2008-06-17 16:01:21

by Jouni Malinen

[permalink] [raw]
Subject: [RFC PATCH 7/7] 802.11w: Configuration of MFP disabled/optional/required

Add new WEXT IW_AUTH_* parameter for setting MFP
disabled/optional/required.

Signed-off-by: Jouni Malinen <[email protected]>


Index: wireless-testing/include/linux/wireless.h
===================================================================
--- wireless-testing.orig/include/linux/wireless.h
+++ wireless-testing/include/linux/wireless.h
@@ -578,6 +578,7 @@
#define IW_AUTH_ROAMING_CONTROL 9
#define IW_AUTH_PRIVACY_INVOKED 10
#define IW_AUTH_CIPHER_GROUP_MGMT 11
+#define IW_AUTH_MFP 12

/* IW_AUTH_WPA_VERSION values (bit field) */
#define IW_AUTH_WPA_VERSION_DISABLED 0x00000001
@@ -607,6 +608,11 @@
#define IW_AUTH_ROAMING_DISABLE 1 /* user space program used for roaming
* control */

+/* IW_AUTH_MFP (management frame protection) values */
+#define IW_AUTH_MFP_DISABLED 0 /* MFP disabled */
+#define IW_AUTH_MFP_OPTIONAL 1 /* MFP optional */
+#define IW_AUTH_MFP_REQUIRED 2 /* MFP required */
+
/* SIOCSIWENCODEEXT definitions */
#define IW_ENCODE_SEQ_MAX_SIZE 8
/* struct iw_encode_ext ->alg */
Index: wireless-testing/net/mac80211/ieee80211_i.h
===================================================================
--- wireless-testing.orig/net/mac80211/ieee80211_i.h
+++ wireless-testing/net/mac80211/ieee80211_i.h
@@ -372,6 +372,11 @@ struct ieee80211_if_sta {
int auth_alg; /* currently used IEEE 802.11 authentication algorithm */
int auth_transaction;

+#define IEEE80211_MFP_DISABLED 0
+#define IEEE80211_MFP_OPTIONAL 1
+#define IEEE80211_MFP_REQUIRED 2
+ int mfp; /* management frame protection */
+
unsigned long ibss_join_req;
struct sk_buff *probe_resp; /* ProbeResp template for IBSS */
u32 supp_rates_bits[IEEE80211_NUM_BANDS];
Index: wireless-testing/net/mac80211/wext.c
===================================================================
--- wireless-testing.orig/net/mac80211/wext.c
+++ wireless-testing/net/mac80211/wext.c
@@ -1003,6 +1003,13 @@ static int ieee80211_ioctl_siwauth(struc
else
ret = -EOPNOTSUPP;
break;
+ case IW_AUTH_MFP:
+ if (sdata->vif.type == IEEE80211_IF_TYPE_STA ||
+ sdata->vif.type == IEEE80211_IF_TYPE_IBSS)
+ sdata->u.sta.mfp = data->value;
+ else
+ ret = -EOPNOTSUPP;
+ break;
default:
ret = -EOPNOTSUPP;
break;

--

--
Jouni Malinen PGP id EFC895FA


2008-06-17 18:35:48

by Johannes Berg

[permalink] [raw]
Subject: Re: [RFC PATCH 7/7] 802.11w: Configuration of MFP disabled/optional/required


> > > --- wireless-testing.orig/net/mac80211/wext.c
> > > +++ wireless-testing/net/mac80211/wext.c
> > > + case IW_AUTH_MFP:
> > > + if (sdata->vif.type == IEEE80211_IF_TYPE_STA ||
> > > + sdata->vif.type == IEEE80211_IF_TYPE_IBSS)
> > > + sdata->u.sta.mfp = data->value;
> >
> > and shouldn't that be used somewhere?
>
> Well, yes. This is still somewhat unclear area to me and in particular,
> I'm not sure whether the IW_AUTH_MFP parameter will end up being used in
> mac80211. It would be used if the kernel code (or firmware in fullmac
> designs) would select the AP. mac80211 may need another configuration
> item to set whether MFP was actually negotiated during association. This
> has changed a bit in the latest 802.11w draft and I haven't yet updated
> my implementation to use the new mechanism. For the time being,
> sdata->u.sta.mfp is more or less a placeholder for something that may
> disappear or change to something else..

Ok, yeah, that explains why I wasn't really able to see how it
determined whether MFP was optional/required for a certain association
etc.

johannes


Attachments:
signature.asc (836.00 B)
This is a digitally signed message part

2008-06-17 17:10:24

by Johannes Berg

[permalink] [raw]
Subject: Re: [RFC PATCH 7/7] 802.11w: Configuration of MFP disabled/optional/required


> +#define IEEE80211_MFP_DISABLED 0
> +#define IEEE80211_MFP_OPTIONAL 1
> +#define IEEE80211_MFP_REQUIRED 2
> + int mfp; /* management frame protection */

Maybe an enum would be good?

> --- wireless-testing.orig/net/mac80211/wext.c
> +++ wireless-testing/net/mac80211/wext.c
> @@ -1003,6 +1003,13 @@ static int ieee80211_ioctl_siwauth(struc
> else
> ret = -EOPNOTSUPP;
> break;
> + case IW_AUTH_MFP:
> + if (sdata->vif.type == IEEE80211_IF_TYPE_STA ||
> + sdata->vif.type == IEEE80211_IF_TYPE_IBSS)
> + sdata->u.sta.mfp = data->value;

and shouldn't that be used somewhere?

johannes


Attachments:
signature.asc (836.00 B)
This is a digitally signed message part

2008-06-17 18:19:08

by Jouni Malinen

[permalink] [raw]
Subject: Re: [RFC PATCH 7/7] 802.11w: Configuration of MFP disabled/optional/required

On Tue, Jun 17, 2008 at 07:09:30PM +0200, Johannes Berg wrote:

> > +#define IEEE80211_MFP_DISABLED 0
> > +#define IEEE80211_MFP_OPTIONAL 1
> > +#define IEEE80211_MFP_REQUIRED 2
> > + int mfp; /* management frame protection */
>
> Maybe an enum would be good?

Sure.

> > --- wireless-testing.orig/net/mac80211/wext.c
> > +++ wireless-testing/net/mac80211/wext.c
> > + case IW_AUTH_MFP:
> > + if (sdata->vif.type == IEEE80211_IF_TYPE_STA ||
> > + sdata->vif.type == IEEE80211_IF_TYPE_IBSS)
> > + sdata->u.sta.mfp = data->value;
>
> and shouldn't that be used somewhere?

Well, yes. This is still somewhat unclear area to me and in particular,
I'm not sure whether the IW_AUTH_MFP parameter will end up being used in
mac80211. It would be used if the kernel code (or firmware in fullmac
designs) would select the AP. mac80211 may need another configuration
item to set whether MFP was actually negotiated during association. This
has changed a bit in the latest 802.11w draft and I haven't yet updated
my implementation to use the new mechanism. For the time being,
sdata->u.sta.mfp is more or less a placeholder for something that may
disappear or change to something else..

--
Jouni Malinen PGP id EFC895FA