Re: Issues with IBSS/WPA being created unsecured IBSS

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Nicolas Cavallari <Nicolas.Cavallari@lri.fr>
To: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Cc: linux-wireless@vger.kernel.org, mathieu-tl@ubuntu.com
Subject: Re: Issues with IBSS/WPA being created unsecured IBSS
Date: Sat, 17 Mar 2012 00:30:59 +0100	[thread overview]
Message-ID: <4F63CD33.7030009@lri.fr> (raw)
In-Reply-To: <4F63A135.1060909@canonical.com>

On 16/03/2012 21:23, Mathieu Trudel-Lapierre wrote:
>
> Hi,
>
> I'm trying to figure out how to fix WPA-secured IBSS; which appears
> to be silently falling back to creating unsecured IBSS networks at
> the kernel level (or IBSS/RSN really, if need be, as it seems to
> react pretty much just the same, although I understand it's not
> supported by all devices).

If you are talking about WPA-none, it's been broken for a loooong time
(2009?).
First, wpasupplicant tries to set the key just after requesting an ibss
join without
waiting for the driver to actually join the IBSS. With current kernels,
you cannot
set keys until joined, so that fails. But even if
wpasupplicant did it right, it would still break, because, among other
things, the
kernel will just refuse to decrypt unicast frames with anything else
than pairwise keys.

If wpasupplicant supports IBSS RSN (which is disabled in ubuntu, IIRC),
at least mac80211 based drivers will not send/accept plaintext frames,
whether IBSS RSN is supported by the driver or not.

     prev parent reply	other threads:[~2012-03-16 23:31 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-16 20:23 Issues with IBSS/WPA being created unsecured IBSS Mathieu Trudel-Lapierre
2012-03-16 23:30 ` Nicolas Cavallari [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F63CD33.7030009@lri.fr \
    --to=nicolas.cavallari@lri.fr \
    --cc=linux-wireless@vger.kernel.org \
    --cc=mathieu-tl@ubuntu.com \
    --cc=mathieu.trudel-lapierre@canonical.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.