Fix 'ifconfig nwflags; These flags ended up overlapping with other flags

in ieee80211com's ic_flags because we haven't been paying attention to
them (they're not in the same place in the code and hence easy to miss).
Move them to a dedicated variable to avoid this problem in the future.

Add a new 'stayauth' nwflag which can be set to let net80211 ignore
deauth frames. This can be useful when deauth frames are being
persistently spoofed by an attacker. Idea from beck@

ok beck@ phessler@

1 files changed, 3 insertions, 4 deletions

diff --git a/sys/dev/ic/if_wi.c b/sys/dev/ic/if_wi.c
index 5451345b767..6b8eb776371 100644
--- a/sys/dev/ic/if_wi.c
+++ b/sys/dev/ic/if_wi.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_wi.c,v 1.168 2018/02/19 08:59:52 mpi Exp $	*/
+/*	$OpenBSD: if_wi.c,v 1.169 2019/05/12 18:12:38 stsp Exp $	*/
 
 /*
  * Copyright (c) 1997, 1998, 1999
@@ -1963,8 +1963,7 @@ wi_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
 			}
 			sc->wi_enh_security = letoh16(wreq->wi_val[0]);
 			if (sc->wi_enh_security == WI_HIDESSID_IGNPROBES)
-				ifr->ifr_flags |= IEEE80211_F_HIDENWID >>
-				    IEEE80211_F_USERSHIFT;
+				ifr->ifr_flags |= IEEE80211_F_HIDENWID;
 		}
 		break;
 	case SIOCS80211FLAGS:
@@ -1974,7 +1973,7 @@ wi_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
 			error = EINVAL;
 			break;
 		}
-		flags = (u_int32_t)ifr->ifr_flags << IEEE80211_F_USERSHIFT;
+		flags = (u_int32_t)ifr->ifr_flags;
 		if (sc->wi_flags & WI_FLAGS_HAS_ENH_SECURITY) {
 			sc->wi_enh_security = (flags & IEEE80211_F_HIDENWID) ?
 			    WI_HIDESSID_IGNPROBES : 0;