Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp1424402rwe; Sat, 27 Aug 2022 07:53:18 -0700 (PDT) X-Google-Smtp-Source: AA6agR4devOhwBueBObFeYfdhDD74fiYemeJpDGMAo4cAtQeOS/uzp8wtUNDMjzA00ZMjoKd9CyE X-Received: by 2002:a63:d16:0:b0:41d:fe52:1d2f with SMTP id c22-20020a630d16000000b0041dfe521d2fmr7368459pgl.416.1661611997846; Sat, 27 Aug 2022 07:53:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661611997; cv=none; d=google.com; s=arc-20160816; b=hmodNjZb2yDR0BXEztgq5wk5B4CNJwAtA9E3vRqfOeeg+5fByz2rXJQEBjErzffcCA W3RxOzaeBcpslduPC+6IrTIf1BlyvZFcx9RTY4dlWpbET6qn2C++r1qEwN+E12fVEu5Z 1Kak2vMXrevOxlrm7jqjlpjnuYzhHwxoLD78IeKJ3lifYOFaDKpzM1ymjEOXo/a7AjZW 3T9kmvtXU1jaI1gS0CKGkRvAU3/MzvOIyPqFjsZuzj7t6GtoQtpCWVoED39LHGUn2wm2 EEiTkeJG2oRMVs42KTZDquwlRd9S0n57Uii8if2loZkTWfjhq1fwCge5t06vykJt/p4g +24Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent :content-transfer-encoding:references:in-reply-to:date:to:from :subject:message-id:dkim-signature; bh=lmrmDkvaAS6Djy9p7dIBcApJPPilZINP1K5eU/pl69g=; b=CkpU6+yPsgmHIPta907gmaDiZCVIDpU3xAc+8gY2n+FQJ/hJ0BQMCpGM5ig/yRRwSw C9VKduiQQh1EXPfC0FFxRvXZQXXLL7hlj92RcVp6o06aOVMLtz5Y8PJ8VbloTdQ69HmP LT8XYLEeZq1BcC2cWZck6oH8Ekq2s9GF1l60ykurlnRrBXzQe6bBee5tEGSPqWbPcz1X ok8kqV+CE0SKUaSGyWvRSmcAz/hqh5IhJ0UzdC0ZtScavPBjmZdvUi9V5/BrOz6fFWVE LmSlXwtp48wixIgfu2YZn8vxS6oe2/6/jMnIjtQNPuEw6j2/aBfmvrr7dlQjZ0pyut4o LrIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b=QDK8DRuk; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u2-20020a17090341c200b0017281416db6si4489581ple.408.2022.08.27.07.52.59; Sat, 27 Aug 2022 07:53:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b=QDK8DRuk; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231961AbiH0OqU (ORCPT + 64 others); Sat, 27 Aug 2022 10:46:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40848 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229544AbiH0OqS (ORCPT ); Sat, 27 Aug 2022 10:46:18 -0400 Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D9BC72315F for ; Sat, 27 Aug 2022 07:46:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sipsolutions.net; s=mail; h=MIME-Version:Content-Transfer-Encoding: Content-Type:References:In-Reply-To:Date:To:From:Subject:Message-ID:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-To: Resent-Cc:Resent-Message-ID; bh=lmrmDkvaAS6Djy9p7dIBcApJPPilZINP1K5eU/pl69g=; t=1661611576; x=1662821176; b=QDK8DRukCKnnLkXhUTTkrLP6YogBqfsTYHRwsgykFErWIpr CzcIRTBpFcpNVtU6hdKX4JrhupY/+r/hv3p/e1gBBv88wi3GUNFroT0ZMJuZLTbzqx3zrscqiabqQ p68yHI3lQOd409fenB5m6+3QtTbMzbpTLTX+wSP59V7NVkJs16JYBZvQyRj0EMKO4fB3moQ71Yhnh E+Pc/sBo/Z5htynIjBBVzK4ysr+XqNlBC3KG6zZf7M8KDK80r+8MjrRiW2KqcNcxmGoS0f0xHTpqM e3SMOkdlRUR/XUdqdYPilueY4aVzM/HxKeVS+OdOaZt5ouYzaydh9lkmzBMPif7Q==; Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from ) id 1oRx4f-001Crb-0u; Sat, 27 Aug 2022 16:46:13 +0200 Message-ID: <199f2ac280a1e1a195add45290411a9c1dc519fc.camel@sipsolutions.net> Subject: Re: Automatically adding OCI in mac80211 From: Johannes Berg To: James Prestwood , linux-wireless@vger.kernel.org Date: Sat, 27 Aug 2022 16:46:12 +0200 In-Reply-To: <432703ce83ac979ba06e2b85d6dc500f246c6a76.camel@gmail.com> References: <432703ce83ac979ba06e2b85d6dc500f246c6a76.camel@gmail.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.44.4 (3.44.4-1.fc36) MIME-Version: 1.0 X-malware-bazaar: not-scanned X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Fri, 2022-08-26 at 14:12 -0700, James Prestwood wrote: > Long ago support for multiple authenticated BSS's was removed due to > its complexity.=C2=A0 >=20 Well, actually, you can still authenticate with multiple BSSes, we just don't really track it. > CMD_AUTHENTICATE now changes state/channel, and is not > recoverable if authentication fails (i.e. disconnect).=C2=A0 It never did anything else though, IIRC? Anyway, doesn't matter much now. > The spec > actually allows/intends for multiple authentications to be supported > and FT specifically can really benefit from this. Sure, and with FT especially you can do some things over the DS too - but the kernel no longer cares, which is the part that was removed, if you try to assoc without ever authenticating it doesn't matter as far as the kernel is concerned. > As a workaround we started playing around with using > CMD_FRAME/offchannel for authentication, bypassing the kernels state. > This works, and we can authenticate, fail, try another BSS etc. all > without the kernel knowing, then proceed to association. Should work, yeah. > The small problem is dealing with OCV. Prior, we would call > CMD_AUTHENTICATE (channel changes), then GET_INTERFACE in order to > obtain the channel/operating class to build the OCI element. Now, since > authentication is done offchannel we cannot use GET_INTERFACE. Deriving > the OCI based on capabilities is certainly possible, after all this is > what the kernel does, but rather than trying to mirror/maintain that > code I thought it would be great if the kernel could append the OCI > automatically to the association request. This would also save a round > trip since GET_INTERFACE wouldn't be needed. I don't understand. You already have to know the channel in order to even *do* this (off-channel TX)? The kernel doesn't really know much about operating classes, so that part seems a bit tricky. Also note that this is not going to work so well with MLO due to the link and MLD addresses, and the kernel currently inserting the ML element, so not sure you're going to want to go this route now. johannes