On Fri, Feb 05, 2016 at 03:41:17PM +0100, Stefan Sperling wrote:
> Also, align the sequence number replay check with what ieee80211_input() does.
On second thought, I'm retracting my change to the sequence number check.
This check is about replay detection to make attacks on the crypto harder,
not about retried frames. So I'd like to keep this check strict.
The A-MPDU subframe problem is fixed either way.
Index: if_iwn.c
===================================================================
RCS file: /cvs/src/sys/dev/pci/if_iwn.c,v
retrieving revision 1.161
diff -u -p -r1.161 if_iwn.c
--- if_iwn.c 5 Feb 2016 16:09:19 -0000 1.161
+++ if_iwn.c 5 Feb 2016 17:21:09 -0000
@@ -1843,6 +1843,7 @@ iwn_ccmp_decap(struct iwn_softc *sc, str
struct ieee80211com *ic = &sc->sc_ic;
struct ieee80211_key *k = &ni->ni_pairwise_key;
struct ieee80211_frame *wh;
+ struct ieee80211_rx_ba *ba;
uint64_t pn, *prsc;
uint8_t *ivp;
uint8_t tid;
@@ -1859,6 +1860,7 @@ iwn_ccmp_decap(struct iwn_softc *sc, str
}
hasqos = ieee80211_has_qos(wh);
tid = hasqos ? ieee80211_get_qos(wh) & IEEE80211_QOS_TID : 0;
+ ba = hasqos ? &ni->ni_rx_ba[tid] : NULL;
prsc = &k->k_rsc[tid];
/* Extract the 48-bit PN from the CCMP header. */
@@ -1869,7 +1871,7 @@ iwn_ccmp_decap(struct iwn_softc *sc, str
(uint64_t)ivp[6] << 32 |
(uint64_t)ivp[7] << 40;
if (pn <= *prsc) {
- if (hasqos && (sc->last_rx_valid & IWN_LAST_RX_AMPDU)) {
+ if (hasqos && ba->ba_state == IEEE80211_BA_AGREED) {
/*
* This is an A-MPDU subframe.
* Such frames may be received out of order due to
@@ -1896,14 +1898,17 @@ iwn_ccmp_decap(struct iwn_softc *sc, str
ic->ic_stats.is_ccmp_replays++;
return 1;
}
+ /* Update last seen packet number. */
+ *prsc = pn;
} else {
DPRINTF(("CCMP replayed\n"));
ic->ic_stats.is_ccmp_replays++;
return 1;
}
+ } else {
+ /* Update last seen packet number. */
+ *prsc = pn;
}
- /* Update last seen packet number. */
- *prsc = pn;
/* Clear Protected bit and strip IV. */
wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
