From: Johannes Berg <johannes@sipsolutions.net>
To: Denis Kenzior <denkenz@gmail.com>, linux-wireless@vger.kernel.org
Subject: Re: [RFC 4/4] nl80211: Implement TX of control port frames
Date: Tue, 02 Jan 2018 21:22:09 +0100 [thread overview]
Message-ID: <1514924529.10342.4.camel@sipsolutions.net> (raw)
In-Reply-To: <c73dcadb-bd96-fa82-b857-b5e2432fbadb@gmail.com> (sfid-20180102_192300_834715_F98D3C68)
On Tue, 2018-01-02 at 12:22 -0600, Denis Kenzior wrote:
> > There are cases where CONTROL_PORT_ETHERTYPE_NO_ENCRYPT should be
> > unset, but specific frames still shouldn't be encrypted.
> >
> > So I think for this particular path it would be better to deprecate
> > CONTROL_PORT_ETHERTYPE_NO_ENCRYPT entirely, and have a separate per-
> > frame flag.
> >
> > That also means that we can't really implement it fully in cfg80211,
> > but have to provide some functionality for the driver to do things to
> > be able to honour such flags.
>
> Here's another thought I had while poking around. Given the above I
> don't want to pursue it too seriously unless you think it might work:
>
> We already have the IEEE80211_TX_INTFL_DONT_ENCRYPT flag on the skb and
> some drivers seem to honor this. At least that seems to be the intent
> as the CONTROL_PORT_NO_ENCRYPT flag ends up being translated to this
> somewhere in net/mac80211/tx.c. Are the drivers supposed to honor that
> flag?
Drivers don't have a choice, and don't need to check the flag. What
happens internally in mac80211 is that either txinfo->control.key is
assigned, or not, and drivers make encryption decisions based on that.
> If so, can we do something like what ieee80211_process_sa_query_req in
> net/mac80211/rx.c or ieee80211_tdls_prep_mgmt_packet in
> net/mac80211/tdls.c do? E.g. use ieee80211_tx_skb or
> __ieee80211_subif_start_xmit or similar to inject the skb with the
> DONT_ENCRYPT flag?
Yes, this will work - but like I said, it requires more control over
the SKB than cfg80211 has today, and than you can get through the
regular netdev xmit.
> > Perhaps a new operation, where we pass a pre-built SKB and control
> > flags?
>
> This would likely mean that legacy behavior would still have to be
> supported for quite some time (forever?) for drivers that don't get
> around to implementing this, which would be unfortunate.
What do you mean by "legacy behaviour"? *Drivers* don't really need to
do anything one way or the other, and mac80211 is the only thing
implementing control port encrypt/ethertype right now, I suspect.
johannes
next prev parent reply other threads:[~2018-01-02 20:22 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-28 17:58 [RFC 0/4] EAPoL over NL80211 Denis Kenzior
2017-12-28 17:58 ` [RFC 1/4] nl80211: Add CONTROL_PORT_OVER_NL80211 attribute Denis Kenzior
2017-12-28 17:58 ` [RFC 2/4] nl80211: Add CMD_CONTROL_PORT_FRAME API Denis Kenzior
2017-12-28 17:58 ` [RFC 3/4] mac80211: Send control port frames over nl80211 Denis Kenzior
2017-12-28 17:58 ` [RFC 4/4] nl80211: Implement TX of control port frames Denis Kenzior
2018-01-02 13:30 ` Johannes Berg
2018-01-02 18:22 ` Denis Kenzior
2018-01-02 20:22 ` Johannes Berg [this message]
2018-01-03 17:17 ` Denis Kenzior
2018-01-03 20:13 ` Arend Van Spriel
2018-01-03 21:00 ` Denis Kenzior
2018-01-03 20:26 ` Johannes Berg
2017-12-29 9:29 ` [RFC 0/4] EAPoL over NL80211 Arend van Spriel
2017-12-29 18:29 ` Denis Kenzior
2018-01-01 20:11 ` Arend van Spriel
2018-01-02 13:27 ` Johannes Berg
2018-01-03 20:24 ` Arend Van Spriel
2018-01-03 21:16 ` Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1514924529.10342.4.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=denkenz@gmail.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).