Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 26 Oct 2011 22:28:39 +0800
From:      Adrian Chadd <adrian@freebsd.org>
To:        freebsd-wireless@freebsd.org
Subject:   [patch] net80211: reject STA frames not destined to the current STA VAP MAC address
Message-ID:  <CAJ-Vmo=CZ-c0QN_qoXQa4gyo5MyxL=DUzy6nXkX27HEDr17iqA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
Hi,

This patch rejects frames that are sent to a STA with an incorrect
destination MAC.
This is to fix an issue with the AR9160 in STA mode where it
occasionally leaks frames destined to other stations. This then
updates the crypto IV state and last received sequence number, causing
subsequent frames from the correct MAC to be dropped inside net80211.

It's also needed if we decide (eventually) to support >1 STA VAP.

I'd like to merge this to -9 and -8, in case there are other AR9160 STA users.

Thanks,


Adrian


Index: ieee80211_sta.c
===================================================================
--- ieee80211_sta.c     (.../head/sys/net80211) (revision 226789)
+++ ieee80211_sta.c     (.../user/adrian/if_ath_tx/sys/net80211)
 (revision 226789)
@@ -50,6 +50,8 @@
 #include <net/if.h>
 #include <net/if_media.h>
 #include <net/if_llc.h>
+#include <net/if_dl.h>
+#include <net/if_var.h>
 #include <net/ethernet.h>

 #include <net/bpf.h>
@@ -584,6 +584,30 @@
                        vap->iv_stats.is_rx_wrongbss++;
                        goto out;
                }
+
+               /*
+                * Some devices may be in a promiscuous mode
+                * where they receive frames for multiple station
+                * addresses.
+                *
+                * If we receive a data frame that isn't
+                * destined to our VAP MAC, drop it.
+                *
+                * XXX TODO: This is only enforced when not scanning;
+                * XXX it assumes a software-driven scan will put the NIC
+                * XXX into a "no data frames" mode before setting this
+                * XXX flag. Otherwise it may be possible that we'll still
+                * XXX process data frames whilst scanning.
+                */
+               if ((! IEEE80211_IS_MULTICAST(wh->i_addr1))
+                   && (! IEEE80211_ADDR_EQ(wh->i_addr1, IF_LLADDR(ifp)))) {
+                       IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
+                           bssid, NULL, "not to cur sta: lladdr=%6D,
addr1=%6D",
+                           IF_LLADDR(ifp), ":", wh->i_addr1, ":");
+                       vap->iv_stats.is_rx_wrongbss++;
+                       goto out;
+               }
+
                IEEE80211_RSSI_LPF(ni->ni_avgrssi, rssi);
                ni->ni_noise = nf;
                if (HAS_SEQ(type) && !IEEE80211_IS_MULTICAST(wh->i_addr1)) {

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-Vmo=CZ-c0QN_qoXQa4gyo5MyxL=DUzy6nXkX27HEDr17iqA>