From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=OQYW7Qk1loe4VxmjvqmBXEt43jhNwME2GZGM1SgtlWU=; b=bOjLPCP8yBR37YaauCVkndWGVAWunS+bI2U9MhQnjNMymYL14GsOrvJyQ0PfG0a7zy KXI5Swhw1GA5NAHmQTYDe/kCTc1XtxUyj9rvNiQ6mUEi8C4Iwv9JeotifB71t4ffi70Q XoVr/b1t/OUWMcAqDryD8WoUQgCgJnPppLE+k= References: <20180314110119.13631-1-zajec5@gmail.com> <878tau7n23.fsf@codeaurora.org> From: Arend van Spriel Message-ID: <5AA93530.5040001@broadcom.com> MIME-Version: 1.0 In-Reply-To: <878tau7n23.fsf@codeaurora.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Bridge] [PATCH] brcmfmac: drop Inter-Access Point Protocol packets by default List-Id: Linux Ethernet Bridging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Wed, 14 Mar 2018 14:44:04 -0000 To: Kalle Valo , =?UTF-8?B?UmFmYcWCIE1pxYJlY2tp?= Cc: James Hughes , brcm80211-dev-list.pdl@broadcom.com, netdev@vger.kernel.org, Chi-Hsien Lin , bridge@lists.linux-foundation.org, linux-wireless@vger.kernel.org, Hante Meuleman , Pieter-Paul Giesberts , Wright Feng , =?UTF-8?B?UmFmYcWCIE1pxYJlY2tp?= , Felix Fietkau , brcm80211-dev-list@cypress.com, Franky Lin On 3/14/2018 3:24 PM, Kalle Valo wrote: >> +config BRCMFMAC_IAPP >> >+ bool "Partial support for obsoleted Inter-Access Point Protocol" >> >+ depends on BRCMFMAC >> >+ ---help--- >> >+ Most of Broadcom's firmwares can send 802.11f ADD frame every >> >+ time new STA connects to the AP interface. Some recent ones >> >+ can also disassociate STA when they receive such a frame. >> >+ >> >+ It's important to understand this behavior can lead to a local >> >+ DoS security issue. Attacker may trigger disassociation of any >> >+ STA by sending a proper Ethernet frame to the wireless >> >+ interface. >> >+ >> >+ Moreover this feature may break AP interfaces in some specific >> >+ setups. This applies e.g. to the bridge with hairpin mode >> >+ enabled and IFLA_BRPORT_MCAST_TO_UCAST set. IAPP packet >> >+ generated by a firmware will get passed back to the wireless >> >+ interface and cause immediate disassociation of just-connected >> >+ STA. > Sorry for jumping late, but does it really make sense to have a Kconfig > option for this? I don't think we should add a Kconfig option for every > strange feature, there should be stronger reasons (size savings etc) > before adding a Kconfig option. > > And in this case the size savings can't be much. Wouldn't a module > parameter be simpler for a functionality change like this? Hi Kalle, Good to be wary about Kconfig option. So my reason for asking a Kconfig option is that this is directly in the datapaths (tx and rx) so I prefer to disable/enable it compile time rather then runtime. Regards, Arend From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-wm0-f48.google.com ([74.125.82.48]:40065 "EHLO mail-wm0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750910AbeCNOoD (ORCPT ); Wed, 14 Mar 2018 10:44:03 -0400 Received: by mail-wm0-f48.google.com with SMTP id t6so4564866wmt.5 for ; Wed, 14 Mar 2018 07:44:03 -0700 (PDT) Subject: Re: [PATCH] brcmfmac: drop Inter-Access Point Protocol packets by default To: Kalle Valo , =?UTF-8?B?UmFmYcWCIE1pxYJlY2tp?= References: <20180314110119.13631-1-zajec5@gmail.com> <878tau7n23.fsf@codeaurora.org> Cc: Franky Lin , Hante Meuleman , Chi-Hsien Lin , Wright Feng , Pieter-Paul Giesberts , James Hughes , linux-wireless@vger.kernel.org, brcm80211-dev-list.pdl@broadcom.com, brcm80211-dev-list@cypress.com, netdev@vger.kernel.org, =?UTF-8?Q?Linus_L=c3=bcssing?= , Felix Fietkau , bridge@lists.linux-foundation.org, =?UTF-8?B?UmFmYcWCIE1pxYJlY2tp?