mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
nl80211: Ignore "DEAUTH" messages from APs we are not associated to
DEAUTH messages can come from a number of different sources. The one that's hurting us currently is DEAUTH netlink messages coming to us from compat-wireless in response to local_state_change DEAUTH messages we sent as a part of cleaning up state in driver_nl80211's clear_state_mismatch() function. However, DEAUTH messages can come from a variety of unwanted sources, including directed denial-of-service attacks (although MAC verification doesn't place that high a barrier), so this validation is actually generically useful, I think. The downside to this method is that without a kernel based approach "iw dev wlan0 link" no longer works correctly after clear_state_mismatch() is done. This will be pursued with the kernel folks.
This commit is contained in:
parent
6c78ae1443
commit
cb30b297bd
@ -718,12 +718,28 @@ static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
|
|||||||
const u8 *bssid = NULL;
|
const u8 *bssid = NULL;
|
||||||
u16 reason_code = 0;
|
u16 reason_code = 0;
|
||||||
|
|
||||||
|
mgmt = (const struct ieee80211_mgmt *) frame;
|
||||||
|
if (len >= 24) {
|
||||||
|
bssid = mgmt->bssid;
|
||||||
|
|
||||||
|
if (drv->associated != 0 &&
|
||||||
|
os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
|
||||||
|
os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
|
||||||
|
/*
|
||||||
|
* We have presumably received this deauth as a
|
||||||
|
* response to a clear_state_mismatch() outgoing
|
||||||
|
* deauth. Don't let it take us offline!
|
||||||
|
*/
|
||||||
|
wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
|
||||||
|
"from Unknown BSSID " MACSTR " -- ignoring",
|
||||||
|
MAC2STR(bssid));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
drv->associated = 0;
|
drv->associated = 0;
|
||||||
os_memset(&event, 0, sizeof(event));
|
os_memset(&event, 0, sizeof(event));
|
||||||
|
|
||||||
mgmt = (const struct ieee80211_mgmt *) frame;
|
|
||||||
if (len >= 24)
|
|
||||||
bssid = mgmt->bssid;
|
|
||||||
/* Note: Same offset for Reason Code in both frame subtypes */
|
/* Note: Same offset for Reason Code in both frame subtypes */
|
||||||
if (len >= 24 + sizeof(mgmt->u.deauth))
|
if (len >= 24 + sizeof(mgmt->u.deauth))
|
||||||
reason_code = le_to_host16(mgmt->u.deauth.reason_code);
|
reason_code = le_to_host16(mgmt->u.deauth.reason_code);
|
||||||
|
Loading…
Reference in New Issue
Block a user