In hostap mode don't send data frames to nodes which aren't in state ASSOC.

Sending data frames to nodes in other states is wrong since the node's
data structure might not be set up properly in such states.
This could explain occasional "key unset for sw crypto" panics observed
with athn(4) hostap interfaces.

Problem reported and fix tested by Mikolaj Kucharski.

diff --git a/sys/net80211/ieee80211_output.c b/sys/net80211/ieee80211_output.c
index 58f6542..8de2361 100644 (file)
--- a/sys/net80211/ieee80211_output.c
+++ b/sys/net80211/ieee80211_output.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ieee80211_output.c,v 1.133 2021/03/10 10:21:48 jsg Exp $      */
+/*     $OpenBSD: ieee80211_output.c,v 1.134 2021/05/11 08:39:32 stsp Exp $     */
 /*     $NetBSD: ieee80211_output.c,v 1.13 2004/05/31 11:02:55 dyoung Exp $     */
 
 /*-
@@ -556,6 +556,14 @@ ieee80211_encap(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node **pni)
                goto bad;
        }
 
+#ifndef IEEE80211_STA_ONLY
+       if (ic->ic_opmode == IEEE80211_M_HOSTAP && ni != ic->ic_bss &&
+           ni->ni_state != IEEE80211_STA_ASSOC) {
+               ic->ic_stats.is_tx_nonode++;
+               goto bad;
+       }
+#endif
+
        if ((ic->ic_flags & IEEE80211_F_RSNON) &&
            !ni->ni_port_valid &&
            eh.ether_type != htons(ETHERTYPE_PAE)) {