Date: Tue, 8 Nov 2011 14:28:33 +0000 (UTC) From: Adrian Chadd <adrian@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r227338 - head/sys/net80211 Message-ID: <201111081428.pA8ESXBK035176@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: adrian Date: Tue Nov 8 14:28:33 2011 New Revision: 227338 URL: http://svn.freebsd.org/changeset/base/227338 Log: Reject frames in STA mode which are not destined to the local STA address. Some hardware (eg the AR9160 in STA mode) seems to "leak" unicast FROMDS frames which aren't destined to itself. This angers the net80211 stack - the existing code would fail to find an address in the node table and try passing the frame up to each vap BSS. It would then be accepted in the input routine and its contents would update the local crypto and sequence number state. If the sequence number / crypto IV replay counters from the leaked frame were greater than the "real" state, subsequent "real" frames would be rejected due to out of sequence / IV replay conditions. This is also likely helpful if/when multi-STA modes are added to net80211. Sponsored by: Hobnob, Inc. Modified: head/sys/net80211/ieee80211_sta.c Modified: head/sys/net80211/ieee80211_sta.c ============================================================================== --- head/sys/net80211/ieee80211_sta.c Tue Nov 8 14:24:33 2011 (r227337) +++ head/sys/net80211/ieee80211_sta.c Tue Nov 8 14:28:33 2011 (r227338) @@ -584,6 +584,30 @@ sta_input(struct ieee80211_node *ni, str vap->iv_stats.is_rx_wrongbss++; goto out; } + + /* + * Some devices may be in a promiscuous mode + * where they receive frames for multiple station + * addresses. + * + * If we receive a data frame that isn't + * destined to our VAP MAC, drop it. + * + * XXX TODO: This is only enforced when not scanning; + * XXX it assumes a software-driven scan will put the NIC + * XXX into a "no data frames" mode before setting this + * XXX flag. Otherwise it may be possible that we'll still + * XXX process data frames whilst scanning. + */ + if ((! IEEE80211_IS_MULTICAST(wh->i_addr1)) + && (! IEEE80211_ADDR_EQ(wh->i_addr1, IF_LLADDR(ifp)))) { + IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT, + bssid, NULL, "not to cur sta: lladdr=%6D, addr1=%6D", + IF_LLADDR(ifp), ":", wh->i_addr1, ":"); + vap->iv_stats.is_rx_wrongbss++; + goto out; + } + IEEE80211_RSSI_LPF(ni->ni_avgrssi, rssi); ni->ni_noise = nf; if (HAS_SEQ(type) && !IEEE80211_IS_MULTICAST(wh->i_addr1)) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201111081428.pA8ESXBK035176>