Received: by 2002:a25:2c96:0:0:0:0:0 with SMTP id s144csp912477ybs; Mon, 25 May 2020 02:20:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxrEG0Ughg/iXopSYO9xE/l9YDOBJRJHLxml6MF1lbVD1fjHyilodyrVSkNZx/kCGA+NsCo X-Received: by 2002:a17:906:1d13:: with SMTP id n19mr17647955ejh.287.1590398436274; Mon, 25 May 2020 02:20:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590398436; cv=none; d=google.com; s=arc-20160816; b=h/ajZYDIvCJi37k83Fg409RA2uFgjczhKo5fx7zRyEmzSLzg1gLttJhUpIcOU2QoSo 3yWR8n2qrG8/0TM1Pti67Kb3Jdo+xY44TnI1CwjrDDcXaiD7y4nSrgQJOGt7OY7E8FLy tlEEOXFAhvadeD4ao8qkirH7eS8NByvLsNS2xI8Fa6QxLBj6o8DPh8bRpEUVckwH/liR dh3Eo/iLrHA9K8z3eI2W4HTGdxoWyhNVW0zeSRGQLdcZ9mikZJwIIAi0BpUE5Y0BIDFk EZhX0OGqM9F0K5qc2uKskJFmd48gU3mJ6anUAQckGbSc6hWdSzCvUCwFLz+UbSc3hX/y qsOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=OTb2zn7t3MiqrMXp2Sb7/EUU/s1Bsv+HxjKR+XCtRno=; b=J3IBwNSEht0PHhfygGOJaBU/Ap9xRjHmyeZAkxIsTZdRDHN5z8r3FKeO9bV4ecKtM+ NJTOz2nOzDUm6vIGBvvBZKD2NRz/UFqkxRG0fbJspM+7p7XX/GidIQ5N+2yZMhgMDKNd wfhc4nLIeKMlFGla8cSTfm6i/3PKiGRyipfuv8iJNeW7TwqpWhi2bHzBdKt3fk2pHeDw qfZ5I1wrc8Dfk/9+Z0zv+VqowZWpybMinbgPAibBSMHy2/kNCeadOsSqlaPH8fPABmtz JtcbJMEbKoWcAkqIiOogmxbMNbmfPm3zcKPqaaN0nmit8ITxSTJvBdna/oYGmbWICcQM jNYw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bi8si9361141ejb.9.2020.05.25.02.20.12; Mon, 25 May 2020 02:20:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389564AbgEYJRz (ORCPT + 99 others); Mon, 25 May 2020 05:17:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53836 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389546AbgEYJRz (ORCPT ); Mon, 25 May 2020 05:17:55 -0400 Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D60A1C061A0E for ; Mon, 25 May 2020 02:17:54 -0700 (PDT) Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.93) (envelope-from ) id 1jd9Et-002bRu-HB; Mon, 25 May 2020 11:17:43 +0200 Message-ID: Subject: Re: [RFC PATCH] rt2800lib: unconditionally enable MFP From: Johannes Berg To: Larry Finger , Rui Salvaterra , Stanislaw Gruszka Cc: kvalo@codeaurora.org, linux-wireless@vger.kernel.org Date: Mon, 25 May 2020 11:17:42 +0200 In-Reply-To: <12222a10-e5d9-514e-7667-0602919a4866@lwfinger.net> (sfid-20200525_020302_358017_7777E473) References: <20200524094730.2684-1-rsalvaterra@gmail.com> <20200524111751.GA914918@wp.pl> <12222a10-e5d9-514e-7667-0602919a4866@lwfinger.net> (sfid-20200525_020302_358017_7777E473) Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.36.2 (3.36.2-1.fc32) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Sun, 2020-05-24 at 19:02 -0500, Larry Finger wrote: > On 5/24/20 10:07 AM, Rui Salvaterra wrote: > > Hi, Stanislaw, > > > > On Sun, 24 May 2020 at 12:18, Stanislaw Gruszka wrote: > > > AFICT more work need to be done to support MFP by HW encryption properly > > > on rt2x00. See this message and whole thread: > > > https://lore.kernel.org/linux-wireless/977a3cf4-3ec5-4aaa-b3d4-eea2e8593652@nbd.name/ > > > > > > Stanislaw > > > > This RT2790 has been working just fine with my patch for hours. No > > hangs at all. What additional bad behaviour should I expect? > > I read the above thread. It seems that the best thing to do with b43 is to send > the MFP_CAPABLE only when nohwcrypt is set as a module option. I wish it could > have worked the other way, but I think the potential for keys getting out of > sync should be avoided.I still need to find a place the log something when > ciphers are present and the option is not set. With b43 you have much less to worry about though. Contrary to what I just said in my other email (oops, sorry) there are two problems here: 1) RX of management frames - if hw/fw erroneously attempts to decrypt 2) PN assignment during TX 1) you can test easily with b43, say send a deauth from the AP to the client and check the frame goes through properly. If it does, then the device isn't attempting to decrypt. 2) isn't an issue with b43 since it does it in software (I believe in mac80211) anyway. johannes