Hi Arend,
On 01/14/2019 02:12 PM, Arend Van Spriel wrote:
On 1/8/2019 6:44 PM, Denis Kenzior wrote:
Hi Arend,
However, there is more to it. When these offloads were introduced, we
discussed about having a PORT_AUTHORIZED event or not. It was decided
passing an attribute in CONNECT and ROAMED event would suffice and
that is what was implemented in brcmfmac. However, it seems time
passed and the need for an explicit PORT_AUTHORIZED was there
(probably Denis knows), which wpa_supplicant now supports thus
ignoring the attribute in the CONNECT and ROAMED events. The brcmfmac
driver was not changed accordingly. For this there are patches
pending in linux-wireless which are necessary to have a working
connection.
Coming in a bit late to this discussion, but it does raise a few
points I wouldn't mind some clarification on:
- With commit 503c1fb98ba3, the kernel effectively changed the
userspace API. So I take it that breaking userspace APIs are OK
sometimes? If so, I have lots of suggestions to make ;)
I bet you do :-p I think the rule of thumb is that there are no drivers
providing the functionality behind the user-space API and/or no
user-space applications are using that API.
Maybe this is a question for Johannes as well, but define 'user-space
applications'? If that includes wpa_s, wasn't the rule of thumb broken
with that commit?
- Is RTNL LINK_MODE / OPER_STATE status being (supposed to be?)
affected by the driver during a roam? E.g. if we're in a 802.1X
network with userspace authentication, and driver roamed requiring a
new 802.1X auth, then in theory the RTNL mode needs to be brought back
out of UP state...
So do you expect the driver/cfg80211 to take care of that or the
supplicant? I assumed wpa_supplicant would be doing that.
With regular roaming where we trigger a Deassociate/Deathenticate
(either explicitly or implicitly) first, the interface goes into dormant
mode by virtue of the carrier going down.
With this it isn't really clear whether the same is happening and who
(kernel/userspace) should be doing what. I would actually assume the
kernel is/should be turning carrier off for the duration of the roam
operation?
- The new API leaves a lot to be desired in terms of race conditions.
For example, how long should userspace wait for EAPoL-EAP packets to
arrive (before triggering its own EAPoL-Start for example) if a
CMD_ROAMED event comes?
I think that question applies to CMD_CONNECT as well, right? Not sure if
the specs provide any guidance for that. I can dive into that, but maybe
someone like Jouni or Johannes know. If so, let me know ;-)
With CMD_CONNECT it is a bit more clear because you're most likely not
specifying a PMKID for the first time, so you expect the authentication
to happen in all cases. If the AP doesn't respond after some small
timeout, the supplicant can send its own EAPoL-Start.
With CMD_ROAMED it is less clear.
- What happens if userspace does send an EAPoL-Start in the middle of
an offloaded 4-way handshake?
Probably those would be dropped.
I would love to have something more definitive than 'Probably', and it
might be worth mentioning this hint in the documentation somewhere.
Regards,
-Denis
