diff options
Diffstat (limited to 'net/mac80211/rx.c')
| -rw-r--r-- | net/mac80211/rx.c | 140 |
1 files changed, 99 insertions, 41 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index c9755f3d986c..b5c48de81d8b 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c | |||
| @@ -2,7 +2,7 @@ | |||
| 2 | * Copyright 2002-2005, Instant802 Networks, Inc. | 2 | * Copyright 2002-2005, Instant802 Networks, Inc. |
| 3 | * Copyright 2005-2006, Devicescape Software, Inc. | 3 | * Copyright 2005-2006, Devicescape Software, Inc. |
| 4 | * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> | 4 | * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> |
| 5 | * Copyright 2007 Johannes Berg <johannes@sipsolutions.net> | 5 | * Copyright 2007-2010 Johannes Berg <johannes@sipsolutions.net> |
| 6 | * | 6 | * |
| 7 | * This program is free software; you can redistribute it and/or modify | 7 | * This program is free software; you can redistribute it and/or modify |
| 8 | * it under the terms of the GNU General Public License version 2 as | 8 | * it under the terms of the GNU General Public License version 2 as |
| @@ -1397,6 +1397,21 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc) | |||
| 1397 | ieee80211_is_data(fc) && | 1397 | ieee80211_is_data(fc) && |
| 1398 | (rx->key || rx->sdata->drop_unencrypted))) | 1398 | (rx->key || rx->sdata->drop_unencrypted))) |
| 1399 | return -EACCES; | 1399 | return -EACCES; |
| 1400 | |||
| 1401 | return 0; | ||
| 1402 | } | ||
| 1403 | |||
| 1404 | static int | ||
| 1405 | ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx) | ||
| 1406 | { | ||
| 1407 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; | ||
| 1408 | __le16 fc = hdr->frame_control; | ||
| 1409 | int res; | ||
| 1410 | |||
| 1411 | res = ieee80211_drop_unencrypted(rx, fc); | ||
| 1412 | if (unlikely(res)) | ||
| 1413 | return res; | ||
| 1414 | |||
| 1400 | if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) { | 1415 | if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) { |
| 1401 | if (unlikely(ieee80211_is_unicast_robust_mgmt_frame(rx->skb) && | 1416 | if (unlikely(ieee80211_is_unicast_robust_mgmt_frame(rx->skb) && |
| 1402 | rx->key)) | 1417 | rx->key)) |
| @@ -1855,23 +1870,25 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx) | |||
| 1855 | struct ieee80211_local *local = rx->local; | 1870 | struct ieee80211_local *local = rx->local; |
| 1856 | struct ieee80211_sub_if_data *sdata = rx->sdata; | 1871 | struct ieee80211_sub_if_data *sdata = rx->sdata; |
| 1857 | struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; | 1872 | struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; |
| 1873 | struct sk_buff *nskb; | ||
| 1874 | struct ieee80211_rx_status *status; | ||
| 1858 | int len = rx->skb->len; | 1875 | int len = rx->skb->len; |
| 1859 | 1876 | ||
| 1860 | if (!ieee80211_is_action(mgmt->frame_control)) | 1877 | if (!ieee80211_is_action(mgmt->frame_control)) |
| 1861 | return RX_CONTINUE; | 1878 | return RX_CONTINUE; |
| 1862 | 1879 | ||
| 1863 | if (!rx->sta) | 1880 | /* drop too small frames */ |
| 1864 | return RX_DROP_MONITOR; | 1881 | if (len < IEEE80211_MIN_ACTION_SIZE) |
| 1882 | return RX_DROP_UNUSABLE; | ||
| 1865 | 1883 | ||
