Re: External authentication in driver-based AP SME mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Dec 23, 2019 at 5:59 PM Jouni Malinen <j@xxxxx> wrote:
>
> On Mon, Nov 04, 2019 at 08:04:05AM +0900, 이세문 wrote:
> > Recently, I've adjusted wpa_supplicant 2.8 to my project and met an
> > weird issue when I tried to connect two devices as p2p mode. Anyway,
> > I've found that the patch which is related to the external
> > authentication support is related to the issue.
> >
> > https://w1.fi/cgit/hostap/commit/?id=236e793e7b8b96f7ad3e9aa3ea83b7c7c83b43fa
> >
> > It changed to call nl80211_register_frame of WLAN_FC_STYPE_AUTH when
> > bss->drv->device_ap_sme is true. What I want to know is that if
> > WLAN_FC_TYPE_AUTH should be registered always when
> > bss->drv->device_ap_sme is true. I thought that it might be added for
> > supporting SAE, but my driver doesn't work properly because
> > WLAN_FC_TYPE_AUTH is registered even when I don't use SAE.
>
> Which driver is this and can you please provide more details on how it
> does not work with frame registration?

I use SC2331 chipset and the driver sets bss->drv->device_ap_sme as true.

>
> This registration to process Authentication frames is used for SAE
> external authentication, but there may not be very convenient capability
> indication today in nl80211 that would make it easy to make the
> registration conditional since this functionality is depending more on
> the driver indicating the need to process a specific Authentication
> frame in user space when that need occurs and user space indicating that
> there is support for this capability when starting the AP.
>

I thought I may be able to use bss->drv->capa.key_mgmt value for
checking if it supports WPA_DRIVER_CAPA_KEY_MGMT_SAE to determine if
WLAN_FC_TYPE_AUTH should be registered. Would it be reasonable
approach?


> Presence of NL80211_CMD_EXTERNAL_AUTH handler might be usable as an
> extra condition for this even though it is really documented for station
> mode.. That command is used in AP mode as well, so I think this would
> not break the offload case. However, this would not cover a case of a
> driver that uses external auth in station mode, but not in AP mode,
> should there be such a combination.
>
> --
> Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux