| View previous topic :: View next topic |
| Author |
Message |
JustAnother
Apprentice
Joined: 23 Sep 2016
Posts: 186
|
 Posted: Sun Dec 17, 2023 1:12 am Post subject: About netifrc, wpa_supplicant, and tkip |
 |
|
I played with my wifi setup after a couple of years, being a wired interface kind of person. And I had a bunch of issues. One of these issues seems more serious.
The pci card on my laptop wont show in lspci, but Windows (now gone) did seem to see it.
So I plugged in an Ralink USB wifi dongle and showed nothing. I found out that the driver that used to compile was missing, requiring
changes to the kernel, which were made. So at this point showed the card, showed a module was attached, and
showed wlp0s29u1u3.
So everything should have been trivial from this point on, only it wasn't.
But first some details:
file /etc/conf.d/net:
| Code: | dns_domain_lo="home"
config_enp2s0="dhcp"
# The old config:
## 2019-08-10: from Gentoo wireless config
##
#config_wlp0s29u1u3="dhcp"
## Prefer wpa_supplicant over wireless-tools
#modules_wlp0s29u1u3="!plug wpa_supplicant"
#wpa_supplicant_wlp0s29u1u3="-Dnl80211 -d -f /var/log/wpa_supplicant.log"
#
# The new config:
# 2023-12-15: just like the gentoo wpa_supp wiki.
#
config_wlp0s29u1u3="dhcp"
modules_wlp0s29u1u3="wpa_supplicant"
# |
File: /etc/wpa_supplicant/wpa_supplicant.conf
| Code: | ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
update_config=1
# Ensure that only root can read the WPA configuration
ctrl_interface_group=0
# Let wpa_supplicant take care of scanning and AP selection
#ap_scan=1
network={
ssid="whatever"
psk="whatever"
# Gentoo wpa_supp wiki said these might be needed. They dont fix rc-service.
# With these or without these, there is a problem.
scan_ssid=1
proto=RSN
key_mgmt=WPA-PSK
group=CCMP TKIP
pairwise=CCMP TKIP
#
# The higher the priority the sooner we are matched
priority=5
} |
Here (a cmdline test case) is what did not work at first:
| Code: | | wpa_supplicant -i wlp0s29u1u3 -Dnl80211 -c /etc/wpa_supplicant/wpa_supplicant.conf -d & |
The output showed what was the complaint:
| Code: | wlp0s29u1u3: 3: 60:31:97:1e:ef:ee ssid='whatever' wpa_ie_len=26 rsn_ie_len=24 caps=0x1411 level=-7 freq=2437 wps
wpa_parse_wpa_ie_rsn: invalid group cipher 0x8 (000fac02)
|
This is where after some searching I found out about the wpa_supplicant tkip situation. My router is old, and wpa_supplicant took out tkip on a version
bump, and my wifi broke. So in the interest of trying to get something to work, I rebuilt
wpa_supplicant with the tkip switch, even if this is verboten.
And lo and behold the cmdline test connected. showed an ip address,
and the internet worked. So I figured that using rc-service (i.e., netifrc) on
| Code: | | /etc/init.d/net.wlp0s29u1u3 |
would work. But it didn't.
This is what should work. Everything here is root account and root is in group wheel.
| Code: | rc-service net.enp2s0 stop
rc-service net.wlp0s29u1u3 -v start 2>&1 | tee t.tmp |
Here is what's strange. Before I got the wpa_supplicant test run to work,
the test cmd got this:
| Code: | | * Backgrounding ... ... * WARNING: net.wlp0s29u1u3 has started, but is inactive |
and in /var/log/wpa_supplicant.log I got the message:
| Code: | wlp0s29u1u3: 3: 60:31:97:1e:ef:ee ssid='whatever' wpa_ie_len=26 rsn_ie_len=24 caps=0x1411 level=-7 freq=2437 wps
wpa_parse_wpa_ie_rsn: invalid group cipher 0x8 (000fac02) |
So this was a codec negotiation problem, and netifrc and the command line test
were initially both broken, but after I fixed the tkip problem, or so I thought,
the test case works but the netifrc case does not work.
So with the cmdline test case working, I did a ps -ww -ef to see what netifrc had
spawned:
| Code: | /usr/sbin/wpa_supplicant -Dnl80211 -d -f /var/log/wpa_supplicant.log \
-c /etc/wpa_supplicant/wpa_supplicant.conf -W -B -i wlp0s29u1u3 \
-P /run/wpa_supplicant-wlp0s29u1u3.pid
/usr/bin/wpa_cli -a /etc/wpa_supplicant/wpa_cli.sh -p /var/run/wpa_supplicant \
-i wlp0s29u1u3 -P /run/wpa_cli-wlp0s29u1u3.pid -B
|
So wpa_supplicant is daemonizing (-B) and waiting for someone to open its
control socket (-W). It appears that the only role of wpa_cli is to open the
socket and attach a listener (-a) script to run logger scripts on up/down signals
from wpa_supplicant.
