outgoing interface field

outgoing interface field

[Johannes Berg]

[-- Attachment #1: Type: text/plain, Size: 1017 bytes --]

For our particular implementation of AP mode with hostapd in Linux, we
are using radiotap-injection interfaces to send management frames.

Now, 802.11w (encrypted management frames) requires that those frames
are encrypted, due to key management issues we need to do that in the
kernel. This means we can no longer simply inject the frames, we need to
know, in the kernel, which interface to search for the key, since
multiple virtual AP interfaces/BSSes may be configured on a single PHY.

This requires that we have a radiotap field indicating the outgoing
interface to use for such key lookups. Further uses would be to use, for
data frames, the fragmentation/RTS threshold from the given interface.

I don't, off-hand, see any other OS requiring this, so I'm shopping
around asking vendors if I can have part of their vendor OUI namespace
(one of the sub-namespaces) for Linux, but if anybody sees value in such
a field for other OSes we can also add it to the standard.

Thoughts?

johannes

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: outgoing interface field

[Pavel Roskin]

On Thu, 2008-06-19 at 21:28 +0200, Johannes Berg wrote:
> For our particular implementation of AP mode with hostapd in Linux, we
> are using radiotap-injection interfaces to send management frames.
> 
> Now, 802.11w (encrypted management frames) requires that those frames
> are encrypted, due to key management issues we need to do that in the
> kernel. This means we can no longer simply inject the frames, we need to
> know, in the kernel, which interface to search for the key, since
> multiple virtual AP interfaces/BSSes may be configured on a single PHY.
> 
> This requires that we have a radiotap field indicating the outgoing
> interface to use for such key lookups.

Are you injecting by sending data to a socket?  I think the sockets are
bound to VAPs, not to PHYs since VAPs are seen as network devices.

Besides, are you going to serve more than one VAP with one socket?  I
would not do it without a good reason.  I think ioctl on the socket
would be an easier solution, as it needs to be done once per VAP, not
once per packet.

>  Further uses would be to use, for
> data frames, the fragmentation/RTS threshold from the given interface.
> 
> I don't, off-hand, see any other OS requiring this, so I'm shopping
> around asking vendors if I can have part of their vendor OUI namespace
> (one of the sub-namespaces) for Linux, but if anybody sees value in such
> a field for other OSes we can also add it to the standard.

We could probably register an official Linux OUI for that if the code is
intended for Linux.

-- 
Regards,
Pavel Roskin

Re: outgoing interface field

[Johannes Berg]

[-- Attachment #1: Type: text/plain, Size: 1411 bytes --]


> Are you injecting by sending data to a socket?  I think the sockets are
> bound to VAPs, not to PHYs since VAPs are seen as network devices.

Yes. The socket is bound to a _cooked monitor_ interface.

> Besides, are you going to serve more than one VAP with one socket?  I
> would not do it without a good reason.  I think ioctl on the socket
> would be an easier solution, as it needs to be done once per VAP, not
> once per packet.

Well, yes, of course we're going to serve multiple BSSes with one socket
if they're all associated to one physical interface. Why not? It makes
the code much cleaner and nicer. Why do you think I need a good reason
to do this? I think you need a good reason _not to_ and this isn't a
good reason. Besides, ioctls suck.

> >  Further uses would be to use, for
> > data frames, the fragmentation/RTS threshold from the given interface.
> > 
> > I don't, off-hand, see any other OS requiring this, so I'm shopping
> > around asking vendors if I can have part of their vendor OUI namespace
> > (one of the sub-namespaces) for Linux, but if anybody sees value in such
> > a field for other OSes we can also add it to the standard.
> 
> We could probably register an official Linux OUI for that if the code is
> intended for Linux.

Who'd pay for it, and why bother to pollute the OUI namespace with
something we're not using elsewhere?

johannes

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: outgoing interface field

[Pavel Roskin]

On Thu, 2008-06-19 at 21:44 +0200, Johannes Berg wrote:
> > Are you injecting by sending data to a socket?  I think the sockets are
> > bound to VAPs, not to PHYs since VAPs are seen as network devices.
> 
> Yes. The socket is bound to a _cooked monitor_ interface.

Oh well, I should have guessed that.  Maybe we could introduce ioctl to
put socket into "wireless injection mode", in which it would accept
802.11 packets with radiotap headers regardless of the interface mode.
Then the sockets could be bound to the VAPs.

> > Besides, are you going to serve more than one VAP with one socket?  I
> > would not do it without a good reason.  I think ioctl on the socket
> > would be an easier solution, as it needs to be done once per VAP, not
> > once per packet.
> 
> Well, yes, of course we're going to serve multiple BSSes with one socket
> if they're all associated to one physical interface. Why not?

