From: Johannes Berg <johannes@sipsolutions.net>
To: John Linville <linville@tuxdriver.com>
Cc: Jiri Benc <jbenc@suse.cz>, Michael Wu <flamingice@sourmilk.net>,
linux-wireless@vger.kernel.org
Subject: [PATCH 16/20] mac80211: ratelimit some RX messages
Date: Wed, 15 Aug 2007 16:49:36 +0200 [thread overview]
Message-ID: <20070815145048.563166000@sipsolutions.net> (raw)
In-Reply-To: 20070815144920.135826000@sipsolutions.net
Many if not all of these messages can be triggered by sending
a few rogue frames which is trivially done and then we overflow
our logs.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
---
net/mac80211/rx.c | 134 ++++++++++++++++++++++++++++++++----------------------
1 file changed, 81 insertions(+), 53 deletions(-)
--- wireless-dev.orig/net/mac80211/rx.c 2007-08-15 14:13:25.946516958 +0200
+++ wireless-dev/net/mac80211/rx.c 2007-08-15 14:13:28.596516958 +0200
@@ -342,13 +342,16 @@ ieee80211_rx_h_load_key(struct ieee80211
if (!rx->key) {
if (!rx->u.rx.ra_match)
return TXRX_DROP;
- printk(KERN_DEBUG "%s: RX WEP frame with "
- "unknown keyidx %d (A1=" MAC_FMT " A2="
- MAC_FMT " A3=" MAC_FMT ")\n",
- rx->dev->name, keyidx,
- MAC_ARG(hdr->addr1),
- MAC_ARG(hdr->addr2),
- MAC_ARG(hdr->addr3));
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: RX WEP frame "
+ "with unknown keyidx %d "
+ "(A1=" MAC_FMT
+ " A2=" MAC_FMT
+ " A3=" MAC_FMT ")\n",
+ rx->dev->name, keyidx,
+ MAC_ARG(hdr->addr1),
+ MAC_ARG(hdr->addr2),
+ MAC_ARG(hdr->addr3));
/*
* TODO: notify userspace about this
* via cfg/nl80211
@@ -528,16 +531,18 @@ ieee80211_rx_h_wep_decrypt(struct ieee80
return TXRX_CONTINUE;
if (!rx->key) {
- printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n",
- rx->dev->name);
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n",
+ rx->dev->name);
return TXRX_DROP;
}
if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED) ||
rx->key->force_sw_encrypt) {
if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) {
- printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
- "failed\n", rx->dev->name);
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
+ "failed\n", rx->dev->name);
return TXRX_DROP;
}
} else if (rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) {
@@ -694,12 +699,15 @@ ieee80211_rx_h_defragment(struct ieee802
}
rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue];
if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) {
- printk(KERN_DEBUG "%s: defrag: CCMP PN not sequential"
- " A2=" MAC_FMT " PN=%02x%02x%02x%02x%02x%02x "
- "(expected %02x%02x%02x%02x%02x%02x)\n",
- rx->dev->name, MAC_ARG(hdr->addr2),
- rpn[0], rpn[1], rpn[2], rpn[3], rpn[4], rpn[5],
- pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]);
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: defrag: CCMP PN not "
+ "sequential A2=" MAC_FMT
+ " PN=%02x%02x%02x%02x%02x%02x "
+ "(expected %02x%02x%02x%02x%02x%02x)\n",
+ rx->dev->name, MAC_ARG(hdr->addr2),
+ rpn[0], rpn[1], rpn[2], rpn[3], rpn[4],
+ rpn[5], pn[0], pn[1], pn[2], pn[3],
+ pn[4], pn[5]);
return TXRX_DROP;
}
memcpy(entry->last_pn, pn, CCMP_PN_LEN);
@@ -877,8 +885,9 @@ ieee80211_rx_h_drop_unencrypted(struct i
(rx->key || rx->sdata->drop_unencrypted) &&
(rx->sdata->eapol == 0 ||
!ieee80211_is_eapol(rx->skb)))) {
- printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
- "encryption\n", rx->dev->name);
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
+ "encryption\n", rx->dev->name);
return TXRX_DROP;
}
return TXRX_CONTINUE;
@@ -969,17 +978,19 @@ ieee80211_rx_h_data_agg(struct ieee80211
* in local net stack and back to the wireless
* media */
skb2 = skb_copy(frame, GFP_ATOMIC);
- if (!skb2)
+ if (!skb2 && net_ratelimit())
printk(KERN_DEBUG "%s: failed to clone"
" multicast frame\n", dev->name);
} else {
struct sta_info *dsta;
dsta = sta_info_get(local, frame->data);
- if (dsta && !dsta->dev)
- printk(KERN_DEBUG "Station with null "
- "dev structure!\n");
- else if (dsta && dsta->dev == dev) {
+ if (dsta && !dsta->dev) {
+ if (net_ratelimit())
+ printk(KERN_DEBUG "Station "
+ "with null dev "
+ "structure!\n");
+ } else if (dsta && dsta->dev == dev) {
/* Destination station is associated
* to this AP, so send the frame
* directly to it and do not pass
@@ -1059,10 +1070,15 @@ ieee80211_rx_h_data(struct ieee80211_txr
if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP &&
sdata->type != IEEE80211_IF_TYPE_VLAN)) {
- printk(KERN_DEBUG "%s: dropped ToDS frame (BSSID="
- MAC_FMT " SA=" MAC_FMT " DA=" MAC_FMT ")\n",
- dev->name, MAC_ARG(hdr->addr1),
- MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3));
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: dropped ToDS frame "
+ "(BSSID=" MAC_FMT
+ " SA=" MAC_FMT
+ " DA=" MAC_FMT ")\n",
+ dev->name,
+ MAC_ARG(hdr->addr1),
+ MAC_ARG(hdr->addr2),
+ MAC_ARG(hdr->addr3));
return TXRX_DROP;
}
break;
@@ -1072,12 +1088,16 @@ ieee80211_rx_h_data(struct ieee80211_txr
memcpy(src, hdr->addr4, ETH_ALEN);
if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) {
- printk(KERN_DEBUG "%s: dropped FromDS&ToDS frame (RA="
- MAC_FMT " TA=" MAC_FMT " DA=" MAC_FMT " SA="
- MAC_FMT ")\n",
- rx->dev->name, MAC_ARG(hdr->addr1),
- MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3),
- MAC_ARG(hdr->addr4));
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: dropped FromDS&ToDS "
+ "frame (RA=" MAC_FMT
+ " TA=" MAC_FMT " DA=" MAC_FMT
+ " SA=" MAC_FMT ")\n",
+ rx->dev->name,
+ MAC_ARG(hdr->addr1),
+ MAC_ARG(hdr->addr2),
+ MAC_ARG(hdr->addr3),
+ MAC_ARG(hdr->addr4));
return TXRX_DROP;
}
break;
@@ -1152,15 +1172,16 @@ ieee80211_rx_h_data(struct ieee80211_txr
/* send multicast frames both to higher layers in
* local net stack and back to the wireless media */
skb2 = skb_copy(skb, GFP_ATOMIC);
- if (!skb2)
+ if (!skb2 && net_ratelimit())
printk(KERN_DEBUG "%s: failed to clone "
"multicast frame\n", dev->name);
} else {
struct sta_info *dsta;
dsta = sta_info_get(local, skb->data);
if (dsta && !dsta->dev) {
- printk(KERN_DEBUG "Station with null dev "
- "structure!\n");
+ if (net_ratelimit())
+ printk(KERN_DEBUG "Station with null "
+ "dev structure!\n");
} else if (dsta && dsta->dev == dev) {
/* Destination station is associated to this
* AP, so send the frame directly to it and
@@ -1272,24 +1293,28 @@ static void ieee80211_rx_michael_mic_rep
/* TODO: verify that this is not triggered by fragmented
* frames (hw does not verify MIC for them). */
- printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
- "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n",
- dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1), keyidx);
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
+ "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n",
+ dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1),
+ keyidx);
if (!sta) {
/* Some hardware versions seem to generate incorrect
* Michael MIC reports; ignore them to avoid triggering
* countermeasures. */
- printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
- "error for unknown address " MAC_FMT "\n",
- dev->name, MAC_ARG(hdr->addr2));
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
+ "error for unknown address " MAC_FMT "\n",
+ dev->name, MAC_ARG(hdr->addr2));
goto ignore;
}
if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) {
- printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
- "error for a frame with no ISWEP flag (src "
- MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2));
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
+ "error for a frame with no ISWEP flag (src "
+ MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2));
goto ignore;
}
@@ -1299,19 +1324,22 @@ static void ieee80211_rx_michael_mic_rep
* MIC errors for non-zero keyidx because these are reserved
