nl80211: Fix control port protocol no-encrypt setting
Previously, driver_nl80211 sets NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT in AP mode, to get EAPOL frames out unencrypted when using IEEE 802.1X/WEP. However, due to the way nl80211/cfg80211 is implemented, this attribute is ignored by the kernel if NL80211_ATTR_CONTROL_PORT_ETHERTYPE isn't specified as well. Fix this by including NL80211_ATTR_CONTROL_PORT_ETHERTYPE set to ETH_P_PAE. This can be done unconditionally, since the kernel will allow ETH_P_PAE to be set even when the driver didn't advertise support for arbitrary ethertypes. Additionally, the params->pairwise_ciphers appear to not be set at this point, so relax the check and allow them to be zero. In client mode, this whole thing was missing, so add it. Again, the pairwise suite can be WPA_CIPHER_NONE, so allow that case as well. This fixed IEEE 802.1X/WEP EAP reauthentication and rekeying to use unencrypted EAPOL frames which is the de facto way of implementing this in wireless networks. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
Johannes Berg
Jouni Malinen
parent
e5d3e13a5c
commit
e3429c0b15
1 changed files with 12 additions and 2 deletions
|
|
@ -3587,8 +3587,10 @@ static int wpa_driver_nl80211_set_ap(void *priv,
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
|
if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
|
||||||
params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40) &&
|
(!params->pairwise_ciphers ||
|
||||||
nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))
|
params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)) &&
|
||||||
|
(nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, ETH_P_PAE) ||
|
||||||
|
nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x",
|
wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x",
|
||||||
|
|
@ -4904,6 +4906,14 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
|
||||||
if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT))
|
if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
|
||||||
|
(params->pairwise_suite == WPA_CIPHER_NONE ||
|
||||||
|
params->pairwise_suite == WPA_CIPHER_WEP104 ||
|
||||||
|
params->pairwise_suite == WPA_CIPHER_WEP40) &&
|
||||||
|
(nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, ETH_P_PAE) ||
|
||||||
|
nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
|
||||||
|
return -1;
|
||||||
|
|
||||||
if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
|
if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
|
||||||
nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
|
nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue