On Tue, Mar 21, 2017 at 02:10:48PM +0900, Stefan Sperling wrote:
> I see no reason to leave WEP enabled if a WPA key is set, and leaving
> WPA enabled when a WEP key is set.
>
> Several cases of "my wifi suddenly stopped working" turned out to be due
> to stale WEP keys interfering with WPA. I think it is better to let the
> kernel handle this transition instead of requiring 'ifconfig -nwkey'.
I fully agree. I've been annoyed by this countless times :-)
> Index: ieee80211_ioctl.c
> ===================================================================
> RCS file: /cvs/src/sys/net80211/ieee80211_ioctl.c,v
> retrieving revision 1.50
> diff -u -p -r1.50 ieee80211_ioctl.c
> --- ieee80211_ioctl.c 12 Mar 2017 03:13:50 -0000 1.50
> +++ ieee80211_ioctl.c 21 Mar 2017 05:03:46 -0000
> @@ -55,6 +55,8 @@ void ieee80211_node2req(struct ieee8021
> const struct ieee80211_node *, struct ieee80211_nodereq *);
> void ieee80211_req2node(struct ieee80211com *,
> const struct ieee80211_nodereq *, struct ieee80211_node *);
> +void ieee80211_disable_wep(struct ieee80211com *);
> +void ieee80211_disable_rsn(struct ieee80211com *);
>
> void
> ieee80211_node2req(struct ieee80211com *ic, const struct ieee80211_node *ni,
> @@ -166,6 +168,32 @@ ieee80211_req2node(struct ieee80211com *
> ni->ni_state = nr->nr_state;
> }
>
> +void
> +ieee80211_disable_wep(struct ieee80211com *ic)
> +{
> + struct ieee80211_key *k;
> + int i;
> +
> + for (i = 0; i < IEEE80211_WEP_NKID; i++) {
> + k = &ic->ic_nw_keys[i];
> + if (k->k_cipher != IEEE80211_CIPHER_NONE)
> + (*ic->ic_delete_key)(ic, NULL, k);
> + memset(k, 0, sizeof(*k));
> + }
> + ic->ic_flags &= ~IEEE80211_F_WEPON;
> +}
> +
> +void
> +ieee80211_disable_rsn(struct ieee80211com *ic)
> +{
> + ic->ic_flags &= ~(IEEE80211_F_PSK | IEEE80211_F_RSNON);
> + memset(ic->ic_psk, 0, sizeof(ic->ic_psk));
> + ic->ic_rsnprotos = 0;
> + ic->ic_rsnakms = 0;
> + ic->ic_rsngroupcipher = 0;
> + ic->ic_rsnciphers = 0;
> +}
> +
> static int
> ieee80211_ioctl_setnwkeys(struct ieee80211com *ic,
> const struct ieee80211_nwkey *nwkey)
> @@ -212,6 +240,8 @@ ieee80211_ioctl_setnwkeys(struct ieee802
>
> ic->ic_def_txkey = nwkey->i_defkid - 1;
> ic->ic_flags |= IEEE80211_F_WEPON;
> + if (ic->ic_flags & IEEE80211_F_RSNON)
> + ieee80211_disable_rsn(ic);
>
> return ENETRESET;
> }
> @@ -464,6 +494,8 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
> if (psk->i_enabled) {
> ic->ic_flags |= IEEE80211_F_PSK;
> memcpy(ic->ic_psk, psk->i_psk, sizeof(ic->ic_psk));
> + if (ic->ic_flags & IEEE80211_F_WEPON)
> + ieee80211_disable_wep(ic);
> } else {
> ic->ic_flags &= ~IEEE80211_F_PSK;
> memset(ic->ic_psk, 0, sizeof(ic->ic_psk));
> @@ -496,6 +528,8 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
> break;
> kr = (struct ieee80211_keyrun *)data;
> error = ieee80211_keyrun(ic, kr->i_macaddr);
> + if (error == 0 && (ic->ic_flags & IEEE80211_F_WEPON))
> + ieee80211_disable_wep(ic);
> break;
> case SIOCS80211POWER:
> if ((error = suser(curproc, 0)) != 0)
>
--
Antoine
