Age | Commit message (Collapse) | Author |
|
ieee80211_node_leave_rsn() since ieee80211_node_leave_rsn()
calls ic_delete_key() and drivers like ral(4) RT2860 need
a valid associd in their delete_key callbacks.
This affects HostAP mode only.
from Nathanael Rensen.
remove a useless (nested) #ifndef IEEE80211_STA_ONLY while i'm here
|
|
what is not supported as a group cipher, enumerate what is supported.
|
|
otherwise we will panic in ieee80211_add_rsn_body().
this may be the cause of a panic seen by reyk@ though i'm not 100% sure.
|
|
|
|
instead of copying the 802.11 header on the stack and building
the ethernet header directly in the mbuf, build the ethernet
header on the stack directly from the 802.11 header in the
mbuf and copy the ethernet header to the mbuf after stripping
the 802.11 header.
makes the code easier to read/understand, especially, it is
now explicit what is being put in the ether_type field.
diff from Matthew Dempsky (matthew at dempsky dot org)
moved ieee80211_align_mbuf() under #ifdef __STRICT_ALIGNMENT
while i'm here.
|
|
old one.
found after reading a post by Nathanael Rensen to tech@
|
|
as we do not use any field after i_addr4.
slightly modified version of a diff from Matthew Dempsky (matthew at
dempsky dot org), used MIN instead of min.
|
|
sysctl.h was reliant on this particular include, and many drivers included
sysctl.h unnecessarily. remove sysctl.h or add proc.h as needed.
ok deraadt
|
|
and athn are only theoretically interesting. i33380211_node fixes a real
bug in occupied channel detection.
ok damien@
|
|
changed from 16 bytes to 2 bytes.
no binary change
|
|
is received. The creation of a new node is already handled in
ieee80211_recv_probe_resp() when necessary.
This avoids creating empty nodes with wrong channels when beacons
are received on the wrong channel (overlapping channels).
Those empty nodes may also prevent the real node from being
discovered because of ieee80211_find_node_for_beacon() filtering.
This should prevent entries of the form:
nwid "" chan 3 bssid 00:01:02:03:04:05 0dB 54M
in "ifconfig if0 scan" output, like reported by Rivo Nurges.
|
|
packet, copy the key out of it properly.
fixes the problem where only broadcast packets like ipv6 router
advertisements were failing decryption and processing, only after a
rekey.
ok damien@
|
|
|
|
port is valid (keys have been successfully exchanged.)
this avoids dhclient timeouts when wpa is enabled.
|
|
reminded by STeve Andre.
|
|
from Jurjen Oskam.
|
|
call fails. this double-free was introduced with the M_DUP_PKTHRD
to m_dup_pkthdr change that got committed before I had a chance to
review it.
|
|
with m_tag_copy_chain() failures.
Use m_defrag() to eliminate hand rolled defragging of mbufs and
some uses of M_DUP_PKTHDR().
Original diff from thib@, claudio@'s feedback integrated by me.
Tests kevlo@ claudio@, "reads ok" blambert@
ok thib@ claudio@, "m_defrag() bits ok" kettenis@
|
|
|
|
There are cases where the interface can be up but not running, for
instance if the driver's if_init routine fails halfway for whatever
reason (firmware file not found, hardware switch turned off etc...)
This is because in sys/net/if.c, the returned code of the driver
is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set.
netintro(4) does not say anything about values returned by
SIOCSIFFLAGS, so I don't know whether it is the expected behavior
or not.
pointed out by halex@ and jacekm@ who noticed it was possible to
trigger a scan on wpi(4) even when the hardware switch was turned off.
|
|
priority 0. while we are in here make sure we add wi interfaces to group "wlan"
in the same way the net80211 stuff already is.
this makes dhcp multiple default routes useful on laptops.
ok claudio@
|
|
from dhill@
|
|
that do not explicitly state this capability (using flag IEEE80211_C_RAWCTL).
also, perform all the sanity checks on injected raw 802.11 frames earlier
(in ieee80211_output instead of ieee80211_encap).
prevent kernel panics with many drivers when running aircrack-ng.
when/if all drivers are capable, we can remove this C_RAWCTL flag.
|
|
many implementations (including ours) will drop frames with a
TSC equal to 0 (they are considered replayed frames.)
|
|
this prevents an attacker from changing the TTAK (DoS attack) by
sending a frame with a large TSC but with a bad ICV and/or MIC.
now an attacker can only invalidate the cached TTAK.
|
|
of defining it unconditionnaly.
although the HT code is not ready yet, making it compile on
GENERIC kernels will help catch regressions/bugs if any.
|
|
the SA Query Transaction Identifier field is now a 16-bit non-negative
counter value instead of a 128-bit random value.
|
|
field in (Re)Association Requests.
