diff options
| author | Jouni Malinen <jouni.malinen@atheros.com> | 2010-06-11 13:27:33 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2010-06-15 16:00:49 -0400 |
| commit | 9190252c952a33efa1ceff4ef35188f8a27b81cb (patch) | |
| tree | f6c7473c919e7a3f0ff7c1b6543da44f8c338d02 /net/mac80211/rx.c | |
| parent | 05e48e8e437148298f4673e1efe81f9ead5f41d7 (diff) | |
mac80211: Use a separate CCMP PN receive counter for management frames
When management frame protection (IEEE 802.11w) is used, we must use a
separate counter for tracking received CCMP packet number for the
management frames. The previously used NUM_RX_DATA_QUEUESth queue was
shared with data frames when QoS was not used and that can cause
problems in detecting replays incorrectly for robust management frames.
Add a new counter just for robust management frames to avoid this issue.
Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/rx.c')
| -rw-r--r-- | net/mac80211/rx.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 1594ebe80a4f..1f76352caa9e 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c | |||
| @@ -1267,11 +1267,13 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | |||
| 1267 | rx->queue, &(rx->skb)); | 1267 | rx->queue, &(rx->skb)); |
| 1268 | if (rx->key && rx->key->conf.alg == ALG_CCMP && | 1268 | if (rx->key && rx->key->conf.alg == ALG_CCMP && |
| 1269 | ieee80211_has_protected(fc)) { | 1269 | ieee80211_has_protected(fc)) { |
| 1270 | int queue = ieee80211_is_mgmt(fc) ? | ||
| 1271 | NUM_RX_DATA_QUEUES : rx->queue; | ||
| 1270 | /* Store CCMP PN so that we can verify that the next | 1272 | /* Store CCMP PN so that we can verify that the next |
| 1271 | * fragment has a sequential PN value. */ | 1273 | * fragment has a sequential PN value. */ |
| 1272 | entry->ccmp = 1; | 1274 | entry->ccmp = 1; |
| 1273 | memcpy(entry->last_pn, | 1275 | memcpy(entry->last_pn, |
| 1274 | rx->key->u.ccmp.rx_pn[rx->queue], | 1276 | rx->key->u.ccmp.rx_pn[queue], |
| 1275 | CCMP_PN_LEN); | 1277 | CCMP_PN_LEN); |
| 1276 | } | 1278 | } |
| 1277 | return RX_QUEUED; | 1279 | return RX_QUEUED; |
| @@ -1291,6 +1293,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | |||
| 1291 | if (entry->ccmp) { | 1293 | if (entry->ccmp) { |
| 1292 | int i; | 1294 | int i; |
| 1293 | u8 pn[CCMP_PN_LEN], *rpn; | 1295 | u8 pn[CCMP_PN_LEN], *rpn; |
| 1296 | int queue; | ||
| 1294 | if (!rx->key || rx->key->conf.alg != ALG_CCMP) | 1297 | if (!rx->key || rx->key->conf.alg != ALG_CCMP) |
| 1295 | return RX_DROP_UNUSABLE; | 1298 | return RX_DROP_UNUSABLE; |
| 1296 | memcpy(pn, entry->last_pn, CCMP_PN_LEN); | 1299 | memcpy(pn, entry->last_pn, CCMP_PN_LEN); |
| @@ -1299,7 +1302,9 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | |||
| 1299 | if (pn[i]) | 1302 | if (pn[i]) |
| 1300 | break; | 1303 | break; |
| 1301 | } | 1304 | } |
| 1302 | rpn = rx->key->u.ccmp.rx_pn[rx->queue]; | 1305 | queue = ieee80211_is_mgmt(fc) ? |
| 1306 | NUM_RX_DATA_QUEUES : rx->queue; | ||
| 1307 | rpn = rx->key->u.ccmp.rx_pn[queue]; | ||
| 1303 | if (memcmp(pn, rpn, CCMP_PN_LEN)) | 1308 | if (memcmp(pn, rpn, CCMP_PN_LEN)) |
| 1304 | return RX_DROP_UNUSABLE; | 1309 | return RX_DROP_UNUSABLE; |
| 1305 | memcpy(entry->last_pn, pn, CCMP_PN_LEN); | 1310 | memcpy(entry->last_pn, pn, CCMP_PN_LEN); |