> >
> > > BSS defines security setting which defined by key management for
> > > pairwise and group key + cipher method for both .
> > > You can run multiple SSIDs over single single BSSID. This is done
> > > using VLANs
> >
> > Actually, we don't support that in mac80211.
> Last time I worked on AP project it worked. It was older mac hopefully
> it's not totally broken
>
> And the way I understand
> > VLANs they are simply done by negotiating different group keys with
> > different groups of stations each forming a VLAN.
>
> We are saying the same. That's okay.
Well, you were suggesting the use of multiple SSIDs, which we don't
support, we only support VLANs within a BSS/single SSID. Not that I've
been able to test it, hostapd needs radius stuff set up for VLANs...
> > > So you can maintain multiple security settings in for one
> > > AP. However this is not possible when using static WEP since the key
> > > is global and the key is not attached to any address.
> > >
> > > There are more details into it I'm sorry if I'm not 100 clear here.
> > > The bottom line is that you don't need more 4 WEP keys both in AP and
> > > station mod. Same you need to maintain only one pairwise key for
> > > station both in AP and STA mode. In AP mode you need to maintain also
> > > one group key for each station because of the case of multiple SSIDs.
> >
> > Except the group keys don't really matter for an AP since they're TX
> > only, which is why we add them with a zeroed MAC address and can only
> > select them for TX
> .
> Zero address again :)
>
> >
> >
> > > Nop. Still you can have <WEP, WEP> for <pairwise,group key> valid
> > > setting - This is not static key. The two keys may differ. Under your
> > > assumption the group key will override pairwise key
> >
> > Hm, ok. So I suppose the only way to determine "static" right now would
> > be to check that no pairwise keys are configured at all.
>
> I'm not sure if I follow here but I think the simples way to determine
> if static key is set is to set static_key flag to 1. I don't see any
> reason this can be directly detected from the configuration.
Right. I was just saying that the way it currently is I think you could
detect it that way. b43 simply assumes WEP keys are always 'static'
which seems to mostly work well in practice.
I suppose then set_key needs a new argument key_type:
enum ieee80211_key_type {
KEY_TYPE_PAIRWISE,
KEY_TYPE_GROUP,
KEY_TYPE_TXONLY, /* group key in an AP */
KEY_TYPE_STATIC,
}
where the MAC address pointer would only be non-NULL when the key type
is PAIRWISE, and STATIC can only be used for WEP keys.
johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
