mac80211: remove port control enable switch, clean up sta flags

This patch removes the 802.1X port acess control enable flag
since it is not required. Instead, set the authorized flag for
each station that we normally communicate with (WDS peers, IBSS
peers and APs we're associated to) and require hostapd to set
the authorized flag for all stations when port control is not
enabled.

Also, since I was working in that area, this documents station
flags and removes the unused "permanent" one.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

8 files changed, 44 insertions, 45 deletions

diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index 829872a3ae81..29f7b98ba1fb 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -91,7 +91,6 @@ static const struct file_operations name##_ops = {			\
 /* common attributes */
 IEEE80211_IF_FILE(channel_use, channel_use, DEC);
 IEEE80211_IF_FILE(drop_unencrypted, drop_unencrypted, DEC);
-IEEE80211_IF_FILE(ieee802_1x_pac, ieee802_1x_pac, DEC);
 
 /* STA/IBSS attributes */
 IEEE80211_IF_FILE(state, u.sta.state, DEC);
@@ -148,7 +147,6 @@ static void add_sta_files(struct ieee80211_sub_if_data *sdata)
 {
         DEBUGFS_ADD(channel_use, sta);
         DEBUGFS_ADD(drop_unencrypted, sta);
-        DEBUGFS_ADD(ieee802_1x_pac, sta);
         DEBUGFS_ADD(state, sta);
         DEBUGFS_ADD(bssid, sta);
         DEBUGFS_ADD(prev_bssid, sta);
@@ -169,7 +167,6 @@ static void add_ap_files(struct ieee80211_sub_if_data *sdata)
 {
         DEBUGFS_ADD(channel_use, ap);
         DEBUGFS_ADD(drop_unencrypted, ap);
-        DEBUGFS_ADD(ieee802_1x_pac, ap);
         DEBUGFS_ADD(num_sta_ps, ap);
         DEBUGFS_ADD(dtim_count, ap);
         DEBUGFS_ADD(num_beacons, ap);
@@ -182,7 +179,6 @@ static void add_wds_files(struct ieee80211_sub_if_data *sdata)
 {
         DEBUGFS_ADD(channel_use, wds);
         DEBUGFS_ADD(drop_unencrypted, wds);
-        DEBUGFS_ADD(ieee802_1x_pac, wds);
         DEBUGFS_ADD(peer, wds);
 }
 
@@ -190,7 +186,6 @@ static void add_vlan_files(struct ieee80211_sub_if_data *sdata)
 {
         DEBUGFS_ADD(channel_use, vlan);
         DEBUGFS_ADD(drop_unencrypted, vlan);
-        DEBUGFS_ADD(ieee802_1x_pac, vlan);
 }
 
 static void add_monitor_files(struct ieee80211_sub_if_data *sdata)
@@ -234,7 +229,6 @@ static void del_sta_files(struct ieee80211_sub_if_data *sdata)
 {
         DEBUGFS_DEL(channel_use, sta);
         DEBUGFS_DEL(drop_unencrypted, sta);
-        DEBUGFS_DEL(ieee802_1x_pac, sta);
         DEBUGFS_DEL(state, sta);
         DEBUGFS_DEL(bssid, sta);
         DEBUGFS_DEL(prev_bssid, sta);
@@ -255,7 +249,6 @@ static void del_ap_files(struct ieee80211_sub_if_data *sdata)
 {
         DEBUGFS_DEL(channel_use, ap);
         DEBUGFS_DEL(drop_unencrypted, ap);
-        DEBUGFS_DEL(ieee802_1x_pac, ap);
         DEBUGFS_DEL(num_sta_ps, ap);
         DEBUGFS_DEL(dtim_count, ap);
         DEBUGFS_DEL(num_beacons, ap);
@@ -268,7 +261,6 @@ static void del_wds_files(struct ieee80211_sub_if_data *sdata)
 {
         DEBUGFS_DEL(channel_use, wds);
         DEBUGFS_DEL(drop_unencrypted, wds);
-        DEBUGFS_DEL(ieee802_1x_pac, wds);
         DEBUGFS_DEL(peer, wds);
 }
 
