From: Johannes Berg <johannes@sipsolutions.net>
To: Denis Kenzior <denkenz@gmail.com>,
Arend van Spriel <arend@broadcom.com>, Jouni Malinen <j@w1.fi>
Cc: Avraham Stern <avraham.stern@intel.com>,
linux-wireless <linux-wireless@vger.kernel.org>
Subject: Re: ROAM/CONNECT event with PORT_AUTHORIZED
Date: Thu, 14 Sep 2017 20:36:12 +0200 [thread overview]
Message-ID: <1505414172.31630.13.camel@sipsolutions.net> (raw)
In-Reply-To: <14eb89c4-680b-a1b9-c430-9f92a72bb86c@gmail.com> (sfid-20170914_202722_323657_4FE49B68)
Hi Denis,
I'd actually only Cc'ed you to see if you were actually working on
EAPOL-over-nl80211 :-)
> Curious, isn't sending a PMKID for a non-roaming case not strictly
> per spec? Is this just to avoid running 802.1x?
I don't think so, what makes you? In -2016 9.4.2.25.5 for example, the
spec says:
The PMKID Count and List fields are used only in the RSNE in the
(Re)Association Request frame to an AP and in FT authentication
sequence frames.
Why should it only be valid in roaming? You might turn off and on wifi
and still have a PMKSA.
> How does this mesh with operstates outlined in
> Documentation/networking/operstates.txt? Are you treating the
> 'roaming' case as 802.1x 'reauthentication'?
I think we have to, because otherwise DHCP/IPv6 could happen again
after roaming - we really can't set the oper state to dormant during
the roaming.
> > Assuming this assessment is correct, this opens up another
> > possibility:
> > tracking the PORT_AUTHORIZED state with a separate event:
> >
> > * new connection case - no PMKSA (usage)
> > - CONNECT event
> > - [if !eapol-over-nl: toggle oper state up]
>
> Doesn't this go against operstates.txt, Section 4?
Why?
> Also, I must be dense, but why is the behavior different between
> eapol-over-nl and not?
Because for EAPOL-over-data, we actually have to have IF_OPER_UP to be
able to TX/RX the EAPOL frames.
> > - initialize 1X state machines/timeouts
> > - 1X handshake
> > - send PMK to device for 4-way-HS
> > - AUTHORIZED event
> > - [if eapol-over-nl: toggle oper state up]
> >
> > * new connection case - PMKSA usage
> > - CONNECT event
> > - [if !eapol-over-nl: toggle oper state up]
> > - initialize 1X state machines/timeouts
> > - AUTHORIZED event
> > - stop 1X state machine/timeouts
> > - [if eapol-over-nl: toggle oper state up]
> >
> > * roaming case - no PMKSA (usage)
> > - ROAM event
> > - [no touching oper state]
>
> My understanding is that oper state goes back to dormant in case we
> re-associate. At least we needed to set it back to UP after a fast
> transition?
Like I said above, I really don't think we should/can do this, I think
we'd lose at least IPv6 connectivity in the meantime?
johannes
next prev parent reply other threads:[~2017-09-14 18:36 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-14 8:39 ROAM/CONNECT event with PORT_AUTHORIZED Johannes Berg
2017-09-14 11:21 ` Arend van Spriel
2017-09-14 11:44 ` Johannes Berg
2017-09-14 18:37 ` Denis Kenzior
2017-09-14 19:17 ` Johannes Berg
2017-09-14 19:34 ` Denis Kenzior
2017-09-14 19:38 ` Ben Greear
2017-09-14 20:05 ` Denis Kenzior
2017-09-14 20:08 ` Ben Greear
2017-09-14 20:26 ` Denis Kenzior
2017-09-14 20:29 ` Ben Greear
2017-09-14 20:35 ` Denis Kenzior
2017-09-14 20:47 ` Ben Greear
2017-09-14 21:35 ` Denis Kenzior
2017-09-14 22:15 ` Ben Greear
2017-09-14 22:42 ` Denis Kenzior
2017-09-14 22:57 ` Ben Greear
2017-09-15 7:23 ` Johannes Berg
2017-09-15 7:20 ` Johannes Berg
2017-09-14 19:39 ` Johannes Berg
2017-09-14 18:27 ` Denis Kenzior
2017-09-14 18:36 ` Johannes Berg [this message]
2017-09-14 19:08 ` Denis Kenzior
2017-09-14 19:22 ` Johannes Berg
2017-09-14 19:37 ` Denis Kenzior
2017-09-14 19:41 ` Johannes Berg
2017-09-14 19:42 ` Johannes Berg
2017-09-14 19:54 ` Denis Kenzior
2017-09-15 7:19 ` Johannes Berg
2017-09-15 12:50 ` Denis Kenzior
2017-09-15 13:29 ` Johannes Berg
2017-09-15 13:50 ` Denis Kenzior
2017-09-15 14:20 ` Johannes Berg
2017-09-15 14:27 ` Denis Kenzior
2017-09-15 14:52 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1505414172.31630.13.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=arend@broadcom.com \
--cc=avraham.stern@intel.com \
--cc=denkenz@gmail.com \
--cc=j@w1.fi \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).