Re: wifi join and wpaprotos

Sun, 25 Nov 2018 03:33:19 -0800 

On Sun, Nov 25, 2018 at 11:27:03AM +0100, Peter Hessler wrote:
> On 2018 Nov 25 (Sun) at 10:48:37 +0100 (+0100), Stefan Sperling wrote:
> :On Wed, Nov 21, 2018 at 08:50:00AM +0100, Peter Hessler wrote:
> :> Index: sys/net80211/ieee80211_node.c
> :> ===================================================================
> :> RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_node.c,v
> :> retrieving revision 1.157
> :> diff -u -p -u -p -r1.157 ieee80211_node.c
> :> --- sys/net80211/ieee80211_node.c  20 Nov 2018 20:26:01 -0000      1.157
> :> +++ sys/net80211/ieee80211_node.c  21 Nov 2018 07:36:51 -0000
> :> @@ -515,12 +515,8 @@ ieee80211_match_ess(struct ieee80211_ess
> :>            return 0;
> :>  
> :>    if (ess->flags & (IEEE80211_F_PSK | IEEE80211_F_RSNON)) {
> :> -          /* Ensure same WPA version. */
> :> -          if ((ni->ni_rsnprotos & IEEE80211_PROTO_RSN) &&
> :> -              (ess->rsnprotos & IEEE80211_PROTO_RSN) == 0)
> :> -                  return 0;
> :> -          if ((ni->ni_rsnprotos & IEEE80211_PROTO_WPA) &&
> :> -              (ess->rsnprotos & IEEE80211_PROTO_WPA) == 0)
> :> +          /* Ensure a compatible WPA version. */
> :
> :In what way does "compatible version" differ from "same version"?
> :
> 
> WPA1|WPA2 != WPA2.  But if we are choosing one of them, then it is
> compatible.

What happens if we have WPA2-only AP A on our joinlist, and WPA1-only AP B
with the same ESSID pops up? Could we now be choosing this ESSID in favour
of another ESSID which offers WPA2, provided the user has manually enabled
WPA1 support?

We don't want 'join' to choose a WPA1 network if it could choose a WPA2
network instead.

> :So is this kernel change really needed? Isn't the actual fix
> :in your ifconfig changes, which makes ifconfig gather join
> :parameters without also running intermediate ioctls?
> :
> 
> Yes, it is really needed.  ni->ni_rsnprotos vs ni->ni_supported_rsnprotos
> is the important part.

Ah, indeed. I missed that part.

> On a WPA1|WPA2 AP I was testing against ni_rsnprotos is set to only wpa2,
> but ni_supported_rsnprotos is set to WPA1|WPA2.

But such networks didn't have a problem in the first place, did they?

I think the question we should be asking is:
Why does choosing a WPA1-only network not work without this change?
I don't yet understand why.

I doesn't seem right to match networks on advertised capabilities, instead of
matching on negotiated (and our preferred) capabilities, as we do now.

Reply via email to