[PATCH] [updated] encodeext vs. encode codepaths

Dan Williams dcbw
Sun Feb 5 18:46:12 PST 2006 

On Sun, 2006-02-05 at 17:51 -0800, Jouni Malinen wrote:
> On Thu, Feb 02, 2006 at 11:10:13AM -0500, Dan Williams wrote:
> > 1) wpa_supplicant was not setting authentication algorithm at _all_ for
> > cards that don't support SIOCSIWAUTH
> 
> One reason for this is that I've never seen such a mechanism in Linux
> wireless extensions before SIOCSIWAUTH.. Your patch seems to be using
> IW_ENCODE_OPEN for Open System authentication and IW_ENCODE_RESTRICTED
> for Shared Key authentication. However, for me, these means something
> completely different, i.e., whether unencrypted frames are accepted or
> not when WEP is used. I think there has been confusion on what these
> parameters really mean and I'm not sure what the original purpose was.
> Do you happen to have good understanding on which drivers use
> IW_ENCODE_OPEN/RESTRICTED flags to select between Open System and Shared
> Key authentication algorithms?

Pretty much most of them in set_encode():

airo:

	/* Read the flags */
	if(encoding->flags & IW_ENCODE_DISABLED)
		local->config.authType = AUTH_OPEN;	// disable encryption
	if(encoding->flags & IW_ENCODE_RESTRICTED)
		local->config.authType = AUTH_SHAREDKEY;	// Only Both
	if(encoding->flags & IW_ENCODE_OPEN)
		local->config.authType = AUTH_ENCRYPT;	// Only Wep

in-kernel ieee80211 layer (bcm43xx, ipw2100, ipw2200, etc):

	if (erq->flags & (IW_ENCODE_OPEN | IW_ENCODE_RESTRICTED)) {
		ieee->open_wep = !(erq->flags & IW_ENCODE_RESTRICTED);
		sec.auth_mode = ieee->open_wep ? WLAN_AUTH_OPEN :
		    WLAN_AUTH_SHARED_KEY;

orinoco:

	if (erq->flags & IW_ENCODE_DISABLED)
		enable = 0;
	if (erq->flags & IW_ENCODE_OPEN)
		restricted = 0;
	if (erq->flags & IW_ENCODE_RESTRICTED)
		restricted = 1;
<---- snip ---->
	priv->wep_restrict = restricted;
<---- snip ---->
	if (priv->wep_restrict)
		auth_flag = HERMES_AUTH_SHARED_KEY;
	else
		auth_flag = HERMES_AUTH_OPEN;

prism54:

	int authen = DOT11_AUTH_OS, invoke = 0, exunencrypt = 0;
<---- snip ---->
	if (dwrq->flags & IW_ENCODE_OPEN)
		/* Encode but accept non-encoded packets. No auth */
		invoke = 1;
	if ((dwrq->flags & IW_ENCODE_RESTRICTED) || force) {
		/* Refuse non-encoded packets. Auth */
		authen = DOT11_AUTH_BOTH;
		invoke = 1;
		exunencrypt = 1;
	}

Notable exceptions are (of course) hostap and the ones that don't ...
Yes, there's a lot of confusion about OPEN/RESTRICTED but it seems that
since there was no way of setting shared key/open system, O/R kind of
took over that functionality in many drivers.  Unfortunately, there
seems to be a need to set the auth mode for plain WEXT...

Dan

More information about the Hostap mailing list