Return-path: Received: from 128-177-27-249.ip.openhosting.com ([128.177.27.249]:36402 "EHLO jmalinen.user.openhosting.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755473AbZEHJiQ (ORCPT ); Fri, 8 May 2009 05:38:16 -0400 Date: Fri, 8 May 2009 12:38:07 +0300 From: Jouni Malinen To: "John W. Linville" Cc: Johannes Berg , linux-wireless@vger.kernel.org Subject: Re: [PATCH] nl80211: Add request for dropping unencrypted frames Message-ID: <20090508093807.GC21362@jm.kir.nu> References: <20090506173832.GC2960@jm.kir.nu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <20090506173832.GC2960@jm.kir.nu> Sender: linux-wireless-owner@vger.kernel.org List-ID: On Wed, May 06, 2009 at 08:38:32PM +0300, Jouni Malinen wrote: > In order for mac80211 to be able to drop unencrypted frames correctly, > we must let it know when this has to be done. In theory, some of the > cases (e.g., unicast frames) would be trivial to handle based on the > configured key, but we do not do that currently (rx->key selection is > skipped for unprotected frames) and it would be less trivial for > broadcast frames (key index not available for unprotected frames). The > safest option seems to be to introduce an association request > attribute into nl80211 to set drop_unencrypted variable that is used > with WEXT. Please drop this. We will try to survive with key setup -based implementation and by adding proper IEEE 802.1X PAE also for station mode when using nl80211. -- Jouni Malinen PGP id EFC895FA