Earliest failing kernel version: 2.6.25.1-12 Hardware Environment: Wrap2c, ubiquitiSR5, routerboard532, dlink dwl-660 Software Environment: Openwrt Problem Description: [img]http://s51.radikal.ru/i133/0808/f3/aab421cf73c9.jpg[/img] Hi all !!! systems: openwrt(ap): trunk 12065, wrap2c ubiquiti SR5 openwrt2(sta): trunk 12065, rb532 ubiquiti SR5 linux machine: Ubuntu 7.10 server, vlan up, all work connection permanently without any breaks, ping stable, BUT! PROBLEM: ping from sta linux machine-> root@OpenWrt:/home# ping 172.16.0.1 PING 172.16.0.1 (172.16.0.1): 56 data bytes 64 bytes from 172.16.0.1: seq=0 ttl=64 time=5.800 ms 64 bytes from 172.16.0.1: seq=1 ttl=64 time=1.486 ms ping from linux machine to sta-> root@fw:~# ping 172.16.0.2 PING 172.16.0.2 (172.16.0.2) 56(84) bytes of data. 64 bytes from 172.16.0.2: icmp_seq=1 ttl=64 time=1.48 ms 64 bytes from 172.16.0.2: icmp_seq=2 ttl=64 time=1.35 ms after waiting ~ 2 minutes ping again from linux machine to sta-> root@fw:~# ping 172.16.0.2 PING 172.16.0.2 (172.16.0.2) 56(84) bytes of data. From 172.16.0.1 icmp_seq=2 Destination Host Unreachable From 172.16.0.1 icmp_seq=3 Destination Host Unreachable From 172.16.0.1 icmp_seq=4 Destination Host Unreachable & if i ping again from sta to linux machine root@OpenWrt:/home# ping 172.16.0.1 PING 172.16.0.1 (172.16.0.1): 56 data bytes 64 bytes from 172.16.0.1: seq=0 ttl=64 time=115.823 ms 64 bytes from 172.16.0.1: seq=1 ttl=64 time=1.503 ms 64 bytes from 172.16.0.1: seq=2 ttl=64 time=1.514 ms on linux machine From 172.16.0.1 icmp_seq=78 Destination Host Unreachable From 172.16.0.1 icmp_seq=79 Destination Host Unreachable From 172.16.0.1 icmp_seq=80 Destination Host Unreachable 64 bytes from 172.16.0.2: icmp_seq=81 ttl=64 time=415 ms 64 bytes from 172.16.0.2: icmp_seq=82 ttl=64 time=1.36 ms 64 bytes from 172.16.0.2: icmp_seq=83 ttl=64 time=1.56 ms 64 bytes from 172.16.0.2: icmp_seq=84 ttl=64 time=1.68 ms TO PROBLEM AGAIN: it looks like sta goes down & from linux machine i can't ping it. can't ping it & if i connect different client like notebook(winxp+atheros drivers) i try do something with bridge like -> # brctl setageing "bridgename" "time" it time of remove mac address from forwarding table. Try set long time in secs. or to 0, but it not help!!! Try remove from bridge ath0 interface & add in bridge only eth0+eth0.3 but problem repiated again! PLEASE HELP !!! ===================================================================== configs ===================================================================== root@OpenWrt:~# cat /etc/config/network # Copyright (C) 2006 OpenWrt.org config interface loopback option ifname lo option proto static option ipaddr 127.0.0.1 option netmask 255.0.0.0 config interface lan option ifname eth0 #option type bridge option proto static option ipaddr 10.0.2.100 option netmask 255.255.255.0 config interface vlan option ifname eth0.3 option type bridge option proto static option stp on[/code] root@OpenWrt:~# cat /etc/config/wireless config wifi-device wifi0 option type atheros option channel 52 config wifi-iface option device wifi0 option network vlan option mode ap option ssid OpenWrt2 #option isolate 1 option diversity 0 option txantenna 1 option rxantenna 1 option bursting 1 option wmm 1 option xr 1 option ar 1 ##for EAP/TLS option encryption wpa-mixed option wpa_key_mgmt WPA-EAP option own_ip_addr 10.0.2.200 option nas_indefender test.xxx.ru option radius_auth_server_addr 10.0.2.110 option radius_auth_server_port 1812 option radius_auth_server_secret 1 option radius_acct_server_addr 10.0.2.110 option radius_acct_server_port 1813 option radius_acct_server_secret 1 option eap_reauth_period 60 option wpa_gmk_rekey 600 option wpa_group_rekey 1 option wpa_strict_rekey 86400 root@OpenWrt:~# cat /etc/config/network # Copyright (C) 2006 OpenWrt.org config interface loopback option ifname lo option proto static option ipaddr 