This fixes association with APs refusing non-short-slot-time capable STAs.
This should also prevent the AP we're associating with to disable the use
of short slot time in the BSS as we join.
Fix debug message in recv_assoc_resp() while I'm here (s/reason/status/).
Scary.
Thanks to Adam Emanuel for spotting this.
|
|
add "ifconfig if0 scan" to scan for access points or to list known
stations in Host AP mode.
remove the [-]wmm command while i'm here. QoS is mandatory with
802.11n so there's not much point into making it an option.
fix parsing of the "powersave" command too.
discussed with deraadt@
man page hints from jmc@
display hints from sobrado@
"i like it" cnst@, grange@
|
|
Some supplicants will autoselect 802.1X without giving users the
possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined
in Draft 802.11w) by default in the RSN IE of beacons and probe responses
as it confuses some broken supplicants. This kind of sacrifies security
for interoperability with shitty (but unfortunately widespread) clients
that do not follow the 802.11 standard properly.
This fixes associations from Intel PROSet on XP and also reportedly fixes
some Mac OS clients. I will likely make `psk-sha256' configurable through
ifconfig wpaakms after the 4.5 release.
|
|
the code will allow the concurrent reception of fragments of three
fragmented MSDUs or MMPDUs as required by the 802.11 standard.
|
|
noticed by ray@, more investigation from sthen@
fix tested by sthen@
|
|
Maintain state for both originator and recipient roles separately.
Do not allocate receive reordering buffer in addba_request().
Test the "initiator" bit in incoming DELBA frames and set it appropriately
in outgoing DELBA frames.
Separate callbacks for Tx/Rx too.
no binary change since all this is #ifdef'ed out.
|
|
instead of resorting to horrid hacks/casts.
Restore the ieee80211_node structure back to its original state.
|
|
pointed out by krw@
|
|
this way we can avoid putting a full node structure (which is huge)
on the stack in ieee80211_find_node().
this is a bit tricky but the RB_FIND macro wants an "elem" structure,
not a field of "elem".
|
|
this reduces memory footprint and avoids a stack usage warning in
ieee80211_find_node() that breaks amd64 build.
pointed out by landry@
|
|
- implement A-MPDU frames buffering and reordering
- implement A-MSDU decapsulation
- process/send ADDBA Request, ADDBA Response and DELBA action frames
- process Block Ack Request control frames (including MTBAR)
- implement PBAC support (Protected Block Ack)
- add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0:
- implement SA Query procedure (both AP and STA)
- cleanup BIP
Fix some bugs:
- fix check for WEP key length that otherwise caused a stack smash in
ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc)
- properly stop EAPOL timeout: fixes a panic that occured in HostAP mode
when turning the interface down while a 4-way handshake is in progress
(pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined)
because they won't be ready until after the next release and I didn't
want to grow the kernel or to inadvertently introduce new bugs.
They are here such that other people can look at the code.
Notice that I had to add an extra parameter to ic_send_mgmt() for
action frames, that is why there are small changes in drivers defining
their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in
my tree for too long now.
|
|
From FreeBSD via mickey in pr 6024.
ok damien@
|
|
every DTIM in HostAP mode.
Flushes all group addressed MSDUs buffered at the AP for power management.
|
|
|
|
|
|
flags using "nwflag".
|
|
|
|
to our AP as we enter TKIP countermeasures by caching the TSC of
the last frame to fail the MIC; prompted by and ok damien@
|
|
attacks against WEP and WPA". The attack works by using the MIC failure
notification messages sent station->AP on MIC failure as an oracle to
verify guesses to reverse the CRC.
To stop this, we can skip sending these notify frames except when we
are going into "countermeasures" mode (drop the AP association, do not
process traffic for 60s). When we go into countermeasures, I send two
MIC failure notifications in a row - this should force the AP into
countermeasures too.
ok damien@
|
|
hostap mode by canceling the group rekey timeout in ieee80211_node_detach().
ok damien
|
|
This should take care of the simpler ones (i.e., timeout values of
integer multiples of hz).
ok krw@, art@
|
|
Move calling ether_ioctl() from the top of the ioctl function, which
at the moment does absolutely nothing, to the default switch case.
Thus allowing drivers to define their own ioctl handlers and then
falling back on ether_ioctl(). The only functional change this results
in at the moment is having all Ethernet drivers returning the proper
errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown
ioctl's.
Shrinks the i386 kernels by..
RAMDISK - 1024 bytes
RAMDISKB - 1120 bytes
RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@
Build tested on almost all archs by todd@/brad@
ok jsing@
|
|
pointed out by deraadt@, Markus Peloquin
sorry guys.
|