On 2025 Dec 03 (Wed) at 22:57:26 +0100 (+0100), Kirill A. Korinsky wrote:
:On Sun, 23 Nov 2025 16:44:39 +0100,
:Kirill A. Korinsky <kirill@korins.ky> wrote:
:> 
:> On Sat, 22 Nov 2025 22:45:08 +0100,
:> Stefan Sperling <stsp@stsp.name> wrote:
:> > 
:> > This patch adds protected management frame support to iwm, iwx, and qwx.
:> > Support for PMF is a prerequisite for WPA3.
:> > 
:> > I am sending this as one giant patch for testing. I do have incremental
:> > changes with individual commit messages which make review a bit easier.
:> > If you would like to review these diffs individually, please ask me to
:> > send them to you.
:> > 
:> > Tested by me on:
:> > iwm 7265, 9265	(offloads unicast PMF, multicast is done in software)
:> > iwx AX200	(offloads both unicast and multicast PMF)
:> > qwx QCNFA765	(offloads unicast PMF, multicast is done in software)
:> > 
:> > Use of PMF is controlled by the access point, so there is nothing to
:> > configure with ifconfig. Please check if your access point offers settings
:> > related to management frame protection related when testing this.
:> > Tests in any combination of PMF disabled/optional/required across a range
:> > of access points would be welcome.
:> > 
:> > In particular, I don't have any iwx "MA" devices to test with. There
:> > could still be unexpected problems such as firmware crashes on these.
:> > If you enable 'ifconfig iwx0 debug' then the driver should display the
:> > name of its firmware file in dmesg. If this name begins with "iwx-ma-"
:> > then you are using an MA device.
:> >
:> 
:> Tested on:
:> 
:> iwx0 at pci0 dev 20 function 3 "Intel Wi-Fi 6 AX201" rev 0x00, msix
:> iwx0: hw rev 0x350, fw 77.a20fb07d.0, address 98:8d:46:21:2b:6d
:> 
:> against both optional and required PMF on network based on Unifi Nano HD
:> version 6.7.31
:> 
:
:Interesting, after installing today snapshot:
:
:Build date: 1764790226 - Wed Dec  3 19:30:26 UTC 2025
:
:I have:
:
:iwx0: flags=a48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6TEMP,AUTOCONF6,AUTOCONF4> mtu 1500
:        lladdr 98:8d:46:21:2b:6d
:        index 1 priority 4 llprio 3
:        groups: wlan
:        media: IEEE802.11 autoselect
:        status: no network
:        ieee80211: nwid "catap's Network" wpakey wpaprotos wpa2 wpaakms sha256-psk wpaciphers ccmp wpagroupcipher ccmp
:        inet6 fe80::9a8d:46ff:fe21:2b6d%iwx0 prefixlen 64 scopeid 0x1
:
:but as soon as I've switched network to PMF required from optional, it
:works as expected:
:
:iwx0: flags=a48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6TEMP,AUTOCONF6,AUTOCONF4> mtu 1500
:        lladdr 98:8d:46:21:2b:6d
:        index 1 priority 4 llprio 3
:        groups: wlan egress
:        media: IEEE802.11 autoselect (VHT-MCS3 mode 11ac)
:        status: active
:        ieee80211: join "catap's Network" chan 40 bssid b4:fb:e4:8b:0d:78 62% wpakey wpaprotos wpa2 wpaakms sha256-psk wpaciphers ccmp wpagroupcipher ccmp
:        inet6 fe80::9a8d:46ff:fe21:2b6d%iwx0 prefixlen 64 scopeid 0x1
:        inet 172.31.2.77 netmask 0xffffff00 broadcast 172.31.2.255
:
:switching network back to optional brokes it.
:
:-- 
:wbr, Kirill
:

That's the same behaviour I saw, I sent a patch in this thread to fix it.


-- 
The older I grow the more I distrust the familiar doctrine that age
brings wisdom.
		-- H. L. Mencken