Comment 119 for bug 200509

Troy Volin (tmvolin) wrote :

** short version of this comment: ** cipher CCMP seems to get better results.
Try WPA2 Personal with TKIP+AES on your linksys **

Hi. I'm crossposting this info to a handful of bugs (since I'm so ecstatic).
I experienced a very similar problem (very frequent disconnects, ThinkPad W500 with iwlagn (device is "Intel Corporation PRO/Wireless 5100 AGN [Shiloh] Network Connection [8086:4237]").
I was getting the "Microcode SW error detected. Restarting 0x2000000." messages with the IWL Error Log Dump. I didn't need to unload module to reconnect, just need to select my AP in NetworkManager again (even though NM thinks it's still connected).

Everything was fine on RHEL5, everything was fine when I reloaded to F13.
Upgraded to F14, and the problem started.

Here's what I did which made the problem go away (for me) without resorting to swcrypto=1. Note, I already had both disable_hw_scan=1 and lln_disable=1 set in modprobe.d/wireless.conf.

Since the problem is reported sporadically but deterministically (ie, same users, and for those users, always at the same APs), and responds to swcrypto=1, I decided to change ciphers.

My Linksys WRT54GS (v7 hardware, v7.5.2 firmware) was set to do WPA PSK with TKIP. So sudo iwlist wlan0 scan showed:
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (1) : TKIP
                        Authentication Suites (1) : PSK

I changed it to WPA2 PSK with TKIP+AES. The problem went away immediately. Now sudo iwlist wlan0 scan shows:
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : CCMP TKIP
                        Authentication Suites (1) : PSK
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : CCMP TKIP
                        Authentication Suites (1) : PSK

So I suspect the hardware crypto bug is in TKIP. Here's the tail end of my wpa_supplicant.log (which hasn't changed in around 2 hours, but was repeating the DISCONNECTED event loop quite often before (paranoid redaction with XX):
Trying to associate with XX:1c:10:b0:b5:1f (SSID='XXlinNet2' freq=2447 MHz)
Associated with XX:1c:10:b0:b5:1f
WPA: Key negotiation completed with XX:1c:10:b0:b5:1f [PTK=TKIP GTK=TKIP]
CTRL-EVENT-CONNECTED - Connection to XX:1c:10:b0:b5:1f completed (reauth) [id=0 id_str=]
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Failed to initiate AP scan.
Trying to associate with XX:1c:10:b0:b5:1f (SSID='XXlinNet2' freq=2447 MHz)
Associated with XX:1c:10:b0:b5:1f
WPA: Key negotiation completed with XX:1c:10:b0:b5:1f [PTK=TKIP GTK=TKIP]
CTRL-EVENT-CONNECTED - Connection to XX:1c:10:b0:b5:1f completed (reauth) [id=0 id_str=]
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with XX:1c:10:b0:b5:1f (SSID='XXlinNet2' freq=2447 MHz)
Associated with XX:1c:10:b0:b5:1f
WPA: Key negotiation completed with XX:1c:10:b0:b5:1f [PTK=CCMP GTK=TKIP]
CTRL-EVENT-CONNECTED - Connection to XX:1c:10:b0:b5:1f completed (reauth) [id=0 id_str=]
Failed to initiate AP scan.

I was having no problem connecting at work (which has key management IEEE8021X with EAP-LEAP, dynamic WEP keys, and uses CCMP for pairwise cipher).
Now I connect reliably at both sites.
Maybe this will help upstream diagnosis, at least for iwl5100 firmware 8.24.2.12.

One additional note: I *do* still see the "Microcode SW error detected. Restarting 0x2000000." message and the IWL Error Log Dump. It just doesn't cause a disconnect.

Obviously YMMV. Obviously there's still a firmware crypto bug they should fix upstream. And obviously, you can't ask your friends to go changing their AP settings for you. But this seems like a decent alternative to swcrypto if it works for you.