svn commit: r227338 - head/sys/net80211

Adrian Chadd adrian at FreeBSD.org
Tue Nov 8 14:28:33 UTC 2011 

Author: adrian
Date: Tue Nov  8 14:28:33 2011
New Revision: 227338
URL: http://svn.freebsd.org/changeset/base/227338

Log:
  Reject frames in STA mode which are not destined to the local STA address.
  
  Some hardware (eg the AR9160 in STA mode) seems to "leak" unicast FROMDS
  frames which aren't destined to itself. This angers the net80211 stack -
  the existing code would fail to find an address in the node table and try
  passing the frame up to each vap BSS. It would then be accepted in the
  input routine and its contents would update the local crypto and sequence
  number state.
  
  If the sequence number / crypto IV replay counters from the leaked frame
  were greater than the "real" state, subsequent "real" frames would be
  rejected due to out of sequence / IV replay conditions.
  
  This is also likely helpful if/when multi-STA modes are added to net80211.
  
  Sponsored by:	Hobnob, Inc.

Modified:
  head/sys/net80211/ieee80211_sta.c

Modified: head/sys/net80211/ieee80211_sta.c
==============================================================================
--- head/sys/net80211/ieee80211_sta.c	Tue Nov  8 14:24:33 2011	(r227337)
+++ head/sys/net80211/ieee80211_sta.c	Tue Nov  8 14:28:33 2011	(r227338)
@@ -584,6 +584,30 @@ sta_input(struct ieee80211_node *ni, str
 			vap->iv_stats.is_rx_wrongbss++;
 			goto out;
 		}
+
+		/*
+		 * Some devices may be in a promiscuous mode
+		 * where they receive frames for multiple station
+		 * addresses.
+		 *
+		 * If we receive a data frame that isn't
+		 * destined to our VAP MAC, drop it.
+		 *
+		 * XXX TODO: This is only enforced when not scanning;
+		 * XXX it assumes a software-driven scan will put the NIC
+		 * XXX into a "no data frames" mode before setting this
+		 * XXX flag. Otherwise it may be possible that we'll still
+		 * XXX process data frames whilst scanning.
+		 */
+		if ((! IEEE80211_IS_MULTICAST(wh->i_addr1))
+		    && (! IEEE80211_ADDR_EQ(wh->i_addr1, IF_LLADDR(ifp)))) {
+			IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
+			    bssid, NULL, "not to cur sta: lladdr=%6D, addr1=%6D",
+			    IF_LLADDR(ifp), ":", wh->i_addr1, ":");
+			vap->iv_stats.is_rx_wrongbss++;
+			goto out;
+		}
+
 		IEEE80211_RSSI_LPF(ni->ni_avgrssi, rssi);
 		ni->ni_noise = nf;
 		if (HAS_SEQ(type) && !IEEE80211_IS_MULTICAST(wh->i_addr1)) {

More information about the svn-src-head mailing list