From patchwork Mon Sep 28 07:00:26 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Aring X-Patchwork-Id: 523236 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 02FDE1401CD for ; Mon, 28 Sep 2015 17:02:32 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=oV5dhhh4; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756476AbbI1HCY (ORCPT ); Mon, 28 Sep 2015 03:02:24 -0400 Received: from mail-wi0-f169.google.com ([209.85.212.169]:33342 "EHLO mail-wi0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756394AbbI1HCV (ORCPT ); Mon, 28 Sep 2015 03:02:21 -0400 Received: by wiclk2 with SMTP id lk2so90691792wic.0; Mon, 28 Sep 2015 00:02:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=C39uwzvv0dbYaJ/hUXILgEdakixQe84QKRL4Zk8l6Uk=; b=oV5dhhh4nnhvkQ0mrCKypEQrb2KzxZ5HQV2+7CsayT3LQrNt4lgponTq090pQpihMc rLZuCLO/FjSgioe+yS1e0bn0hSWaE0gASe7DilcXpkpF1ggpqlo276Tg5R93XcxHxHWH MLLIPNGSKxCz3ejVZyQFzbKNQylFjHKoWnZrSWonYADbbTJeH77Zhxf82VBVPIgZsXZP 8l3cQ8sNVtTSJKFU4BIClDQQa7EIaAxXbZsbrR9jZ7H0eyEVo/+17Z5J9V6L0LY2mkwV e3MU0Ruj1BXjljdMR/DWuNhYOi2JmmOqEfhA8w+yCoIp6SDvPGoFyt2k4fzLzErtP+gG Fpew== X-Received: by 10.194.202.137 with SMTP id ki9mr19180329wjc.16.1443423739619; Mon, 28 Sep 2015 00:02:19 -0700 (PDT) Received: from omega.localdomain (p4FD38193.dip0.t-ipconnect.de. [79.211.129.147]) by smtp.gmail.com with ESMTPSA id fx2sm16602830wib.24.2015.09.28.00.02.18 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 28 Sep 2015 00:02:18 -0700 (PDT) From: Alexander Aring To: linux-wpan@vger.kernel.org Cc: kernel@pengutronix.de, netdev@vger.kernel.org, phoebe.buckheister@itwm.fraunhofer.de, Alexander Aring Subject: [PATCH bluetooth-next 4/4] mac802154: add comments for llsec issues Date: Mon, 28 Sep 2015 09:00:26 +0200 Message-Id: <1443423626-3609-5-git-send-email-alex.aring@gmail.com> X-Mailer: git-send-email 2.5.3 In-Reply-To: <1443423626-3609-1-git-send-email-alex.aring@gmail.com> References: <1443423626-3609-1-git-send-email-alex.aring@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org While doing a little test with the llsec implementation I saw these issues. We should move decryption and encruption somewhere else, otherwise while capturing with wireshark the mac header shows secuirty fields but the payload is plaintext. A complete other issue is what doing with HardMAC drivers where the payload is always plaintext. I think we need a special handling then in userspace. We currently doesn't support any HardMAC transceivers, so we should fix the first issue for SoftMAC transceivers. Signed-off-by: Alexander Aring --- net/mac802154/rx.c | 4 ++++ net/mac802154/tx.c | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/net/mac802154/rx.c b/net/mac802154/rx.c index d1c33c1..42e9672 100644 --- a/net/mac802154/rx.c +++ b/net/mac802154/rx.c @@ -87,6 +87,10 @@ ieee802154_subif_frame(struct ieee802154_sub_if_data *sdata, skb->dev = sdata->dev; + /* TODO this should be moved after netif_receive_skb call, otherwise + * wireshark will show a mac header with security fields and the + * payload is already decrypted. + */ rc = mac802154_llsec_decrypt(&sdata->sec, skb); if (rc) { pr_debug("decryption failed: %i\n", rc); diff --git a/net/mac802154/tx.c b/net/mac802154/tx.c index 5ee596e..b205bbe 100644 --- a/net/mac802154/tx.c +++ b/net/mac802154/tx.c @@ -129,6 +129,10 @@ ieee802154_subif_start_xmit(struct sk_buff *skb, struct net_device *dev) struct ieee802154_sub_if_data *sdata = IEEE802154_DEV_TO_SUB_IF(dev); int rc; + /* TODO we should move it to wpan_dev_hard_header and dev_hard_header + * functions. The reason is wireshark will show a mac header which is + * with security fields but the payload is not encrypted. + */ rc = mac802154_llsec_encrypt(&sdata->sec, skb); if (rc) { netdev_warn(dev, "encryption failed: %i\n", rc);