aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2020-03-14 15:31:57 (GMT)
committerJouni Malinen <j@w1.fi>2020-03-14 15:36:41 (GMT)
commit80d41221599b9bcf21dddbd1573ea7e84ae0c913 (patch)
tree6d11efa2778bfc74d160f112d62014c1797645c4
parent839bab785ba251ee4327a3f80d27e5c48fb5551c (diff)
downloadhostap-80d41221599b9bcf21dddbd1573ea7e84ae0c913.zip
hostap-80d41221599b9bcf21dddbd1573ea7e84ae0c913.tar.gz
hostap-80d41221599b9bcf21dddbd1573ea7e84ae0c913.tar.bz2
wlantest: Detect and report plaintext payload in protected frames
Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--wlantest/readpcap.c1
-rw-r--r--wlantest/rx_data.c19
-rw-r--r--wlantest/wlantest.h1
3 files changed, 21 insertions, 0 deletions
diff --git a/wlantest/readpcap.c b/wlantest/readpcap.c
index 6c3853b..1e7e662 100644
--- a/wlantest/readpcap.c
+++ b/wlantest/readpcap.c
@@ -92,6 +92,7 @@ int read_cap_file(struct wlantest *wt, const char *fname)
}
/* Packet was read without problems */
+ wt->frame_num++;
wpa_printf(MSG_EXCESSIVE, "pcap hdr: ts=%d.%06d "
"len=%u/%u",
(int) hdr->ts.tv_sec, (int) hdr->ts.tv_usec,
diff --git a/wlantest/rx_data.c b/wlantest/rx_data.c
index f0f0df9..d86a588 100644
--- a/wlantest/rx_data.c
+++ b/wlantest/rx_data.c
@@ -191,6 +191,23 @@ static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher,
}
+static void check_plaintext_prot(struct wlantest *wt,
+ const struct ieee80211_hdr *hdr,
+ const u8 *data, size_t len)
+{
+ if (len < 8 + 3 || data[8] != 0xaa || data[9] != 0xaa ||
+ data[10] != 0x03)
+ return;
+
+ add_note(wt, MSG_DEBUG,
+ "Plaintext payload in protected frame");
+ wpa_printf(MSG_INFO, "Plaintext payload in protected frame #%u: A2="
+ MACSTR " seq=%u",
+ wt->frame_num, MAC2STR(hdr->addr2),
+ WLAN_GET_SEQ_SEQ(le_to_host16(hdr->seq_ctrl)));
+}
+
+
static void rx_data_bss_prot_group(struct wlantest *wt,
const struct ieee80211_hdr *hdr,
size_t hdrlen,
@@ -241,6 +258,7 @@ static void rx_data_bss_prot_group(struct wlantest *wt,
}
}
+ check_plaintext_prot(wt, hdr, data, len);
keyid = data[3] >> 6;
if (bss->gtk_len[keyid] == 0 && bss->group_cipher != WPA_CIPHER_WEP40)
{
@@ -401,6 +419,7 @@ static void rx_data_bss_prot(struct wlantest *wt,
tdls = found;
}
}
+ check_plaintext_prot(wt, hdr, data, len);
if ((sta == NULL ||
(!sta->ptk_set && sta->pairwise_cipher != WPA_CIPHER_WEP40)) &&
tk == NULL) {
diff --git a/wlantest/wlantest.h b/wlantest/wlantest.h
index 2cf5196..e2395d0 100644
--- a/wlantest/wlantest.h
+++ b/wlantest/wlantest.h
@@ -195,6 +195,7 @@ struct wlantest {
unsigned int rx_ctrl;
unsigned int rx_data;
unsigned int fcs_error;
+ unsigned int frame_num;
void *write_pcap; /* pcap_t* */
void *write_pcap_dumper; /* pcpa_dumper_t */