Wi-Fi connection(to wireless LAN AP) is lost after 11 hours past using WPA3

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
sanmm_199922
Level 1
Level 1
10 replies posted 10 sign-ins 5 replies posted

Environment and SDK information:
WICED version: 6.4
Wi-Fi Module: Murata Type1GC

Wi-Fi connection(to wireless LAN AP) is lost immediately after 11 hours past with WPA3-SAE.
We think it was caused due to Wi-Fi module is down. It's not disconnected by wireless AP.
And we have already tried other wireless LAN AP from several vendors, and we confirmed that the same issue was reproduced in every case.
However, if we choose WPA2-PSK, the issue doesn't happen. Wi-Fi connection is still alive after 11 hours past.

Do you have any solutions to this issue?

0 Likes
24 Replies
Zhengbao_Zhang
Moderator
Moderator
Moderator
250 sign-ins First comment on KBA 10 questions asked

Hello:

   So the test plan is: associated with SAE AP, do nothing but just in standby mode?

                                   after 11hours the connection will drop.

      It is better to help to capture a sniffer, and better to change PM mode for the tests also. 

we have the API interface in wwd_wifi.c, you can help to set :

 wwd_disable_powersave

 wwd_enable_powersave

  wwd_enable_powersave_with_throughput

0 Likes

Thanks for your response.

We think the Wi-Fi module doesn't go into standby mode. Because the Wi-Fi module still communicates with servers.

The Wi-Fi module is communicating with a specific server on the internet, the Wi-Fi module is sending a keep-alive packet to the server every 5 seconds.
We have captured regular packets between the Wi-Fi module and the server on the WAN side of the wireless LAN AP. After 11 hours, we can no longer find any packets transmitted from the Wi-Fi module.
Adding to this, we find a record that shows disconnected from the Wi-Fi module on the wireless LAN AP's logs roughly after a few mins from when we missed any packets incoming from the Wi-Fi module.

0 Likes
Zhengbao_Zhang
Moderator
Moderator
Moderator
250 sign-ins First comment on KBA 10 questions asked

Hello: 

   Would you please help to capture one sniffer log? and better to add printed logs in WICED to find out the reason for TCP link disconnection also. 

0 Likes

Thanks for your response.

This is a captured screen that shows communication packets captured by the packet analyzer when it's disconnected from Wi-Fi.
The least 1-Byte hex number "1e" in MAC address is the Wi-Fi module, "30" is wireless LAN AP.
Since we started to capture some time after connection, these timestamps in captured data don't match to actual time.

We confirm that the Wi-Fi module sent "Deauthentication" management frame when the Wi-Fi module was disconnected.
At the same timing, we confirm followed logs on console of the Wi-Fi module, too.

>Event (interface, type, status, reason): WWD_STA_INTERFACE WLC_E_LINK WLC_E_STATUS_SUCCESS WLC_E_REASON_DEAUTH

Please check the above data.

0 Likes

Hello:

   Did you see any special packets before the Deauth triggered?  like a lot of retransmission, like some special management packets were sent out, or signal punctuated. By the way, did you try to change a channel for the test?

the Wi-Fi module is sending a keep-alive packet to the server every 5 seconds.

For this point, if we reduce the interval like changing to every 3 seconds, Do we have a positive result?

0 Likes

Thanks for your response.

We couldn't find any triggers like both a lot of retransmission and special management packets before the Deauth.

We also tried to change another channel. However, the result is same. It has been disconnected, too.

The Wi-Fi module has not only sent keep-alive every 5 seconds but also GARP(Gratuitous ARP) to the server every 1 second, the disconnect situation is not changed.

 

By the way, we notice that the payload of Deauthentication management frame is not encrypted.

We think the payload should be encrypted due to the PMF requirement by WPA3, shouldn't it?

0 Likes
Zhengbao_Zhang
Moderator
Moderator
Moderator
250 sign-ins First comment on KBA 10 questions asked

Hello:

By the way, we notice that the payload of Deauthentication management frame is not encrypted.

We think the payload should be encrypted due to the PMF requirement by WPA3, shouldn't it?

For this point, Do you check the pmf setting  ? I think it should be set to required when connecting to a SAE only AKM.

0 Likes

Thanks for your response.

I'd like to know where to fix or change to configure the PMF settings. Could you tell me the details?

0 Likes

@Zhengbao_Zhang wrote:

Do you check the pmf setting  ? I think it should be set to required when connecting to a SAE only AKM.


@Zhengbao_Zhang 

Where is the pmf setting? (Any example for configuring pmf setting?)

0 Likes
Zhengbao_Zhang
Moderator
Moderator
Moderator
250 sign-ins First comment on KBA 10 questions asked

Hello:

  In command_console_wifi.c we have a sample code for how to set/get mfp value,

/* Get/Set Protected Management Capability */
int mfp_capabilities (int argc, char* argv[] )

0 Likes

Thanks for your response.

We have changed to WL_MFP_REQUIRED of PMF setting as following your sample code and tested. We found that Deauthentication management frame is not encrypted. We also found that Action management frame is encrypted properly.

We tried WL_MFP_CAPABLE of PMF setting again since there is a difference which properly encrypted or not between Deauthentication and Action management frame. The result is Action management frame is encrypted, too.

We assume Deauthentication management frame is not encrypted when using WPA3 no matter what the PMF setting is.
We think there is possibly something glitch or bug, isn't it?

