diff options
author | Jens Pranaitis <jens@chaox.net> | 2010-05-31 16:14:44 +0200 |
---|---|---|
committer | Jens Pranaitis <jens@chaox.net> | 2010-05-31 16:14:44 +0200 |
commit | cf31c960cd89b5ee54730fae5dd5d069ecdc592a (patch) | |
tree | 9db17a1df5cb22ada060627fb8fc89582cc8a647 /sys-kernel | |
parent | added meego-n900-sources (diff) | |
download | jensp-cf31c960cd89b5ee54730fae5dd5d069ecdc592a.tar.gz jensp-cf31c960cd89b5ee54730fae5dd5d069ecdc592a.tar.bz2 jensp-cf31c960cd89b5ee54730fae5dd5d069ecdc592a.zip |
added support for fragmentation attack
Diffstat (limited to 'sys-kernel')
4 files changed, 70 insertions, 2 deletions
diff --git a/sys-kernel/meego-n900-sources/Manifest b/sys-kernel/meego-n900-sources/Manifest index 7255063..35ce53d 100644 --- a/sys-kernel/meego-n900-sources/Manifest +++ b/sys-kernel/meego-n900-sources/Manifest @@ -1,5 +1,7 @@ +AUX 4013-runtime-enable-disable-of-mac80211-packet-injection.patch 1490 RMD160 53c728303c77b2ffd93917bceaaad6a38ee80236 SHA1 3b6aa934cf4c09deb8e93fcb08b10bfb1f6bdbb9 SHA256 88f997a54768feeb40a9f985e412e90e9fda2491f32cf6b078eb2a0a9f81e785 +AUX mac80211.compat08082009.wl_frag+ack_v1.patch 1049 RMD160 e864ee2e0c70ce344000baa8ee5fca3b23c3305a SHA1 85f7a1b141549b774f5631fba259bc414aeeffb8 SHA256 e04ed9997e1578cc1becd4ef9d9f2f6f606590aa91a56e42835963913e1b0f52 DIST deblob-2.6.33 86599 RMD160 534eb7b76ea29561a0b6e73659f67fc746fad111 SHA1 0c3c2d8c299f3cb5d807bc4a35b20bdca50ccbce SHA256 176aa9c73f27c9c69f198e3637cae61072f152c25c468ffbebf1a4c2494d52d0 DIST linux-2.6.33.tar.bz2 66266488 RMD160 7f0897db8113bc17249d82d61ca41e3b91eb4664 SHA1 acc8db00f30c7dfb4f04183a88ba35a32b6f8e8d SHA256 63e237de3b3c4c46a21833b9ce7e20574548d52dabbd1a8bf376041e4455d5c6 DIST meego-n900.patch.bz2 1476572 RMD160 7fe5c2f96063f363c878f327c3bbcbee9e4b99bd SHA1 61e6e0e2ab9ee8401c8572045189ed49acd31771 SHA256 229db51f312c83fb895cfa796d684ef996b016fd57b09b6aeb6ef9e8b0a9dc57 DIST patch-2.6.33.2.bz2 95719 RMD160 a276a6053cea22783ce44cc0cc57a4402202d534 SHA1 4261a1d5f0230f56f77f5a461a541397db07c2ba SHA256 33b2b1da01af5f186caf262588aac305ca93ca4f03f037243c035c7c418427ea -EBUILD meego-n900-sources-2.6.33.2.ebuild 479 RMD160 96638c3c5ad09012a79d061330adc9e0b327f846 SHA1 66beff54ead693d3087f494ef44e460af171e113 SHA256 6bbc8fb4fb86e011c88c5dcae0871f53fe6bf7d8514d740f8cdc952de8833bc2 +EBUILD meego-n900-sources-2.6.33.2.ebuild 611 RMD160 69b00f8c01fa1321fe075388b1f5bb224e1d2b42 SHA1 5de58c2b121ca63aaab09666d6a72d5f7b7eba35 SHA256 f6daec8fa697b4842bfec8ba1df19ae0c5a1f2914e8cf1b87a1c1c1ddc21e66e diff --git a/sys-kernel/meego-n900-sources/files/4013-runtime-enable-disable-of-mac80211-packet-injection.patch b/sys-kernel/meego-n900-sources/files/4013-runtime-enable-disable-of-mac80211-packet-injection.patch new file mode 100644 index 0000000..82d9a4c --- /dev/null +++ b/sys-kernel/meego-n900-sources/files/4013-runtime-enable-disable-of-mac80211-packet-injection.patch @@ -0,0 +1,37 @@ +--- net/mac80211/tx.c 2009-11-29 14:59:53.474095955 +0100 ++++ net/mac80211/tx.c 2009-11-29 15:03:06.436871431 +0100 +@@ -670,6 +670,10 @@ + return TX_CONTINUE; + } + ++static int ieee80211_injection_patch = 1; ++module_param(ieee80211_injection_patch, int, 0644); ++MODULE_PARM_DESC(ieee80211_injection_patch, "Enable packet injection patch"); ++ + static ieee80211_tx_result debug_noinline + ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx) + { +@@ -686,14 +690,20 @@ + * excessive retries (ACKing and retrying should be + * handled by the injecting application). + * FIXME This may break hostapd and some other injectors. +- * This should be done using a radiotap flag. ++ * This should be done using a radiotap flag. For the time being, this ++ * may be enabled/disabled in ++ * /sys/module/mac80211/parameters/ieee80211_injection_patch + */ +- if (unlikely((info->flags & IEEE80211_TX_CTL_INJECTED) && +- !(tx->sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))) { ++ if (unlikely(ieee80211_injection_patch && ++ (info->flags & IEEE80211_TX_CTL_INJECTED) && ++ !(tx->sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))) { + if (!ieee80211_has_morefrags(hdr->frame_control)) + info->flags |= IEEE80211_TX_CTL_NO_ACK; + return TX_CONTINUE; + } ++ if (unlikely(!ieee80211_injection_patch && ++ info->control.vif->type == NL80211_IFTYPE_MONITOR)) ++ return TX_CONTINUE; + + if (unlikely(ieee80211_is_ctl(hdr->frame_control))) + return TX_CONTINUE; diff --git a/sys-kernel/meego-n900-sources/files/mac80211.compat08082009.wl_frag+ack_v1.patch b/sys-kernel/meego-n900-sources/files/mac80211.compat08082009.wl_frag+ack_v1.patch new file mode 100644 index 0000000..8b7add3 --- /dev/null +++ b/sys-kernel/meego-n900-sources/files/mac80211.compat08082009.wl_frag+ack_v1.patch @@ -0,0 +1,27 @@ +diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c +index 0855cac..221bed6 100644 +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -677,11 +677,19 @@ int tid; + + /* + * Packet injection may want to control the sequence +- * number, if we have no matching interface then we +- * neither assign one ourselves nor ask the driver to. ++ * number, so if an injected packet is found, skip ++ * renumbering it. Also make the packet NO_ACK to avoid ++ * excessive retries (ACKing and retrying should be ++ * handled by the injecting application). ++ * FIXME This may break hostapd and some other injectors. ++ * This should be done using a radiotap flag. + */ +- if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR)) ++ if (unlikely((info->flags & IEEE80211_TX_CTL_INJECTED) && ++ !(tx->sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))) { ++ if (!ieee80211_has_morefrags(hdr->frame_control)) ++ info->flags |= IEEE80211_TX_CTL_NO_ACK; + return TX_CONTINUE; ++ } + + if (unlikely(ieee80211_is_ctl(hdr->frame_control))) + return TX_CONTINUE; diff --git a/sys-kernel/meego-n900-sources/meego-n900-sources-2.6.33.2.ebuild b/sys-kernel/meego-n900-sources/meego-n900-sources-2.6.33.2.ebuild index cde6b9d..d7eb0fc 100644 --- a/sys-kernel/meego-n900-sources/meego-n900-sources-2.6.33.2.ebuild +++ b/sys-kernel/meego-n900-sources/meego-n900-sources-2.6.33.2.ebuild @@ -13,7 +13,9 @@ ETYPE="sources" inherit kernel-2 detect_version -UNIPATCH_LIST="${DISTDIR}/meego-n900.patch.bz2" +UNIPATCH_LIST="${DISTDIR}/meego-n900.patch.bz2 +${FILESDIR}/mac80211.compat08082009.wl_frag+ack_v1.patch +${FILESDIR}/4013-runtime-enable-disable-of-mac80211-packet-injection.patch" DESCRIPTION="" HOMEPAGE="" |