@@ -276,7 +268,6 @@ static void del_vlan_files(struct ieee80211_sub_if_data *sdata)
 {
         DEBUGFS_DEL(channel_use, vlan);
         DEBUGFS_DEL(drop_unencrypted, vlan);
-        DEBUGFS_DEL(ieee802_1x_pac, vlan);
 }
 
 static void del_monitor_files(struct ieee80211_sub_if_data *sdata)
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index 49660f4e845d..ac61353ae7ce 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -74,12 +74,11 @@ static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
 {
         char buf[100];
         struct sta_info *sta = file->private_data;
-        int res = scnprintf(buf, sizeof(buf), "%s%s%s%s%s%s%s%s%s",
+        int res = scnprintf(buf, sizeof(buf), "%s%s%s%s%s%s%s%s",
                 sta->flags & WLAN_STA_AUTH ? "AUTH\n" : "",
                 sta->flags & WLAN_STA_ASSOC ? "ASSOC\n" : "",
                 sta->flags & WLAN_STA_PS ? "PS\n" : "",
                 sta->flags & WLAN_STA_TIM ? "TIM\n" : "",
-                sta->flags & WLAN_STA_PERM ? "PERM\n" : "",
                 sta->flags & WLAN_STA_AUTHORIZED ? "AUTHORIZED\n" : "",
                 sta->flags & WLAN_STA_SHORT_PREAMBLE ? "SHORT PREAMBLE\n" : "",
                 sta->flags & WLAN_STA_WME ? "WME\n" : "",
diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c
index de894b61a23c..cb09931af86a 100644
--- a/net/mac80211/ieee80211.c
+++ b/net/mac80211/ieee80211.c
@@ -804,6 +804,9 @@ int ieee80211_if_update_wds(struct net_device *dev, u8 *remote_addr)
         sta = sta_info_add(local, dev, remote_addr, GFP_KERNEL);
         if (!sta)
                 return -ENOMEM;
+
+        sta->flags |= WLAN_STA_AUTHORIZED;
+
         sta_info_put(sta);
 
         /* Remove STA entry for the old peer */
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 54eea5f24474..ac802feb7655 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -305,11 +305,6 @@ struct ieee80211_sub_if_data {
         unsigned int flags;
 
         int drop_unencrypted;
-        /*
-         * IEEE 802.1X Port access control in effect,
-         * drop packets to/from unauthorized port
-         */
-        int ieee802_1x_pac;
 
         /*
          * basic rates of this AP or the AP we're associated to
@@ -352,7 +347,6 @@ struct ieee80211_sub_if_data {
                 struct {
                         struct dentry *channel_use;
                         struct dentry *drop_unencrypted;
-                        struct dentry *ieee802_1x_pac;
                         struct dentry *state;
                         struct dentry *bssid;
                         struct dentry *prev_bssid;
@@ -371,7 +365,6 @@ struct ieee80211_sub_if_data {
                 struct {
                         struct dentry *channel_use;
                         struct dentry *drop_unencrypted;
-                        struct dentry *ieee802_1x_pac;
                         struct dentry *num_sta_ps;
                         struct dentry *dtim_count;
                         struct dentry *num_beacons;
@@ -382,13 +375,11 @@ struct ieee80211_sub_if_data {
                 struct {
                         struct dentry *channel_use;
                         struct dentry *drop_unencrypted;
-                        struct dentry *ieee802_1x_pac;
                         struct dentry *peer;
                 } wds;
                 struct {
                         struct dentry *channel_use;
                         struct dentry *drop_unencrypted;
-                        struct dentry *ieee802_1x_pac;
                 } vlan;
                 struct {
                         struct dentry *mode;
diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c
index 0d5e3fee8e53..dac02d001ef0 100644
--- a/net/mac80211/ieee80211_sta.c
+++ b/net/mac80211/ieee80211_sta.c
@@ -1828,7 +1828,8 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
         }
 
         sta->dev = dev;
-        sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP;
+        sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP |
+                      WLAN_STA_AUTHORIZED;
 
         rates = 0;
         basic_rates = 0;
@@ -3791,6 +3792,8 @@ struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
         if (!sta)
                 return NULL;
 
+        sta->flags |= WLAN_STA_AUTHORIZED;
+
         sta->supp_rates[local->hw.conf.channel->band] =
                 sdata->u.sta.supp_rates_bits[local->hw.conf.channel->band];
 