| 1866 | if (!(rx->flags & IEEE80211_RX_RA_MATCH)) | 1884 | if (!rx->sta && mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) |
| 1867 | return RX_DROP_MONITOR; | 1885 | return RX_DROP_UNUSABLE; |
| 1868 | 1886 | ||
| 1869 | if (ieee80211_drop_unencrypted(rx, mgmt->frame_control)) | 1887 | if (!(rx->flags & IEEE80211_RX_RA_MATCH)) |
| 1870 | return RX_DROP_MONITOR; | 1888 | return RX_DROP_UNUSABLE; |
| 1871 | 1889 | ||
| 1872 | /* all categories we currently handle have action_code */ | 1890 | if (ieee80211_drop_unencrypted_mgmt(rx)) |
| 1873 | if (len < IEEE80211_MIN_ACTION_SIZE + 1) | 1891 | return RX_DROP_UNUSABLE; |
| 1874 | return RX_DROP_MONITOR; | ||
| 1875 | 1892 | ||
| 1876 | switch (mgmt->u.action.category) { | 1893 | switch (mgmt->u.action.category) { |
| 1877 | case WLAN_CATEGORY_BACK: | 1894 | case WLAN_CATEGORY_BACK: |
| @@ -1884,7 +1901,11 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx) | |||
| 1884 | if (sdata->vif.type != NL80211_IFTYPE_STATION && | 1901 | if (sdata->vif.type != NL80211_IFTYPE_STATION && |
| 1885 | sdata->vif.type != NL80211_IFTYPE_AP_VLAN && | 1902 | sdata->vif.type != NL80211_IFTYPE_AP_VLAN && |
| 1886 | sdata->vif.type != NL80211_IFTYPE_AP) | 1903 | sdata->vif.type != NL80211_IFTYPE_AP) |
| 1887 | return RX_DROP_MONITOR; | 1904 | break; |
| 1905 | |||
| 1906 | /* verify action_code is present */ | ||
| 1907 | if (len < IEEE80211_MIN_ACTION_SIZE + 1) | ||
| 1908 | break; | ||
| 1888 | 1909 | ||
| 1889 | switch (mgmt->u.action.u.addba_req.action_code) { | 1910 | switch (mgmt->u.action.u.addba_req.action_code) { |
| 1890 | case WLAN_ACTION_ADDBA_REQ: | 1911 | case WLAN_ACTION_ADDBA_REQ: |
| @@ -1892,45 +1913,49 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx) | |||
| 1892 | sizeof(mgmt->u.action.u.addba_req))) | 1913 | sizeof(mgmt->u.action.u.addba_req))) |
| 1893 | return RX_DROP_MONITOR; | 1914 | return RX_DROP_MONITOR; |
| 1894 | ieee80211_process_addba_request(local, rx->sta, mgmt, len); | 1915 | ieee80211_process_addba_request(local, rx->sta, mgmt, len); |
| 1895 | break; | 1916 | goto handled; |
| 1896 | case WLAN_ACTION_ADDBA_RESP: | 1917 | case WLAN_ACTION_ADDBA_RESP: |
| 1897 | if (len < (IEEE80211_MIN_ACTION_SIZE + | 1918 | if (len < (IEEE80211_MIN_ACTION_SIZE + |
| 1898 | sizeof(mgmt->u.action.u.addba_resp))) | 1919 | sizeof(mgmt->u.action.u.addba_resp))) |
| 1899 | return RX_DROP_MONITOR; | 1920 | break; |
| 1900 | ieee80211_process_addba_resp(local, rx->sta, mgmt, len); | 1921 | ieee80211_process_addba_resp(local, rx->sta, mgmt, len); |
| 1901 | break; | 1922 | goto handled; |
| 1902 | case WLAN_ACTION_DELBA: | 1923 | case WLAN_ACTION_DELBA: |
| 1903 | if (len < (IEEE80211_MIN_ACTION_SIZE + | 1924 | if (len < (IEEE80211_MIN_ACTION_SIZE + |
| 1904 | sizeof(mgmt->u.action.u.delba))) | 1925 | sizeof(mgmt->u.action.u.delba))) |
| 1905 | return RX_DROP_MONITOR; | 1926 | break; |
| 1906 | ieee80211_process_delba(sdata, rx->sta, mgmt, len); | 1927 | ieee80211_process_delba(sdata, rx->sta, mgmt, len); |
| 1907 | break; | 1928 | goto handled; |
| 1908 | } | 1929 | } |
| 1909 | break; | 1930 | break; |
| 1910 | case WLAN_CATEGORY_SPECTRUM_MGMT: | 1931 | case WLAN_CATEGORY_SPECTRUM_MGMT: |
| 1911 | if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ) | 1932 | if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ) |
