[PATCH] mac80211: Do not encrypt EAPOL frames in IBSS Mode.

[PATCH] mac80211: Do not encrypt EAPOL frames in IBSS Mode.

[Nicolas Cavallari]

Currently, EAPOL Frames in IBSS mode are encrypted if a PTK
is available.  This patch turn off encryption for all EAPOL
frames when on IBSS mode, as there is no suitable userspace
calls to configure the control port protocol and settings.

IBSS RSN sort-of worked without this patch because PTKs
are only installed after the completion of a successful
EAPOL exchange,  so unicast operations would work,  but
multicast and rekeying would often fail.

Signed-off-by: Nicolas Cavallari <cavallar@lri.fr>
---
 net/mac80211/ibss.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index bed30ba..9d8e699 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -1022,6 +1022,8 @@ void ieee80211_ibss_setup_sdata(struct ieee80211_sub_if_data *sdata)
 {
 	struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
 
+	sdata->control_port_no_encrypt = true;
+
 	setup_timer(&ifibss->timer, ieee80211_ibss_timer,
 		    (unsigned long) sdata);
 	mutex_init(&ifibss->mtx);
-- 
1.7.8.3

Re: [PATCH] mac80211: Do not encrypt EAPOL frames in IBSS Mode.

[Johannes Berg]

On 2012-01-26 05:42, Nicolas Cavallari wrote:
> Currently, EAPOL Frames in IBSS mode are encrypted if a PTK
> is available.  This patch turn off encryption for all EAPOL
> frames when on IBSS mode, as there is no suitable userspace
> calls to configure the control port protocol and settings.
>
> IBSS RSN sort-of worked without this patch because PTKs
> are only installed after the completion of a successful
> EAPOL exchange,  so unicast operations would work,  but
> multicast and rekeying would often fail.

Err, NACK? I'm 99% sure this is completely wrong -- point out where the 
IEEE RSN spec allows this.

johannes

Re: [PATCH] mac80211: Do not encrypt EAPOL frames in IBSS Mode.

[Johannes Berg]

On 1/26/2012 4:42 AM, Nicolas Cavallari wrote:
> Currently, EAPOL Frames in IBSS mode are encrypted if a PTK
> is available.  This patch turn off encryption for all EAPOL
> frames when on IBSS mode, as there is no suitable userspace
> calls to configure the control port protocol and settings.
>
> IBSS RSN sort-of worked without this patch because PTKs
> are only installed after the completion of a successful
> EAPOL exchange,  so unicast operations would work,  but
> multicast and rekeying would often fail.
>
> Signed-off-by: Nicolas Cavallari<cavallar@lri.fr>
> ---
>   net/mac80211/ibss.c |    2 ++
>   1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
> index bed30ba..9d8e699 100644
> --- a/net/mac80211/ibss.c
> +++ b/net/mac80211/ibss.c
> @@ -1022,6 +1022,8 @@ void ieee80211_ibss_setup_sdata(struct ieee80211_sub_if_data *sdata)
>   {
>   	struct ieee80211_if_ibss *ifibss =&sdata->u.ibss;
>
> +	sdata->control_port_no_encrypt = true;

In addition to my earlier comment about this being totally wrong -- if 
you REALLY wanted it, you should probably just add the few API tweaks to 
be able to set it from userspace and tweak your userspace.

johannes