summaryrefslogtreecommitdiff
path: root/net/mac80211
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2013-09-17 11:15:43 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2013-11-13 12:05:30 +0900
commitd7da0fc72d073181e65970edad0a9461542e02c6 (patch)
tree2f1b11a406346e39d0a27e8b83ff4ee369a999f4 /net/mac80211
parent715a606d73f63e94259e6251565e6e12e3271d0f (diff)
downloadlinux-3.10-d7da0fc72d073181e65970edad0a9461542e02c6.tar.gz
linux-3.10-d7da0fc72d073181e65970edad0a9461542e02c6.tar.bz2
linux-3.10-d7da0fc72d073181e65970edad0a9461542e02c6.zip
mac80211: drop spoofed packets in ad-hoc mode
commit 6329b8d917adc077caa60c2447385554130853a3 upstream. If an Ad-Hoc node receives packets with the Cell ID or its own MAC address as source address, it hits a WARN_ON in sta_info_insert_check() With many packets, this can massively spam the logs. One way that this can easily happen is through having Cisco APs in the area with rouge AP detection and countermeasures enabled. Such Cisco APs will regularly send fake beacons, disassoc and deauth packets that trigger these warnings. To fix this issue, drop such spoofed packets early in the rx path. Reported-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de> Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/rx.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 83f6d29202a..ec09bcba9ba 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -3002,6 +3002,9 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx,
case NL80211_IFTYPE_ADHOC:
if (!bssid)
return 0;
+ if (ether_addr_equal(sdata->vif.addr, hdr->addr2) ||
+ ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2))
+ return 0;
if (ieee80211_is_beacon(hdr->frame_control)) {
return 1;
} else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) {