From: Benoit PAPILLAULT <benoit.papillault@free.fr>
To: "Gábor Stefanik" <netrolller.3d@gmail.com>
Cc: johannes@sipsolutions.net, linux-wireless@vger.kernel.org
Subject: Re: [PATCH 1/2] mac80211: Drop protected data frames that have not been decrypted
Date: Mon, 15 Feb 2010 08:45:41 +0100 [thread overview]
Message-ID: <4B78FBA5.7090109@free.fr> (raw)
In-Reply-To: <69e28c911002141610q737465b4s1d825d6dcd3aea26@mail.gmail.com>
Gábor Stefanik a écrit :
> On Mon, Feb 15, 2010 at 12:37 AM, Benoit Papillault
> <benoit.papillault@free.fr> wrote:
>
>> Fix for the following issue : a STA connected to a WPA2 AP was showing
>> frames from others STA in tcpdump on wlan0 (promiscuous mode). In fact,
>> those frames are not decrypted and appears as 802.3 junk. This patch
>> just drops any protected data frames that have not been decrypted.
>>
>> Signed-off-by: Benoit Papillault <benoit.papillault@free.fr>
>> ---
>> net/mac80211/rx.c | 8 ++++++++
>> 1 files changed, 8 insertions(+), 0 deletions(-)
>>
>> diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
>> index c9755f3..22ae6ee 100644
>> --- a/net/mac80211/rx.c
>> +++ b/net/mac80211/rx.c
>> @@ -1397,6 +1397,14 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
>> ieee80211_is_data(fc) &&
>> (rx->key || rx->sdata->drop_unencrypted)))
>> return -EACCES;
>> + /*
>> + * Drop encrypted frames that have not been decrypted. This
>> + * happens for frames that are sent by an AP to another STA
>> + */
>> + if (ieee80211_has_protected(fc) &&
>> + !(status->flag & RX_FLAG_DECRYPTED)) {
>> + return -EACCES;
>> + }
>> if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) {
>> if (unlikely(ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
>> rx->key))
>> --
>> 1.5.6.5
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>>
>
> I'm not familiar with this part of the code; but have you tested if
> this doesn't break monitor-while-operating mode (i.e. doesn't remove
> other-STA frames from monitor interfaces)?
>
>
Yes, it has been tested in this case. In fact, this patch changes RX
path only in ieee80211_rx_h_data / ieee80211_rx_h_action and
ieee80211_rx_h_mgmt. In all 3 cases, it returns RX_DROP_MONITOR.
Regards,
Benoit
next prev parent reply other threads:[~2010-02-15 7:45 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-14 23:37 [PATCH 1/2] mac80211: Drop protected data frames that have not been decrypted Benoit Papillault
2010-02-14 23:37 ` [PATCH 2/2] mac80211: Add HT IE to IBSS beacons and probe responses Benoit Papillault
2010-02-15 9:35 ` Johannes Berg
2010-02-15 22:32 ` Benoit PAPILLAULT
2010-02-16 7:17 ` Johannes Berg
2010-02-15 0:10 ` [PATCH 1/2] mac80211: Drop protected data frames that have not been decrypted Gábor Stefanik
2010-02-15 7:45 ` Benoit PAPILLAULT [this message]
2010-02-15 9:34 ` Johannes Berg
2010-02-15 22:36 ` Benoit PAPILLAULT
2010-02-16 7:18 ` Johannes Berg
2010-02-15 9:36 ` Johannes Berg
2010-02-16 9:58 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B78FBA5.7090109@free.fr \
--to=benoit.papillault@free.fr \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=netrolller.3d@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).