mac80211: simplify RX PN/IV handling

The current rx->queue value is slightly confusing.
It is set to 16 on non-QoS frames, including data,
and then used for sequence number and PN/IV checks.
Until recently, we had a TKIP IV checking bug that
had been introduced in 2008 to fix a seqno issue.
Before that, we always used TID 0 for checking the
PN or IV on non-QoS packets.

Go back to the old status for PN/IV checks using
the TID 0 counter for non-QoS by splitting up the
rx->queue value into "seqno_idx" and "security_idx"
in order to avoid confusion in the future. They
each have special rules on the value used for non-
QoS data frames.

Since the handling is now unified, also revert the
special TKIP handling from my patch
"mac80211: fix TKIP replay vulnerability".

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

1 files changed, 16 insertions, 1 deletions

diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 4f2e424e8b1b..4c7a831e7d1e 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -202,7 +202,22 @@ struct ieee80211_rx_data {
         struct ieee80211_key *key;
 
         unsigned int flags;
-        int queue;
+
+        /*
+         * Index into sequence numbers array, 0..16
+         * since the last (16) is used for non-QoS,
+         * will be 16 on non-QoS frames.
+         */
+        int seqno_idx;
+
+        /*
+         * Index into the security IV/PN arrays, 0..16
+         * since the last (16) is used for CCMP-encrypted
+         * management frames, will be set to 16 on mgmt
+         * frames and 0 on non-QoS frames.
+         */
+        int security_idx;
+
         u32 tkip_iv32;
         u16 tkip_iv16;
 };