On Fri, 2011-03-04 at 11:45 -0800, Javier Cardona wrote: > I thought the RSN parsing was required at least for the case where a > station is open and discovers another station. If the other station > wants security, we (the open mesh) should leave that station alone. > But I guess the same can be achieved by just detecting the presence of > an RSN IE without parsing it (there was logic for that already). Right. > So, in summary, you are suggesting that we pass the kernel something > like dot11MeshSecurityActivated when joining the mesh, in addition to > the RSN IE. And use the presence of the RSN IE in received beacons to > determine if other nodes have their security activated or not. Yes. > > Actually, looking at your patch in more detail, it would seem like it > > allows somebody to hijack the mesh by pretending it is an open network. > > If the RSN IE isn't present, mesh_neighbour_update() gets passed false > > for the rsn_enabled parameter -- even if the mesh should be secure -- > > and then the peer would be allowed to join just because it said it > > didn't support RSN. Surely in that case it shouldn't be allowed to join? > > You are right. We would need to check if security is enabled before > creating a peer with no RSN info. Right -- we just check our own dot11MeshSecurityActivated, and if so never create a peer but let userspace handle it. And if that is false, we create a peer if (and only if) it has no RSN information. johannes -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html