From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=7/lSj80AZ7Wx9+YDtI3Yw9P+JQm9uS4iU8L9RQ8qOXA=; b=NABCiouhOLpESGbGc10Xi9UXGmYaoaYhifitdmNjNC2nm909UVw/bQpVneYsC1DqhY DO95RjiK+ClvqcWrpDcjGSo05D/hZZSJdRF240Q+WvzQj0LtURiONopnwUKEXACmIMlh dylMVv02gv98A2kN6AAG7ZYiybr2IzD3l0gqg= References: <20180315072909.1512-1-zajec5@gmail.com> From: Arend van Spriel Message-ID: <5AAA308D.4090100@broadcom.com> MIME-Version: 1.0 In-Reply-To: <20180315072909.1512-1-zajec5@gmail.com> Content-Type: text/plain; charset="utf-8"; format="flowed" Content-Transfer-Encoding: 8bit Subject: Re: [Bridge] [PATCH V2] brcmfmac: drop Inter-Access Point Protocol packets by default List-Id: Linux Ethernet Bridging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 15 Mar 2018 08:36:35 -0000 To: =?UTF-8?B?UmFmYcWCIE1pxYJlY2tp?= , Kalle Valo Cc: James Hughes , brcm80211-dev-list.pdl@broadcom.com, netdev@vger.kernel.org, Chi-Hsien Lin , bridge@lists.linux-foundation.org, linux-wireless@vger.kernel.org, Hante Meuleman , Pieter-Paul Giesberts , Wright Feng , =?UTF-8?B?UmFmYcWCIE1pxYJlY2tp?= , Felix Fietkau , brcm80211-dev-list@cypress.com, Franky Lin On 3/15/2018 8:29 AM, Rafał Miłecki wrote: > From: Rafał Miłecki > > Testing brcmfmac with more recent firmwares resulted in AP interfaces > not working in some specific setups. Debugging resulted in discovering > support for IAPP in Broadcom's firmwares. > > Older firmwares were only generating 802.11f frames. Newer ones like: > 1) 10.10 (TOB) (r663589) > 2) 10.10.122.20 (r683106) > for 4366b1 and 4366c0 respectively seem to also /respect/ 802.11f frames > in the Tx path by performing a STA disassociation. > > This obsoleted standard and its implementation is something that: > 1) Most people don't need / want to use > 2) Can allow local DoS attacks > 3) Breaks AP interfaces in some specific bridge setups > > To solve issues it can cause this commit modifies brcmfmac to drop IAPP > packets. If affects: > 1) Rx path: driver won't be sending these unwanted packets up. > 2) Tx path: driver will reject packets that would trigger STA > disassociation perfromed by a firmware (possible local DoS attack). > > It appears there are some Broadcom's clients/users who care about this > feature despite the drawbacks. They can switch it on using a new module > param. > > This change results in only two more comparisons (check for module param > and check for Ethernet packet length) for 99.9% of packets. Its overhead > should be very minimal. Hi Rafał, Thanks for this patch. Acked-by: Arend van Spriel > Signed-off-by: Rafał Miłecki > --- > .../wireless/broadcom/brcm80211/brcmfmac/common.c | 5 ++ > .../wireless/broadcom/brcm80211/brcmfmac/common.h | 1 + > .../wireless/broadcom/brcm80211/brcmfmac/core.c | 57 ++++++++++++++++++++++ > 3 files changed, 63 insertions(+) From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-qt0-f196.google.com ([209.85.216.196]:39147 "EHLO mail-qt0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751362AbeCOIge (ORCPT ); Thu, 15 Mar 2018 04:36:34 -0400 Received: by mail-qt0-f196.google.com with SMTP id a26so6359323qtj.6 for ; Thu, 15 Mar 2018 01:36:33 -0700 (PDT) Subject: Re: [PATCH V2] brcmfmac: drop Inter-Access Point Protocol packets by default To: =?UTF-8?B?UmFmYcWCIE1pxYJlY2tp?= , Kalle Valo References: <20180315072909.1512-1-zajec5@gmail.com> Cc: Franky Lin , Hante Meuleman , Chi-Hsien Lin , Wright Feng , Pieter-Paul Giesberts , James Hughes , linux-wireless@vger.kernel.org, brcm80211-dev-list.pdl@broadcom.com, brcm80211-dev-list@cypress.com, netdev@vger.kernel.org, =?UTF-8?Q?Linus_L=c3=bcssing?= , Felix Fietkau , bridge@lists.linux-foundation.org, =?UTF-8?B?UmFmYcWCIE1pxYJlY2tp?