All of lore.kernel.org
 help / color / mirror / Atom feed
From: Alexander Aring <aahringo@redhat.com>
To: Miquel Raynal <miquel.raynal@bootlin.com>
Cc: Alexander Aring <alex.aring@gmail.com>,
	Stefan Schmidt <stefan@datenfreihafen.org>,
	linux-wpan@vger.kernel.org,
	"David S. Miller" <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	Eric Dumazet <edumazet@google.com>,
	netdev@vger.kernel.org, David Girault <david.girault@qorvo.com>,
	Romuald Despres <romuald.despres@qorvo.com>,
	Frederic Blain <frederic.blain@qorvo.com>,
	Nicolas Schodet <nico@ni.fr.eu.org>,
	Guilhem Imberton <guilhem.imberton@qorvo.com>,
	Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Subject: Re: [PATCH wpan-next 0/2] ieee802154: Beaconing support
Date: Mon, 23 Jan 2023 08:50:29 -0500	[thread overview]
Message-ID: <CAK-6q+g9TxtEpELW1GXchBjPq2HD85CAv06VhDKSHjrQmXPCKA@mail.gmail.com> (raw)
In-Reply-To: <20230123134921.38cdfd42@xps-13>

Hi,

On Mon, Jan 23, 2023 at 7:49 AM Miquel Raynal <miquel.raynal@bootlin.com> wrote:
>
> Hi Alexander,
>
> > > btw: what is about security handling... however I would declare this
> > > feature as experimental anyway.
> >
> > I haven't tested the security layer at all yet, would you have a few
> > commands to start with, which I could try using eg. hwsim?
>
> Using the dev_queue_xmit() doest not bypasses the whole stack anymore,
> the beacons got rejected by the llsec layer. I did just hack into it
> just to allow unsecure beacons for now:
>

Stupid questions: do the beacon frames need to be encrypted? Because
we bypass llsec always with those mlme functionality.

btw: there is currently an issue with the llsec hooks. You will not
see the transmit side being encrypted via wireshark (so far I
remember) because the capture is before encryption...

> -       if (hlen < 0 || hdr.fc.type != IEEE802154_FC_TYPE_DATA)
> +       if (hlen < 0 ||
> +           (hdr.fc.type != IEEE802154_FC_TYPE_DATA &&
> +            hdr.fc.type != IEEE802154_FC_TYPE_BEACON))
>                 return -EINVAL;
>
> I believe that would be enough as a first step, at least for merging
> beacons support for now.
>

ok.

> However I'll have to look at the spec about security stuff and
> beaconing to know how to handle this properly if security was required,
> but could you drive me through useful resources were I could quickly
> grasp how all that works? Did you make any presentation of it? Perhaps
> just a blog post or something alike? Or even just a script showing its
> use?
>

I am pretty sure I have something... you need to construct an ACL
there and there exist different methods to do a key lookup. Some are
very easy and some are more difficult to set up. I will look later...
or just do a setup again with hwsim with should work (but again don't
trust wireshark/tcpdump).

Also note: currently there exists practical issues on 802.15.4 stack
(but star topology kind of solves it, so far I understood) to
synchronize security parameters e.g. frame counter.

> While I was looking at linux-wpan.org, I realized we should both
> contribute to it with some examples about security stuff and
> beaconing/scanning?
>

yes, that would be nice... I am pretty sure there are some examples on
the mailinglist archive.

- Alex


  reply	other threads:[~2023-01-23 13:51 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-06 11:31 [PATCH wpan-next 0/2] ieee802154: Beaconing support Miquel Raynal
2023-01-06 11:31 ` [PATCH wpan-next 1/2] ieee802154: Add support for user beaconing requests Miquel Raynal
2023-01-06 11:31 ` [PATCH wpan-next 2/2] mac802154: Handle basic beaconing Miquel Raynal
2023-01-16  1:54 ` [PATCH wpan-next 0/2] ieee802154: Beaconing support Alexander Aring
2023-01-18  9:20   ` Miquel Raynal
2023-01-23 12:49     ` Miquel Raynal
2023-01-23 13:50       ` Alexander Aring [this message]
2023-01-23 14:36         ` Alexander Aring
2023-01-23 14:01     ` Alexander Aring
2023-01-23 14:02       ` Alexander Aring
2023-01-24 10:08         ` Miquel Raynal
2023-01-25  2:31           ` Alexander Aring
2023-01-25  9:59             ` Miquel Raynal
2023-01-27  1:29               ` Alexander Aring
2023-01-27  1:31                 ` Alexander Aring
2023-01-27 19:39                 ` Michael Richardson
2023-01-28  1:57                   ` Alexander Aring
2023-01-30  9:50                     ` Miquel Raynal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAK-6q+g9TxtEpELW1GXchBjPq2HD85CAv06VhDKSHjrQmXPCKA@mail.gmail.com \
    --to=aahringo@redhat.com \
    --cc=alex.aring@gmail.com \
    --cc=davem@davemloft.net \
    --cc=david.girault@qorvo.com \
    --cc=edumazet@google.com \
    --cc=frederic.blain@qorvo.com \
    --cc=guilhem.imberton@qorvo.com \
    --cc=kuba@kernel.org \
    --cc=linux-wpan@vger.kernel.org \
    --cc=miquel.raynal@bootlin.com \
    --cc=netdev@vger.kernel.org \
    --cc=nico@ni.fr.eu.org \
    --cc=pabeni@redhat.com \
    --cc=romuald.despres@qorvo.com \
    --cc=stefan@datenfreihafen.org \
    --cc=thomas.petazzoni@bootlin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.