[Madwifi-devel] Re: [Madwifi-cvs] revision 1527 committed by kelmo
Status: Beta
Brought to you by:
otaku
From: Brian E. <eat...@gm...> - 2006-04-24 18:27:20
|
On 4/24/06, Jouni Malinen <jkm...@cc...> wrote: > On Mon, Apr 24, 2006 at 01:57:45PM -0400, Brian Eaton wrote: > > > Jouni, while we've got you looking at the madwifi code, could you > > offer your opinion on the handling of unencrypted EAPOL frames? > > > > /* > > * The wext API says that user space gets to decide whether EAPOL frame= s are > > * supposed to be encrypted or in cleartext. > > Hmm.. It is saying whether unencrypted EAPOL frames should be allowed to > be received. It does not say whether EAPOL frames are to be encrypted or > not. Right. The comment there is unclear; the implementation I prototyped was only for receiving eapol frames, not for sending them. > > * or if wpa_supplicant is doing the wrong thing. But if I let wpa_sup= plicant > > * tell madwifi to drop unencrypted eapol frames, it breaks the authent= ication. > > Unencrypted EAPOL frames should be dropped only if pairwise keys are > configured. Ah ha, this may have been the problem with my prototype implementation. I'll have a look at what my AP is doing. Perhaps it is not sending all EAPOL frames in the clear, maybe only EAPOL frames sent prior to pairwise keys being established. Thanks very much for looking at this, I'll let you know what further investigation turns up. Regards, Brian |