| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using if_enqueue() here, from interrupt context, might result in
the packet beeing enqueued, incorrectly encrypted, on the TX ring.
This race has been recently exposed by the re-introduction of the
TX mitigation. It exists because the net80211 stack sets
IEEE80211_NODE_TXPROT on the node while processing the 3rd message,
assuming the answer has already been transmitted. However a CPU
returns from if_enqueue() it cannot assume that the send queue is
empty. So call if_start() to flush this queue.
Encrypting the 4th message of the 4way handshake with the new key
breaks WPA handshake as found the hardway by anton@.
Race analysed by dlg@, a lot of net80211 inputs and suggetions from
stsp@.
ok stsp@, dlg@
|
| |
|
|
|
|
|
| |
A malicious AP could trick clients into connecting to the malicious AP
instead of the desired AP. All frames would then be sent in the clear.
This problem was found and reported by Mathy Vanhoef who also provided
an initial patch which we improved together.
|
| |
|
|
| |
Client-side bug found while investigating TKIP countermeasures.
|
| |
|
|
|
|
|
|
|
|
|
| |
pointers.
These functions have been introduced to abstract some of the MP-
safeness^Wmadness and should be use everywhere.
Prodded by a comment from jsg@.
ok mikeb@, stsp@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
there are two things shared between the network stack and drivers
in the send path: the send queue and the IFF_OACTIVE flag. the send
queue is now protected by a mutex. this diff makes the oactive
functionality mpsafe too.
IFF_OACTIVE is part of if_flags. there are two problems with that.
firstly, if_flags is a short and we dont have any MI atomic operations
to manipulate a short. secondly, while we could make the IFF_OACTIVE
operates mpsafe, all changes to other flags would have to be made
safe at the same time, otherwise a read-modify-write cycle on their
updates could clobber the oactive change.
instead, this moves the oactive mark into struct ifqueue and provides
an API for changing it. there's ifq_set_oactive, ifq_clr_oactive,
and ifq_is_oactive. these are modelled on ifsq_set_oactive,
ifsq_clr_oactive, and ifsq_is_oactive in dragonflybsd.
this diff includes changes to all the drivers manipulating IFF_OACTIVE
to now use the ifsq_{set,clr_is}_oactive API too.
ok kettenis@ mpi@ jmatthew@ deraadt@
|
| |
|
|
|
|
|
|
|
| |
This header is only needed because <netinet/if_ether.h> declares a
structure that needs it. But it turns out that <net/if.h> already
includes it as workaround.
A proper solution would be to stop declarting "struct ether_arp"
there. But no driver should need this header.
|
| |
|
|
|
|
| |
also the comment above IFQ_ENQUEUE that says the pattr argument is unused.
ok mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(Especially adding IF_DROP() after IFQ_ENQUEUE() was completely wrong because
IFQ_ENQUEUE() already does it. Oops.)
After this revert, the situation becomes:
- if_snd.ifq_drops is incremented in either IFQ_ENQUEUE() or IF_DROP(), but
it is not shown to userland, and
- if_data.ifi_oqdrops is shown to userland, but it is not incremented by
anyone.
|
| |
|
|
|
|
| |
mpi@ prefers checking IFQ_ENQUEUE() error, and this matches that.
OK dlg@
|
| |
|
|
|
|
| |
variable is initialized to NULL in the WPA case. No functional change.
Pointed out by Maxime Villard's brainy code scanner.
ok claudio@ zhuk@
|
| |
|
|
|
|
|
| |
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
| | |
|
| |
|
|
| |
ok mpi@ kspillner@
|
| | |
|
| |
|
|
|
|
| |
old one.
found after reading a post by Nathanael Rensen to tech@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- implement A-MPDU frames buffering and reordering
- implement A-MSDU decapsulation
- process/send ADDBA Request, ADDBA Response and DELBA action frames
- process Block Ack Request control frames (including MTBAR)
- implement PBAC support (Protected Block Ack)
- add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0:
- implement SA Query procedure (both AP and STA)
- cleanup BIP
Fix some bugs:
- fix check for WEP key length that otherwise caused a stack smash in
ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc)
- properly stop EAPOL timeout: fixes a panic that occured in HostAP mode
when turning the interface down while a 4-way handshake is in progress
(pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined)
because they won't be ready until after the next release and I didn't
want to grow the kernel or to inadvertently introduce new bugs.
They are here such that other people can look at the code.
Notice that I had to add an extra parameter to ic_send_mgmt() for
action frames, that is why there are small changes in drivers defining
their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in
my tree for too long now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will be required for future WPA-Enterprise support (802.1X).
Add ieee80211_needs_auth() function (not implemented yet) to
notify the userland 802.1X PACP machine when an 802.1X port
becomes enabled (that is after successfull 802.11 Open System
authentication).
Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the
PACP state machine can kick the 802.11 key state machine and
install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw).
This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC
for data integrity, and AES Key Wrap for data protection of EAPOL-Key
frames. An OpenBSD AP will always advertise this capability and an
OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based
ones if both are supported by an AP.
|
| |
|
|
|
|
|
|
|
| |
remove IBSS and HostAP support from net80211 and 802.11 drivers.
it can be used to shrink RAMDISK kernels for instance (like what
was done for wi(4)).
it also has the benefit of highlighting what is specific to IBSS
and HostAP modes in the code.
the cost is that we now have two code paths to maintain.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
instead of hard-coding values.
for RSN IE, request space for Group Integrity Cipher Suite.
|
| |
|
|
|
| |
of the frame so that it is a multiple of 8 bytes before encryption.
So we must reserve up to 15 bytes in the mbuf for the worst case, not 8.
|
| |
|
|
| |
if MFP was negotiated with the peer (not possible yet).
|
| |
|
|
|
|
|
|
| |
copy m_pkthdr.len and m_flags before and use that after to update
the statistics.
from altq(4) man page and for consistency with what is done in
other parts of the tree.
|
| |
|
|
|
|
|
| |
automatically prepend __func__ to output.
deobfuscates debug messages a bit.
no binary change unless compiled with IEEE80211_DEBUG.
|
| |
|
|
|
|
|
|
|
|
|
| |
The bug was added on 04/16 but it started to show up only after 06/12 when
the value of MINCLSIZE was changed to something different from MHLEN + 1.
Thanks to dlg@ and giovanni (qgiovanni at gmail dot com) for putting me
on the right track.
Tested by giovanni.
Should fix system/5881 too.
|
| |
|
|
| |
this must not be included by drivers.
|
| |
|
mpi
stsp
dlg
uebayasi
jsg
tedu
damien