A certain firmware tries to do EAPOL inspection and only allow data pkts
to be sent after the 4-way M4 has been sent, for instance.
This was breaking .11r because in that case you don't do the 4-way after
roaming, so the firmware was waiting forever for an M4 to be sent and
thus all tx data was hung.
I managed to get this working by just removing all of the EAPOL inspection from the firmware,
but I am thinking that if the stack will send data packets to the driver
before 4-way auth is completed and keys are set, then maybe I would
be opening up a race where un-encrypted frames could hit the air.
Any idea what protections, if any, the mac80211 stack provides
for this case?
Thanks,
Ben
--
Ben Greear <[email protected]>
Candela Technologies Inc http://www.candelatech.com
On 13 November 2015 at 01:59, Ben Greear <[email protected]> wrote:
> A certain firmware tries to do EAPOL inspection and only allow data pkts
> to be sent after the 4-way M4 has been sent, for instance.
>
> This was breaking .11r because in that case you don't do the 4-way after
> roaming, so the firmware was waiting forever for an M4 to be sent and
> thus all tx data was hung.
>
> I managed to get this working by just removing all of the EAPOL inspection
> from the firmware,
> but I am thinking that if the stack will send data packets to the driver
> before 4-way auth is completed and keys are set, then maybe I would
> be opening up a race where un-encrypted frames could hit the air.
>
> Any idea what protections, if any, the mac80211 stack provides
> for this case?
>
Check WLAN_STA_AUTHORIZED in mac80211.
BR
Janusz
On 11/12/2015 10:14 PM, Janusz Dziedzic wrote:
> On 13 November 2015 at 01:59, Ben Greear <[email protected]> wrote:
>> A certain firmware tries to do EAPOL inspection and only allow data pkts
>> to be sent after the 4-way M4 has been sent, for instance.
>>
>> This was breaking .11r because in that case you don't do the 4-way after
>> roaming, so the firmware was waiting forever for an M4 to be sent and
>> thus all tx data was hung.
>>
>> I managed to get this working by just removing all of the EAPOL inspection
>> from the firmware,
>> but I am thinking that if the stack will send data packets to the driver
>> before 4-way auth is completed and keys are set, then maybe I would
>> be opening up a race where un-encrypted frames could hit the air.
>>
>> Any idea what protections, if any, the mac80211 stack provides
>> for this case?
>>
> Check WLAN_STA_AUTHORIZED in mac80211.
Thanks for the hint. Looks like my firmware change should
be perfectly safe in that case.
Thanks,
Ben
--
Ben Greear <[email protected]>
Candela Technologies Inc http://www.candelatech.com