Search Linux Wireless

Re: [PATCH 5/9] cfg80211/nl80211: add authorized flag to roaming event

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+ Jouni

On 26-4-2017 12:05, Arend van Spriel wrote:
> Almost overlooked this one. Thanks for the hint, Johannes.
> 
> On 4/26/2017 9:58 AM, Luca Coelho wrote:
>> From: Avraham Stern <avraham.stern@xxxxxxxxx>
>>
>> Drivers that initiate roaming while being connected to a network that
>> uses 802.1X authentication need to inform user space if 802.1X
>> authentication is further required after roaming.
>> For example, when using the Fast transition protocol, roaming within
>> the mobility domain does not require new 802.1X authentication, but
>> roaming to another mobility domain does.
> 
> Not sure about the terminology here. Is "mobility domain" the same as
> "ESS" which stands for extended service set as definced in 802.11
> standard. If so, I would prefer use of that term here.
> 
>> In addition, some drivers may not support 802.1X authentication
>> (so it has to be done in user space), while other drivers do.
>>
>> Add a flag to the roaming notification to indicate if user space is
>> required to do 802.1X authentication after the roaming or not.
>> This flag will only be used for networks that use 802.1X
>> authentication. For networks that do not use 802.1X authentication it
>> is assumed that no further action is required from user space after
>> the roaming notification.
>>
>> Signed-off-by: Avraham Stern <avraham.stern@xxxxxxxxx>
>> Signed-off-by: Luca Coelho <luciano.coelho@xxxxxxxxx>
>> ---
>>   include/net/cfg80211.h       |  4 ++++
>>   include/uapi/linux/nl80211.h | 14 ++++++++++++++
>>   net/wireless/nl80211.c       |  4 +++-
>>   net/wireless/sme.c           |  1 +
>>   4 files changed, 22 insertions(+), 1 deletion(-)
>>
>> diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
>> index 115f6fc5a34d..f9f4fde2dc09 100644
>> --- a/include/net/cfg80211.h
>> +++ b/include/net/cfg80211.h
>> @@ -5384,6 +5384,9 @@ cfg80211_connect_timeout(struct net_device *dev,
>> const u8 *bssid,
>>    * @req_ie_len: association request IEs length
>>    * @resp_ie: association response IEs (may be %NULL)
>>    * @resp_ie_len: assoc response IEs length
>> + * @authorized: true if the 802.1X authentication was done by the
>> driver or is
>> + *    not needed (e.g., when Fast Transition protocol was used), false
>> + *    otherwise. Ignored for networks that don't use 802.1X
>> authentication.
> 
> It is not ignored in this patch so it is expected user-space behavior
> you are describing, which is not really needed here in cfg80211 driver api.
> 
>>    */
>>   struct cfg80211_roam_info {
>>       struct ieee80211_channel *channel;
>> @@ -5393,6 +5396,7 @@ struct cfg80211_roam_info {
>>       size_t req_ie_len;
>>       const u8 *resp_ie;
>>       size_t resp_ie_len;
>> +    bool authorized;
>>   };
>>     /**
>> diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
>> index 6095a6c4c412..7bdbce7c4147 100644
>> --- a/include/uapi/linux/nl80211.h
>> +++ b/include/uapi/linux/nl80211.h
>> @@ -546,6 +546,12 @@
>>    *    well to remain backwards compatible.
>>    * @NL80211_CMD_ROAM: request that the card roam (currently not
>> implemented),
> 
> Do we want to keep this comment about the request scenario. Is it likely
> implemented soon/ever?
> 
>>    *    sent as an event when the card/driver roamed by itself.
>> + *    When used as an event, and the driver roamed in a network that
>> requires
>> + *    802.1X authentication, %NL80211_ATTR_CONNECTION_AUTHORIZED
>> should be set
>> + *    if the 802.1X authentication was done by the driver or if
>> roaming was
>> + *    done using Fast Transition protocol (in which case 802.1X
>> authentication
>> + *    is not needed). If %NL80211_ATTR_CONNECTION_AUTHORIZED is not set,
>> + *    user space is responsible for the 802.1X authentication.
> 
> Would you consider using NL80211_ATTR_PORT_AUTHORIZED instead referring
> to the 802.1X port entities.

In wpa_supplicant the function mlme_event_connect() is used to process
NL80211_CMD_CONNECT and NL80211_CMD_ROAM events. The latter is actually
used for processing QCA vendor specific event, which passes a nlattr
called authorized to the function. It is typed as u8:

	if (authorized && nla_get_u8(authorized)) {
		event.assoc_info.authorized = 1;
		wpa_printf(MSG_DEBUG, "nl80211: connection authorized");
	}

Not really a good argument, but choosing the same type for the new
attribute would make supporting it relatively easy.

Regards,
Arend



[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux