On Wed, Nov 21, 2018 at 08:50:00AM +0100, Peter Hessler wrote:
> Index: sys/net80211/ieee80211_node.c
> ===================================================================
> RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_node.c,v
> retrieving revision 1.157
> diff -u -p -u -p -r1.157 ieee80211_node.c
> --- sys/net80211/ieee80211_node.c 20 Nov 2018 20:26:01 -0000 1.157
> +++ sys/net80211/ieee80211_node.c 21 Nov 2018 07:36:51 -0000
> @@ -515,12 +515,8 @@ ieee80211_match_ess(struct ieee80211_ess
> return 0;
>
> if (ess->flags & (IEEE80211_F_PSK | IEEE80211_F_RSNON)) {
> - /* Ensure same WPA version. */
> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_RSN) &&
> - (ess->rsnprotos & IEEE80211_PROTO_RSN) == 0)
> - return 0;
> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_WPA) &&
> - (ess->rsnprotos & IEEE80211_PROTO_WPA) == 0)
> + /* Ensure a compatible WPA version. */
In what way does "compatible version" differ from "same version"?
> + if ((ni->ni_supported_rsnprotos & ess->rsnprotos) == 0)
Logically, this looks like a no-op change to me.
Any AP will offer both WPA1|WPA2 or WPA1 only or WPA2 only.
So we have the following cases:
WPA1 & WPA1 -> 1
WPA2 & WPA2 -> 1
WPA1 & WPA2 -> 0
(WPA1|WPA2) & WPA1 -> 0
(WPA1|WPA1) & WPA2 -> 0
(WPA1|WPA2) & (WPA1|WPA2) -> 1
The previous logic specifically checked for:
WPA2 & WPA2 -> 1
WPA1 & WPA1 -> 1
and it rejected any other combination.
Which gives the same result, doesn't it?
So is this kernel change really needed? Isn't the actual fix
in your ifconfig changes, which makes ifconfig gather join
parameters without also running intermediate ioctls?
> return 0;
> } else if (ess->flags & IEEE80211_F_WEPON) {
> if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
> Index: sbin/ifconfig/ifconfig.c
OK stsp@ for the ifconfig parts.
> ===================================================================
> RCS file: /cvs/openbsd/src/sbin/ifconfig/ifconfig.c,v
> retrieving revision 1.384
> diff -u -p -u -p -r1.384 ifconfig.c
> --- sbin/ifconfig/ifconfig.c 20 Nov 2018 20:49:26 -0000 1.384
> +++ sbin/ifconfig/ifconfig.c 21 Nov 2018 07:36:00 -0000
> @@ -1909,7 +1909,7 @@ setifwpa(const char *val, int d)
> wpa.i_enabled = d;
>
> if (actions & A_JOIN) {
> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
> + join.i_wpaparams.i_enabled = d;
> join.i_flags |= IEEE80211_JOIN_WPA;
> return;
> }
> @@ -1940,6 +1940,12 @@ setifwpaprotos(const char *val, int d)
> }
> free(optlist);
>
> + if (actions & A_JOIN) {
> + join.i_wpaparams.i_protos = rval;
> + join.i_flags |= IEEE80211_JOIN_WPA;
> + return;
> + }
> +
> memset(&wpa, 0, sizeof(wpa));
> (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
> if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
> @@ -1949,12 +1955,6 @@ setifwpaprotos(const char *val, int d)
> wpa.i_ciphers = 0;
> wpa.i_groupcipher = 0;
>
> - if (actions & A_JOIN) {
> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
> - join.i_flags |= IEEE80211_JOIN_WPA;
> - return;
> - }
> -
> if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
> err(1, "SIOCS80211WPAPARMS");
> }
> @@ -1981,6 +1981,14 @@ setifwpaakms(const char *val, int d)
> }
> free(optlist);
>
> + if (actions & A_JOIN) {
> + join.i_wpaparams.i_akms = rval;
> + join.i_wpaparams.i_enabled =
> + ((rval & IEEE80211_WPA_AKM_8021X) != 0);
> + join.i_flags |= IEEE80211_JOIN_WPA;
> + return;
> + }
> +
> memset(&wpa, 0, sizeof(wpa));
> (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
> if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
> @@ -1989,12 +1997,6 @@ setifwpaakms(const char *val, int d)
> /* Enable WPA for 802.1x here. PSK case is handled in setifwpakey(). */
> wpa.i_enabled = ((rval & IEEE80211_WPA_AKM_8021X) != 0);
>
> - if (actions & A_JOIN) {
> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
> - join.i_flags |= IEEE80211_JOIN_WPA;
> - return;
> - }
> -
> if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
> err(1, "SIOCS80211WPAPARMS");
> }
> @@ -2042,18 +2044,18 @@ setifwpaciphers(const char *val, int d)
> }
> free(optlist);
>
> + if (actions & A_JOIN) {
> + join.i_wpaparams.i_ciphers = rval;
> + join.i_flags |= IEEE80211_JOIN_WPA;
> + return;
> + }
> +
> memset(&wpa, 0, sizeof(wpa));
> (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
> if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
> err(1, "SIOCG80211WPAPARMS");
> wpa.i_ciphers = rval;
>
> - if (actions & A_JOIN) {
> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
> - join.i_flags |= IEEE80211_JOIN_WPA;
> - return;
> - }
> -
> if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
> err(1, "SIOCS80211WPAPARMS");
> }
> @@ -2076,7 +2078,7 @@ setifwpagroupcipher(const char *val, int
> wpa.i_groupcipher = cipher;
>
> if (actions & A_JOIN) {
> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
> + join.i_wpaparams.i_groupcipher = cipher;
> join.i_flags |= IEEE80211_JOIN_WPA;
> return;
> }
>
>
> --
> To iterate is human, to recurse, divine.
> -- Robert Heller
