802.11k syncronization demon Non-authenticated data: Unacceptable

Installing and Using OpenWrt
1

schema
schema1311×677 32.2 KB

Opewrt 21.02.1
i did
opkg update && opkg remove wpad-basic-wolfssl && opkg install wpad && reboot
opkg update && opkg install umdns libseccomp scmp_sys_resolver iwinfo
and i use this one to configure 802.11k

it says it can syncronaze hostapds
But how do i know if it works ?
i have 2 APs in my domain 33.myd and 44 myd

33.myd

root@33:~# ubus call umdns update
root@33:~# ubus call umdns browse
{
        "_rrm_nr._udp": {
                "44": {
                        "ipv4": "192.168.222.230",
                        "ipv6": "fe80::6a15:90ff:fee7:59fb",
                        "port": 5247,
                        "txt": "[ \"68:15:90:e7:59:fc\", \"Open22Wrt\", \"681590e759fcaf000000510b060603000000\" ]"
                }
        },
        "_ssh._tcp": {
                "44": {
                        "ipv4": "192.168.222.230",
                        "ipv6": "fe80::6a15:90ff:fee7:59fb",
                        "port": 22,
                        "txt": "daemon=dropbear"
                }
        }
}
root@33:~#

and
44.myd

root@44:~# ubus call umdns browse
{
        "_rrm_nr._udp": {
                "33": {
                        "ipv4": "192.168.222.159",
                        "ipv6": "fe80::fa5e:3cff:fe0c:5910",
                        "port": 5247,
                        "txt": "[ \"f8:5e:3c:0c:59:10\", \"Open22Wrt\", \"f85e3c0c5910af0900005306070603010800\" ]"
                }
        },
        "_ssh._tcp": {
                "33": {
                        "ipv4": "192.168.222.159",
                        "ipv6": "fe80::fa5e:3cff:fe0c:5910",
                        "port": 22,
                        "txt": "daemon=dropbear"
                }
        }
}
root@44:~#

when i look in Wireshark from a client i see this

WIresharklist
WIresharklist1700×616 295 KB

WIresharPOket
WIresharPOket1902×918 287 KB

As you can see in flags section

Ethernet II, Src: 33.local (f8:5e:3c:0c:59:10), Dst: IPv4mcast_fb (01:00:5e:00:00:fb)
Internet Protocol Version 4, Src: 33.myd (192.168.222.159), Dst: 224.0.0.251 (224.0.0.251)
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 100
    Identification: 0xefc2 (61378)
    Flags: 0x4000, Don't fragment
        0... .... .... .... = Reserved bit: Not set
        .1.. .... .... .... = Don't fragment: Set
        ..0. .... .... .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 255
    Protocol: UDP (17)
    Header checksum: 0x0b82 [validation disabled]
    [Header checksum status: Unverified]
    Source: 33.myd (192.168.222.159)
    Destination: 224.0.0.251 (224.0.0.251)
User Datagram Protocol, Src Port: 5353, Dst Port: 5353
    Source Port: 5353
    Destination Port: 5353
    Length: 80
    Checksum: 0x0e39 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 3]
    [Timestamps]
Multicast Domain Name System (response)
    Transaction ID: 0x0000
    Flags: 0x8400 Standard query response, No error
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .1.. .... .... = Authoritative: Server is an authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...0 .... .... = Recursion desired: Don't do query recursively
        .... .... 0... .... = Recursion available: Server can't do recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0000 = Reply code: No error (0)
    Questions: 0
    Answer RRs: 1
    Authority RRs: 0
    Additional RRs: 0
    Answers
        _services._dns-sd._udp.local: type PTR, class IN, _rrm_nr._udp.local
            Name: _services._dns-sd._udp.local
            Type: PTR (domain name PoinTeR) (12)
            .000 0000 0000 0001 = Class: IN (0x0001)
            0... .... .... .... = Cache flush: False
            Time to live: 4500 (1 hour, 15 minutes)
            Data length: 20
            Domain Name: _rrm_nr._udp.local
    [Unsolicited: True]

type or paste code here

Non-authenticated data: Unacceptable
what can i do ? Is there any solution to understand that 802.11k works?

Maybe i shoud somehow autorise my both APs ?

2

I'm not sure if you're focussed on the NR distribution, or the authentication bit.

For the former ubus can help you see what has made it into the local NR:


root@WNDR3700v4:/etc/config# ubus -v list hostapd.wlan0
'hostapd.wlan0' @9d77e3c6
...
        "rrm_nr_list":{}
...

root@WNDR3700v4:/etc/config# ubus call hostapd.wlan0 rrm_nr_list
{
        "list": [
...
        ]
}
1 Like
3

Honestly i am focusing on my WIFI with 802.11k works
I still dont understand do i need this rrm deamon if i install DAWN ?
Also qwestion do i need DAWN if kicking is not an option for me and i heve only 2.4G but i need 802.11k working (also i didnt manage to get kicking working) ?
When 802.11k working should i see telephones in the ubus call hostapd.wlan0 rrm_nr_list?
And the qwestion do i need to worry about Wireshark flags , maybe i dont , as i understant this rrm just anonce all the stantions and APs.
Not much information in internet i think i read all i could find but still can find answers

And how do i see these beacons if they spam every 50 miliseconds i dont see such activivty in Wireshark

What does @9d77e3c6 means?

4

DAWN has an option set_hostapd_nr that does the same thing. Use one or the other, but not both.

DAWN has had a number of maintenance type fixes recently to address bugs that might have stopped kicking working. Make sure you're running a very recent version. Also that the kicking option is set to 1, not 0.

No, the NR list will show other APs. That list is sent to the mobile phones as a part of 802.11k behaviours - they then use it to more quickly select which AP to go to next. How many APs / clients are you wanting this to work for and across what rough area? 100 or 1000 square metres? I ask because the updates to DAWN I'm aiming to push to master from has two behaviours for the AP NR:

  1. Make a list of all AP in the network. I think the daemon you mention above does the same. This should work fine if there are a smallish-number, especially if 6 or less which I believe is documented by iOS as the number it will make use of. option set_hostapd_nr 1 enables this, and slightly older versions of DAWN also have it.
  2. In a larger, busier network, look at the clients of an AP to understand what the other APs they can "see" best to infer what are the next nearest APs, and make the list from that. However, in a "quiet" network where some radios have no clients this will lead to an empty NR list. option set_hostapd_nr 2 enables this.

In terms of seeing a phone's 802.11k activity you can look for hostapd BEACON messages. DAWN (modern version) will also let you see the activity for a MAC if you set option loglevel 1 under config local. Something like logread -f | grep dawn | grep BEACON.

It's just an internal identifier that ubus assigns. Not relevant for this discussion :slight_smile: .

1 Like