Fabrice, Yeoh, On Fri, Dec 9, 2011 at 9:45 AM, Fabrice Deyber <[email protected]> wrote: > (...) > This also prevents reinstalling the broadcast tx keys.
This would pevent rekeying, which is necessary. > We can also approach the problem in a different way. > We could look into the code that uses these keys, and make sure that any > change is taken into account. > This way, even reinstalling the keys should not have any consequence. > Comments, ideas? Probably it would be easier to have authsae check if there is a mgtk already installed, and if there is, to do nothing (if new key == old) or to delete it before installing a new one (if keys differ). This could be done inside install_key (https://github.com/cozybit/authsae/blob/master/linux/meshd-nl80211.c#L518). Cheers, Javier > On 12/9/2011 6:16 AM, Yeoh Chun-Yeow wrote: >> >> Hi, Frabrice, >> >> I try to solve this problem by avoiding the duplicate key installation by >> authsae daemon. My experimental shows that the key for: >> >> key to protect integrity of multicast mgmt frames tx >> key to encrypt multicast data traffic >> >> will not re-installed again after applying this patch. >> >> You can try out if you want. I observe that broadcasting PREQ frame is >> decoded correctly even with new node coming in and thus the existing path >> link is maintained. >> >> Hi, Javier and Thomas >> >> Please comment on this patch whether it is considered correctly done or >> not. >> >> Thanks >> >> Regards, >> Chun-Yeow >> >> From 094378e09944e9193d46fe03a18c86f57dcb9bbf Mon Sep 17 00:00:00 2001 >> From: Chun-Yeow Yeoh <[email protected] >> <mailto:[email protected]>> >> >> Date: Sat, 10 Dec 2011 04:06:03 +0800 >> Subject: [PATCH] {cfg,nl}80211 Avoid duplicate keys installation for >> Multicast frame in Secured Mesh >> >> Signed-off-by: Chun-Yeow Yeoh <[email protected] >> <mailto:[email protected]>> >> >> --- >> include/net/cfg80211.h | 4 ++++ >> net/wireless/nl80211.c | 20 ++++++++++++++++++++ >> 2 files changed, 24 insertions(+), 0 deletions(-) >> >> diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h >> index 3de1c39..dcd0879 100644 >> --- a/include/net/cfg80211.h >> +++ b/include/net/cfg80211.h >> @@ -2219,6 +2219,8 @@ struct cfg80211_cached_keys; >> * @cleanup_work: work struct used for cleanup that can't be done directly >> * @beacon_interval: beacon interval used on this device for transmitting >> * beacons, 0 when not valid >> + * @mesh_mcast_key: the number of installed multicast/broadcast's keys >> used >> + * in secured mesh setup >> */ >> struct wireless_dev { >> struct wiphy *wiphy; >> @@ -2261,6 +2263,8 @@ struct wireless_dev { >> >> int beacon_interval; >> >> + int mesh_mcast_key; >> + >> u32 ap_unexpected_nlpid; >> >> #ifdef CONFIG_CFG80211_WEXT >> diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c >> index ba43966..c717356 100644 >> --- a/net/wireless/nl80211.c >> +++ b/net/wireless/nl80211.c >> @@ -1747,6 +1747,13 @@ static int nl80211_new_interface(struct sk_buff >> *skb, struct genl_info *info) >> wdev_unlock(wdev); >> } >> >> + if (type == NL80211_IFTYPE_MESH_POINT) { >> + struct wireless_dev *wdev = dev->ieee80211_ptr; >> + wdev_lock(wdev); >> + wdev->mesh_mcast_key = 0; >> + wdev_unlock(wdev); >> + } >> + >> return 0; >> } >> >> @@ -1910,6 +1917,10 @@ static int nl80211_set_key(struct sk_buff *skb, >> struct genl_info *info) >> int err; >> struct net_device *dev = info->user_ptr[1]; >> >> + if ((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_MESH_POINT) && >> + (dev->ieee80211_ptr->mesh_mcast_key >= 3)) >> + return 0; >> + >> err = nl80211_parse_key(info, &key); >> if (err) >> return err; >> @@ -1991,6 +2003,16 @@ static int nl80211_new_key(struct sk_buff *skb, >> struct genl_info *info) >> if (info->attrs[NL80211_ATTR_MAC]) >> mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); >> >> + if (!mac_addr && (dev->ieee80211_ptr->iftype >> + == NL80211_IFTYPE_MESH_POINT)){ >> + wdev_lock(dev->ieee80211_ptr); >> + dev->ieee80211_ptr->mesh_mcast_key++; >> + wdev_unlock(dev->ieee80211_ptr); >> + >> + if (dev->ieee80211_ptr->mesh_mcast_key >= 3) >> + return 0; >> + } >> + >> if (key.type == -1) { >> if (mac_addr) >> key.type = NL80211_KEYTYPE_PAIRWISE; >> -- >> 1.7.0.4 >> >> > -- Javier Cardona cozybit Inc. http://www.cozybit.com _______________________________________________ Devel mailing list [email protected] http://open80211s.com/mailman/listinfo/devel
