[ath9k-devel] [BUG] ath9k truncated management packets from TKIP connected stations

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Felix Fietkau <nbd@openwrt.org>
To: ath9k-devel@lists.ath9k.org
Subject: [ath9k-devel] [BUG] ath9k truncated management packets from TKIP connected stations
Date: Tue, 16 Aug 2011 15:52:20 -0700	[thread overview]
Message-ID: <4E4AF4A4.9090404@openwrt.org> (raw)
In-Reply-To: <CAFKp-_frLkDEeF3t=-_hXAig-vQebwnouYHqRCv9YCTXDa_LgQ@mail.gmail.com>

On 2011-08-16 2:31 PM, Bill Jordan wrote:
> I'm not quite sure what the correct fix is for this.
>
> Ath9k in AP mode with a TKIP security: If a connected station sends a
> management packet, the packet is truncated by 8 bytes before being
> delivered to hostapd. This prevents the station from reauthenticating
> or connecting to a different SSID on the same radio.
>
> In ath9k_rx_accept, for management packets, strip_mic will be true,
> and RX_FLAG_MMIC_STRIPPED will be set in rxs->flag. In
> ath9k_rx_skb_postprocess, if ah->sw_mgmt_crypto is set,
> RX_FLAG_DECRYPTED will be cleared. However, RX_FLAG_MMIC_STRIPPED will
> still be set, so, in ath_rx_tasklet, 8 bytes will be trimmed off the
> end of the skb.
>
> I'm thinking that in ath9k_rx_accept, is_valid_tkip  should also
> consider ieee80211_is_mgmt(fc). But this wouldn't take into
> consideration ah->sw_mgmt_crypto.
>
> Alternatively, RX_FLAG_MMIC_STRIPPED could be cleared in
> ath9k_rx_skb_postprocess when RX_FLAG_DECRYPTED is cleared.
>
> I'm looking for input from someone who understands this code better.
We should probably just keep strip_mic set to false for mgmt frames.

- Felix

WARNING: multiple messages have this Message-ID (diff)

From: Felix Fietkau <nbd@openwrt.org>
To: Bill Jordan <bjordan@rajant.com>
Cc: ath9k-devel@lists.ath9k.org, linux-wireless@vger.kernel.org
Subject: Re: [BUG] ath9k truncated management packets from TKIP connected stations
Date: Tue, 16 Aug 2011 15:52:20 -0700	[thread overview]
Message-ID: <4E4AF4A4.9090404@openwrt.org> (raw)
In-Reply-To: <CAFKp-_frLkDEeF3t=-_hXAig-vQebwnouYHqRCv9YCTXDa_LgQ@mail.gmail.com>

On 2011-08-16 2:31 PM, Bill Jordan wrote:
> I'm not quite sure what the correct fix is for this.
>
> Ath9k in AP mode with a TKIP security: If a connected station sends a
> management packet, the packet is truncated by 8 bytes before being
> delivered to hostapd. This prevents the station from reauthenticating
> or connecting to a different SSID on the same radio.
>
> In ath9k_rx_accept, for management packets, strip_mic will be true,
> and RX_FLAG_MMIC_STRIPPED will be set in rxs->flag. In
> ath9k_rx_skb_postprocess, if ah->sw_mgmt_crypto is set,
> RX_FLAG_DECRYPTED will be cleared. However, RX_FLAG_MMIC_STRIPPED will
> still be set, so, in ath_rx_tasklet, 8 bytes will be trimmed off the
> end of the skb.
>
> I'm thinking that in ath9k_rx_accept, is_valid_tkip  should also
> consider ieee80211_is_mgmt(fc). But this wouldn't take into
> consideration ah->sw_mgmt_crypto.
>
> Alternatively, RX_FLAG_MMIC_STRIPPED could be cleared in
> ath9k_rx_skb_postprocess when RX_FLAG_DECRYPTED is cleared.
>
> I'm looking for input from someone who understands this code better.
We should probably just keep strip_mic set to false for mgmt frames.

- Felix

next prev parent reply	other threads:[~2011-08-16 22:52 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-08-16 21:31 [ath9k-devel] [BUG] ath9k truncated management packets from TKIP connected stations Bill Jordan
2011-08-16 21:31 ` Bill Jordan
2011-08-16 22:52 ` Felix Fietkau [this message]
2011-08-16 22:52   ` Felix Fietkau
2011-08-17 20:06   ` [ath9k-devel] [PATCH] ath9k: fix MGMT packets when using TKIP Bill Jordan
2011-08-17 20:06     ` Bill Jordan
2011-08-18  0:52     ` [ath9k-devel] " Felix Fietkau
2011-08-18  0:52       ` Felix Fietkau
2011-08-19 15:10       ` [ath9k-devel] " Bill Jordan
2011-08-19 15:10         ` Bill Jordan
2011-08-22  8:11         ` [ath9k-devel] " Kalle Valo
2011-08-22  8:11           ` Kalle Valo
2011-08-23 21:59           ` [ath9k-devel] " Bill Jordan
2011-08-23 21:59             ` Bill Jordan
2011-08-23 22:14             ` [ath9k-devel] " Christian Lamparter
2011-08-23 22:14               ` Christian Lamparter
2011-08-24  3:12               ` [ath9k-devel] " Senthilkumar Balasubramanian

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4E4AF4A4.9090404@openwrt.org \
    --to=nbd@openwrt.org \
    --cc=ath9k-devel@lists.ath9k.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.