It's a cleaner approach to respect the virtual interface abstraction
existing in the kernel rather than ignore it.  The kernel presents
separate network interfaces to the userspace.

>  It makes
> the code much cleaner and nicer. Why do you think I need a good reason
> to do this? I think you need a good reason _not to_ and this isn't a
> good reason. Besides, ioctls suck.

ioctls suck for global configuration.  They are adequate for configuring
particular sockets or file descriptors.

Besides, radiotap headers are designed to be transferable between
systems.  It should be possible to send frames with radiotap headers
from another system, possibly with a different endianness and different
wireless hardware.  Encoding local data (VAP number) makes radiotap
headers system-specific.

> > We could probably register an official Linux OUI for that if the
> code is
> > intended for Linux.
> 
> Who'd pay for it, and why bother to pollute the OUI namespace with
> something we're not using elsewhere?

It's funny, we are creating the rules that exclude us, and then we are
shopping around for sponsors.  We need exceptions for experimental use.

-- 
Regards,
Pavel Roskin

Re: outgoing interface field

[Johannes Berg]

[-- Attachment #1: Type: text/plain, Size: 2404 bytes --]

On Thu, 2008-06-19 at 16:09 -0400, Pavel Roskin wrote:
> On Thu, 2008-06-19 at 21:44 +0200, Johannes Berg wrote:
> > > Are you injecting by sending data to a socket?  I think the sockets are
> > > bound to VAPs, not to PHYs since VAPs are seen as network devices.
> > 
> > Yes. The socket is bound to a _cooked monitor_ interface.
> 
> Oh well, I should have guessed that.  Maybe we could introduce ioctl to
> put socket into "wireless injection mode", in which it would accept
> 802.11 packets with radiotap headers regardless of the interface mode.
> Then the sockets could be bound to the VAPs.

I don't want to see the kernel code for that.

> > > Besides, are you going to serve more than one VAP with one socket?  I
> > > would not do it without a good reason.  I think ioctl on the socket
> > > would be an easier solution, as it needs to be done once per VAP, not
> > > once per packet.
> > 
> > Well, yes, of course we're going to serve multiple BSSes with one socket
> > if they're all associated to one physical interface. Why not?
> 
> It's a cleaner approach to respect the virtual interface abstraction
> existing in the kernel rather than ignore it.  The kernel presents
> separate network interfaces to the userspace.

Well yeah, but what point is there in having many sockets? Anyway, Jouni
and I have pretty much decided on this, and you don't really get a say
unless you provide clean, working code :)

> Besides, radiotap headers are designed to be transferable between
> systems.  It should be possible to send frames with radiotap headers
> from another system, possibly with a different endianness and
> different
> wireless hardware.  Encoding local data (VAP number) makes radiotap
> headers system-specific.

This isn't designed to be ever saved to disk, it's for communication
between userspace and the kernel when running an AP. We just happen to
use radiotap for that to save inventing yet another interface.

> It's funny, we are creating the rules that exclude us, and then we are
> shopping around for sponsors.  We need exceptions for experimental use.

Actually, I just figured out that the OUIs have a 'locally assigned' bit
like MAC addresses (well I guess MAC addresses inherit it from OUIs), so
we can use that and assign "experimental" OUIs to ourselves as long as
they don't clash within radiotap.

johannes

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: outgoing interface field

[Pavel Roskin]

On Thu, 2008-06-19 at 22:14 +0200, Johannes Berg wrote:

> > Besides, radiotap headers are designed to be transferable between
> > systems.  It should be possible to send frames with radiotap headers
> > from another system, possibly with a different endianness and
> > different
> > wireless hardware.  Encoding local data (VAP number) makes radiotap
> > headers system-specific.
> 
> This isn't designed to be ever saved to disk, it's for communication
> between userspace and the kernel when running an AP. We just happen to
> use radiotap for that to save inventing yet another interface.

Then there is very little point in discussing it.  I thought you were
going to suggest some elegant addition to the standard.  Piggybacking
the frames with some OS and system specific data is not.

> > It's funny, we are creating the rules that exclude us, and then we are
> > shopping around for sponsors.  We need exceptions for experimental use.
> 
> Actually, I just figured out that the OUIs have a 'locally assigned' bit
> like MAC addresses (well I guess MAC addresses inherit it from OUIs), so
> we can use that and assign "experimental" OUIs to ourselves as long as
> they don't clash within radiotap.

OK, fine.

-- 
Regards,
Pavel Roskin