On Mon, May 25, 2020 at 11:49:56AM +0200, Johannes Berg wrote: > On Mon, 2020-05-25 at 11:31 +0200, Stanislaw Gruszka wrote: > > On Mon, May 25, 2020 at 11:15:29AM +0200, Johannes Berg wrote: > > > On Sun, 2020-05-24 at 14:39 +0200, Stanislaw Gruszka wrote: > > > > > And once mac80211 is smart enough to make those decisions, couldn't we > > > > > just enable MFP by default? > > > > > > For the record, I don't think we'd really want to add such a thing to > > > mac80211 ... easier done in the driver. > > > > > > > If we will have indicator from mac80211 that MFP is configured, we can > > > > just return -EOPNOTSUPP from rt2x00mac_set_key() for CCMP and that will > > > > make MFP work without specifying nohwcrypt module parameter - software > > > > encryption will be used anyway. > > > > > > Not sure mac80211 really knows? Hmm. > > > > After looking at this a bit more, seems we have indicator of MFP being > > used in ieee80211_sta structure. > > Yeah, where's my head ... sorry. > > > So maybe adding check like below > > will allow to remove nohwcrypt rt2x00 requirement for MFP ? > > Seems reasonable, but will still do _everything_ in software for such > connections. Still better than not connecting, I guess. Yeah, and at least without nohwcrypt=y we can still use HW encryption for non-MFP stations. Rui, feel free to repost your patch with additional sta->mfp check. If someone is willing to implement mt76 approach to have HW encryption offload for MFP+CCMP, I'll be happy to review patch. From other hand, most people will use MFP with modern ciphers anyway, so I'm not sure how much need is for such patch. Stanislaw
