On 2018 Nov 25 (Sun) at 10:48:37 +0100 (+0100), Stefan Sperling wrote: :On Wed, Nov 21, 2018 at 08:50:00AM +0100, Peter Hessler wrote: :> Index: sys/net80211/ieee80211_node.c :> =================================================================== :> RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_node.c,v :> retrieving revision 1.157 :> diff -u -p -u -p -r1.157 ieee80211_node.c :> --- sys/net80211/ieee80211_node.c 20 Nov 2018 20:26:01 -0000 1.157 :> +++ sys/net80211/ieee80211_node.c 21 Nov 2018 07:36:51 -0000 :> @@ -515,12 +515,8 @@ ieee80211_match_ess(struct ieee80211_ess :> return 0; :> :> if (ess->flags & (IEEE80211_F_PSK | IEEE80211_F_RSNON)) { :> - /* Ensure same WPA version. */ :> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_RSN) && :> - (ess->rsnprotos & IEEE80211_PROTO_RSN) == 0) :> - return 0; :> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_WPA) && :> - (ess->rsnprotos & IEEE80211_PROTO_WPA) == 0) :> + /* Ensure a compatible WPA version. */ : :In what way does "compatible version" differ from "same version"? :
WPA1|WPA2 != WPA2. But if we are choosing one of them, then it is compatible. :> + if ((ni->ni_supported_rsnprotos & ess->rsnprotos) == 0) : :Logically, this looks like a no-op change to me. :Any AP will offer both WPA1|WPA2 or WPA1 only or WPA2 only. : WPA3 is a thing and even though we don't yet support it, this makes that support easier. I also find this check easier to follow. :So we have the following cases: : :WPA1 & WPA1 -> 1 :WPA2 & WPA2 -> 1 :WPA1 & WPA2 -> 0 :(WPA1|WPA2) & WPA1 -> 0 :(WPA1|WPA1) & WPA2 -> 0 :(WPA1|WPA2) & (WPA1|WPA2) -> 1 : :The previous logic specifically checked for: : :WPA2 & WPA2 -> 1 :WPA1 & WPA1 -> 1 : :and it rejected any other combination. :Which gives the same result, doesn't it? : :So is this kernel change really needed? Isn't the actual fix :in your ifconfig changes, which makes ifconfig gather join :parameters without also running intermediate ioctls? : Yes, it is really needed. ni->ni_rsnprotos vs ni->ni_supported_rsnprotos is the important part. On a WPA1|WPA2 AP I was testing against ni_rsnprotos is set to only wpa2, but ni_supported_rsnprotos is set to WPA1|WPA2. :> return 0; :> } else if (ess->flags & IEEE80211_F_WEPON) { :> if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) :> Index: sbin/ifconfig/ifconfig.c : :OK stsp@ for the ifconfig parts. : :> =================================================================== :> RCS file: /cvs/openbsd/src/sbin/ifconfig/ifconfig.c,v :> retrieving revision 1.384 :> diff -u -p -u -p -r1.384 ifconfig.c :> --- sbin/ifconfig/ifconfig.c 20 Nov 2018 20:49:26 -0000 1.384 :> +++ sbin/ifconfig/ifconfig.c 21 Nov 2018 07:36:00 -0000 :> @@ -1909,7 +1909,7 @@ setifwpa(const char *val, int d) :> wpa.i_enabled = d; :> :> if (actions & A_JOIN) { :> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams)); :> + join.i_wpaparams.i_enabled = d; :> join.i_flags |= IEEE80211_JOIN_WPA; :> return; :> } :> @@ -1940,6 +1940,12 @@ setifwpaprotos(const char *val, int d) :> } :> free(optlist); :> :> + if (actions & A_JOIN) { :> + join.i_wpaparams.i_protos = rval; :> + join.i_flags |= IEEE80211_JOIN_WPA; :> + return; :> + } :> + :> memset(&wpa, 0, sizeof(wpa)); :> (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name)); :> if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0) :> @@ -1949,12 +1955,6 @@ setifwpaprotos(const char *val, int d) :> wpa.i_ciphers = 0; :> wpa.i_groupcipher = 0; :> :> - if (actions & A_JOIN) { :> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams)); :> - join.i_flags |= IEEE80211_JOIN_WPA; :> - return; :> - } :> - :> if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0) :> err(1, "SIOCS80211WPAPARMS"); :> } :> @@ -1981,6 +1981,14 @@ setifwpaakms(const char *val, int d) :> } :> free(optlist); :> :> + if (actions & A_JOIN) { :> + join.i_wpaparams.i_akms = rval; :> + join.i_wpaparams.i_enabled = :> + ((rval & IEEE80211_WPA_AKM_8021X) != 0); :> + join.i_flags |= IEEE80211_JOIN_WPA; :> + return; :> + } :> + :> memset(&wpa, 0, sizeof(wpa)); :> (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name)); :> if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0) :> @@ -1989,12 +1997,6 @@ setifwpaakms(const char *val, int d) :> /* Enable WPA for 802.1x here. PSK case is handled in setifwpakey(). */ :> wpa.i_enabled = ((rval & IEEE80211_WPA_AKM_8021X) != 0); :> :> - if (actions & A_JOIN) { :> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams)); :> - join.i_flags |= IEEE80211_JOIN_WPA; :> - return; :> - } :> - :> if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0) :> err(1, "SIOCS80211WPAPARMS"); :> } :> @@ -2042,18 +2044,18 @@ setifwpaciphers(const char *val, int d) :> } :> free(optlist); :> :> + if (actions & A_JOIN) { :> + join.i_wpaparams.i_ciphers = rval; :> + join.i_flags |= IEEE80211_JOIN_WPA; :> + return; :> + } :> + :> memset(&wpa, 0, sizeof(wpa)); :> (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name)); :> if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0) :> err(1, "SIOCG80211WPAPARMS"); :> wpa.i_ciphers = rval; :> :> - if (actions & A_JOIN) { :> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams)); :> - join.i_flags |= IEEE80211_JOIN_WPA; :> - return; :> - } :> - :> if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0) :> err(1, "SIOCS80211WPAPARMS"); :> } :> @@ -2076,7 +2078,7 @@ setifwpagroupcipher(const char *val, int :> wpa.i_groupcipher = cipher; :> :> if (actions & A_JOIN) { :> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams)); :> + join.i_wpaparams.i_groupcipher = cipher; :> join.i_flags |= IEEE80211_JOIN_WPA; :> return; :> } :> :> :> -- :> To iterate is human, to recurse, divine. :> -- Robert Heller -- Electrical Engineers do it with less resistance.