lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAK-6q+irhYroxV_P5ORtO9Ui9-Bs=SNS+vO5bZ7_X-geab+XrA@mail.gmail.com>
Date:   Thu, 26 Jan 2023 20:29:25 -0500
From:   Alexander Aring <aahringo@...hat.com>
To:     Miquel Raynal <miquel.raynal@...tlin.com>
Cc:     Alexander Aring <alex.aring@...il.com>,
        Stefan Schmidt <stefan@...enfreihafen.org>,
        linux-wpan@...r.kernel.org,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Eric Dumazet <edumazet@...gle.com>, netdev@...r.kernel.org,
        David Girault <david.girault@...vo.com>,
        Romuald Despres <romuald.despres@...vo.com>,
        Frederic Blain <frederic.blain@...vo.com>,
        Nicolas Schodet <nico@...fr.eu.org>,
        Guilhem Imberton <guilhem.imberton@...vo.com>,
        Thomas Petazzoni <thomas.petazzoni@...tlin.com>
Subject: Re: [PATCH wpan-next 0/2] ieee802154: Beaconing support

Hi,

On Wed, Jan 25, 2023 at 5:00 AM Miquel Raynal <miquel.raynal@...tlin.com> wrote:
>
> Hi Alexander,
>
> alex.aring@...il.com wrote on Tue, 24 Jan 2023 21:31:33 -0500:
>
> > Hi,
> >
> > On Tue, Jan 24, 2023 at 5:08 AM Miquel Raynal <miquel.raynal@...tlin.com> wrote:
> > >
> > > Hi Alexander,
> > >
> > > aahringo@...hat.com wrote on Mon, 23 Jan 2023 09:02:48 -0500:
> > >
> > > > Hi,
> > > >
> > > > On Mon, Jan 23, 2023 at 9:01 AM Alexander Aring <aahringo@...hat.com> wrote:
> > > > >
> > > > > Hi,
> > > > >
> > > > > On Wed, Jan 18, 2023 at 4:21 AM Miquel Raynal <miquel.raynal@...tlin.com> wrote:
> > > > > >
> > > > > > Hi Alexander,
> > > > > >
> > > > > > aahringo@...hat.com wrote on Sun, 15 Jan 2023 20:54:02 -0500:
> > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > On Fri, Jan 6, 2023 at 6:33 AM Miquel Raynal <miquel.raynal@...tlin.com> wrote:
> > > > > > > >
> > > > > > > > Scanning being now supported, we can eg. play with hwsim to verify
> > > > > > > > everything works as soon as this series including beaconing support gets
> > > > > > > > merged.
> > > > > > > >
> > > > > > >
> > > > > > > I am not sure if a beacon send should be handled by an mlme helper
> > > > > > > handling as this is a different use-case and the user does not trigger
> > > > > > > an mac command and is waiting for some reply and a more complex
> > > > > > > handling could be involved. There is also no need for hotpath xmit
> > > > > > > handling is disabled during this time. It is just an async messaging
> > > > > > > in some interval and just "try" to send it and don't care if it fails,
> > > > > > > or? For mac802154 therefore I think we should use the dev_queue_xmit()
> > > > > > > function to queue it up to send it through the hotpath?
> > > > > > >
> > > > > > > I can ack those patches, it will work as well. But I think we should
> > > > > > > switch at some point to dev_queue_xmit(). It should be simple to
> > > > > > > switch it. Just want to mention there is a difference which will be
> > > > > > > there in mac-cmds like association.
> > > > > >
> > > > > > I see what you mean. That's indeed true, we might just switch to
> > > > > > a less constrained transmit path.
> > > > > >
> > > > >
> > > > > I would define the difference in bypass qdisc or not. Whereas the
> > > > > qdisc can drop or delay transmitting... For me, the qdisc is currently
> > > > > in a "works for now" state.
> > > >
> > > > probably also bypass other hooks like tc, etc. :-/ Not sure if we want that.
> > >
> > > Actually, IIUC, we no longer want to go through the entire net stack.
> > > We still want to bypass it but without stopping/flushing the full
> > > queue like with an mlme transmission, so what about using
> > > ieee802154_subif_start_xmit() instead of dev_queue_xmit()? I think it
> > > is more appropriate.
> >
> > I do not understand, what do we currently do with mlme ops via the
> > ieee802154_subif_start_xmit() function, or? So we bypass everything
> > from dev_queue_xmit() until do_xmit() netdev callback.
>
> Yes, that's the plan. We don't want any of the net stack features when
> sending beacons.
>
> > I think it is fine, also I think "mostly" only dataframes should go
> > through dev_queue_xmit(). With a HardMAC transceiver we would have
> > control about "mostly" other frames than data either. So we should do
> > everything with mlme-ops do what the spec says (to match up with
> > HardMAC behaviour?) and don't allow common net hooks/etc. to change
> > this behaviour?
>
> To summarize:
> - Data frames -> should go through dev_queue_xmit()

there are exceptions... e.g. AF_PACKET raw sockets can build whatever
it wants (but it will probably not being supported by HardMAC
transceivers) and send it out. There is no real control about it. So
mostly I would agree here.

> - MLME ops with feedback constraints -> should go through the slow MLME
>   path, so ieee802154_mlme_tx*()

yea.

> - MLME ops without feedback constraints like beacons -> should go
>   through the hot path, but not through the whole net stack, so
>   ieee802154_subif_start_xmit()
>

it will bypass the qdisc handling (+ some other things which are
around there). The current difference is what I see llsec handling and
other things which might be around there? It depends if other
"MLME-ops" need to be e.g. encrypted or not.

> Right now only data frames have security support, I propose we merge
> the initial support like that. Right now I am focused on UWB support
> (coming next, after the whole active scan/association additions), and
> in a second time we would be interested in llsec support for MLME ops.
>

that's fine.

> Does that sounds like a plan? If yes, I'll send a v2 with the right
> transmit helper used.
>

yes.

> Thanks,
> Miquèl
>
> NB: Perhaps a prerequisites of bringing security to the MLME ops would
> be to have wpan-tools updated (it looks like the support was never
> merged?) as well as a simple example how to use it on linux-wpan.org.
>

this is correct. It is still in a branch, I am fine to merge it in
this state although it's not really practical to use right now.

- Alex

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