[PATCH 2/2 V3] nl80211/cfg80211: Enable station PMF requirement to be specified to driver with AP SME

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 2/2 V3] nl80211/cfg80211: Enable station PMF requirement to be specified to driver with AP SME
  2013-12-10 22:11 [PATCH 0/2 V3] nl80211/cfg80211: Support PMF on drivers with integrated " Chet Lanctot
@ 2013-12-10 22:11 ` Chet Lanctot
  2013-12-16 14:26   ` Johannes Berg
  0 siblings, 1 reply; 4+ messages in thread
From: Chet Lanctot @ 2013-12-10 22:11 UTC (permalink / raw)
  To: linville; +Cc: linux-wireless, Chet Lanctot

When the device driver implements the AP SME there is a need
for userspace to indicate to the driver the PMF (Protected
Management Frames, 802.11w) requirements for station connections.

The driver enforces the requested PMF state when processing station
connection requests.  Value NL80211_MFP_NO means that PMF connections
cannot be made with stations.  Value NL80211_MFP_REQUIRED means that all
station connections must be PMF protected.  Value NL80211_MFP_OPTIONAL
means that a connection can be made if the station supports it, but it is not
required.

Signed-off-by: Chet Lanctot <clanctot@codeaurora.org>
---
 include/net/cfg80211.h       |  4 ++++
 include/uapi/linux/nl80211.h | 12 +++++++++---
 net/wireless/nl80211.c       |  9 +++++++++
 3 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index aeaf6df..9039888 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -636,6 +636,9 @@ struct cfg80211_acl_data {
  *	user space)
  * @ssid_len: length of @ssid
  * @hidden_ssid: whether to hide the SSID in Beacon/Probe Response frames
+ * @mfp: indicate whether management frame protection is used for
+ *	station connections, this is enforced by the driver when a station
+ *	attempts to make a connection (see definion of nl80211_mfp for details)
  * @crypto: crypto settings
  * @privacy: the BSS uses privacy
  * @auth_type: Authentication type (algorithm)
@@ -655,6 +658,7 @@ struct cfg80211_ap_settings {
 	const u8 *ssid;
 	size_t ssid_len;
 	enum nl80211_hidden_ssid hidden_ssid;
+	enum nl80211_mfp mfp;
 	struct cfg80211_crypto_settings crypto;
 	bool privacy;
 	enum nl80211_auth_type auth_type;
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index 4c80a10..59d4d2e 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -1063,8 +1063,8 @@ enum nl80211_commands {
  *
  * @NL80211_ATTR_USE_MFP: Whether management frame protection (IEEE 802.11w) is
  *	used for the association (&enum nl80211_mfp, represented as a u32);
- *	this attribute can be used
- *	with %NL80211_CMD_ASSOCIATE and %NL80211_CMD_CONNECT requests
+ *	this attribute can be used with %NL80211_CMD_ASSOCIATE,
+ *	%NL80211_CMD_CONNECT, and @NL80211_CMD_START_AP requests
  *
  * @NL80211_ATTR_STA_FLAGS2: Attribute containing a
  *	&struct nl80211_sta_flag_update.
@@ -2934,12 +2934,18 @@ enum nl80211_key_type {
 
 /**
  * enum nl80211_mfp - Management frame protection state
- * @NL80211_MFP_NO: Management frame protection not used
+ * @NL80211_MFP_NO: Management frame protection not used on
+ *	any connection
  * @NL80211_MFP_REQUIRED: Management frame protection required
+ *	on all connections
+ * @NL80211_MFP_OPTIONAL: For an AP, management frame
+ *	protection is optional for a station connection depending
+ *	on whether the station supports MFP
  */
 enum nl80211_mfp {
 	NL80211_MFP_NO,
 	NL80211_MFP_REQUIRED,
+	NL80211_MFP_OPTIONAL,
 };
 
 enum nl80211_wpa_versions {
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 276e4a3..7a73adf 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3207,6 +3207,15 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
 			return PTR_ERR(params.acl);
 	}
 
+	if (info->attrs[NL80211_ATTR_USE_MFP]) {
+		params.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
+		if (params.mfp != NL80211_MFP_REQUIRED &&
+		    params.mfp != NL80211_MFP_OPTIONAL &&
+		    params.mfp != NL80211_MFP_NO)
+			return -EINVAL;
+	} else
+		params.mfp = NL80211_MFP_NO;
+
 	err = rdev_start_ap(rdev, dev, &params);
 	if (!err) {
 		wdev->preset_chandef = params.chandef;
-- 
1.7.12.rc0.22.gcdd159b


