On 9/26/07, Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote: > On Wed, 2007-09-26 at 01:24 +0200, Tomas Winkler wrote: > > > EAPOL frames should not be filtered out. Everything else should be filtered out > > except EAPOL frames till the port is open. > > Right now though, when we're an AP, we're sending EAPOL frames to the > mgmt interface instead of the regular 802.3 interface. This quite sucks > wrt. deagg. But it's also very weird, look at ieee80211_rx_h_802_1x_pae. > It sends > * eapol frames for non-STA interfaces that are for us -> mgmt iface > * non-eapol frames from unauthorized STAs -> bitbucket > * everything else -> the regular 802.3 interface > > Right afterwards, unencrypted non-EAPOL frames are dropped. > > So any STA can actually send EAPOL frames with an arbitrary destination > MAC address except our own into our 802.3 interface. Hence, it looks > like the first case above is only for having eapol on mgmt iface. > > The only problem I see with not doing this is that hostapd will have to > listen for EAPOL frames on all VLAN interfaces but I suppose that is > doable. > I wonder of port control is done for ethernet. 1X is not WLAN invention. I'll try to dig it. > > The problem is the order of the handlers. First you need to > > deaggregated the frame then filtered out non EAPLOL frames if the port > > is not open. > > Yeah, I know, I had a plan a while back, will see if I can implement it. > Hope to get there as well in near future. > johannes > > - To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
