From: Jouni Malinen <jkmaline@cc.hut.fi>
To: Vladimir Kondratiev <vkondra@mail.ru>,
netdev@oss.sgi.com, Jeff Garzik <jgarzik@pobox.com>,
Denis Vlasenko <vda@port.imtp.ilyichevsk.odessa.ua>,
Jean Tourrilhes <jt@bougret.hpl.hp.com>,
Jouni Malinen <jkmaline@cc.hut.fi>,
acx100-devel@lists.sourceforge.net, prism54-devel@prism54.org,
davem@redhat.com
Subject: Re: [RFC] acx100 inclusion in mainline; generic 802.11 stack
Date: Tue, 31 Aug 2004 19:22:05 -0700 [thread overview]
Message-ID: <20040901022205.GB7366@jm.kir.nu> (raw)
In-Reply-To: <20040831213719.GH31207@ruslug.rutgers.edu>
On Tue, Aug 31, 2004 at 05:37:19PM -0400, Luis R. Rodriguez wrote:
> On Tue, Aug 31, 2004 at 10:14:38PM +0300, Vladimir Kondratiev wrote:
> > - Security is not up-to date either. We need .1x, EAS, TKIP etc. This need to
> > be done for modern cards to use this infrastructure.
>
> This is handled by hostap wpa_supplicant now, which is going to be part
> of WE18. The question I think is whether somoene plans on re-doing it on
> wireless-2.6, since as you mentioned it seems WE are being redone on
> davem's patch.
This sounds somewhat confusing.. As far as WPA and IEEE 802.11i
(RSN/WPA2) are concerned, there are number of different components
involved.
One part is in IEEE 802.11 data frame handling (TKIP, CCMP). This is
implemented, e.g., in the current Host AP RX/TX paths more or less
completely. The current implementation is still hardcoded to do this in
software, so it would need to be extended to support offloading
encryption to the wlan card since many of the modern cards have hardware
(or combination of hardware/firmware) implementation of TKIP and CCMP.
In addition, IEEE 802.11e will add some small changes to TKIP/CCMP
processing; Host AP code has places for this for TX (mainly, setting
priority value in the header). RX needs some more work because of
possible reordering of packets with different priorities. This all lives
in the generic 802.11 stack of the kernel.
In addition to data encryption, IEEE 802.11i defines key management
protocol (4-Way/PTK handshake, 2-Way/Group Key handshake) and
optimizations for full IEEE 802.1X authentication (PMKSA caching,
pre-authentication). IEEE 802.1X and EAP authentication is on similar
level. All these are done using EAPOL packet (own ethertype; one for
EAPOL and one for pre-authentication). This could be done in kernel, but
I don't see much point in that and have thus implemented these in user
space. wpa_supplicant includes the Supplicant part both for IEEE 802.1X
and IEEE 802.11i key handshakes. hostapd includes the Authenticator part
for the same functionality.
Being able to keep authentication and key management separated from the
data encryption. There needs to be an interface for configuring and
getting event information. I would say this can be considered as
separate design area. Currently, hostapd and wpa_supplicant are using
combination of ioctls (WE and private, depending on the driver) for user
space -> kernel configuration (e.g., encryption keys), wireless events
(netlink) for getting event information (association/encryption
error/etc.), network interfaces with or without IEEE 802.11 headers
(e.g., hostapd includes IEEE 802.11 headers for management frames in a
separate interface and wpa_supplicant uses just Ethernet header and
normal data interface to get the two special ethertypes).
This communication interface can be replaced with something different,
if desired, without affecting the other parts of the implementation (the
encryption of data frames itself or the authentication/key management
protocols).
