From 9bedf90047d61a5197b271c1ae942092b38731b0 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 4 Jan 2020 20:23:05 +0200 Subject: [PATCH] nl80211: Use monitor interface for sending no-encrypt test frames Since NL80211_CMD_FRAME does not allow encryption to be disabled for the frame, add a monitor interface temporarily for cases where this type of no-encrypt frames are to be sent. The temporary monitor interface is removed immediately after sending the frame. This is testing functionality (only in CONFIG_TESTING_OPTIONS=y builds) that is used for PMF testing where the AP can use this to inject an unprotected Robust Management frame (mainly, Deauthentication or Disassociation frame) even in cases where PMF has been negotiated for the association. Signed-off-by: Jouni Malinen --- src/drivers/driver_nl80211.c | 13 +++++++++++++ src/drivers/driver_nl80211_monitor.c | 3 +++ 2 files changed, 16 insertions(+) diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 967a24225..e4bc44ffb 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -3747,6 +3747,19 @@ static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data, WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_ACTION) use_cookie = 0; send_frame_cmd: +#ifdef CONFIG_TESTING_OPTIONS + if (no_encrypt && !encrypt && !drv->use_monitor) { + wpa_printf(MSG_DEBUG, + "nl80211: Request to send an unencrypted frame - use a monitor interface for this"); + if (nl80211_create_monitor_interface(drv) < 0) + return -1; + res = nl80211_send_monitor(drv, data, data_len, encrypt, + noack); + nl80211_remove_monitor_interface(drv); + return res; + } +#endif /* CONFIG_TESTING_OPTIONS */ + wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame_cmd"); res = nl80211_send_frame_cmd(bss, freq, wait_time, data, data_len, use_cookie, no_cck, noack, offchanok, diff --git a/src/drivers/driver_nl80211_monitor.c b/src/drivers/driver_nl80211_monitor.c index f25cd7924..7ff55f149 100644 --- a/src/drivers/driver_nl80211_monitor.c +++ b/src/drivers/driver_nl80211_monitor.c @@ -71,6 +71,9 @@ static void handle_frame(struct wpa_driver_nl80211_data *drv, u16 fc; union wpa_event_data event; + if (!drv->use_monitor) + return; + hdr = (struct ieee80211_hdr *) buf; fc = le_to_host16(hdr->frame_control);