CVSROOT:        /cvs
Module name:    src
Changes by:     s...@cvs.openbsd.org    2020/05/26 05:45:32

Modified files:
        sys/net80211   : ieee80211_input.c 

Log message:
Let unencrypted 802.11 frames pass during hardware decryption post-processing.

Some drivers, such as ral(4), cannot provide the IV required for a replay
check because hardware strips the IV before passing the frame to the driver.
Which means frames with the RXI_HWDEC flag but without the 'protected' bit
set in the frame header must be passed without any further verification and
without updating the last-seen packet number.
All we can do is hope that these devices perform replay checking correctly.

Fixes a regression where some ral(4) devices would fail to receive packets
on encrypted networks. Reported and fix confirmed by Hendrik Meyburgh.

ok mpi@

Reply via email to