From: Srinivas Dasari <[email protected]>
This interface allows the host driver to offload the authentication to
user space. This is exclusively defined for host drivers that do not
define separate commands for authentication and association, but rely on
userspace SME (e.g., in wpa_supplicant for the ~WPA_DRIVER_FLAGS_SME
case) for the authentication to happen. This can be used to implement
SAE without full implementation in the kernel/firmware while still being
able to use NL80211_CMD_CONNECT with driver-based BSS selection.
The host driver sends the NL80211_CMD_EXTERNAL_AUTH event to start/abort
the authentication to userspace and status of authentication is further
indicated by user space to host driver through the same command
interface. Such drivers advertise the capability through
NL80211_EXT_FEATURE_EXTERNAL_AUTH.
Signed-off-by: Srinivas Dasari <[email protected]>
Signed-off-by: Jouni Malinen <[email protected]>
---
include/net/cfg80211.h | 40 ++++++++++++++++++++
include/uapi/linux/nl80211.h | 39 ++++++++++++++++++++
net/wireless/nl80211.c | 87 ++++++++++++++++++++++++++++++++++++++++++++
net/wireless/rdev-ops.h | 15 ++++++++
net/wireless/trace.h | 25 +++++++++++++
5 files changed, 206 insertions(+)
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index d7f8e7b..fa1f575 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -2591,6 +2591,30 @@ struct cfg80211_pmk_conf {
};
/**
+ * struct cfg80211_external_auth_params - External authentication
+ * trigger parameters. Commonly used across the external auth request and
+ * event interfaces.
+ * @action: action type / trigger for external authentication. Only significant
+ * for the event interface (from driver to user space).
+ * @bssid: BSSID of the peer with which the authentication has
+ * to happen. Used by both the request and event interface.
+ * @ssid: SSID of the AP. Used by both the request and event interface.
+ * @key_mgmt_suite: AKM suite of the respective authentication. Optional for
+ * the request interface.
+ * @status: status code, %WLAN_STATUS_SUCCESS for successful authentication,
+ * use %WLAN_STATUS_UNSPECIFIED_FAILURE if user space cannot give you
+ * the real status code for failures. Used only for the request
+ * interface from user space to the driver.
+ */
+struct cfg80211_external_auth_params {
+ enum nl80211_external_auth_action action;
+ u8 bssid[ETH_ALEN] __aligned(2);
+ struct cfg80211_ssid ssid;
+ unsigned int key_mgmt_suite;
+ u16 status;
+};
+
+/**
* struct cfg80211_ops - backend description for wireless configuration
*
* This struct is registered by fullmac card drivers and/or wireless stacks
@@ -2913,6 +2937,9 @@ struct cfg80211_pmk_conf {
* (invoked with the wireless_dev mutex held)
* @del_pmk: delete the previously configured PMK for the given authenticator.
* (invoked with the wireless_dev mutex held)
+ *
+ * @external_auth: indicates result of offloaded authentication processing from
+ * user space
*/
struct cfg80211_ops {
int (*suspend)(struct wiphy *wiphy, struct cfg80211_wowlan *wow);
@@ -3206,6 +3233,8 @@ struct cfg80211_ops {
const struct cfg80211_pmk_conf *conf);
int (*del_pmk)(struct wiphy *wiphy, struct net_device *dev,
const u8 *aa);
+ int (*external_auth)(struct wiphy *wiphy, struct net_device *dev,
+ struct cfg80211_external_auth_params *params);
};
/*
@@ -6193,6 +6222,17 @@ void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
/* ethtool helper */
void cfg80211_get_drvinfo(struct net_device *dev, struct ethtool_drvinfo *info);
+/**
+ * cfg80211_external_auth_request - userspace request for authentication
+ * @netdev: network device
+ * @params: External authentication parameters
+ * @gfp: allocation flags
+ * Returns: 0 on success, < 0 on error
+ */
+int cfg80211_external_auth_request(struct net_device *netdev,
+ struct cfg80211_external_auth_params *params,
+ gfp_t gfp);
+
/* Logging, debugging and troubleshooting/diagnostic helpers. */
/* wiphy_printk helpers, similar to dev_printk */
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index f882fe1..e86edf0 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -992,6 +992,23 @@
*
* @NL80211_CMD_RELOAD_REGDB: Request that the regdb firmware file is reloaded.
*
+ * @NL80211_CMD_EXTERNAL_AUTH: This command/event interface is exclusively
+ * defined for host drivers that do not define separate commands for
+ * authentication and association, bute rely on user space SME (e.g., in
+ * wpa_supplicant for the ~WPA_DRIVER_FLAGS_SME case) for the
+ * authentication to happen.
+ *
+ * User space uses the %NL80211_CMD_CONNECT command to the host driver for
+ * triggering a connection. The host driver selects a BSS and further uses
+ * this interface to offload only the authentication part to the user
+ * space. Authentication frames are passed between the driver and user
+ * space through the %NL80211_CMD_FRAME interface. The status of
+ * authentication is further indicated by user space to the host driver
+ * with the %NL80211_CMD_EXTERNAL_AUTH command through
+ * %NL80211_ATTR_STATUS_CODE attribute. This enables the driver to proceed
+ * with association on successful authentication. Driver shall use this
+ * %NL80211_ATTR_STATUS_CODE attribute to report the connect result to
+ * user space on an authentication failure.
* @NL80211_CMD_MAX: highest used command number
* @__NL80211_CMD_AFTER_LAST: internal use
*/
@@ -1198,6 +1215,8 @@ enum nl80211_commands {
NL80211_CMD_RELOAD_REGDB,
+ NL80211_CMD_EXTERNAL_AUTH,
+
/* add new commands above here */
/* used to define NL80211_CMD_MAX below */
@@ -2153,6 +2172,11 @@ enum nl80211_commands {
* @NL80211_ATTR_PMKR0_NAME: PMK-R0 Name for offloaded FT.
* @NL80211_ATTR_PORT_AUTHORIZED: (reserved)
*
+ * @NL80211_ATTR_EXTERNAL_AUTH_ACTION: Identify the requested external
+ * authentication operation (u32 attribute with an
+ * &enum nl80211_external_auth_action value). This is used with the
+ * &NL80211_CMD_EXTERNAL_AUTH event.
+ *
* @NUM_NL80211_ATTR: total number of nl80211_attrs available
* @NL80211_ATTR_MAX: highest attribute number currently defined
* @__NL80211_ATTR_AFTER_LAST: internal use
@@ -2579,6 +2603,8 @@ enum nl80211_attrs {
NL80211_ATTR_PMKR0_NAME,
NL80211_ATTR_PORT_AUTHORIZED,
+ NL80211_ATTR_EXTERNAL_AUTH_ACTION,
+
/* add attributes here, update the policy in nl80211.c */
__NL80211_ATTR_AFTER_LAST,
@@ -4941,6 +4967,7 @@ enum nl80211_feature_flags {
* probe request tx deferral and suppression
* @NL80211_EXT_FEATURE_MFP_OPTIONAL: Driver supports the %NL80211_MFP_OPTIONAL
* value in %NL80211_ATTR_USE_MFP.
+ * @NL80211_EXT_FEATURE_EXTERNAL_AUTH: Driver supports external authentication
*
* @NUM_NL80211_EXT_FEATURES: number of extended features.
* @MAX_NL80211_EXT_FEATURES: highest extended feature index.
@@ -4968,6 +4995,7 @@ enum nl80211_ext_feature_index {
NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE,
NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
NL80211_EXT_FEATURE_MFP_OPTIONAL,
+ NL80211_EXT_FEATURE_EXTERNAL_AUTH,
/* add new features before the definition below */
NUM_NL80211_EXT_FEATURES,
@@ -5465,4 +5493,15 @@ enum nl80211_nan_match_attributes {
NL80211_NAN_MATCH_ATTR_MAX = NUM_NL80211_NAN_MATCH_ATTR - 1
};
+/**
+ * nl80211_external_auth_action - Action to perform with external
+ * authentication. Used by NL80211_ATTR_EXTERNAL_AUTH_ACTION.
+ * @NL80211_EXTERNAL_AUTH_START: Start the authentication.
+ * @NL80211_EXTERNAL_AUTH_ABORT: Abort the ongoing authentication.
