git.ipfire.org Git - thirdparty/hostap.git/commit

author	Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
	Mon, 6 Aug 2018 19:46:34 +0000 (15:46 -0400)
committer	Jouni Malinen <j@w1.fi>
	Mon, 17 Dec 2018 13:42:23 +0000 (15:42 +0200)
commit	f9da7505bfbcc1f4a1302c97750befd3c1b8ba84
tree	bd7be8df5f2a198026d926732b3afa8461f1ebd2	tree \| snapshot
parent	e63d8837ddf282e3b08b7ffd450f17523e2c8b6b	commit \| diff

OCV: Include and verify OCI in SA Query frames

Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.

On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.

Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.

As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>

src/ap/drv_callbacks.c		diff \| blob \| blame \| history
src/ap/ieee802_11.c		diff \| blob \| blame \| history
src/ap/ieee802_11.h		diff \| blob \| blame \| history
src/ap/ieee802_11_shared.c		diff \| blob \| blame \| history
src/common/ieee802_11_defs.h		diff \| blob \| blame \| history
src/drivers/driver_nl80211.c		diff \| blob \| blame \| history
wpa_supplicant/sme.c		diff \| blob \| blame \| history