Re: iwpan with LLSEC - attribute type 1 has an invalid length

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

On Mon, 19 Oct 2020 at 02:07, Benjamin Valentin
<benjamin.valentin@xxxxxxxxx> wrote:
>
> On Sun, 18 Oct 2020 19:20:53 -0400
> Alexander Aring <alex.aring@xxxxxxxxx> wrote:
>
> > 2 is ack frame, I think you mean 1.
>
> Same error with 1
>
> > Success? Like above? Can you tell me the command line error message
> > please? What does tell you "type 1 has an invalid length"
>
> dmesg tells me that when I enter that command:
>
> [  156.899429] netlink: 'iwpan': attribute type 1 has an invalid length.

There are recent changes to netlink to "validate" more netlink policy
and I think we are doing it wrong in kernel or user.

Try wpan-tools:

diff --git a/src/security.c b/src/security.c
index 1659699..8062608 100644
--- a/src/security.c
+++ b/src/security.c
@@ -299,7 +299,7 @@ static int print_seclevel_handler(struct nl_msg
*msg, void *arg)
        if (tb[NL802154_ATTR_SEC_LEVEL]) {
                struct nlattr *tb_seclevel[NL802154_SECLEVEL_ATTR_MAX + 1];
                static struct nla_policy
seclevel_policy[NL802154_SECLEVEL_ATTR_MAX + 1] = {
-                       [NL802154_SECLEVEL_ATTR_LEVELS] = { .type = NLA_U32 },
+                       [NL802154_SECLEVEL_ATTR_LEVELS] = { .type = NLA_U8 },
                        [NL802154_SECLEVEL_ATTR_FRAME] = { .type = NLA_U32 },
                        [NL802154_SECLEVEL_ATTR_CMD_FRAME] = { .type =
NLA_U32 },
                        [NL802154_SECLEVEL_ATTR_DEV_OVERRIDE] = {
.type = NLA_U8 },
@@ -400,7 +400,7 @@ static int handle_seclevel_add(struct
nl802154_state *state, struct nl_cb *cb,
        if (!seclevel_msg)
                return -ENOMEM;

-       NLA_PUT_U32(seclevel_msg, NL802154_SECLEVEL_ATTR_LEVELS, levels);
+       NLA_PUT_U8(seclevel_msg, NL802154_SECLEVEL_ATTR_LEVELS, levels);
        NLA_PUT_U32(seclevel_msg, NL802154_SECLEVEL_ATTR_FRAME, frame);
        if (frame == NL802154_FRAME_CMD)
                NLA_PUT_U32(seclevel_msg,
NL802154_SECLEVEL_ATTR_CMD_FRAME, cmd_id);


That should fix it.

> So I assume that's why encryption fails.
>
> >  - Don't trust wireshark, you will not see exactly what's sending out
> > on the wire. We just do the encryption on the wrong layer, but moving
> > it was causing other problems. I recently stumbled over something
> > which maybe can help us there, but didn't look closely at that, some
> > subsystems have special handling for tcpdump/wireshark things.
>
> Would that cause interoperability issues with other implementations?
>

No, just use a monitor interface to see what the on air traffic is.
Don't trust local captures.

- Alex
[Index of Archives]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux