From: Arend van Spriel <arend.vanspriel@broadcom.com>
To: Denis Kenzior <denkenz@gmail.com>, linux-wireless@vger.kernel.org
Subject: Re: [RFC 0/4] EAPoL over NL80211
Date: Fri, 29 Dec 2017 10:29:37 +0100 [thread overview]
Message-ID: <5A460B01.7060603@broadcom.com> (raw)
In-Reply-To: <20171228175832.3253-1-denkenz@gmail.com>
On 12/28/2017 6:58 PM, Denis Kenzior wrote:
> This patchset adds support for running 802.11 authentication mechanisms (e.g.
> 802.1X, 4-Way Handshake, etc) over NL80211 instead of putting them onto the
> network device. This has the advantage of fixing several long-standing race
> conditions that result from userspace operating on multiple transports in order
> to manage a 802.11 connection (e.g. NL80211 and wireless netdev, wlan0, etc)
>
> For example, userspace would sometimes see 4-Way handshake packets before
> NL80211 signaled that the connection has been established. Leading to ugly
> hacks or having the STA wait for retransmissions from the AP.
>
> To make this possible this patchset introduces a new NL80211 command and several
> new attributes. A userspace that is capable of processing EAPoL packets over
> NL80211 includes a new NL80211_ATTR_CONTROL_PORT_OVER_NL80211 attribute in its
> NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT requests being sent to the kernel.
> The previously added NL80211_ATTR_SOCKET_OWNER attribute must also be included.
Does it make sense to require a combination of attributes. It is always
a bit awkward so prefer to avoid it. Could we implicitly make the
netlink unicast for notifications when
NL80211_ATTR_CONTROL_PORT_OVER_NL80211 is provided by user-space.
> The latter is used by the kernel to send NL80211_CMD_CONTROL_PORT_FRAME
> notifications back to userspace via a netlink unicast. If the
> NL80211_ATTR_CONTROL_PORT_OVER_NL80211 attribute is not specified, then legacy
> behavior is kept and control port packets continue to flow over the network
> interface.
[...]
> Open Questions
> ==============
>
> 1. It is not clear whether all drivers provide information as to whether the
> control port frame was sent encrypted or not. Do they?
You mean in some tx status info. I think brcmfmac does not have that
info available in the driver, but would need to verify.
> 2. It has been previously suggested that CMD_FRAME infrastructure is used to
> accomplish control port over nl80211 transport. However, it did not seem to be
> a good fit as the relevant code paths assume that only management frames are
> to be sent via this mechanism. Thoughts?
What are the issues coming from that assumption? Does it assume 802.11
header is present? What else?
Regards,
Arend
next prev parent reply other threads:[~2017-12-29 9:29 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-28 17:58 [RFC 0/4] EAPoL over NL80211 Denis Kenzior
2017-12-28 17:58 ` [RFC 1/4] nl80211: Add CONTROL_PORT_OVER_NL80211 attribute Denis Kenzior
2017-12-28 17:58 ` [RFC 2/4] nl80211: Add CMD_CONTROL_PORT_FRAME API Denis Kenzior
2017-12-28 17:58 ` [RFC 3/4] mac80211: Send control port frames over nl80211 Denis Kenzior
2017-12-28 17:58 ` [RFC 4/4] nl80211: Implement TX of control port frames Denis Kenzior
2018-01-02 13:30 ` Johannes Berg
2018-01-02 18:22 ` Denis Kenzior
2018-01-02 20:22 ` Johannes Berg
2018-01-03 17:17 ` Denis Kenzior
2018-01-03 20:13 ` Arend Van Spriel
2018-01-03 21:00 ` Denis Kenzior
2018-01-03 20:26 ` Johannes Berg
2017-12-29 9:29 ` Arend van Spriel [this message]
2017-12-29 18:29 ` [RFC 0/4] EAPoL over NL80211 Denis Kenzior
2018-01-01 20:11 ` Arend van Spriel
2018-01-02 13:27 ` Johannes Berg
2018-01-03 20:24 ` Arend Van Spriel
2018-01-03 21:16 ` Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5A460B01.7060603@broadcom.com \
--to=arend.vanspriel@broadcom.com \
--cc=denkenz@gmail.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.