On Sat, 2018-08-18 at 22:53 +0200, Alexander Wetzel wrote: > > This looks good to me from a userspace perspective. I will try to > > implement support for this in iwd soon to give you a prototype to play > > with. > > Sounds promising, thank you! > > I'm still unsure if we really need the API changes to fix that issue: > "Tagging" the new requirements to current set_key calls would also work. > With the downside that there would be no way to detect "broken" > drivers... replace_key is basically only there to differentiate between > audited/fixed drivers and those not. > > But since my current impression is, that ptk rekeys are mostly broken > independent of mac80211 or even linux a driver flag signaling support > for it sounds like a good idea regardless how we want to fix the issue > in mac80211. Just wondering if we should name it differently for that > and I'm considering renaming it to NL80211_EXT_FEATURE_CAN_REKEY_PTK0 in > the next patch. And then keep set_key() for both, rather than adding replace_key()? Seems reasonable to me, I guess. > As for mac80211 driver status: > The only known "really broken" driver at the moment is ath9k. With > iwlwifi, - and less thorough tested - ath10k to be ok from a driver > point of view. (ath9k needs just a driver flush as minimal fix.) iwlwifi is also broken for CCMP-256/GCMP keys, so the situation is slightly more complex. johannes