= From: Arend van Spriel Message-ID: <5AA93530.5040001@broadcom.com> (sfid-20180314_154417_255811_7A0ABC59) Date: Wed, 14 Mar 2018 15:44:00 +0100 MIME-Version: 1.0 In-Reply-To: <878tau7n23.fsf@codeaurora.org> Content-Type: text/plain; charset=utf-8; format=flowed Sender: linux-wireless-owner@vger.kernel.org List-ID: On 3/14/2018 3:24 PM, Kalle Valo wrote: >> +config BRCMFMAC_IAPP >> >+ bool "Partial support for obsoleted Inter-Access Point Protocol" >> >+ depends on BRCMFMAC >> >+ ---help--- >> >+ Most of Broadcom's firmwares can send 802.11f ADD frame every >> >+ time new STA connects to the AP interface. Some recent ones >> >+ can also disassociate STA when they receive such a frame. >> >+ >> >+ It's important to understand this behavior can lead to a local >> >+ DoS security issue. Attacker may trigger disassociation of any >> >+ STA by sending a proper Ethernet frame to the wireless >> >+ interface. >> >+ >> >+ Moreover this feature may break AP interfaces in some specific >> >+ setups. This applies e.g. to the bridge with hairpin mode >> >+ enabled and IFLA_BRPORT_MCAST_TO_UCAST set. IAPP packet >> >+ generated by a firmware will get passed back to the wireless >> >+ interface and cause immediate disassociation of just-connected >> >+ STA. > Sorry for jumping late, but does it really make sense to have a Kconfig > option for this? I don't think we should add a Kconfig option for every > strange feature, there should be stronger reasons (size savings etc) > before adding a Kconfig option. > > And in this case the size savings can't be much. Wouldn't a module > parameter be simpler for a functionality change like this? Hi Kalle, Good to be wary about Kconfig option. So my reason for asking a Kconfig option is that this is directly in the datapaths (tx and rx) so I prefer to disable/enable it compile time rather then runtime. Regards, Arend From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arend van Spriel Subject: Re: [PATCH] brcmfmac: drop Inter-Access Point Protocol packets by default Date: Wed, 14 Mar 2018 15:44:00 +0100 Message-ID: <5AA93530.5040001@broadcom.com> References: <20180314110119.13631-1-zajec5@gmail.com> <878tau7n23.fsf@codeaurora.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Franky Lin , Hante Meuleman , Chi-Hsien Lin , Wright Feng , Pieter-Paul Giesberts , James Hughes , linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, brcm80211-dev-list.pdl-dY08KVG/lbpWk0Htik3J/w@public.gmane.org, brcm80211-dev-list-+wT8y+m8/X5BDgjK7y7TUQ@public.gmane.org, netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, =?UTF-8?Q?Linus_L=c3=bcssing?= , Felix Fietkau , bridge-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, =?UTF-8?B?UmFmYcWCIE1pxYJlY2tp?= To: Kalle Valo , =?UTF-8?B?UmFmYcWCIE1pxYJlY2tp?= Return-path: In-Reply-To: <878tau7n23.fsf-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org> Sender: linux-wireless-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: netdev.vger.kernel.org On 3/14/2018 3:24 PM, Kalle Valo wrote: >> +config BRCMFMAC_IAPP >> >+ bool "Partial support for obsoleted Inter-Access Point Protocol" >> >+ depends on BRCMFMAC >> >+ ---help--- >> >+ Most of Broadcom's firmwares can send 802.11f ADD frame every >> >+ time new STA connects to the AP interface. Some recent ones >> >+ can also disassociate STA when they receive such a frame. >> >+ >> >+ It's important to understand this behavior can lead to a local >> >+ DoS security issue. Attacker may trigger disassociation of any >> >+ STA by sending a proper Ethernet frame to the wireless >> >+ interface. >> >+ >> >+ Moreover this feature may break AP interfaces in some specific >> >+ setups. This applies e.g. to the bridge with hairpin mode >> >+ enabled and IFLA_BRPORT_MCAST_TO_UCAST set. IAPP packet >> >+ generated by a firmware will get passed back to the wireless >> >+ interface and cause immediate disassociation of just-connected >> >+ STA. > Sorry for jumping late, but does it really make sense to have a Kconfig > option for this? I don't think we should add a Kconfig option for every > strange feature, there should be stronger reasons (size savings etc) > before adding a Kconfig option. > > And in this case the size savings can't be much. Wouldn't a module > parameter be simpler for a functionality change like this? Hi Kalle, Good to be wary about Kconfig option. So my reason for asking a Kconfig option is that this is directly in the datapaths (tx and rx) so I prefer to disable/enable it compile time rather then runtime. Regards, Arend