On Sun, Mar 01, 2020 at 08:33:30PM +0000, Peer, Ilan wrote: > I think I understand your concern now. At least from what I can tell about > mac80211 it does not have any handling for such a case, i.e., not allow any > group addressed frames. I do not know how other drivers would handle this. I think the only safe way to do this is to configure a random IGTK so that the drivers would not need to have any special handling for this. > I can change the implementation so this would be allowed only in the case of > PASN. This should be simple enough. If you want me to do it differently let me > know. It's a bit ugly in the generic parser function, but I guess that's fine as an initial step. That said, it probably makes sense to extend non-PASN PMF case to support no-BIP-used option as well even if that has not really been used so far. Though, I'm not sure there is any easy way of deploying this on the AP side if most already deployed STAs reject such configuration in practice and won't connect. I'll try to remember to bring this up in the REVmd (and/or P802.11az) discussions as well to get the standard clear on what to expect as allowed set of cipher suite selectors for the different cases using the group management cipher. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
