From: Johannes Berg <johannes@sipsolutions.net>
To: linux-wireless@vger.kernel.org
Cc: Jouni Malinen <j@w1.fi>
Subject: redesigning authentication/association flows
Date: Wed, 16 Nov 2011 12:13:34 +0100 [thread overview]
Message-ID: <1321442014.4773.42.camel@jlt3.sipsolutions.net> (raw)
Hi,
I've been growing unhappy with the way I designed authentication and
association in cfg80211 and I'm ready to admit that the way it works now
was a design mistake. Just see the tx_sync as an example, and if we
explicitly do remain-on-channel for the authentication or association
then we'll have to start doing GO NoA sync within r-o-c which will be a
nightmare.
So I think we should just revisit all this. Here's what I currently
think I will do:
== cfg80211
- get rid of the entire auth_bss/auth_try_bss, etc. Allow
authentication and association at any time (even association without
authentication, AP will reject anyway)
- keep track only of current_bss with authenticated/associated flag to
list it in scan results
- entirely handle local state change for authentication in cfg80211
since drivers can no longer expect auth/assoc sequencing
(note that in current code all of this only impacts mac80211 since no
other driver supports authenticate/associate commands)
== mac80211
When asked to auth/assoc change sequence to do:
- if associated to BSSID != new BSSID:
- send null data PM=1 to AP (?)
- if authenticated/associated to BSSID != new BSSID:
- bss_info_changed: zero bssid, not associated, zero aid etc
- remove AP station entry
- if not already configured as such:
- clear IDLE for interface
- set channel (in the future: for interface)
- bss_info_changed: set correct bssid, not associated, ...
- add AP station entry (even to driver, not dummy as today)
- send frame
- check response, if failure clear configuration
Note that this gets rid of the stupid tx_sync, the attempt at doing this
off-channel, and we never have to deal with tx_sync in remain-on-channel
which would be really really strange.
The only difference really is that today, if auth fails, we can stay
connected. HOWEVER, wpa_supplicant isn't actually able to deal with
that, gets confused and recovers with clear_state_mismatch().
I think this will help all drivers, from at76c50x which is broken
completely today, wl1251 which has a dummy join, wl12xx which has a work
around with remain-on-channel but this doesn't work well with a GO (NoA)
and of course iwlwifi (which has tx_sync for this) and iwlegacy which
has a bunch of RXON ping-pong things going on.
I don't think ath5k, ath9k and most other drivers will really be
impacted, the ones I'm not sure about are Ralink and Realtek drivers.
Anyone have major issues with this?
johannes
next reply other threads:[~2011-11-16 11:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-16 11:13 Johannes Berg [this message]
2011-11-16 11:57 ` redesigning authentication/association flows Luciano Coelho
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1321442014.4773.42.camel@jlt3.sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=j@w1.fi \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox