Re: [PATCH] Log falling back from SAE to WPA2

[Fiona Klute <fiona.klute@gmx.de>]

Hi Denis,

thanks for accepting the patch!

Am 10.01.24 um 04:33 schrieb Denis Kenzior:
> Interesting.  Last time I checked only the quantenna driver used this
> feature and it wasn't very common.  If it isn't a secret, what card /
> driver do you have?

It's the RTL8723CS chip used in Pinephone, the rtl8723cs driver
unfortunately still isn't in mainline. You can find it in the staging
directory of megi's tree:
https://codeberg.org/megi/linux/src/commit/f45c45abc5325682d06cb51c06aba1f817fba462/drivers/staging/rtl8723cs

I suspect getting the chip properly supported in mainline would be the
best way to get SAE working. If you have hints on how to get involved in
that I'm curious, so far my wireless driver experience is limited to
"add USB ID for a new device with already supported chip". ;-)

> There's currently no way to force WPA3-only in iwd.  Either configure
> the AP to be WPA3 only, or have the AP enforce transition-disable bit.
> But this typically requires iwd to connect at least once with WPA3.  See
> 'TransitionDisable' and 'DisabledTransitionModes' in man 5 iwd.network

Good point, it should be a task for NetworkManager to make that clear to
the user (and possibly set those options, if the user wants to enforce
WPA3-only).

>> ---
>>   src/wiphy.c | 6 +++++-
>>   1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/wiphy.c b/src/wiphy.c
>> index 766df348..5530e9c6 100644
>> --- a/src/wiphy.c
>> +++ b/src/wiphy.c
>> @@ -248,6 +248,8 @@ static bool wiphy_can_connect_sae(struct wiphy
>> *wiphy)
>>            *
>>            * TODO: No support for CMD_EXTERNAL_AUTH yet.
>>            */
>> +        l_debug("Unsupported: %s needs CMD_EXTERNAL_AUTH for SAE",
>> +            wiphy->driver_str);
>
> I flipped this around and made this statement an l_warn to make it
> clearer that this is an iwd limitation.

Makes sense. :-)

Best regards,
Fiona