From: Stanislaw Gruszka <stf_xl@wp.pl>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: Julian Calaby <julian.calaby@gmail.com>,
Rui Salvaterra <rsalvaterra@gmail.com>,
Kalle Valo <kvalo@codeaurora.org>,
Larry Finger <Larry.Finger@lwfinger.net>,
linux-wireless@vger.kernel.org
Subject: Re: [RFC PATCH] rt2800lib: unconditionally enable MFP
Date: Mon, 25 May 2020 12:58:14 +0200 [thread overview]
Message-ID: <20200525105814.GA926693@wp.pl> (raw)
In-Reply-To: <9a8da74898b68fb63f65567068de0fcb2b5a57b0.camel@sipsolutions.net>
On Mon, May 25, 2020 at 11:49:56AM +0200, Johannes Berg wrote:
> On Mon, 2020-05-25 at 11:31 +0200, Stanislaw Gruszka wrote:
> > On Mon, May 25, 2020 at 11:15:29AM +0200, Johannes Berg wrote:
> > > On Sun, 2020-05-24 at 14:39 +0200, Stanislaw Gruszka wrote:
> > > > > And once mac80211 is smart enough to make those decisions, couldn't we
> > > > > just enable MFP by default?
> > >
> > > For the record, I don't think we'd really want to add such a thing to
> > > mac80211 ... easier done in the driver.
> > >
> > > > If we will have indicator from mac80211 that MFP is configured, we can
> > > > just return -EOPNOTSUPP from rt2x00mac_set_key() for CCMP and that will
> > > > make MFP work without specifying nohwcrypt module parameter - software
> > > > encryption will be used anyway.
> > >
> > > Not sure mac80211 really knows? Hmm.
> >
> > After looking at this a bit more, seems we have indicator of MFP being
> > used in ieee80211_sta structure.
>
> Yeah, where's my head ... sorry.
>
> > So maybe adding check like below
> > will allow to remove nohwcrypt rt2x00 requirement for MFP ?
>
> Seems reasonable, but will still do _everything_ in software for such
> connections. Still better than not connecting, I guess.
Yeah, and at least without nohwcrypt=y we can still use HW encryption
for non-MFP stations.
Rui, feel free to repost your patch with additional sta->mfp check.
If someone is willing to implement mt76 approach to have HW encryption offload
for MFP+CCMP, I'll be happy to review patch. From other hand, most people will
use MFP with modern ciphers anyway, so I'm not sure how much need is for such
patch.
Stanislaw
next prev parent reply other threads:[~2020-05-25 10:58 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-24 9:47 [RFC PATCH] rt2800lib: unconditionally enable MFP Rui Salvaterra
2020-05-24 11:17 ` Stanislaw Gruszka
2020-05-24 11:42 ` Julian Calaby
2020-05-24 12:39 ` Stanislaw Gruszka
2020-05-25 9:15 ` Johannes Berg
2020-05-25 9:31 ` Stanislaw Gruszka
2020-05-25 9:49 ` Johannes Berg
2020-05-25 10:58 ` Stanislaw Gruszka [this message]
2020-05-25 11:14 ` Rui Salvaterra
2020-05-25 12:25 ` Stanislaw Gruszka
2020-05-25 12:33 ` Rui Salvaterra
2020-05-25 13:13 ` Rui Salvaterra
2020-05-25 13:14 ` Johannes Berg
2020-05-25 13:28 ` Rui Salvaterra
2020-05-24 15:07 ` Rui Salvaterra
2020-05-25 0:02 ` Larry Finger
2020-05-25 9:17 ` Johannes Berg
2020-05-25 8:17 ` Stanislaw Gruszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200525105814.GA926693@wp.pl \
--to=stf_xl@wp.pl \
--cc=Larry.Finger@lwfinger.net \
--cc=johannes@sipsolutions.net \
--cc=julian.calaby@gmail.com \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
--cc=rsalvaterra@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.