mac80211: use nullfunc frames for 4-addr sta detection

To detect incoming 4-addr stations, hostapd needs to receive a 4-addr
data frame from the remote station, so that it can create the AP VLAN
for it. With this patch, the mlme code emits a 4-addr nullfunc frame
immediately after assoc. On the AP side it also drops 4-addr nullfunc
frames to the cooked monitor mode interface, if the interface hasn't
been fully set up to receive 4-addr data frames yet.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

2 files changed, 51 insertions, 0 deletions

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 5484cf930a87..0336dbb45ac5 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -282,6 +282,38 @@ void ieee80211_send_nullfunc(struct ieee80211_local *local,
         ieee80211_tx_skb(sdata, skb);
 }
 
+static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
+                                          struct ieee80211_sub_if_data *sdata)
+{
+        struct sk_buff *skb;
+        struct ieee80211_hdr *nullfunc;
+        __le16 fc;
+
+        if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
+                return;
+
+        skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
+        if (!skb) {
+                printk(KERN_DEBUG "%s: failed to allocate buffer for 4addr "
+                       "nullfunc frame\n", sdata->name);
+                return;
+        }
+        skb_reserve(skb, local->hw.extra_tx_headroom);
+
+        nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30);
+        memset(nullfunc, 0, 30);
+        fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
+                         IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
+        nullfunc->frame_control = fc;
+        memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
+        memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
+        memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
+        memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
+
+        IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
+        ieee80211_tx_skb(sdata, skb);
+}
+
 /* spectrum management related things */
 static void ieee80211_chswitch_work(struct work_struct *work)
 {
@@ -1090,6 +1122,13 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
         ieee80211_set_associated(sdata, cbss, changed);
 
         /*
+         * If we're using 4-addr mode, let the AP know that we're
+         * doing so, so that it can create the STA VLAN on its side
+         */
+        if (ifmgd->use_4addr)
+                ieee80211_send_4addr_nullfunc(local, sdata);
+
+        /*
          * Start timer to probe the connection to the AP now.
          * Also start the timer that will detect beacon loss.
          */
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index e12f39a96460..efa6d3689c5e 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1111,6 +1111,18 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
         if (ieee80211_is_nullfunc(hdr->frame_control) ||
             ieee80211_is_qos_nullfunc(hdr->frame_control)) {
                 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
+
+                /*
+                 * If we receive a 4-addr nullfunc frame from a STA
+                 * that was not moved to a 4-addr STA vlan yet, drop
+                 * the frame to the monitor interface, to make sure
+                 * that hostapd sees it
+                 */
+                if (ieee80211_has_a4(hdr->frame_control) &&
+                    (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
+                     (rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
+                      !rx->sdata->u.vlan.sta)))
+                        return RX_DROP_MONITOR;
                 /*
                  * Update counter and free packet here to avoid
                  * counting this as a dropped packed.