LLC XID flood between two Linux devices on the same WLAN

sergey.michelson · ‎03-23-2022

I have multiple devices (about 100 on a site) that flooding L2 with XID LLC packets. they should not communicate with each other at all .

the devices system:

Linux Variscite imx6

Linux 4.9.88-10180-gaaecf09-dirty #2 SMP PREEMPT Wed Dec 26 14:04:36 IST 2018 armv7l armv7l armv7l GNU/Linux

with WL1837 wifi module :

chip.fw_ver_str = Rev 8.9.0.0.79

chip.phy_fw_ver_str = Rev 8.2.0.0.242

wpa_supplicant v2.6

When I installed tcpdump on this linux and recorded pcap file I saw that this devices communicating with each other via XID LLC

Sometimes I see one packet from devices that broadcasting on L2:

"Dear switches, we'd like to draw your attention to the fact that address 7c:01:0a:64:b9:40 has moved."

and then another device that on the same AP sends message to this device:

6 0.190829 TexasIns_32:1a:a8 TexasIns_64:b9:40 XID 20 Basic Format; Type 1 and Type 2 LLCs (Class II LLC); Window Size 127

sometimes it escalating and this devices starting to flood the L2 with messages between each other

i added zip file with two recordings. one XID LLC flood and the other one without flood but you can see there the LLC broadcast message.

Why this is happening and how I can stop the devices communicating with each other? I need that the devices will communicate only with the gateway.

thanks in advance,

Sergey.M

Flavio Miranda · ‎03-23-2022

Which Wireless Lan Controller are you using? Depending on the model, you can enable "p2p blocking" on the wlan and then devices will not be able to comunication each other.

sergey.michelson · ‎03-23-2022

it disabled :

p2p_disabled=1

I using wpa_supplicant v2.6.