On Sun, May 24, 2020 at 03:08:09PM +0200, Hendrik Meyburgh wrote:
> >Synopsis: ral interface is not working
> >Category: system
> >Environment:
> System : OpenBSD 6.7
> Details : OpenBSD 6.7-current (GENERIC.MP) #207: Fri May 22
> 01:31:04 MDT 2020
>
> [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
> Architecture: OpenBSD.amd64
> Machine : amd64
> >Description:
> IP not working on ral interface
> >How-To-Repeat:
> I completed a sysupgrade on Tuesday the 19th, not sure what snapshot was
> running prior, I did not check. After the upgrade the laptop does not connect
> to any wireless network. The re0 interface is still working on DHCP. I looked
> at some recent posts but could not trace the problem
>
> https://marc.info/?l=openbsd-misc&m=158861290011220&w=2
> https://marc.info/?l=openbsd-bugs&m=158996211916426&w=2
> <https://marc.info/?l=openbsd-bugs&m=158996211916426&w=2>
>
> I just tested the 6.7-release bsd.rd and it does work, please see info below
> and let me know if you need any additional information.
Thank you for the report!
I could reproduce the problem with this device:
ral0 at pci5 dev 0 function 0 "Ralink RT3090" rev 0x00: apic 5 int 16, address
xx:xx:xx:xx:xx:xx
ral0: MAC/BBP RT3090 (rev 0x3213), RF RT3020 (MIMO 1T1R)
I had overlooked that ral(4) uses hardware encryption on some of its
supported devices and accidentally broke decrytion on those devices
when I fixed replay detection on Intel and Atheros hardware.
ral(4) devices provide fully decrypted frames with TKIP/CCMP headers already
stripped. This means replay detection can only be done by hardware.
My recent changes enforce a software replay check which cannot work on ral(4).
The following diff repairs the problem. The ne80211 stack will simply have
to trust that hardware takes care of replay detection when it strips the IV.
diff 3247d7f3b53b75bbaf4356f06f34208638ba213d /usr/src
blob - de44d5a0a957f497259735efd5cee2cc081d33bc
file + sys/net80211/ieee80211_input.c
--- sys/net80211/ieee80211_input.c
+++ sys/net80211/ieee80211_input.c
@@ -178,9 +178,12 @@ ieee80211_input_hwdecrypt(struct ieee80211com *ic, str
switch (k->k_cipher) {
case IEEE80211_CIPHER_CCMP:
if (!(wh->i_fc[1] & IEEE80211_FC1_PROTECTED)) {
- /* drop unencrypted */
- ic->ic_stats.is_rx_unencrypted++;
- return NULL;
+ /*
+ * If the protected bit is clear then hardware has
+ * stripped the IV and we must trust that it handles
+ * replay detection correctly.
+ */
+ break;
}
if (ieee80211_ccmp_get_pn(&pn, &prsc, m, k) != 0)
return NULL;
@@ -200,9 +203,12 @@ ieee80211_input_hwdecrypt(struct ieee80211com *ic, str
break;
case IEEE80211_CIPHER_TKIP:
if (!(wh->i_fc[1] & IEEE80211_FC1_PROTECTED)) {
- /* drop unencrypted */
- ic->ic_stats.is_rx_unencrypted++;
- return NULL;
+ /*
+ * If the protected bit is clear then hardware has
+ * stripped the IV and we must trust that it handles
+ * replay detection correctly.
+ */
+ break;
}
if (ieee80211_tkip_get_tsc(&pn, &prsc, m, k) != 0)
return NULL;
