Index | Thread | Search

From:
Kevin Lo <kevlo@kevlo.org>
Subject:
Re: wifi protected management frame (PMF) support
To:
tech@openbsd.org
Date:
Wed, 26 Nov 2025 13:31:35 +0800

Download raw body.

Thread

  • Kevin Lo:

    wifi protected management frame (PMF) support

  • Klemens Nanni:

    wifi protected management frame (PMF) support

    • On Sat, Nov 22, 2025 at 10:45:08PM +0100, Stefan Sperling wrote:
> 
> This patch adds protected management frame support to iwm, iwx, and qwx.
> Support for PMF is a prerequisite for WPA3.

Amazing, this is an important step toward supporting wpa3-sae.

> I am sending this as one giant patch for testing. I do have incremental
> changes with individual commit messages which make review a bit easier.
> If you would like to review these diffs individually, please ask me to
> send them to you.
> 
> Tested by me on:
> iwm 7265, 9265	(offloads unicast PMF, multicast is done in software)
> iwx AX200	(offloads both unicast and multicast PMF)
> qwx QCNFA765	(offloads unicast PMF, multicast is done in software)
> 
> Use of PMF is controlled by the access point, so there is nothing to
> configure with ifconfig. Please check if your access point offers settings
> related to management frame protection related when testing this.
> Tests in any combination of PMF disabled/optional/required across a range
> of access points would be welcome.

I tested the following three chips with a customized OpenWrt AP, and
setting PMF (ieee80211w) to disabled/optional/required all works properly
without any issues.

iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless-AC 3168" rev 0x10, msi
iwm0: hw rev 0x220, fw ver 29.198743027.0, address b0:35:9f:xx:xx:xx
  
iwx0 at pci0 dev 20 function 3 "Intel Wi-Fi 6 AX211" rev 0x01, msix
iwx0: hw rev 0x370, fw 77.f92b5fed.0, pnvm ce1a5094, address 90:09:df:xx:xx:xx

qwx0 at pci2 dev 0 function 0 "Qualcomm QCNFA765" rev 0x01: msi
qwx0: wcn6855 hw2.1 fw 0x11088c35 address 38:d5:7a:xx:xx:xx

To confirm that the ieee80211w setting is taking effect, I checked the
RSNIE capabilities through wireshark captures:

1. PMF required
RSN Capabilities: 0x00cc
  Management Frame Protection Required: True
  Management Frame Protection Capable: True

2. PMF optional
RSN Capabilities: 0x008c
  Management Frame Protection Required: False
  Management Frame Protection Capable: True

3. PMF disabled
RSN Capabilities: 0x000c
  Management Frame Protection Required: False
  Management Frame Protection Capable: False

As a side note, during testing with PMF set to disabled, qwx(4) occasionally
displayed the following messages, but it doesn't affect functionality.
qwx_dp_rx_h_null_q_desc: not implemented
qwx_dp_rx_h_null_q_desc: not implemented
qwx_dp_rx_h_null_q_desc: not implemented
...

Thanks,
Kevin

  • Kevin Lo:

    wifi protected management frame (PMF) support

  • Klemens Nanni:

    wifi protected management frame (PMF) support