Return-path: <linux-wireless-owner@vger.kernel.org>
Received: from hostap.isc.org ([149.20.54.63]:42476 "EHLO hostap.isc.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752037AbYFPOeS (ORCPT <rfc822;linux-wireless@vger.kernel.org>);
	Mon, 16 Jun 2008 10:34:18 -0400
Received: from gprs-internet.mobile.sonera.net ([212.213.204.99] helo=jm)
	by hostap.isc.org with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.63)
	(envelope-from <j@w1.fi>)
	id 1K8FUR-0008FE-V6
	for linux-wireless@vger.kernel.org; Mon, 16 Jun 2008 07:15:41 -0700
Date: Mon, 16 Jun 2008 17:33:08 +0300
From: Jouni Malinen <j@w1.fi>
To: linux-wireless@vger.kernel.org
Subject: Management frame protection and packet injection from hostapd
Message-ID: <20080616143308.GB18479@jm.kir.nu> (sfid-20080616_163421_476762_10655DB9)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: linux-wireless-owner@vger.kernel.org
List-ID: <linux-wireless.vger.kernel.org>

I'm working on IEEE 802.11w support for mac80211 and my current code is
in a state that allows both unicast and multicast/broadcast management
frames to be protected (with CCMP and BIP/AES-CMAC, respectively). I'll
clean up the patches a bit and send the first version for commenting in
the near future. However, even before the patches are available, there
is one area that could benefit from comments.

hostapd is currently using a monitor interface to inject management
frames. This seems to work fine for unencrypted frames, but at least BIP
protection of broadcast/multicast management frames does not work
without some hacks.. The problem here is that the default TX key is
configured for the main data interface (wlan0) while the injected frame
is coming from the monitor interface (mon.wlan0).
ieee80211_tx_h_select_key() does not find the default key for management
frames and consequently, the frame ends up going out without BIP
processing.

My current workaround is to configure IGTK for both wlan0 and mon.wlan0
in hostapd. This works, but is somewhat undesirable.. Would there be a
better way for configuring the default keys (this could apply also for
data frames, but at least for IGTK and management frames for the time
being), so that they would apply both to frames generated by MLME code
in mac80211 (if any; currently there is no broadcast/multicast
management frames used and actually, no management frames generated in
mac80211 MLME code in AP mode) and monitor interfaces (or something that
would replace them for packet injection)?


PS.

I'm not sure whether this is a bug somewhere in my changes or whether
the configuration of default keys for monitor interfaces triggered this,
but mac80211 is now leaving behind almost empty debugfs ieee80211/phy#
directories. The only thing remaining in that directory is an empty
netdev:mon.wlan0 subdirectory, so it looks like something fails to
remove said subdirectory and then the phy# directory.

-- 
Jouni Malinen                                            PGP id EFC895FA