Bug 1888051 - NetworkManager needs to pass bridge master to wpa_supplicant when Wlan is part of bridge
Summary: NetworkManager needs to pass bridge master to wpa_supplicant when Wlan is par...
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: NetworkManager
Version: CentOS Stream
Hardware: All
OS: Linux
Target Milestone: rc
: 8.0
Assignee: Beniamino Galvani
QA Contact: Filip Pokryvka
Depends On: 1888050 1888610 1915236
TreeView+ depends on / blocked
Reported: 2020-10-13 21:57 UTC by Philip Prindeville
Modified: 2021-05-18 13:30 UTC (History)
14 users (show)

Fixed In Version: NetworkManager-1.30.0-0.1.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1888610 (view as bug list)
Last Closed: 2021-05-18 13:29:43 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)
Backport of upstream fix to 1.27.3 (3.30 KB, patch)
2020-10-13 21:57 UTC, Philip Prindeville
no flags Details | Diff

System ID Private Priority Status Summary Last Updated
freedesktop.org Gitlab NetworkManager/NetworkManager-ci - merge_requests 666 0 None None None 2020-11-09 17:43:57 UTC

Description Philip Prindeville 2020-10-13 21:57:04 UTC
Created attachment 1721326 [details]
Backport of upstream fix to 1.27.3

Description of problem:

When creating a bridge, and putting an Ethernet slave and a Wlan slave (which has been configured as an AP), authentication will always fail when connecting to that AP.

Version-Release number of selected component (if applicable):


How reproducible:

nmcli conn add con-name "Bridge 0" \
    type bridge ifname br0 \
    connection.autoconnect true \
    ipv4.method "manual" \
    ipv4.address "$LOCALIP/$LOCALPREFIX" \
    +ipv4.routes ""

nmcli conn delete "Bridge slave 0"

nmcli conn add con-name "Bridge slave 0" \
    master "Bridge 0" \
    type ethernet ifname eth1

nmcli conn delete "Bridge slave 1"

nmcli conn add con-name "Bridge slave 1" \
    master "Bridge 0" \
    type wifi ifname wlan0 \
    mode ap ssid "$ssid" \
    802-11-wireless.band "bg" \
    802-11-wireless-security.key-mgmt "wpa-psk" \
    802-11-wireless-security.psk "$passphrase"

nmcli conn up "Bridge 0"

and now try to authenticate to that AP.

Steps to Reproduce:
1. Create bridge.
2. Add Ethernet and WLAN slaves (WLAN must be configured as AP).
3. Bring up bridge and try to connect to it.

Actual results:

Authentication fails.

Expected results:

Authentication should succeed.

Additional info:

Upstream commit is ae31b4b.

Comment 1 Thomas Haller 2020-10-15 10:30:42 UTC

A bug report against rhel-8 will always be (at earliest) fixed in the next minor rhel-8 release (at this point, that is rhel-8.4 because it's too late for rhel-8.3).

-- Z-stream updates are handled entirely different, but a feature request like this wouldn't qualify for that.

Since we plan to rebase NetworkManager with rhel-8.4, and since this is fixed upstream, it will be fixed automatically.
Moving this bug to POST.

(I think this bug is against CentOS Stream, but CentOS Stream is just a build of rhel-8.4 development snapshots, so overall this is still a RHEL-8 bug)

However, this issue also requires changes to wpa_supplicant. We will anyway add the support to NetworkManager (with the rebase), but it won't be useful, unless also wpa_supplicant has the feature. I will clone this bug for wpa_suppliant.

Comment 2 Thomas Haller 2020-10-15 10:38:12 UTC
(In reply to Thomas Haller from comment #1)
> I will clone this bug for wpa_suppliant.

Ah, that already exists as bug 1888050.

Comment 7 Filip Pokryvka 2020-11-26 20:59:50 UTC
The test is passing with wpa_supplicant-2.9-3.el8, moving to verified.

Comment 9 errata-xmlrpc 2021-05-18 13:29:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: NetworkManager and libnma security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.