2013-05-06 23:49:30

by Colleen T

[permalink] [raw]
Subject: [PATCH v2 1/2] cfg80211: Userspace may inform kernel of mesh auth method.

Authentication takes place in userspace, but the beacon is
generated in the kernel. Allow userspace to inform the
kernel of the authentication method so the appropriate
mesh config IE can be set prior to beacon generation when
joining the MBSS.

Signed-off-by: Colleen Twitty <[email protected]>
---
Check userspace is handling MPM instead of checking if setup is secure and
authenticated. (Johannes)

include/linux/ieee80211.h | 20 ++++++++++++++++++++
include/net/cfg80211.h | 2 ++
include/uapi/linux/nl80211.h | 4 ++++
net/wireless/mesh.c | 1 +
net/wireless/nl80211.c | 16 ++++++++++++++++
5 files changed, 43 insertions(+)

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index 06b0ed0..e3b9509 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -1899,6 +1899,26 @@ enum {
};

/**
+ * enum mesh_config_auth_proto - mesh authentication protocol identifier
+ *
+ * Ref IEEE 802.11-2012 8.4.2.100.6 Authentication Protocol Identifier
+ *
+ * This field indicates the type of authentication protocol used to secure the
+ * MBSS.
+ *
+ * @IEEE80211_AUTH_PROTO_NONE: the default mesh authentication protocol,
+ * no authentication is required to establish peering within the MBSS
+ * @IEEE80211_AUTH_PROTO_SAE: SAE authentication
+ * @IEEE80211_AUTH_PROTO_8021X : IEEE 802.1X authentication
+ *
+ */
+enum mesh_config_auth_proto {
+ IEEE80211_AUTH_PROTO_NONE = 0x0,
+ IEEE80211_AUTH_PROTO_SAE = 0x1,
+ IEEE80211_AUTH_PROTO_8021X = 0x2,
+};
+
+/**
* enum ieee80211_root_mode_identifier - root mesh STA mode identifier
*
* These attribute are used by dot11MeshHWMPRootMode to set root mesh STA mode
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 26e9113..072e424 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -1161,6 +1161,7 @@ struct mesh_config {
* @sync_method: which synchronization method to use
* @path_sel_proto: which path selection protocol to use
* @path_metric: which metric to use
+ * @auth_id: which authentication method this mesh is using
* @ie: vendor information elements (optional)
* @ie_len: length of vendor information elements
* @is_authenticated: this mesh requires authentication
@@ -1179,6 +1180,7 @@ struct mesh_setup {
u8 sync_method;
u8 path_sel_proto;
u8 path_metric;
+ enum mesh_config_auth_proto auth_id;
const u8 *ie;
u8 ie_len;
bool is_authenticated;
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index b484307..408bb56 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -2645,6 +2645,9 @@ enum nl80211_meshconf_params {
* @NL80211_MESH_SETUP_USERSPACE_MPM: Enable this option if userspace will
* implement an MPM which handles peer allocation and state.
*
+ * @NL80211_MESH_SETUP_AUTH_PROTOCOL: Inform the kernel of the authentication
+ * method.
+ *
* @NL80211_MESH_SETUP_ATTR_MAX: highest possible mesh setup attribute number
*
* @__NL80211_MESH_SETUP_ATTR_AFTER_LAST: Internal use
@@ -2658,6 +2661,7 @@ enum nl80211_mesh_setup_params {
NL80211_MESH_SETUP_USERSPACE_AMPE,
NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC,
NL80211_MESH_SETUP_USERSPACE_MPM,
+ NL80211_MESH_SETUP_AUTH_PROTOCOL,

/* keep last */
__NL80211_MESH_SETUP_ATTR_AFTER_LAST,
diff --git a/net/wireless/mesh.c b/net/wireless/mesh.c
index 0bb93f3..53bfe0e 100644
--- a/net/wireless/mesh.c
+++ b/net/wireless/mesh.c
@@ -82,6 +82,7 @@ const struct mesh_setup default_mesh_setup = {
.sync_method = IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET,
.path_sel_proto = IEEE80211_PATH_PROTOCOL_HWMP,
.path_metric = IEEE80211_PATH_METRIC_AIRTIME,
+ .auth_id = IEEE80211_AUTH_PROTO_NONE,
.ie = NULL,
.ie_len = 0,
.is_secure = false,
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 9cdcd9e..5795617 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -4672,6 +4672,7 @@ static const struct nla_policy
[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
+ [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
.len = IEEE80211_MAX_DATA_LEN },
@@ -4857,6 +4858,21 @@ static int nl80211_parse_mesh_setup(struct genl_info *info,
if (setup->is_secure)
setup->user_mpm = true;

+ if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
+ if (!setup->user_mpm)
+ return -EINVAL;
+ switch (nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL])) {
+ case NL80211_AUTHTYPE_SAE:
+ setup->auth_id = IEEE80211_AUTH_PROTO_SAE;
+ break;
+ case NL80211_AUTHTYPE_OPEN_SYSTEM:
+ setup->auth_id = IEEE80211_AUTH_PROTO_NONE;
+ break;
+ default:
+ return -EINVAL;
+ }
+ }
+
return 0;
}

--
1.7.9.5



2013-05-06 23:49:31

by Colleen T

[permalink] [raw]
Subject: [PATCH v2 2/2] mac80211: enable Auth Protocol Identifier on mesh config.

Previously the mesh_auth_id was disabled. Instead set the
correct mesh authentication bit based on the mesh setup.

Signed-off-by: Colleen Twitty <[email protected]>
---
net/mac80211/cfg.c | 1 +
net/mac80211/mesh.c | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 1f51bdf..65b9cab 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1746,6 +1746,7 @@ static int copy_mesh_setup(struct ieee80211_if_mesh *ifmsh,
ifmsh->mesh_pp_id = setup->path_sel_proto;
ifmsh->mesh_pm_id = setup->path_metric;
ifmsh->user_mpm = setup->user_mpm;
+ ifmsh->mesh_auth_id = setup->auth_id;
ifmsh->security = IEEE80211_MESH_SEC_NONE;
if (setup->is_authenticated)
ifmsh->security |= IEEE80211_MESH_SEC_AUTHED;
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 6952760..c13db9a 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -748,7 +748,6 @@ int ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata)
ieee80211_configure_filter(local);

ifmsh->mesh_cc_id = 0; /* Disabled */
- ifmsh->mesh_auth_id = 0; /* Disabled */
/* register sync ops from extensible synchronization framework */
ifmsh->sync_ops = ieee80211_mesh_sync_ops_get(ifmsh->mesh_sp_id);
ifmsh->adjusting_tbtt = false;
--
1.7.9.5


2013-05-08 07:46:24

by Jaroslav Fojtik

[permalink] [raw]
Subject: ATH5k - wrong RSSI measurement on CM9

Dears,

In Linux 2.6.22 the RSSI was measured properly for CM9 device.

Afrer upgrading to 3.0.75, the RSSI measure is offseted. I even remember, that this
problem has been introduced somewhere before 2.6.34.

You could look at the following chart:
http://78.108.103.11/cgi-bin/rodga_1month_big.cgi
This is not signal drop, but a kernel change instead.

(the chart is generated by parsing of iwconfig output:
wlan1 IEEE 802.11abg ESSID:"dvrmn.heaven-czfree.net"
Mode:Managed Frequency:5.64 GHz Access Point: 00:27:22:64:C3:02
Bit Rate=54 Mb/s Tx-Power=8 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=36/70 Signal level=-74 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:20 Invalid misc:59452 Missed beacon:0)


I guess that this problem has been fixed one time and that there are two generations of
CM9 devices that reports RSSI differently.

best regards
Jara


2013-05-07 13:58:00

by Johannes Berg

[permalink] [raw]
Subject: Re: [PATCH v2 1/2] cfg80211: Userspace may inform kernel of mesh auth method.

On Mon, 2013-05-06 at 16:49 -0700, Colleen Twitty wrote:

> + if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
> + if (!setup->user_mpm)
> + return -EINVAL;
> + switch (nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL])) {
> + case NL80211_AUTHTYPE_SAE:
> + setup->auth_id = IEEE80211_AUTH_PROTO_SAE;
> + break;
> + case NL80211_AUTHTYPE_OPEN_SYSTEM:
> + setup->auth_id = IEEE80211_AUTH_PROTO_NONE;
> + break;
> + default:
> + return -EINVAL;
> + }
> + }

Ok one more question. Does it actually make sense to check the auth
protocol?

>From what I see, the entire auth protocol (e.g. SAE) is handled entirely
in userspace, so if somebody invents a new protocol (e.g. number 3), or
wants to use 802.1X (number 2) they should also be able to implement
that completely in userspace. As such, why validate it? It could be a
valid protocol?

Or am I missing something and there's some kernel part involved in
handling the auth protocol, so we need to check that the kernel code
actually supports it?

johannes