The mac80211 code doesn't handle WEP with shared keys correctly. Using the ath9k
driver on my MacBook I am unable to put the driver into restricted mode (shared
key). It stays in open mode. That is the following command has no effect:
iwconfig wlan0 enc restricted. I can also confirm this when looking at the
authentication packets that go over the air: they are sent with the open flag,
and not the shared key flag.
Signed-off-by: Ortwin Glueck <[email protected]>
---
net/mac80211/wext.c | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/net/mac80211/wext.c b/net/mac80211/wext.c
index 34fa8ed..645c276 100644
--- a/net/mac80211/wext.c
+++ b/net/mac80211/wext.c
@@ -929,6 +929,18 @@ static int ieee80211_ioctl_siwencode(struct net_device *dev,
else
idx--;
+ if (sdata->vif.type == IEEE80211_IF_TYPE_STA) {
+ struct ieee80211_if_sta *ifsta = &sdata->u.sta;
+ if (erq->flags & IW_ENCODE_OPEN) {
+ printk("wext: open\n");
+ ifsta->auth_alg = WLAN_AUTH_OPEN;
+ }
+ else if (erq->flags & IW_ENCODE_RESTRICTED) {
+ printk("wext: shared key\n");
+ ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
+ }
+ }
+
if (erq->flags & IW_ENCODE_DISABLED)
remove = 1;
else if (erq->length == 0) {
--
1.5.6.4
On Mon, 2008-09-15 at 17:47 +0200, Ortwin Glück wrote:
> The mac80211 code doesn't handle WEP with shared keys correctly. Using the ath9k
> driver on my MacBook I am unable to put the driver into restricted mode (shared
> key). It stays in open mode. That is the following command has no effect:
> iwconfig wlan0 enc restricted. I can also confirm this when looking at the
> authentication packets that go over the air: they are sent with the open flag,
> and not the shared key flag.
>
> Signed-off-by: Ortwin Glueck <[email protected]>
> ---
> net/mac80211/wext.c | 12 ++++++++++++
> 1 files changed, 12 insertions(+), 0 deletions(-)
>
> diff --git a/net/mac80211/wext.c b/net/mac80211/wext.c
> index 34fa8ed..645c276 100644
> --- a/net/mac80211/wext.c
> +++ b/net/mac80211/wext.c
> @@ -929,6 +929,18 @@ static int ieee80211_ioctl_siwencode(struct net_device *dev,
> else
> idx--;
>
> + if (sdata->vif.type == IEEE80211_IF_TYPE_STA) {
> + struct ieee80211_if_sta *ifsta = &sdata->u.sta;
> + if (erq->flags & IW_ENCODE_OPEN) {
> + printk("wext: open\n");
> + ifsta->auth_alg = WLAN_AUTH_OPEN;
> + }
> + else if (erq->flags & IW_ENCODE_RESTRICTED) {
> + printk("wext: shared key\n");
> + ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
> +
Come to think of it, since we already fall back from open to shared-key
when the AP rejects, why would we want to support this at all? The
semantics aren't well defined enough to support it _properly_, that is
have it change the ifsta->auth_algs variable, and touching this variable
as you're doing in these two patches is just plain wrong since it can be
changed underneath (yes, you're removing the automatic changing, but
that's totally wrong).
johannes
On Mon, 2008-09-15 at 17:56 +0200, Johannes Berg wrote:
> > + if (sdata->vif.type == IEEE80211_IF_TYPE_STA) {
> > + struct ieee80211_if_sta *ifsta = &sdata->u.sta;
> > + if (erq->flags & IW_ENCODE_OPEN) {
> > + printk("wext: open\n");
> > + ifsta->auth_alg = WLAN_AUTH_OPEN;
> > + }
> > + else if (erq->flags & IW_ENCODE_RESTRICTED) {
> > + printk("wext: shared key\n");
> > + ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
> > +
>
> Come to think of it, since we already fall back from open to shared-key
> when the AP rejects, why would we want to support this at all? The
> semantics aren't well defined enough to support it _properly_, that is
> have it change the ifsta->auth_algs variable, and touching this variable
> as you're doing in these two patches is just plain wrong since it can be
> changed underneath (yes, you're removing the automatic changing, but
> that's totally wrong).
Then again, I suppose you _can_ actually implement this, but in terms of
which authentication algorithms are allowed, something like:
if (erq->flags & RESTRICTED)
ifsta->auth_algs = SHARED;
else
ifsta->auth_algs = OPEN | SHARED | LEAP;
johannes
On Mon, 2008-09-15 at 17:47 +0200, Ortwin Glück wrote:
> The mac80211 code doesn't handle WEP with shared keys correctly. Using the ath9k
> driver on my MacBook I am unable to put the driver into restricted mode (shared
> key). It stays in open mode. That is the following command has no effect:
> iwconfig wlan0 enc restricted. I can also confirm this when looking at the
> authentication packets that go over the air: they are sent with the open flag,
> and not the shared key flag.
>
> Signed-off-by: Ortwin Glueck <[email protected]>
> ---
> net/mac80211/wext.c | 12 ++++++++++++
> 1 files changed, 12 insertions(+), 0 deletions(-)
>
> diff --git a/net/mac80211/wext.c b/net/mac80211/wext.c
> index 34fa8ed..645c276 100644
> --- a/net/mac80211/wext.c
> +++ b/net/mac80211/wext.c
> @@ -929,6 +929,18 @@ static int ieee80211_ioctl_siwencode(struct net_device *dev,
> else
> idx--;
>
> + if (sdata->vif.type == IEEE80211_IF_TYPE_STA) {
> + struct ieee80211_if_sta *ifsta = &sdata->u.sta;
> + if (erq->flags & IW_ENCODE_OPEN) {
> + printk("wext: open\n");
> + ifsta->auth_alg = WLAN_AUTH_OPEN;
> + }
> + else if (erq->flags & IW_ENCODE_RESTRICTED) {
> + printk("wext: shared key\n");
> + ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
> + }
remove the printks please
johannes