On 6/11/20 6:44 PM, Markus Theil wrote: > When using 802.1X over mesh networks, at first an ordinary > mesh peering is established, then the 802.1X EAPOL dialog > happens, afterwards an authenticated mesh peering exchange > (AMPE) happens, finally the peering is complete and we can > set the STA authorized flag. > > As 802.1X is an intermediate step here and key material is > not yet exchanged for stations we have to skip mesh path lookup > for these EAPOL frames. Otherwise the already configure mesh > group encryption key would be used to send a mesh path request > which no one can decipher, because we didn't already establish > key material on both peers, like with SAE and directly using AMPE. I found issues with the non nl80211 tx path. Please drop this version.
