From: "Jouni Malinen" <jkm@devicescape.com>
To: Larry Finger <Larry.Finger@lwfinger.net>
Cc: "John W. Linville" <linville@tuxdriver.com>,
netdev <netdev@vger.kernel.org>
Subject: Re: kernel: TKIP: replay detected:
Date: Thu, 28 Sep 2006 15:48:01 -0700 [thread overview]
Message-ID: <20060928224801.GJ9615@instant802.com> (raw)
In-Reply-To: <451C41B2.4090209@lwfinger.net>
On Thu, Sep 28, 2006 at 04:42:10PM -0500, Larry Finger wrote:
> @@ -544,6 +548,14 @@ int bcm43xx_rx(struct bcm43xx_private *b
> }
>
> frame_ctl = le16_to_cpu(wlhdr->frame_ctl);
> + seq_ctl = le16_to_cpu(wlhdr->seq_ctl);
> +
> + if ((frame_ctl == prev_frame) && (seq_ctl == prev_seq))
> + return -EINVAL;
> +
> + prev_frame = frame_ctl;
> + prev_seq = seq_ctl;
> By dropping those packets with frame_ctl and seq_ctl the same as the values
> in the previous packet, I was able to cut the number of TKIP replay
> messages, but some still come through. Is this what you had in mind, or is
> there somewhere else that I should be looking?
This is quite close to what I had in mind and is likely okay for
testing, but would not be generic enough to be something I would like to
see in the main kernel tree. See IEEE 802.11 clause 9.2.9 for the
details of what the receiver needs to do (mainly, the validation of
addr2 and per STA prev_seq is needed for AP and IBSS modes). In
addition, this should really be in the generic IEEE 802.11 code and
there are couple of optimizations which can be used when combining this
with defragmentation (see, e.g., net/d80211/ieee80211.c
ieee80211_rx_h_check).
Did the replay messages still show the same TSC/PN or did you get rid of
all messages that had the same number repeated?
--
Jouni Malinen PGP id EFC895FA
prev parent reply other threads:[~2006-09-28 22:48 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-24 10:40 kernel: TKIP: replay detected: Elimar Riesebieter
2006-09-25 14:50 ` John W. Linville
2006-09-25 19:13 ` Matthieu CASTET
2006-09-25 20:10 ` Larry Finger
2006-09-28 16:08 ` Jouni Malinen
2006-09-28 21:42 ` Larry Finger
2006-09-28 22:48 ` Jouni Malinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060928224801.GJ9615@instant802.com \
--to=jkm@devicescape.com \
--cc=Larry.Finger@lwfinger.net \
--cc=linville@tuxdriver.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).