On Sun, 2019-01-06 at 16:49 +0200, Jouni Malinen wrote: > On Sat, Jan 05, 2019 at 12:39:46PM +0100, Markus Theil wrote: > > Currently, NetworkManager sends ieee80211w=1 for every connection, > > if wpa_supplicant has pmf support enabled/compiled in. If the used > > NIC does not support BIP ciphers, adding the IGTK fails. > > That is a bit unfortunate in this context.. The better way of doing this > would have been setting the global pmf=1 parameter and not having > per-network profile parameters. That combination is already covering > this case of no driver support, i.e., pmf=1 was designed in a way that > it would fall back to no MFP if there is no driver support. [...] > That is not a desired changed since it can result in quite incorrect > behavior. If the goal is to override ieee80211w=1 in the network > profile, that would need to be done at the end of this function just > before return ssid->ieee80211w instead of modifying this special case of > MGMT_FRAME_PROTECTION_DEFAULT (i.e., no explicit ieee80211w parameter in > the network profile). I'd argue that it's still an NM bug and can just be fixed there? It probably has a shorter release cycle too ;-)) johannes _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
