mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
wlantest: Search bss/sta entry more thoroughly for 4-address frames
Previous design worked for the case where only one of the devices was beaconing, but failed in one direction to find the PTK if both devices beaconed. Fix this by checking the A1/A2 fields in both directions if the first pick fails to find the sta entry. In addition, select the proper rsc value (rsc_tods vs. rsc_fromds) based on A2 (TA) value for ToDS+FromDS frames to avoid reporting incorrect replay issues. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
af6614ca10
commit
aab6612836
@ -250,7 +250,7 @@ static void rx_data_bss_prot(struct wlantest *wt,
|
|||||||
const u8 *qos, const u8 *dst, const u8 *src,
|
const u8 *qos, const u8 *dst, const u8 *src,
|
||||||
const u8 *data, size_t len)
|
const u8 *data, size_t len)
|
||||||
{
|
{
|
||||||
struct wlantest_bss *bss;
|
struct wlantest_bss *bss, *bss2;
|
||||||
struct wlantest_sta *sta, *sta2;
|
struct wlantest_sta *sta, *sta2;
|
||||||
int keyid;
|
int keyid;
|
||||||
u16 fc = le_to_host16(hdr->frame_control);
|
u16 fc = le_to_host16(hdr->frame_control);
|
||||||
@ -275,9 +275,17 @@ static void rx_data_bss_prot(struct wlantest *wt,
|
|||||||
bss = bss_find(wt, hdr->addr1);
|
bss = bss_find(wt, hdr->addr1);
|
||||||
if (bss) {
|
if (bss) {
|
||||||
sta = sta_find(bss, hdr->addr2);
|
sta = sta_find(bss, hdr->addr2);
|
||||||
if (sta)
|
if (sta) {
|
||||||
sta->counters[
|
sta->counters[
|
||||||
WLANTEST_STA_COUNTER_PROT_DATA_TX]++;
|
WLANTEST_STA_COUNTER_PROT_DATA_TX]++;
|
||||||
|
} else {
|
||||||
|
bss2 = bss_find(wt, hdr->addr2);
|
||||||
|
if (bss2) {
|
||||||
|
sta = sta_find(bss2, hdr->addr1);
|
||||||
|
if (sta)
|
||||||
|
bss = bss2;
|
||||||
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
bss = bss_find(wt, hdr->addr2);
|
bss = bss_find(wt, hdr->addr2);
|
||||||
if (!bss)
|
if (!bss)
|
||||||
@ -393,6 +401,12 @@ static void rx_data_bss_prot(struct wlantest *wt,
|
|||||||
rsc = tdls->rsc_init[tid];
|
rsc = tdls->rsc_init[tid];
|
||||||
else
|
else
|
||||||
rsc = tdls->rsc_resp[tid];
|
rsc = tdls->rsc_resp[tid];
|
||||||
|
} else if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) ==
|
||||||
|
(WLAN_FC_TODS | WLAN_FC_FROMDS)) {
|
||||||
|
if (os_memcmp(sta->addr, hdr->addr2, ETH_ALEN) == 0)
|
||||||
|
rsc = sta->rsc_tods[tid];
|
||||||
|
else
|
||||||
|
rsc = sta->rsc_fromds[tid];
|
||||||
} else if (fc & WLAN_FC_TODS)
|
} else if (fc & WLAN_FC_TODS)
|
||||||
rsc = sta->rsc_tods[tid];
|
rsc = sta->rsc_tods[tid];
|
||||||
else
|
else
|
||||||
|
Loading…
Reference in New Issue
Block a user