On Thu, Jul 16, 2020 at 11:10:58AM +0200, Stefan Sperling wrote:
> Line 1927 of
> https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net80211/ieee80211_input.c?annotate=1.218
>
> This code runs before a response is generated for a probe request and it
> should ensure that a probe request is only generated if the SSID matches.
>
> The next step would be to find out how this check is being bypassed in
> your case.
Nevermind, I have found the problem.
I moved the HIDENWID flag to a different variable some time ago:
[[[
CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2019/05/12 12:12:38
Modified files:
sbin/ifconfig : ifconfig.8
sys/dev/ic : if_wi.c
sys/net80211 : ieee80211_input.c ieee80211_ioctl.c
ieee80211_ioctl.h ieee80211_output.c
ieee80211_var.h
Log message:
Fix 'ifconfig nwflags; These flags ended up overlapping with other flags
in ieee80211com's ic_flags because we haven't been paying attention to
them (they're not in the same place in the code and hence easy to miss).
Move them to a dedicated variable to avoid this problem in the future.
Add a new 'stayauth' nwflag which can be set to let net80211 ignore
deauth frames. This can be useful when deauth frames are being
persistently spoofed by an attacker. Idea from beck@
ok beck@ phessler@
]]]
There is some use of the HIDENWID flag which I missed in this conversion.
This patch should fix it.
diff b38ea36846c22ecbc2e7394f8dcf015e2b6a523f /usr/src
blob - 8942bc3b47923fe0d78a4435b181777069b2a119
file + sys/dev/ic/bwfm.c
--- sys/dev/ic/bwfm.c
+++ sys/dev/ic/bwfm.c
@@ -1959,7 +1959,7 @@ bwfm_hostap(struct bwfm_softc *sc)
memset(join.assoc.bssid, 0xff, sizeof(join.assoc.bssid));
bwfm_fwvar_cmd_set_data(sc, BWFM_C_SET_SSID, &join, sizeof(join));
bwfm_fwvar_var_set_int(sc, "closednet",
- (ic->ic_flags & IEEE80211_F_HIDENWID) != 0);
+ (ic->ic_userflags & IEEE80211_F_HIDENWID) != 0);
}
#endif
blob - 0cea2f80840c2b7bdbbf2dd7de3d83e3beabc7fa
file + sys/dev/ic/rt2560.c
--- sys/dev/ic/rt2560.c
+++ sys/dev/ic/rt2560.c
@@ -1588,7 +1588,7 @@ rt2560_tx_bcn(struct rt2560_softc *sc, struct mbuf *m0
mtod(m0, uint8_t *) +
sizeof (struct ieee80211_frame) +
8 + 2 + 2 +
- ((ic->ic_flags & IEEE80211_F_HIDENWID) ?
+ ((ic->ic_userflags & IEEE80211_F_HIDENWID) ?
1 : 2 + ni->ni_esslen) +
2 + min(ni->ni_rates.rs_nrates, IEEE80211_RATE_SIZE) +
2 + 1 +
blob - 7170cb0085cbb2f47ff2d02d204f5706f4eb22a2
file + sys/dev/ic/rt2661.c
--- sys/dev/ic/rt2661.c
+++ sys/dev/ic/rt2661.c
@@ -2935,7 +2935,7 @@ rt2661_prepare_beacon(struct rt2661_softc *sc)
RT2661_HW_BEACON_BASE0 + 24 +
sizeof (struct ieee80211_frame) +
8 + 2 + 2 +
- ((ic->ic_flags & IEEE80211_F_HIDENWID) ?
+ ((ic->ic_userflags & IEEE80211_F_HIDENWID) ?
1 : 2 + ni->ni_esslen) +
2 + min(ni->ni_rates.rs_nrates, IEEE80211_RATE_SIZE) +
2 + 1 +
blob - 098aa9bce19481ce09676ce3c4fc0040f14c9b93
file + sys/net80211/ieee80211_input.c
--- sys/net80211/ieee80211_input.c
+++ sys/net80211/ieee80211_input.c
@@ -1937,7 +1937,7 @@ ieee80211_recv_probe_req(struct ieee80211com *ic, stru
return;
}
/* refuse wildcard SSID if we're hiding our SSID in beacons */
- if (ssid[1] == 0 && (ic->ic_flags & IEEE80211_F_HIDENWID)) {
+ if (ssid[1] == 0 && (ic->ic_userflags & IEEE80211_F_HIDENWID)) {
DPRINTF(("wildcard SSID rejected"));
ic->ic_stats.is_rx_ssidmismatch++;
return;
