tech-net: Re: wi(4) and WEP on NetBSD 4.0

Subject: Re: wi(4) and WEP on NetBSD 4.0
To: None <tech-net@NetBSD.org>
From: Quentin Garnier <cube@cubidou.net>
List: tech-net
Date: 11/26/2007 17:16:57
--TakKZr9L6Hm6aLOc
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Nov 26, 2007 at 10:13:05AM -0600, David Young wrote:
> On Mon, Nov 26, 2007 at 12:02:13PM +0100, Quentin Garnier wrote:
> > Hi,
> >=20
> > I upgraded a machine from 2.0 to 4.0 this week-end.  It serves among
> > other things as an access point for a home 11b network, using a wi(4)
> > card.
> >=20
> > I was faced with two issues related to WEP, one in the RX path, the
> > other in the TX path.
> >=20
> > The RX path one is easier:  frames were dropped because of _F_DROPUNENC
> > which is set by default.  The reason for that is the following block in
> > sys/dev/ic/wi.c, in wi_rx_intr():
> >=20
> >         if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
> >                 /*
> >                  * WEP is decrypted by hardware. Clear WEP bit
> >                  * header for ieee80211_input().
> >                  */
> >                 wh->i_fc[1] &=3D ~IEEE80211_FC1_WEP;
> >         }
> >=20
> > Apparently, the net80211 subsystem has changed enough that this does the
> > wrong thing:  as the bit is cleared, ieee80211_input() thinks it is an
> > unencrypted frame, so it drops it per _F_DROPUNENC.  I believe that the
> > part that has changed in net80211 is that the codec for WEP is aware the
> > hardware is supposed to do the actual deciphering, hence it doesn't do
> > it.
> >=20
> > The fix for that issue is to just comment the block shown above.
> >=20
> > I'm told by someone that wi+WEP works for him in NetBSD 4.0.  My reading
> > of the code doesn't show any place where the fact that I run it in
> > hostap mode changes anything, so I'm rather surprised.
>=20
> Crypto works differently on wi in hostap mode than otherwise: as you
> mention below, Tx WEP is broken, Rx WEP works, and net80211 is not
> especially accommodating of that asymmetry.

Yes but my point here is that it seems to me that the RX bug should
happen in modes other than hostap.  I don't see anything specific to
hostap in that code path.

--=20
Quentin Garnier - cube@cubidou.net - cube@NetBSD.org
"See the look on my face from staying too long in one place
[...] every time the morning breaks I know I'm closer to falling"
KT Tunstall, Saving My Face, Drastic Fantastic, 2007.

--TakKZr9L6Hm6aLOc
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (NetBSD)

iQEVAwUBR0rxedgoQloHrPnoAQI6ngf8CRtrS6MkDsrq7j4esQO4bNmNIkJRDPkD
Xrp4zodEt29s+fWNgEvndwYVvRWYortRqR2GSS742Mm6/uJChjcyWYE8zhGQ0k0v
N1Yw4MiCFh+RzwEc2KD9ydbPFBymFL8V6xh6FROGk7QJjzu6wssxk5/k+v9fLeos
PGAUh99sjnoIpU0AYHsjWnC9OWmsveikbF+kzj+Ne43F7Xw5lEM6DKkpdaKEC3E8
2FYMNTEGbmOHSOSlgCoFqbdrgj/CA4TlgUtJvYFof77BsxZtlsjqJKMAG8yNu3/r
oGtnsno7qyc4IXGWPba4JcSr9h5mDkRtAzZVuluT7i+tlR4TUFuq2g==
=j3O3
-----END PGP SIGNATURE-----

--TakKZr9L6Hm6aLOc--