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index c9ff98a93211..0989c212b7c2 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -987,11 +987,11 @@ ieee80211_rx_h_remove_qos_control(struct ieee80211_txrx_data *rx)
 static int
 ieee80211_802_1x_port_control(struct ieee80211_txrx_data *rx)
 {
-        if (unlikely(rx->sdata->ieee802_1x_pac &&
-                     (!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED)))) {
+        if (unlikely(!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED))) {
 #ifdef CONFIG_MAC80211_DEBUG
-                printk(KERN_DEBUG "%s: dropped frame "
-                       "(unauthorized port)\n", rx->dev->name);
+                if (net_ratelimit())
+                        printk(KERN_DEBUG "%s: dropped frame "
+                               "(unauthorized port)\n", rx->dev->name);
 #endif /* CONFIG_MAC80211_DEBUG */
                 return -EACCES;
         }
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index 3573743dfa59..19f3fb412940 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -15,21 +15,35 @@
 #include <linux/kref.h>
 #include "ieee80211_key.h"
 
-/* Stations flags (struct sta_info::flags) */
-#define WLAN_STA_AUTH BIT(0)
-#define WLAN_STA_ASSOC BIT(1)
-#define WLAN_STA_PS BIT(2)
-#define WLAN_STA_TIM BIT(3) /* TIM bit is on for PS stations */
-#define WLAN_STA_PERM BIT(4) /* permanent; do not remove entry on expiration */
-#define WLAN_STA_AUTHORIZED BIT(5) /* If 802.1X is used, this flag is
-                                    * controlling whether STA is authorized to
-                                    * send and receive non-IEEE 802.1X frames
-                                    */
-#define WLAN_STA_SHORT_PREAMBLE BIT(7)
-/* whether this is an AP that we are associated with as a client */
-#define WLAN_STA_ASSOC_AP BIT(8)
-#define WLAN_STA_WME BIT(9)
-#define WLAN_STA_WDS BIT(27)
+/**
+ * enum ieee80211_sta_info_flags - Stations flags
+ *
+ * These flags are used with &struct sta_info's @flags member.
+ *
+ * @WLAN_STA_AUTH: Station is authenticated.
+ * @WLAN_STA_ASSOC: Station is associated.
+ * @WLAN_STA_PS: Station is in power-save mode
+ * @WLAN_STA_TIM: TIM bit is on for this PS station (traffic buffered)
+ * @WLAN_STA_AUTHORIZED: Station is authorized to send/receive traffic.
+ *      This bit is always checked so needs to be enabled for all stations
+ *      when virtual port control is not in use.
+ * @WLAN_STA_SHORT_PREAMBLE: Station is capable of receiving short-preamble
+ *      frames.
+ * @WLAN_STA_ASSOC_AP: We're associated to that station, it is an AP.
+ * @WLAN_STA_WME: Station is a QoS-STA.
+ * @WLAN_STA_WDS: Station is one of our WDS peers.
+ */
+enum ieee80211_sta_info_flags {
+        WLAN_STA_AUTH           = 1<<0,
+        WLAN_STA_ASSOC          = 1<<1,
+        WLAN_STA_PS             = 1<<2,
+        WLAN_STA_TIM            = 1<<3,
+        WLAN_STA_AUTHORIZED     = 1<<4,
+        WLAN_STA_SHORT_PREAMBLE = 1<<5,
+        WLAN_STA_ASSOC_AP       = 1<<6,
+        WLAN_STA_WME            = 1<<7,
+        WLAN_STA_WDS            = 1<<8,
+};
 
 #define STA_TID_NUM 16
 #define ADDBA_RESP_INTERVAL HZ
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 9e5359991985..2b4746441232 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1471,12 +1471,10 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
         }
 
         /*
-         * If port access control is enabled, drop unicast frames to
-         * unauthorised stations unless they are EAPOL frames from the
-         * local station.
+         * Drop unicast frames to unauthorised stations unless they are
+         * EAPOL frames from the local station.
          */
-        if (unlikely(sdata->ieee802_1x_pac &&
-                     !is_multicast_ether_addr(hdr.addr1) &&
+        if (unlikely(!is_multicast_ether_addr(hdr.addr1) &&
                      !(sta_flags & WLAN_STA_AUTHORIZED) &&
                      !(ethertype == ETH_P_PAE &&
                        compare_ether_addr(dev->dev_addr,