Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp589473rwb; Thu, 1 Dec 2022 06:08:43 -0800 (PST) X-Google-Smtp-Source: AA0mqf4EOA/Z5sV0RlcKmkcetaF0MNqxg73lojoc98YOn/xflsXeAaJ+GmDtR5X9rnUyvDg3GNGf X-Received: by 2002:a17:90a:aa12:b0:219:5a10:30b9 with SMTP id k18-20020a17090aaa1200b002195a1030b9mr11796812pjq.73.1669903723204; Thu, 01 Dec 2022 06:08:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669903723; cv=none; d=google.com; s=arc-20160816; b=Zj7F7dVX1ZXn1FEbF1R0eZCUFUrARMJWXsGSenw2amn/fOQitIknhpKRWYj7/JBVra LBU06R35brW7rji/cWwKo4Gq5SEk7gsf0/okjOf2gbdvXb9ce8pJ0LC6ycP+1u4xR71l IsCzuEQZ++2nnNaI3qv6etNMi6paH54Hl/bk2a4bzB5kkduIeAnQGoBDzrNuk6Gc5tE+ IaQuIQjlnFDNyhekCbBc8V9L8MyAiiwb2dFPCAwKSMXDDZPRnto63LTm0xUJgKEbm0Oh o1FCDW3pIjaqFOeYUgPw9HOPkyPL5EXwuzRCYEfeGHFsvHu1gIlNh6ixqa2NYtjKEWIb B6Qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=cG6IJ2ZiykwAKzxlwE2Og+qUliEvZPYZU6XfRJtVBVM=; b=gEtdbznftQaV3wm6Tnk3Yqy0jOmNmWHZ27ufHlmsF1gDZ+LcQ7AHj1Ok+zANeuOY5W 6MntV0oI/3+8V7FBJLvlyqNH//3qB+RSL7H+921bZlPG8oHjlIEHhxqg2lJYoB070nrZ 18TCEMPpMFigHQlGDt02fAuk+CCn6V9/5Niidk5junuKWshLhUaPu8CskquM/CQsBJQR ItBqG94cuL7FSQeFB+wijOQvJ8EvYCTeqiVWFRbadugpgofUZNM5siY/mN+9oCsiza2w lgFWeiq4oemEch3o/hUNQP9w0TdTzn3ydIsMulRdLI2owKPuRBYtNLHGBfQiviKf81v1 G2uw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@nbd.name header.s=20160729 header.b=qXDTZ4bc; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nbd.name Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q21-20020a056a00089500b0056e6d31b27asi5165999pfj.160.2022.12.01.06.08.28; Thu, 01 Dec 2022 06:08:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@nbd.name header.s=20160729 header.b=qXDTZ4bc; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nbd.name Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231685AbiLAN5i (ORCPT + 68 others); Thu, 1 Dec 2022 08:57:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40474 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231424AbiLAN5g (ORCPT ); Thu, 1 Dec 2022 08:57:36 -0500 Received: from nbd.name (nbd.name [46.4.11.11]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 62EDBD4F for ; Thu, 1 Dec 2022 05:57:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nbd.name; s=20160729; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject: Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=cG6IJ2ZiykwAKzxlwE2Og+qUliEvZPYZU6XfRJtVBVM=; b=qXDTZ4bcB/+OjXGXUPWP9okNXT BJ8fDdDASJzLu5Kgr8aaj+uhPVxZijwjo0WaYqSUQAYmxdcGpY1b8QQztY9DbaqYZzX3D5HVDhylr 6V7K9bF6W8/o+6t5lWkrf0egLLZ8nagXk2JltaBvh2h+xAKWBXerxv5vIUOLP+YkhoPQ=; Received: from p200300daa7225c08186973351f2f7021.dip0.t-ipconnect.de ([2003:da:a722:5c08:1869:7335:1f2f:7021] helo=localhost.localdomain) by ds12 with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (Exim 4.94.2) (envelope-from ) id 1p0k4B-005gV6-9z; Thu, 01 Dec 2022 14:57:31 +0100 From: Felix Fietkau To: linux-wireless@vger.kernel.org Cc: johannes@sipsolutions.net Subject: [PATCH] wifi: mac80211: fix and simplify unencrypted drop check for mesh Date: Thu, 1 Dec 2022 14:57:30 +0100 Message-Id: <20221201135730.19723-1-nbd@nbd.name> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org ieee80211_drop_unencrypted is called from ieee80211_rx_h_mesh_fwding and ieee80211_frame_allowed. Since ieee80211_rx_h_mesh_fwding can forward packets for other mesh nodes and is called earlier, it needs to check the decryptions status and if the packet is using the control protocol on its own, instead of deferring to the later call from ieee80211_frame_allowed. Because of that, ieee80211_drop_unencrypted has a mesh specific check that skips over the mesh header in order to check the payload protocol. This code is invalid when called from ieee80211_frame_allowed, since that happens after the 802.11->802.3 conversion. Fix this by moving the mesh specific check directly into ieee80211_rx_h_mesh_fwding. Signed-off-by: Felix Fietkau --- net/mac80211/rx.c | 38 ++++++++++---------------------------- 1 file changed, 10 insertions(+), 28 deletions(-) diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index c28c6fbf786e..7e3ab6e1b28f 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -2403,7 +2403,6 @@ static int ieee80211_802_1x_port_control(struct ieee80211_rx_data *rx) static int ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc) { - struct ieee80211_hdr *hdr = (void *)rx->skb->data; struct sk_buff *skb = rx->skb; struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); @@ -2414,31 +2413,6 @@ static int ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc) if (status->flag & RX_FLAG_DECRYPTED) return 0; - /* check mesh EAPOL frames first */ - if (unlikely(rx->sta && ieee80211_vif_is_mesh(&rx->sdata->vif) && - ieee80211_is_data(fc))) { - struct ieee80211s_hdr *mesh_hdr; - u16 hdr_len = ieee80211_hdrlen(fc); - u16 ethertype_offset; - __be16 ethertype; - - if (!ether_addr_equal(hdr->addr1, rx->sdata->vif.addr)) - goto drop_check; - - /* make sure fixed part of mesh header is there, also checks skb len */ - if (!pskb_may_pull(rx->skb, hdr_len + 6)) - goto drop_check; - - mesh_hdr = (struct ieee80211s_hdr *)(skb->data + hdr_len); - ethertype_offset = hdr_len + ieee80211_get_mesh_hdrlen(mesh_hdr) + - sizeof(rfc1042_header); - - if (skb_copy_bits(rx->skb, ethertype_offset, ðertype, 2) == 0 && - ethertype == rx->sdata->control_port_protocol) - return 0; - } - -drop_check: /* Drop unencrypted frames if key is set. */ if (unlikely(!ieee80211_has_protected(fc) && !ieee80211_is_any_nullfunc(fc) && @@ -2892,8 +2866,16 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx) hdr = (struct ieee80211_hdr *) skb->data; mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen); - if (ieee80211_drop_unencrypted(rx, hdr->frame_control)) - return RX_DROP_MONITOR; + if (ieee80211_drop_unencrypted(rx, hdr->frame_control)) { + int offset = hdrlen + ieee80211_get_mesh_hdrlen(mesh_hdr) + + sizeof(rfc1042_header); + __be16 ethertype; + + if (!ether_addr_equal(hdr->addr1, rx->sdata->vif.addr) || + skb_copy_bits(rx->skb, offset, ðertype, 2) != 0 || + ethertype != rx->sdata->control_port_protocol) + return RX_DROP_MONITOR; + } /* frame is in RMC, don't forward */ if (ieee80211_is_data(hdr->frame_control) && -- 2.38.1