mirror of
https://github.com/aircrack-ng/rtl8812au.git
synced 2024-11-26 15:14:02 +00:00
rtl8812a: do not overwrite sequence number of injected frames
The sequence number of inject frames was being overwritten. This prevents certain older attacks against WEP fragmentation older TKIP attacks. Fix this by tracking if a frames was injected in monitor mode, and if so, do not overwrite its sequence number. The patch also adds a module parameter to revert this behaviour if needed. By setting rtw_monitor_overwrite_seqnum to 1, sequence numbers will again be set by the driver/device. This may by useful if user-space relied on the driver/device to set sequence numbers. This patch was tested using an Alfa AWUS036ACH.
This commit is contained in:
parent
df2b8dfd8c
commit
1b86121806
@ -4460,6 +4460,7 @@ s32 rtw_monitor_xmit_entry(struct sk_buff *skb, struct net_device *ndev)
|
|||||||
/* Check DATA/MGNT frames */
|
/* Check DATA/MGNT frames */
|
||||||
pwlanhdr = (struct rtw_ieee80211_hdr *)pframe;
|
pwlanhdr = (struct rtw_ieee80211_hdr *)pframe;
|
||||||
pattrib = &pmgntframe->attrib;
|
pattrib = &pmgntframe->attrib;
|
||||||
|
pattrib->injected = _TRUE;
|
||||||
|
|
||||||
if (pregpriv->monitor_disable_1m) {
|
if (pregpriv->monitor_disable_1m) {
|
||||||
|
|
||||||
|
@ -60,6 +60,7 @@ static s32 update_txdesc(struct xmit_frame *pxmitframe, u8 *pmem, s32 sz , u8 ba
|
|||||||
#endif/*CONFIG_80211N_HT*/
|
#endif/*CONFIG_80211N_HT*/
|
||||||
u8 vht_max_ampdu_size = 0;
|
u8 vht_max_ampdu_size = 0;
|
||||||
struct dvobj_priv *pdvobjpriv = adapter_to_dvobj(padapter);
|
struct dvobj_priv *pdvobjpriv = adapter_to_dvobj(padapter);
|
||||||
|
struct registry_priv *pregpriv = &(padapter->registrypriv);
|
||||||
|
|
||||||
#ifndef CONFIG_USE_USB_BUFFER_ALLOC_TX
|
#ifndef CONFIG_USE_USB_BUFFER_ALLOC_TX
|
||||||
if (padapter->registrypriv.mp_mode == 0) {
|
if (padapter->registrypriv.mp_mode == 0) {
|
||||||
@ -115,10 +116,16 @@ static s32 update_txdesc(struct xmit_frame *pxmitframe, u8 *pmem, s32 sz , u8 ba
|
|||||||
|
|
||||||
/* offset 12 */
|
/* offset 12 */
|
||||||
|
|
||||||
if (!pattrib->qos_en) {
|
if (pattrib->injected == _TRUE && !pregpriv->monitor_overwrite_seqnum) {
|
||||||
|
/* Prevent sequence number from being overwritten */
|
||||||
|
SET_TX_DESC_HWSEQ_EN_8812(ptxdesc, 0); /* Hw do not set sequence number */
|
||||||
|
SET_TX_DESC_SEQ_8812(ptxdesc, pattrib->seqnum); /* Copy inject sequence number to TxDesc */
|
||||||
|
}
|
||||||
|
else if (!pattrib->qos_en) {
|
||||||
SET_TX_DESC_HWSEQ_EN_8812(ptxdesc, 1); /* Hw set sequence number */
|
SET_TX_DESC_HWSEQ_EN_8812(ptxdesc, 1); /* Hw set sequence number */
|
||||||
} else
|
} else {
|
||||||
SET_TX_DESC_SEQ_8812(ptxdesc, pattrib->seqnum);
|
SET_TX_DESC_SEQ_8812(ptxdesc, pattrib->seqnum);
|
||||||
|
}
|
||||||
|
|
||||||
if ((pxmitframe->frame_tag & 0x0f) == DATA_FRAMETAG) {
|
if ((pxmitframe->frame_tag & 0x0f) == DATA_FRAMETAG) {
|
||||||
/* RTW_INFO("pxmitframe->frame_tag == DATA_FRAMETAG\n"); */
|
/* RTW_INFO("pxmitframe->frame_tag == DATA_FRAMETAG\n"); */
|
||||||
|
@ -458,6 +458,7 @@ struct registry_priv {
|
|||||||
u8 tdmadig_dynamic;
|
u8 tdmadig_dynamic;
|
||||||
#endif/*CONFIG_TDMADIG*/
|
#endif/*CONFIG_TDMADIG*/
|
||||||
|
|
||||||
|
u8 monitor_overwrite_seqnum;
|
||||||
u8 monitor_disable_1m;
|
u8 monitor_disable_1m;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -465,6 +465,7 @@ struct pkt_attrib {
|
|||||||
#endif /* CONFIG_WMMPS_STA */
|
#endif /* CONFIG_WMMPS_STA */
|
||||||
|
|
||||||
struct sta_info *psta;
|
struct sta_info *psta;
|
||||||
|
u8 injected;
|
||||||
|
|
||||||
u8 rtsen;
|
u8 rtsen;
|
||||||
u8 cts2self;
|
u8 cts2self;
|
||||||
|
@ -72,6 +72,10 @@ int rtw_scan_mode = 1;/* active, passive */
|
|||||||
int rtw_lps_chk_by_tp = 0;
|
int rtw_lps_chk_by_tp = 0;
|
||||||
#endif /* CONFIG_POWER_SAVING */
|
#endif /* CONFIG_POWER_SAVING */
|
||||||
|
|
||||||
|
int rtw_monitor_overwrite_seqnum = 0;
|
||||||
|
module_param(rtw_monitor_overwrite_seqnum, int, 0644);
|
||||||
|
MODULE_PARM_DESC(rtw_monitor_overwrite_seqnum, "Overwrite the sequence number of injected frames");
|
||||||
|
|
||||||
int rtw_monitor_disable_1m = 0;
|
int rtw_monitor_disable_1m = 0;
|
||||||
module_param(rtw_monitor_disable_1m, int, 0644);
|
module_param(rtw_monitor_disable_1m, int, 0644);
|
||||||
MODULE_PARM_DESC(rtw_monitor_disable_1m, "Disable default 1Mbps rate for monitor injected frames");
|
MODULE_PARM_DESC(rtw_monitor_disable_1m, "Disable default 1Mbps rate for monitor injected frames");
|
||||||
@ -1223,6 +1227,7 @@ uint loadparam(_adapter *padapter)
|
|||||||
registry_par->fw_tbtt_rpt = rtw_tbtt_rpt;
|
registry_par->fw_tbtt_rpt = rtw_tbtt_rpt;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
registry_par->monitor_overwrite_seqnum = (u8)rtw_monitor_overwrite_seqnum;
|
||||||
registry_par->monitor_disable_1m = (u8)rtw_monitor_disable_1m;
|
registry_par->monitor_disable_1m = (u8)rtw_monitor_disable_1m;
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
|
Loading…
Reference in New Issue
Block a user