On Wed, 2012-07-04 at 15:00 +0200, Nicolas Cavallari wrote:
> > + else if (ieee80211_is_robust_mgmt_frame(hdr) &&
> > + (!ieee80211_is_action(hdr->frame_control) ||
> > + !tx->sta || !test_sta_flag(tx->sta, WLAN_STA_MFP)))
> > + tx->key = NULL;
>
> I would have written that more like
>
> is_robust_mgmt && !(is_action && tx->sta && test_sta_flag(mfp))
>
> So it's more clear that we drop action frames to mfp stas, as per the spec.
Yeah, makes sense. I was translating it directly.
> > + else {
> > +
> > I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
> > return TX_DROP;
>
> is that blank line needed ?
Err, no :-)
> >> Do you want to apply it yourself ? or should i include it in a series ?
> >
> > Then ... probably easiest for you to include it so you can work on top.
> > Here's a version with commit log:
> > http://p.sipsolutions.net/17ea0ebece544a59.txt
> >
>
> Ok. will send a series with this patch modified once i test it and my
> new patch version.
Great, thanks.
> >>> The whole drop_unencrypted seems strange to start with though...
> >>
> >> what to you find strange ? that it is not used in a ESS, or how it works
> >> ? or both ?
> >
> > The way it's used/works/isn't used.
>
> From what i understand, data frames to unauthorized stations are dropped
> well before selecting the encryption key. as stations are authorized
> after or at the same time their encryption key are set, it somewhat
> works. But for MFP, i'm not sure. I think that drop_unencrypted is
> mistaken for "drop_unencrypted_management" there.
> But i'm not an MFP expert.
>
> I'm not sure if we should just add a separate
> drop_unencrypted_management, or just replace drop_unencrypted with
> drop_unencrypted_management. But in a IBSS with RSN, if wpa_supplicant
> isn't recent enough, stations are always authorized by default. so
> drop_encrypted is required in this case.
Ok ...
I guess I'll have to let Jouni comment on this, right now I'm not much
less confused than before :-)
johannes
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
