* Multiple patches to reduce the number of disconnections for WPA Enterprise
roaming and Opportunistic Key Caching. (LP: #1187524)
* In debian/patches:
0001-sme-fix-retry-after-auth-assoc-timeout-failure.patch,
0002-sme-optimize-recovery-from-common-load-balancing-mechanisms.patch,
0003-sme-blacklist-bss-on-first-failure-if-only-a-*.patch,
0004-sme-extend-load-balancing-optimization-in-bss-blacklisting.patch,
0005-sme-optimize-recovery-from-association-command-failures.patch,
0006-sme-add-timers-for-authentication-and-association.patch,
0007-sme-nl80211-set-cipher-suites.patch:
Cherry-pick patches fixing SME (Session Management Entity) for the nl80211
driver, which works as a basis for the OKC patches.
* In debian/patches:
0001-pmkokc-Set-portValid-TRUE-on-association-for-driver-based-4.patch,
0002-pmkokc-Clear-WPA-and-EAPOL-state-machine-config-pointer-on-.patch,
0003-pmkokc-Clear-driver-PMKSA-cache-entry-on-PMKSA-cache-expira.patch,
0004-pmkokc-Flush-PMKSA-cache-entries-and-invalidate-EAP-state-o.patch,
0005-pmkokc-Fix-proactive_key_caching-configuration-to-WPA-code.patch,
0006-pmkokc-RSN-Add-a-debug-message-when-considing-addition-of-O.patch,
0007-pmkokc-Clear-OKC-based-PMKSA-caching-entries-if-PMK-is-chan.patch,
0008-pmkokc-Move-wpa_sm_remove_pmkid-call-to-PMKSA-cache-entry-f.patch,
0009-pmkokc-Use-PMKSA-cache-entries-with-only-a-single-network-c.patch,
0010-pmkokc-PMKSA-Do-not-evict-active-cache-entry-when-adding-ne.patch,
0011-pmkokc-PMKSA-Set-cur_pmksa-pointer-during-initial-associati.patch,
0012-pmkokc-PMKSA-make-deauthentication-due-to-cache-entry-remov.patch,
0013-pmkokc-PMKSA-update-current-cache-entry-due-to-association-.patch:
Cherry-pick patches to properly do OKC (Opportunistic Key Caching) which
helps maintaining connectivity on networks secured with WPA Enterprise,
especially on nl80211-based drivers -- these patches require SME, and add
or fix key caching and handling of the cache entries.
* debian/patches/force-enable-okc.patch: force Opportunistic Key Caching to
be enabled.
* debian/patches/less-aggressive-roaming.patch: use less aggressive roaming
settings to avoid switching to another AP unnecessarily, when the actual
signal level difference is small.
* debian/patches/wpa_supplicant-dbus-null-error.patch: Don't send NULL to
dbus_message_new_error().
* debian/patches/0001-nl80211-Fix-UNSPEC-signal-quality-reporting.patch: fix
marking qual as invalid rather than signal level.
* debian/patches/wpa_supplicant-squelch-driver-disconnect-spam.patch: recover
cleanly from streams of disconnect messages (like on iwl3945).
* debian/patches/wpa_supplicant-assoc-timeout.patch: increase association
timeouts.
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 12 Jun 2013 15:57:50 -0400
ubuntu bug 1187524 Frequent disconnects under certain network conditions
mac80211: fix direct probe auth
commit 6211dd12da609bc6893b9c3182630b494737ec4b upstream.
We send direct probe to broadcast address, as some APs do not respond to
unicast PROBE frames when unassociated. Broadcast frames are not acked,
so we can not use that for trigger MLME state machine, but we need to
use old timeout mechanism.
