From: John W. Linville <linville@xxxxxxxxxxxxx>
Please see changelog entry for "mac80211: no missing key complaint if
frame may not be for us" for background information.
If multiple protected SSIDs share a BSSID, then each will see the
other's encrypted multicast traffic. Rather than complain about being
unable to decrypt multicast traffic which may not be for us, just keep
quiet.
Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
---
net/mac80211/wep.c | 11 ++++++++++-
net/mac80211/wpa.c | 27 +++++++++++++++++++++------
2 files changed, 31 insertions(+), 7 deletions(-)
diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c
index 6675261..4b75ccb 100644
--- a/net/mac80211/wep.c
+++ b/net/mac80211/wep.c
@@ -311,6 +311,8 @@ u8 * ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key)
ieee80211_txrx_result
ieee80211_crypto_wep_decrypt(struct ieee80211_txrx_data *rx)
{
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
+
if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
(rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH))
@@ -318,7 +320,14 @@ ieee80211_crypto_wep_decrypt(struct ieee80211_txrx_data *rx)
if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED)) {
if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) {
- if (net_ratelimit())
+ /* if there are multiple SSIDs on this BSSID,
+ the frame may not be for us anyway; so, check
+ that either the frame is unicast or that we
+ are not in managed mode before complaining
+ about a missing key */
+ if ((!is_multicast_ether_addr(hdr->addr1) ||
+ rx->sdata->type != IEEE80211_IF_TYPE_STA) &&
+ net_ratelimit())
printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
"failed\n", rx->dev->name);
return TXRX_DROP;
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index 0b32ab6..2d5bf83 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -321,9 +321,16 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_txrx_data *rx)
&rx->u.rx.tkip_iv32,
&rx->u.rx.tkip_iv16);
if (res != TKIP_DECRYPT_OK || wpa_test) {
- printk(KERN_DEBUG "%s: TKIP decrypt failed for RX frame from "
- MAC_FMT " (res=%d)\n",
- rx->dev->name, MAC_ARG(rx->sta->addr), res);
+ /* if there are multiple SSIDs on this BSSID, the
+ frame may not be for us anyway; so, check that either
+ the frame is unicast or that we are not in managed
+ mode before complaining about a missing key */
+ if ((!is_multicast_ether_addr(hdr->addr1) ||
+ rx->sdata->type != IEEE80211_IF_TYPE_STA) &&
+ net_ratelimit())
+ printk(KERN_DEBUG "%s: TKIP decrypt failed for RX "
+ "frame from " MAC_FMT " (res=%d)\n",
+ rx->dev->name, MAC_ARG(rx->sta->addr), res);
return TXRX_DROP;
}
@@ -590,9 +597,17 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_txrx_data *rx)
skb->data + hdrlen + CCMP_HDR_LEN, data_len,
skb->data + skb->len - CCMP_MIC_LEN,
skb->data + hdrlen + CCMP_HDR_LEN)) {
- printk(KERN_DEBUG "%s: CCMP decrypt failed for RX "
- "frame from " MAC_FMT "\n", rx->dev->name,
- MAC_ARG(rx->sta->addr));
+ /* if there are multiple SSIDs on this BSSID,
+ the frame may not be for us anyway; so, check
+ that either the frame is unicast or that we
+ are not in managed mode before complaining
+ about a missing key */
+ if ((!is_multicast_ether_addr(hdr->addr1) ||
+ rx->sdata->type != IEEE80211_IF_TYPE_STA) &&
+ net_ratelimit())
+ printk(KERN_DEBUG "%s: CCMP decrypt failed "
+ "for RX frame from " MAC_FMT "\n",
+ rx->dev->name, MAC_ARG(rx->sta->addr));
return TXRX_DROP;
}
}
--
1.5.2.4
-
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
