> Actually I've misled you a bit. This is defined by IEEE 802.11i in > section TSN Transition Security Network. Where legacy WEP-only STA and > RSN-enabled station can coexists. In this case Legacy stations use > static WEP key and RSN enabled station uses more advanced security > setting. RSN enabled station will be configured with WEP as a group > cipher (spec name) > > Here is a quote from the spec.. there is much more about it it's a bit > spread in the spec. > > 3.123 Transition Security Network (TSN): A Security Network which > allows the creation of Pre-Robust > Security Network Associations as well as Robust Security Network > Associations. A TSN can be identified > by the indication in the RSN IE of Beacons that the group cipher suite > in use is WEP. Huh ok. But how would the WEP legacy station be able to determine that? Or does it just try to use WEP and succeed? TBH, I was unaware that this existed, this does make it a bit more of a problem than I thought then. > > > > Note that there's another case in AP mode where bc/mc keys are TX-only, > > > > those are added with a zeroed MAC address. > > > > I would prefer also in this case a clear flag rather then playing with > > > ambiguity of destination address. > > On second thought is that AP has only TX group key while STA has only > RX group key so I > m not seeing here any need for flag. Hm, well, I didn't really want to require the driver to keep track of the current operating mode, so that's why I used 00:...:00 vs. FF:...:FF for the group keys. > > Yes, that would indeed help. Except that WEXT can't actually give you > > the distinction so discussing these points right now is pretty moot when > > we can't even do it properly as far as I can tell. Might be possible to > > infer the information with the key management enabled flag thing... > > You have encode ioctl which is called only for static/legacy WEP or > you use CIPHER_NONE for when using encodeext > For WEP in Pairwise and Group Key you use WEP40/104 Is that really done though? I mean, does wpa_supplicant not also use encodeext for WEP keys? > /* IW_AUTH_PAIRWISE_CIPHER and IW_AUTH_GROUP_CIPHER values (bit field) */ > #define IW_AUTH_CIPHER_NONE 0x00000001 > #define IW_AUTH_CIPHER_WEP40 0x00000002 > #define IW_AUTH_CIPHER_TKIP 0x00000004 > #define IW_AUTH_CIPHER_CCMP 0x00000008 > #define IW_AUTH_CIPHER_WEP104 0x00000010 > > It's not well defined in wext but we can at least define the interface > from mac80211 point of view. True. So what change do we need? johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
