search

zephyrproject-rtos / zephyr

Primary Git Repository for the Zephyr Project. Zephyr is a new generation, scalable, optimized, secure RTOS for multiple hardware architectures.
https://docs.zephyrproject.org
Apache License 2.0
10.85k stars 6.61k forks source link

net: l2: ieee802154: IEEE-802.15.4 packets dropped when CONFIG_NET_L2_IEEE802154_SECURITY is enabled #78490

Closed lorc-dev closed 1 month ago

lorc-dev commented 1 month ago

Describe the bug When CONFIG_NET_L2_IEEE802154_SECURITY is enabled, ieee802154_decipher_data_frame() always fails when checking the src address length, resulting in dropping the packet (ieee802154_frame.c#L968). The length is always 0, as it is not yet set when called from ieee802154_recv().

This seems to be introduced here: #53734.

Possible solution In ieee802154_recv() the src and dst address should be set before calling ieee802154_decipher_data_frame() and be swapped to big endian after it:

set_pkt_ll_addr(net_pkt_lladdr_src(pkt), !fs->fc.pan_id_comp, fs->fc.src_addr_mode, mpdu.mhr.src_addr);
set_pkt_ll_addr(net_pkt_lladdr_dst(pkt), true, fs->fc.dst_addr_mode, mpdu.mhr.dst_addr);

if (!ieee802154_decipher_data_frame(iface, pkt, &mpdu)) {
return NET_DROP;
}

/* The net stack expects link layer addresses to be in
* big endian format for posix compliance so we must swap it.
*/
sys_mem_swap(net_pkt_lladdr_src(pkt)->addr, net_pkt_lladdr_src(pkt)->len);
sys_mem_swap(net_pkt_lladdr_dst(pkt)->addr, net_pkt_lladdr_dst(pkt)->len);

To Reproduce Run any IEEE-802.15.4 example with CONFIG_NET_L2_IEEE802154_SECURITY enabled.

Logs and console output

Decrypting packages with short source addresses is not supported.

Environment (please complete the following information):

ghost commented 1 month ago

@lorc-dev Thanks for this detailed bug report and analysis. I'll look into it as soon as possible.