search

cozybit / wpa_s_mesh_android

Other
2 stars 1 forks source link

MPM frames are an incorrect length #23

Closed silverjam closed 10 years ago

silverjam commented 10 years ago 
> * MPM frame content:
>   - The length of Mesh Config IE shall be set to 7 octet. However, within
> MPM action frames, the Mesh Config IE length is set to 8 octet.
silverjam commented 10 years ago

@ashokrajnagarajan I'm not sure how to repro this, (I'll ask Kaz in case it's not obvious)... I would assume we just sniff the traffic, and we'll see an incorrect mesh frame?

bcopeland commented 10 years ago

Yes - just sniff and compare mesh config IE to 802.11-2012 8.4.2.100 Mesh Configuration element. There you will find that the information element should be 9 bytes in length (including eid and len fields). The element id should be 113, the length field should be 7, as Kazuyuki has noted, instead of 8.

bcopeland commented 10 years ago

The bug is at mesh_mpm.c:427 -- it does wpabuf_put_u8(buf, 8) when it should put 7 there, and at the end of that block, it puts in an extra 0 at the end. (While in there, it would be nice to change the capability bits to use define instead of 0x1 | 0x8).

jlopex commented 10 years ago

@bcopeland are you on top of this? Do you want me to submit a patch to fix it?

bcopeland commented 10 years ago

On Fri, Apr 04, 2014 at 08:05:33AM -0700, Javier López wrote:

@bcopeland are you on top of this? Do you want me to submit a patch to fix it?

The fix is pretty obvious but I'm working on the driver bit right now so won't get around to testing it for a while. So - up to you, if you want to fix it, be my guest, or I can get around to it later today.

jlopex commented 10 years ago

I have a patchset for this, just trying to figure out if the plink flags should be stored on the mconf or just define them.

jcard0na commented 10 years ago

I had assigned this to Ashok yesterday and showed him how to reproduce with hwsim and pointed him to where to fix it.

J

On Thursday, April 3, 2014, Jason Mobarak notifications@github.com wrote:

@ashokrajnagarajan https://github.com/ashokrajnagarajan I'm not sure how to repro this, (I'll ask Kaz in case it's not obvious)... I would assume we just sniff the traffic, and we'll see an incorrect mesh frame?

Reply to this email directly or view it on GitHubhttps://github.com/cozybit/wpa_s_mesh_android/issues/23#issuecomment-39529820 .

Javier Cardona cozybit Inc. http://www.cozybit.com