Date: Wed, 16 Feb 2011 14:52:43 -0500 From: Adrian Chadd <adrian@freebsd.org> To: Monthadar Al Jaberi <monthadar@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: [ieee80211_hwmp][panic] hwmp_recv_prep(...) Message-ID: <AANLkTikF_WpTw0dt13bJW_sAoVNYUcMpjRDc5TfterLw@mail.gmail.com> In-Reply-To: <AANLkTi=hVQEd8s3T36j9g6QDYUBTHHrWtQ1raA4nT_ow@mail.gmail.com> References: <AANLkTi=hVQEd8s3T36j9g6QDYUBTHHrWtQ1raA4nT_ow@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Besides being a potential DoS vector (and thus panicing on anything
like that =3D=3D bad idea), what legitimate-but-broken circumstances could
cause a node to hear its own announcement?
Adrian
On 15 February 2011 07:00, Monthadar Al Jaberi <monthadar@gmail.com> wrote:
> Hej,
>
> I found that a panic can be generated when having a couple of
> ieee80211s nodes in a line topology with one of them being a ROOT
> node. A ping from ROOT in a newly started nodes causes a panic:
> panic: ieee80211_mesh_rt_add: adding self to the routing table
> KDB: enter: panic
> [ thread pid 0 tid 100030 ]
> Stopped at =A0 =A0 =A0kdb_enter+0x50: lui =A0 =A0 at,0x804e
> db>
>
> This is because we receive a copy of our own generated
> IEEE80211_ELEMID_MESHPREP packet from our neighbor node.
> I added check code in the begining of hwmp_recv_prep(...) similar to
> the check code found in hwmp_recv_preq(...). Here is a diff output:
>
> --- freebsd/head/sys/net80211/ieee80211_hwmp.c =A02010-11-03
> 09:29:25.023610380 +0000
> +++ src/head-current/sys/net80211/ieee80211_hwmp.c =A0 =A0 =A02011-02-15
> 10:06:02.526163874 +0000
> @@ -28,7 +28,7 @@
> =A0*/
> =A0#include <sys/cdefs.h>
> =A0#ifdef __FreeBSD__
> -__FBSDID("$FreeBSD$");
> +__FBSDID("$FreeBSD: src/sys/net80211/ieee80211_hwmp.c,v 1.4.2.7.2.1
> 2010/12/21 17:09:25 kensmith Exp $");
> =A0#endif
>
> =A0/*
> @@ -951,6 +951,12 @@
> =A0 =A0 =A0 =A0if (ni =3D=3D vap->iv_bss ||
> =A0 =A0 =A0 =A0 =A0 =A0ni->ni_mlstate !=3D IEEE80211_NODE_MESH_ESTABLISHE=
D)
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return;
> + =A0 =A0 =A0 /*
> + =A0 =A0 =A0 =A0* Ignore PREPs from us. Could happen because someone for=
ward it
> + =A0 =A0 =A0 =A0* back to us.
> + =A0 =A0 =A0 =A0*/
> + =A0 =A0 =A0 if (IEEE80211_ADDR_EQ(vap->iv_myaddr, prep->prep_targetaddr=
))
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 return;
> =A0 =A0 =A0 =A0if (!IEEE80211_ADDR_EQ(vap->iv_myaddr, prep->prep_origaddr=
) &&
> =A0 =A0 =A0 =A0 =A0 =A0!(ms->ms_flags & IEEE80211_MESHFLAGS_FWD))
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return;
>
> --
> //Monthadar Al Jaberi
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikF_WpTw0dt13bJW_sAoVNYUcMpjRDc5TfterLw>