hostapd: Avoid key reinstallation in FT handshake
Prevent reinstallation of an already in-use group key
Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
Fix TK configuration to the driver in EAPOL-Key 3/4 retry case
Prevent installation of an all-zero TK
Fix PTK rekeying to generate a new ANonce
TDLS: Reject TPK-TK reconfiguration
WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use
WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
WNM: Ignore WNM-Sleep Mode Response without pending request
FT: Do not allow multiple Reassociation Response frames
TDLS: Ignore incoming TDLS Setup Response retries
Submitted by: jhb
Obtained from: https://w1.fi/security/2017-01/ (against later version)
Security: FreeBSD-SA-17:07
Security: CERT VU#228519
Security: CVE-2017-13077
Security: CVE-2017-13078
Security: CVE-2017-13079
Security: CVE-2017-13080
Security: CVE-2017-13081
Security: CVE-2017-13082
Security: CVE-2017-13086
Security: CVE-2017-13087
Security: CVE-2017-13088
Differential Revision: https://reviews.freebsd.org/D12693
In case of WPA on a WiFi interface, the interface isn't yet ready when
the dhcpcd starts. Sending a packet during that time returns with a
ENOBUFS. That caused the interface to be ignored.
On the upstream repository of dhcpcd, that transient error (and some
others) are already ignored.
Use structure similar to TSEC (if_tsec) driver.
The use of bus_dmamap_sync() differs these network interface drivers.
This should not be the case.
Update #3090.
This avoids the move of entire receive frames to meet the alignment
requirements of the IP header and so on.
Add FECFLAG_RACC feature flag for this similar to the Linux driver.
Update #3090.
Seed the receive buffers of each affine software portal only with 8
mclusters (16KiB) and not 128 (256KiB). We have processor count affine
software portals, see dpaa_bp_seed().
By default, the network interfaces use a pool channel, see
dpaa_get_channel() in dpaa_eth_priv_probe(). To enable a dedicated QMan
software portal, use libbsd,dedicated-portal = "enabled";. This option
is useful for special purpose 10Gbit/s Ethernet processing.
/ {
soc: soc@ffe000000 {
fman0: fman@400000 {
enet7: ethernet@f2000 {
libbsd,dedicated-portal = "enabled";
};
};
};
};
The dequeue support for processor affine QMan portals may be explicitly
disabled. The dequeue support is responsible for receiving frames and
completion of frame transmission, e.g. buffer recycling. Without at
least one enabled dequeue support, there will be no networking.
/ {
qman-portals@ff6000000 {
qman-portal@0 {
libbsd,dequeue = "disabled";
};
};
};
