From: Arend van Spriel <arend.vanspriel@broadcom.com>
To: "Rafał Miłecki" <zajec5@gmail.com>, "Kalle Valo" <kvalo@codeaurora.org>
Cc: "Franky Lin" <franky.lin@broadcom.com>,
"Hante Meuleman" <hante.meuleman@broadcom.com>,
"Chi-Hsien Lin" <chi-hsien.lin@cypress.com>,
"Wright Feng" <wright.feng@cypress.com>,
"Pieter-Paul Giesberts" <pieter-paul.giesberts@broadcom.com>,
linux-wireless@vger.kernel.org,
brcm80211-dev-list.pdl@broadcom.com,
brcm80211-dev-list@cypress.com,
"Rafał Miłecki" <rafal@milecki.pl>
Subject: Re: [PATCH] brcmfmac: detect & reject faked packet generated by a firmware
Date: Tue, 30 Jan 2018 12:47:42 +0100 [thread overview]
Message-ID: <5A705B5E.5070906@broadcom.com> (raw)
In-Reply-To: <20180130090922.30346-1-zajec5@gmail.com>
On 1/30/2018 10:09 AM, Rafał Miłecki wrote:
> From: Rafał Miłecki <rafal@milecki.pl>
>
> When using 4366b1 and 4366c0 chipsets with more recent firmwares
> 1) 10.10 (TOB) (r663589)
> 2) 10.10.122.20 (r683106)
> respectively, it is impossible to use brcmfmac with interface in AP
> mode. With the AP interface bridged and multicast used, no STA will be
> able to associate; the STA will be immediately disassociated when
> attempting to associate.
>
> Debugging revealed this to be caused by a "faked" packet (generated by
> firmware), that is passed to the networking subsystem and then back to
> the firmware. Fortunately this packet is easily identified and can be
> detected and ignored as a workaround for misbehaving firmware.
I am actually wondering what this packet is. Have you checked in
brcmf_msgbuf_process_rx_complete(). I am curious what buflen is there
and what eth_type_trans() will do to the packet, ie. what protocol. As
everything should be 802.3 we could/should add a length check of 14 bytes.
Regards,
Arend
> Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
> ---
> .../wireless/broadcom/brcm80211/brcmfmac/core.c | 46 ++++++++++++++++++++++
> 1 file changed, 46 insertions(+)
next prev parent reply other threads:[~2018-01-30 11:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-30 9:09 [PATCH] brcmfmac: detect & reject faked packet generated by a firmware Rafał Miłecki
2018-01-30 11:30 ` Arend van Spriel
2018-01-31 13:11 ` Rafał Miłecki
2018-01-31 14:00 ` Arend van Spriel
2018-01-30 11:47 ` Arend van Spriel [this message]
2018-01-31 13:14 ` Rafał Miłecki
2018-01-31 14:19 ` Arend van Spriel
2018-01-31 16:14 ` Hante Meuleman
2018-01-31 18:02 ` Arend van Spriel
2018-02-01 10:42 ` Rafał Miłecki
2018-02-01 11:04 ` Arend van Spriel
2018-02-01 11:16 ` Rafał Miłecki
2018-02-01 11:48 ` Rafał Miłecki
2018-02-01 12:23 ` Arend van Spriel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5A705B5E.5070906@broadcom.com \
--to=arend.vanspriel@broadcom.com \
--cc=brcm80211-dev-list.pdl@broadcom.com \
--cc=brcm80211-dev-list@cypress.com \
--cc=chi-hsien.lin@cypress.com \
--cc=franky.lin@broadcom.com \
--cc=hante.meuleman@broadcom.com \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
--cc=pieter-paul.giesberts@broadcom.com \
--cc=rafal@milecki.pl \
--cc=wright.feng@cypress.com \
--cc=zajec5@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.