From: Arend van Spriel <arend.vanspriel@broadcom.com>
To: "Rafał Miłecki" <zajec5@gmail.com>, "Kalle Valo" <kvalo@codeaurora.org>
Cc: "James Hughes" <james.hughes@raspberrypi.org>,
brcm80211-dev-list.pdl@broadcom.com, netdev@vger.kernel.org,
"Chi-Hsien Lin" <chi-hsien.lin@cypress.com>,
bridge@lists.linux-foundation.org,
linux-wireless@vger.kernel.org,
"Hante Meuleman" <hante.meuleman@broadcom.com>,
"Pieter-Paul Giesberts" <pieter-paul.giesberts@broadcom.com>,
"Wright Feng" <wright.feng@cypress.com>,
"Rafał Miłecki" <rafal@milecki.pl>,
"Felix Fietkau" <nbd@nbd.name>,
brcm80211-dev-list@cypress.com,
"Franky Lin" <franky.lin@broadcom.com>
Subject: Re: [Bridge] [PATCH V2] brcmfmac: drop Inter-Access Point Protocol packets by default
Date: Thu, 15 Mar 2018 08:36:35 -0000 [thread overview]
Message-ID: <5AAA308D.4090100@broadcom.com> (raw)
In-Reply-To: <20180315072909.1512-1-zajec5@gmail.com>
On 3/15/2018 8:29 AM, Rafał Miłecki wrote:
> From: Rafał Miłecki <rafal@milecki.pl>
>
> Testing brcmfmac with more recent firmwares resulted in AP interfaces
> not working in some specific setups. Debugging resulted in discovering
> support for IAPP in Broadcom's firmwares.
>
> Older firmwares were only generating 802.11f frames. Newer ones like:
> 1) 10.10 (TOB) (r663589)
> 2) 10.10.122.20 (r683106)
> for 4366b1 and 4366c0 respectively seem to also /respect/ 802.11f frames
> in the Tx path by performing a STA disassociation.
>
> This obsoleted standard and its implementation is something that:
> 1) Most people don't need / want to use
> 2) Can allow local DoS attacks
> 3) Breaks AP interfaces in some specific bridge setups
>
> To solve issues it can cause this commit modifies brcmfmac to drop IAPP
> packets. If affects:
> 1) Rx path: driver won't be sending these unwanted packets up.
> 2) Tx path: driver will reject packets that would trigger STA
> disassociation perfromed by a firmware (possible local DoS attack).
>
> It appears there are some Broadcom's clients/users who care about this
> feature despite the drawbacks. They can switch it on using a new module
> param.
>
> This change results in only two more comparisons (check for module param
> and check for Ethernet packet length) for 99.9% of packets. Its overhead
> should be very minimal.
Hi Rafał,
Thanks for this patch.
Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
> Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
> ---
> .../wireless/broadcom/brcm80211/brcmfmac/common.c | 5 ++
> .../wireless/broadcom/brcm80211/brcmfmac/common.h | 1 +
> .../wireless/broadcom/brcm80211/brcmfmac/core.c | 57 ++++++++++++++++++++++
> 3 files changed, 63 insertions(+)
WARNING: multiple messages have this Message-ID (diff)
From: Arend van Spriel <arend.vanspriel@broadcom.com>
To: "Rafał Miłecki" <zajec5@gmail.com>, "Kalle Valo" <kvalo@codeaurora.org>
Cc: "Franky Lin" <franky.lin@broadcom.com>,
"Hante Meuleman" <hante.meuleman@broadcom.com>,
"Chi-Hsien Lin" <chi-hsien.lin@cypress.com>,
"Wright Feng" <wright.feng@cypress.com>,
"Pieter-Paul Giesberts" <pieter-paul.giesberts@broadcom.com>,
"James Hughes" <james.hughes@raspberrypi.org>,
linux-wireless@vger.kernel.org,
brcm80211-dev-list.pdl@broadcom.com,
brcm80211-dev-list@cypress.com, netdev@vger.kernel.org,
"Linus Lüssing" <linus.luessing@c0d3.blue>,
"Felix Fietkau" <nbd@nbd.name>,
bridge@lists.linux-foundation.org,
"Rafał Miłecki" <rafal@milecki.pl>
Subject: Re: [PATCH V2] brcmfmac: drop Inter-Access Point Protocol packets by default
Date: Thu, 15 Mar 2018 09:36:29 +0100 [thread overview]
Message-ID: <5AAA308D.4090100@broadcom.com> (raw)
In-Reply-To: <20180315072909.1512-1-zajec5@gmail.com>
On 3/15/2018 8:29 AM, Rafał Miłecki wrote:
> From: Rafał Miłecki <rafal@milecki.pl>
>
> Testing brcmfmac with more recent firmwares resulted in AP interfaces
> not working in some specific setups. Debugging resulted in discovering
> support for IAPP in Broadcom's firmwares.