| 1912 | return RX_DROP_MONITOR; | 1933 | break; |
| 1913 | 1934 | ||
| 1914 | if (sdata->vif.type != NL80211_IFTYPE_STATION) | 1935 | if (sdata->vif.type != NL80211_IFTYPE_STATION) |
| 1915 | return RX_DROP_MONITOR; | 1936 | break; |
| 1937 | |||
| 1938 | /* verify action_code is present */ | ||
| 1939 | if (len < IEEE80211_MIN_ACTION_SIZE + 1) | ||
| 1940 | break; | ||
| 1916 | 1941 | ||
| 1917 | switch (mgmt->u.action.u.measurement.action_code) { | 1942 | switch (mgmt->u.action.u.measurement.action_code) { |
| 1918 | case WLAN_ACTION_SPCT_MSR_REQ: | 1943 | case WLAN_ACTION_SPCT_MSR_REQ: |
| 1919 | if (len < (IEEE80211_MIN_ACTION_SIZE + | 1944 | if (len < (IEEE80211_MIN_ACTION_SIZE + |
| 1920 | sizeof(mgmt->u.action.u.measurement))) | 1945 | sizeof(mgmt->u.action.u.measurement))) |
| 1921 | return RX_DROP_MONITOR; | 1946 | break; |
| 1922 | ieee80211_process_measurement_req(sdata, mgmt, len); | 1947 | ieee80211_process_measurement_req(sdata, mgmt, len); |
| 1923 | break; | 1948 | goto handled; |
| 1924 | case WLAN_ACTION_SPCT_CHL_SWITCH: | 1949 | case WLAN_ACTION_SPCT_CHL_SWITCH: |
| 1925 | if (len < (IEEE80211_MIN_ACTION_SIZE + | 1950 | if (len < (IEEE80211_MIN_ACTION_SIZE + |
| 1926 | sizeof(mgmt->u.action.u.chan_switch))) | 1951 | sizeof(mgmt->u.action.u.chan_switch))) |
| 1927 | return RX_DROP_MONITOR; | 1952 | break; |
| 1928 | 1953 | ||
| 1929 | if (sdata->vif.type != NL80211_IFTYPE_STATION) | 1954 | if (sdata->vif.type != NL80211_IFTYPE_STATION) |
| 1930 | return RX_DROP_MONITOR; | 1955 | break; |
| 1931 | 1956 | ||
| 1932 | if (memcmp(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN)) | 1957 | if (memcmp(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN)) |
| 1933 | return RX_DROP_MONITOR; | 1958 | break; |
| 1934 | 1959 | ||
| 1935 | return ieee80211_sta_rx_mgmt(sdata, rx->skb); | 1960 | return ieee80211_sta_rx_mgmt(sdata, rx->skb); |
| 1936 | } | 1961 | } |
| @@ -1938,30 +1963,64 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx) | |||
| 1938 | case WLAN_CATEGORY_SA_QUERY: | 1963 | case WLAN_CATEGORY_SA_QUERY: |
| 1939 | if (len < (IEEE80211_MIN_ACTION_SIZE + | 1964 | if (len < (IEEE80211_MIN_ACTION_SIZE + |
| 1940 | sizeof(mgmt->u.action.u.sa_query))) | 1965 | sizeof(mgmt->u.action.u.sa_query))) |
| 1941 | return RX_DROP_MONITOR; | 1966 | break; |
| 1967 | |||
| 1942 | switch (mgmt->u.action.u.sa_query.action) { | 1968 | switch (mgmt->u.action.u.sa_query.action) { |
| 1943 | case WLAN_ACTION_SA_QUERY_REQUEST: | 1969 | case WLAN_ACTION_SA_QUERY_REQUEST: |
| 1944 | if (sdata->vif.type != NL80211_IFTYPE_STATION) | 1970 | if (sdata->vif.type != NL80211_IFTYPE_STATION) |
| 1945 | return RX_DROP_MONITOR; | 1971 | break; |
| 1946 | ieee80211_process_sa_query_req(sdata, mgmt, len); | 1972 | ieee80211_process_sa_query_req(sdata, mgmt, len); |
| 1947 | break; | 1973 | goto handled; |
| 1948 | case WLAN_ACTION_SA_QUERY_RESPONSE: | ||
| 1949 | /* | ||
| 1950 | * SA Query response is currently only used in AP mode | ||
| 1951 | * and it is processed in user space. | ||
| 1952 | */ | ||
| 1953 | return RX_CONTINUE; | ||
| 1954 | } | 1974 | } |
| 1955 | break; | 1975 | break; |
| 1956 | default: | 1976 | } |
| 1957 | /* do not process rejected action frames */ | ||
| 1958 | if (mgmt->u.action.category & 0x80) | ||