127.0.0.1 option netmask 255.0.0.0 config interface lan option ifname eth0 #option type bridge option proto static option ipaddr 10.0.3.110 option netmask 255.255.255.0 config interface wlan option ifname ath0 option proto static option ipaddr 172.16.0.2 option netmask 255.255.255.0 option gateway 172.16.0.1 root@OpenWrt:~# cat /etc/config/wireless config wifi-device wifi0 option type atheros option channel 52 config wifi-iface option device wifi0 option network wlan option mode sta option ssid OpenWrt2 option diversity 0 option rxantenna 1 option txantenna 1 option bursting 1 option wmm 1 option xr 1 option ar 1 ##for wpa_supplicant STA/WDS [eap/tls] option encryption WPA2 option supp_eapol_version 1 option supp_ap_scan 1 option supp_fast_reauth 1 option supp_scan_ssid 1 option supp_mode 0 option supp_key_mgmt WPA-EAP option supp_auth_alg OPEN option supp_group 3 option supp_pairwise 3 option supp_eap TLS option supp_identity user0001 option supp_ca_cert /etc/keys/best-ca.crt option supp_client_cert /etc/keys/user0001.crt option supp_private_key /etc/keys/user0001.key option supp_private_key_passwd ath0 IEEE 802.11a ESSID:"OpenWrt2" Nickname:"" Mode:Master Frequency:5.26 GHz Access Point: 00:80:48:xx:xx:xx Bit Rate:0 kb/s Tx-Power:17 dBm Sensitivity=1/1 Retry:off RTS thr:off Fragment thr:off Encryption key:8ADF-C7A6-5ED5-9F8E-B949-3C5D-E634-1194 [3] Security mode:open Power Management:off Link Quality=42/70 Signal level=-54 dBm Noise level=-96 dBm Rx invalid nwid:269 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0[/code] ath0 IEEE 802.11a ESSID:"OpenWrt2" Nickname:"" Mode:Managed Frequency:5.26 GHz Access Point: 00:80:48:xx:xx:xx Bit Rate:36 Mb/s Tx-Power:18 dBm Sensitivity=1/1 Retry:off RTS thr:off Fragment thr:off Encryption key:E3F1-D928-5BAC-D755-BB17-4008-4B51-6492 Security mode:restricted Power Management:off Link Quality=27/70 Signal level=-69 dBm Noise level=-96 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0[/code]
Something from linux machine strange behavior in arp table root@fw:~# arp -na ? (172.16.0.15) at <incomplete> on eth0.3 ? (10.0.2.15) at 00:13:8F:B7:54:8D [ether] on eth2 ? (10.0.2.8) at <incomplete> on eth2 root@fw:~# ping 172.16.0.22 PING 172.16.0.22 (172.16.0.22) 56(84) bytes of data. --- 172.16.0.22 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2008ms root@fw:~# arp -na ? (172.16.0.15) at <incomplete> on eth0.3 ? (10.0.2.200) at 00:0D:B9:03:70:A4 [ether] on eth2 ? (10.0.2.15) at 00:13:8F:B7:54:8D [ether] on eth2 ? (10.0.2.8) at <incomplete> on eth2 ? (172.16.0.22) at <incomplete> on eth0.3[/code] Tcpdump at that moment on bridge on ap [code]root@OpenWrt:~# tcpdump -i br-vlan -vv tcpdump: WARNING: br-vlan: no IPv4 address assigned tcpdump: listening on br-vlan, link-type EN10MB (Ethernet), capture size 96 bytes 02:26:56.816817 00:15:6d:51:04:18 (oui Unknown) > Broadcast Null Supervisory, Receiver not Ready, rcv seq 64, Flags [Poll], length 6 02:26:56.818491 00:15:6d:51:04:18 (oui Unknown) > Broadcast Null Unnumbered, xid, Flags [Response], length 6: 01 02 02:26:59.822096 arp who-has 172.16.0.22 tell 172.16.0.1 02:27:00.822153 arp who-has 172.16.0.22 tell 172.16.0.1 02:27:01.822163 arp who-has 172.16.0.22 tell 172.16.0.1 02:27:03.822182 arp who-has 172.16.0.22 tell 172.16.0.1 02:27:04.739632 [|llc]00:13:46:fe:66:1b (oui Unknown) > 00:80:48:7e:9b:0a (oui Unknown), 802.3, length 14: 02:27:04.822202 arp who-has 172.16.0.22 tell 172.16.0.1 02:27:04.904278 [|llc]00:13:46:fe:66:1b (oui Unknown) > 00:80:48:7e:9b:0a (oui Unknown), 802.3, length 14: 02:27:05.822197 arp who-has 172.16.0.22 tell 172.16.0.1
sta answer on arp request only when i ping linux machine
after some searching i found strange behavior of hostapd with GTK rekeying that crypts brcast/multicast packets # Rekey GTK when any STA that possesses the current GTK is leaving the BSS. # (dot11RSNAConfigGroupRekeyStrict) #wpa_strict_rekey=1