>
> Older firmwares were only generating 802.11f frames. Newer ones like:
> 1) 10.10 (TOB) (r663589)
> 2) 10.10.122.20 (r683106)
> for 4366b1 and 4366c0 respectively seem to also /respect/ 802.11f frames
> in the Tx path by performing a STA disassociation.
>
> This obsoleted standard and its implementation is something that:
> 1) Most people don't need / want to use
> 2) Can allow local DoS attacks
> 3) Breaks AP interfaces in some specific bridge setups
>
> To solve issues it can cause this commit modifies brcmfmac to drop IAPP
> packets. If affects:
> 1) Rx path: driver won't be sending these unwanted packets up.
> 2) Tx path: driver will reject packets that would trigger STA
> disassociation perfromed by a firmware (possible local DoS attack).
>
> It appears there are some Broadcom's clients/users who care about this
> feature despite the drawbacks. They can switch it on using a new module
> param.
>
> This change results in only two more comparisons (check for module param
> and check for Ethernet packet length) for 99.9% of packets. Its overhead
> should be very minimal.
Hi Rafał,
Thanks for this patch.
Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
> Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
> ---
> .../wireless/broadcom/brcm80211/brcmfmac/common.c | 5 ++
> .../wireless/broadcom/brcm80211/brcmfmac/common.h | 1 +
> .../wireless/broadcom/brcm80211/brcmfmac/core.c | 57 ++++++++++++++++++++++
> 3 files changed, 63 insertions(+)
WARNING: multiple messages have this Message-ID (diff)
From: Arend van Spriel <arend.vanspriel-dY08KVG/lbpWk0Htik3J/w@public.gmane.org>
To: "Rafał Miłecki" <zajec5-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
"Kalle Valo" <kvalo-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
Cc: "Franky Lin" <franky.lin-dY08KVG/lbpWk0Htik3J/w@public.gmane.org>,
"Hante Meuleman"
<hante.meuleman-dY08KVG/lbpWk0Htik3J/w@public.gmane.org>,
"Chi-Hsien Lin"
<chi-hsien.lin-+wT8y+m8/X5BDgjK7y7TUQ@public.gmane.org>,
"Wright Feng"
<wright.feng-+wT8y+m8/X5BDgjK7y7TUQ@public.gmane.org>,
"Pieter-Paul Giesberts"
<pieter-paul.giesberts-dY08KVG/lbpWk0Htik3J/w@public.gmane.org>,
"James Hughes"
<james.hughes-FnsA7b+Nu9XbIbC87yuRow@public.gmane.org>,
linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
brcm80211-dev-list.pdl-dY08KVG/lbpWk0Htik3J/w@public.gmane.org,
brcm80211-dev-list-+wT8y+m8/X5BDgjK7y7TUQ@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
"Linus Lüssing"
<linus.luessing-djzkFPsfvsizQB+pC5nmwQ@public.gmane.org>,
"Felix Fietkau" <nbd-Vt+b4OUoWG0@public.gmane.org>,
bridge-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
"Rafał Miłecki" <rafal-g1n6cQUeyibVItvQsEIGlw@public.gmane.org>
Subject: Re: [PATCH V2] brcmfmac: drop Inter-Access Point Protocol packets by default
Date: Thu, 15 Mar 2018 09:36:29 +0100 [thread overview]
Message-ID: <5AAA308D.4090100@broadcom.com> (raw)
In-Reply-To: <20180315072909.1512-1-zajec5-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
On 3/15/2018 8:29 AM, Rafał Miłecki wrote:
> From: Rafał Miłecki <rafal-g1n6cQUeyibVItvQsEIGlw@public.gmane.org>
>
> Testing brcmfmac with more recent firmwares resulted in AP interfaces
> not working in some specific setups. Debugging resulted in discovering
> support for IAPP in Broadcom's firmwares.
