Date: Thu, 22 Jul 1999 10:12:21 -0400 (EDT) From: wpaul@ctr.columbia.edu (Bill Paul) To: jflowers@ezo.net (Jim Flowers) Cc: <skip-info@skip-vpn.org>, <freebsd-security@freebsd.org> Subject: Re: wi driver with SKIP Message-ID: <199907221412.KAA26519@startide.ctr.columbia.edu> In-Reply-To: <000c01bed432$5f289120$feb197ce@ezo.net> from "Jim Flowers" at Jul 22, 99 07:07:21 am
next in thread | previous in thread | raw e-mail | index | archive | help
Of all the gin joints in all the towns in all the world, Jim Flowers had
to walk into mine and say:
> I'm really enjoying your wi driver with the Lucent IEEE ISA wireless =
> card running under FreeBSD-STABLE. While I have been able to use it =
> with most configurations, it will not work with SKIP bound to the same =
> interface.
>
> It works fine in the inbound direction where SKIP receives packets from =
> wi0 and the SKIP module is able to decrypt successfully. In the =
> outbound direction, where SKIP hands off packets to wi0, the packets are =
> malformed and the companion skiphost (Windows 98 with domestic SKIP) =
> complains of a corrupted V2 header upon giving up.
Hm. My understanding is that in an Ethernet II frame, the type field
represents the payload type in the frame, which can be IP, ARP, reverse
ARP, to name a few. If SKIP packets have a different kind of header
than IP, then the frame type will be different from IP (which is 0x800).
The WaveLAN/IEEE has to send Ethernet II within 802.11 frames using RFC
1042 encapsulation, which means that a SNAP header is included before
the packet data. This encapsulation is done in software. Currently,
the driver checks the frame type in wi_start() and if it is ETHERTYPE_IP,
ETHERTYPE_ARP or ETHERTYPE_REVARP, it will use RFC 1042 encapsulation.
If it's anything else (i.e. an 802.3 frame), it will transmit the data
directly without any encapsulation.
In wi_start(), you will see the following code:
/*
* Use RFC1042 encoding for IP and ARP datagrams,
* 802.3 for anything else.
*/
if (ntohs(eh->ether_type) == ETHERTYPE_IP ||
ntohs(eh->ether_type) == ETHERTYPE_ARP ||
ntohs(eh->ether_type) == ETHERTYPE_REVARP) {
If there is an ETHERTYPE_SKIP, then you should change this code so
that it looks like this:
/*
* Use RFC1042 encoding for IP and ARP datagrams,
* 802.3 for anything else.
*/
if (ntohs(eh->ether_type) == ETHERTYPE_IP ||
ntohs(eh->ether_type) == ETHERTYPE_SKIP ||
ntohs(eh->ether_type) == ETHERTYPE_ARP ||
ntohs(eh->ether_type) == ETHERTYPE_REVARP) {
Alternatively, you might try this:
if (ntohs(eh->ether_type) > 1536) {
As to why it works when the packets originate on another interface,
I'm not sure. I can only assume that in that case, the packets are
tunneled through IP, in which case the ethertype is correct and
wi_start() passes them correctly.
Please try one of the above changes and let me know if it helps.
Oh yeah: and turn off 'send HTML and plain text mail' in your
browser/mail client/whatever. :)
-Bill
--
=============================================================================
-Bill Paul (212) 854-6020 | System Manager, Master of Unix-Fu
Work: wpaul@ctr.columbia.edu | Department of Electrical Engineering
Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City
=============================================================================
"Mulder, toads just fell from the sky!" "I guess their parachutes didn't open."
=============================================================================
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907221412.KAA26519>