Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp1424402rwe;
        Sat, 27 Aug 2022 07:53:18 -0700 (PDT)
X-Google-Smtp-Source: AA6agR4devOhwBueBObFeYfdhDD74fiYemeJpDGMAo4cAtQeOS/uzp8wtUNDMjzA00ZMjoKd9CyE
X-Received: by 2002:a63:d16:0:b0:41d:fe52:1d2f with SMTP id c22-20020a630d16000000b0041dfe521d2fmr7368459pgl.416.1661611997846;
        Sat, 27 Aug 2022 07:53:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1661611997; cv=none;
        d=google.com; s=arc-20160816;
        b=hmodNjZb2yDR0BXEztgq5wk5B4CNJwAtA9E3vRqfOeeg+5fByz2rXJQEBjErzffcCA
         W3RxOzaeBcpslduPC+6IrTIf1BlyvZFcx9RTY4dlWpbET6qn2C++r1qEwN+E12fVEu5Z
         1Kak2vMXrevOxlrm7jqjlpjnuYzhHwxoLD78IeKJ3lifYOFaDKpzM1ymjEOXo/a7AjZW
         3T9kmvtXU1jaI1gS0CKGkRvAU3/MzvOIyPqFjsZuzj7t6GtoQtpCWVoED39LHGUn2wm2
         EEiTkeJG2oRMVs42KTZDquwlRd9S0n57Uii8if2loZkTWfjhq1fwCge5t06vykJt/p4g
         +24Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent
         :content-transfer-encoding:references:in-reply-to:date:to:from
         :subject:message-id:dkim-signature;
        bh=lmrmDkvaAS6Djy9p7dIBcApJPPilZINP1K5eU/pl69g=;
        b=CkpU6+yPsgmHIPta907gmaDiZCVIDpU3xAc+8gY2n+FQJ/hJ0BQMCpGM5ig/yRRwSw
         C9VKduiQQh1EXPfC0FFxRvXZQXXLL7hlj92RcVp6o06aOVMLtz5Y8PJ8VbloTdQ69HmP
         LT8XYLEeZq1BcC2cWZck6oH8Ekq2s9GF1l60ykurlnRrBXzQe6bBee5tEGSPqWbPcz1X
         ok8kqV+CE0SKUaSGyWvRSmcAz/hqh5IhJ0UzdC0ZtScavPBjmZdvUi9V5/BrOz6fFWVE
         LmSlXwtp48wixIgfu2YZn8vxS6oe2/6/jMnIjtQNPuEw6j2/aBfmvrr7dlQjZ0pyut4o
         LrIQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@sipsolutions.net header.s=mail header.b=QDK8DRuk;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net
Return-Path: <linux-wireless-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id u2-20020a17090341c200b0017281416db6si4489581ple.408.2022.08.27.07.52.59;
        Sat, 27 Aug 2022 07:53:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@sipsolutions.net header.s=mail header.b=QDK8DRuk;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231961AbiH0OqU (ORCPT <rfc822;ooo213ooo@gmail.com> + 64 others);
        Sat, 27 Aug 2022 10:46:20 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40848 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229544AbiH0OqS (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Sat, 27 Aug 2022 10:46:18 -0400
Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D9BC72315F
        for <linux-wireless@vger.kernel.org>; Sat, 27 Aug 2022 07:46:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=sipsolutions.net; s=mail; h=MIME-Version:Content-Transfer-Encoding:
        Content-Type:References:In-Reply-To:Date:To:From:Subject:Message-ID:Sender:
        Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-To:
        Resent-Cc:Resent-Message-ID; bh=lmrmDkvaAS6Djy9p7dIBcApJPPilZINP1K5eU/pl69g=;
        t=1661611576; x=1662821176; b=QDK8DRukCKnnLkXhUTTkrLP6YogBqfsTYHRwsgykFErWIpr
        CzcIRTBpFcpNVtU6hdKX4JrhupY/+r/hv3p/e1gBBv88wi3GUNFroT0ZMJuZLTbzqx3zrscqiabqQ
        p68yHI3lQOd409fenB5m6+3QtTbMzbpTLTX+wSP59V7NVkJs16JYBZvQyRj0EMKO4fB3moQ71Yhnh
        E+Pc/sBo/Z5htynIjBBVzK4ysr+XqNlBC3KG6zZf7M8KDK80r+8MjrRiW2KqcNcxmGoS0f0xHTpqM
        e3SMOkdlRUR/XUdqdYPilueY4aVzM/HxKeVS+OdOaZt5ouYzaydh9lkmzBMPif7Q==;
Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
        (Exim 4.96)
        (envelope-from <johannes@sipsolutions.net>)
        id 1oRx4f-001Crb-0u;
        Sat, 27 Aug 2022 16:46:13 +0200
Message-ID: <199f2ac280a1e1a195add45290411a9c1dc519fc.camel@sipsolutions.net>
Subject: Re: Automatically adding OCI in mac80211
From:   Johannes Berg <johannes@sipsolutions.net>
To:     James Prestwood <prestwoj@gmail.com>,
        linux-wireless@vger.kernel.org
Date:   Sat, 27 Aug 2022 16:46:12 +0200
In-Reply-To: <432703ce83ac979ba06e2b85d6dc500f246c6a76.camel@gmail.com>
References: <432703ce83ac979ba06e2b85d6dc500f246c6a76.camel@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.44.4 (3.44.4-1.fc36) 
MIME-Version: 1.0
X-malware-bazaar: not-scanned
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS,
        T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

On Fri, 2022-08-26 at 14:12 -0700, James Prestwood wrote:
> Long ago support for multiple authenticated BSS's was removed due to
> its complexity.=C2=A0
>=20

Well, actually, you can still authenticate with multiple BSSes, we just
don't really track it.

> CMD_AUTHENTICATE now changes state/channel, and is not
> recoverable if authentication fails (i.e. disconnect).=C2=A0

It never did anything else though, IIRC? Anyway, doesn't matter much
now.

> The spec
> actually allows/intends for multiple authentications to be supported
> and FT specifically can really benefit from this.

Sure, and with FT especially you can do some things over the DS too -
but the kernel no longer cares, which is the part that was removed, if
you try to assoc without ever authenticating it doesn't matter as far as
the kernel is concerned.

> As a workaround we started playing around with using
> CMD_FRAME/offchannel for authentication, bypassing the kernels state.
> This works, and we can authenticate, fail, try another BSS etc. all
> without the kernel knowing, then proceed to association.

Should work, yeah.

> The small problem is dealing with OCV. Prior, we would call
> CMD_AUTHENTICATE (channel changes), then GET_INTERFACE in order to
> obtain the channel/operating class to build the OCI element. Now, since
> authentication is done offchannel we cannot use GET_INTERFACE. Deriving
> the OCI based on capabilities is certainly possible, after all this is
> what the kernel does, but rather than trying to mirror/maintain that
> code I thought it would be great if the kernel could append the OCI
> automatically to the association request. This would also save a round
> trip since GET_INTERFACE wouldn't be needed.

I don't understand. You already have to know the channel in order to
even *do* this (off-channel TX)? The kernel doesn't really know much
about operating classes, so that part seems a bit tricky.

Also note that this is not going to work so well with MLO due to the
link and MLD addresses, and the kernel currently inserting the ML
element, so not sure you're going to want to go this route now.

johannes