| 1959 | return RX_DROP_MONITOR; | ||
| 1960 | 1977 | ||
| 1961 | return RX_CONTINUE; | 1978 | /* |
| 1979 | * For AP mode, hostapd is responsible for handling any action | ||
| 1980 | * frames that we didn't handle, including returning unknown | ||
| 1981 | * ones. For all other modes we will return them to the sender, | ||
| 1982 | * setting the 0x80 bit in the action category, as required by | ||
| 1983 | * 802.11-2007 7.3.1.11. | ||
| 1984 | */ | ||
| 1985 | if (sdata->vif.type == NL80211_IFTYPE_AP || | ||
| 1986 | sdata->vif.type == NL80211_IFTYPE_AP_VLAN) | ||
| 1987 | return RX_DROP_MONITOR; | ||
| 1988 | |||
| 1989 | /* | ||
| 1990 | * Getting here means the kernel doesn't know how to handle | ||
| 1991 | * it, but maybe userspace does ... include returned frames | ||
| 1992 | * so userspace can register for those to know whether ones | ||
| 1993 | * it transmitted were processed or returned. | ||
| 1994 | */ | ||
| 1995 | status = IEEE80211_SKB_RXCB(rx->skb); | ||
| 1996 | |||
| 1997 | if (sdata->vif.type == NL80211_IFTYPE_STATION && | ||
| 1998 | cfg80211_rx_action(rx->sdata->dev, status->freq, | ||
| 1999 | rx->skb->data, rx->skb->len, | ||
| 2000 | GFP_ATOMIC)) | ||
| 2001 | goto handled; | ||
| 2002 | |||
| 2003 | /* do not return rejected action frames */ | ||
| 2004 | if (mgmt->u.action.category & 0x80) | ||
| 2005 | return RX_DROP_UNUSABLE; | ||
| 2006 | |||
| 2007 | nskb = skb_copy_expand(rx->skb, local->hw.extra_tx_headroom, 0, | ||
| 2008 | GFP_ATOMIC); | ||
| 2009 | if (nskb) { | ||
| 2010 | struct ieee80211_mgmt *mgmt = (void *)nskb->data; | ||
| 2011 | |||
| 2012 | mgmt->u.action.category |= 0x80; | ||
| 2013 | memcpy(mgmt->da, mgmt->sa, ETH_ALEN); | ||
| 2014 | memcpy(mgmt->sa, rx->sdata->vif.addr, ETH_ALEN); | ||
| 2015 | |||
| 2016 | memset(nskb->cb, 0, sizeof(nskb->cb)); | ||
| 2017 | |||
| 2018 | ieee80211_tx_skb(rx->sdata, nskb); | ||
| 1962 | } | 2019 | } |
| 1963 | 2020 | ||
| 1964 | rx->sta->rx_packets++; | 2021 | handled: |
| 2022 | if (rx->sta) | ||
| 2023 | rx->sta->rx_packets++; | ||
| 1965 | dev_kfree_skb(rx->skb); | 2024 | dev_kfree_skb(rx->skb); |
| 1966 | return RX_QUEUED; | 2025 | return RX_QUEUED; |
| 1967 | } | 2026 | } |
| @@ -1970,14 +2029,13 @@ static ieee80211_rx_result debug_noinline | |||
| 1970 | ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) | 2029 | ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) |
| 1971 | { | 2030 | { |
| 1972 | struct ieee80211_sub_if_data *sdata = rx->sdata; | 2031 | struct ieee80211_sub_if_data *sdata = rx->sdata; |
| 1973 | struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; | ||
| 1974 | ieee80211_rx_result rxs; | 2032 | ieee80211_rx_result rxs; |
| 1975 | 2033 | ||
| 1976 | if (!(rx->flags & IEEE80211_RX_RA_MATCH)) | 2034 | if (!(rx->flags & IEEE80211_RX_RA_MATCH)) |
| 1977 | return RX_DROP_MONITOR; | 2035 | return RX_DROP_MONITOR; |
| 1978 | 2036 | ||
| 1979 | if (ieee80211_drop_unencrypted(rx, mgmt->frame_control)) | 2037 | if (ieee80211_drop_unencrypted_mgmt(rx)) |
| 1980 | return RX_DROP_MONITOR; | 2038 | return RX_DROP_UNUSABLE; |
| 1981 | 2039 | ||
| 1982 | rxs = ieee80211_work_rx_mgmt(rx->sdata, rx->skb); | 2040 | rxs = ieee80211_work_rx_mgmt(rx->sdata, rx->skb); |
| 1983 | if (rxs != RX_CONTINUE) | 2041 | if (rxs != RX_CONTINUE) |