cannot associate to wi in hostap mode. Error occours in wihap_auth_req() in if_wi_hostap.c

[Anwar Puthu <anwar_(_at_)_puthu_(_dot_)_org_(_dot_)_uk>]

I'm having problems connecting from my sony clie Th55 pda to my openBSD server
running in hostAP mode.  I can connect to other APs however.
I ran some bare bones tests without WEP etc, to try to narrow down the problem.

These were my observations:
1.  I can make the connection without a problem in Ad-hoc mode.
2.  I can use WEP in ad-hoc mode.
3.  I can connect to the server machine when I run Linux in hostAp mode.  (This
was a sanity test to make sure that the PDA can connect to an AP properly).

This is what I do to start the server on openBSD.
 ifconfig wi0 192.168.100.101 up
 wicontrol -p6 -n test -c1

For debugging puroses, I did this:
 ifconfig wi0 debug

The debug message shows this:
wihap_mgmt_input: len=13 MGMT: auth:
wihap_auth_req: station 08:00:46:e2:b4:34 algo=0x0 seq=0x1
wihap_auth_req: returns status=0xf

Digging further into the code (/usr/src/sys/dev/ic/if_wi_hostap.c)

I realized that the call to:
static int
take_tlv(caddr_t *ppkt, int *plen, int id_expect, void *dst, int maxlen)

from wihap_auth_req is failing.(returns -1)

I added a couple of debug lines to take_tlv to see where it failed.
This is the line that fails:

if (id != id_expect || *plen < len+2 || maxlen < len)
                return -1;

It turns out the failure is because: id != id_expect

id = 0xdd
id_expect = 0x10

I don't know enough about wlan protocols to debug this.

This is my dmesg:

OpenBSD 3.5 (GENERIC) #0: Tue Jul 20 10:05:38 BST 2004
    root_(_at_)_dblon666999obsd_(_dot_)_wks_(_dot_)_uk_(_dot_)_deuba_(_dot_)_com:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) III Mobile CPU 1200MHz ("GenuineIntel" 686-class) 1.20
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem  = 804708352 (785848K)
avail mem = 739926016 (722584K)
using 4278 buffers containing 40337408 bytes (39392K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 05/16/03, BIOS32 rev. 0 @ 0xffe90
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 99%
apm0: AC on, battery charge high, charging, estimated 2:55 hours
pcibios0 at bios0: rev. 2.1 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xfbb90/208 (11 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371 ISA and IDE" rev 0x00)
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc0000/0x10000
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82830MP CPU-I/O-1" rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel 82830MP CPU-AGP" rev 0x02
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility M6 LY" rev 0x00
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801CA/CAM USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x41
pci2 at ppb1 bus 2
xl0 at pci2 dev 0 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 11xl0:
command never completed!
xl0: command never completed!
xl0: command never completed!
 address 00:06:5b:d7:bf:f7
exphy0 at xl0 phy 24: 3Com internal media interface
xl0: command never completed!
xl0: command never completed!
xl0: command never completed!
cbb0 at pci2 dev 1 function 0 "Texas Instruments PCI1420 CardBus" rev 0x00: irq 11
cbb1 at pci2 dev 1 function 1 "Texas Instruments PCI1420 CardBus" rev 0x00: irq 11
wi0 at pci2 dev 3 function 0 "Intersil PRISM2.5 Mini-PCI WLAN" rev 0x01: irq 11
wi0: PRISM2.5 ISL3874A(Mini-PCI), Firmware 1.1.1 (primary), 1.8.2 (station),
address 00:02:6f:06:6b:2b
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 4 device 0 cacheline 0x8, lattimer 0x20
pcmcia1 at cardslot1
pcib0 at pci0 dev 31 function 0 "Intel 82801CAM LPC" rev 0x01: SpeedStep
pciide0 at pci0 dev 31 function 1 "Intel 82801CAM IDE" rev 0x01: DMA, channel 0
configured to compatibilit
y, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <HTS548080M9AT00>
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <HL-DT-ST, RW/DVD GCC-4243N, A102> SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
auich0 at pci0 dev 31 function 5 "Intel 82801CA/CAM AC97 Audio" rev 0x01: irq
11, ICH3 AC97
ac97: codec id 0x4352595b (Cirrus Logic <5b>)
ac97: codec features mic channel, tone, simulated stereo, bass boost, 20 bit
DAC, 18 bit ADC, SRS 3D
audio0 at auich0
auich0: measured ac97 link rate at 48006 Hz, will use 48000 Hz
"Intel 82801CA/CAM Modem" rev 0x01 at pci0 dev 31 function 6 not configured
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask c840 netmask c840 ttymask d8c2
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302





This is the output of wicontrol:
NIC serial number:                      [ 00037005077
 ]
Station name:                           [ WaveLAN/IEEE node ]
SSID for IBSS creation:                 [ test ]
Current netname (SSID):                 [ test ]
Desired netname (SSID):                 [ test ]
Current BSSID:                          [ 00:02:6f:06:6b:2b ]
Channel list:                           [ 2047 ]
IBSS channel:                           [ 3 ]
Current channel:                        [ 3 ]
Comms quality/signal/noise:             [ 0 81 27 ]
Promiscuous mode:                       [ Off ]
Process 802.11b Frame:                  [ Off ]
Port type (1=BSS, 3=ad-hoc, 6=Host AP): [ 6 ]
MAC address:                            [ 00:02:6f:06:6b:2b ]
TX rate (selection):                    [ 3 ]
TX rate (actual speed):                 [ 2 ]
Maximum data length:                    [ 2304 ]
RTS/CTS handshake threshold:            [ 2347 ]
Create IBSS:                            [ On ]
Antenna diversity (0=auto,1=pri,2=aux): [ ]
Microwave oven robustness:              [ Off ]
Roaming mode(1=firm,3=disable):         [ 1 ]
Access point density:                   [ 1 ]
Power Management:                       [ Off ]
Max sleep time:                         [ 100 ]
Enhanced Security mode:                 [ 0 ]
Intersil Prism2-based card:             [ 1 ]
Card info:                              [ PRISM2.5 ISL3874A(Mini-PCI), Firmware
1.8.2 ]
Encryption:                             [ Off ]
Encryption algorithm:                   [ Firmware WEP ]
Authentication type
(1=OpenSys, 2=Shared Key):              [ 1 ]
TX encryption key:                      [ 1 ]
Encryption keys:                        [  ][  ][  ][  ]


Hope somebody can throw some light.  Is there any way to monitor the full data
exchange at ieee_802.11b level?  Google seems to suggest netBSD can do this with
tcpdump.

Thanks & Regards,

Anwar Puthu.