Hi Jame, Sorry for confusion, I made a mistake, the right situation is:
When the WPA negotiation succeed, there are two keys for driver, which are used to encrypt/decrypt tx/rx packets: key1: tx unicast/broadcast/multicast packets, rx unicast packets key2: rx broadcast/multicast packets The key2 is distributed by 256-bit rc4 algorithm, without SUNWcry package, driver can't have correct key2. Let's see the packets exchanged between client and peer/server of ARP and DHCP. --------- 1. ARP Client -> ARP request -> broadcast -> key1 (encrypt) Peer -> ARP response -> unicast -> key1 (decrypt) Since only key1 is used, and driver has correct key1, the ARP can works well without SUNWcry package. 2. DHCP Client -> DHCPDISCOVER -> broadcast -> key1 (encrypt) DHCP server -> DHCPOFFER -> broadcast or unicast, depends on Server's configuration -> key2 or key1 (decrypt) Client -> DHCPREQUEST -> broadcast -> key1 (encrypt) DHCP server -> DHCPACK -> broadcast or unicast, depends on Server's configuration -> key2 or key1 (decrypt) We can see, if the DHCP server is configured to use unicast packets of DHCPOFFER and DHCPACK, the DHCP can works, since key2 is not used. If the DHCP server is configured to use broadcast of DHCPOFFER and DHCPACK, the key2 will be used to decrypt rx broadcast packets, the SUNWcry package will be a must. As I know, most WiFi-AP plus routers are of the type using unicast packets of DHCPOFFER/DHCPACK, some pure WiFi-APs are using broadcast. I have verified this on TP-LINK(ADSL router), and DWL-2100AP(pure WiFi AP). Thanks, -- Quaker James Carlson wrote: >Quaker Fang writes: > > >>>How's that? >>> >>> >>> >>On WPA mode, the packets are encrypted, the unicast packets and >>broadcast/multicast packets are sent by driver >>using different key, the broadcast/multicast key is retrieved by 256-bit >>rc4, and the 256-bit rc4 is in SUNWcry. >> >>DHCP will use broadcast to get IP address, without the key, it will fail. >> >> > >ARP uses broadcast as well. If it can't broadcast, it will fail, and >you won't be able to talk to anyone using IPv4. > >IPv6 NDP and RD both use multicast. IPv6 will fail without that >support, and it has nothing to do with DHCP. > >I don't think DHCP is a special factor here. > > > _______________________________________________ networking-discuss mailing list [email protected]
