On 2018 Nov 25 (Sun) at 10:48:37 +0100 (+0100), Stefan Sperling wrote:
:On Wed, Nov 21, 2018 at 08:50:00AM +0100, Peter Hessler wrote:
:> Index: sys/net80211/ieee80211_node.c
:> ===================================================================
:> RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_node.c,v
:> retrieving revision 1.157
:> diff -u -p -u -p -r1.157 ieee80211_node.c
:> --- sys/net80211/ieee80211_node.c 20 Nov 2018 20:26:01 -0000 1.157
:> +++ sys/net80211/ieee80211_node.c 21 Nov 2018 07:36:51 -0000
:> @@ -515,12 +515,8 @@ ieee80211_match_ess(struct ieee80211_ess
:> return 0;
:>
:> if (ess->flags & (IEEE80211_F_PSK | IEEE80211_F_RSNON)) {
:> - /* Ensure same WPA version. */
:> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_RSN) &&
:> - (ess->rsnprotos & IEEE80211_PROTO_RSN) == 0)
:> - return 0;
:> - if ((ni->ni_rsnprotos & IEEE80211_PROTO_WPA) &&
:> - (ess->rsnprotos & IEEE80211_PROTO_WPA) == 0)
:> + /* Ensure a compatible WPA version. */
:
:In what way does "compatible version" differ from "same version"?
:
WPA1|WPA2 != WPA2. But if we are choosing one of them, then it is
compatible.
:> + if ((ni->ni_supported_rsnprotos & ess->rsnprotos) == 0)
:
:Logically, this looks like a no-op change to me.
:Any AP will offer both WPA1|WPA2 or WPA1 only or WPA2 only.
:
WPA3 is a thing and even though we don't yet support it, this makes
that support easier. I also find this check easier to follow.
:So we have the following cases:
:
:WPA1 & WPA1 -> 1
:WPA2 & WPA2 -> 1
:WPA1 & WPA2 -> 0
:(WPA1|WPA2) & WPA1 -> 0
:(WPA1|WPA1) & WPA2 -> 0
:(WPA1|WPA2) & (WPA1|WPA2) -> 1
:
:The previous logic specifically checked for:
:
:WPA2 & WPA2 -> 1
:WPA1 & WPA1 -> 1
:
:and it rejected any other combination.
:Which gives the same result, doesn't it?
:
:So is this kernel change really needed? Isn't the actual fix
:in your ifconfig changes, which makes ifconfig gather join
:parameters without also running intermediate ioctls?
:
Yes, it is really needed. ni->ni_rsnprotos vs ni->ni_supported_rsnprotos
is the important part.
On a WPA1|WPA2 AP I was testing against ni_rsnprotos is set to only wpa2,
but ni_supported_rsnprotos is set to WPA1|WPA2.
:> return 0;
:> } else if (ess->flags & IEEE80211_F_WEPON) {
:> if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
:> Index: sbin/ifconfig/ifconfig.c
:
:OK stsp@ for the ifconfig parts.
:
:> ===================================================================
:> RCS file: /cvs/openbsd/src/sbin/ifconfig/ifconfig.c,v
:> retrieving revision 1.384
:> diff -u -p -u -p -r1.384 ifconfig.c
:> --- sbin/ifconfig/ifconfig.c 20 Nov 2018 20:49:26 -0000 1.384
:> +++ sbin/ifconfig/ifconfig.c 21 Nov 2018 07:36:00 -0000
:> @@ -1909,7 +1909,7 @@ setifwpa(const char *val, int d)
:> wpa.i_enabled = d;
:>
:> if (actions & A_JOIN) {
:> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
:> + join.i_wpaparams.i_enabled = d;
:> join.i_flags |= IEEE80211_JOIN_WPA;
:> return;
:> }
:> @@ -1940,6 +1940,12 @@ setifwpaprotos(const char *val, int d)
:> }
:> free(optlist);
:>
:> + if (actions & A_JOIN) {
:> + join.i_wpaparams.i_protos = rval;
:> + join.i_flags |= IEEE80211_JOIN_WPA;
:> + return;
:> + }
:> +
:> memset(&wpa, 0, sizeof(wpa));
:> (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
:> if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
:> @@ -1949,12 +1955,6 @@ setifwpaprotos(const char *val, int d)
:> wpa.i_ciphers = 0;
:> wpa.i_groupcipher = 0;
:>
:> - if (actions & A_JOIN) {
:> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
:> - join.i_flags |= IEEE80211_JOIN_WPA;
:> - return;
:> - }
:> -
:> if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
:> err(1, "SIOCS80211WPAPARMS");
:> }
:> @@ -1981,6 +1981,14 @@ setifwpaakms(const char *val, int d)
:> }
:> free(optlist);
:>
:> + if (actions & A_JOIN) {
:> + join.i_wpaparams.i_akms = rval;
:> + join.i_wpaparams.i_enabled =
:> + ((rval & IEEE80211_WPA_AKM_8021X) != 0);
:> + join.i_flags |= IEEE80211_JOIN_WPA;
:> + return;
:> + }
:> +
:> memset(&wpa, 0, sizeof(wpa));
:> (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
:> if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
:> @@ -1989,12 +1997,6 @@ setifwpaakms(const char *val, int d)
:> /* Enable WPA for 802.1x here. PSK case is handled in setifwpakey(). */
:> wpa.i_enabled = ((rval & IEEE80211_WPA_AKM_8021X) != 0);
:>
:> - if (actions & A_JOIN) {
:> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
:> - join.i_flags |= IEEE80211_JOIN_WPA;
:> - return;
:> - }
:> -
:> if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
:> err(1, "SIOCS80211WPAPARMS");
:> }
:> @@ -2042,18 +2044,18 @@ setifwpaciphers(const char *val, int d)
:> }
:> free(optlist);
:>
:> + if (actions & A_JOIN) {
:> + join.i_wpaparams.i_ciphers = rval;
:> + join.i_flags |= IEEE80211_JOIN_WPA;
:> + return;
:> + }
:> +
:> memset(&wpa, 0, sizeof(wpa));
:> (void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
:> if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
:> err(1, "SIOCG80211WPAPARMS");
:> wpa.i_ciphers = rval;
:>
:> - if (actions & A_JOIN) {
:> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
:> - join.i_flags |= IEEE80211_JOIN_WPA;
:> - return;
:> - }
:> -
:> if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
:> err(1, "SIOCS80211WPAPARMS");
:> }
:> @@ -2076,7 +2078,7 @@ setifwpagroupcipher(const char *val, int
:> wpa.i_groupcipher = cipher;
:>
:> if (actions & A_JOIN) {
:> - memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
:> + join.i_wpaparams.i_groupcipher = cipher;
:> join.i_flags |= IEEE80211_JOIN_WPA;
:> return;
:> }
:>
:>
:> --
:> To iterate is human, to recurse, divine.
:> -- Robert Heller
--
Electrical Engineers do it with less resistance.
