I'm working on IEEE 802.11w support for mac80211 and my current code is in a state that allows both unicast and multicast/broadcast management frames to be protected (with CCMP and BIP/AES-CMAC, respectively). I'll clean up the patches a bit and send the first version for commenting in the near future. However, even before the patches are available, there is one area that could benefit from comments. hostapd is currently using a monitor interface to inject management frames. This seems to work fine for unencrypted frames, but at least BIP protection of broadcast/multicast management frames does not work without some hacks.. The problem here is that the default TX key is configured for the main data interface (wlan0) while the injected frame is coming from the monitor interface (mon.wlan0). ieee80211_tx_h_select_key() does not find the default key for management frames and consequently, the frame ends up going out without BIP processing. My current workaround is to configure IGTK for both wlan0 and mon.wlan0 in hostapd. This works, but is somewhat undesirable.. Would there be a better way for configuring the default keys (this could apply also for data frames, but at least for IGTK and management frames for the time being), so that they would apply both to frames generated by MLME code in mac80211 (if any; currently there is no broadcast/multicast management frames used and actually, no management frames generated in mac80211 MLME code in AP mode) and monitor interfaces (or something that would replace them for packet injection)? PS. I'm not sure whether this is a bug somewhere in my changes or whether the configuration of default keys for monitor interfaces triggered this, but mac80211 is now leaving behind almost empty debugfs ieee80211/phy# directories. The only thing remaining in that directory is an empty netdev:mon.wlan0 subdirectory, so it looks like something fails to remove said subdirectory and then the phy# directory. -- Jouni Malinen PGP id EFC895FA -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html