On Sun, Oct 28, 2007 at 06:54:45PM +0100, Johannes Berg wrote: > Hmm. Is there a good explanation of all these values? I still haven't > understood what all the IW_AUTH_* means. I'm fairly sure though that > this particular instance hasn't changed in terms of behaviour since the > original devicescape code (not that this means it's bug-free, of course) The only documentation for these that I'm aware of is linux/wireless.h. The original code was not doing this right either (it was implemented before WE-18, if I remember correctly). The odd part is that I'm sure this used to work long time ago.. IW_AUTH_* values were designed to provide mechanism for notifying the driver on number of parameters related to authentication (and association, in practice). WPA_VERSION, CIPHER_PAIRWISE, CIPHER_GROUP, KEY_MGMT, 80211_AUTH_ALG, WPA_ENABLED, PRIVACY_INVOKED are parameters describing the enabled security configuration for associations. Number of these parameters are bitfields and can include multiple enabled modes (e.g., both TKIP and CCMP could be allowed as the group cipher). I would assume most of these parameters be obvious from the field and bitfield value names. PRIVACY_INVOKED is describing whether any sort of encryption is to be used (boolean). If mixed-cell mode (for which there does not seem to be configuration options in WE) is enabled, any privacy flag combination is allowed. If mixed-cell is disabled, the PRIVACY_INVOKED has to match with the Privacy flag advertized in the Beacon/ProbeRsp frames. TKIP_COUNTERMEASURES is used to notify the driver of a two Michael MIC failures within 60 seconds to trigger TKIP countermeasures (i.e., disable all TKIP encryption/decryption and prevent new associations that would use TKIP). For client mode, it is also possible that this is implemented in the driver, so some drivers do not need this. Anyway, for AP mode, the notification is needed since the driver would not get notifications of MIC errors detected at clients (which are reported to the AP in EAPOL-Key frames). DROP_UNENCRYPTED is a flag for configuring whether any unencrypted non-EAPOL data frames are allowed through. There is a MIB variable for this for WEP, but this is of limited use nowadays. I would expect all WPA configuration to prevent unencrypted data frames (apart from initial EAPOL frames) anyway. RX_UNENCRYPTED_EAPOL is used to configure whether unencrypted EAPOL frames are to be received when pairwise keys are set. This is needed for IEEE 802.1X (i.e., non-WPA) which never encrypted EAPOL frames. With WPA, EAPOL frames are encrypted when pairwise keys are set and as such, unencrypted EAPOL frames should be dropped after the pairwise keys are configured. ROAMING_CONTROL can be used to enable/disable roaming decision in the driver/firmware. The original need for this came from the Prism2 firmware design that has a configuration option for indicating which component is responsible for roaming (selecting a new BSS if the current one is likely to end up getting out of range). -- Jouni Malinen PGP id EFC895FA - To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
