Commit 6329b8d9 authored Sep 17, 2013 by Felix Fietkau Committed by Johannes Berg Sep 26, 2013

mac80211: drop spoofed packets in ad-hoc mode



If an Ad-Hoc node receives packets with the Cell ID or its own MAC
address as source address, it hits a WARN_ON in sta_info_insert_check()
With many packets, this can massively spam the logs. One way that this
can easily happen is through having Cisco APs in the area with rouge AP
detection and countermeasures enabled.
Such Cisco APs will regularly send fake beacons, disassoc and deauth
packets that trigger these warnings.

To fix this issue, drop such spoofed packets early in the rx path.

Cc: stable@vger.kernel.org
Reported-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

parent f478f33a

net/mac80211/rx.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -3056,6 +3056,9 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx,
		case NL80211_IFTYPE_ADHOC:
		if (!bssid)
		return 0;
		if (ether_addr_equal(sdata->vif.addr, hdr->addr2) \|\|
		ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2))
		return 0;
		if (ieee80211_is_beacon(hdr->frame_control)) {
		return 1;
		} else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) {

Admin message