Page MenuHomeFreeBSD
Differential D49029

net80211/crypto: LinuxKPI/802.11: introduce IEEE80211_RX_F_PN_VALIDATED
ClosedPublic
Actions

Authored by bz on Feb 16 2025, 12:49 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Mar 22, 1:59 AM
Unknown Object (File)
Wed, Mar 12, 10:43 AM
Unknown Object (File)
Sat, Mar 8, 12:14 PM
Unknown Object (File)
Mon, Feb 24, 3:32 PM
Unknown Object (File)
Feb 24 2025, 5:54 AM
Unknown Object (File)
Feb 19 2025, 6:50 PM
Unknown Object (File)
Feb 16 2025, 8:22 PM
Subscribers
adrian
emaste
glebius
imp
melifaro
linuxkpi

Details

Reviewers
adrian
Group Reviewers
wireless
Commits
rGbdc94f09bd96: net80211/crypto: LinuxKPI/802.11: introduce IEEE80211_RX_F_PN_VALIDATED
rGec6185c52661: net80211/crypto: LinuxKPI/802.11: introduce IEEE80211_RX_F_PN_VALIDATED
Summary

There are cases when we see "rx seq# violation (CCMP)".

Historically these were AHDEMO/IBBS cases (IEEE80211_KEY_NOREPLAY,
see 5d766a09daab2).

With iwlwifi(4) doing RSS for newer chipsets and us not having any idea
about multiple rx-queues (passed all the way through) leads to the same
problem. An easy way to trigger this is doing an IPv6 all-nodes echo
request. With a sufficient amount of nodes answering the answers will
be hashed to different queues and re-ordering will likely take place
as queues get released individually.
However crypto validation is already done in fw/driver for these cases
and we need to carry the state forward. Add IEEE80211_RX_F_PN_VALIDATED
to indicate that the checks were done passing the information from driver
through LinuxKPI to net80211.
LinuxKPI enforces that a frame was indeed decrypted; otherwise the flag
would be invalid.

This also avoids returning an error and no key from
ieee80211_crypto_decap() and thus avoids dropping the frame.

Sponsored by: The FreeBSD Foundation
MFC after: 1 week

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

bz created this revision.Feb 16 2025, 12:49 AM
Herald added subscribers: linuxkpi, glebius, melifaro and 2 others. · View Herald TranscriptFeb 16 2025, 12:49 AM
bz requested review of this revision.Feb 16 2025, 12:49 AM
Harbormaster completed remote builds in B62474: Diff 151089.Feb 16 2025, 12:50 AM
adrian accepted this revision.Feb 16 2025, 1:44 AM
adrian added a subscriber: adrian.

Approved; yeah RSS w/ 802.11 requires everything to be offloaded on the seqno/pn side as you've discovered. :-)

What's it look like for the AMPDU RX reordering? Are they doing it in the driver / firmware w/ RSS? Or is linux doing something w/ RSS awareness in mac80211?

This revision is now accepted and ready to land.Feb 16 2025, 1:44 AM
Closed by commit rGec6185c52661: net80211/crypto: LinuxKPI/802.11: introduce IEEE80211_RX_F_PN_VALIDATED (authored by bz). · Explain WhyFeb 16 2025, 8:22 PM
This revision was automatically updated to reflect the committed changes.
bz added a commit: rGec6185c52661: net80211/crypto: LinuxKPI/802.11: introduce IEEE80211_RX_F_PN_VALIDATED.
bz added a commit: rGbdc94f09bd96: net80211/crypto: LinuxKPI/802.11: introduce IEEE80211_RX_F_PN_VALIDATED.Mon, Feb 24, 8:28 PM

Revision Contents
Changeset List

PathSize
sys/
compat/
linuxkpi/
common/
src/
16 lines
net80211/
1 line
16 lines

Diff 151101

View Options

sys/compat/linuxkpi/common/src/linux_80211.c

Loading...
View Options

sys/net80211/_ieee80211.h

Loading...
View Options

sys/net80211/ieee80211_crypto_ccmp.c

Loading...