summaryrefslogtreecommitdiffstats
path: root/sys/net80211/ieee80211_sta.c
diff options
context:
space:
mode:
authoradrian <adrian@FreeBSD.org>2011-11-08 14:28:33 +0000
committeradrian <adrian@FreeBSD.org>2011-11-08 14:28:33 +0000
commitb49080d51a8f1ef80eae1e90121e7e8e311ebd49 (patch)
treec34edfdf9c48c22a1e5eab1dc3567f85d5d31354 /sys/net80211/ieee80211_sta.c
parent17ae07e6dd6a50b4609582559848105c36e1ce43 (diff)
downloadFreeBSD-src-b49080d51a8f1ef80eae1e90121e7e8e311ebd49.zip
FreeBSD-src-b49080d51a8f1ef80eae1e90121e7e8e311ebd49.tar.gz
Reject frames in STA mode which are not destined to the local STA address.
Some hardware (eg the AR9160 in STA mode) seems to "leak" unicast FROMDS frames which aren't destined to itself. This angers the net80211 stack - the existing code would fail to find an address in the node table and try passing the frame up to each vap BSS. It would then be accepted in the input routine and its contents would update the local crypto and sequence number state. If the sequence number / crypto IV replay counters from the leaked frame were greater than the "real" state, subsequent "real" frames would be rejected due to out of sequence / IV replay conditions. This is also likely helpful if/when multi-STA modes are added to net80211. Sponsored by: Hobnob, Inc.
Diffstat (limited to 'sys/net80211/ieee80211_sta.c')
-rw-r--r--sys/net80211/ieee80211_sta.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/sys/net80211/ieee80211_sta.c b/sys/net80211/ieee80211_sta.c
index db09913..f1656b5 100644
--- a/sys/net80211/ieee80211_sta.c
+++ b/sys/net80211/ieee80211_sta.c
@@ -584,6 +584,30 @@ sta_input(struct ieee80211_node *ni, struct mbuf *m, int rssi, int nf)
vap->iv_stats.is_rx_wrongbss++;
goto out;
}
+
+ /*
+ * Some devices may be in a promiscuous mode
+ * where they receive frames for multiple station
+ * addresses.
+ *
+ * If we receive a data frame that isn't
+ * destined to our VAP MAC, drop it.
+ *
+ * XXX TODO: This is only enforced when not scanning;
+ * XXX it assumes a software-driven scan will put the NIC
+ * XXX into a "no data frames" mode before setting this
+ * XXX flag. Otherwise it may be possible that we'll still
+ * XXX process data frames whilst scanning.
+ */
+ if ((! IEEE80211_IS_MULTICAST(wh->i_addr1))
+ && (! IEEE80211_ADDR_EQ(wh->i_addr1, IF_LLADDR(ifp)))) {
+ IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
+ bssid, NULL, "not to cur sta: lladdr=%6D, addr1=%6D",
+ IF_LLADDR(ifp), ":", wh->i_addr1, ":");
+ vap->iv_stats.is_rx_wrongbss++;
+ goto out;
+ }
+
IEEE80211_RSSI_LPF(ni->ni_avgrssi, rssi);
ni->ni_noise = nf;
if (HAS_SEQ(type) && !IEEE80211_IS_MULTICAST(wh->i_addr1)) {
OpenPOWER on IntegriCloud