Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 01 Sep 2009 08:29:53 -0700
From:      Sam Leffler <sam@errno.com>
To:        John Nielsen <lists@jnielsen.net>
Cc:        freebsd-current@freebsd.org
Subject:   Re: WEP on wi(4) [was: Re: LOR wlan0 wi0]
Message-ID:  <4A9D3DF1.7000605@errno.com>
In-Reply-To: <200908312358.51491.lists@jnielsen.net>
References:  <20090807165850.3e8541f8@vaio> <20090808134101.44d7d210@vaio> <4A7E5E2B.6060204@errno.com> <200908312358.51491.lists@jnielsen.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is a multi-part message in MIME format.
--------------060009060109060905060909
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

John Nielsen wrote:
> On Sunday 09 August 2009 01:27:07 am Sam Leffler wrote:
>>> Sam Leffler <sam@errno.com> wrote:
>> I can confirm WEP is broken on wi in sta mode (and probably ap mode). 
>> I found at least two bugs but couldn't get it to work so am going to
>> leave it as an errata for 8.0.  But what's truly odd is that WPA works
>> fine despite a bug that should've caused it to not work.  I knew WPA
>> worked which is probably why I ignored WEP (noone in their right mind 
>> uses WEP when WPA is available :-)).
> 
> So for us wrong-minded people with wi(4) hardware that lacks WPA support 
> is it better to stick with 7.x for now? Any patches available or a rough 
> ETA? Is there a specific set of 8-CURRENT commits before which WEP is 
> known (or strongly suspected) to work? Anything others can do to help 
> besides ask annoying questions? (Sadly I'm not quite enough of a kernel 
> hacker to adopt maintainership of wi.)

Attached is what I came up with when the problem was identified.  As you 
can see it's incomplete.  I have no time to work on it more so someone 
else will need to follow through.

Given the cost of a replacement wireless card is <US$20 I cannot imagine 
why anyone would not just replace it.

	Sam

--------------060009060109060905060909
Content-Type: message/rfc822;
 name="Attached Message"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="Attached Message"

Message-ID: <4A804553.5000306@errno.com>
Date: Mon, 10 Aug 2009 09:05:39 -0700
From: Sam Leffler <sam@errno.com>
User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605)
MIME-Version: 1.0
To: "M. Warner Losh" <imp@bsdimp.com>
Subject: wi wep patch
Content-Type: multipart/mixed; boundary="------------050907030306010605060101"

This is a multi-part message in MIME format.
--------------050907030306010605060101
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

The attached patch tries to fix WEP support in wi.  Presently WEP does 
not work for two reasons:

1. wi_start_locked does not mask the PRIVACY bit from the header flags 
when finding the direction to extract mac addresses to reconstruct the 
802.3 frame.  Why this does not break WPA also is beyond me.

2. wi marks all tx encrypted frames WI_TXCNTL_NOCRYPT but tries to use 
h/w WEP support for cards that support it.  I've deleted the h/w crypto 
support and just do the work in s/w.

But the above does not fix WEP and I don't see why.  If you've got any 
ideas it'd be nice to fix this.  Otherwise if you can review what I've 
done it'd be appreciated.  I can submit just #1 to re as that's 
definitely correct.

	Sam

--------------050907030306010605060101
Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0";
 name="wi.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="wi.patch"

Index: if_wivar.h
===================================================================
--- if_wivar.h	(revision 196086)
+++ if_wivar.h	(working copy)
@@ -113,7 +113,6 @@
 
 	int			sc_porttype;
 	u_int16_t		sc_portnum;
-	u_int16_t		sc_encryption;
 	u_int16_t		sc_monitor_port;
 
 	/* RSSI interpretation */
Index: if_wi.c
===================================================================
--- if_wi.c	(revision 196086)
+++ if_wi.c	(working copy)
@@ -137,7 +137,6 @@
 static void wi_info_intr(struct wi_softc *);
 
 static int  wi_write_txrate(struct wi_softc *, struct ieee80211vap *);
-static int  wi_write_wep(struct wi_softc *, struct ieee80211vap *);
 static int  wi_write_multi(struct wi_softc *);
 static void wi_update_mcast(struct ifnet *);
 static void wi_update_promisc(struct ifnet *);
@@ -417,15 +416,6 @@
 		sc->sc_dbm_offset = WI_PRISM_DBM_OFFSET;
 		break;
 	}
-
-	/*
-	 * Find out if we support WEP on this card.
-	 */
-	buflen = sizeof(val);
-	if (wi_read_rid(sc, WI_RID_WEP_AVAIL, &val, &buflen) == 0 &&
-	    val != htole16(0))
-		ic->ic_cryptocaps |= IEEE80211_CRYPTO_WEP;
-
 	/* Find supported rates. */
 	buflen = sizeof(ratebuf);
 	rs = &ic->ic_sup_rates[IEEE80211_MODE_11B];
@@ -842,12 +832,6 @@
 		wi_write_val(sc, WI_RID_OWN_CHNL,
 		    ieee80211_chan2ieee(ic, bss->ni_chan));
 
-		/* Configure WEP. */
-		if (ic->ic_cryptocaps & IEEE80211_CRYPTO_WEP)
-			wi_write_wep(sc, vap);
-		else
-			sc->sc_encryption = 0;
-
 		if ((sc->sc_flags & WI_FLAGS_HAS_WPASUPPORT) &&
 		    (vap->iv_flags & IEEE80211_F_WPA)) {
 			wi_write_val(sc, WI_RID_WPA_HANDLING, 1);
@@ -932,12 +916,6 @@
 
 		wi_write_val(sc, WI_RID_PROMISC, 0);
 
-		/* Configure WEP. */
-		if (ic->ic_cryptocaps & IEEE80211_CRYPTO_WEP)
-			wi_write_wep(sc, vap);
-		else
-			sc->sc_encryption = 0;
-
 		wi_enable(sc);		/* enable port */
 		WI_UNLOCK(sc);
 	}
@@ -976,7 +954,7 @@
 
 		/* reconstruct 802.3 header */
 		wh = mtod(m0, struct ieee80211_frame *);
-		switch (wh->i_fc[1]) {
+		switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) {
 		case IEEE80211_FC1_DIR_TODS:
 			IEEE80211_ADDR_COPY(frmhdr.wi_ehdr.ether_shost,
 			    wh->i_addr2);
@@ -1739,71 +1717,6 @@
 }
 
 static int
-wi_write_wep(struct wi_softc *sc, struct ieee80211vap *vap)
-{
-	int error = 0;
-	int i, keylen;
-	u_int16_t val;
-	struct wi_key wkey[IEEE80211_WEP_NKID];
-
-	switch (sc->sc_firmware_type) {
-	case WI_LUCENT:
-		val = (vap->iv_flags & IEEE80211_F_PRIVACY) ? 1 : 0;
-		error = wi_write_val(sc, WI_RID_ENCRYPTION, val);
-		if (error)
-			break;
-		if ((vap->iv_flags & IEEE80211_F_PRIVACY) == 0)
-			break;
-		error = wi_write_val(sc, WI_RID_TX_CRYPT_KEY, vap->iv_def_txkey);
-		if (error)
-			break;
-		memset(wkey, 0, sizeof(wkey));
-		for (i = 0; i < IEEE80211_WEP_NKID; i++) {
-			keylen = vap->iv_nw_keys[i].wk_keylen;
-			wkey[i].wi_keylen = htole16(keylen);
-			memcpy(wkey[i].wi_keydat, vap->iv_nw_keys[i].wk_key,
-			    keylen);
-		}
-		error = wi_write_rid(sc, WI_RID_DEFLT_CRYPT_KEYS,
-		    wkey, sizeof(wkey));
-		sc->sc_encryption = 0;
-		break;
-
-	case WI_INTERSIL:
-		val = HOST_ENCRYPT | HOST_DECRYPT;
-		if (vap->iv_flags & IEEE80211_F_PRIVACY) {
-			/*
-			 * ONLY HWB3163 EVAL-CARD Firmware version
-			 * less than 0.8 variant2
-			 *
-			 *   If promiscuous mode disable, Prism2 chip
-			 *  does not work with WEP .
-			 * It is under investigation for details.
-			 * (ichiro@netbsd.org)
-			 */
-			if (sc->sc_sta_firmware_ver < 802 ) {
-				/* firm ver < 0.8 variant 2 */
-				wi_write_val(sc, WI_RID_PROMISC, 1);
-			}
-			wi_write_val(sc, WI_RID_CNFAUTHMODE,
-			    vap->iv_bss->ni_authmode);
-			val |= PRIVACY_INVOKED;
-		} else {
-			wi_write_val(sc, WI_RID_CNFAUTHMODE, IEEE80211_AUTH_OPEN);
-		}
-		error = wi_write_val(sc, WI_RID_P2_ENCRYPTION, val);
-		if (error)
-			break;
-		sc->sc_encryption = val;
-		if ((val & PRIVACY_INVOKED) == 0)
-			break;
-		error = wi_write_val(sc, WI_RID_P2_TX_CRYPT_KEY, vap->iv_def_txkey);
-		break;
-	}
-	return error;
-}
-
-static int
 wi_cmd(struct wi_softc *sc, int cmd, int val0, int val1, int val2)
 {
 	int i, s = 0;

--------------050907030306010605060101--


--------------060009060109060905060909--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A9D3DF1.7000605>