Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp574203ybg; Fri, 12 Jun 2020 08:59:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxk8qhURR1V386saTSd5sarVx69OaRsG+41aGsQr6AncJ7YnNsZE3iRmET8WNxjdpoid6fZ X-Received: by 2002:a17:906:d216:: with SMTP id w22mr13346856ejz.420.1591977593826; Fri, 12 Jun 2020 08:59:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591977593; cv=none; d=google.com; s=arc-20160816; b=lHqBVtFKiExPw6CiaX5Fk8T6LbPJCg0101i5Km+ufaoUK92MdYKB6ifKSgV02gVEtM X1k8I+KP0VW/J7OH9EbXK4QIW7cBMyZqCB2z+Z6ixF1FhYfmEknT5x0XEX27OZ+CiYd6 toelH2dXSC6a1vJaj3gQOej5Lw19lAqI/3mvnmmqYdnAaUGupn/HWBnTA/CR7rHmT9Jn UN9EOZcss/2+kNewkoXaBcuv0YOtpBRkEA34k8evJjzKYtCt7ckabT5fG+PKg76kawwx 2Gb+0T2XifA/8nw3QbhO5mizbprOe/Cefsj1LL0iszHFg1LwlLHPIhQjhUea2qRo3QvL zyPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=2+3TxnQ9ZkWFNoXePHhKvPjfaPtSQ+Vc7hO/eS0rcSM=; b=ZsSx82Pl2NprCCOzCQB6HR5dHe7ETPvTnFBgHoQBqjehWK6c6MN+1L9/vdzZtLMIGz gxfLXntb6PtOGpTc/iP79N66h0KsHdNGanfvTgsFzH0zQYozLt4cv3pGoT4qkKCs9Ebb J6WTL5BXlCTxgnUuV9OVicvtVzeErPZPTw8ZUQoMhlRx0KMsKxqPP68H+YTb1i+9guqo 2R8q40ZT8175x50vhVGowxnr55ANAJaCkCGh2RdLqGYqjj2FhnyVm9FBBCDnvFaV6kOB Gk+GhPArJmDJYChP5r3OEnT9qOnZpnR5ApmYvxKDYtgkyUFEu2WNzdFh00Isd3Aoxlzw RhOQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v3si3760597edy.518.2020.06.12.08.59.30; Fri, 12 Jun 2020 08:59:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726281AbgFLP6r (ORCPT + 99 others); Fri, 12 Jun 2020 11:58:47 -0400 Received: from smail.rz.tu-ilmenau.de ([141.24.186.67]:51233 "EHLO smail.rz.tu-ilmenau.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726089AbgFLP6q (ORCPT ); Fri, 12 Jun 2020 11:58:46 -0400 Received: from legolas.fritz.box (unknown [87.147.49.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smail.rz.tu-ilmenau.de (Postfix) with ESMTPSA id BA472580075; Fri, 12 Jun 2020 17:58:44 +0200 (CEST) From: Markus Theil To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, Markus Theil Subject: [PATCH v2 1/2] mac80211: skip mpath lookup also for control port tx Date: Fri, 12 Jun 2020 17:58:35 +0200 Message-Id: <20200612155836.1207234-2-markus.theil@tu-ilmenau.de> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200612155836.1207234-1-markus.theil@tu-ilmenau.de> References: <20200612155836.1207234-1-markus.theil@tu-ilmenau.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org When using 802.1X over mesh networks, at first an ordinary mesh peering is established, then the 802.1X EAPOL dialog happens, afterwards an authenticated mesh peering exchange (AMPE) happens, finally the peering is complete and we can set the STA authorized flag. As 802.1X is an intermediate step here and key material is not yet exchanged for stations we have to skip mesh path lookup for these EAPOL frames. Otherwise the already configure mesh group encryption key would be used to send a mesh path request which no one can decipher, because we didn't already establish key material on both peers, like with SAE and directly using AMPE. Signed-off-by: Markus Theil --- net/mac80211/tx.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index e9ce658141f5..bd86f85a5b73 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -3933,6 +3933,7 @@ void __ieee80211_subif_start_xmit(struct sk_buff *skb, struct ieee80211_local *local = sdata->local; struct sta_info *sta; struct sk_buff *next; + u32 ctrl_flags_adapted; if (unlikely(skb->len < ETH_HLEN)) { kfree_skb(skb); @@ -3996,8 +3997,12 @@ void __ieee80211_subif_start_xmit(struct sk_buff *skb, skb_list_walk_safe(skb, skb, next) { skb_mark_not_on_list(skb); + ctrl_flags_adapted = ctrl_flags; + if (sdata->control_port_protocol == skb->protocol) + ctrl_flags_adapted |= IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP; + skb = ieee80211_build_hdr(sdata, skb, info_flags, - sta, ctrl_flags, cookie); + sta, ctrl_flags_adapted, cookie); if (IS_ERR(skb)) { kfree_skb_list(next); goto out; @@ -5370,8 +5375,10 @@ int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev, proto != cpu_to_be16(ETH_P_PREAUTH)) return -EINVAL; - if (proto == sdata->control_port_protocol) - ctrl_flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO; + if (proto == sdata->control_port_protocol) { + ctrl_flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO | + IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP; + } if (unencrypted) flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; -- 2.27.0