--
Jouni Malinen PGP id EFC895FA
next prev parent reply other threads:[~2004-09-01 2:22 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-31 18:11 [RFC] acx100 inclusion in mainline; generic 802.11 stack Denis Vlasenko
2004-08-31 18:21 ` Jeff Garzik
2004-08-31 19:14 ` Vladimir Kondratiev
2004-08-31 21:37 ` Luis R. Rodriguez
2004-08-31 22:06 ` Vladimir Kondratiev
2004-09-01 2:22 ` Jouni Malinen [this message]
2004-09-02 20:24 ` Vladimir Kondratiev
2004-09-02 20:33 ` Jeff Garzik
2004-09-03 17:37 ` Vladimir Kondratiev
2004-09-03 20:29 ` Jeff Garzik
2004-09-06 18:13 ` Sam Leffler
2004-09-06 18:57 ` Vladimir Kondratiev
2004-09-06 19:30 ` Sam Leffler
2004-09-06 20:09 ` Vladimir Kondratiev
2004-09-06 23:04 ` Sam Leffler
2004-09-07 1:23 ` David S. Miller
2004-09-07 4:32 ` Sam Leffler
2004-09-07 6:47 ` David S. Miller
2004-09-07 17:22 ` Vladimir Kondratiev
2004-09-07 17:32 ` David S. Miller
2004-09-07 18:06 ` Vladimir Kondratiev
2004-09-07 18:08 ` David S. Miller
2004-09-07 18:41 ` Vladimir Kondratiev
2004-09-07 19:10 ` David S. Miller
2004-09-07 19:54 ` Vladimir Kondratiev
2004-09-09 2:40 ` Sam Leffler
2004-09-09 4:36 ` Luis R. Rodriguez
2004-09-07 17:03 ` [RFC] acx100 inclusion in mainline; " greg chesson
2004-09-07 17:10 ` David S. Miller
2004-09-07 18:14 ` greg chesson
2004-09-07 18:16 ` David S. Miller
2004-09-08 7:38 ` jamal
2004-09-08 16:02 ` greg chesson
2004-09-08 19:51 ` Vladimir Kondratiev
2004-09-08 20:52 ` greg chesson
2004-09-08 21:54 ` Vladimir Kondratiev
2004-09-09 17:06 ` greg chesson
2004-09-12 18:03 ` Vladimir Kondratiev
2004-09-13 0:09 ` Jeff Garzik
2004-09-13 0:45 ` David S. Miller
2004-09-15 17:57 ` James Ketrenos
2004-09-13 0:14 ` David S. Miller
2004-09-13 5:39 ` Vladimir Kondratiev
2004-09-13 5:50 ` Jeff Garzik
2004-09-13 23:21 ` David S. Miller
2004-09-14 5:14 ` Vladimir Kondratiev
2004-09-14 5:35 ` David S. Miller
2004-09-14 23:55 ` Luis R. Rodriguez
2004-09-15 0:11 ` Jeff Garzik
2004-09-15 0:51 ` greg chesson
2004-09-15 1:19 ` Jeff Garzik
2004-09-15 3:02 ` Luis R. Rodriguez
2004-09-15 3:05 ` Jeff Garzik
2004-09-15 3:17 ` Luis R. Rodriguez
2004-09-15 5:44 ` Vladimir Kondratiev
2004-09-15 14:47 ` greg chesson
2004-09-15 15:55 ` David S. Miller
2004-09-15 16:48 ` Sam Leffler
2004-09-15 17:06 ` David S. Miller
2004-09-28 12:20 ` [RFC] acx100 inclusion in mainline; " Luis R. Rodriguez
2004-09-28 20:29 ` Vladimir Kondratiev
2004-09-29 0:48 ` Luis R. Rodriguez
2004-09-29 7:10 ` Vladimir Kondratiev
2004-09-29 8:00 ` Luis R. Rodriguez
2004-10-01 14:30 ` Vladimir Kondratiev
2004-10-01 22:53 ` David S. Miller
2004-10-01 23:25 ` Vladimir Kondratiev
2004-10-02 0:11 ` David S. Miller
2004-09-08 21:19 ` [Acx100-devel] Re: [RFC] acx100 inclusion in mainline; " Denis Vlasenko
2004-09-09 3:31 ` Sam Leffler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040901022205.GB7366@jm.kir.nu \
--to=jkmaline@cc.hut.fi \
--cc=acx100-devel@lists.sourceforge.net \
--cc=davem@redhat.com \
--cc=jgarzik@pobox.com \
--cc=jt@bougret.hpl.hp.com \
--cc=netdev@oss.sgi.com \
--cc=prism54-devel@prism54.org \
--cc=vda@port.imtp.ilyichevsk.odessa.ua \
--cc=vkondra@mail.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).