> > You need only one unicast key for pairwise key. 4 keys are used only > > for static WEP key. > > For pairwise/dynamic WEP and TKIP you use key index in the packet but > > it changes only when supplicant change the key it self. You don't have > > the key alive in driver. > > No, that's not true, due to rekeying concerns you actually can have more > than one group key at the same time in the driver/hardware. I wasn't aware of this race in rekeying. I will investigate this. Anyhow rekeying can also happing also for unicast keys. > > > BSS defines security setting which defined by key management for > > pairwise and group key + cipher method for both . > > You can run multiple SSIDs over single single BSSID. This is done > > using VLANs > > Actually, we don't support that in mac80211. Last time I worked on AP project it worked. It was older mac hopefully it's not totally broken And the way I understand > VLANs they are simply done by negotiating different group keys with > different groups of stations each forming a VLAN. We are saying the same. That's okay. > > > So you can maintain multiple security settings in for one > > AP. However this is not possible when using static WEP since the key > > is global and the key is not attached to any address. > > > > There are more details into it I'm sorry if I'm not 100 clear here. > > The bottom line is that you don't need more 4 WEP keys both in AP and > > station mod. Same you need to maintain only one pairwise key for > > station both in AP and STA mode. In AP mode you need to maintain also > > one group key for each station because of the case of multiple SSIDs. > > Except the group keys don't really matter for an AP since they're TX > only, which is why we add them with a zeroed MAC address and can only > select them for TX . Zero address again :) > > > > Nop. Still you can have <WEP, WEP> for <pairwise,group key> valid > > setting - This is not static key. The two keys may differ. Under your > > assumption the group key will override pairwise key > > Hm, ok. So I suppose the only way to determine "static" right now would > be to check that no pairwise keys are configured at all. I'm not sure if I follow here but I think the simples way to determine if static key is set is to set static_key flag to 1. I don't see any reason this can be directly detected from the configuration. Tomas > johannes > -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
