From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless@vger.kernel.org, Jouni Malinen <j@w1.fi>
Subject: Re: [PATCH] mac80211: ignore SA Query Requests with unknown payload data
Date: Wed, 15 Aug 2018 00:54:19 -0400 [thread overview]
Message-ID: <20180815005419.2e73c068@cs.kuleuven.be> (raw)
In-Reply-To: <1534245439.3547.21.camel@sipsolutions.net>
> I also think we shouldn't necessarily punt too short or otherwise
> malformed frames to userspace, what's the point? We currently
> drop/ignore those, and can continue to do so afaict?
Agreed, we should drop too short or malformed frames.
> An easier alternative might be to push ieee80211_process_sa_query_req()
> to after ieee80211_rx_h_userspace_mgmt() so it won't see the frames if
> userspace claimed them, but I'm not sure how that works in AP mode where
> hostapd claims all frames - though I guess these aren't relevant in AP
> mode?
>
> However, then obviously wpa_s has to be able to handle them if OCV isn't
> included, which I haven't checked. It probably should be able to anyway
> though, since the frame might include other elements that aren't OCV,
> causing the kernel to punt it to wpa_s.
SA Query request frames are also relevant in AP mode. They are fully
handled by hostapd currently.
With the OCV patch, wpa_s will also be able to handle SA Query requests
that don't contain the OCI element. So if userspace registered SA Query
request frames, it makes sense to send *all* SA Query requests to
userspace. Additionally, older versions of wpa_s won't register SA
Query request frames, meaning the kernel will still handle them, and
hence everything will still work normally.
So to me, it make sense to only let the kernel reply to SA Query
requests when operating in station mode *and* when the userspace didn't
register SA Query frames. In that case, I suppose we can send a SA
Query response as is done currently, i.e., any payload in the SA Query
request is ignored?
Cheers,
Mathy
next prev parent reply other threads:[~2018-08-15 7:44 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-06 22:48 [PATCH] mac80211: ignore SA Query Requests with unknown payload data Mathy Vanhoef
2018-08-14 11:11 ` Johannes Berg
2018-08-14 11:16 ` Johannes Berg
2018-08-14 11:17 ` Johannes Berg
2018-08-15 4:54 ` Mathy Vanhoef [this message]
2018-08-15 9:16 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180815005419.2e73c068@cs.kuleuven.be \
--to=mathy.vanhoef@cs.kuleuven.be \
--cc=j@w1.fi \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).