Add WPA-None support:

* WPA-None requires ap_scan=2:
  The major difference between ap_scan=1 (default) and 2 is, that no
  IEEE80211_IOC_SCAN* ioctls/functions are called, though, there is a
  dependency on those. For example the call to wpa_driver_bsd_scan()
  sets the interface UP, this never happens, therefore the interface
  must be marked up in wpa_driver_bsd_associate(). IEEE80211_IOC_SSID
  also is not called, which means that the SSID has not been set prior
  to the IEEE80211_MLME_ASSOC call.
* WPA-None has no support for sequence number updates, it doesn't make
  sense to check for replay violations..
* I had some crashes right after the switch to RUN state, issue is
  that sc->sc_lastrs was not yet defined.

Approved by:	rpaulo (mentor)
MFC after:	3 weeks

1 files changed, 8 insertions, 1 deletions

diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c
index 6e1fda1..0f17c17 100644
--- a/sys/net80211/ieee80211_crypto_tkip.c
+++ b/sys/net80211/ieee80211_crypto_tkip.c
@@ -281,7 +281,14 @@ tkip_decap(struct ieee80211_key *k, struct mbuf *m, int hdrlen)
 
 	tid = ieee80211_gettid(wh);
 	ctx->rx_rsc = READ_6(ivp[2], ivp[0], ivp[4], ivp[5], ivp[6], ivp[7]);
-	if (ctx->rx_rsc <= k->wk_keyrsc[tid]) {
+	/*
+	 * NB: Multiple stations are using the same key in
+	 * IBSS mode, there is currently no way to sync keyrsc
+	 * counters without discarding too many frames.
+	 */
+	if (vap->iv_opmode != IEEE80211_M_IBSS &&
+	    vap->iv_opmode != IEEE80211_M_AHDEMO &&
+	    ctx->rx_rsc <= k->wk_keyrsc[tid]) {
 		/*
 		 * Replay violation; notify upper layer.
 		 */