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH 2/2 V3] nl80211/cfg80211: Enable station PMF requirement to be specified to driver with AP SME
  2013-12-10 22:11 ` [PATCH 2/2 V3] nl80211/cfg80211: Enable station PMF requirement to be specified to driver with " Chet Lanctot
@ 2013-12-16 14:26   ` Johannes Berg
  0 siblings, 0 replies; 4+ messages in thread
From: Johannes Berg @ 2013-12-16 14:26 UTC (permalink / raw)
  To: Chet Lanctot; +Cc: linville, linux-wireless

On Tue, 2013-12-10 at 14:11 -0800, Chet Lanctot wrote:

> +	if (info->attrs[NL80211_ATTR_USE_MFP]) {
> +		params.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
> +		if (params.mfp != NL80211_MFP_REQUIRED &&
> +		    params.mfp != NL80211_MFP_OPTIONAL &&
> +		    params.mfp != NL80211_MFP_NO)
> +			return -EINVAL;
> +	} else
> +		params.mfp = NL80211_MFP_NO;

Code style.

Wouldn't a feature flag be needed?

johannes


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 2/2 V3] nl80211/cfg80211: Enable station PMF requirement to be specified to driver with AP SME
@ 2014-01-03 21:30 clanctot
  2014-01-06 16:40 ` Johannes Berg
  0 siblings, 1 reply; 4+ messages in thread
From: clanctot @ 2014-01-03 21:30 UTC (permalink / raw)
  To: Johannes Berg; +Cc: Chet Lanctot, linville, linux-wireless

Johannes,

Thanks for your comments regarding these changes.  See my responses below.

-	Chet

> On Tue, 2013-12-10 at 14:11 -0800, Chet Lanctot wrote:
>> +	if (info->attrs[NL80211_ATTR_USE_MFP]) {
>> +		params.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); +		if
(params.mfp != NL80211_MFP_REQUIRED &&
>> +		    params.mfp != NL80211_MFP_OPTIONAL &&
>> +		    params.mfp != NL80211_MFP_NO)
>> +			return -EINVAL;
>> +	} else
>> +		params.mfp = NL80211_MFP_NO;
> Code style.
> Wouldn't a feature flag be needed?
> johannes

For the issue of code style, I am not sure what you mean here.  I copied
this code from the nl80211_connect routine, which has similar processing
for a “use MFP” parameter.  I tried to make the code I added be consistent
with this existing code.

If you explain what needs to be changed to improve the code style, I will
make the changes.

Regarding your question about a feature flag, there is already a  flag
that indicates that the driver implements the AP SME:
     * @WIPHY_FLAG_HAVE_AP_SME: device integrates AP SME
Is this the type of flag you were referring to?

I am ready to respond to any follow-on comments you have for this section
of code.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 2/2 V3] nl80211/cfg80211: Enable station PMF requirement to be specified to driver with AP SME
  2014-01-03 21:30 [PATCH 2/2 V3] nl80211/cfg80211: Enable station PMF requirement to be specified to driver with AP SME clanctot
@ 2014-01-06 16:40 ` Johannes Berg
  0 siblings, 0 replies; 4+ messages in thread
From: Johannes Berg @ 2014-01-06 16:40 UTC (permalink / raw)
  To: clanctot; +Cc: linville, linux-wireless

On Fri, 2014-01-03 at 21:30 +0000, clanctot@codeaurora.org wrote:

> >> +	} else
> >> +		params.mfp = NL80211_MFP_NO;
> > Code style.

> For the issue of code style, I am not sure what you mean here.  I copied
> this code from the nl80211_connect routine, which has similar processing
> for a “use MFP” parameter.  I tried to make the code I added be consistent
> with this existing code.
> 
> If you explain what needs to be changed to improve the code style, I will
> make the changes.

All branches should (now) have braces if one of them requires it.

> Regarding your question about a feature flag, there is already a  flag
> that indicates that the driver implements the AP SME:
>      * @WIPHY_FLAG_HAVE_AP_SME: device integrates AP SME
> Is this the type of flag you were referring to?

Yes, but it seems to me that you need a flag in the nl80211 API
indicating that the AP SME supports PMF in this way.

johannes


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2014-01-06 16:40 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-01-03 21:30 [PATCH 2/2 V3] nl80211/cfg80211: Enable station PMF requirement to be specified to driver with AP SME clanctot
2014-01-06 16:40 ` Johannes Berg
  -- strict thread matches above, loose matches on Subject: below --
2013-12-10 22:11 [PATCH 0/2 V3] nl80211/cfg80211: Support PMF on drivers with integrated " Chet Lanctot
2013-12-10 22:11 ` [PATCH 2/2 V3] nl80211/cfg80211: Enable station PMF requirement to be specified to driver with " Chet Lanctot
2013-12-16 14:26   ` Johannes Berg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).