+list > As mentioned in the commit message, you've pulled Jouni's patch, but applied it > to hwsim only. Yes, intentionally. > Unfortunately, that leaves beacon protection for any "real" driver disabled, so > this new feature will be pretty much unusable and (apart from hwsim for testing) > dead code (for now). Yes, intentionally. It's just barely done with interop testing, to some extent... > I understand the reasoning that it's not clear that drivers can handle this > correctly (i.e., not modify data after it has been signed), but isn't that a bit > too conservative? It's not that "it's not clear". We know for a fact that some drivers (e.g. iwlwifi) cannot handle this correctly. So the only thing we can do is have the drivers advertise when they can do it, which is exactly what all these commits do. > After all, BIGTK/BEACON_PROT will only be used if explicitly turned on, mostly > by hostapd, or any other AP software. In the worst case, i.e., if drivers update > data after the fact, the connection just wouldn't work. That might be > unfortunate, I wouldn't really say "that's unfortunate". That'd be a bug! Also, the intent is that at least wpa_supplicant would automatically enable this if available, once the feature is more mature across various implementations. > but I can at least confirm that ath9k seems to handle this well. Then you should submit a patch to ath9k similar like the one for hwsim to enable it. > I've been using protected management frames with that driver and a patch set > backported to 5.6.x for a few months now without obvious hiccups, so there seem > to at least be some drivers that *do* work. :) > Crucially, though, I don't see any potential for regressions here. If it's > disabled in the AP software, all of this stuff just won't be used, just like it > always has been the case in the past. Otherwise, it *might* be buggy, but you'd > never know. Unless people patch their kernel to enable this feature, they won't > be able to enable and test it in the first place. This will change... > Would you reconsider your decision and enable the feature in net/mac80211/main.c > as well? No. johannes