On Mon, Jul 05, 2021 at 06:36:00PM -0700, Greg Steuck wrote:
> Stefan Sperling <[email protected]> writes:
>
> > On Tue, Jul 06, 2021 at 12:31:20AM +0200, Stefan Sperling wrote:
> >> On Mon, Jul 05, 2021 at 02:11:36PM -0700, Greg Steuck wrote:
> >> > Do I need to figure out the state machines behind iwx and iee80211 now?
> >> > :)
> >>
> >> This AP seems to use TKIP for the groupcipher and the iwx
> >> setkey task doesn't handle this case properly.
> >>
> >> Can you try this?
> >
> > This smaller patch might suffice:
>
> I was wrong, this also works great!
>
> OK gnezdo@
Taking a fresh look at this in the morning, I think we should be checking
for errors from ieee80211_set_key() before flagging the group key as valid.
The only reason this could fail in your case is ENOMEM so it shouldn't
make a difference regarding your test case.
still ok?
There is still room for improvement but that's left for later. I suppose we
should move the driver back into SCAN state if it fails to set link state UP,
rather than having it hang. Otherwise an AP could trigger a hang accidentally
or deliberately by not sending a group key.
diff 7faf78381a333a9545f245f931e6a51077ba6762 /usr/src
blob - bdf8ce3e1afa332f698e3dc56af77e6acb4f8689
file + sys/dev/pci/if_iwx.c
--- sys/dev/pci/if_iwx.c
+++ sys/dev/pci/if_iwx.c
@@ -6677,11 +6677,16 @@ iwx_set_key(struct ieee80211com *ic, struct ieee80211_
struct ieee80211_key *k)
{
struct iwx_softc *sc = ic->ic_softc;
+ struct iwx_node *in = (void *)ni;
struct iwx_setkey_task_arg *a;
+ int err;
if (k->k_cipher != IEEE80211_CIPHER_CCMP) {
/* Fallback to software crypto for other ciphers. */
- return (ieee80211_set_key(ic, ni, k));
+ err = ieee80211_set_key(ic, ni, k);
+ if (!err && (k->k_flags & IEEE80211_KEY_GROUP))
+ in->in_flags |= IWX_NODE_FLAG_HAVE_GROUP_KEY;
+ return err;
}
if (sc->setkey_nkeys >= nitems(sc->setkey_arg))