So I took these exact commands and put them into a tiny script file and ran
it. It worked. The wifi interface connected. I was careful to bring netifrc
down before trying all these tests. I was not ever starting more than one network
management layer at once.
So this is the dilemma: if the fixed issue was a codec negotiation issue
and netifc was running exactly the same commands as the test case, with the
same configuration files in use, why would the codec negotiation change?
If netifrc is running the same commands as my test script, why the different
result?
Here is the output of | Code: | | rc-service -v start wlp0s29u1u3: |
| Code: | * Bringing up interface wlp0s29u1u3
* Skipping module adsl due to missing program: /usr/sbin/adsl-start /usr/sbin/pppoe-start
* Skipping module apipa due to missing program: /sbin/arping /bin/arping
* Skipping module br2684ctl due to missing program: br2684ctl
* Skipping module clip due to missing program: /usr/sbin/atmsigd
* Skipping module netplugd due to missing program: /sbin/netplugd
* Skipping module ifplugd due to missing program: /usr/sbin/ifplugd
* Skipping module ipppd due to missing program: /usr/sbin/ipppd
* Skipping module iwconfig due to missing program: /sbin/iwconfig
* Skipping module iwd due to missing program: iwd
* Skipping module firewalld due to missing program: firewall-cmd
* Skipping module pppd due to missing program: /usr/sbin/pppd
* Skipping module pump due to missing program: /sbin/pump
* Skipping module dhclient due to missing program: /sbin/dhclient
* Skipping module dhclientv6 due to missing program: /sbin/dhclient
* Skipping module wireguard due to missing program: /usr/bin/wg
* Loaded modules: arping bonding l2tp tuntap bridge ccwgroup ethtool dummy hsr macvlan macchanger macnet wpa_supplicant ssidnet iproute2 system vlan dhcpcd ip6rd ip6to4 veth
* ip link set dev wlp0s29u1u3 up
* Configuring wlp0s29u1u3 for MAC address 9C:EF:D5:FC:E6:7A ... [ ok ]
* Starting wpa_supplicant on wlp0s29u1u3 ...
* start-stop-daemon: fopen `/run/wpa_supplicant-wlp0s29u1u3.pid': No such file or directorySuccessfully initialized wpa_supplicant
* Detaching to start `/usr/sbin/wpa_supplicant' ... [ ok ]
* Starting wpa_cli on wlp0s29u1u3 ...
* start-stop-daemon: fopen `/run/wpa_cli-wlp0s29u1u3.pid': No such file or directory
* Detaching to start `/usr/bin/wpa_cli' ... [ ok ]
* Backgrounding ... ... * WARNING: net.wlp0s29u1u3 has started, but is inactive |
I checked and some of these module files exist, but netifrc has the wrong
file names (they are in /usr/...). There are complaints about the pid files
which may or may not be relevant.
Some ideas:
: I could be making a dumb mistake with netifrc making this more painful than
it should be.
: The pid file complaints could be the problem, but it doesn't appear likely.
: The ps output shows the daemon commands, but does not show any environment
variables fed to the daemons. By the way, has a set command which is
supposed to list all the "variables", with the meaning of this term unclear.
What kind[s] of variables? And the command does not work: it demands
arguments. There is a lesson here for people who get fancy with environment
settings to spawned processes: the execution context is unclear.
: There could be another daemon involved, but this should not make a
difference. The spawned wpa executables should do exactly the same thing.
: There could be some sort of sandboxing going on here.
: Could be a bug somewhere in the depths of netifrc.
Any ideas, anyone? |
|
| Back to top |
|
 |
JustAnother
Apprentice
Joined: 23 Sep 2016
Posts: 186
|
| Posted: Tue Dec 19, 2023 1:49 am Post subject: More info |
|
|
Some more info:
I didn't realize that there is a command | Code: | | rc-service wpa_supplicant |
so I shut down all the networking and ran the start command.
It took a few seconds but after the interface came up and worked.
I checked, and there is only version wpa_supplicant installed.
I tried various combinations of attempts to make or break the networking, with combinations of reboots and shutdowns, to see if
there were any indications that this could be related to card initialization, card drivers, etc. I don't see anything.
It appears that this situation is repeatable: simple cmdline tests of wpa_supplicant work, netifc control of wpa_supplicant via rc-service works,
netifrc control via net.wlp0s29u1u3 does not work.
So I went into | Code: | | /etc/init.d/net.wlp0s29u1u3 |
and put a set -x in the start() function. Here is the output:
https://pastebin.com/0JQa1kGD |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
