On Friday 10 August 2007 16:31, Volker Braun wrote:
> This patch fixes my problems with "dynamic wep" (widely used in
> universities), and I can now successfully associate and transfer
> data using mac80211+iwl4965. Main changes:
> 1) Allow privacy mismatch until associated
> 2) Decrypt unicast frames with the per-STA key, not making any
> assumptions about it being key index 0.
>
> Signed-off-by: Volker Braun <volker.braun@xxxxxxxxxxxxxxxxxxx>
> ---
Hm, you somehow got a copy of this to me without actually putting me on the CC
list.. you should probably use CC instead.
> -0400 @@ -357,7 +357,7 @@ struct ieee80211_cts {
> #define WLAN_CAPABILITY_IBSS (1<<1)
> #define WLAN_CAPABILITY_CF_POLLABLE (1<<2)
> #define WLAN_CAPABILITY_CF_POLL_REQUEST (1<<3)
> -#define WLAN_CAPABILITY_PRIVACY (1<<4)
> +#define WLAN_CAPABILITY_PRIVACY (1<<4) /* Force WEP on data packets */
Anyone interested in what this bit is can read the spec. Also, your comment is
inaccurate, as this bit is not specific to WEP.
> + if (rx->fc & IEEE80211_FCTL_PROTECTED && /* WEP */
Inaccurate and unnecessary comment.
> - if (keyidx >= 0 && keyidx < NUM_DEFAULT_KEYS &&
> - (!rx->sta || !rx->sta->key || keyidx > 0))
> - rx->key = rx->sdata->keys[keyidx];
So it looks like the keyidx > 0 check here is the source of the RX problems. I
think we can store the keyidx of the individual key to compare against
instead of assuming all individual keys have a keyidx of 0.
> -0400 @@ -1131,10 +1131,11 @@ static int ieee80211_privacy_mismatch(st
> bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
> if (!bss)
> return 0;
> -
> - if (ieee80211_sta_wep_configured(dev) !=
> - !!(bss->capability & WLAN_CAPABILITY_PRIVACY))
> - res = 1;
> +
> + if (ifsta->associated && ieee80211_sta_wep_configured(dev) !=
> + !!(bss->capability & WLAN_CAPABILITY_PRIVACY)) {
> + res = 1; /* associated and WEP encryption mismatch */
> + }
Another unneeded comment. Don't add braces when it's not needed.
This part seems fairly evil. I suspect a better solution here is to allow
unencrypted frames when the interface is dormant (netif_dormant()) and then
we might be able to get rid of the specific check for WEP.
-Michael Wu
Attachment:
pgpL7ywdc0wRh.pgp
Description: PGP signature
