Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp873472ybe;
        Wed, 11 Sep 2019 06:09:02 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxc1Cddjpvah40knY5D6xUxRh/l59teuWJKZvuuvfKhu3irXyP2RvDVXkxH/jQf8nUbNZu6
X-Received: by 2002:a17:906:5215:: with SMTP id g21mr26018685ejm.105.1568207342612;
        Wed, 11 Sep 2019 06:09:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1568207342; cv=none;
        d=google.com; s=arc-20160816;
        b=Paheqa8NpGB8jJS/ieRGdTV0YnI+tCA83uUP397KbOsATJT3RCdzG9R2R/gtf6yAVz
         2HeZVLW4SO7sH2F1YhUWkA5WryCHQUZUEuof7zIk4kYGVWkpMjIGgTRHS7nydDkAFXu1
         /VN/LqLZ5Z065zBQxbCG8gNo3QwxLXEIc+nA7nTYSb93T+DwjTsLgDPfq0Od5ctlU4j5
         qXiqjoomqKfr0JEUH8HxtMti9DmWA2UCYAHtiXrMWMeeJby/O68uS/FtK8HD+zyhtAfQ
         wMEQ3xG4GPbfbfcvxpppguqeZY4fTQo4uYfLynMfzoAwPvB4B3V4ctrwQGVDJycSS0yo
         pEMg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id;
        bh=9cQCj/0c0MZp4EKqmOt6rDbpzFiYqioKWALSFFECMEo=;
        b=iQusXQiZPd+ixIbYeNOoN99vCRITRNPsM4qh1GiNfgo5QD8k78pArDwZl7Qa1XSXaz
         Un7S390zaTkU2W6NDruuIdQRLw1sMyf4NFW6h99CNjApszA7VCc2SBtIcu/+ols01gMA
         wxnmGMaa+pLPj2JvGoBU8wGhmq6Jj+ZKPFFi8F4tbvnMqLsTFzMWHkcMZxd4D9O6Go7b
         LCQSp7bn9w75B2pQG/bAKt1vkvrySEperMw8SkHR4yoCXiML3qqZ2MLf3wgw1h/rpOhO
         +uLmNlfRsH4FGJPEiFNedyNmn2Mf/9iZQ643f8CP/1Tcd2wsxLKeeBxZSO5M3bJmkI8k
         kDgA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Return-Path: <linux-wireless-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id qw15si11339189ejb.11.2019.09.11.06.08.36;
        Wed, 11 Sep 2019 06:09:02 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727659AbfIKNGK (ORCPT <rfc822;pedromsds@gmail.com> + 99 others);
        Wed, 11 Sep 2019 09:06:10 -0400
Received: from s3.sipsolutions.net ([144.76.43.62]:39898 "EHLO
        sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727837AbfIKNGJ (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Wed, 11 Sep 2019 09:06:09 -0400
Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
        (Exim 4.92)
        (envelope-from <johannes@sipsolutions.net>)
        id 1i82Jw-0007pA-9M; Wed, 11 Sep 2019 15:06:04 +0200
Message-ID: <d0de07f0918863c8bc9bebccd8c6a7402a2ad173.camel@sipsolutions.net>
Subject: Re: [PATCH] mac80211: Do not send Layer 2 Update frame before
 authorization
From:   Johannes Berg <johannes@sipsolutions.net>
To:     Jouni Malinen <jouni@codeaurora.org>
Cc:     linux-wireless@vger.kernel.org, David Miller <davem@davemloft.net>,
        netdev@vger.kernel.org
Date:   Wed, 11 Sep 2019 15:06:03 +0200
In-Reply-To: <20190911130305.23704-1-jouni@codeaurora.org>
References: <20190911130305.23704-1-jouni@codeaurora.org>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.30.5 (3.30.5-1.fc29) 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

On Wed, 2019-09-11 at 16:03 +0300, Jouni Malinen wrote:
> The Layer 2 Update frame is used to update bridges when a station roams
> to another AP even if that STA does not transmit any frames after the
> reassociation. This behavior was described in IEEE Std 802.11F-2003 as
> something that would happen based on MLME-ASSOCIATE.indication, i.e.,
> before completing 4-way handshake. However, this IEEE trial-use
> recommended practice document was published before RSN (IEEE Std
> 802.11i-2004) and as such, did not consider RSN use cases. Furthermore,
> IEEE Std 802.11F-2003 was withdrawn in 2006 and as such, has not been
> maintained amd should not be used anymore.
> 
> Sending out the Layer 2 Update frame immediately after association is
> fine for open networks (and also when using SAE, FT protocol, or FILS
> authentication when the station is actually authenticated by the time
> association completes). However, it is not appropriate for cases where
> RSN is used with PSK or EAP authentication since the station is actually
> fully authenticated only once the 4-way handshake completes after
> authentication and attackers might be able to use the unauthenticated
> triggering of Layer 2 Update frame transmission to disrupt bridge
> behavior.
> 
> Fix this by postponing transmission of the Layer 2 Update frame from
> station entry addition to the point when the station entry is marked
> authorized. Similarly, send out the VLAN binding update only if the STA
> entry has already been authorized.

Reviewed-by: Johannes Berg <johannes@sipsolutions.net>

Dave, if you were still planning to send a pull request to Linus before
he closes the tree on Sunday this would be good to include (and we
should also backport it to stable later).

If not, I can pick it up afterwards, let me know.

Thanks,
johannes