* [PATCH] mac80211: drop non-auth 3-addr data frames when running as a 4-addr station
@ 2011-01-15 13:38 Felix Fietkau
2011-01-17 14:20 ` Johannes Berg
0 siblings, 1 reply; 3+ messages in thread
From: Felix Fietkau @ 2011-01-15 13:38 UTC (permalink / raw)
To: linux-wireless; +Cc: linville, johannes, Felix Fietkau
When running as a 4-addr station against an AP that has the 4-addr VLAN
interface and the main 3-addr AP interface bridged together, sometimes
frames originating from the station were looping back from the 3-addr AP
interface, causing the bridge code to emit warnings about receiving frames
with its own source address.
I'm not sure why this is happening yet, but I think it's a good idea to
drop all frames (except 802.1x/EAP frames) that do not match the configured
addressing mode, including 4-address frames sent to a 3-address station.
User test reports indicate that the problem goes away with this patch.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
---
net/mac80211/rx.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index a6701ed..54e3108 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1561,9 +1561,13 @@ __ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
sdata->vif.type == NL80211_IFTYPE_AP_VLAN && !sdata->u.vlan.sta)
return -1;
+ if (!ieee80211_802_1x_port_control(rx) &&
+ sdata->vif.type == NL80211_IFTYPE_STATION &&
+ !!sdata->u.mgd.use_4addr != !!ieee80211_has_a4(hdr->frame_control))
+ return -1;
+
if (is_multicast_ether_addr(hdr->addr1) &&
- ((sdata->vif.type == NL80211_IFTYPE_AP_VLAN && sdata->u.vlan.sta) ||
- (sdata->vif.type == NL80211_IFTYPE_STATION && sdata->u.mgd.use_4addr)))
+ sdata->vif.type == NL80211_IFTYPE_AP_VLAN && sdata->u.vlan.sta)
return -1;
return ieee80211_data_to_8023(rx->skb, sdata->vif.addr, sdata->vif.type);
--
1.7.3.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] mac80211: drop non-auth 3-addr data frames when running as a 4-addr station
2011-01-15 13:38 [PATCH] mac80211: drop non-auth 3-addr data frames when running as a 4-addr station Felix Fietkau
@ 2011-01-17 14:20 ` Johannes Berg
2011-01-17 17:40 ` Felix Fietkau
0 siblings, 1 reply; 3+ messages in thread
From: Johannes Berg @ 2011-01-17 14:20 UTC (permalink / raw)
To: Felix Fietkau; +Cc: linux-wireless, linville
On Sat, 2011-01-15 at 14:38 +0100, Felix Fietkau wrote:
> When running as a 4-addr station against an AP that has the 4-addr VLAN
> interface and the main 3-addr AP interface bridged together, sometimes
> frames originating from the station were looping back from the 3-addr AP
> interface, causing the bridge code to emit warnings about receiving frames
> with its own source address.
> I'm not sure why this is happening yet, but I think it's a good idea to
> drop all frames (except 802.1x/EAP frames) that do not match the configured
> addressing mode, including 4-address frames sent to a 3-address station.
> User test reports indicate that the problem goes away with this patch.
>
> Signed-off-by: Felix Fietkau <nbd@openwrt.org>
> ---
> net/mac80211/rx.c | 8 ++++++--
> 1 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
> index a6701ed..54e3108 100644
> --- a/net/mac80211/rx.c
> +++ b/net/mac80211/rx.c
> @@ -1561,9 +1561,13 @@ __ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
> sdata->vif.type == NL80211_IFTYPE_AP_VLAN && !sdata->u.vlan.sta)
> return -1;
>
> + if (!ieee80211_802_1x_port_control(rx) &&
I think you need a different check there. This just checks the STA is
authorized.
johannes
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] mac80211: drop non-auth 3-addr data frames when running as a 4-addr station
2011-01-17 14:20 ` Johannes Berg
@ 2011-01-17 17:40 ` Felix Fietkau
0 siblings, 0 replies; 3+ messages in thread
From: Felix Fietkau @ 2011-01-17 17:40 UTC (permalink / raw)
To: Johannes Berg; +Cc: linux-wireless, linville
On 2011-01-17 3:20 PM, Johannes Berg wrote:
> On Sat, 2011-01-15 at 14:38 +0100, Felix Fietkau wrote:
>> When running as a 4-addr station against an AP that has the 4-addr VLAN
>> interface and the main 3-addr AP interface bridged together, sometimes
>> frames originating from the station were looping back from the 3-addr AP
>> interface, causing the bridge code to emit warnings about receiving frames
>> with its own source address.
>> I'm not sure why this is happening yet, but I think it's a good idea to
>> drop all frames (except 802.1x/EAP frames) that do not match the configured
>> addressing mode, including 4-address frames sent to a 3-address station.
>> User test reports indicate that the problem goes away with this patch.
>>
>> Signed-off-by: Felix Fietkau<nbd@openwrt.org>
>> ---
>> net/mac80211/rx.c | 8 ++++++--
>> 1 files changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
>> index a6701ed..54e3108 100644
>> --- a/net/mac80211/rx.c
>> +++ b/net/mac80211/rx.c
>> @@ -1561,9 +1561,13 @@ __ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
>> sdata->vif.type == NL80211_IFTYPE_AP_VLAN&& !sdata->u.vlan.sta)
>> return -1;
>>
>> + if (!ieee80211_802_1x_port_control(rx)&&
>
> I think you need a different check there. This just checks the STA is
> authorized.
You're right. I'll fix and resend.
- Felix
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-01-17 17:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-01-15 13:38 [PATCH] mac80211: drop non-auth 3-addr data frames when running as a 4-addr station Felix Fietkau
2011-01-17 14:20 ` Johannes Berg
2011-01-17 17:40 ` Felix Fietkau
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).