On 2018 Nov 25 (Sun) at 12:32:39 +0100 (+0100), Stefan Sperling wrote:
:On Sun, Nov 25, 2018 at 11:27:03AM +0100, Peter Hessler wrote:
:> On 2018 Nov 25 (Sun) at 10:48:37 +0100 (+0100), Stefan Sperling wrote:
:> :On Wed, Nov 21, 2018 at 08:50:00AM +0100, Peter Hessler wrote:
:> :> Index: sys/net80211/ieee80211_node.c
:> :> ===================================================================
:> :> RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_node.c,v
:> :> retrieving revision 1.157
:> :> diff -u -p -u -p -r1.157 ieee80211_node.c
:> :> --- sys/net80211/ieee80211_node.c 20 Nov 2018 20:26:01 -0000 1.157
:> :> +++ sys/net80211/ieee80211_node.c 21 Nov 2018 07:36:51 -0000
:> :> @@ -515,12 +515,8 @@ ieee80211_match_ess(struct ieee80211_ess
:> :> return 0;
:> :>
:> :> if (ess->flags & (IEEE80211_F_PSK | IEEE80211_F_RSNON)) {
:> :> - /* Ensure same WPA version. */
:> :> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_RSN) &&
:> :> - (ess->rsnprotos & IEEE80211_PROTO_RSN) == 0)
:> :> - return 0;
:> :> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_WPA) &&
:> :> - (ess->rsnprotos & IEEE80211_PROTO_WPA) == 0)
:> :> + /* Ensure a compatible WPA version. */
:> :
:> :In what way does "compatible version" differ from "same version"?
:> :
:>
:> WPA1|WPA2 != WPA2. But if we are choosing one of them, then it is
:> compatible.
:
:What happens if we have WPA2-only AP A on our joinlist, and WPA1-only AP B
:with the same ESSID pops up? Could we now be choosing this ESSID in favour
:of another ESSID which offers WPA2, provided the user has manually enabled
:WPA1 support?
:
:We don't want 'join' to choose a WPA1 network if it could choose a WPA2
:network instead.
:
Correct, we don't want that.
In ieee80211_ess_calculate_score(), we do consider WPA2 vs WPA1, and
give many more points for WPA2 compatible APs. Assuming both were
visible, and both were compatible with our desired configuration, we
would choose the WPA2 compatible AP.
:> :So is this kernel change really needed? Isn't the actual fix
:> :in your ifconfig changes, which makes ifconfig gather join
:> :parameters without also running intermediate ioctls?
:> :
:>
:> Yes, it is really needed. ni->ni_rsnprotos vs ni->ni_supported_rsnprotos
:> is the important part.
:
:Ah, indeed. I missed that part.
:
:> On a WPA1|WPA2 AP I was testing against ni_rsnprotos is set to only wpa2,
:> but ni_supported_rsnprotos is set to WPA1|WPA2.
:
:But such networks didn't have a problem in the first place, did they?
:
No, a WPA1-only network shouldn't have this problem, because
ni_rsnprotos won't override to WPA2 if it isn't available.
:I think the question we should be asking is:
:Why does choosing a WPA1-only network not work without this change?
:I don't yet understand why.
:
:I doesn't seem right to match networks on advertised capabilities, instead of
:matching on negotiated (and our preferred) capabilities, as we do now.
ni_rsnprotos is hard-coded to just WPA2 or WPA1 based on what is
configured in the ic. We have not yet adjusted the ic, so that can't be
used to compare.
In my test case, I have disabled wpa2 and only accept wpa1 as the
configuration for the essid. with ni_rsnprotos being set to wpa2 only,
it can't match.
--
I don't mind going nowhere as long as it's an interesting path.
-- Ronald Mabbitt
