Re: Question on setting key right after the EAPOL 4/4 is sent.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Johannes,


We've actually discussed doing precisely this, for - among other things
- this reason. Just nobody stepped up yet to propose the necessary APIs
and do the remaining work to use it etc.


Do you have any thoughts on what the operations should look like or do you want me to take a stab in the dark at this?

Having userspace track individual packets in the kernel sounds  wrong
to  me.  This also won't help with the packets being received out-of-
order.  It would be nice if both the RX and TX ordering was
preserved.  Hence my thinking about running PAE over NL80211.  It
would then be up to the kernel / drivers to guarantee that the
various packets are ordered appropriately.

That's actually not possible, since ordering set_key operations vs.
transmitted packets isn't something that's easily done by drivers.

Fair enough, but at least the kernel can do its best to make sure that such races do not manifest themselves out into userspace. E.g. making sure that PAE events arrive after the connect events, etc.


However, the solution is far simpler! Once you have nl80211 PAE
transport, you can easily even set the key before transmitting the
packet and simply indicate that this particular packet should _not_ be
encrypted regardless of key presence.


Makes sense. Should PAE packets always be sent unencrypted? Or should userspace be notified whether PAE was received unencrypted and send a response with the same flag?

Also, while we're on this subject. Should the kernel auto-manage the LINKMODE and OPERSTATE flags? It would seem that it already has the information to do so, and having userspace manage this just introduces another source of latency / possibility of race conditions, etc.

Regards,
-Denis

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux