From owner-freebsd-current@FreeBSD.ORG Tue Sep 1 15:29:55 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0B21E106568B for ; Tue, 1 Sep 2009 15:29:55 +0000 (UTC) (envelope-from sam@errno.com) Received: from ebb.errno.com (ebb.errno.com [69.12.149.25]) by mx1.freebsd.org (Postfix) with ESMTP id BEDDB8FC0C for ; Tue, 1 Sep 2009 15:29:54 +0000 (UTC) Received: from ice.local ([10.0.0.115]) (authenticated bits=0) by ebb.errno.com (8.13.6/8.12.6) with ESMTP id n81FTrfo018542 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 1 Sep 2009 08:29:54 -0700 (PDT) (envelope-from sam@errno.com) Message-ID: <4A9D3DF1.7000605@errno.com> Date: Tue, 01 Sep 2009 08:29:53 -0700 From: Sam Leffler User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: John Nielsen References: <20090807165850.3e8541f8@vaio> <20090808134101.44d7d210@vaio> <4A7E5E2B.6060204@errno.com> <200908312358.51491.lists@jnielsen.net> In-Reply-To: <200908312358.51491.lists@jnielsen.net> Content-Type: multipart/mixed; boundary="------------060009060109060905060909" X-DCC-x.dcc-servers-Metrics: ebb.errno.com; whitelist Cc: freebsd-current@freebsd.org Subject: Re: WEP on wi(4) [was: Re: LOR wlan0 wi0] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Sep 2009 15:29:55 -0000 This is a multi-part message in MIME format. --------------060009060109060905060909 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit John Nielsen wrote: > On Sunday 09 August 2009 01:27:07 am Sam Leffler wrote: >>> Sam Leffler wrote: >> I can confirm WEP is broken on wi in sta mode (and probably ap mode). >> I found at least two bugs but couldn't get it to work so am going to >> leave it as an errata for 8.0. But what's truly odd is that WPA works >> fine despite a bug that should've caused it to not work. I knew WPA >> worked which is probably why I ignored WEP (noone in their right mind >> uses WEP when WPA is available :-)). > > So for us wrong-minded people with wi(4) hardware that lacks WPA support > is it better to stick with 7.x for now? Any patches available or a rough > ETA? Is there a specific set of 8-CURRENT commits before which WEP is > known (or strongly suspected) to work? Anything others can do to help > besides ask annoying questions? (Sadly I'm not quite enough of a kernel > hacker to adopt maintainership of wi.) Attached is what I came up with when the problem was identified. As you can see it's incomplete. I have no time to work on it more so someone else will need to follow through. Given the cost of a replacement wireless card is Date: Mon, 10 Aug 2009 09:05:39 -0700 From: Sam Leffler User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605) MIME-Version: 1.0 To: "M. Warner Losh" Subject: wi wep patch Content-Type: multipart/mixed; boundary="------------050907030306010605060101" This is a multi-part message in MIME format. --------------050907030306010605060101 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit The attached patch tries to fix WEP support in wi. Presently WEP does not work for two reasons: 1. wi_start_locked does not mask the PRIVACY bit from the header flags when finding the direction to extract mac addresses to reconstruct the 802.3 frame. Why this does not break WPA also is beyond me. 2. wi marks all tx encrypted frames WI_TXCNTL_NOCRYPT but tries to use h/w WEP support for cards that support it. I've deleted the h/w crypto support and just do the work in s/w. But the above does not fix WEP and I don't see why. If you've got any ideas it'd be nice to fix this. Otherwise if you can review what I've done it'd be appreciated. I can submit just #1 to re as that's definitely correct. Sam --------------050907030306010605060101 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="wi.