Gábor Stefanik a écrit :
On Mon, Feb 15, 2010 at 12:37 AM, Benoit Papillault
<benoit.papillault@xxxxxxx> wrote:
Fix for the following issue : a STA connected to a WPA2 AP was showing
frames from others STA in tcpdump on wlan0 (promiscuous mode). In fact,
those frames are not decrypted and appears as 802.3 junk. This patch
just drops any protected data frames that have not been decrypted.
Signed-off-by: Benoit Papillault <benoit.papillault@xxxxxxx>
---
net/mac80211/rx.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index c9755f3..22ae6ee 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1397,6 +1397,14 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
ieee80211_is_data(fc) &&
(rx->key || rx->sdata->drop_unencrypted)))
return -EACCES;
+ /*
+ * Drop encrypted frames that have not been decrypted. This
+ * happens for frames that are sent by an AP to another STA
+ */
+ if (ieee80211_has_protected(fc) &&
+ !(status->flag & RX_FLAG_DECRYPTED)) {
+ return -EACCES;
+ }
if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) {
if (unlikely(ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
rx->key))
--
1.5.6.5
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
I'm not familiar with this part of the code; but have you tested if
this doesn't break monitor-while-operating mode (i.e. doesn't remove
other-STA frames from monitor interfaces)?
Yes, it has been tested in this case. In fact, this patch changes RX
path only in ieee80211_rx_h_data / ieee80211_rx_h_action and
ieee80211_rx_h_mgmt. In all 3 cases, it returns RX_DROP_MONITOR.
Regards,
Benoit
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
