Fix handling of devices w/o radiotap support:

o do not attach DLT_IEEE802_11_RADIO unless both tx and rx headers are
  present; this is assumed in the capture code paths
o verify the above with asserts in ieee80211_radiotap_{rx,tx}
o add missing checks for active taps before calling ieee80211_radiotap_rx

6 files changed, 14 insertions, 11 deletions

diff --git a/sys/net80211/ieee80211_adhoc.c b/sys/net80211/ieee80211_adhoc.c
index 8f37808..ed3f6f8 100644
--- a/sys/net80211/ieee80211_adhoc.c
+++ b/sys/net80211/ieee80211_adhoc.c
@@ -656,7 +656,7 @@ err:
 	ifp->if_ierrors++;
 out:
 	if (m != NULL) {
-		if (need_tap)
+		if (need_tap && ieee80211_radiotap_active_vap(vap))
 			ieee80211_radiotap_rx(vap, m);
 		m_freem(m);
 	}
diff --git a/sys/net80211/ieee80211_hostap.c b/sys/net80211/ieee80211_hostap.c
index 9264a71..ee83eace 100644
--- a/sys/net80211/ieee80211_hostap.c
+++ b/sys/net80211/ieee80211_hostap.c
@@ -850,7 +850,7 @@ err:
 	ifp->if_ierrors++;
 out:
 	if (m != NULL) {
-		if (need_tap)
+		if (need_tap && ieee80211_radiotap_active_vap(vap))
 			ieee80211_radiotap_rx(vap, m);
 		m_freem(m);
 	}
diff --git a/sys/net80211/ieee80211_monitor.c b/sys/net80211/ieee80211_monitor.c
index 119c87d..3f2c847 100644
--- a/sys/net80211/ieee80211_monitor.c
+++ b/sys/net80211/ieee80211_monitor.c
@@ -128,7 +128,8 @@ monitor_input(struct ieee80211_node *ni, struct mbuf *m, int rssi, int nf)
 {
 	struct ieee80211vap *vap = ni->ni_vap;
 
-	ieee80211_radiotap_rx(vap, m);
+	if (ieee80211_radiotap_active_vap(vap))
+		ieee80211_radiotap_rx(vap, m);
 	m_freem(m);
 	return -1;
 }
diff --git a/sys/net80211/ieee80211_radiotap.c b/sys/net80211/ieee80211_radiotap.c
index 2c4482f..9c8dc4d 100644
--- a/sys/net80211/ieee80211_radiotap.c
+++ b/sys/net80211/ieee80211_radiotap.c
@@ -102,12 +102,12 @@ ieee80211_radiotap_vattach(struct ieee80211vap *vap)
 	struct ieee80211com *ic = vap->iv_ic;
 	struct ieee80211_radiotap_header *th = ic->ic_th;
 
-	KASSERT(th != NULL, ("no radiotap setup"));
-
-	/* radiotap DLT for raw 802.11 frames */
-	bpfattach2(vap->iv_ifp, DLT_IEEE802_11_RADIO,
-	    sizeof(struct ieee80211_frame) + le16toh(th->it_len),
-	    &vap->iv_rawbpf);
+	if (th != NULL && ic->ic_rh != NULL) {
+		/* radiotap DLT for raw 802.11 frames */
+		bpfattach2(vap->iv_ifp, DLT_IEEE802_11_RADIO,
+		    sizeof(struct ieee80211_frame) + le16toh(th->it_len),
+		    &vap->iv_rawbpf);
+	}
 }
 
 void
@@ -193,6 +193,7 @@ dispatch_radiotap(struct ieee80211vap *vap0, struct mbuf *m,
 void
 ieee80211_radiotap_tx(struct ieee80211vap *vap0, struct mbuf *m)
 {
+	KASSERT(vap0->iv_ic->ic_th != NULL, ("no tx radiotap header"));
 	dispatch_radiotap(vap0, m, vap0->iv_ic->ic_th);
 }
 
@@ -202,6 +203,7 @@ ieee80211_radiotap_tx(struct ieee80211vap *vap0, struct mbuf *m)
 void
 ieee80211_radiotap_rx(struct ieee80211vap *vap0, struct mbuf *m)
 {
+	KASSERT(vap0->iv_ic->ic_rh != NULL, ("no rx radiotap header"));
 	dispatch_radiotap(vap0, m, vap0->iv_ic->ic_rh);
 }
 
diff --git a/sys/net80211/ieee80211_sta.c b/sys/net80211/ieee80211_sta.c
index 9a52917..0dee283 100644
--- a/sys/net80211/ieee80211_sta.c
+++ b/sys/net80211/ieee80211_sta.c
@@ -885,7 +885,7 @@ err:
 	ifp->if_ierrors++;
 out:
 	if (m != NULL) {
-		if (need_tap)
+		if (need_tap && ieee80211_radiotap_active_vap(vap))
 			ieee80211_radiotap_rx(vap, m);
 		m_freem(m);
 	}
diff --git a/sys/net80211/ieee80211_wds.c b/sys/net80211/ieee80211_wds.c
index 85ab544..fb2ada9 100644
--- a/sys/net80211/ieee80211_wds.c
+++ b/sys/net80211/ieee80211_wds.c
@@ -797,7 +797,7 @@ err:
 	ifp->if_ierrors++;
 out:
 	if (m != NULL) {
-		if (need_tap)
+		if (need_tap && ieee80211_radiotap_active_vap(vap))
 			ieee80211_radiotap_rx(vap, m);
 		m_freem(m);
 	}