Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1453207 Details for
Bug 1582407
unable to connect to WiFi
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
[PATCH] wifi: disable optional PMF when the NIC doesn't support BIP ciphers
0001-wifi-disable-optional-PMF-when-the-NIC-doesn-t-suppo.patch (text/plain), 3.79 KB, created by
Beniamino Galvani
on 2018-06-20 12:29:45 UTC
(
hide
)
Description:
[PATCH] wifi: disable optional PMF when the NIC doesn't support BIP ciphers
Filename:
MIME Type:
Creator:
Beniamino Galvani
Created:
2018-06-20 12:29:45 UTC
Size:
3.79 KB
patch
obsolete
>From 84b9c53537ca68da9ef2e44bd25faf603835ddb3 Mon Sep 17 00:00:00 2001 >From: Beniamino Galvani <bgalvani@redhat.com> >Date: Tue, 19 Jun 2018 15:28:16 +0200 >Subject: [PATCH] wifi: disable optional PMF when the NIC doesn't support BIP > ciphers > >If the Wi-Fi NIC does not support BIP (Broadcast Integrity Protocol) >ciphers, wpa_supplicant will fail to install the IGTK and the >connection will fail. Therefore, disable PMF when it is optional and >needed ciphers are not available. > >Note that wpa_supplicant considers the global PMF setting = 'optional' >is an indication to enable PMF when the AP advertises it *and* there >is NIC support; but the per-network ieee80211 setting = 'optional' >(used by NM) means that we want to always use PMF if the AP advertises >it. So the NIC cipher support must be evaluated in NM to achieve the >true 'optional' behavior. > >https://bugzilla.redhat.com/show_bug.cgi?id=1582407 >--- > libnm-core/nm-dbus-interface.h | 2 ++ > src/devices/wifi/nm-device-wifi.c | 6 ++++++ > src/platform/wifi/wifi-utils-nl80211.c | 8 ++++++++ > 3 files changed, 16 insertions(+) > >diff --git a/libnm-core/nm-dbus-interface.h b/libnm-core/nm-dbus-interface.h >index ba31a3797..be1b38907 100644 >--- a/libnm-core/nm-dbus-interface.h >+++ b/libnm-core/nm-dbus-interface.h >@@ -278,6 +278,7 @@ typedef enum { /*< flags >*/ > * @NM_WIFI_DEVICE_CAP_FREQ_VALID: device reports frequency capabilities > * @NM_WIFI_DEVICE_CAP_FREQ_2GHZ: device supports 2.4GHz frequencies > * @NM_WIFI_DEVICE_CAP_FREQ_5GHZ: device supports 5GHz frequencies >+ * @NM_WIFI_DEVICE_CAP_CIPHER_BIP: device supports BIP ciphers > * > * 802.11 specific device encryption and authentication capabilities. > **/ >@@ -294,6 +295,7 @@ typedef enum { /*< flags >*/ > NM_WIFI_DEVICE_CAP_FREQ_VALID = 0x00000100, > NM_WIFI_DEVICE_CAP_FREQ_2GHZ = 0x00000200, > NM_WIFI_DEVICE_CAP_FREQ_5GHZ = 0x00000400, >+ NM_WIFI_DEVICE_CAP_CIPHER_BIP = 0x00000800, > } NMDeviceWifiCapabilities; > > /** >diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c >index 1a86e13bf..16e86b3a7 100644 >--- a/src/devices/wifi/nm-device-wifi.c >+++ b/src/devices/wifi/nm-device-wifi.c >@@ -2383,6 +2383,12 @@ build_supplicant_config (NMDeviceWifi *self, > NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL); > } > >+ if ( pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL >+ && !NM_FLAGS_HAS (priv->capabilities, NM_WIFI_DEVICE_CAP_CIPHER_BIP)) { >+ _LOGI (LOGD_WIFI, "Device does not support BIP ciphers, disabling PMF"); >+ pmf = NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE; >+ } >+ > /* Configure FILS (802.11ai) */ > fils = nm_setting_wireless_security_get_fils (s_wireless_sec); > if (fils == NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT) { >diff --git a/src/platform/wifi/wifi-utils-nl80211.c b/src/platform/wifi/wifi-utils-nl80211.c >index 6c2ff3f57..912b29363 100644 >--- a/src/platform/wifi/wifi-utils-nl80211.c >+++ b/src/platform/wifi/wifi-utils-nl80211.c >@@ -695,6 +695,9 @@ struct nl80211_device_info { > #define WLAN_CIPHER_SUITE_WEP104 0x000FAC05 > #define WLAN_CIPHER_SUITE_AES_CMAC 0x000FAC06 > #define WLAN_CIPHER_SUITE_GCMP 0x000FAC08 >+#define WLAN_CIPHER_SUITE_GMAC128 0x000FAC0B >+#define WLAN_CIPHER_SUITE_GMAC256 0x000FAC0C >+#define WLAN_CIPHER_SUITE_CMAC256 0x000FAC0D > #define WLAN_CIPHER_SUITE_SMS4 0x00147201 > > static int nl80211_wiphy_info_handler (struct nl_msg *msg, void *arg) >@@ -847,6 +850,11 @@ static int nl80211_wiphy_info_handler (struct nl_msg *msg, void *arg) > NM_WIFI_DEVICE_CAP_RSN); > break; > case WLAN_CIPHER_SUITE_AES_CMAC: >+ case WLAN_CIPHER_SUITE_GMAC128: >+ case WLAN_CIPHER_SUITE_GMAC256: >+ case WLAN_CIPHER_SUITE_CMAC256: >+ info->caps |= NM_WIFI_DEVICE_CAP_CIPHER_BIP; >+ break; > case WLAN_CIPHER_SUITE_GCMP: > case WLAN_CIPHER_SUITE_SMS4: > break; >-- >2.17.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1453207">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1582407
:
1441444
|
1448582
|
1448934
| 1453207 |
1455411