From: Johannes Berg <johannes@sipsolutions.net>
To: Marcel Holtmann <marcel@holtmann.org>
Cc: Andrei Emeltchenko <Andrei.Emeltchenko.news@gmail.com>,
linux-bluetooth@vger.kernel.org, linux-wireless@vger.kernel.org
Subject: Re: [RFCv1] mac80211: Adds Software / Virtual AMP 80211
Date: Wed, 18 Apr 2012 07:34:36 -0700 [thread overview]
Message-ID: <4F8ED0FC.3070704@sipsolutions.net> (raw)
In-Reply-To: <1334749879.16897.221.camel@aeonflux>
On 4/18/2012 4:51 AM, Marcel Holtmann wrote:
>> Why do we need netlink commands like NL80211_CMD_HCI_AMP_ADD and
>> NL80211_CMD_HCI_AMP_DELETE if what we need is to create/delete virtual
>> interface which can be done with standard tools with a several lines
>> patch to iw:
>
> if we put the crypto piece aside for a minute, then we need to decide
> who is creating the actual AMP virtual interface on mac80211.
>
> And here the problem starts. That part is actually not triggered from
> userspace via wpa_supplicant. It is triggered over the A2MP (AMP manager
> protocol) that runs inside the Bluetooth stack in the kernel.
>
> Or is the idea to always keep the AMP virtual interface around? Meaning
> that as soon as we have a mac80211 card, we have an AMP virtual
> interface if the driver supports it?
>
> This is also a little bit of confusing since FullMac cards will not
> create an AMP virtual interface. With them you just see the HCI AMP
> controller on the Bluetooth side. Can an AMP virtual interface be just
> virtual inside mac80211 or does it have to have a netdev attached to it?
It shouldn't have a netdev, hence the separate commands (though I'll
admit it's also possible to use the same commands, if a bit confusing).
However, wpa_s would probably keep it around for use by BT whenever it
didn't conflict with other wifi usage, e.g. when a device like ours has
a limited number of MAC contexts you can create and use.
>> I see that all commands by default are sent via netlink to wpa_supplicant.
>> I think that we can send those command which cannot be handled by us
>> directly but I believe most command might be handled directly.
>
> The crypto itself is done either in hardware or with the kernel crypto
> framework. Just the EAP part is done inside wpa_supplicant.
>
> With the changes that we did for Bluetooth and its management interface,
> all the link keys are present in the kernel. And these are used as the
> WPA2 PSK. I don't think it is a good idea to push these around into
> userspace to wpa_supplicant one more time. And we would need to do that
> since bluetoothd has no option to hand them out.
I don't see that as a problem, since they're just HCI commands and the
kernel just has to sort them into "for management" and "for data path",
the former going to userspace.
> I still think that WPA2 PSK only EAP implementation for Bluetooth AMP
> controllers would be a good idea in the kernel. It has nothing to do
> with policy or user input in this specific case. The roundtrip into
> userspace for doing EAP 4-way handshake and some HMAC-SHA1 where the PSK
> is already present in kernel space seems really pointless.
I disagree -- I think rewriting crypto code is almost always a bad idea,
and code reuse is good.
Beside this though, we need wpa_s managing the concurrency aspect
anyway, so even if we had it in the kernel it wouldn't really change much.
johannes
next prev parent reply other threads:[~2012-04-18 14:34 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-10 12:11 [RFCv1] Draft Software/Virtual AMP80211 Andrei Emeltchenko
2012-04-10 12:11 ` [RFCv1] mac80211: Adds Software / Virtual AMP 80211 Andrei Emeltchenko
2012-04-10 12:26 ` Julian Calaby
2012-04-10 12:47 ` Andrei Emeltchenko
2012-04-10 16:39 ` Johannes Berg
2012-04-10 21:17 ` Marcel Holtmann
2012-04-10 21:20 ` Johannes Berg
2012-04-10 21:24 ` Johannes Berg
2012-04-11 7:11 ` Andrei Emeltchenko
2012-04-18 2:03 ` Johannes Berg
2012-04-18 12:15 ` Andrei Emeltchenko
2012-04-18 14:38 ` Johannes Berg
2012-04-18 14:52 ` Andrei Emeltchenko
2012-04-18 15:09 ` Johannes Berg
2012-04-18 15:39 ` Mat Martineau
2012-04-19 6:36 ` Andrei Emeltchenko
2012-04-19 13:28 ` Johannes Berg
2012-04-19 13:39 ` Andrei Emeltchenko
2012-04-19 14:21 ` Johannes Berg
2012-04-10 21:29 ` Marcel Holtmann
2012-04-11 7:05 ` Andrei Emeltchenko
2012-04-18 2:07 ` Johannes Berg
2012-04-18 11:20 ` Andrei Emeltchenko
2012-04-18 11:51 ` Marcel Holtmann
2012-04-18 12:10 ` Andrei Emeltchenko
2012-04-18 12:15 ` Marcel Holtmann
2012-04-18 12:33 ` Andrei Emeltchenko
2012-04-18 13:11 ` Marcel Holtmann
2012-04-18 13:22 ` Andrei Emeltchenko
2012-04-18 14:29 ` Marcel Holtmann
2012-04-18 15:02 ` Andrei Emeltchenko
2012-04-18 14:34 ` Johannes Berg [this message]
2012-04-18 14:56 ` Marcel Holtmann
2012-04-18 14:30 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F8ED0FC.3070704@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=Andrei.Emeltchenko.news@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).