From: Johannes Berg <johannes@sipsolutions.net>
To: "John W. Linville" <linville@tuxdriver.com>
Cc: Jiri Benc <jbenc@suse.cz>, Michael Wu <flamingice@sourmilk.net>,
linux-wireless@vger.kernel.org
Subject: [PATCH 13/13] mac80211: ratelimit some RX messages
Date: Tue, 14 Aug 2007 11:20:21 +0200 [thread overview]
Message-ID: <20070814092446.798541000@sipsolutions.net> (raw)
In-Reply-To: 20070814092008.627058000@sipsolutions.net
Many if not all of these messages can be triggered by sending
a few rogue frames which is trivially done and then we overflow
our logs.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
---
net/mac80211/rx.c | 134 ++++++++++++++++++++++++++++++++----------------------
1 file changed, 81 insertions(+), 53 deletions(-)
--- wireless-dev.orig/net/mac80211/rx.c 2007-08-14 00:48:27.605589257 +0200
+++ wireless-dev/net/mac80211/rx.c 2007-08-14 00:58:06.745589257 +0200
@@ -342,13 +342,16 @@ ieee80211_rx_h_load_key(struct ieee80211
if (!rx->key) {
if (!rx->u.rx.ra_match)
return TXRX_DROP;
- printk(KERN_DEBUG "%s: RX WEP frame with "
- "unknown keyidx %d (A1=" MAC_FMT " A2="
- MAC_FMT " A3=" MAC_FMT ")\n",
- rx->dev->name, keyidx,
- MAC_ARG(hdr->addr1),
- MAC_ARG(hdr->addr2),
- MAC_ARG(hdr->addr3));
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: RX WEP frame "
+ "with unknown keyidx %d "
+ "(A1=" MAC_FMT
+ " A2=" MAC_FMT
+ " A3=" MAC_FMT ")\n",
+ rx->dev->name, keyidx,
+ MAC_ARG(hdr->addr1),
+ MAC_ARG(hdr->addr2),
+ MAC_ARG(hdr->addr3));
/*
* TODO: notify userspace about this
* via cfg/nl80211
@@ -528,16 +531,18 @@ ieee80211_rx_h_wep_decrypt(struct ieee80
return TXRX_CONTINUE;
if (!rx->key) {
- printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n",
- rx->dev->name);
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n",
+ rx->dev->name);
return TXRX_DROP;
}
if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED) ||
rx->key->force_sw_encrypt) {
if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) {
- printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
- "failed\n", rx->dev->name);
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
+ "failed\n", rx->dev->name);
return TXRX_DROP;
}
} else if (rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) {
@@ -694,12 +699,15 @@ ieee80211_rx_h_defragment(struct ieee802
}
rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue];
if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) {
- printk(KERN_DEBUG "%s: defrag: CCMP PN not sequential"
- " A2=" MAC_FMT " PN=%02x%02x%02x%02x%02x%02x "
- "(expected %02x%02x%02x%02x%02x%02x)\n",
- rx->dev->name, MAC_ARG(hdr->addr2),
- rpn[0], rpn[1], rpn[2], rpn[3], rpn[4], rpn[5],
- pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]);
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: defrag: CCMP PN not "
+ "sequential A2=" MAC_FMT
+ " PN=%02x%02x%02x%02x%02x%02x "
+ "(expected %02x%02x%02x%02x%02x%02x)\n",
+ rx->dev->name, MAC_ARG(hdr->addr2),
+ rpn[0], rpn[1], rpn[2], rpn[3], rpn[4],
+ rpn[5], pn[0], pn[1], pn[2], pn[3],
+ pn[4], pn[5]);
return TXRX_DROP;
}
memcpy(entry->last_pn, pn, CCMP_PN_LEN);
@@ -870,8 +878,9 @@ ieee80211_rx_h_drop_unencrypted(struct i
(rx->key || rx->sdata->drop_unencrypted) &&
(rx->sdata->eapol == 0 ||
!ieee80211_is_eapol(rx->skb)))) {
- printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
- "encryption\n", rx->dev->name);
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
