Re: [PATCH wireless-next 2/2] wifi: cfg80211/mac80211: extend cfg80211_rx_assoc_resp_data() for assoc encryption

[Kavita Kavita <kavita.kavita@oss.qualcomm.com>]

On 4/29/2026 11:59 AM, Johannes Berg wrote:
> Hi,
> 
> Sorry I didn't get back to this yesterday. I see you now just sent
> another patch.



It's fine. Thank you for the review. 



> 
>> The attribute is intended to indicate that the entire exchange was encrypted,
>> not just the Response. For the Response frame, checking ieee80211_has_protected()
>> is possible since the full frame is available in data->buf, but for the Request
>> frame only IEs are stored in ifmgd->assoc_req_ies, the MAC header is not preserved,
>> so I cannot check the Protected bit for the Request.
> 
> I guess that makes sense, fair enough.
> 
>> While an unencrypted Request paired with an encrypted Response is unlikely in practice,
>> we did not want to leave that gap, so I used the epp_peer flag. That said, if you think
>> checking the Protected bit on the Response frame alone is sufficient, we are fine with
>> that approach too.
> 
> It's actually also something wpa_s could check, but I suppose it's
> plausible that non-wpa_s observers of these events might be interested.
> 
>> In the wireless-next tip, there are already commits that combine both cfg80211
>> and mac80211 changes together, 
> 
> True, but that's usually if the whole thing is small enough I guess?



Yes, it's usually for small changes. This patch is also small.



> 
>> so since the assoc_encrypted field addition in
>> cfg80211 and the mac80211 epp_peer lookup that sets it are tightly dependent on
>> each other, I kept them in the same commit. If you prefer them split into two
>> separate commits, I can do that. Will update the commit as well.
> 
> I think in this case I might have just preferred to have the first
> commit add *all* the infrastructure, and indicate that it's done for
> assoc for the reasons above, and then have the second just be mac80211
> to fill it?



Well, I have already dropped this patch. I was thinking from a wpa_supplicant perspective,
where NL80211_CMD_ASSOCIATE will be preferred over NL80211_CMD_CONNECT when both are available,
so the assoc_encrypted field in the mac80211 case seemed redundant. However, if there are use
cases with non-wpa_supplicant applications that might prefer NL80211_CMD_CONNECT even when both
events are sent, then there might be value in keeping this patch.

I am not entirely sure about such use cases. Do you think this patch really matters?
If yes, I can bring it back. I think we can keep it as a single patch. Thank you.



> 
> Not super important though I guess.
> 
> johannes