From owner-freebsd-wireless@FreeBSD.ORG Wed Oct 26 14:28:40 2011 Return-Path: Delivered-To: freebsd-wireless@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE5FA106567A for ; Wed, 26 Oct 2011 14:28:40 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7DFFF8FC0A for ; Wed, 26 Oct 2011 14:28:40 +0000 (UTC) Received: by vws11 with SMTP id 11so2246775vws.13 for ; Wed, 26 Oct 2011 07:28:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=xsfhr4mLIl6Xoh9tycSFxUoaysduipKeBYb5R2p5sDQ=; b=f+vSKJOQJmUISLehnGnNjF18wlhA2smvX1sCeRmvqy7P/AbR7eWiFD68OqVdBP91sc tsnPthp2ixmjk1CAZgKsb9EyQNlTN5wDOuXwV/qcPtEhNxSVBr9cfWrDX8ugIoRP3SJt hS2C+BZ9S4v2SM4AbjC6TnVeZm0ZtsMRcoED0= MIME-Version: 1.0 Received: by 10.220.2.145 with SMTP id 17mr361793vcj.97.1319639319820; Wed, 26 Oct 2011 07:28:39 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.52.176.1 with HTTP; Wed, 26 Oct 2011 07:28:39 -0700 (PDT) Date: Wed, 26 Oct 2011 22:28:39 +0800 X-Google-Sender-Auth: 42QG2VbsTTKGD4gTNLzDEpuEsjY Message-ID: From: Adrian Chadd To: freebsd-wireless@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: [patch] net80211: reject STA frames not destined to the current STA VAP MAC address X-BeenThere: freebsd-wireless@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussions of 802.11 stack, tools device driver development." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2011 14:28:40 -0000 Hi, This patch rejects frames that are sent to a STA with an incorrect destination MAC. This is to fix an issue with the AR9160 in STA mode where it occasionally leaks frames destined to other stations. This then updates the crypto IV state and last received sequence number, causing subsequent frames from the correct MAC to be dropped inside net80211. It's also needed if we decide (eventually) to support >1 STA VAP. I'd like to merge this to -9 and -8, in case there are other AR9160 STA users. Thanks, Adrian Index: ieee80211_sta.c =================================================================== --- ieee80211_sta.c (.../head/sys/net80211) (revision 226789) +++ ieee80211_sta.c (.../user/adrian/if_ath_tx/sys/net80211) (revision 226789) @@ -50,6 +50,8 @@ #include #include #include +#include +#include #include #include @@ -584,6 +584,30 @@ vap->iv_stats.is_rx_wrongbss++; goto out; } + + /* + * Some devices may be in a promiscuous mode + * where they receive frames for multiple station + * addresses. + * + * If we receive a data frame that isn't + * destined to our VAP MAC, drop it. + * + * XXX TODO: This is only enforced when not scanning; + * XXX it assumes a software-driven scan will put the NIC + * XXX into a "no data frames" mode before setting this + * XXX flag. Otherwise it may be possible that we'll still + * XXX process data frames whilst scanning. + */ + if ((! IEEE80211_IS_MULTICAST(wh->i_addr1)) + && (! IEEE80211_ADDR_EQ(wh->i_addr1, IF_LLADDR(ifp)))) { + IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT, + bssid, NULL, "not to cur sta: lladdr=%6D, addr1=%6D", + IF_LLADDR(ifp), ":", wh->i_addr1, ":"); + vap->iv_stats.is_rx_wrongbss++; + goto out; + } + IEEE80211_RSSI_LPF(ni->ni_avgrssi, rssi); ni->ni_noise = nf; if (HAS_SEQ(type) && !IEEE80211_IS_MULTICAST(wh->i_addr1)) {