+ "encryption\n", rx->dev->name);
return TXRX_DROP;
}
return TXRX_CONTINUE;
@@ -962,17 +971,19 @@ ieee80211_rx_h_data_agg(struct ieee80211
* in local net stack and back to the wireless
* media */
skb2 = skb_copy(frame, GFP_ATOMIC);
- if (!skb2)
+ if (!skb2 && net_ratelimit())
printk(KERN_DEBUG "%s: failed to clone"
" multicast frame\n", dev->name);
} else {
struct sta_info *dsta;
dsta = sta_info_get(local, frame->data);
- if (dsta && !dsta->dev)
- printk(KERN_DEBUG "Station with null "
- "dev structure!\n");
- else if (dsta && dsta->dev == dev) {
+ if (dsta && !dsta->dev) {
+ if (net_ratelimit())
+ printk(KERN_DEBUG "Station "
+ "with null dev "
+ "structure!\n");
+ } else if (dsta && dsta->dev == dev) {
/* Destination station is associated
* to this AP, so send the frame
* directly to it and do not pass
@@ -1052,10 +1063,15 @@ ieee80211_rx_h_data(struct ieee80211_txr
if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP &&
sdata->type != IEEE80211_IF_TYPE_VLAN)) {
- printk(KERN_DEBUG "%s: dropped ToDS frame (BSSID="
- MAC_FMT " SA=" MAC_FMT " DA=" MAC_FMT ")\n",
- dev->name, MAC_ARG(hdr->addr1),
- MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3));
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: dropped ToDS frame "
+ "(BSSID=" MAC_FMT
+ " SA=" MAC_FMT
+ " DA=" MAC_FMT ")\n",
+ dev->name,
+ MAC_ARG(hdr->addr1),
+ MAC_ARG(hdr->addr2),
+ MAC_ARG(hdr->addr3));
return TXRX_DROP;
}
break;
@@ -1065,12 +1081,16 @@ ieee80211_rx_h_data(struct ieee80211_txr
memcpy(src, hdr->addr4, ETH_ALEN);
if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) {
- printk(KERN_DEBUG "%s: dropped FromDS&ToDS frame (RA="
- MAC_FMT " TA=" MAC_FMT " DA=" MAC_FMT " SA="
- MAC_FMT ")\n",
- rx->dev->name, MAC_ARG(hdr->addr1),
- MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3),
- MAC_ARG(hdr->addr4));
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: dropped FromDS&ToDS "
+ "frame (RA=" MAC_FMT
+ " TA=" MAC_FMT " DA=" MAC_FMT
+ " SA=" MAC_FMT ")\n",
+ rx->dev->name,
+ MAC_ARG(hdr->addr1),
+ MAC_ARG(hdr->addr2),
+ MAC_ARG(hdr->addr3),
+ MAC_ARG(hdr->addr4));
return TXRX_DROP;
}
break;
@@ -1145,15 +1165,16 @@ ieee80211_rx_h_data(struct ieee80211_txr
/* send multicast frames both to higher layers in
* local net stack and back to the wireless media */
skb2 = skb_copy(skb, GFP_ATOMIC);
- if (!skb2)
+ if (!skb2 && net_ratelimit())
printk(KERN_DEBUG "%s: failed to clone "
"multicast frame\n", dev->name);
} else {
struct sta_info *dsta;
dsta = sta_info_get(local, skb->data);
if (dsta && !dsta->dev) {
- printk(KERN_DEBUG "Station with null dev "
- "structure!\n");
+ if (net_ratelimit())
+ printk(KERN_DEBUG "Station with null "
+ "dev structure!\n");
} else if (dsta && dsta->dev == dev) {
/* Destination station is associated to this
* AP, so send the frame directly to it and
@@ -1261,24 +1282,28 @@ static void ieee80211_rx_michael_mic_rep
/* TODO: verify that this is not triggered by fragmented
* frames (hw does not verify MIC for them). */
- printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
- "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n",
- dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1), keyidx);
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
+ "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n",
+ dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1),
+ keyidx);
