Re: [RFC 4/4] nl80211: Implement TX of control port frames

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Johannes Berg <johannes@sipsolutions.net>
To: Denis Kenzior <denkenz@gmail.com>, linux-wireless@vger.kernel.org
Subject: Re: [RFC 4/4] nl80211: Implement TX of control port frames
Date: Tue, 02 Jan 2018 21:22:09 +0100	[thread overview]
Message-ID: <1514924529.10342.4.camel@sipsolutions.net> (raw)
In-Reply-To: <c73dcadb-bd96-fa82-b857-b5e2432fbadb@gmail.com> (sfid-20180102_192300_834715_F98D3C68)

On Tue, 2018-01-02 at 12:22 -0600, Denis Kenzior wrote:

> > There are cases where CONTROL_PORT_ETHERTYPE_NO_ENCRYPT should be
> > unset, but specific frames still shouldn't be encrypted.
> > 
> > So I think for this particular path it would be better to deprecate
> > CONTROL_PORT_ETHERTYPE_NO_ENCRYPT entirely, and have a separate per-
> > frame flag.
> > 
> > That also means that we can't really implement it fully in cfg80211,
> > but have to provide some functionality for the driver to do things to
> > be able to honour such flags.
> 
> Here's another thought I had while poking around.  Given the above I 
> don't want to pursue it too seriously unless you think it might work:
> 
> We already have the IEEE80211_TX_INTFL_DONT_ENCRYPT flag on the skb and 
> some drivers seem to honor this.  At least that seems to be the intent 
> as the CONTROL_PORT_NO_ENCRYPT flag ends up being translated to this 
> somewhere in net/mac80211/tx.c.  Are the drivers supposed to honor that 
> flag?

Drivers don't have a choice, and don't need to check the flag. What
happens internally in mac80211 is that either txinfo->control.key is
assigned, or not, and drivers make encryption decisions based on that.

> If so, can we do something like what ieee80211_process_sa_query_req in 
> net/mac80211/rx.c or ieee80211_tdls_prep_mgmt_packet in 
> net/mac80211/tdls.c do?  E.g. use ieee80211_tx_skb or 
> __ieee80211_subif_start_xmit or similar to inject the skb with the 
> DONT_ENCRYPT flag?

Yes, this will work - but like I said, it requires more control over
the SKB than cfg80211 has today, and than you can get through the
regular netdev xmit.

> > Perhaps a new operation, where we pass a pre-built SKB and control
> > flags?

> 
> This would likely mean that legacy behavior would still have to be 
> supported for quite some time (forever?) for drivers that don't get 
> around to implementing this, which would be unfortunate.

What do you mean by "legacy behaviour"? *Drivers* don't really need to
do anything one way or the other, and mac80211 is the only thing
implementing control port encrypt/ethertype right now, I suspect.

johannes

next prev parent reply	other threads:[~2018-01-02 20:22 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-28 17:58 [RFC 0/4] EAPoL over NL80211 Denis Kenzior
2017-12-28 17:58 ` [RFC 1/4] nl80211: Add CONTROL_PORT_OVER_NL80211 attribute Denis Kenzior
2017-12-28 17:58 ` [RFC 2/4] nl80211: Add CMD_CONTROL_PORT_FRAME API Denis Kenzior
2017-12-28 17:58 ` [RFC 3/4] mac80211: Send control port frames over nl80211 Denis Kenzior
2017-12-28 17:58 ` [RFC 4/4] nl80211: Implement TX of control port frames Denis Kenzior
2018-01-02 13:30   ` Johannes Berg
2018-01-02 18:22     ` Denis Kenzior
2018-01-02 20:22       ` Johannes Berg [this message]
2018-01-03 17:17         ` Denis Kenzior
2018-01-03 20:13           ` Arend Van Spriel
2018-01-03 21:00             ` Denis Kenzior
2018-01-03 20:26           ` Johannes Berg
2017-12-29  9:29 ` [RFC 0/4] EAPoL over NL80211 Arend van Spriel
2017-12-29 18:29   ` Denis Kenzior
2018-01-01 20:11     ` Arend van Spriel
2018-01-02 13:27     ` Johannes Berg
2018-01-03 20:24       ` Arend Van Spriel
2018-01-03 21:16         ` Denis Kenzior

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1514924529.10342.4.camel@sipsolutions.net \
    --to=johannes@sipsolutions.net \
    --cc=denkenz@gmail.com \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.