Date: Wed, 16 Feb 2011 21:51:43 +0100 From: Monthadar Al Jaberi <monthadar@gmail.com> To: Adrian Chadd <adrian@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: [ieee80211_hwmp][panic] hwmp_recv_prep(...) Message-ID: <AANLkTi=RboRvwmZNN2sFXkXvJvgskPWQrZftd_5A9DxR@mail.gmail.com> In-Reply-To: <AANLkTikF_WpTw0dt13bJW_sAoVNYUcMpjRDc5TfterLw@mail.gmail.com> References: <AANLkTi=hVQEd8s3T36j9g6QDYUBTHHrWtQ1raA4nT_ow@mail.gmail.com> <AANLkTikF_WpTw0dt13bJW_sAoVNYUcMpjRDc5TfterLw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I think anytime the destination node sends a PREP to the originator
node that is not a peering node (not in direct contact with) we would
get this panic.
On Wed, Feb 16, 2011 at 8:52 PM, Adrian Chadd <adrian@freebsd.org> wrote:
> Besides being a potential DoS vector (and thus panicing on anything
> like that =3D=3D bad idea), what legitimate-but-broken circumstances coul=
d
> cause a node to hear its own announcement?
>
>
>
> Adrian
>
>
> On 15 February 2011 07:00, Monthadar Al Jaberi <monthadar@gmail.com> wrot=
e:
>> Hej,
>>
>> I found that a panic can be generated when having a couple of
>> ieee80211s nodes in a line topology with one of them being a ROOT
>> node. A ping from ROOT in a newly started nodes causes a panic:
>> panic: ieee80211_mesh_rt_add: adding self to the routing table
>> KDB: enter: panic
>> [ thread pid 0 tid 100030 ]
>> Stopped at =A0 =A0 =A0kdb_enter+0x50: lui =A0 =A0 at,0x804e
>> db>
>>
>> This is because we receive a copy of our own generated
>> IEEE80211_ELEMID_MESHPREP packet from our neighbor node.
>> I added check code in the begining of hwmp_recv_prep(...) similar to
>> the check code found in hwmp_recv_preq(...). Here is a diff output:
>>
>> --- freebsd/head/sys/net80211/ieee80211_hwmp.c =A02010-11-03
>> 09:29:25.023610380 +0000
>> +++ src/head-current/sys/net80211/ieee80211_hwmp.c =A0 =A0 =A02011-02-15
>> 10:06:02.526163874 +0000
>> @@ -28,7 +28,7 @@
>> =A0*/
>> =A0#include <sys/cdefs.h>
>> =A0#ifdef __FreeBSD__
>> -__FBSDID("$FreeBSD$");
>> +__FBSDID("$FreeBSD: src/sys/net80211/ieee80211_hwmp.c,v 1.4.2.7.2.1
>> 2010/12/21 17:09:25 kensmith Exp $");
>> =A0#endif
>>
>> =A0/*
>> @@ -951,6 +951,12 @@
>> =A0 =A0 =A0 =A0if (ni =3D=3D vap->iv_bss ||
>> =A0 =A0 =A0 =A0 =A0 =A0ni->ni_mlstate !=3D IEEE80211_NODE_MESH_ESTABLISH=
ED)
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return;
>> + =A0 =A0 =A0 /*
>> + =A0 =A0 =A0 =A0* Ignore PREPs from us. Could happen because someone fo=
rward it
>> + =A0 =A0 =A0 =A0* back to us.
>> + =A0 =A0 =A0 =A0*/
>> + =A0 =A0 =A0 if (IEEE80211_ADDR_EQ(vap->iv_myaddr, prep->prep_targetadd=
r))
>> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 return;
>> =A0 =A0 =A0 =A0if (!IEEE80211_ADDR_EQ(vap->iv_myaddr, prep->prep_origadd=
r) &&
>> =A0 =A0 =A0 =A0 =A0 =A0!(ms->ms_flags & IEEE80211_MESHFLAGS_FWD))
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return;
>>
>> --
>> //Monthadar Al Jaberi
>> _______________________________________________
>> freebsd-net@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>>
>
--=20
//Monthadar Al Jaberi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=RboRvwmZNN2sFXkXvJvgskPWQrZftd_5A9DxR>