Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp315459ybt; Wed, 17 Jun 2020 01:28:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyi2Z4l67rH99bwsCian+/UCWb5LdZ72ArrU1U2L5CzBAMRXbCzRXs/j4P/vwqQRbOXWOFO X-Received: by 2002:a05:6402:1247:: with SMTP id l7mr5902410edw.61.1592382506965; Wed, 17 Jun 2020 01:28:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592382506; cv=none; d=google.com; s=arc-20160816; b=GnRX/lpuDNz2ReeFU9PenzKQOFQCfdt+hRrQLz8Q/VfN/UODzIjzNlwc494k5daeku KbAieSpFPRax4PIr2bnBz2nF7E7p1X1COR0ZouCpgyjMgdc+/TXC4RE6/bYpIRsrmsgX 76GVJBt6hc9qS5AQxfGslfL48jEEyo9O6iz0i4VA/XvcAuF7FA0fygJYVKsBSlHGBpN7 razxIUhsef44ekvf6hmu7jDfNZL/A1UnbhSXe2K5mO4Uz6yko1jpmiR6aJO95aCjWtS+ hxeBXm2YV+MBqb14c9GYSmZLWIZ082r2mk+wMBAh23tAcPaI9/tMp9MJmEcslOTt6Wy6 5ZpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=2+3TxnQ9ZkWFNoXePHhKvPjfaPtSQ+Vc7hO/eS0rcSM=; b=mUJsbKu1v3HmPJQ6SpE9slV0NBdZLGbYeb9OpK3UKVSk8hWcMsZyg5pr7GMiWNCZ+1 fL8LSsmX4Ou0mKpYbv7l5bW1+ny31dRQ4l9FrWaGodeH1Rn7C8Mg7un9jrKt0z65Xa6b OXCMKlOngVos3GAQeqY6P4wzx3VJJgdy3pMoEvfoMtlsT/S9WaoNwCdwYuCL0iPZbmpg +Iype/RkdomsAmtFIPWS2JDQx8pbiVJ80ud0DbIBDGkLxx5N4z67q0IKF+ZNwIfvsRNH G4Pf9zw31y2kb/DygO0PC25QjUunELftBy9cXXZPLPwj3azNwfAmfzgLiDDYLaKWJueJ pyGQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j26si12531937ejs.623.2020.06.17.01.27.48; Wed, 17 Jun 2020 01:28:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726629AbgFQI1G (ORCPT + 99 others); Wed, 17 Jun 2020 04:27:06 -0400 Received: from smail.rz.tu-ilmenau.de ([141.24.186.67]:49905 "EHLO smail.rz.tu-ilmenau.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726025AbgFQI1F (ORCPT ); Wed, 17 Jun 2020 04:27:05 -0400 Received: from legolas.fritz.box (unknown [87.147.49.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smail.rz.tu-ilmenau.de (Postfix) with ESMTPSA id 257AF580073; Wed, 17 Jun 2020 10:27:03 +0200 (CEST) From: Markus Theil To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, Markus Theil Subject: [PATCH v3 1/2] mac80211: skip mpath lookup also for control port tx Date: Wed, 17 Jun 2020 10:26:36 +0200 Message-Id: <20200617082637.22670-2-markus.theil@tu-ilmenau.de> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200617082637.22670-1-markus.theil@tu-ilmenau.de> References: <20200617082637.22670-1-markus.theil@tu-ilmenau.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org When using 802.1X over mesh networks, at first an ordinary mesh peering is established, then the 802.1X EAPOL dialog happens, afterwards an authenticated mesh peering exchange (AMPE) happens, finally the peering is complete and we can set the STA authorized flag. As 802.1X is an intermediate step here and key material is not yet exchanged for stations we have to skip mesh path lookup for these EAPOL frames. Otherwise the already configure mesh group encryption key would be used to send a mesh path request which no one can decipher, because we didn't already establish key material on both peers, like with SAE and directly using AMPE. Signed-off-by: Markus Theil --- net/mac80211/tx.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index e9ce658141f5..bd86f85a5b73 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -3933,6 +3933,7 @@ void __ieee80211_subif_start_xmit(struct sk_buff *skb, struct ieee80211_local *local = sdata->local; struct sta_info *sta; struct sk_buff *next; + u32 ctrl_flags_adapted; if (unlikely(skb->len < ETH_HLEN)) { kfree_skb(skb); @@ -3996,8 +3997,12 @@ void __ieee80211_subif_start_xmit(struct sk_buff *skb, skb_list_walk_safe(skb, skb, next) { skb_mark_not_on_list(skb); + ctrl_flags_adapted = ctrl_flags; + if (sdata->control_port_protocol == skb->protocol) + ctrl_flags_adapted |= IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP; + skb = ieee80211_build_hdr(sdata, skb, info_flags, - sta, ctrl_flags, cookie); + sta, ctrl_flags_adapted, cookie); if (IS_ERR(skb)) { kfree_skb_list(next); goto out; @@ -5370,8 +5375,10 @@ int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev, proto != cpu_to_be16(ETH_P_PREAUTH)) return -EINVAL; - if (proto == sdata->control_port_protocol) - ctrl_flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO; + if (proto == sdata->control_port_protocol) { + ctrl_flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO | + IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP; + } if (unencrypted) flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; -- 2.27.0