From: Jouni Malinen <j@w1.fi>
To: Amit SHAKYA <amit.shakya@stericsson.com>
Cc: "John W. Linville" <linville@tuxdriver.com>,
"linux-wireless (linux-wireless@vger.kernel.org)"
<linux-wireless@vger.kernel.org>,
"Johannes Berg (johannes@sipsolutions.net)"
<johannes@sipsolutions.net>
Subject: Re: [PATCH] mac80211: Handle race condition in replay handling
Date: Fri, 18 May 2012 09:39:35 -0400 [thread overview]
Message-ID: <20120518133935.GA13088@w1.fi> (raw)
In-Reply-To: <ECD438FDEF6BD742895E554C24725A4022946BBD16@EXDCVYMBSTM005.EQ1STM.local>
On Thu, May 17, 2012 at 11:40:16AM +0200, Amit SHAKYA wrote:
> Added fix for the issue where the Rx throughput use to get stuck,
> with unicast key rotation feature enabled in the Cisco AP.
> The issue is that due to race condition during EAPOL key
> handshake and packet reception, the PN gets reset at MAC, while
> it still receives previous PN range packets for a while from AP.
How would that happen? I would assume the previous PN range is still
used with the old key and as such, the PN updates should not be accepted
for the new key.
> At MAC, there is a memcpy of the PN from the received PN
> and as a result the maintained PN is overwritten with the
> previous PN sequence value after being reset at the time, new
> key is plumbed by supplicant.
>
> As a result, when this change in sequence number happens, the
> replay detection handling in MAC gets triggered, causing the
> traffic to stops for some while till PN re-match, with the
> one last updated at MAC.
>
> The fix takes care of selectively updating the Rx PN during
> this transition phase.
This sounds incorrect.. I don't really like the idea of adding the extra
hack here and the additional memcmp() calls either.
Would you be able to provide more detailed description on how the PN
values are used based on the key (old/new) and how the PN value for the
new key gets updated based on the old range?
--
Jouni Malinen PGP id EFC895FA
next prev parent reply other threads:[~2012-05-18 13:39 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-17 9:40 [PATCH] mac80211: Handle race condition in replay handling Amit SHAKYA
2012-05-18 13:39 ` Jouni Malinen [this message]
2012-05-21 12:42 ` Amit SHAKYA
2012-05-22 3:59 ` Amit SHAKYA
[not found] <ECD438FDEF6BD742895E554C24725A4022946BBCB6@EXDCVYMBSTM005.EQ1STM.local>
2012-05-17 7:14 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120518133935.GA13088@w1.fi \
--to=j@w1.fi \
--cc=amit.shakya@stericsson.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).