[PATCH 2/2] D-Bus: add pmf to global capabilities
Dan Williams
dcbw at redhat.com
Fri Jan 6 09:57:04 PST 2017
On Thu, 2017-01-05 at 16:06 +0100, Stijn Tintel wrote:
> Signed-off-by: Stijn Tintel <stijn at linux-ipv6.be>
> ---
> wpa_supplicant/dbus/dbus_new_handlers.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c
> b/wpa_supplicant/dbus/dbus_new_handlers.c
> index b25afc8..eac9ab4 100644
> --- a/wpa_supplicant/dbus/dbus_new_handlers.c
> +++ b/wpa_supplicant/dbus/dbus_new_handlers.c
> @@ -991,6 +991,9 @@ dbus_bool_t wpas_dbus_getter_global_capabilities(
> #ifdef CONFIG_INTERWORKING
> capabilities[num_items++] = "interworking";
> #endif /* CONFIG_INTERWORKING */
> +#ifdef CONFIG_IEEE80211W
> + capabilities[num_items++] = "pmf";
> +#endif /* CONFIG_IEEE80211W */
>
> return wpas_dbus_simple_array_property_getter(iter,
This looks OK, but this is only for the supplicant as a whole.
What about each individual interface? We also typically have
corresponding properties in the interface properties itself, since just
because the supplicant is compiled with 11W or AP support doesn't mean
the driver and hardware can actually do it. For example, if you have
to use the WEXT driver, the only in-kernel driver that supports
IW_AUTH_MFP_REQUIRED is orinoco.
While I don't know for sure (Jouni or others would) I think you can
just use driver supported ciphers to detect 11W support.
So you should also add the missing cipher capabilities to
wpas_dbus_getter_capabilities() in dbus_new_handlers.c for:
WPA_DRIVER_CAPA_ENC_BIP => "aes-128-cmac"
WPA_DRIVER_CAPA_ENC_BIP_GMAC_128 => "bip-gmac-128"
WPA_DRIVER_CAPA_ENC_BIP_GMAC_256 => "bip-gmac-256"
WPA_DRIVER_CAPA_ENC_BIP_CMAC_256 => "bip-cmac-256"
and then clients would use both the supplicant global Pmf property and
the interface-specific capability to determine whether or not that
specific interface could do 802.11W.
Dan
More information about the Hostap
mailing list