From: Johannes Berg <johannes@sipsolutions.net>
To: Dan Williams <dcbw@redhat.com>
Cc: Christian Lamparter <chunkeey@googlemail.com>,
linux-wireless@vger.kernel.org, linville@tuxdriver.com
Subject: Re: [PATCH v2] p54: connect to 11w protected networks
Date: Tue, 04 Sep 2012 16:54:27 +0200 [thread overview]
Message-ID: <1346770467.3737.32.camel@jlt4.sipsolutions.net> (raw)
In-Reply-To: <1346769429.3737.30.camel@jlt4.sipsolutions.net> (sfid-20120904_163651_735748_490095D0)
On Tue, 2012-09-04 at 16:37 +0200, Johannes Berg wrote:
> On Tue, 2012-09-04 at 09:33 -0500, Dan Williams wrote:
> > On Tue, 2012-09-04 at 16:15 +0200, Johannes Berg wrote:
> > > On Tue, 2012-09-04 at 15:19 +0200, Christian Lamparter wrote:
> > >
> > > > As you feared: the firmware is corrupting incoming management
> > > > frames. However, it does so only when a rxkey was configured.
> > > > So as a possible trade-off, MFP will only be supported by p54,
> > > > when the firmware crypto offloading is relieved of his duties
> > > > (disabled).
> > > >
> > > > Note: Strictly speaking, it would be enough to no longer upload
> > > > any rx key which could affect management frames, as the firmware
> > > > does not decrypt any frames unless there is a fitting key candidate.
> > >
> > > Right, however, that would kinda defeat the point. Unless ... maybe we
> > > can tell the driver if 11w is going to be used at all? If we did that,
> > > we could make it work in the set_key callback.
> > >
> > > For now your patch looks good though.
> >
> > We can't get this to happen without a module option? Is there a way to
> > turn the crypto offloading off when we know we're connecting to a W
> > protected AP?
>
> Yeah that's what I was thinking. I suppose we *could* somehow do this by
> setting some key flag in mac80211 that the driver can check.
Something like this perhaps:
http://p.sipsolutions.net/76d17d49f4685cda.txt
But I'd want somebody to check if the mesh code is right and maybe we
need to think about the AP case (have hostapd tell us whether it uses
MFP or not) ... and maybe docs should be improved
johannes
next prev parent reply other threads:[~2012-09-04 14:53 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-02 13:22 [PATCH] p54: connect to 11w protected networks Christian Lamparter
2012-09-02 21:48 ` Johannes Berg
2012-09-04 13:19 ` [PATCH v2] " Christian Lamparter
2012-09-04 14:15 ` Johannes Berg
2012-09-04 14:33 ` Dan Williams
2012-09-04 14:37 ` Johannes Berg
2012-09-04 14:54 ` Johannes Berg [this message]
2012-09-07 12:17 ` Johannes Berg
2012-09-07 15:47 ` Christian Lamparter
2012-09-07 15:55 ` Johannes Berg
2012-09-07 16:10 ` Christian Lamparter
2012-09-07 16:15 ` Johannes Berg
2012-09-07 16:26 ` Christian Lamparter
[not found] ` <201209071825.13588.chunkeey@googlemail.com>
[not found] ` <1347035277.4256.33.camel@jlt4.sipsolutions.net>
2012-09-07 17:01 ` Christian Lamparter
2012-09-07 17:09 ` Johannes Berg
2012-09-07 17:28 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1346770467.3737.32.camel@jlt4.sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=chunkeey@googlemail.com \
--cc=dcbw@redhat.com \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).