From: Denis Kenzior <denkenz@gmail.com>
To: Johannes Berg <johannes@sipsolutions.net>,
linux-wireless@vger.kernel.org
Subject: Re: [RFC 4/4] nl80211: Implement TX of control port frames
Date: Tue, 2 Jan 2018 12:22:55 -0600 [thread overview]
Message-ID: <c73dcadb-bd96-fa82-b857-b5e2432fbadb@gmail.com> (raw)
In-Reply-To: <1514899804.2024.5.camel@sipsolutions.net>
Hi Johannes,
On 01/02/2018 07:30 AM, Johannes Berg wrote:
> On Thu, 2017-12-28 at 11:58 -0600, Denis Kenzior wrote:
>> This commit implements the TX side of NL80211_CMD_CONTROL_PORT_FRAME.
>> Userspace provides the raw EAPoL frame using NL80211_ATTR_FRAME. A
>> skbuf is built and then injected onto the netdev of the wireless device.
>> The CONTROL_PORT_ETHERTYPE_NO_ENCRYPT will still in theory be honored by
>
> You mean CONTROL_PORT_NO_ENCRYPT :-)
Right
>
>> the underlying TX path code.
>
> I think this isn't good enough.
>
That was my thinking as well
> There are cases where CONTROL_PORT_ETHERTYPE_NO_ENCRYPT should be
> unset, but specific frames still shouldn't be encrypted.
>
> So I think for this particular path it would be better to deprecate
> CONTROL_PORT_ETHERTYPE_NO_ENCRYPT entirely, and have a separate per-
> frame flag.
>
> That also means that we can't really implement it fully in cfg80211,
> but have to provide some functionality for the driver to do things to
> be able to honour such flags.
Here's another thought I had while poking around. Given the above I
don't want to pursue it too seriously unless you think it might work:
We already have the IEEE80211_TX_INTFL_DONT_ENCRYPT flag on the skb and
some drivers seem to honor this. At least that seems to be the intent
as the CONTROL_PORT_NO_ENCRYPT flag ends up being translated to this
somewhere in net/mac80211/tx.c. Are the drivers supposed to honor that
flag?
If so, can we do something like what ieee80211_process_sa_query_req in
net/mac80211/rx.c or ieee80211_tdls_prep_mgmt_packet in
net/mac80211/tdls.c do? E.g. use ieee80211_tx_skb or
__ieee80211_subif_start_xmit or similar to inject the skb with the
DONT_ENCRYPT flag?
>
> Perhaps a new operation, where we pass a pre-built SKB and control
> flags?
>
This would likely mean that legacy behavior would still have to be
supported for quite some time (forever?) for drivers that don't get
around to implementing this, which would be unfortunate.
Regards,
-Denis
next prev parent reply other threads:[~2018-01-02 18:22 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-28 17:58 [RFC 0/4] EAPoL over NL80211 Denis Kenzior
2017-12-28 17:58 ` [RFC 1/4] nl80211: Add CONTROL_PORT_OVER_NL80211 attribute Denis Kenzior
2017-12-28 17:58 ` [RFC 2/4] nl80211: Add CMD_CONTROL_PORT_FRAME API Denis Kenzior
2017-12-28 17:58 ` [RFC 3/4] mac80211: Send control port frames over nl80211 Denis Kenzior
2017-12-28 17:58 ` [RFC 4/4] nl80211: Implement TX of control port frames Denis Kenzior
2018-01-02 13:30 ` Johannes Berg
2018-01-02 18:22 ` Denis Kenzior [this message]
2018-01-02 20:22 ` Johannes Berg
2018-01-03 17:17 ` Denis Kenzior
2018-01-03 20:13 ` Arend Van Spriel
2018-01-03 21:00 ` Denis Kenzior
2018-01-03 20:26 ` Johannes Berg
2017-12-29 9:29 ` [RFC 0/4] EAPoL over NL80211 Arend van Spriel
2017-12-29 18:29 ` Denis Kenzior
2018-01-01 20:11 ` Arend van Spriel
2018-01-02 13:27 ` Johannes Berg
2018-01-03 20:24 ` Arend Van Spriel
2018-01-03 21:16 ` Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c73dcadb-bd96-fa82-b857-b5e2432fbadb@gmail.com \
--to=denkenz@gmail.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).