This fixes authentication timed out like below:
[ 1024.671974] wlan6: authenticate with 54:e6:fc:98:63:fe
[ 1024.694125] wlan6: direct probe to 54:e6:fc:98:63:fe (try 1/3)
[ 1024.695450] wlan6: direct probe to 54:e6:fc:98:63:fe (try 2/3)
[ 1024.700586] wlan6: send auth to 54:e6:fc:98:63:fe (try 3/3)
[ 1024.701441] wlan6: authentication with 54:e6:fc:98:63:fe timed out
With fix, we have:
[ 4524.198978] wlan6: authenticate with 54:e6:fc:98:63:fe
[ 4524.220692] wlan6: direct probe to 54:e6:fc:98:63:fe (try 1/3)
[ 4524.421784] wlan6: send auth to 54:e6:fc:98:63:fe (try 2/3)
[ 4524.423272] wlan6: authenticated
[ 4524.423811] wlan6: associate with 54:e6:fc:98:63:fe (try 1/3)
[ 4524.427492] wlan6: RX AssocResp from 54:e6:fc:98:63:fe (capab=0x431 status=0 aid=1) Signed-off-by: Stanislaw Gruszka <email address hidden>
Signed-off-by: Johannes Berg <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
commit c52d6fec681236d2adc5cdfcc10e76c7baea455d
Author: Johannes Berg <email address hidden>
Date: Mon May 13 16:42:40 2013 +0200
mac80211: fix AP-mode frame matching
commit 2b9ccd4e4308272e5aec614b77c5385e7ec2ec90 upstream.
In AP mode, ignore frames with mis-matched BSSID that aren't
multicast or sent to the correct destination. This fixes
reporting public action frames to userspace multiple times
on multiple virtual AP interfaces. Reported-by: Jouni Malinen <email address hidden>
Signed-off-by: Johannes Berg <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
In 12.04.x proposed there is patched wpasupplicant package, which solves the problem to 90 percent. Give it a try!
There are random disconnects, but it is stable most of the time. From my experience the 5 GHz channel are more stable than the 2 GHz ones.
Furthermore there are different kernel patches since 3.9.5 to get a faster authentication during direct probing => see text;
wpasupplicant (0.7.3-6ubuntu2.2) precise-proposed; urgency=low
* Multiple patches to reduce the number of disconnections for WPA Enterprise sme-fix- retry-after- auth-assoc- timeout- failure. patch, sme-optimize- recovery- from-common- load-balancing- mechanisms. patch, sme-blacklist- bss-on- first-failure- if-only- a-*.patch, sme-extend- load-balancing- optimization- in-bss- blacklisting. patch, sme-optimize- recovery- from-associatio n-command- failures. patch, sme-add- timers- for-authenticat ion-and- association. patch, sme-nl80211- set-cipher- suites. patch: pmkokc- Set-portValid- TRUE-on- association- for-driver- based-4. patch, pmkokc- Clear-WPA- and-EAPOL- state-machine- config- pointer- on-.patch, pmkokc- Clear-driver- PMKSA-cache- entry-on- PMKSA-cache- expira. patch, pmkokc- Flush-PMKSA- cache-entries- and-invalidate- EAP-state- o.patch, pmkokc- Fix-proactive_ key_caching- configuration- to-WPA- code.patch, pmkokc- RSN-Add- a-debug- message- when-considing- addition- of-O.patch, pmkokc- Clear-OKC- based-PMKSA- caching- entries- if-PMK- is-chan. patch, pmkokc- Move-wpa_ sm_remove_ pmkid-call- to-PMKSA- cache-entry- f.patch, pmkokc- Use-PMKSA- cache-entries- with-only- a-single- network- c.patch, pmkokc- PMKSA-Do- not-evict- active- cache-entry- when-adding- ne.patch, pmkokc- PMKSA-Set- cur_pmksa- pointer- during- initial- associati. patch, pmkokc- PMKSA-make- deauthenticatio n-due-to- cache-entry- remov.patch, pmkokc- PMKSA-update- current- cache-entry- due-to- association- .patch: patches/ force-enable- okc.patch: force Opportunistic Key Caching to patches/ less-aggressive -roaming. patch: use less aggressive roaming patches/ wpa_supplicant- dbus-null- error.patch: Don't send NULL to message_ new_error( ). patches/ 0001-nl80211- Fix-UNSPEC- signal- quality- reporting. patch: fix patches/ wpa_supplicant- squelch- driver- disconnect- spam.patch: recover patches/ wpa_supplicant- assoc-timeout. patch: increase association
roaming and Opportunistic Key Caching. (LP: #1187524)
* In debian/patches:
0001-
0002-
0003-
0004-
0005-
0006-
0007-
Cherry-pick patches fixing SME (Session Management Entity) for the nl80211
driver, which works as a basis for the OKC patches.
* In debian/patches:
0001-
0002-
0003-
0004-
0005-
0006-
0007-
0008-
0009-
0010-
0011-
0012-
0013-
Cherry-pick patches to properly do OKC (Opportunistic Key Caching) which
helps maintaining connectivity on networks secured with WPA Enterprise,
especially on nl80211-based drivers -- these patches require SME, and add
or fix key caching and handling of the cache entries.
* debian/
be enabled.
* debian/
settings to avoid switching to another AP unnecessarily, when the actual
signal level difference is small.
* debian/
dbus_
* debian/
marking qual as invalid rather than signal level.
* debian/
cleanly from streams of disconnect messages (like on iwl3945).
* debian/
timeouts.
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 12 Jun 2013 15:57:50 -0400
ubuntu bug 1187524 Frequent disconnects under certain network conditions
https:/ /www.kernel. org/pub/ linux/kernel/ v3.x/ChangeLog- 3.9.5
commit dfd969a6927de92 98544d1d51d9e69 b9e88243f2
Author: Stanislaw Gruszka <email address hidden>
Date: Fri May 17 13:43:04 2013 +0200
mac80211: fix direct probe auth 6893b9c3182630b 494737ec4b upstream.
Signed- off-by: Stanislaw Gruszka <email address hidden>
commit 6211dd12da609bc
We send direct probe to broadcast address, as some APs do not respond to
unicast PROBE frames when unassociated. Broadcast frames are not acked,
so we can not use that for trigger MLME state machine, but we need to
use old timeout mechanism.
This fixes authentication timed out like below:
[ 1024.671974] wlan6: authenticate with 54:e6:fc:98:63:fe
[ 1024.694125] wlan6: direct probe to 54:e6:fc:98:63:fe (try 1/3)
[ 1024.695450] wlan6: direct probe to 54:e6:fc:98:63:fe (try 2/3)
[ 1024.700586] wlan6: send auth to 54:e6:fc:98:63:fe (try 3/3)
[ 1024.701441] wlan6: authentication with 54:e6:fc:98:63:fe timed out
With fix, we have:
[ 4524.198978] wlan6: authenticate with 54:e6:fc:98:63:fe
[ 4524.220692] wlan6: direct probe to 54:e6:fc:98:63:fe (try 1/3)
[ 4524.421784] wlan6: send auth to 54:e6:fc:98:63:fe (try 2/3)
[ 4524.423272] wlan6: authenticated
[ 4524.423811] wlan6: associate with 54:e6:fc:98:63:fe (try 1/3)
[ 4524.427492] wlan6: RX AssocResp from 54:e6:fc:98:63:fe (capab=0x431 status=0 aid=1)
Signed-off-by: Johannes Berg <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
commit c52d6fec681236d 2adc5cdfcc10e76 c7baea455d
Author: Johannes Berg <email address hidden>
Date: Mon May 13 16:42:40 2013 +0200
mac80211: fix AP-mode frame matching e5aec614b77c538 5e7ec2ec90 upstream.
Reported- by: Jouni Malinen <email address hidden>
commit 2b9ccd4e4308272
In AP mode, ignore frames with mis-matched BSSID that aren't
multicast or sent to the correct destination. This fixes
reporting public action frames to userspace multiple times
on multiple virtual AP interfaces.
Signed-off-by: Johannes Berg <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>