* for group keys and only the AP is sending real multicast
* frames in BSS. */
- printk(KERN_DEBUG "%s: ignored Michael MIC error for "
- "a frame with non-zero keyidx (%d) (src " MAC_FMT
- ")\n", dev->name, keyidx, MAC_ARG(hdr->addr2));
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: ignored Michael MIC error for "
+ "a frame with non-zero keyidx (%d) (src "
+ MAC_FMT ")\n", dev->name, keyidx,
+ MAC_ARG(hdr->addr2));
goto ignore;
}
if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
(rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) {
- printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
- "error for a frame that cannot be encrypted "
- "(fc=0x%04x) (src " MAC_FMT ")\n",
- dev->name, rx->fc, MAC_ARG(hdr->addr2));
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
+ "error for a frame that cannot be encrypted "
+ "(fc=0x%04x) (src " MAC_FMT ")\n",
+ dev->name, rx->fc, MAC_ARG(hdr->addr2));
goto ignore;
}
--
next prev parent reply other threads:[~2007-08-15 14:53 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-15 14:49 [PATCH 00/20] reorganised patches Johannes Berg
2007-08-15 14:49 ` [PATCH 01/20] mac80211: fix showing transmitted frames on multiple monitor interfaces Johannes Berg
2007-08-15 14:49 ` [PATCH 02/20] mac80211: remove ieee80211_msg_wep_frame_unknown_key Johannes Berg
2007-08-15 14:49 ` [PATCH 03/20] mac80211: remove radar stuff Johannes Berg
2007-08-15 14:49 ` [PATCH 04/20] cfg80211: extend radiotap parser by all remaining fields Johannes Berg
2007-08-15 14:49 ` [PATCH 05/20] mac80211: remove unused ioctls (1) Johannes Berg
2007-08-18 4:04 ` Jouni Malinen
2007-08-20 9:10 ` Johannes Berg
2007-08-21 3:09 ` Jouni Malinen
2007-08-21 10:14 ` Johannes Berg
2007-08-15 14:49 ` [PATCH 06/20] mac80211: remove PRISM2_PARAM_RADIO_ENABLED Johannes Berg
2007-08-15 14:49 ` [PATCH 07/20] mac80211: remove unused ioctls (2) Johannes Berg
2007-08-18 4:07 ` Jouni Malinen
2007-08-20 9:13 ` Johannes Berg
2007-08-21 3:19 ` Jouni Malinen
2007-08-21 10:12 ` Johannes Berg
2007-08-15 14:49 ` [PATCH 08/20] mac80211: remove unused ioctls (3) Johannes Berg
2007-08-18 4:09 ` Jouni Malinen
2007-08-20 9:15 ` Johannes Berg
2007-08-21 3:13 ` Jouni Malinen
2007-08-15 14:49 ` [PATCH 09/20] mac80211: remove unused ioctls (4) Johannes Berg
2007-08-15 14:49 ` [PATCH 10/20] mac80211: remove unused ioctls (5) Johannes Berg
2007-08-15 14:49 ` [PATCH 11/20] mac80211: remove PRISM2_HOSTAPD_SET_GENERIC_INFO_ELEM Johannes Berg
2007-08-15 14:49 ` [PATCH 12/20] mac80211: fix preamble setting Johannes Berg
2007-08-15 14:49 ` [PATCH 13/20] mac80211: remove scan struct from hostapd_param Johannes Berg
2007-08-15 14:49 ` [PATCH 14/20] mac80211: kill key_mgmt variable, use privacy_enabled Johannes Berg
2007-08-17 1:09 ` Johannes Berg
2007-08-17 11:27 ` [PATCH v2 " Johannes Berg
2007-08-18 3:59 ` [PATCH " Jouni Malinen
2007-08-18 9:03 ` Johannes Berg
2007-08-15 14:49 ` [PATCH 15/20] mac80211: refactor event sending Johannes Berg
2007-08-15 14:49 ` Johannes Berg [this message]
2007-08-15 14:49 ` [PATCH 17/20] mac80211: avoid copying packets to interfaces that are down Johannes Berg
2007-08-16 4:48 ` Michael Wu
2007-08-16 13:14 ` Johannes Berg
2007-08-21 8:50 ` [PATCH 17/20 v2] " Johannes Berg
2007-08-15 14:49 ` [PATCH 18/20] mac80211, drivers: remove reset callback Johannes Berg
2007-08-15 15:00 ` Michael Buesch
2007-08-15 18:10 ` Ivo van Doorn
2007-08-16 13:14 ` Johannes Berg
2007-08-15 14:49 ` [PATCH 19/20] mac80211: remove IEEE80211_HW_HOST_GEN_BEACON flag Johannes Berg
2007-08-15 14:49 ` [PATCH 20/20] mac80211: remove VLAN stuff Johannes Berg
2007-08-16 15:03 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070815145048.563166000@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=flamingice@sourmilk.net \
--cc=jbenc@suse.cz \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.