* [PATCH] mac80211: skip mpath lookup also for control port tx
@ 2020-06-11 16:44 Markus Theil
2020-06-12 9:45 ` Markus Theil
0 siblings, 1 reply; 2+ messages in thread
From: Markus Theil @ 2020-06-11 16:44 UTC (permalink / raw)
To: johannes; +Cc: linux-wireless, Markus Theil
When using 802.1X over mesh networks, at first an ordinary
mesh peering is established, then the 802.1X EAPOL dialog
happens, afterwards an authenticated mesh peering exchange
(AMPE) happens, finally the peering is complete and we can
set the STA authorized flag.
As 802.1X is an intermediate step here and key material is
not yet exchanged for stations we have to skip mesh path lookup
for these EAPOL frames. Otherwise the already configure mesh
group encryption key would be used to send a mesh path request
which no one can decipher, because we didn't already establish
key material on both peers, like with SAE and directly using AMPE.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
---
net/mac80211/tx.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index e9ce658141f5..c87472c0239f 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -576,7 +576,8 @@ ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
if (unlikely(tx->sdata->control_port_protocol == tx->skb->protocol)) {
if (tx->sdata->control_port_no_encrypt)
info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
- info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
+ info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO |
+ IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP;
info->flags |= IEEE80211_TX_CTL_USE_MINRATE;
}
@@ -5370,8 +5371,10 @@ int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev,
proto != cpu_to_be16(ETH_P_PREAUTH))
return -EINVAL;
- if (proto == sdata->control_port_protocol)
- ctrl_flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
+ if (proto == sdata->control_port_protocol) {
+ ctrl_flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO |
+ IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP;
+ }
if (unencrypted)
flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
--
2.27.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] mac80211: skip mpath lookup also for control port tx
2020-06-11 16:44 [PATCH] mac80211: skip mpath lookup also for control port tx Markus Theil
@ 2020-06-12 9:45 ` Markus Theil
0 siblings, 0 replies; 2+ messages in thread
From: Markus Theil @ 2020-06-12 9:45 UTC (permalink / raw)
To: johannes; +Cc: linux-wireless
On 6/11/20 6:44 PM, Markus Theil wrote:
> When using 802.1X over mesh networks, at first an ordinary
> mesh peering is established, then the 802.1X EAPOL dialog
> happens, afterwards an authenticated mesh peering exchange
> (AMPE) happens, finally the peering is complete and we can
> set the STA authorized flag.
>
> As 802.1X is an intermediate step here and key material is
> not yet exchanged for stations we have to skip mesh path lookup
> for these EAPOL frames. Otherwise the already configure mesh
> group encryption key would be used to send a mesh path request
> which no one can decipher, because we didn't already establish
> key material on both peers, like with SAE and directly using AMPE.
I found issues with the non nl80211 tx path. Please drop this version.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-06-12 9:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-11 16:44 [PATCH] mac80211: skip mpath lookup also for control port tx Markus Theil
2020-06-12 9:45 ` Markus Theil
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.