On Thu, Jul 16, 2020 at 11:10:58AM +0200, Stefan Sperling wrote: > Line 1927 of > https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net80211/ieee80211_input.c?annotate=1.218 > > This code runs before a response is generated for a probe request and it > should ensure that a probe request is only generated if the SSID matches. > > The next step would be to find out how this check is being bypassed in > your case.
Nevermind, I have found the problem. I moved the HIDENWID flag to a different variable some time ago: [[[ CVSROOT: /cvs Module name: src Changes by: s...@cvs.openbsd.org 2019/05/12 12:12:38 Modified files: sbin/ifconfig : ifconfig.8 sys/dev/ic : if_wi.c sys/net80211 : ieee80211_input.c ieee80211_ioctl.c ieee80211_ioctl.h ieee80211_output.c ieee80211_var.h Log message: Fix 'ifconfig nwflags; These flags ended up overlapping with other flags in ieee80211com's ic_flags because we haven't been paying attention to them (they're not in the same place in the code and hence easy to miss). Move them to a dedicated variable to avoid this problem in the future. Add a new 'stayauth' nwflag which can be set to let net80211 ignore deauth frames. This can be useful when deauth frames are being persistently spoofed by an attacker. Idea from beck@ ok beck@ phessler@ ]]] There is some use of the HIDENWID flag which I missed in this conversion. This patch should fix it. diff b38ea36846c22ecbc2e7394f8dcf015e2b6a523f /usr/src blob - 8942bc3b47923fe0d78a4435b181777069b2a119 file + sys/dev/ic/bwfm.c --- sys/dev/ic/bwfm.c +++ sys/dev/ic/bwfm.c @@ -1959,7 +1959,7 @@ bwfm_hostap(struct bwfm_softc *sc) memset(join.assoc.bssid, 0xff, sizeof(join.assoc.bssid)); bwfm_fwvar_cmd_set_data(sc, BWFM_C_SET_SSID, &join, sizeof(join)); bwfm_fwvar_var_set_int(sc, "closednet", - (ic->ic_flags & IEEE80211_F_HIDENWID) != 0); + (ic->ic_userflags & IEEE80211_F_HIDENWID) != 0); } #endif blob - 0cea2f80840c2b7bdbbf2dd7de3d83e3beabc7fa file + sys/dev/ic/rt2560.c --- sys/dev/ic/rt2560.c +++ sys/dev/ic/rt2560.c @@ -1588,7 +1588,7 @@ rt2560_tx_bcn(struct rt2560_softc *sc, struct mbuf *m0 mtod(m0, uint8_t *) + sizeof (struct ieee80211_frame) + 8 + 2 + 2 + - ((ic->ic_flags & IEEE80211_F_HIDENWID) ? + ((ic->ic_userflags & IEEE80211_F_HIDENWID) ? 1 : 2 + ni->ni_esslen) + 2 + min(ni->ni_rates.rs_nrates, IEEE80211_RATE_SIZE) + 2 + 1 + blob - 7170cb0085cbb2f47ff2d02d204f5706f4eb22a2 file + sys/dev/ic/rt2661.c --- sys/dev/ic/rt2661.c +++ sys/dev/ic/rt2661.c @@ -2935,7 +2935,7 @@ rt2661_prepare_beacon(struct rt2661_softc *sc) RT2661_HW_BEACON_BASE0 + 24 + sizeof (struct ieee80211_frame) + 8 + 2 + 2 + - ((ic->ic_flags & IEEE80211_F_HIDENWID) ? + ((ic->ic_userflags & IEEE80211_F_HIDENWID) ? 1 : 2 + ni->ni_esslen) + 2 + min(ni->ni_rates.rs_nrates, IEEE80211_RATE_SIZE) + 2 + 1 + blob - 098aa9bce19481ce09676ce3c4fc0040f14c9b93 file + sys/net80211/ieee80211_input.c --- sys/net80211/ieee80211_input.c +++ sys/net80211/ieee80211_input.c @@ -1937,7 +1937,7 @@ ieee80211_recv_probe_req(struct ieee80211com *ic, stru return; } /* refuse wildcard SSID if we're hiding our SSID in beacons */ - if (ssid[1] == 0 && (ic->ic_flags & IEEE80211_F_HIDENWID)) { + if (ssid[1] == 0 && (ic->ic_userflags & IEEE80211_F_HIDENWID)) { DPRINTF(("wildcard SSID rejected")); ic->ic_stats.is_rx_ssidmismatch++; return;