Return-path: Received: from mail-wm0-f48.google.com ([74.125.82.48]:37345 "EHLO mail-wm0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752907AbbKMGOs (ORCPT ); Fri, 13 Nov 2015 01:14:48 -0500 Received: by wmww144 with SMTP id w144so16534014wmw.0 for ; Thu, 12 Nov 2015 22:14:46 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <564535ED.6080703@candelatech.com> References: <564535ED.6080703@candelatech.com> Date: Fri, 13 Nov 2015 07:14:46 +0100 Message-ID: (sfid-20151113_071522_687892_5E09E28D) Subject: Re: Does mac80211 guarantee no data frames are sent to driver until encryption is setup? From: Janusz Dziedzic To: Ben Greear Cc: "linux-wireless@vger.kernel.org" Content-Type: text/plain; charset=UTF-8 Sender: linux-wireless-owner@vger.kernel.org List-ID: On 13 November 2015 at 01:59, Ben Greear wrote: > A certain firmware tries to do EAPOL inspection and only allow data pkts > to be sent after the 4-way M4 has been sent, for instance. > > This was breaking .11r because in that case you don't do the 4-way after > roaming, so the firmware was waiting forever for an M4 to be sent and > thus all tx data was hung. > > I managed to get this working by just removing all of the EAPOL inspection > from the firmware, > but I am thinking that if the stack will send data packets to the driver > before 4-way auth is completed and keys are set, then maybe I would > be opening up a race where un-encrypted frames could hit the air. > > Any idea what protections, if any, the mac80211 stack provides > for this case? > Check WLAN_STA_AUTHORIZED in mac80211. BR Janusz