Hi Alexander, On 08/14/2018 05:42 AM, Alexander Wetzel wrote:
Drivers able to correctly replace a in-use key should set NL80211_EXT_FEATURE_ATOMIC_KEY_REPLACE to allow the userspace (e.g. hostapd or wpa_supplicant) to rekey PTK keys. The userspace must detect a PTK rekey attempt and only go ahead with the rekey when the driver has set this flag. If the driver is not supporting the feature the userspace either must not replace the PTK key or perform a full re-association. Ignoring this flag and continuing to rekey the connection can still work but has to be considered insecure and broken. It can leak cleartext packets or freeze the connection and is only supported to allow the userspace to be updated. Signed-off-by: Alexander Wetzel <alexander@xxxxxxxxxxxxxx> --- include/uapi/linux/nl80211.h | 6 ++++++ 1 file changed, 6 insertions(+)
This looks good to me from a userspace perspective. I will try to implement support for this in iwd soon to give you a prototype to play with.
Reviewed-by: Denis Kenzior <denkenz@xxxxxxxxx> Regards, -Denis