+ */
+enum nl80211_external_auth_action {
+ NL80211_EXTERNAL_AUTH_START,
+ NL80211_EXTERNAL_AUTH_ABORT,
+};
+
#endif /* __LINUX_NL80211_H */
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index e4522ad..72ec615 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -12449,6 +12449,43 @@ static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
return ret;
}
+static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
+{
+ struct cfg80211_registered_device *rdev = info->user_ptr[0];
+ struct net_device *dev = info->user_ptr[1];
+ struct cfg80211_external_auth_params params;
+
+ if (!wiphy_ext_feature_isset(&rdev->wiphy,
+ NL80211_EXT_FEATURE_EXTERNAL_AUTH) ||
+ !rdev->ops->external_auth)
+ return -EOPNOTSUPP;
+
+ if (!info->attrs[NL80211_ATTR_SSID])
+ return -EINVAL;
+
+ if (!info->attrs[NL80211_ATTR_BSSID])
+ return -EINVAL;
+
+ if (!info->attrs[NL80211_ATTR_STATUS_CODE])
+ return -EINVAL;
+
+ memset(¶ms, 0, sizeof(params));
+
+ params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
+ if (params.ssid.ssid_len == 0 ||
+ params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
+ return -EINVAL;
+ memcpy(params.ssid.ssid, nla_data(info->attrs[NL80211_ATTR_SSID]),
+ params.ssid.ssid_len);
+
+ memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
+ ETH_ALEN);
+
+ params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
+
+ return rdev_external_auth(rdev, dev, ¶ms);
+}
+
#define NL80211_FLAG_NEED_WIPHY 0x01
#define NL80211_FLAG_NEED_NETDEV 0x02
#define NL80211_FLAG_NEED_RTNL 0x04
@@ -13344,6 +13381,14 @@ static const struct genl_ops nl80211_ops[] = {
.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
NL80211_FLAG_NEED_RTNL,
},
+ {
+ .cmd = NL80211_CMD_EXTERNAL_AUTH,
+ .doit = nl80211_external_auth,
+ .policy = nl80211_policy,
+ .flags = GENL_ADMIN_PERM,
+ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
+ NL80211_FLAG_NEED_RTNL,
+ },
};
@@ -15355,6 +15400,48 @@ void nl80211_send_ap_stopped(struct wireless_dev *wdev)
nlmsg_free(msg);
}
+int cfg80211_external_auth_request(struct net_device *dev,
+ struct cfg80211_external_auth_params *params,
+ gfp_t gfp)
+{
+ struct wireless_dev *wdev = dev->ieee80211_ptr;
+ struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
+ struct sk_buff *msg;
+ void *hdr;
+
+ msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
+ if (!msg)
+ return -ENOMEM;
+
+ hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
+ if (!hdr) {
+ nlmsg_free(msg);
+ return -ENOMEM;
+ }
+
+ if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
+ nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
+ nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
+ nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
+ params->action) ||
+ nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
+ nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
+ params->ssid.ssid))
+ goto nla_put_failure;
+
+ genlmsg_end(msg, hdr);
+
+ genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
+ NL80211_MCGRP_MLME, gfp);
+ return 0;
+
+ nla_put_failure:
+ genlmsg_cancel(msg, hdr);
+ nlmsg_free(msg);
+ return -ENOBUFS;
+}
+EXPORT_SYMBOL(cfg80211_external_auth_request);
+
/* initialisation/exit functions */
int __init nl80211_init(void)
diff --git a/net/wireless/rdev-ops.h b/net/wireless/rdev-ops.h
index 0c06240..84f23ae 100644
--- a/net/wireless/rdev-ops.h
+++ b/net/wireless/rdev-ops.h
@@ -1190,4 +1190,19 @@ static inline int rdev_del_pmk(struct cfg80211_registered_device *rdev,
trace_rdev_return_int(&rdev->wiphy, ret);
return ret;
}
+
+static inline int
+rdev_external_auth(struct cfg80211_registered_device *rdev,
+ struct net_device *dev,
+ struct cfg80211_external_auth_params *params)
+{
+ int ret = -EOPNOTSUPP;
+
+ trace_rdev_external_auth(&rdev->wiphy, dev, params);
+ if (rdev->ops->external_auth)
+ ret = rdev->ops->external_auth(&rdev->wiphy, dev, params);
+ trace_rdev_return_int(&rdev->wiphy, ret);
+ return ret;
+}
+
#endif /* __CFG80211_RDEV_OPS */
diff --git a/net/wireless/trace.h b/net/wireless/trace.h
index bcfedd3..2ed7cad 100644
--- a/net/wireless/trace.h
+++ b/net/wireless/trace.h
@@ -2319,6 +2319,31 @@ TRACE_EVENT(rdev_del_pmk,
WIPHY_PR_ARG, NETDEV_PR_ARG, MAC_PR_ARG(aa))
);
+TRACE_EVENT(rdev_external_auth,
+ TP_PROTO(struct wiphy *wiphy, struct net_device *netdev,
+ struct cfg80211_external_auth_params *params),
+ TP_ARGS(wiphy, netdev, params),
+ TP_STRUCT__entry(
+ WIPHY_ENTRY
+ NETDEV_ENTRY
+ MAC_ENTRY(bssid)
+ __array(u8, ssid, IEEE80211_MAX_SSID_LEN + 1)
+ __field(u16, status)
+ ),
+ TP_fast_assign(
+ WIPHY_ASSIGN;
+ NETDEV_ASSIGN;
+ MAC_ASSIGN(bssid, params->bssid);
+ memset(__entry->ssid, 0, IEEE80211_MAX_SSID_LEN + 1);
+ memcpy(__entry->ssid, params->ssid.ssid,
+ params->ssid.ssid_len);
+ __entry->status = params->status;
+ ),
+ TP_printk(WIPHY_PR_FMT ", " NETDEV_PR_FMT ", bssid: " MAC_PR_FMT
+ ", ssid: %s, status: %u", WIPHY_PR_ARG, NETDEV_PR_ARG,
+ __entry->bssid, __entry->ssid, __entry->status)
+);
+
/*************************************************************
* cfg80211 exported functions traces *
*************************************************************/
--
2.7.4
PmRvbuKAmXQgd2UgYWN0dWFsbHkgbmVlZCBhIGZsYWcgaW4gTkw4MDIxMV9DTURfQ09OTkVDVCB0
aGF0IGluZGljYXRlcyB0aGF0IHVzZXJzcGFjZSBpcyBhYmxlIHRvIGFjdHVhbGx5IGhhbmRsZSBO
TDgwMjExX0NNRF9FWFRFUk5BTF9BVVRILiBJdCBpcyBuaWNlID50aGF0IHRoZXJlIGlzIGZlYXR1
cmUgZm9yIHVzZXJzcGFjZSB0byBzZWUgaWYgdGhlIGRyaXZlciBzdXBwb3J0cyBpdCwgYnV0IGhv
dyBpcyB0aGUgZHJpdmVyIGFibGUgdG8gb2ZmbG9hZCBzdWNjZXNzZnVsbHkgaWYgaXQgZG9lc27i
