| Age | Commit message (Collapse) | Author |
|---|
|
the caller and the function that the function will not fail to allocate
memory and return a NULL pointer. However, m_dup_pkthdr() violates
this contract, making it possible for functions that pass M_WAITOK to
be surprised in ways that hurt.
Fix this by passing the wait flag all the way down the functions that
actually do the allocation for m_dup_pkthdr() so that we won't be
surprised.
man page update forthcoming
ok claudio@
|
|
timingsafe_bcmp().
ok deraadt@; committed over WPA.
|
|
from Jurjen Oskam.
|
|
call fails. this double-free was introduced with the M_DUP_PKTHRD
to m_dup_pkthdr change that got committed before I had a chance to
review it.
|
|
with m_tag_copy_chain() failures.
Use m_defrag() to eliminate hand rolled defragging of mbufs and
some uses of M_DUP_PKTHDR().
Original diff from thib@, claudio@'s feedback integrated by me.
Tests kevlo@ claudio@, "reads ok" blambert@
ok thib@ claudio@, "m_defrag() bits ok" kettenis@
|
|
many implementations (including ours) will drop frames with a
TSC equal to 0 (they are considered replayed frames.)
|
|
this prevents an attacker from changing the TTAK (DoS attack) by
sending a frame with a large TSC but with a bad ICV and/or MIC.
now an attacker can only invalidate the cached TTAK.
|
|
|
|
to our AP as we enter TKIP countermeasures by caching the TSC of
the last frame to fail the MIC; prompted by and ok damien@
|
|
attacks against WEP and WPA". The attack works by using the MIC failure
notification messages sent station->AP on MIC failure as an oracle to
verify guesses to reverse the CRC.
To stop this, we can skip sending these notify frames except when we
are going into "countermeasures" mode (drop the AP association, do not
process traffic for 60s). When we go into countermeasures, I send two
MIC failure notifications in a row - this should force the AP into
countermeasures too.
ok damien@
|
|
header fields (Sequence Control, Address 4, QoS Control, +HTC) and
use them where appropriate.
Add ieee80211_get_qos() inline function to extract the QoS control
field of an 802.11 header instead of duplicating the same scary
code everywhere (the location of this field depends on the presence
of an Address 4 field).
Export ieee80211_up_to_ac() so that drivers can select the access
category to use based on the TID subfield of the QoS Control field.
Define more QoS-related bits for the RSN Capabilities field of RSN IE
(will be used later).
|
|
remove IBSS and HostAP support from net80211 and 802.11 drivers.
it can be used to shrink RAMDISK kernels for instance (like what
was done for wi(4)).
it also has the benefit of highlighting what is specific to IBSS
and HostAP modes in the code.
the cost is that we now have two code paths to maintain.
|
|
some cleanup while i'm here.
|
|
replay counter.
|
|
of MLEM, damien ok
|
|
properly handle frames with an address 4 field (required for future work).
remove useless #includes.
|
|
|
|
crc in addition to the existing "oneshot" mode and use them to replace
ieee80211_crc_update() with the new ether_crc32_le_update(). Saves 1k
kernel bss + some code.
Mark the new ether_crc32_[lb]e_update functions as __pure for a
~25x speedup (on my i386 at least).
feedback and ok damien@
|
|
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@
ok deraadt@
|
