All of lore.kernel.org
 help / color / mirror / Atom feed
* brcmfmac: Getting IEs from CMD_ROAM
@ 2021-03-11 22:00 James Prestwood
  2021-03-11 22:54 ` James Prestwood
  0 siblings, 1 reply; 2+ messages in thread
From: James Prestwood @ 2021-03-11 22:00 UTC (permalink / raw)
  To: linux-wireless

Hi,

Adding FW roaming support to IWD has led me down this rabbit hole with
CMD_ROAM, and I am attempting to understand how wpa_supplicant handles
this. The brcmfmac card I am using sends a CMD_ROAM event which
contains some response IEs but no RSN element (nor any scan information
like frequency, rssi, etc, thats another topic). This prevents the
supplicant from being able to complete the 4-way handshake.

Now, I have a dirty hack to re-use the previous BSS's RSN element which
*works* but this will break e.g. roaming between WPA1 <-> WPA2, plus
802.11 requires that the authenticator IE is verified during the 4-way, 
which cant reliably happen if we just use an arbitrary RSN element from
another BSS.

Is this a known issue? I'm trying to read the code in wpa_supplicant
and its making my head spin. It does attempt to parse the RSN element
from CMD_ROAM, but I expect that fails since its not included. If it
doesn't get it from CMD_ROAM where does it get it from? Or does it
spoof it like I am?

Thanks,
James


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: brcmfmac: Getting IEs from CMD_ROAM
  2021-03-11 22:00 brcmfmac: Getting IEs from CMD_ROAM James Prestwood
@ 2021-03-11 22:54 ` James Prestwood
  0 siblings, 0 replies; 2+ messages in thread
From: James Prestwood @ 2021-03-11 22:54 UTC (permalink / raw)
  To: linux-wireless

Sorry for the noise, apparently you do a GET_SCAN after CMD_ROAM to
obtain this info. I'll be writing a docs change soon to describe this.

On Thu, 2021-03-11 at 14:00 -0800, James Prestwood wrote:
> Hi,
> 
> Adding FW roaming support to IWD has led me down this rabbit hole
> with
> CMD_ROAM, and I am attempting to understand how wpa_supplicant
> handles
> this. The brcmfmac card I am using sends a CMD_ROAM event which
> contains some response IEs but no RSN element (nor any scan
> information
> like frequency, rssi, etc, thats another topic). This prevents the
> supplicant from being able to complete the 4-way handshake.
> 
> Now, I have a dirty hack to re-use the previous BSS's RSN element
> which
> *works* but this will break e.g. roaming between WPA1 <-> WPA2, plus
> 802.11 requires that the authenticator IE is verified during the 4-
> way, 
> which cant reliably happen if we just use an arbitrary RSN element
> from
> another BSS.
> 
> Is this a known issue? I'm trying to read the code in wpa_supplicant
> and its making my head spin. It does attempt to parse the RSN element
> from CMD_ROAM, but I expect that fails since its not included. If it
> doesn't get it from CMD_ROAM where does it get it from? Or does it
> spoof it like I am?
> 
> Thanks,
> James
> 


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-03-11 22:55 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-11 22:00 brcmfmac: Getting IEs from CMD_ROAM James Prestwood
2021-03-11 22:54 ` James Prestwood

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.