>
> Older firmwares were only generating 802.11f frames. Newer ones like:
> 1) 10.10 (TOB) (r663589)
> 2) 10.10.122.20 (r683106)
> for 4366b1 and 4366c0 respectively seem to also /respect/ 802.11f frames
> in the Tx path by performing a STA disassociation.
>
> This obsoleted standard and its implementation is something that:
> 1) Most people don't need / want to use
> 2) Can allow local DoS attacks
> 3) Breaks AP interfaces in some specific bridge setups
>
> To solve issues it can cause this commit modifies brcmfmac to drop IAPP
> packets. If affects:
> 1) Rx path: driver won't be sending these unwanted packets up.
> 2) Tx path: driver will reject packets that would trigger STA
> disassociation perfromed by a firmware (possible local DoS attack).
>
> It appears there are some Broadcom's clients/users who care about this
> feature despite the drawbacks. They can switch it on using a new module
> param.
>
> This change results in only two more comparisons (check for module param
> and check for Ethernet packet length) for 99.9% of packets. Its overhead
> should be very minimal.
Hi Rafał,
Thanks for this patch.
Acked-by: Arend van Spriel <arend.vanspriel-dY08KVG/lbpWk0Htik3J/w@public.gmane.org>
> Signed-off-by: Rafał Miłecki <rafal-g1n6cQUeyibVItvQsEIGlw@public.gmane.org>
> ---
> .../wireless/broadcom/brcm80211/brcmfmac/common.c | 5 ++
> .../wireless/broadcom/brcm80211/brcmfmac/common.h | 1 +
> .../wireless/broadcom/brcm80211/brcmfmac/core.c | 57 ++++++++++++++++++++++
> 3 files changed, 63 insertions(+)
next prev parent reply other threads:[~2018-03-15 8:36 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-15 7:29 [PATCH V2] brcmfmac: drop Inter-Access Point Protocol packets by default Rafał Miłecki
2018-03-15 7:30 ` [Bridge] " Rafał Miłecki
2018-03-15 7:29 ` Rafał Miłecki
2018-03-15 7:34 ` Rafał Miłecki
2018-03-15 7:34 ` [Bridge] " Rafał Miłecki
2018-03-15 7:34 ` Rafał Miłecki
2018-03-15 8:36 ` Arend van Spriel [this message]
2018-03-15 8:36 ` [Bridge] " Arend van Spriel
2018-03-15 8:36 ` Arend van Spriel
2018-03-16 13:01 ` [V2] " Kalle Valo
2018-03-16 13:01 ` [Bridge] " Kalle Valo
2018-03-16 13:01 ` Kalle Valo
2018-03-16 13:01 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5AAA308D.4090100@broadcom.com \
--to=arend.vanspriel@broadcom.com \
--cc=brcm80211-dev-list.pdl@broadcom.com \
--cc=brcm80211-dev-list@cypress.com \
--cc=bridge@lists.linux-foundation.org \
--cc=chi-hsien.lin@cypress.com \
--cc=franky.lin@broadcom.com \
--cc=hante.meuleman@broadcom.com \
--cc=james.hughes@raspberrypi.org \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
--cc=nbd@nbd.name \
--cc=netdev@vger.kernel.org \
--cc=pieter-paul.giesberts@broadcom.com \
--cc=rafal@milecki.pl \
--cc=wright.feng@cypress.com \
--cc=zajec5@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.