0 Likes
Zhengbao_Zhang
Moderator
Moderator
Moderator
250 sign-ins First comment on KBA 10 questions asked

Hello:

 I will have a try to see the strange Deauth phenomenon. 

0 Likes
Zhengbao_Zhang
Moderator
Moderator
Moderator
250 sign-ins First comment on KBA 10 questions asked

Hello:

  I have a test, seems no encrypted of the STA Deauth on my side also, I have a quick review for 6.6 release,

seems we have critical updates for WPA3 with 4390x. Would you please have a test also? thanks.

By the way, can you check the key update cycle on the router side to see if it has relations if every time the issue happened within 11 hours very accurately?

  • New WLAN firmware (7.15.168.149) added for 4390x/54907 platforms
    • WPA3 enhancement and key generation speed improvement
    • Security fix (KRACK all-zero-key)
0 Likes

Hello.

 

Could we confirm some points?

* Do you confirm that Deauth is not encrypted on your testing?

* Do you confirm the issue that the Wi-Fi module got disconnected from wireless-LAN AP after 11 hours? (Have you reproduced the issue in your environment?)

 

You also asked us to try it with WICED 6.6. Is there any possibility to improve with WICED 6.4?

0 Likes
Zhengbao_Zhang
Moderator
Moderator
Moderator
250 sign-ins First comment on KBA 10 questions asked

Hello:

 Sorry for my typos, from my sniffer log the STA Deauth packet to SAE AP was not encrypted also.

I am trying to find protocol evidence here, by the way, would you please check the reason of the Deauth?

like : 

    Deauthentication Reason Code : 6 class 2 frame received from unauthenticated station.

for 6.6 we have critical KRACK  updates, you can choose it for a quick test also.

0 Likes
Zhengbao_Zhang
Moderator
Moderator
Moderator
250 sign-ins First comment on KBA 10 questions asked

Hello:

I observed the reason code as shown in the pic.

Previous authentication no longer valid (0x0002)

My suggestions are here:

1. using our demo code for a test, just create an SAE connection as STA, and ping every 5 seconds or less.

    no other connections were created with the up layer.

    Then we can see if it still will send a Deauth after 11 hours.

2.  enable more logs from supplicant and wwd, then we can judge if there have some clues.

3.  move to 6.6 version or the newest version for a test.

 

0 Likes
sanmm_199922
Level 1
Level 1
10 replies posted 10 sign-ins 5 replies posted

Thanks, sorry for being late to respond.

 

Could you tell us where to find the demo code?

 

Adding to this, we appreciate it if we can get your response to our previous question.

>* Do you confirm the issue that the Wi-Fi module got disconnected from wireless-LAN AP after 11 hours? (Have you reproduced the issue in your environment?)

0 Likes
Zhengbao_Zhang
Moderator
Moderator
Moderator
250 sign-ins First comment on KBA 10 questions asked

Hello: 

   WICED-Studio-6.4\43xxx_Wi-Fi\apps\snip\apsta , has a demo for AP and ping.

I can't duplicate the issue since my environment  is not clean enough for the test, and my AP is  a WPA2/SAE mixed mode, will try to find a AP with SAE only for the test later.

0 Likes

Hello, I'm sorry for being late to respond.
It took a while due to my schedule, I have done your suggested tests No.1 to No.3.

> 1. using our demo code for a test, just create an SAE connection as STA, and ping every 5 seconds or less.
>     no other connections were created with the up layer.
>     Then we can see if it still will send a Deauth after 11 hours.

We tried the recommended sample code "apsta". We reproduced the same issue. (disconnected after 11 hours)

> 2.  enable more logs from supplicant and wwd, then we can judge if there have some clues.

We attach the log collected with WICED 6.4 "apsta" running.
Please check it out.
However, we find nothing special before "Deauth" in this log.

> 3.  move to 6.6 version or the newest version for a test.

We also tried WICED 6.6. We reproduced the same issue again. (disconnected after 11 hours)

0 Likes
Zhengbao_Zhang
Moderator
Moderator
Moderator
250 sign-ins First comment on KBA 10 questions asked

hello:  

    We have some fixes, just update the firmware based on the 130 version, you can have a try, thanks.

0 Likes

Hello, thanks for your response.

We would like to know some points.
How to update the firmware version?
What version is the target of "130 version" you mentioned, WICED 6.4 or 6.6?

0 Likes
Zhengbao_Zhang
Moderator
Moderator
Moderator
250 sign-ins First comment on KBA 10 questions asked

hello:

  better to replace it in 6.6 version:

\43xxx_Wi-Fi\resources\firmware\43909\43909B0.bin

 we should replace the binary with the attached bin file.

0 Likes

Hello, thanks for your response.


We have done our new test that applies the suggested firmware. However, It improves nothing.
The test result is as same as our previous one. The module got disconnected 11 hours after connecting to the access point.

We confirmed the firmware version of Wi-Fi module by line on the log below.
>"WLAN Firmware    : wl0: Apr 21 2021 05:21:27 version 7.15.168.130 (r714231) FWID 01-fde3c8f7"

By the way, what about do you think the log that we formerly attached?

0 Likes
Zhengbao_Zhang
Moderator
Moderator
Moderator
250 sign-ins First comment on KBA 10 questions asked

Hello:

  would you please help to output the logs with the attached level setting?  I can't figure out the reason of disconnection with the last log uploaded.

0 Likes