From nobody@FreeBSD.org  Sat Oct 29 15:34:11 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D395116A41F
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 29 Oct 2005 15:34:11 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 98EFD43D7E
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 29 Oct 2005 15:34:04 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j9TFY39v021210
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 29 Oct 2005 15:34:03 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j9TFY3KK021207;
	Sat, 29 Oct 2005 15:34:03 GMT
	(envelope-from nobody)
Message-Id: <200510291534.j9TFY3KK021207@www.freebsd.org>
Date: Sat, 29 Oct 2005 15:34:03 GMT
From: Thijs Eilander <eilander@paranoid.nl>
To: freebsd-gnats-submit@FreeBSD.org
Subject: wep is broken in ural(4) hostap mode
X-Send-Pr-Version: www-2.3

>Number:         88182
>Category:       kern
>Synopsis:       [ural] [wep] wep is broken in ural(4) hostap mode
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 29 15:40:14 GMT 2005
>Closed-Date:    
>Last-Modified:  Tue Apr 24 04:22:47 GMT 2007
>Originator:     Thijs Eilander
>Release:        FreeBSD 6.0RC1
>Organization:
none
>Environment:
FreeBSD router.paranoid.nl 6.0-RC1 FreeBSD 6.0-RC1 #6: Fri Oct 28 21:48:58 CEST 2005     root@:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
I've got an Eminent Wireless USB (EM3035) device with the Ralink chipset

ural0: Ralink 802.11g WLAN, rev 2.00/0.01, addr 2
ural0: MAC/BBP RT2570 (rev 0x03), RF RT2526
ural0: Ethernet address: 00:06:f4:0b:d6:0e
ural0: if_start running deferred for Giant

When in hostap mode, the encryption fails. I tried both WEP (ifconfig) and WPA (hostapd).

When in clientmode, encryption is OK. I tried the device with OpenBSD which works OK with hostap+wep, so the card seems to be ok.

configuration:
ifconfig_ural0="ssid home wepkey 0x1234567890 weptxkey 1 wepmode on mediaopt hostap up"

Tcpdump says:

17:16:55.609147 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:40:96:58:24:d3, length: 300
17:16:55.609168 IP truncated-ip - 24209 bytes missing! 175.8.224.204 > 86.30.246.56: ip-proto-216

I can see incoming traffic, so I used the correct key. 
But outgoing traffic seems to be broken.
>How-To-Repeat:
put the ural-device in hostap mode and try to use encryption. tcpdump the traffic to see that something is broken.
>Fix:
              
>Release-Note:
>Audit-Trail:

From: "Thijs Eilander" <eilander@paranoid.nl>
To: <bug-followup@FreeBSD.org>
Cc:  
Subject: Re: kern/88182: [ural] wep is broken in ural(4) hostap mode
Date: Mon, 14 Nov 2005 17:15:33 +0100

 I narrowed the problem down:
 
 WIN-XP CLIENT  <~WLAN~> FreeBSD-AP <-UTP-> Gateway
 
 When I enter a static ARP for the gateway on the WIN-XP client, I can ping
 and use the gateway with WEP encryption turned on!
 
 
 
>Unformatted:
