On 27/08/2019 16:05, Johannes Berg wrote: > On Tue, 2019-08-27 at 11:02 +0200, Johannes Berg wrote: >>> Agh! I meant to say _enable_ encryption. i.e. "disable" the bit of code that >>> "disables" encryption for the frame specficially. Sorry! >> Hmm, but why? 802.11 explicitly says EAPOL frames are _not_ to be >> encrypted, IIRC? > No, I'm confused now, let me think about this. There's something with > WPA1 and WPA2 as well, I think? wpa_s only sets > NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT for non-WPA though ... > > Or maybe WAPI was the one that said it should *not* be encrypted. Some quotes from 802.11-2016... 12.6.9: The MAC does not distinguish between MSDUs for the Controlled Port, and MSDUs for the Uncontrolled Port. In other words, EAPOL-Start frames and EAPOL-Key frames are encrypted only after invocation of the MLME-SETPROTECTION.request primitive. 4.10.3.2 Installing the PTK [...] causes the MAC to encrypt and decrypt all subsequent MSDUs irrespective of their path through the controlled or uncontrolled ports My understanding is that the only reason to explicitly disable encryption for EAPoL is to workaround the race conditions. _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
