From: Arend Van Spriel <arend.vanspriel@broadcom.com>
To: Denis Kenzior <denkenz@gmail.com>, Jouni Malinen <j@w1.fi>,
Eric Blau <eblau@eblau.com>
Cc: hostap@lists.infradead.org,
linux-wireless <linux-wireless@vger.kernel.org>,
Johannes Berg <johannes@sipsolutions.net>
Subject: Re: Kernel oops / WiFi connection failure with wpa_supplicant 2.7
Date: Tue, 15 Jan 2019 00:04:24 +0100 [thread overview]
Message-ID: <d5599cf9-5fb4-a68d-dfd9-0d10a6758ae2@broadcom.com> (raw)
In-Reply-To: <206b5ae1-7fcf-9078-8399-2a8f9ff6c211@gmail.com>
On 1/14/2019 10:18 PM, Denis Kenzior wrote:
> Hi Arend,
>
> On 01/14/2019 02:12 PM, Arend Van Spriel wrote:
>> On 1/8/2019 6:44 PM, Denis Kenzior wrote:
>>> Hi Arend,
>>>
>>>> However, there is more to it. When these offloads were introduced,
>>>> we discussed about having a PORT_AUTHORIZED event or not. It was
>>>> decided passing an attribute in CONNECT and ROAMED event would
>>>> suffice and that is what was implemented in brcmfmac. However, it
>>>> seems time passed and the need for an explicit PORT_AUTHORIZED was
>>>> there (probably Denis knows), which wpa_supplicant now supports thus
>>>> ignoring the attribute in the CONNECT and ROAMED events. The
>>>> brcmfmac driver was not changed accordingly. For this there are
>>>> patches pending in linux-wireless which are necessary to have a
>>>> working connection.
>>>>
>>>
>>> Coming in a bit late to this discussion, but it does raise a few
>>> points I wouldn't mind some clarification on:
>>>
>>> - With commit 503c1fb98ba3, the kernel effectively changed the
>>> userspace API. So I take it that breaking userspace APIs are OK
>>> sometimes? If so, I have lots of suggestions to make ;)
>>
>> I bet you do :-p I think the rule of thumb is that there are no
>> drivers providing the functionality behind the user-space API and/or
>> no user-space applications are using that API.
>
> Maybe this is a question for Johannes as well, but define 'user-space
> applications'? If that includes wpa_s, wasn't the rule of thumb broken
> with that commit?
In my previous reply I wanted to add that it would be hard to proof that
no user-space applications are using the API. Not sure exactly when
things were added in wpa_s, but I suspect it was
post-commit-503c1fb98ba3 so it did not have support for the user-space
API before the commit.
>>
>>> - Is RTNL LINK_MODE / OPER_STATE status being (supposed to be?)
>>> affected by the driver during a roam? E.g. if we're in a 802.1X
>>> network with userspace authentication, and driver roamed requiring a
>>> new 802.1X auth, then in theory the RTNL mode needs to be brought
>>> back out of UP state...
>>
>> So do you expect the driver/cfg80211 to take care of that or the
>> supplicant? I assumed wpa_supplicant would be doing that.
>>
>
> With regular roaming where we trigger a Deassociate/Deathenticate
> (either explicitly or implicitly) first, the interface goes into dormant
> mode by virtue of the carrier going down.
>
> With this it isn't really clear whether the same is happening and who
> (kernel/userspace) should be doing what. I would actually assume the
> kernel is/should be turning carrier off for the duration of the roam
> operation?
On what layer do we know 802.1X re-auth is required?
>>> - The new API leaves a lot to be desired in terms of race conditions.
>>> For example, how long should userspace wait for EAPoL-EAP packets to
>>> arrive (before triggering its own EAPoL-Start for example) if a
>>> CMD_ROAMED event comes?
>>
>> I think that question applies to CMD_CONNECT as well, right? Not sure
>> if the specs provide any guidance for that. I can dive into that, but
>> maybe someone like Jouni or Johannes know. If so, let me know ;-)
>
> With CMD_CONNECT it is a bit more clear because you're most likely not
> specifying a PMKID for the first time, so you expect the authentication
> to happen in all cases. If the AP doesn't respond after some small
> timeout, the supplicant can send its own EAPoL-Start.
>
> With CMD_ROAMED it is less clear.
>
>>
>>> - What happens if userspace does send an EAPoL-Start in the middle of
>>> an offloaded 4-way handshake?
>>
>> Probably those would be dropped.
>>
>
> I would love to have something more definitive than 'Probably', and it
> might be worth mentioning this hint in the documentation somewhere.
I was hesitant to use that word, but decided to do so simply because I
can not speak for every driver and even for the brcmfmac driver that I
maintain I will need to look into the firmware to be sure. I agree that
a remark of that possibility is worth adding.
Regards,
Arend
next prev parent reply other threads:[~2019-01-14 23:04 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CADU241PtPeiTQWHwb=uF6Ohuua_asOwCarCAKVC8jdVVNAsByA@mail.gmail.com>
[not found] ` <20190103154921.GA25015@w1.fi>
2019-01-05 19:44 ` Kernel oops / WiFi connection failure with wpa_supplicant 2.7 Arend Van Spriel
2019-01-08 17:44 ` Denis Kenzior
2019-01-14 20:12 ` Arend Van Spriel
2019-01-14 21:18 ` Denis Kenzior
2019-01-14 23:04 ` Arend Van Spriel [this message]
2019-01-15 13:00 ` Johannes Berg
2019-01-15 15:55 ` Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d5599cf9-5fb4-a68d-dfd9-0d10a6758ae2@broadcom.com \
--to=arend.vanspriel@broadcom.com \
--cc=denkenz@gmail.com \
--cc=eblau@eblau.com \
--cc=hostap@lists.infradead.org \
--cc=j@w1.fi \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).