On Mon, 2020-05-25 at 11:31 +0200, Stanislaw Gruszka wrote: > On Mon, May 25, 2020 at 11:15:29AM +0200, Johannes Berg wrote: > > On Sun, 2020-05-24 at 14:39 +0200, Stanislaw Gruszka wrote: > > > > And once mac80211 is smart enough to make those decisions, couldn't we > > > > just enable MFP by default? > > > > For the record, I don't think we'd really want to add such a thing to > > mac80211 ... easier done in the driver. > > > > > If we will have indicator from mac80211 that MFP is configured, we can > > > just return -EOPNOTSUPP from rt2x00mac_set_key() for CCMP and that will > > > make MFP work without specifying nohwcrypt module parameter - software > > > encryption will be used anyway. > > > > Not sure mac80211 really knows? Hmm. > > After looking at this a bit more, seems we have indicator of MFP being > used in ieee80211_sta structure. Yeah, where's my head ... sorry. > So maybe adding check like below > will allow to remove nohwcrypt rt2x00 requirement for MFP ? Seems reasonable, but will still do _everything_ in software for such connections. Still better than not connecting, I guess. johannes
