On Mon, 2007-08-13 at 13:46 +0300, Tomas Winkler wrote: > I think it was a polite query I've made, don't see any reason to use > this language. If you precept it otherwise I apologize it wasn't my > intention. Apologies. I seriously don't understand that comment though, the patch didn't touch the management interface at all, in fact it renamed only a few variables and changed EAPOL frame receiving from using the management interface to the ethernet framed interface. > They have management meaning. So it was appropriate to route them > through management interface rather then from data interface. I'm not sure we understand each other. The only thing I changed with this patch and the corresponding kernel patch is that all data frames including those that are used for management purposes are now routed through the data interface. Why do you think that is wrong? Reordering your mail a bit, you also said > On the contrary what I'm saying that EAPOL packets are the only data > packets that should go up until handshake is done. which seems to agree with me. You can achieve the effect of letting *only* EAPOL packets through by setting the 802.1X protection parameter on the network interface via the private prism ioctl, hostapd doesn't seem to do that unless explicitly requested though. The actual technical reason for doing is that subsequent patches totally remove the management interface and on the monitor interface the EAPOL frames show up undecrypted. johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
