Re: [PATCH v2] mac80211: tx: do not drop non-robust mgmt to non-MFP stas.

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Johannes Berg <johannes@sipsolutions.net>
To: Nicolas Cavallari <Nicolas.Cavallari@lri.fr>
Cc: "John W. Linville" <linville@tuxdriver.com>,
	linux-wireless@vger.kernel.org, Jouni Malinen <j@w1.fi>
Subject: Re: [PATCH v2] mac80211: tx: do not drop non-robust mgmt to non-MFP stas.
Date: Wed, 04 Jul 2012 15:29:05 +0200	[thread overview]
Message-ID: <1341408545.12432.10.camel@jlt3.sipsolutions.net> (raw)
In-Reply-To: <4FF43E53.6050805@lri.fr>

On Wed, 2012-07-04 at 15:00 +0200, Nicolas Cavallari wrote:

> > +	else if (ieee80211_is_robust_mgmt_frame(hdr) &&
> > +		 (!ieee80211_is_action(hdr->frame_control) ||
> > +		  !tx->sta || !test_sta_flag(tx->sta, WLAN_STA_MFP)))
> > +		tx->key = NULL;
> 
> I would have written that more like
> 
> is_robust_mgmt && !(is_action && tx->sta && test_sta_flag(mfp))
> 
> So it's more clear that we drop action frames to mfp stas, as per the spec.

Yeah, makes sense. I was translating it directly.

> > +	else {
> > +
> >  		I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
> >  		return TX_DROP;
> 
> is that blank line needed ?

Err, no :-)

> >> Do you want to apply it yourself ? or should i include it in a series ?
> > 
> > Then ... probably easiest for you to include it so you can work on top.
> > Here's a version with commit log:
> > http://p.sipsolutions.net/17ea0ebece544a59.txt
> > 
> 
> Ok. will send a series with this patch modified once i test it and my
> new patch version.

Great, thanks.

> >>> The whole drop_unencrypted seems strange to start with though...
> >>
> >> what to you find strange ? that it is not used in a ESS, or how it works
> >> ? or both ?
> > 
> > The way it's used/works/isn't used.
> 
> From what i understand, data frames to unauthorized stations are dropped
> well before selecting the encryption key. as stations are authorized
> after or at the same time their encryption key are set, it somewhat
> works. But for MFP, i'm not sure. I think that drop_unencrypted is
> mistaken for "drop_unencrypted_management" there.
> But i'm not an MFP expert.
> 
> I'm not sure if we should just add a separate
> drop_unencrypted_management, or just replace drop_unencrypted with
> drop_unencrypted_management. But in a IBSS with RSN, if wpa_supplicant
> isn't recent enough, stations are always authorized by default. so
> drop_encrypted is required in this case.

Ok ...

I guess I'll have to let Jouni comment on this, right now I'm not much
less confused than before :-)

johannes

next prev parent reply	other threads:[~2012-07-04 13:29 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-07-04  9:13 [PATCH v2] mac80211: tx: do not drop non-robust mgmt to non-MFP stas Nicolas Cavallari
2012-07-04  9:35 ` Johannes Berg
2012-07-04 10:03   ` Nicolas Cavallari
2012-07-04 10:12     ` Johannes Berg
2012-07-04 13:00       ` Nicolas Cavallari
2012-07-04 13:29         ` Johannes Berg [this message]
2012-07-04 16:10           ` [PATCH 1/2] mac80211: restructure key selection Nicolas Cavallari
2012-07-04 16:10             ` [PATCHv3 2/2] mac80211: tx: do not drop non-robust mgmt to non-MFP stas Nicolas Cavallari
2012-07-10 16:07             ` [PATCH 1/2] mac80211: restructure key selection Johannes Berg
2012-07-04 13:45         ` [PATCH v2] mac80211: tx: do not drop non-robust mgmt to non-MFP stas Nicolas Cavallari
2012-07-04 17:44         ` Jouni Malinen
2012-07-05  7:55           ` Johannes Berg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1341408545.12432.10.camel@jlt3.sipsolutions.net \
    --to=johannes@sipsolutions.net \
    --cc=Nicolas.Cavallari@lri.fr \
    --cc=j@w1.fi \
    --cc=linux-wireless@vger.kernel.org \
    --cc=linville@tuxdriver.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).