aboutsummaryrefslogtreecommitdiff
path: root/net/mac80211/rx.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211/rx.c')
-rw-r--r--net/mac80211/rx.c423
1 files changed, 340 insertions, 83 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 7175ae80c36..64ebe664eff 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -86,8 +86,7 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local,
if (status->flag & RX_FLAG_TSFT)
len += 8;
- if (local->hw.flags & IEEE80211_HW_SIGNAL_DB ||
- local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
+ if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
len += 1;
if (local->hw.flags & IEEE80211_HW_NOISE_DBM)
len += 1;
@@ -102,7 +101,7 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local,
return len;
}
-/**
+/*
* ieee80211_add_rx_radiotap_header - add radiotap header
*
* add a radiotap header containing all the fields which the hardware provided.
@@ -143,6 +142,8 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
/* IEEE80211_RADIOTAP_FLAGS */
if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
*pos |= IEEE80211_RADIOTAP_F_FCS;
+ if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
+ *pos |= IEEE80211_RADIOTAP_F_BADFCS;
if (status->flag & RX_FLAG_SHORTPRE)
*pos |= IEEE80211_RADIOTAP_F_SHORTPRE;
pos++;
@@ -158,7 +159,7 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
*/
*pos = 0;
} else {
- rthdr->it_present |= (1 << IEEE80211_RADIOTAP_RATE);
+ rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE);
*pos = rate->bitrate / 5;
}
pos++;
@@ -199,23 +200,14 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
*pos = status->antenna;
pos++;
- /* IEEE80211_RADIOTAP_DB_ANTSIGNAL */
- if (local->hw.flags & IEEE80211_HW_SIGNAL_DB) {
- *pos = status->signal;
- rthdr->it_present |=
- cpu_to_le32(1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL);
- pos++;
- }
-
/* IEEE80211_RADIOTAP_DB_ANTNOISE is not used */
/* IEEE80211_RADIOTAP_RX_FLAGS */
/* ensure 2 byte alignment for the 2 byte field as required */
if ((pos - (unsigned char *)rthdr) & 1)
pos++;
- /* FIXME: when radiotap gets a 'bad PLCP' flag use it here */
- if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
- *(__le16 *)pos |= cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADFCS);
+ if (status->flag & RX_FLAG_FAILED_PLCP_CRC)
+ *(__le16 *)pos |= cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADPLCP);
pos += 2;
}
@@ -371,39 +363,50 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
rx->skb->priority = (tid > 7) ? 0 : tid;
}
-static void ieee80211_verify_ip_alignment(struct ieee80211_rx_data *rx)
+/**
+ * DOC: Packet alignment
+ *
+ * Drivers always need to pass packets that are aligned to two-byte boundaries
+ * to the stack.
+ *
+ * Additionally, should, if possible, align the payload data in a way that
+ * guarantees that the contained IP header is aligned to a four-byte
+ * boundary. In the case of regular frames, this simply means aligning the
+ * payload to a four-byte boundary (because either the IP header is directly
+ * contained, or IV/RFC1042 headers that have a length divisible by four are
+ * in front of it).
+ *
+ * With A-MSDU frames, however, the payload data address must yield two modulo
+ * four because there are 14-byte 802.3 headers within the A-MSDU frames that
+ * push the IP header further back to a multiple of four again. Thankfully, the
+ * specs were sane enough this time around to require padding each A-MSDU
+ * subframe to a length that is a multiple of four.
+ *
+ * Padding like Atheros hardware adds which is inbetween the 802.11 header and
+ * the payload is not supported, the driver is required to move the 802.11
+ * header to be directly in front of the payload in that case.
+ */
+static void ieee80211_verify_alignment(struct ieee80211_rx_data *rx)
{
-#ifdef CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
int hdrlen;
+#ifndef CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT
+ return;
+#endif
+
+ if (WARN_ONCE((unsigned long)rx->skb->data & 1,
+ "unaligned packet at 0x%p\n", rx->skb->data))
+ return;
+
if (!ieee80211_is_data_present(hdr->frame_control))
return;
- /*
- * Drivers are required to align the payload data in a way that
- * guarantees that the contained IP header is aligned to a four-
- * byte boundary. In the case of regular frames, this simply means
- * aligning the payload to a four-byte boundary (because either
- * the IP header is directly contained, or IV/RFC1042 headers that
- * have a length divisible by four are in front of it.
- *
- * With A-MSDU frames, however, the payload data address must
- * yield two modulo four because there are 14-byte 802.3 headers
- * within the A-MSDU frames that push the IP header further back
- * to a multiple of four again. Thankfully, the specs were sane
- * enough this time around to require padding each A-MSDU subframe
- * to a length that is a multiple of four.
- *
- * Padding like atheros hardware adds which is inbetween the 802.11
- * header and the payload is not supported, the driver is required
- * to move the 802.11 header further back in that case.
- */
hdrlen = ieee80211_hdrlen(hdr->frame_control);
if (rx->flags & IEEE80211_RX_AMSDU)
hdrlen += ETH_HLEN;
- WARN_ON_ONCE(((unsigned long)(rx->skb->data + hdrlen)) & 3);
-#endif
+ WARN_ONCE(((unsigned long)(rx->skb->data + hdrlen)) & 3,
+ "unaligned IP payload at 0x%p\n", rx->skb->data + hdrlen);
}
@@ -435,6 +438,52 @@ ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx)
return RX_CONTINUE;
}
+
+static int ieee80211_is_unicast_robust_mgmt_frame(struct sk_buff *skb)
+{
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+
+ if (skb->len < 24 || is_multicast_ether_addr(hdr->addr1))
+ return 0;
+
+ return ieee80211_is_robust_mgmt_frame(hdr);
+}
+
+
+static int ieee80211_is_multicast_robust_mgmt_frame(struct sk_buff *skb)
+{
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+
+ if (skb->len < 24 || !is_multicast_ether_addr(hdr->addr1))
+ return 0;
+
+ return ieee80211_is_robust_mgmt_frame(hdr);
+}
+
+
+/* Get the BIP key index from MMIE; return -1 if this is not a BIP frame */
+static int ieee80211_get_mmie_keyidx(struct sk_buff *skb)
+{
+ struct ieee80211_mgmt *hdr = (struct ieee80211_mgmt *) skb->data;
+ struct ieee80211_mmie *mmie;
+
+ if (skb->len < 24 + sizeof(*mmie) ||
+ !is_multicast_ether_addr(hdr->da))
+ return -1;
+
+ if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *) hdr))
+ return -1; /* not a robust management frame */
+
+ mmie = (struct ieee80211_mmie *)
+ (skb->data + skb->len - sizeof(*mmie));
+ if (mmie->element_id != WLAN_EID_MMIE ||
+ mmie->length != sizeof(*mmie) - 2)
+ return -1;
+
+ return le16_to_cpu(mmie->key_id);
+}
+
+
static ieee80211_rx_result
ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
{
@@ -550,21 +599,23 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
int hdrlen;
ieee80211_rx_result result = RX_DROP_UNUSABLE;
struct ieee80211_key *stakey = NULL;
+ int mmie_keyidx = -1;
/*
* Key selection 101
*
- * There are three types of keys:
+ * There are four types of keys:
* - GTK (group keys)
+ * - IGTK (group keys for management frames)
* - PTK (pairwise keys)
* - STK (station-to-station pairwise keys)
*
* When selecting a key, we have to distinguish between multicast
* (including broadcast) and unicast frames, the latter can only
- * use PTKs and STKs while the former always use GTKs. Unless, of
- * course, actual WEP keys ("pre-RSNA") are used, then unicast
- * frames can also use key indizes like GTKs. Hence, if we don't
- * have a PTK/STK we check the key index for a WEP key.
+ * use PTKs and STKs while the former always use GTKs and IGTKs.
+ * Unless, of course, actual WEP keys ("pre-RSNA") are used, then
+ * unicast frames can also use key indices like GTKs. Hence, if we
+ * don't have a PTK/STK we check the key index for a WEP key.
*
* Note that in a regular BSS, multicast frames are sent by the
* AP only, associated stations unicast the frame to the AP first
@@ -577,8 +628,14 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
* possible.
*/
- if (!ieee80211_has_protected(hdr->frame_control))
- return RX_CONTINUE;
+ if (!ieee80211_has_protected(hdr->frame_control)) {
+ if (!ieee80211_is_mgmt(hdr->frame_control) ||
+ rx->sta == NULL || !test_sta_flags(rx->sta, WLAN_STA_MFP))
+ return RX_CONTINUE;
+ mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb);
+ if (mmie_keyidx < 0)
+ return RX_CONTINUE;
+ }
/*
* No point in finding a key and decrypting if the frame is neither
@@ -592,6 +649,16 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
if (!is_multicast_ether_addr(hdr->addr1) && stakey) {
rx->key = stakey;
+ } else if (mmie_keyidx >= 0) {
+ /* Broadcast/multicast robust management frame / BIP */
+ if ((rx->status->flag & RX_FLAG_DECRYPTED) &&
+ (rx->status->flag & RX_FLAG_IV_STRIPPED))
+ return RX_CONTINUE;
+
+ if (mmie_keyidx < NUM_DEFAULT_KEYS ||
+ mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
+ return RX_DROP_MONITOR; /* unexpected BIP keyidx */
+ rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]);
} else {
/*
* The device doesn't give us the IV so we won't be
@@ -654,6 +721,9 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
case ALG_CCMP:
result = ieee80211_crypto_ccmp_decrypt(rx);
break;
+ case ALG_AES_CMAC:
+ result = ieee80211_crypto_aes_cmac_decrypt(rx);
+ break;
}
/* either the frame has been decrypted or will be dropped */
@@ -662,6 +732,39 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
return result;
}
+static ieee80211_rx_result debug_noinline
+ieee80211_rx_h_check_more_data(struct ieee80211_rx_data *rx)
+{
+ struct ieee80211_local *local;
+ struct ieee80211_hdr *hdr;
+ struct sk_buff *skb;
+
+ local = rx->local;
+ skb = rx->skb;
+ hdr = (struct ieee80211_hdr *) skb->data;
+
+ if (!local->pspolling)
+ return RX_CONTINUE;
+
+ if (!ieee80211_has_fromds(hdr->frame_control))
+ /* this is not from AP */
+ return RX_CONTINUE;
+
+ if (!ieee80211_is_data(hdr->frame_control))
+ return RX_CONTINUE;
+
+ if (!ieee80211_has_moredata(hdr->frame_control)) {
+ /* AP has no more frames buffered for us */
+ local->pspolling = false;
+ return RX_CONTINUE;
+ }
+
+ /* more data bit is set, let's request a new frame from the AP */
+ ieee80211_send_pspoll(local, rx->sdata);
+
+ return RX_CONTINUE;
+}
+
static void ap_sta_ps_start(struct sta_info *sta)
{
struct ieee80211_sub_if_data *sdata = sta->sdata;
@@ -736,7 +839,7 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
if (rx->sdata->vif.type == NL80211_IFTYPE_ADHOC) {
u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len,
NL80211_IFTYPE_ADHOC);
- if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0)
+ if (compare_ether_addr(bssid, rx->sdata->u.ibss.bssid) == 0)
sta->last_rx = jiffies;
} else
if (!is_multicast_ether_addr(hdr->addr1) ||
@@ -747,12 +850,19 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
* Mesh beacons will update last_rx when if they are found to
* match the current local configuration when processed.
*/
- sta->last_rx = jiffies;
+ if (rx->sdata->vif.type == NL80211_IFTYPE_STATION &&
+ ieee80211_is_beacon(hdr->frame_control)) {
+ rx->sdata->u.mgd.last_beacon = jiffies;
+ } else
+ sta->last_rx = jiffies;
}
if (!(rx->flags & IEEE80211_RX_RA_MATCH))
return RX_CONTINUE;
+ if (rx->sdata->vif.type == NL80211_IFTYPE_STATION)
+ ieee80211_sta_rx_notify(rx->sdata, hdr);
+
sta->rx_fragments++;
sta->rx_bytes += rx->skb->len;
sta->last_signal = rx->status->signal;
@@ -1101,6 +1211,15 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
/* Drop unencrypted frames if key is set. */
if (unlikely(!ieee80211_has_protected(fc) &&
!ieee80211_is_nullfunc(fc) &&
+ (!ieee80211_is_mgmt(fc) ||
+ (ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
+ rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP))) &&
+ (rx->key || rx->sdata->drop_unencrypted)))
+ return -EACCES;
+ /* BIP does not use Protected field, so need to check MMIE */
+ if (unlikely(rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP) &&
+ ieee80211_is_multicast_robust_mgmt_frame(rx->skb) &&
+ ieee80211_get_mmie_keyidx(rx->skb) < 0 &&
(rx->key || rx->sdata->drop_unencrypted)))
return -EACCES;
@@ -1138,12 +1257,12 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
switch (hdr->frame_control &
cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
- case __constant_cpu_to_le16(IEEE80211_FCTL_TODS):
+ case cpu_to_le16(IEEE80211_FCTL_TODS):
if (unlikely(sdata->vif.type != NL80211_IFTYPE_AP &&
sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
return -1;
break;
- case __constant_cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
+ case cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
if (unlikely(sdata->vif.type != NL80211_IFTYPE_WDS &&
sdata->vif.type != NL80211_IFTYPE_MESH_POINT))
return -1;
@@ -1157,13 +1276,13 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
}
}
break;
- case __constant_cpu_to_le16(IEEE80211_FCTL_FROMDS):
+ case cpu_to_le16(IEEE80211_FCTL_FROMDS):
if (sdata->vif.type != NL80211_IFTYPE_STATION ||
(is_multicast_ether_addr(dst) &&
!compare_ether_addr(src, dev->dev_addr)))
return -1;
break;
- case __constant_cpu_to_le16(0):
+ case cpu_to_le16(0):
if (sdata->vif.type != NL80211_IFTYPE_ADHOC)
return -1;
break;
@@ -1267,10 +1386,37 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
}
if (skb) {
- /* deliver to local stack */
- skb->protocol = eth_type_trans(skb, dev);
- memset(skb->cb, 0, sizeof(skb->cb));
- netif_rx(skb);
+ int align __maybe_unused;
+
+#if defined(CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT) || !defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
+ /*
+ * 'align' will only take the values 0 or 2 here
+ * since all frames are required to be aligned
+ * to 2-byte boundaries when being passed to
+ * mac80211. That also explains the __skb_push()
+ * below.
+ */
+ align = (unsigned long)skb->data & 4;
+ if (align) {
+ if (WARN_ON(skb_headroom(skb) < 3)) {
+ dev_kfree_skb(skb);
+ skb = NULL;
+ } else {
+ u8 *data = skb->data;
+ size_t len = skb->len;
+ u8 *new = __skb_push(skb, align);
+ memmove(new, data, len);
+ __skb_trim(skb, len);
+ }
+ }
+#endif
+
+ if (skb) {
+ /* deliver to local stack */
+ skb->protocol = eth_type_trans(skb, dev);
+ memset(skb->cb, 0, sizeof(skb->cb));
+ netif_rx(skb);
+ }
}
if (xmit_skb) {
@@ -1339,14 +1485,20 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
if (remaining <= subframe_len + padding)
frame = skb;
else {
- frame = dev_alloc_skb(local->hw.extra_tx_headroom +
- subframe_len);
+ /*
+ * Allocate and reserve two bytes more for payload
+ * alignment since sizeof(struct ethhdr) is 14.
+ */
+ frame = dev_alloc_skb(
+ ALIGN(local->hw.extra_tx_headroom, 4) +
+ subframe_len + 2);
if (frame == NULL)
return RX_DROP_UNUSABLE;
- skb_reserve(frame, local->hw.extra_tx_headroom +
- sizeof(struct ethhdr));
+ skb_reserve(frame,
+ ALIGN(local->hw.extra_tx_headroom, 4) +
+ sizeof(struct ethhdr) + 2);
memcpy(skb_put(frame, ntohs(len)), skb->data,
ntohs(len));
@@ -1529,11 +1681,9 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4;
/* reset session timer */
- if (tid_agg_rx->timeout) {
- unsigned long expires =
- jiffies + (tid_agg_rx->timeout / 1000) * HZ;
- mod_timer(&tid_agg_rx->session_timer, expires);
- }
+ if (tid_agg_rx->timeout)
+ mod_timer(&tid_agg_rx->session_timer,
+ TU_TO_EXP_TIME(tid_agg_rx->timeout));
/* manage reordering buffer according to requested */
/* sequence number */
@@ -1547,12 +1697,64 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
return RX_CONTINUE;
}
+static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata,
+ struct ieee80211_mgmt *mgmt,
+ size_t len)
+{
+ struct ieee80211_local *local = sdata->local;
+ struct sk_buff *skb;
+ struct ieee80211_mgmt *resp;
+
+ if (compare_ether_addr(mgmt->da, sdata->dev->dev_addr) != 0) {
+ /* Not to own unicast address */
+ return;
+ }
+
+ if (compare_ether_addr(mgmt->sa, sdata->u.mgd.bssid) != 0 ||
+ compare_ether_addr(mgmt->bssid, sdata->u.mgd.bssid) != 0) {
+ /* Not from the current AP. */
+ return;
+ }
+
+ if (sdata->u.mgd.state == IEEE80211_STA_MLME_ASSOCIATE) {
+ /* Association in progress; ignore SA Query */
+ return;
+ }
+
+ if (len < 24 + 1 + sizeof(resp->u.action.u.sa_query)) {
+ /* Too short SA Query request frame */
+ return;
+ }
+
+ skb = dev_alloc_skb(sizeof(*resp) + local->hw.extra_tx_headroom);
+ if (skb == NULL)
+ return;
+
+ skb_reserve(skb, local->hw.extra_tx_headroom);
+ resp = (struct ieee80211_mgmt *) skb_put(skb, 24);
+ memset(resp, 0, 24);
+ memcpy(resp->da, mgmt->sa, ETH_ALEN);
+ memcpy(resp->sa, sdata->dev->dev_addr, ETH_ALEN);
+ memcpy(resp->bssid, sdata->u.mgd.bssid, ETH_ALEN);
+ resp->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
+ IEEE80211_STYPE_ACTION);
+ skb_put(skb, 1 + sizeof(resp->u.action.u.sa_query));
+ resp->u.action.category = WLAN_CATEGORY_SA_QUERY;
+ resp->u.action.u.sa_query.action = WLAN_ACTION_SA_QUERY_RESPONSE;
+ memcpy(resp->u.action.u.sa_query.trans_id,
+ mgmt->u.action.u.sa_query.trans_id,
+ WLAN_SA_QUERY_TR_ID_LEN);
+
+ ieee80211_tx_skb(sdata, skb, 1);
+}
+
static ieee80211_rx_result debug_noinline
ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
{
struct ieee80211_local *local = rx->local;
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
+ struct ieee80211_bss *bss;
int len = rx->skb->len;
if (!ieee80211_is_action(mgmt->frame_control))
@@ -1564,12 +1766,26 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
if (!(rx->flags & IEEE80211_RX_RA_MATCH))
return RX_DROP_MONITOR;
+ if (ieee80211_drop_unencrypted(rx, mgmt->frame_control))
+ return RX_DROP_MONITOR;
+
/* all categories we currently handle have action_code */
if (len < IEEE80211_MIN_ACTION_SIZE + 1)
return RX_DROP_MONITOR;
switch (mgmt->u.action.category) {
case WLAN_CATEGORY_BACK:
+ /*
+ * The aggregation code is not prepared to handle
+ * anything but STA/AP due to the BSSID handling;
+ * IBSS could work in the code but isn't supported
+ * by drivers or the standard.
+ */
+ if (sdata->vif.type != NL80211_IFTYPE_STATION &&
+ sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
+ sdata->vif.type != NL80211_IFTYPE_AP)
+ return RX_DROP_MONITOR;
+
switch (mgmt->u.action.u.addba_req.action_code) {
case WLAN_ACTION_ADDBA_REQ:
if (len < (IEEE80211_MIN_ACTION_SIZE +
@@ -1594,6 +1810,10 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
case WLAN_CATEGORY_SPECTRUM_MGMT:
if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ)
return RX_DROP_MONITOR;
+
+ if (sdata->vif.type != NL80211_IFTYPE_STATION)
+ return RX_DROP_MONITOR;
+
switch (mgmt->u.action.u.measurement.action_code) {
case WLAN_ACTION_SPCT_MSR_REQ:
if (len < (IEEE80211_MIN_ACTION_SIZE +
@@ -1601,6 +1821,43 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
return RX_DROP_MONITOR;
ieee80211_process_measurement_req(sdata, mgmt, len);
break;
+ case WLAN_ACTION_SPCT_CHL_SWITCH:
+ if (len < (IEEE80211_MIN_ACTION_SIZE +
+ sizeof(mgmt->u.action.u.chan_switch)))
+ return RX_DROP_MONITOR;
+
+ if (memcmp(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN))
+ return RX_DROP_MONITOR;
+
+ bss = ieee80211_rx_bss_get(local, sdata->u.mgd.bssid,
+ local->hw.conf.channel->center_freq,
+ sdata->u.mgd.ssid,
+ sdata->u.mgd.ssid_len);
+ if (!bss)
+ return RX_DROP_MONITOR;
+
+ ieee80211_process_chanswitch(sdata,
+ &mgmt->u.action.u.chan_switch.sw_elem, bss);
+ ieee80211_rx_bss_put(local, bss);
+ break;
+ }
+ break;
+ case WLAN_CATEGORY_SA_QUERY:
+ if (len < (IEEE80211_MIN_ACTION_SIZE +
+ sizeof(mgmt->u.action.u.sa_query)))
+ return RX_DROP_MONITOR;
+ switch (mgmt->u.action.u.sa_query.action) {
+ case WLAN_ACTION_SA_QUERY_REQUEST:
+ if (sdata->vif.type != NL80211_IFTYPE_STATION)
+ return RX_DROP_MONITOR;
+ ieee80211_process_sa_query_req(sdata, mgmt, len);
+ break;
+ case WLAN_ACTION_SA_QUERY_RESPONSE:
+ /*
+ * SA Query response is currently only used in AP mode
+ * and it is processed in user space.
+ */
+ return RX_CONTINUE;
}
break;
default:
@@ -1616,22 +1873,24 @@ static ieee80211_rx_result debug_noinline
ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
{
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
+ struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
if (!(rx->flags & IEEE80211_RX_RA_MATCH))
return RX_DROP_MONITOR;
+ if (ieee80211_drop_unencrypted(rx, mgmt->frame_control))
+ return RX_DROP_MONITOR;
+
if (ieee80211_vif_is_mesh(&sdata->vif))
return ieee80211_mesh_rx_mgmt(sdata, rx->skb, rx->status);
- if (sdata->vif.type != NL80211_IFTYPE_STATION &&
- sdata->vif.type != NL80211_IFTYPE_ADHOC)
- return RX_DROP_MONITOR;
+ if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
+ return ieee80211_ibss_rx_mgmt(sdata, rx->skb, rx->status);
- if (sdata->flags & IEEE80211_SDATA_USERSPACE_MLME)
- return RX_DROP_MONITOR;
+ if (sdata->vif.type == NL80211_IFTYPE_STATION)
+ return ieee80211_sta_rx_mgmt(sdata, rx->skb, rx->status);
- ieee80211_sta_rx_mgmt(sdata, rx->skb, rx->status);
- return RX_QUEUED;
+ return RX_DROP_MONITOR;
}
static void ieee80211_rx_michael_mic_report(struct net_device *dev,
@@ -1780,6 +2039,7 @@ static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
CALL_RXH(ieee80211_rx_h_passive_scan)
CALL_RXH(ieee80211_rx_h_check)
CALL_RXH(ieee80211_rx_h_decrypt)
+ CALL_RXH(ieee80211_rx_h_check_more_data)
CALL_RXH(ieee80211_rx_h_sta_process)
CALL_RXH(ieee80211_rx_h_defragment)
CALL_RXH(ieee80211_rx_h_ps_poll)
@@ -1823,16 +2083,17 @@ static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
/* main receive path */
static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
- u8 *bssid, struct ieee80211_rx_data *rx,
+ struct ieee80211_rx_data *rx,
struct ieee80211_hdr *hdr)
{
+ u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len, sdata->vif.type);
int multicast = is_multicast_ether_addr(hdr->addr1);
switch (sdata->vif.type) {
case NL80211_IFTYPE_STATION:
if (!bssid)
return 0;
- if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
+ if (!ieee80211_bssid_match(bssid, sdata->u.mgd.bssid)) {
if (!(rx->flags & IEEE80211_RX_IN_SCAN))
return 0;
rx->flags &= ~IEEE80211_RX_RA_MATCH;
@@ -1850,7 +2111,7 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
if (ieee80211_is_beacon(hdr->frame_control)) {
return 1;
}
- else if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
+ else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) {
if (!(rx->flags & IEEE80211_RX_IN_SCAN))
return 0;
rx->flags &= ~IEEE80211_RX_RA_MATCH;
@@ -1928,7 +2189,6 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
int prepares;
struct ieee80211_sub_if_data *prev = NULL;
struct sk_buff *skb_new;
- u8 *bssid;
hdr = (struct ieee80211_hdr *)skb->data;
memset(&rx, 0, sizeof(rx));
@@ -1956,7 +2216,7 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
rx.flags |= IEEE80211_RX_IN_SCAN;
ieee80211_parse_qos(&rx);
- ieee80211_verify_ip_alignment(&rx);
+ ieee80211_verify_alignment(&rx);
skb = rx.skb;
@@ -1967,9 +2227,8 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
continue;
- bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
rx.flags |= IEEE80211_RX_RA_MATCH;
- prepares = prepare_for_handlers(sdata, bssid, &rx, hdr);
+ prepares = prepare_for_handlers(sdata, &rx, hdr);
if (!prepares)
continue;
@@ -2174,11 +2433,9 @@ static u8 ieee80211_rx_reorder_ampdu(struct ieee80211_local *local,
/* new un-ordered ampdu frame - process it */
/* reset session timer */
- if (tid_agg_rx->timeout) {
- unsigned long expires =
- jiffies + (tid_agg_rx->timeout / 1000) * HZ;
- mod_timer(&tid_agg_rx->session_timer, expires);
- }
+ if (tid_agg_rx->timeout)
+ mod_timer(&tid_agg_rx->session_timer,
+ TU_TO_EXP_TIME(tid_agg_rx->timeout));
/* if this mpdu is fragmented - terminate rx aggregation session */
sc = le16_to_cpu(hdr->seq_ctrl);