On Fri, Jan 03, 2020 at 04:17:41PM +0100, Markus Theil wrote: > From: Brendan Jackman <brendan.jackman@xxxxxxxxxxxxxxxxx> > > Linux kernel v4.17 added the ability to request sending control port > frames via NL80211 instead of a normal network socket. Doing this > provides the device driver with ordering information between the > control port frames and the installation of keys. This empowers it to > avoid race conditions between, for example, PTK replacement and the > sending of frame 4 of the 4-way rekeying handshake in an RSNA. The > key difference between a TX_CONTROL_PORT and normal socket send is > that the device driver will certainly get any EAPoL frames comprising > a 4-way handshake before it gets the key installation call > for the derived key. By flushing its TX buffers it can then ensure > that no pending EAPoL frames are inadvertently encrypted with a key > that the peer will not yet have installed. > > This patch adds a TX_CONTROL_PORT flag to the hostap driver API to report > that it supports, for a given device, a new operation called > tx_control_port. This operation is exactly like an ethernet send except > for the extra ordering information it provides for device drivers. The > nl80211 driver is updated to support this operation when the device > reports the CONTROL_PORT_OVER_NL80211 extended feature. Finally the RSN > supplicant system is updated to use this new operation for sending > EAPoL-Key frames when the driver reports that it is available; otherwise > falling back to a normal ethernet TX. > > There may be other cases than these EAPoL-Key frames that would benefit > from using the new operation but I do not know of them. .. Thanks, applied with cleanup and changes to make this apply to all EAPOL frames. There is no benefit from trying to limit this to only EAPOL-Key frames; that makes it just more complex to understand what is happening. In fact, that actually simplifies the implementation significantly since it eliminates need for the separate new tx_control_port() handler in the EAPOL state machines. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
