[FS#3852] 802.11r management messages incorrectly sent without VLAN tag when network uses VLAN-aware bridge

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Thu Jun 3 16:01:37 PDT 2021 

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - Jan Hoffmann (janhoffmann) 

Attached to Project - OpenWrt/LEDE Project
Summary - 802.11r management messages incorrectly sent without VLAN tag when network uses VLAN-aware bridge
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - openwrt-21.02
Due in Version - Undecided
Due Date - Undecided
Details - This problem occurs when 802.11r is used together with a network interface that uses a VLAN-aware bridge.

In this case the 802.11r key distribution messages are sent to the bridge without VLAN tag. Effectively this means that they are dropped.


**Basic configuration to reproduce:**

/etc/config/network:

config interface 'lan'
	option device 'br-lan.10'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'lan1:u*'
	list ports 'lan2:u*'
	list ports 'lan3:u*'
	list ports 'lan4:u*'


/etc/config/wireless:

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'psk2+ccmp'
	option key 'mysupersecretpassphrase'

	option mobility_domain 'abcd'
	option ieee80211r '1'
	option nasid '112233445566'
	option ft_psk_generate_local '0'
	option ft_over_ds '1'
	option pmk_r1_push '1'
	list r0kh 'aa:bb:cc:dd:ee:ff,aabbccddeeff,F9EE3F971A72960A66AEA00D0A5894F3'
	list r1kh 'aa:bb:cc:dd:ee:ff,aa:bb:cc:dd:ee:ff,F9EE3F971A72960A66AEA00D0A5894F3'


**How to repruduce:**

With this configuration a key distribution message is sent to MAC address aa:bb:cc:dd:ee:ff whenever a client connects.

Using tcpdump it is possible to verify the the messages are sent without VLAN tag:

tcpdump -i br-lan "!ip and !ip6 and !arp and !vlan"
tcpdump -i br-lan.10 "!ip and !ip6 and !arp"


The messages should appear with the second command, but instead they only appear for the first one. (The actual messages are sent with Ethertype 0x88b7, but tcpdump refuses to filter for that.)

More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3852

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

More information about the openwrt-bugs mailing list