= From: Arend van Spriel Message-ID: <5AAA308D.4090100@broadcom.com> (sfid-20180315_093640_758619_7D079457) Date: Thu, 15 Mar 2018 09:36:29 +0100 MIME-Version: 1.0 In-Reply-To: <20180315072909.1512-1-zajec5@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Sender: linux-wireless-owner@vger.kernel.org List-ID: On 3/15/2018 8:29 AM, Rafał Miłecki wrote: > From: Rafał Miłecki > > Testing brcmfmac with more recent firmwares resulted in AP interfaces > not working in some specific setups. Debugging resulted in discovering > support for IAPP in Broadcom's firmwares. > > Older firmwares were only generating 802.11f frames. Newer ones like: > 1) 10.10 (TOB) (r663589) > 2) 10.10.122.20 (r683106) > for 4366b1 and 4366c0 respectively seem to also /respect/ 802.11f frames > in the Tx path by performing a STA disassociation. > > This obsoleted standard and its implementation is something that: > 1) Most people don't need / want to use > 2) Can allow local DoS attacks > 3) Breaks AP interfaces in some specific bridge setups > > To solve issues it can cause this commit modifies brcmfmac to drop IAPP > packets. If affects: > 1) Rx path: driver won't be sending these unwanted packets up. > 2) Tx path: driver will reject packets that would trigger STA > disassociation perfromed by a firmware (possible local DoS attack). > > It appears there are some Broadcom's clients/users who care about this > feature despite the drawbacks. They can switch it on using a new module > param. > > This change results in only two more comparisons (check for module param > and check for Ethernet packet length) for 99.9% of packets. Its overhead > should be very minimal. Hi Rafał, Thanks for this patch. Acked-by: Arend van Spriel > Signed-off-by: Rafał Miłecki > --- > .../wireless/broadcom/brcm80211/brcmfmac/common.c | 5 ++ > .../wireless/broadcom/brcm80211/brcmfmac/common.h | 1 + > .../wireless/broadcom/brcm80211/brcmfmac/core.c | 57 ++++++++++++++++++++++ > 3 files changed, 63 insertions(+) From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arend van Spriel Subject: Re: [PATCH V2] brcmfmac: drop Inter-Access Point Protocol packets by default Date: Thu, 15 Mar 2018 09:36:29 +0100 Message-ID: <5AAA308D.4090100@broadcom.com> References: <20180315072909.1512-1-zajec5@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Cc: Franky Lin , Hante Meuleman , Chi-Hsien Lin , Wright Feng , Pieter-Paul Giesberts , James Hughes , linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, brcm80211-dev-list.pdl-dY08KVG/lbpWk0Htik3J/w@public.gmane.org, brcm80211-dev-list-+wT8y+m8/X5BDgjK7y7TUQ@public.gmane.org, netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, =?UTF-8?Q?Linus_L=c3=bcssing?= , Felix Fietkau , bridge-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, =?UTF-8?B?UmFmYcWCIE1pxYJlY2tp?= To: =?UTF-8?B?UmFmYcWCIE1pxYJlY2tp?= , Kalle Valo Return-path: In-Reply-To: <20180315072909.1512-1-zajec5-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> Sender: linux-wireless-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: netdev.vger.kernel.org On 3/15/2018 8:29 AM, Rafał Miłecki wrote: > From: Rafał Miłecki > > Testing brcmfmac with more recent firmwares resulted in AP interfaces > not working in some specific setups. Debugging resulted in discovering > support for IAPP in Broadcom's firmwares. > > Older firmwares were only generating 802.11f frames. Newer ones like: > 1) 10.10 (TOB) (r663589) > 2) 10.10.122.20 (r683106) > for 4366b1 and 4366c0 respectively seem to also /respect/ 802.11f frames > in the Tx path by performing a STA disassociation. > > This obsoleted standard and its implementation is something that: > 1) Most people don't need / want to use > 2) Can allow local DoS attacks > 3) Breaks AP interfaces in some specific bridge setups > > To solve issues it can cause this commit modifies brcmfmac to drop IAPP > packets. If affects: > 1) Rx path: driver won't be sending these unwanted packets up. > 2) Tx path: driver will reject packets that would trigger STA > disassociation perfromed by a firmware (possible local DoS attack). > > It appears there are some Broadcom's clients/users who care about this > feature despite the drawbacks. They can switch it on using a new module > param. > > This change results in only two more comparisons (check for module param > and check for Ethernet packet length) for 99.9% of packets. Its overhead > should be very minimal. Hi Rafał, Thanks for this patch. Acked-by: Arend van Spriel > Signed-off-by: Rafał Miłecki > --- > .../wireless/broadcom/brcm80211/brcmfmac/common.c | 5 ++ > .../wireless/broadcom/brcm80211/brcmfmac/common.h | 1 + > .../wireless/broadcom/brcm80211/brcmfmac/core.c | 57 ++++++++++++++++++++++ > 3 files changed, 63 insertions(+)