Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp1476065ybg; Thu, 11 Jun 2020 10:48:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzkk+k7VQkvT57taWOW3CuVeR2sp5dLeO13qw8EvcYgcj9GbhcIbvEf+V0+uJNaEbw3tdKg X-Received: by 2002:a17:906:ca4e:: with SMTP id jx14mr9166317ejb.285.1591897686630; Thu, 11 Jun 2020 10:48:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591897686; cv=none; d=google.com; s=arc-20160816; b=aNibdH6rYqUbnt0SA57jQsHBGQdck3kyaO1wAFKH6CdI84yQI581tlq/GmfTLMSTYu YcrgS2Tdbn10pyGmOBj9OBegLORFQdsio4x8/i0VPvDChtU2qRSB5YFTqXZAmQH+Buxf gqsat5+Giai215Ld2yKYLWTm+L46vuWe77DLLfryq1TnsxAzTlTN2oe2j2sZEwD2z9xl Cj1YRJM2uP4AHH1+QzIb3ojbRyUyFeXtQy2ZGAUjRb+R3iDEkNQg9nLLRfBIiMqqf0dk Eqoc8+TJdsT4Uj0hTwQB7YCsFXgtex3ZcVLvtuTg0Xn6lMLUiBroPMFEpMkf8DojZovn +lHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=75LhNjfdC7j8UZEVmEsEFMAeawTF+pFiqW+uwQWMqVg=; b=JG4tJe9H7Y1c1E9bu+oSg8sNhLM9I7BY/E8J05YGb/WNFQwN9DgI50EM93NXpvQi71 OFcMIlXEpCkIZh8RYROzdQFyuPOmD60vd6gpFlUiAo6jqWblzKHeXVYtNa8vsKcodiCX JFFwXabGeYc6XW8iBsApjhyWGSSFdq3Jft2/s9uoULDpZIImB17j9bNfDtFzlJb+tuqJ NPB75UPSOcSodzeTS3awjxYXydpQRM386K+f0NaFQ0eWBtZzwu57WndyV41uoeL2KVKc TrS22U+rhUotYuQexks5ICBPMYJKsSqzMHh481WVxspr9Qkvfc9vb7Gp6fGijHFhlAv8 ZQ4w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cm13si1889762edb.246.2020.06.11.10.47.23; Thu, 11 Jun 2020 10:48:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726526AbgFKQoU (ORCPT + 99 others); Thu, 11 Jun 2020 12:44:20 -0400 Received: from smail.rz.tu-ilmenau.de ([141.24.186.67]:47058 "EHLO smail.rz.tu-ilmenau.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725782AbgFKQoT (ORCPT ); Thu, 11 Jun 2020 12:44:19 -0400 Received: from legolas.fritz.box (unknown [87.147.49.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smail.rz.tu-ilmenau.de (Postfix) with ESMTPSA id 8D550580065; Thu, 11 Jun 2020 18:44:17 +0200 (CEST) From: Markus Theil To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, Markus Theil Subject: [PATCH] mac80211: skip mpath lookup also for control port tx Date: Thu, 11 Jun 2020 18:44:10 +0200 Message-Id: <20200611164410.606859-1-markus.theil@tu-ilmenau.de> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org When using 802.1X over mesh networks, at first an ordinary mesh peering is established, then the 802.1X EAPOL dialog happens, afterwards an authenticated mesh peering exchange (AMPE) happens, finally the peering is complete and we can set the STA authorized flag. As 802.1X is an intermediate step here and key material is not yet exchanged for stations we have to skip mesh path lookup for these EAPOL frames. Otherwise the already configure mesh group encryption key would be used to send a mesh path request which no one can decipher, because we didn't already establish key material on both peers, like with SAE and directly using AMPE. Signed-off-by: Markus Theil --- net/mac80211/tx.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index e9ce658141f5..c87472c0239f 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -576,7 +576,8 @@ ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx) if (unlikely(tx->sdata->control_port_protocol == tx->skb->protocol)) { if (tx->sdata->control_port_no_encrypt) info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; - info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO; + info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO | + IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP; info->flags |= IEEE80211_TX_CTL_USE_MINRATE; } @@ -5370,8 +5371,10 @@ int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev, proto != cpu_to_be16(ETH_P_PREAUTH)) return -EINVAL; - if (proto == sdata->control_port_protocol) - ctrl_flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO; + if (proto == sdata->control_port_protocol) { + ctrl_flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO | + IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP; + } if (unencrypted) flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; -- 2.27.0