On Wed, 03 Dec 2025 23:12:18 +0100,
Peter Hessler <phessler@theapt.org> wrote:
> 
> On 2025 Dec 03 (Wed) at 22:57:26 +0100 (+0100), Kirill A. Korinsky wrote:
> :On Sun, 23 Nov 2025 16:44:39 +0100,
> :Kirill A. Korinsky <kirill@korins.ky> wrote:
> :> 
> :> On Sat, 22 Nov 2025 22:45:08 +0100,
> :> Stefan Sperling <stsp@stsp.name> wrote:
> :> > 
> :> > This patch adds protected management frame support to iwm, iwx, and qwx.
> :> > Support for PMF is a prerequisite for WPA3.
> :> > 
> :> > I am sending this as one giant patch for testing. I do have incremental
> :> > changes with individual commit messages which make review a bit easier.
> :> > If you would like to review these diffs individually, please ask me to
> :> > send them to you.
> :> > 
> :> > Tested by me on:
> :> > iwm 7265, 9265	(offloads unicast PMF, multicast is done in software)
> :> > iwx AX200	(offloads both unicast and multicast PMF)
> :> > qwx QCNFA765	(offloads unicast PMF, multicast is done in software)
> :> > 
> :> > Use of PMF is controlled by the access point, so there is nothing to
> :> > configure with ifconfig. Please check if your access point offers settings
> :> > related to management frame protection related when testing this.
> :> > Tests in any combination of PMF disabled/optional/required across a range
> :> > of access points would be welcome.
> :> > 
> :> > In particular, I don't have any iwx "MA" devices to test with. There
> :> > could still be unexpected problems such as firmware crashes on these.
> :> > If you enable 'ifconfig iwx0 debug' then the driver should display the
> :> > name of its firmware file in dmesg. If this name begins with "iwx-ma-"
> :> > then you are using an MA device.
> :> >
> :> 
> :> Tested on:
> :> 
> :> iwx0 at pci0 dev 20 function 3 "Intel Wi-Fi 6 AX201" rev 0x00, msix
> :> iwx0: hw rev 0x350, fw 77.a20fb07d.0, address 98:8d:46:21:2b:6d
> :> 
> :> against both optional and required PMF on network based on Unifi Nano HD
> :> version 6.7.31
> :> 
> :
> :Interesting, after installing today snapshot:
> :
> :Build date: 1764790226 - Wed Dec  3 19:30:26 UTC 2025
> :
> :I have:
> :
> :iwx0: flags=a48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6TEMP,AUTOCONF6,AUTOCONF4> mtu 1500
> :        lladdr 98:8d:46:21:2b:6d
> :        index 1 priority 4 llprio 3
> :        groups: wlan
> :        media: IEEE802.11 autoselect
> :        status: no network
> :        ieee80211: nwid "catap's Network" wpakey wpaprotos wpa2 wpaakms sha256-psk wpaciphers ccmp wpagroupcipher ccmp
> :        inet6 fe80::9a8d:46ff:fe21:2b6d%iwx0 prefixlen 64 scopeid 0x1
> :
> :but as soon as I've switched network to PMF required from optional, it
> :works as expected:
> :
> :iwx0: flags=a48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6TEMP,AUTOCONF6,AUTOCONF4> mtu 1500
> :        lladdr 98:8d:46:21:2b:6d
> :        index 1 priority 4 llprio 3
> :        groups: wlan egress
> :        media: IEEE802.11 autoselect (VHT-MCS3 mode 11ac)
> :        status: active
> :        ieee80211: join "catap's Network" chan 40 bssid b4:fb:e4:8b:0d:78 62% wpakey wpaprotos wpa2 wpaakms sha256-psk wpaciphers ccmp wpagroupcipher ccmp
> :        inet6 fe80::9a8d:46ff:fe21:2b6d%iwx0 prefixlen 64 scopeid 0x1
> :        inet 172.31.2.77 netmask 0xffffff00 broadcast 172.31.2.255
> :
> :switching network back to optional brokes it.
> :
> :-- 
> :wbr, Kirill
> :
> 
> That's the same behaviour I saw, I sent a patch in this thread to fix it.
> 
>

I've tried https://marc.info/?l=openbsd-tech&m=176479083517754&w=2

and it, indeed, fixes my issue

-- 
wbr, Kirill