From: mabbas <mabbas@linux.intel.com>
To: Jouni Malinen <j@w1.fi>
Cc: Johannes Berg <johannes@sipsolutions.net>,
linux-wireless@vger.kernel.org, Dan Williams <dcbw@redhat.com>,
linville@tuxdriver.com
Subject: Re: wpa_supplicant/key deletion with all-zeroes mac
Date: Wed, 21 Nov 2007 21:30:15 -0800 [thread overview]
Message-ID: <474513E7.3000104@linux.intel.com> (raw)
In-Reply-To: <20071122043722.GC8672@jm.kir.nu>
Jouni Malinen wrote:
> On Wed, Nov 21, 2007 at 04:17:34PM +0100, Johannes Berg wrote:
>
>
>>> When I connect to an AP with wpa, then I receive deauth frame,
>>> ieee80211_rx_mgmt_deauth will be called, which will call
>>> ieee80211_set_associated(dev, ifsta, 0); to disconnect. In function
>>> ieee80211_set_associated, it calls wireless_send_event with SIOCGIWAP
>>> event and memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN).
>>>
>
> This sounds correct.
>
>
>>> wpa_supplicant will
>>> receives this event then call mac80211 to remove any old security key,
>>> the problem it will pass 00:00:00:00:00:00 as station address.
>>>
>
> This sounds broken. wpa_supplicant should remove the key for the
> previous BSSID.
>
>
>>> ieee80211_set_encryption will fail since there are no station with
>>> 00:00:00:00:00:00. This will leave the old key which causes the problems
>>> in the next reconnection.
>>>
>
> This sounds correct behavior.
>
>
>> Interesting. I'd think this is a wpa_supplicant bug, Jouni, how is the
>> security wext stuff supposed to work here?
>>
>
> Agreed, this sounds like a bug in wpa_supplicant. Unicast keys should be
> removed with their correct address. I think this used to work, but maybe
> some of the changes in BSSID processing in disassociation cases caused
> the old BSSID to be forgotten.
>
>
>>> diff --git a/net/mac80211/ieee80211_ioctl.c b/net/mac80211/ieee80211_ioctl.c
>>> @@ -97,7 +97,10 @@ static int ieee80211_set_encryption(struct net_device *dev, u8 *sta_addr,
>>> - sta = sta_info_get(local, sta_addr);
>>> + if (is_zero_ether_addr(sta_addr))
>>> + sta = sta_info_get(local, sdata->u.sta.bssid);
>>> + else
>>> + sta = sta_info_get(local, sta_addr);
>>>
>
> NAK. I don't think this is the correct fix here.
>
>
I agree I just included this workaround to illustrated what I did to
make it work.
next prev parent reply other threads:[~2007-11-22 5:32 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-21 8:01 security question mabbas
2007-11-21 15:17 ` wpa_supplicant/key deletion with all-zeroes mac (was: security question) Johannes Berg
2007-11-22 4:37 ` Jouni Malinen
2007-11-22 5:30 ` mabbas [this message]
2007-11-22 12:55 ` Johannes Berg
2007-11-24 20:00 ` Jouni Malinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=474513E7.3000104@linux.intel.com \
--to=mabbas@linux.intel.com \
--cc=dcbw@redhat.com \
--cc=j@w1.fi \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).