is that if the AP has WPA3/SAE enabled then there are connection problems, regardless of whether or not wpa_supplicant is configured to use it. That's not something I've experienced or even heard of before. (*) That's not a recognised place to report problems of any kind with Raspberry Pi devices. |
I've since found this page that shed a bit of light on the matter : https://iwd.wiki.kernel.org/offloading
Regarding the specific
Another bug report is mentionned in the linked page : https://lore.kernel.org/linux-wireless/e1ff2a8eef465eaa76e8d00503d04e0fdd61a878.camel@gmail.com/ Particurlarly :
In my case, there are no WPA3 enabled AP anywhere near me, so it looks like offloading the 4-way handshake is needed even for WPA2 in this particular case, i.e : the bug is triggered even without using SAE in the first place. |
After fiddling a bit more, I've narrowed down the issue to the FWSUP ( authentication offloading) and confirmed that disabling that only with :
(that's '0x02000' vs '0x82000' earlier ) solves the issue. I'll edit the title to reflect that. As mentionned in the post above, using '0x82000' is recommended while the bug triggered by SAE exists, if you want to be on the safe side. |
Thanks for doing some digging on this. As I mentioned above, I've not hit this myself or heard of anyone else doing so until this issue was created. It's going to take me a while to find the time to fully understand the issues, but it does sound like we should consider adding a module .conf file (in |
Great, let me know if I can be of any help with tests/logs, etc. |
OK, I'm more up to speed now. From the iwd wiki page:
I tend to agree. There does seem to be a problem with the 43455 firmware, but so far it has only been reported by a very small number of users. The situation might change if a consumer AP was found to trigger the issue, but for now I feel that a page documenting the workaround is the right way to go. Which is what we have here, thanks to your efforts. |
I have this problem on both WPA2 and WPA3 connecting to a Netgear R6220. Even when connecting to NET1, it does not work. The AP receives invalid password. |
Anyway, does it have the solution now? My RPi3's WiFi is not working...
|
Yes, as my first message states, there is a workaround if you're encountering this specific issue:
|
EDIT: If you want to skip the noise / TL;DR, see my comment at the bottom. The culprit here is SWSUP (authentication offloading to the firmware). Disabling it fixes things.
Hi,
I've encountered
the buga bug similar to the one described here : https://bugs.launchpad.net/raspbian/+bug/1929746 on a RPI 3A+ and a RPI 4B, using raspios bullseye (2022-09-22-raspios-bullseye-arm64-lite.img.xz). With both availablefirmware-brcm80211
versions ( 1:20221012-1~bpo11+1+rpt1 and 20210315-3 ), the bug exists.Bug description
Upon trying to connect to a wifi AP from a RPI 3A+ or RPI 4B (BCM4345), the association fails with
CTRL-EVENT-ASSOC-REJECT
error messages :I tested this with 3 different APs, with various channels and regulatory regions and still obtain the same result. No sign of any request in the AP logs.
Swapping the SD card to a RPI 3 (BCM4343), the connection is working flawlessly.
Workaround
As per the original bug report's author suggestion, disabling SAE and/or SWSUP solves the issue :
I can confirm that after setting those drivers options in
/etc/modprobe.d/
, the issue disappeared on both 3A+ and 4B. Furthermore, it did not prevent my Rpi 3B (sans +) to connect normally.I did try to use each setting on it's own but only the combination of those solved the issue.
Questions
I have yet to find any documentation as to the0x82000
part and what exact features it points to ( Does it disable both SAE and SWSUP at once ? ) Maybe only SWSUP is the issue here ? I did not find documentation regarding SWSUP, no idea how the original author deduced it was part of the culprit. If anyone has knowledge to share on this, it would be nice !See this page for informations on that
0x82000
value : https://iwd.wiki.kernel.org/offloadingNote : I'm aware of #9 but it seems that it was resolved by upgrading to wpasupplicant 2.9 and I'm using 2:2.9.0-21.
System infos
As well as the original bug's author, I'm using
dtoverlay=disable-bt
in 'config.txt'.Kernel:
Broadcom fw :
Rpi fw:
wpa_cli version:
dhcpcd version:
Wpa_supplicant version:
firmware-brcm80211 version :
The text was updated successfully, but these errors were encountered: