summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sbin/ifconfig/ifconfig.821
-rw-r--r--sys/dev/ic/if_wi.c7
-rw-r--r--sys/net80211/ieee80211_input.c15
-rw-r--r--sys/net80211/ieee80211_ioctl.c10
-rw-r--r--sys/net80211/ieee80211_ioctl.h19
-rw-r--r--sys/net80211/ieee80211_output.c7
-rw-r--r--sys/net80211/ieee80211_var.h4
7 files changed, 50 insertions, 33 deletions
diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index c28490708f7..9eaa85c22fa 100644
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ifconfig.8,v 1.335 2019/05/10 18:27:50 akoshibe Exp $
+.\" $OpenBSD: ifconfig.8,v 1.336 2019/05/12 18:12:37 stsp Exp $
.\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $
.\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $
.\"
@@ -31,7 +31,7 @@
.\"
.\" @(#)ifconfig.8 8.4 (Berkeley) 6/1/94
.\"
-.Dd $Mdocdate: May 10 2019 $
+.Dd $Mdocdate: May 12 2019 $
.Dt IFCONFIG 8
.Os
.Sh NAME
@@ -969,22 +969,31 @@ Show the list of currently configured auto-join networks.
Remove all networks in the list of auto-join networks.
.It Cm nwflag Ar flag
Set specified flag.
-The flag name can be either
-.Ql hidenwid
-or
-.Ql nobridge .
+The flag name can be:
+.Bl -tag -width tenletters
+.It hidenwid
The
.Ql hidenwid
flag will hide the network ID (ESSID) in beacon frames when operating
in Host AP mode.
It will also prevent responses to probe requests with an unspecified
network ID.
+.It nobridge
The
.Ql nobridge
flag will disable the direct bridging of frames between associated
nodes when operating in Host AP mode.
Setting this flag will block and filter direct inter-station
communications.
+.It stayauth
+The
+.Ql stayauth
+flag will cause the interface to ignore deauth frames.
+This flag should only be used on wifi networks which are being
+attacked with spoofed deauth frames.
+It breaks interoperability with spectrum management solutions and access
+points that perform band-steering of clients.
+.El
.Pp
Note that the
.Ql hidenwid
diff --git a/sys/dev/ic/if_wi.c b/sys/dev/ic/if_wi.c
index 5451345b767..6b8eb776371 100644
--- a/sys/dev/ic/if_wi.c
+++ b/sys/dev/ic/if_wi.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_wi.c,v 1.168 2018/02/19 08:59:52 mpi Exp $ */
+/* $OpenBSD: if_wi.c,v 1.169 2019/05/12 18:12:38 stsp Exp $ */
/*
* Copyright (c) 1997, 1998, 1999
@@ -1963,8 +1963,7 @@ wi_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
}
sc->wi_enh_security = letoh16(wreq->wi_val[0]);
if (sc->wi_enh_security == WI_HIDESSID_IGNPROBES)
- ifr->ifr_flags |= IEEE80211_F_HIDENWID >>
- IEEE80211_F_USERSHIFT;
+ ifr->ifr_flags |= IEEE80211_F_HIDENWID;
}
break;
case SIOCS80211FLAGS:
@@ -1974,7 +1973,7 @@ wi_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
error = EINVAL;
break;
}
- flags = (u_int32_t)ifr->ifr_flags << IEEE80211_F_USERSHIFT;
+ flags = (u_int32_t)ifr->ifr_flags;
if (sc->wi_flags & WI_FLAGS_HAS_ENH_SECURITY) {
sc->wi_enh_security = (flags & IEEE80211_F_HIDENWID) ?
WI_HIDESSID_IGNPROBES : 0;
diff --git a/sys/net80211/ieee80211_input.c b/sys/net80211/ieee80211_input.c
index 1c863e788dc..c118ba764e4 100644
--- a/sys/net80211/ieee80211_input.c
+++ b/sys/net80211/ieee80211_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_input.c,v 1.205 2019/03/29 11:05:46 stsp Exp $ */
+/* $OpenBSD: ieee80211_input.c,v 1.206 2019/05/12 18:12:38 stsp Exp $ */
/*-
* Copyright (c) 2001 Atsushi Onoe
@@ -882,7 +882,7 @@ ieee80211_deliver_data(struct ieee80211com *ic, struct mbuf *m,
m1 = NULL;
#ifndef IEEE80211_STA_ONLY
if (ic->ic_opmode == IEEE80211_M_HOSTAP &&
- !(ic->ic_flags & IEEE80211_F_NOBRIDGE) &&
+ !(ic->ic_userflags & IEEE80211_F_NOBRIDGE) &&
eh->ether_type != htons(ETHERTYPE_PAE)) {
struct ieee80211_node *ni1;
@@ -2418,7 +2418,9 @@ ieee80211_recv_deauth(struct ieee80211com *ic, struct mbuf *m,
case IEEE80211_M_STA: {
int bgscan = ((ic->ic_flags & IEEE80211_F_BGSCAN) &&
ic->ic_state == IEEE80211_S_RUN);
- if (!bgscan) /* ignore deauth during bgscan */
+ int stay_auth = ((ic->ic_userflags & IEEE80211_F_STAYAUTH) &&
+ ic->ic_state >= IEEE80211_S_AUTH);
+ if (!(bgscan || stay_auth))
ieee80211_new_state(ic, IEEE80211_S_AUTH,
IEEE80211_FC0_SUBTYPE_DEAUTH);
}
@@ -2426,13 +2428,18 @@ ieee80211_recv_deauth(struct ieee80211com *ic, struct mbuf *m,
#ifndef IEEE80211_STA_ONLY
case IEEE80211_M_HOSTAP:
if (ni != ic->ic_bss) {
+ int stay_auth =
+ ((ic->ic_userflags & IEEE80211_F_STAYAUTH) &&
+ (ni->ni_state == IEEE80211_STA_AUTH ||
+ ni->ni_state == IEEE80211_STA_ASSOC));
if (ic->ic_if.if_flags & IFF_DEBUG)
printf("%s: station %s deauthenticated "
"by peer (reason %d)\n",
ic->ic_if.if_xname,
ether_sprintf(ni->ni_macaddr),
reason);
- ieee80211_node_leave(ic, ni);
+ if (!stay_auth)
+ ieee80211_node_leave(ic, ni);
}
break;
#endif
diff --git a/sys/net80211/ieee80211_ioctl.c b/sys/net80211/ieee80211_ioctl.c
index f9a7edff896..425ee5f5a72 100644
--- a/sys/net80211/ieee80211_ioctl.c
+++ b/sys/net80211/ieee80211_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_ioctl.c,v 1.73 2019/02/19 08:12:30 stsp Exp $ */
+/* $OpenBSD: ieee80211_ioctl.c,v 1.74 2019/05/12 18:12:38 stsp Exp $ */
/* $NetBSD: ieee80211_ioctl.c,v 1.15 2004/05/06 02:58:16 dyoung Exp $ */
/*-
@@ -903,17 +903,17 @@ ieee80211_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
}
break;
case SIOCG80211FLAGS:
- flags = ic->ic_flags;
+ flags = ic->ic_userflags;
#ifndef IEEE80211_STA_ONLY
if (ic->ic_opmode != IEEE80211_M_HOSTAP)
#endif
flags &= ~IEEE80211_F_HOSTAPMASK;
- ifr->ifr_flags = flags >> IEEE80211_F_USERSHIFT;
+ ifr->ifr_flags = flags;
break;
case SIOCS80211FLAGS:
if ((error = suser(curproc)) != 0)
break;
- flags = (u_int32_t)ifr->ifr_flags << IEEE80211_F_USERSHIFT;
+ flags = ifr->ifr_flags;
if (
#ifndef IEEE80211_STA_ONLY
ic->ic_opmode != IEEE80211_M_HOSTAP &&
@@ -922,7 +922,7 @@ ieee80211_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
error = EINVAL;
break;
}
- ic->ic_flags = (ic->ic_flags & ~IEEE80211_F_USERMASK) | flags;
+ ic->ic_userflags = flags;
error = ENETRESET;
break;
case SIOCADDMULTI:
diff --git a/sys/net80211/ieee80211_ioctl.h b/sys/net80211/ieee80211_ioctl.h
index 69dbc52cbe8..575a573d2e2 100644
--- a/sys/net80211/ieee80211_ioctl.h
+++ b/sys/net80211/ieee80211_ioctl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_ioctl.h,v 1.37 2019/02/19 08:12:30 stsp Exp $ */
+/* $OpenBSD: ieee80211_ioctl.h,v 1.38 2019/05/12 18:12:38 stsp Exp $ */
/* $NetBSD: ieee80211_ioctl.h,v 1.7 2004/04/30 22:51:04 dyoung Exp $ */
/*-
@@ -394,20 +394,21 @@ struct ieee80211_nodereq_all {
#define SIOCG80211ALLNODES _IOWR('i', 214, struct ieee80211_nodereq_all)
/* net80211 specific interface flags */
-#define IEEE80211_F_HIDENWID 0x10000000 /* CONF: hidden ssid mode */
-#define IEEE80211_F_NOBRIDGE 0x20000000 /* CONF: no internal bridging */
-#define IEEE80211_F_HOSTAPMASK 0x30000000
-#define IEEE80211_F_USERSHIFT 28
-#define IEEE80211_F_USERBITS "\20\01HIDENWID\02NOBRIDGE"
+#define IEEE80211_F_HIDENWID 0x00000001 /* CONF: hidden ssid mode */
+#define IEEE80211_F_NOBRIDGE 0x00000002 /* CONF: no internal bridging */
+#define IEEE80211_F_HOSTAPMASK 0x00000003
+#define IEEE80211_F_STAYAUTH 0x00000004 /* CONF: ignore deauth */
+#define IEEE80211_F_USERBITS "\20\01HIDENWID\02NOBRIDGE\03STAYAUTH"
struct ieee80211_flags {
const char *f_name;
u_int f_flag;
};
-#define IEEE80211_FLAGS { \
- { "hidenwid", IEEE80211_F_HIDENWID >> IEEE80211_F_USERSHIFT }, \
- { "nobridge", IEEE80211_F_NOBRIDGE >> IEEE80211_F_USERSHIFT } \
+#define IEEE80211_FLAGS { \
+ { "hidenwid", IEEE80211_F_HIDENWID }, \
+ { "nobridge", IEEE80211_F_NOBRIDGE }, \
+ { "stayauth", IEEE80211_F_STAYAUTH } \
}
#define SIOCG80211FLAGS _IOWR('i', 216, struct ifreq)
diff --git a/sys/net80211/ieee80211_output.c b/sys/net80211/ieee80211_output.c
index bead1117127..d90af79e3f7 100644
--- a/sys/net80211/ieee80211_output.c
+++ b/sys/net80211/ieee80211_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_output.c,v 1.124 2019/05/10 18:30:15 patrick Exp $ */
+/* $OpenBSD: ieee80211_output.c,v 1.125 2019/05/12 18:12:38 stsp Exp $ */
/* $NetBSD: ieee80211_output.c,v 1.13 2004/05/31 11:02:55 dyoung Exp $ */
/*-
@@ -1819,7 +1819,8 @@ ieee80211_beacon_alloc(struct ieee80211com *ic, struct ieee80211_node *ni)
m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA,
8 + 2 + 2 +
- 2 + ((ic->ic_flags & IEEE80211_F_HIDENWID) ? 0 : ni->ni_esslen) +
+ 2 + ((ic->ic_userflags & IEEE80211_F_HIDENWID) ?
+ 0 : ni->ni_esslen) +
2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) +
2 + 1 +
2 + ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 : 254) +
@@ -1854,7 +1855,7 @@ ieee80211_beacon_alloc(struct ieee80211com *ic, struct ieee80211_node *ni)
memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */
LE_WRITE_2(frm, ni->ni_intval); frm += 2;
frm = ieee80211_add_capinfo(frm, ic, ni);
- if (ic->ic_flags & IEEE80211_F_HIDENWID)
+ if (ic->ic_userflags & IEEE80211_F_HIDENWID)
frm = ieee80211_add_ssid(frm, NULL, 0);
else
frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen);
diff --git a/sys/net80211/ieee80211_var.h b/sys/net80211/ieee80211_var.h
index eaf7649c4db..e866e28b1f9 100644
--- a/sys/net80211/ieee80211_var.h
+++ b/sys/net80211/ieee80211_var.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_var.h,v 1.95 2019/03/01 08:13:11 stsp Exp $ */
+/* $OpenBSD: ieee80211_var.h,v 1.96 2019/05/12 18:12:38 stsp Exp $ */
/* $NetBSD: ieee80211_var.h,v 1.7 2004/05/06 03:07:10 dyoung Exp $ */
/*-
@@ -247,6 +247,7 @@ struct ieee80211com {
u_int8_t ic_scan_count; /* count scans */
u_int32_t ic_flags; /* state flags */
u_int32_t ic_xflags; /* more flags */
+ u_int32_t ic_userflags; /* yet more flags */
u_int32_t ic_caps; /* capabilities */
u_int16_t ic_modecaps; /* set of mode capabilities */
u_int16_t ic_curmode; /* current mode */
@@ -395,7 +396,6 @@ struct ieee80211_ess {
#define IEEE80211_F_BGSCAN 0x08000000 /* STATUS: background scan */
#define IEEE80211_F_AUTO_JOIN 0x10000000 /* CONF: auto-join active */
#define IEEE80211_F_VHTON 0x20000000 /* CONF: VHT enabled */
-#define IEEE80211_F_USERMASK 0xc0000000 /* CONF: ioctl flag mask */
/* ic_xflags */
#define IEEE80211_F_TX_MGMT_ONLY 0x00000001 /* leave data frames on ifq */