gJl0IGtub3cgdGhhdCB1c2Vyc3BhY2UgY2FuIGRvIGl0Lg0KT3VyIGlkZWEgd2FzIHRoZSBkcml2
ZXIgdG8gdGltZW91dCB0aGUgY29ubmVjdCBmb3IgdGhlIHNjZW5hcmlvcyB3aGVyZSB0aGUgZXh0
ZXJuYWwgYXV0aCAoU0FFKSBzdGF0dXMgaXMgbm90IGluZGljYXRlZC4NCkkgYWdyZWUgd2l0aCB5
b3Ugb24gdXNlciBzcGFjZSBpbmRpY2F0aW5nIHRoaXMgY2FwYWJpbGl0eSB0byB0aGUgZHJpdmVy
LiANCklzIGl0IGEgZmFpciBpZGVhIHRvIGV4dGVuZCBlbnVtIGNmZzgwMjExX2Fzc29jX3JlcV9m
bGFncyBmb3IgdGhpcyA/IA0KDQpSZWdhcmRzLA0KU3Jpbml2YXMNCg0KLS0tLS1PcmlnaW5hbCBN
ZXNzYWdlLS0tLS0NCkZyb206IE1hcmNlbCBIb2x0bWFubiBbbWFpbHRvOm1hcmNlbEBob2x0bWFu
bi5vcmddIA0KU2VudDogRnJpZGF5LCBEZWNlbWJlciAxNSwgMjAxNyAxOjI5IEFNDQpUbzogSm91
bmkgTWFsaW5lbiA8am91bmlAcWNhLnF1YWxjb21tLmNvbT4NCkNjOiBKb2hhbm5lcyBCZXJnIDxq
b2hhbm5lc0BzaXBzb2x1dGlvbnMubmV0PjsgbGludXgtd2lyZWxlc3NAdmdlci5rZXJuZWwub3Jn
OyBTcmluaXZhcyBEYXNhcmkgPGRhc2FyaXNAcXRpLnF1YWxjb21tLmNvbT4NClN1YmplY3Q6IFJl
OiBbUEFUQ0ggMS8yXSBjZmc4MDIxMS9ubDgwMjExOiBPcHRpb25hbCBhdXRoZW50aWNhdGlvbiBv
ZmZsb2FkIHRvIHVzZXJzcGFjZQ0KDQpIaSBKb3VuaSwNCg0KPiBUaGlzIGludGVyZmFjZSBhbGxv
d3MgdGhlIGhvc3QgZHJpdmVyIHRvIG9mZmxvYWQgdGhlIGF1dGhlbnRpY2F0aW9uIHRvIA0KPiB1
c2VyIHNwYWNlLiBUaGlzIGlzIGV4Y2x1c2l2ZWx5IGRlZmluZWQgZm9yIGhvc3QgZHJpdmVycyB0
aGF0IGRvIG5vdCANCj4gZGVmaW5lIHNlcGFyYXRlIGNvbW1hbmRzIGZvciBhdXRoZW50aWNhdGlv
biBhbmQgYXNzb2NpYXRpb24sIGJ1dCByZWx5IA0KPiBvbiB1c2Vyc3BhY2UgU01FIChlLmcuLCBp
biB3cGFfc3VwcGxpY2FudCBmb3IgdGhlIA0KPiB+V1BBX0RSSVZFUl9GTEFHU19TTUUNCj4gY2Fz
ZSkgZm9yIHRoZSBhdXRoZW50aWNhdGlvbiB0byBoYXBwZW4uIFRoaXMgY2FuIGJlIHVzZWQgdG8g
aW1wbGVtZW50IA0KPiBTQUUgd2l0aG91dCBmdWxsIGltcGxlbWVudGF0aW9uIGluIHRoZSBrZXJu
ZWwvZmlybXdhcmUgd2hpbGUgc3RpbGwgDQo+IGJlaW5nIGFibGUgdG8gdXNlIE5MODAyMTFfQ01E
X0NPTk5FQ1Qgd2l0aCBkcml2ZXItYmFzZWQgQlNTIHNlbGVjdGlvbi4NCj4gDQo+IFRoZSBob3N0
IGRyaXZlciBzZW5kcyB0aGUgTkw4MDIxMV9DTURfRVhURVJOQUxfQVVUSCBldmVudCB0byANCj4g
c3RhcnQvYWJvcnQgdGhlIGF1dGhlbnRpY2F0aW9uIHRvIHVzZXJzcGFjZSBhbmQgc3RhdHVzIG9m
IA0KPiBhdXRoZW50aWNhdGlvbiBpcyBmdXJ0aGVyIGluZGljYXRlZCBieSB1c2VyIHNwYWNlIHRv
IGhvc3QgZHJpdmVyIA0KPiB0aHJvdWdoIHRoZSBzYW1lIGNvbW1hbmQgaW50ZXJmYWNlLiBTdWNo
IGRyaXZlcnMgYWR2ZXJ0aXNlIHRoZSANCj4gY2FwYWJpbGl0eSB0aHJvdWdoIE5MODAyMTFfRVhU
X0ZFQVRVUkVfRVhURVJOQUxfQVVUSC4NCg0KZG9u4oCZdCB3ZSBhY3R1YWxseSBuZWVkIGEgZmxh
ZyBpbiBOTDgwMjExX0NNRF9DT05ORUNUIHRoYXQgaW5kaWNhdGVzIHRoYXQgdXNlcnNwYWNlIGlz
IGFibGUgdG8gYWN0dWFsbHkgaGFuZGxlIE5MODAyMTFfQ01EX0VYVEVSTkFMX0FVVEguIEl0IGlz
IG5pY2UgdGhhdCB0aGVyZSBpcyBmZWF0dXJlIGZvciB1c2Vyc3BhY2UgdG8gc2VlIGlmIHRoZSBk
cml2ZXIgc3VwcG9ydHMgaXQsIGJ1dCBob3cgaXMgdGhlIGRyaXZlciBhYmxlIHRvIG9mZmxvYWQg
c3VjY2Vzc2Z1bGx5IGlmIGl0IGRvZXNu4oCZdCBrbm93IHRoYXQgdXNlcnNwYWNlIGNhbiBkbyBp
dC4NCg0KUmVnYXJkcw0KDQpNYXJjZWwNCg0K
From: Srinivas Dasari <[email protected]>
This commit allows SAE Authentication for NL80211_CMD_CONNECT
interface, provided this is supported by the host driver.
