From owner-svn-src-stable@freebsd.org Mon Mar 5 08:18:14 2018 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BAB08F3C568; Mon, 5 Mar 2018 08:18:14 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6936A6A632; Mon, 5 Mar 2018 08:18:14 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6430E21570; Mon, 5 Mar 2018 08:18:14 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w258IE0s012101; Mon, 5 Mar 2018 08:18:14 GMT (envelope-from eadler@FreeBSD.org) Received: (from eadler@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w258IE9o012098; Mon, 5 Mar 2018 08:18:14 GMT (envelope-from eadler@FreeBSD.org) Message-Id: <201803050818.w258IE9o012098@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: eadler set sender to eadler@FreeBSD.org using -f From: Eitan Adler Date: Mon, 5 Mar 2018 08:18:14 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r330458 - stable/11/sys/net80211 X-SVN-Group: stable-11 X-SVN-Commit-Author: eadler X-SVN-Commit-Paths: stable/11/sys/net80211 X-SVN-Commit-Revision: 330458 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 08:18:15 -0000 Author: eadler Date: Mon Mar 5 08:18:13 2018 New Revision: 330458 URL: https://svnweb.freebsd.org/changeset/base/330458 Log: MFC r306139: [net80211] don't add IBSS node table entries for neighbors from other SSIDs. The adhoc probe/beacon input path was creating nodes for all SSIDs. This wasn't a problem when the NICs were configured to only process frames for the current BSSID, but that didn't allow IBSS merges. Once avos and I flipped on "beacons from all BSSIDs" to allow for correct IBSS merging, we found this interesting behaviour. This adds a check against the current SSID. * If there's no VAP SSID, allow anything * If there's a VAP SSID, check if the incoming frame has a suitable SSID and if so, allow it. This prevents nodes being created for other SSIDs in probe and beacon frames - ie, beacons overlapping IBSSes with different SSIDs, and probe requests from arbitrary devices. Tested: * AR9380, IBSS mode, both local and other IBSSes. Modified: stable/11/sys/net80211/ieee80211_adhoc.c stable/11/sys/net80211/ieee80211_node.c stable/11/sys/net80211/ieee80211_node.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/net80211/ieee80211_adhoc.c ============================================================================== --- stable/11/sys/net80211/ieee80211_adhoc.c Mon Mar 5 08:17:02 2018 (r330457) +++ stable/11/sys/net80211/ieee80211_adhoc.c Mon Mar 5 08:18:13 2018 (r330458) @@ -734,8 +734,20 @@ adhoc_recv_mgmt(struct ieee80211_node *ni, struct mbuf if (!IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_macaddr)) { /* * Create a new entry in the neighbor table. + * + * XXX TODO: + * + * Here we're not scanning; so if we have an + * SSID then make sure it matches our SSID. + * Otherwise this code will match on all IBSS + * beacons/probe requests for all SSIDs, + * filling the node table with nodes that + * aren't ours. */ - ni = ieee80211_add_neighbor(vap, wh, &scan); + if (ieee80211_ibss_node_check_new(ni, &scan)) + ni = ieee80211_add_neighbor(vap, wh, &scan); + else + ni = NULL; } else if (ni->ni_capinfo == 0) { /* * Update faked node created on transmit. Modified: stable/11/sys/net80211/ieee80211_node.c ============================================================================== --- stable/11/sys/net80211/ieee80211_node.c Mon Mar 5 08:17:02 2018 (r330457) +++ stable/11/sys/net80211/ieee80211_node.c Mon Mar 5 08:18:13 2018 (r330458) @@ -579,6 +579,62 @@ ieee80211_ibss_merge_check(struct ieee80211_node *ni) } /* + * Check if the given node should populate the node table. + * + * We need to be in "see all beacons for all ssids" mode in order + * to do IBSS merges, however this means we will populate nodes for + * /all/ IBSS SSIDs, versus just the one we care about. + * + * So this check ensures the node can actually belong to our IBSS + * configuration. For now it simply checks the SSID. + */ +int +ieee80211_ibss_node_check_new(struct ieee80211_node *ni, + const struct ieee80211_scanparams *scan) +{ + struct ieee80211vap *vap = ni->ni_vap; + int i; + + /* + * If we have no SSID and no scan SSID, return OK. + */ + if (vap->iv_des_nssid == 0 && scan->ssid == NULL) + goto ok; + + /* + * If we have one of (SSID, scan SSID) then return error. + */ + if (!! (vap->iv_des_nssid == 0) != !! (scan->ssid == NULL)) + goto mismatch; + + /* + * Double-check - we need scan SSID. + */ + if (scan->ssid == NULL) + goto mismatch; + + /* + * Check if the scan SSID matches the SSID list for the VAP. + */ + for (i = 0; i < vap->iv_des_nssid; i++) { + + /* Sanity length check */ + if (vap->iv_des_ssid[i].len != scan->ssid[1]) + continue; + + /* Note: SSID in the scan entry is the IE format */ + if (memcmp(vap->iv_des_ssid[i].ssid, scan->ssid + 2, + vap->iv_des_ssid[i].len) == 0) + goto ok; + } + +mismatch: + return (0); +ok: + return (1); +} + +/* * Handle 802.11 ad hoc network merge. The * convention, set by the Wireless Ethernet Compatibility Alliance * (WECA), is that an 802.11 station will change its BSSID to match Modified: stable/11/sys/net80211/ieee80211_node.h ============================================================================== --- stable/11/sys/net80211/ieee80211_node.h Mon Mar 5 08:17:02 2018 (r330457) +++ stable/11/sys/net80211/ieee80211_node.h Mon Mar 5 08:18:13 2018 (r330458) @@ -65,6 +65,7 @@ struct ieee80211_node_table; struct ieee80211com; struct ieee80211vap; +struct ieee80211_scanparams; /* * Information element ``blob''. We use this structure @@ -330,6 +331,8 @@ void ieee80211_setupcurchan(struct ieee80211com *, void ieee80211_setcurchan(struct ieee80211com *, struct ieee80211_channel *); void ieee80211_update_chw(struct ieee80211com *); int ieee80211_ibss_merge_check(struct ieee80211_node *); +int ieee80211_ibss_node_check_new(struct ieee80211_node *ni, + const struct ieee80211_scanparams *); int ieee80211_ibss_merge(struct ieee80211_node *); struct ieee80211_scan_entry; int ieee80211_sta_join(struct ieee80211vap *, struct ieee80211_channel *,