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="wi.patch" Index: if_wivar.h =================================================================== --- if_wivar.h (revision 196086) +++ if_wivar.h (working copy) @@ -113,7 +113,6 @@ int sc_porttype; u_int16_t sc_portnum; - u_int16_t sc_encryption; u_int16_t sc_monitor_port; /* RSSI interpretation */ Index: if_wi.c =================================================================== --- if_wi.c (revision 196086) +++ if_wi.c (working copy) @@ -137,7 +137,6 @@ static void wi_info_intr(struct wi_softc *); static int wi_write_txrate(struct wi_softc *, struct ieee80211vap *); -static int wi_write_wep(struct wi_softc *, struct ieee80211vap *); static int wi_write_multi(struct wi_softc *); static void wi_update_mcast(struct ifnet *); static void wi_update_promisc(struct ifnet *); @@ -417,15 +416,6 @@ sc->sc_dbm_offset = WI_PRISM_DBM_OFFSET; break; } - - /* - * Find out if we support WEP on this card. - */ - buflen = sizeof(val); - if (wi_read_rid(sc, WI_RID_WEP_AVAIL, &val, &buflen) == 0 && - val != htole16(0)) - ic->ic_cryptocaps |= IEEE80211_CRYPTO_WEP; - /* Find supported rates. */ buflen = sizeof(ratebuf); rs = &ic->ic_sup_rates[IEEE80211_MODE_11B]; @@ -842,12 +832,6 @@ wi_write_val(sc, WI_RID_OWN_CHNL, ieee80211_chan2ieee(ic, bss->ni_chan)); - /* Configure WEP. */ - if (ic->ic_cryptocaps & IEEE80211_CRYPTO_WEP) - wi_write_wep(sc, vap); - else - sc->sc_encryption = 0; - if ((sc->sc_flags & WI_FLAGS_HAS_WPASUPPORT) && (vap->iv_flags & IEEE80211_F_WPA)) { wi_write_val(sc, WI_RID_WPA_HANDLING, 1); @@ -932,12 +916,6 @@ wi_write_val(sc, WI_RID_PROMISC, 0); - /* Configure WEP. */ - if (ic->ic_cryptocaps & IEEE80211_CRYPTO_WEP) - wi_write_wep(sc, vap); - else - sc->sc_encryption = 0; - wi_enable(sc); /* enable port */ WI_UNLOCK(sc); } @@ -976,7 +954,7 @@ /* reconstruct 802.3 header */ wh = mtod(m0, struct ieee80211_frame *); - switch (wh->i_fc[1]) { + switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { case IEEE80211_FC1_DIR_TODS: IEEE80211_ADDR_COPY(frmhdr.wi_ehdr.ether_shost, wh->i_addr2); @@ -1739,71 +1717,6 @@ } static int -wi_write_wep(struct wi_softc *sc, struct ieee80211vap *vap) -{ - int error = 0; - int i, keylen; - u_int16_t val; - struct wi_key wkey[IEEE80211_WEP_NKID]; - - switch (sc->sc_firmware_type) { - case WI_LUCENT: - val = (vap->iv_flags & IEEE80211_F_PRIVACY) ? 1 : 0; - error = wi_write_val(sc, WI_RID_ENCRYPTION, val); - if (error) - break; - if ((vap->iv_flags & IEEE80211_F_PRIVACY) == 0) - break; - error = wi_write_val(sc, WI_RID_TX_CRYPT_KEY, vap->iv_def_txkey); - if (error) - break; - memset(wkey, 0, sizeof(wkey)); - for (i = 0; i < IEEE80211_WEP_NKID; i++) { - keylen = vap->iv_nw_keys[i].wk_keylen; - wkey[i].wi_keylen = htole16(keylen); - memcpy(wkey[i].wi_keydat, vap->iv_nw_keys[i].wk_key, - keylen); - } - error = wi_write_rid(sc, WI_RID_DEFLT_CRYPT_KEYS, - wkey, sizeof(wkey)); - sc->sc_encryption = 0; - break; - - case WI_INTERSIL: - val = HOST_ENCRYPT | HOST_DECRYPT; - if (vap->iv_flags & IEEE80211_F_PRIVACY) { - /* - * ONLY HWB3163 EVAL-CARD Firmware version - * less than 0.8 variant2 - * - * If promiscuous mode disable, Prism2 chip - * does not work with WEP . - * It is under investigation for details. - * (ichiro@netbsd.org) - */ - if (sc->sc_sta_firmware_ver < 802 ) { - /* firm ver < 0.8 variant 2 */ - wi_write_val(sc, WI_RID_PROMISC, 1); - } - wi_write_val(sc, WI_RID_CNFAUTHMODE, - vap->iv_bss->ni_authmode); - val |= PRIVACY_INVOKED; - } else { - wi_write_val(sc, WI_RID_CNFAUTHMODE, IEEE80211_AUTH_OPEN); - } - error = wi_write_val(sc, WI_RID_P2_ENCRYPTION, val); - if (error) - break; - sc->sc_encryption = val; - if ((val & PRIVACY_INVOKED) == 0) - break; - error = wi_write_val(sc, WI_RID_P2_TX_CRYPT_KEY, vap->iv_def_txkey); - break; - } - return error; -} - -static int wi_cmd(struct wi_softc *sc, int cmd, int val0, int val1, int val2) { int i, s = 0; --------------050907030306010605060101-- --------------060009060109060905060909--