diff options
| author | adrian <adrian@FreeBSD.org> | 2011-11-08 14:28:33 +0000 |
|---|---|---|
| committer | adrian <adrian@FreeBSD.org> | 2011-11-08 14:28:33 +0000 |
| commit | b49080d51a8f1ef80eae1e90121e7e8e311ebd49 (patch) | |
| tree | c34edfdf9c48c22a1e5eab1dc3567f85d5d31354 /sys/net80211/ieee80211_sta.c | |
| parent | 17ae07e6dd6a50b4609582559848105c36e1ce43 (diff) | |
| download | FreeBSD-src-b49080d51a8f1ef80eae1e90121e7e8e311ebd49.zip FreeBSD-src-b49080d51a8f1ef80eae1e90121e7e8e311ebd49.tar.gz | |
Reject frames in STA mode which are not destined to the local STA address.
Some hardware (eg the AR9160 in STA mode) seems to "leak" unicast FROMDS
frames which aren't destined to itself. This angers the net80211 stack -
the existing code would fail to find an address in the node table and try
passing the frame up to each vap BSS. It would then be accepted in the
input routine and its contents would update the local crypto and sequence
number state.
If the sequence number / crypto IV replay counters from the leaked frame
were greater than the "real" state, subsequent "real" frames would be
rejected due to out of sequence / IV replay conditions.
This is also likely helpful if/when multi-STA modes are added to net80211.
Sponsored by: Hobnob, Inc.
Diffstat (limited to 'sys/net80211/ieee80211_sta.c')
| -rw-r--r-- | sys/net80211/ieee80211_sta.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/sys/net80211/ieee80211_sta.c b/sys/net80211/ieee80211_sta.c index db09913..f1656b5 100644 --- a/sys/net80211/ieee80211_sta.c +++ b/sys/net80211/ieee80211_sta.c @@ -584,6 +584,30 @@ sta_input(struct ieee80211_node *ni, struct mbuf *m, int rssi, int nf) vap->iv_stats.is_rx_wrongbss++; goto out; } + + /* + * Some devices may be in a promiscuous mode + * where they receive frames for multiple station + * addresses. + * + * If we receive a data frame that isn't + * destined to our VAP MAC, drop it. + * + * XXX TODO: This is only enforced when not scanning; + * XXX it assumes a software-driven scan will put the NIC + * XXX into a "no data frames" mode before setting this + * XXX flag. Otherwise it may be possible that we'll still + * XXX process data frames whilst scanning. + */ + if ((! IEEE80211_IS_MULTICAST(wh->i_addr1)) + && (! IEEE80211_ADDR_EQ(wh->i_addr1, IF_LLADDR(ifp)))) { + IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT, + bssid, NULL, "not to cur sta: lladdr=%6D, addr1=%6D", + IF_LLADDR(ifp), ":", wh->i_addr1, ":"); + vap->iv_stats.is_rx_wrongbss++; + goto out; + } + IEEE80211_RSSI_LPF(ni->ni_avgrssi, rssi); ni->ni_noise = nf; if (HAS_SEQ(type) && !IEEE80211_IS_MULTICAST(wh->i_addr1)) { |
