From 41c5dbf961086fdd45de20ba8342e5123d20a2fd Mon Sep 17 00:00:00 2001 From: kkrentz Date: Sun, 12 Jan 2014 04:58:34 -0800 Subject: [PATCH] llsec: Disable duplicate detection when the LLSEC driver provides replay protection anyway. --- core/net/mac/contikimac/contikimac.c | 2 ++ core/net/mac/nullrdc.c | 3 +++ core/net/mac/rdc.h | 10 ++++++++++ 3 files changed, 15 insertions(+) diff --git a/core/net/mac/contikimac/contikimac.c b/core/net/mac/contikimac/contikimac.c index 60e3d2569..0da262e23 100644 --- a/core/net/mac/contikimac/contikimac.c +++ b/core/net/mac/contikimac/contikimac.c @@ -971,6 +971,7 @@ input_packet(void) ctimer_stop(&ct); } +#if RDC_WITH_DUPLICATE_DETECTION /* Check for duplicate packet. */ if(mac_sequence_is_duplicate()) { /* Drop the packet. */ @@ -978,6 +979,7 @@ input_packet(void) return; } mac_sequence_register_seqno(); +#endif /* RDC_WITH_DUPLICATE_DETECTION */ #if CONTIKIMAC_CONF_COMPOWER /* Accumulate the power consumption for the packet reception. */ diff --git a/core/net/mac/nullrdc.c b/core/net/mac/nullrdc.c index 36565607c..e0e91bff4 100644 --- a/core/net/mac/nullrdc.c +++ b/core/net/mac/nullrdc.c @@ -298,6 +298,7 @@ packet_input(void) int duplicate = 0; #if NULLRDC_802154_AUTOACK || NULLRDC_802154_AUTOACK_HW +#if RDC_WITH_DUPLICATE_DETECTION /* Check for duplicate packet. */ duplicate = mac_sequence_is_duplicate(); if(duplicate) { @@ -307,8 +308,10 @@ packet_input(void) } else { mac_sequence_register_seqno(); } +#endif /* RDC_WITH_DUPLICATE_DETECTION */ #endif /* NULLRDC_802154_AUTOACK */ +/* TODO We may want to acknowledge only authentic frames */ #if NULLRDC_SEND_802154_ACK { frame802154_t info154; diff --git a/core/net/mac/rdc.h b/core/net/mac/rdc.h index 9a47605b7..0818a9b40 100644 --- a/core/net/mac/rdc.h +++ b/core/net/mac/rdc.h @@ -44,6 +44,16 @@ #include "contiki-conf.h" #include "net/mac/mac.h" +#ifdef RDC_CONF_WITH_DUPLICATE_DETECTION +#define RDC_WITH_DUPLICATE_DETECTION RDC_CONF_WITH_DUPLICATE_DETECTION +#else /* RDC_CONF_WITH_DUPLICATE_DETECTION */ +/* As frames can be spoofed, the RDC layer should not discard a + frame because it has seen its sequence number already. Replay + protection should be implemented at the LLSEC layer where the + authenticity of frames is verified. */ +#define RDC_WITH_DUPLICATE_DETECTION !LLSEC802154_CONF_SECURITY_LEVEL +#endif /* RDC_CONF_WITH_DUPLICATE_DETECTION */ + /* List of packets to be sent by RDC layer */ struct rdc_buf_list { struct rdc_buf_list *next;