if (!sta) {
/* Some hardware versions seem to generate incorrect
* Michael MIC reports; ignore them to avoid triggering
* countermeasures. */
- printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
- "error for unknown address " MAC_FMT "\n",
- dev->name, MAC_ARG(hdr->addr2));
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
+ "error for unknown address " MAC_FMT "\n",
+ dev->name, MAC_ARG(hdr->addr2));
goto ignore;
}
if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) {
- printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
- "error for a frame with no ISWEP flag (src "
- MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2));
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
+ "error for a frame with no ISWEP flag (src "
+ MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2));
goto ignore;
}
@@ -1288,19 +1313,22 @@ static void ieee80211_rx_michael_mic_rep
* MIC errors for non-zero keyidx because these are reserved
* for group keys and only the AP is sending real multicast
* frames in BSS. */
- printk(KERN_DEBUG "%s: ignored Michael MIC error for "
- "a frame with non-zero keyidx (%d) (src " MAC_FMT
- ")\n", dev->name, keyidx, MAC_ARG(hdr->addr2));
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: ignored Michael MIC error for "
+ "a frame with non-zero keyidx (%d) (src "
+ MAC_FMT ")\n", dev->name, keyidx,
+ MAC_ARG(hdr->addr2));
goto ignore;
}
if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
(rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) {
- printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
- "error for a frame that cannot be encrypted "
- "(fc=0x%04x) (src " MAC_FMT ")\n",
- dev->name, rx->fc, MAC_ARG(hdr->addr2));
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
+ "error for a frame that cannot be encrypted "
+ "(fc=0x%04x) (src " MAC_FMT ")\n",
+ dev->name, rx->fc, MAC_ARG(hdr->addr2));
goto ignore;
}
--
prev parent reply other threads:[~2007-08-14 11:49 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-14 9:20 [PATCH 00/13] mac80211 cleanups Johannes Berg
2007-08-14 9:20 ` [PATCH 01/13] mac80211: remove unused ioctls (1) Johannes Berg
2007-08-14 9:20 ` [PATCH 02/13] mac80211: remove PRISM2_PARAM_RADIO_ENABLED Johannes Berg
2007-08-14 9:20 ` [PATCH 03/13] mac80211: remove unused ioctls (2) Johannes Berg
2007-08-14 9:20 ` [PATCH 04/13] mac80211: remove unused ioctls (3) Johannes Berg
2007-08-14 9:20 ` [PATCH 05/13] mac80211: remove unused ioctls (4) Johannes Berg
2007-08-14 9:20 ` [PATCH 06/13] mac80211: remove unused ioctls (5) Johannes Berg
2007-08-14 9:20 ` [PATCH 07/13] mac80211: remove PRISM2_HOSTAPD_SET_GENERIC_INFO_ELEM Johannes Berg
2007-08-14 9:20 ` [PATCH 08/13] mac80211: fix preamble setting Johannes Berg
2007-08-14 9:20 ` [PATCH 09/13] mac80211: remove scan struct from hostapd_param Johannes Berg
2007-08-14 9:20 ` [PATCH 10/13] mac80211: kill key_mgmt variable, use privacy_enabled Johannes Berg
2007-08-14 9:20 ` [PATCH 11/13] mac80211: remove PRISM2_HOSTAPD_{ADD,REMOVE}_IF Johannes Berg
2007-08-14 9:20 ` [PATCH 12/13] mac80211: remove PRISM2_PARAM_NEXT_MODE Johannes Berg
2007-08-14 9:20 ` Johannes Berg [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070814092446.798541000@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=flamingice@sourmilk.net \
--cc=jbenc@suse.cz \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.