Signed-off-by: Srinivas Dasari <[email protected]>
Signed-off-by: Jouni Malinen <[email protected]>
---
net/wireless/nl80211.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 72ec615..e920c3a 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3916,7 +3916,8 @@ static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
return true;
case NL80211_CMD_CONNECT:
/* SAE not supported yet */
- if (auth_type == NL80211_AUTHTYPE_SAE)
+ if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
+ auth_type == NL80211_AUTHTYPE_SAE)
return false;
/* FILS with SK PFS or PK not supported yet */
if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
--
2.7.4
On 12/15/2017 9:51 AM, Srinivas Dasari wrote:
>> don’t we actually need a flag in NL80211_CMD_CONNECT that indicates that userspace is able to actually handle NL80211_CMD_EXTERNAL_AUTH. It is nice >that there is feature for userspace to see if the driver supports it, but how is the driver able to offload successfully if it doesn’t know that userspace can do it.
> Our idea was the driver to timeout the connect for the scenarios where the external auth (SAE) status is not indicated.
> I agree with you on user space indicating this capability to the driver.
> Is it a fair idea to extend enum cfg80211_assoc_req_flags for this ?
Sounds like a good fit to me although strictly speaking this is not
about assoc behavior, but then again this enum is used for assoc and
connect commands.
Regards,
Arend
> Regards,
> Srinivas
>
> -----Original Message-----
> From: Marcel Holtmann [mailto:[email protected]]
> Sent: Friday, December 15, 2017 1:29 AM
> To: Jouni Malinen <[email protected]>
> Cc: Johannes Berg <[email protected]>; [email protected]; Srinivas Dasari <[email protected]>
> Subject: Re: [PATCH 1/2] cfg80211/nl80211: Optional authentication offload to userspace
>
> Hi Jouni,
>
>> This interface allows the host driver to offload the authentication to
>> user space. This is exclusively defined for host drivers that do not
>> define separate commands for authentication and association, but rely
>> on userspace SME (e.g., in wpa_supplicant for the
>> ~WPA_DRIVER_FLAGS_SME
>> case) for the authentication to happen. This can be used to implement
>> SAE without full implementation in the kernel/firmware while still
>> being able to use NL80211_CMD_CONNECT with driver-based BSS selection.
>>
>> The host driver sends the NL80211_CMD_EXTERNAL_AUTH event to
>> start/abort the authentication to userspace and status of
>> authentication is further indicated by user space to host driver
>> through the same command interface. Such drivers advertise the
>> capability through NL80211_EXT_FEATURE_EXTERNAL_AUTH.
>
> don’t we actually need a flag in NL80211_CMD_CONNECT that indicates that userspace is able to actually handle NL80211_CMD_EXTERNAL_AUTH. It is nice that there is feature for userspace to see if the driver supports it, but how is the driver able to offload successfully if it doesn’t know that userspace can do it.
>
> Regards
>
> Marcel
>
On Fri, 2017-12-15 at 08:51 +0000, Srinivas Dasari wrote:
> > don’t we actually need a flag in NL80211_CMD_CONNECT that indicates that userspace is able to actually handle NL80211_CMD_EXTERNAL_AUTH. It is nice >that there is feature for userspace to see if the driver supports it, but how is the driver able to offload successfully if it doesn’t know that userspace can do it.
>
> Our idea was the driver to timeout the connect for the scenarios where the external auth (SAE) status is not indicated.
> I agree with you on user space indicating this capability to the driver.
> Is it a fair idea to extend enum cfg80211_assoc_req_flags for this ?
Seems reasonable to me - though you still need to deal with userspace
not responding I guess.
johannes
Hi Jouni,
> This interface allows the host driver to offload the authentication to
> user space. This is exclusively defined for host drivers that do not
> define separate commands for authentication and association, but rely on
> userspace SME (e.g., in wpa_supplicant for the ~WPA_DRIVER_FLAGS_SME
> case) for the authentication to happen. This can be used to implement
> SAE without full implementation in the kernel/firmware while still being
> able to use NL80211_CMD_CONNECT with driver-based BSS selection.
>
> The host driver sends the NL80211_CMD_EXTERNAL_AUTH event to start/abort
> the authentication to userspace and status of authentication is further
> indicated by user space to host driver through the same command
> interface. Such drivers advertise the capability through
> NL80211_EXT_FEATURE_EXTERNAL_AUTH.
don’t we actually need a flag in NL80211_CMD_CONNECT that indicates that userspace is able to actually handle NL80211_CMD_EXTERNAL_AUTH. It is nice that there is feature for userspace to see if the driver supports it, but how is the driver able to offload successfully if it doesn’t know that userspace can do it.
Regards
Marcel