User Tools

Site Tools


offloading

Handshake Offloading in IWD

Certain drivers support offloading the 4-way handshake as well as SAE/WPA3 into the firmware. For drivers which do not support user space driven Authenticate/Associate frames this is the only way to enable features such as SAE/WPA3 or Fast Transition roaming. Handshake offloading (both WPA2 and WPA3) is enabled in IWD by default for drivers which advertise support. The driver support, however, can be disabled on brcmfmac which will be discussed further. Handshake offloading has only been tested on the brcmfmac driver, and this wiki page assumes this driver is being used.

Should I disable offload support?

First, if your brcmfmac card is behaving normally after updating to an IWD version which includes offload support you should not turn it off.

If you are using brcmfmac and are experiencing problems such as not being able to connect to a network which you previously could, you may want to disable handshake offloading. Handshake offloading on brcmfmac has not been widely tested, with respect to IWD, and its unknown if there are any cards which behave as such.

How to disable offload support (brcmfmac)

The brcmfmac driver has a module parameter called 'feature_disable'. It expects a hex value (bitmask) where each bit corresponds to a feature. The documentation on this is virtually non-existent, hence why its being documented here. The features we care about here are 'SAE' and 'FWSUP'. These features (when enabled) are listed in /sys/kernel/debug/ieee80211/<phy>/features so you can first see if your card even supports these before trying to debug further.

# cat /sys/kernel/debug/ieee80211/phy12/features 
Features: 000e2896
	MCHAN
	PNO
	P2P
	SCAN_RANDOM_MAC
	MFP
	FWSUP
	DOT11H
	SAE
	FWAUTH

Quirks:   00000000

To turn off offloading you need to remove the brcmfmac module, then reinsert it with the feature_disable option:

sudo rmmod brcmfmac
sudo modprobe brcmfmac feature_disable=0x82000

This will disable both SAE (0x80000) and FWSUP (0x02000). You could disable just one, but this is not suggested due to a bug which prevents EAPoL frames from being forwarded after offloading is used for the first time. More about this here

offloading.txt · Last modified: 2021/04/02 20:37 by James Prestwood