Return-Path: From: To: CC: Date: Thu, 5 Aug 2010 15:54:34 +0300 Subject: RE: L2cap Security And Role Switch Message-ID: <99B09243E1A5DA4898CDD8B700111448096BA3C2D7@EXMB04.eu.tieto.com> References: <99B09243E1A5DA4898CDD8B700111448096BA3C23C@EXMB04.eu.tieto.com> <99B09243E1A5DA4898CDD8B700111448096BA3C277@EXMB04.eu.tieto.com> In-Reply-To: Content-Type: text/plain; charset="iso-8859-2" MIME-Version: 1.0 Sender: linux-bluetooth-owner@vger.kernel.org List-ID: Hi >-----Original Message----- >From: Prabhakaran M.C [mailto:mcprabhakaran@gmail.com] >Sent: Thursday, August 05, 2010 2:44 PM >To: Rymarkiewicz Waldemar >Cc: linux-bluetooth@vger.kernel.org >Subject: Re: L2cap Security And Role Switch > >Hi , > >2010/8/5 : >> Hi, >> >>>-----Original Message----- >>>From: Prabhakaran M.C [mailto:mcprabhakaran@gmail.com] >>>Sent: Thursday, August 05, 2010 12:38 PM >>>To: Rymarkiewicz Waldemar >>>Cc: linux-bluetooth@vger.kernel.org >>>Subject: Re: L2cap Security And Role Switch >>> >>>Hi Waldek, >>> >>>On Thu, Aug 5, 2010 at 3:37 PM, >>> wrote: >>>> Hi, >>>> >>>>>-----Original Message----- >>>>>From: linux-bluetooth-owner@vger.kernel.org >>>>>[mailto:linux-bluetooth-owner@vger.kernel.org] On Behalf Of >>>>>Prabhakaran M.C >>>>>Sent: Wednesday, August 04, 2010 4:09 PM >>>>>To: linux-bluetooth@vger.kernel.org >>>>>Subject: Reg: L2cap Security And Role Switch >>>>> >>>>>Hello All, >>>>> >>>>> Whenever L2cap security is HIGH and remote device does >role switch, >>>>>Bluez accepts the Role switch and L2cap disconnects the channel >>>>>because of HIGH security. >>>>> >>>>> For PAN profile, I would like to keep the L2cap security to HIGH >>>>>since it involves internet browsing but the Widcomm stack >>>always does >>>>>a role switch in PAN connection and Bluez disconnects >l2cap channel. >>>>> >>>>> Can someone please point in specification about the l2cap >security >>>>>level and Role switch relation. I tried to find out this >but I could >>>>>not get this behavior described in specification. Please >>>provide your >>>>>comments and inputs. Thanks in Advance. >>>>> >>>>>Thanks, >>>>>Prabhakaran. >>>>>-- >>>> >>>> Note that HIGH sec level requires encription on the link. >>>Role switch procedure turn off ?the encription before it starts >>>switching roles and turn on it again after all. In 2.1 spec the >>>controller handles switching off/on encription (pause/resume). >>>> >>>> Thanks, >>>> /Waldek >>> >>> From the logs, the link was authenticated and encrypted. >>>Then Widcomm stack disables the encryption, does a role switch, >>>enables the encryption. >>>After role switch bluez kernel disconnects l2cap channel due to HIGH >>>security. I just want to know where this disconnection part >is defined >>>in spec. Or Bluez has to just reject the role switch >operation instead >>>of disconnection? >>> >>>-- >>>Thanks, >>>Prabhakaran. >> >> As far as I know it's not defined in the spec. It's simply >Bluez design. What I would like to see, the bluez should block >outgoing data flow in l2cap for the period of role switch. >> It's done in rfcomm this way, I guess (?). >> >> I agree, in my view the current desing in this use case is >not perfect. >> >> Thanks, >> /Waldek >> >> >> >> >> >> >> > >Thanks for your response. >One small correction here (My Bad). The l2cap channel is >getting closed because encryption of the link goes down during >role switch. >"l2cap_check_encryption" function validates the encryption, if >it is disabled and security is high then channel is getting >closed by this function. Please let me know your comments about this. > >-- >Thanks, >Prabhakaran. As I said, if the encryption is disabled due to role switch, l2cap should block data flow and wait some time when the encription is switched on again. If this will not occur l2cap shoudl close the channel otherwise should continue as before the role switch. Thanks, /Waldek