Re: [PATCH 1/2 V3] nl80211/cfg80211: Add support for drivers with AP SME that require PMF SA Query assistance

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Johannes Berg <johannes@sipsolutions.net>
To: Chet Lanctot <clanctot@codeaurora.org>
Cc: linville@tuxdriver.com, linux-wireless@vger.kernel.org
Subject: Re: [PATCH 1/2 V3] nl80211/cfg80211: Add support for drivers with AP SME that require PMF SA Query assistance
Date: Mon, 16 Dec 2013 15:19:31 +0100	[thread overview]
Message-ID: <1387203571.2057.11.camel@jlt4.sipsolutions.net> (raw)
In-Reply-To: <1386713477-30040-2-git-send-email-clanctot@codeaurora.org> (sfid-20131210_231131_934459_38971108)

On Tue, 2013-12-10 at 14:11 -0800, Chet Lanctot wrote:
> This adds support for drivers that have AP SME integrated but do
> not implement the SA Query procedure that is part of Protected
> Management Frames (PMF, 802.11w).
> 
> Instead, hostapd can be used to assist drivers that lack SA Query
> Procedure handling on their own by allowing them to specify this as
> a device capability flag.
> 
> Also, a station flag is added to let hostapd indicate to the driver
> that the SA Query procedure is complete and the driver can process
> association requests from the station normally.

How will this work? If the device is processing the auth/assoc request
frames, then how can hostapd know this? Is the device expected to then
pass up the frame?

Also, which (upstream) driver is going to use this?

> + * @NL80211_ATTR_AP_SME_NO_SA_QUERY: The driver for this device
> + *	implments the AP SME but lacks support for doing the MFP SA

typo: implements

> + *	Query procedure.  This flag is used to express the need for
> + *	a userspace helper (hostapd) to do this procedure and notifiy

typo: notify

> + *	the driver through cfg80211 when it is complete.

Should probably say how the driver is notified (via the station flag)?

> @@ -3689,7 +3689,7 @@ int cfg80211_check_station_change(struct wiphy *wiphy,
>  		return -EINVAL;
>  
>  	/* When you run into this, adjust the code below for the new flag */
> -	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
> +	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
>  
>  	switch (statype) {
>  	case CFG80211_STA_MESH_PEER_KERNEL:
> @@ -3766,7 +3766,8 @@ int cfg80211_check_station_change(struct wiphy *wiphy,
>  				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
>  				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
>  				  BIT(NL80211_STA_FLAG_WME) |
> -				  BIT(NL80211_STA_FLAG_MFP)))
> +				  BIT(NL80211_STA_FLAG_MFP) |
> +				  BIT(NL80211_STA_FLAG_NO_SA_QUERY_REQUIRED)))
>  			return -EINVAL;
>  
>  		/* but authenticated/associated only if driver handles it */

Maybe we should also check if the driver supports the flag?

> @@ -4090,7 +4091,7 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
>  		return -EINVAL;
>  
>  	/* When you run into this, adjust the code below for the new flag */
> -	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
> +	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
>  
>  	switch (dev->ieee80211_ptr->iftype) {
>  	case NL80211_IFTYPE_AP:

Can this really be right? Is it simply invalid on a new station? Why
does this even make sense - this is done for AP SME where this is never
invoked?

Anyway you need to reject adding TDLS peers with this flag, for example,
afaict.

johannes

next prev parent reply	other threads:[~2013-12-16 14:19 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-12-10 22:11 [PATCH 0/2 V3] nl80211/cfg80211: Support PMF on drivers with integrated AP SME Chet Lanctot
2013-12-10 22:11 ` [PATCH 1/2 V3] nl80211/cfg80211: Add support for drivers with AP SME that require PMF SA Query assistance Chet Lanctot
2013-12-16 14:19   ` Johannes Berg [this message]
2013-12-10 22:11 ` [PATCH 2/2 V3] nl80211/cfg80211: Enable station PMF requirement to be specified to driver with AP SME Chet Lanctot
2013-12-16 14:26   ` Johannes Berg
  -- strict thread matches above, loose matches on Subject: below --
2014-01-03 21:30 [PATCH 1/2 V3] nl80211/cfg80211: Add support for drivers with AP SME that require PMF SA Query assistance clanctot
2014-01-06 16:38 ` Johannes Berg
2014-01-07 16:04 ` Johannes Berg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1387203571.2057.11.camel@jlt4.sipsolutions.net \
    --to=johannes@sipsolutions.net \
    --cc=clanctot@codeaurora.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=linville@tuxdriver.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).