From: Arend van Spriel <arend.vanspriel@broadcom.com>
To: Denis Kenzior <denkenz@gmail.com>, linux-wireless@vger.kernel.org
Subject: Re: [RFC 0/4] EAPoL over NL80211
Date: Fri, 29 Dec 2017 10:29:37 +0100 [thread overview]
Message-ID: <5A460B01.7060603@broadcom.com> (raw)
In-Reply-To: <20171228175832.3253-1-denkenz@gmail.com>
On 12/28/2017 6:58 PM, Denis Kenzior wrote:
> This patchset adds support for running 802.11 authentication mechanisms (e.g.
> 802.1X, 4-Way Handshake, etc) over NL80211 instead of putting them onto the
> network device. This has the advantage of fixing several long-standing race
> conditions that result from userspace operating on multiple transports in order
> to manage a 802.11 connection (e.g. NL80211 and wireless netdev, wlan0, etc)
>
> For example, userspace would sometimes see 4-Way handshake packets before
> NL80211 signaled that the connection has been established. Leading to ugly
> hacks or having the STA wait for retransmissions from the AP.
>
> To make this possible this patchset introduces a new NL80211 command and several
> new attributes. A userspace that is capable of processing EAPoL packets over
> NL80211 includes a new NL80211_ATTR_CONTROL_PORT_OVER_NL80211 attribute in its
> NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT requests being sent to the kernel.
> The previously added NL80211_ATTR_SOCKET_OWNER attribute must also be included.
Does it make sense to require a combination of attributes. It is always
a bit awkward so prefer to avoid it. Could we implicitly make the
netlink unicast for notifications when
NL80211_ATTR_CONTROL_PORT_OVER_NL80211 is provided by user-space.
> The latter is used by the kernel to send NL80211_CMD_CONTROL_PORT_FRAME
> notifications back to userspace via a netlink unicast. If the
> NL80211_ATTR_CONTROL_PORT_OVER_NL80211 attribute is not specified, then legacy
> behavior is kept and control port packets continue to flow over the network
> interface.
[...]
> Open Questions
> ==============
>
> 1. It is not clear whether all drivers provide information as to whether the
> control port frame was sent encrypted or not. Do they?
You mean in some tx status info. I think brcmfmac does not have that
info available in the driver, but would need to verify.
> 2. It has been previously suggested that CMD_FRAME infrastructure is used to
> accomplish control port over nl80211 transport. However, it did not seem to be
> a good fit as the relevant code paths assume that only management frames are
> to be sent via this mechanism. Thoughts?
What are the issues coming from that assumption? Does it assume 802.11
header is present? What else?
Regards,
Arend
next prev parent reply other threads:[~2017-12-29 9:29 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-28 17:58 [RFC 0/4] EAPoL over NL80211 Denis Kenzior
2017-12-28 17:58 ` [RFC 1/4] nl80211: Add CONTROL_PORT_OVER_NL80211 attribute Denis Kenzior
2017-12-28 17:58 ` [RFC 2/4] nl80211: Add CMD_CONTROL_PORT_FRAME API Denis Kenzior
2017-12-28 17:58 ` [RFC 3/4] mac80211: Send control port frames over nl80211 Denis Kenzior
2017-12-28 17:58 ` [RFC 4/4] nl80211: Implement TX of control port frames Denis Kenzior
2018-01-02 13:30 ` Johannes Berg
2018-01-02 18:22 ` Denis Kenzior
2018-01-02 20:22 ` Johannes Berg
2018-01-03 17:17 ` Denis Kenzior
2018-01-03 20:13 ` Arend Van Spriel
2018-01-03 21:00 ` Denis Kenzior
2018-01-03 20:26 ` Johannes Berg
2017-12-29 9:29 ` Arend van Spriel [this message]
2017-12-29 18:29 ` [RFC 0/4] EAPoL over NL80211 Denis Kenzior
2018-01-01 20:11 ` Arend van Spriel
2018-01-02 13:27 ` Johannes Berg
2018-01-03 20:24 ` Arend Van Spriel
2018-01-03 21:16 ` Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5A460B01.7060603@broadcom.com \
--to=arend.vanspriel@broadcom.com \
--cc=denkenz@gmail.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).