[PATCH] Avoid PMF negotiation for networks if the driver does not support PMF
jefferymiller at google.com
Thu Jun 30 21:39:56 PDT 2022
On Wed, Aug 25, 2021 at 8:49 AM Jouni Malinen <j at w1.fi> wrote:
> What's the use case for this change?
For my use case setting pmf=1 globally and leaving ieee80211w unset on
the explicit network configurations does allow this code to connect to an
optional network without PMF.
I simply expected the explicit ieee80211w=1 would behave the same as the
global pmf=1 setting in my case but instead it fails "to configure
IGTK to the driver".
> I'm not completely sure about the nl80211 cases since the BIP cipher
> suite support indication might have been added later than the initial
> PMF implementation. This may have resulted in there being no strict
> rejection of BIP configuration with drivers that do not have explicit
> indication for it in the supported ciphers list.
Thank you for the insight. I had not thought of a driver supporting
PMF without indicating support for BIP.
> As such, it may be a
> bit difficult to do this type of a change in wpa_supplicant without the
> kernel interface(s) changing first to explicitly indicate whether PMF is
This is likely out of the scope of my current needs.
Additionally, that would require adding the explicit interface to
as well wouldn't it?
Thank you for clarifying the reasons behind these differences.
More information about the Hostap