diff options
Diffstat (limited to 'net/mac80211/rx.c')
-rw-r--r-- | net/mac80211/rx.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 0b9898ac4d87..6e7d6d48fe1e 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c | |||
@@ -1819,17 +1819,26 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames) | |||
1819 | return RX_CONTINUE; | 1819 | return RX_CONTINUE; |
1820 | 1820 | ||
1821 | if (ieee80211_is_back_req(bar->frame_control)) { | 1821 | if (ieee80211_is_back_req(bar->frame_control)) { |
1822 | struct { | ||
1823 | __le16 control, start_seq_num; | ||
1824 | } __packed bar_data; | ||
1825 | |||
1822 | if (!rx->sta) | 1826 | if (!rx->sta) |
1823 | return RX_DROP_MONITOR; | 1827 | return RX_DROP_MONITOR; |
1828 | |||
1829 | if (skb_copy_bits(skb, offsetof(struct ieee80211_bar, control), | ||
1830 | &bar_data, sizeof(bar_data))) | ||
1831 | return RX_DROP_MONITOR; | ||
1832 | |||
1824 | spin_lock(&rx->sta->lock); | 1833 | spin_lock(&rx->sta->lock); |
1825 | tid = le16_to_cpu(bar->control) >> 12; | 1834 | tid = le16_to_cpu(bar_data.control) >> 12; |
1826 | if (!rx->sta->ampdu_mlme.tid_active_rx[tid]) { | 1835 | if (!rx->sta->ampdu_mlme.tid_active_rx[tid]) { |
1827 | spin_unlock(&rx->sta->lock); | 1836 | spin_unlock(&rx->sta->lock); |
1828 | return RX_DROP_MONITOR; | 1837 | return RX_DROP_MONITOR; |
1829 | } | 1838 | } |
1830 | tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid]; | 1839 | tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid]; |
1831 | 1840 | ||
1832 | start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4; | 1841 | start_seq_num = le16_to_cpu(bar_data.start_seq_num) >> 4; |
1833 | 1842 | ||
1834 | /* reset session timer */ | 1843 | /* reset session timer */ |
1835 | if (tid_agg_rx->timeout) | 1844 | if (tid_agg_rx->timeout) |
@@ -1941,6 +1950,9 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx) | |||
1941 | if (len < IEEE80211_MIN_ACTION_SIZE + 1) | 1950 | if (len < IEEE80211_MIN_ACTION_SIZE + 1) |
1942 | break; | 1951 | break; |
1943 | 1952 | ||
1953 | if (sdata->vif.type == NL80211_IFTYPE_STATION) | ||
1954 | return ieee80211_sta_rx_mgmt(sdata, rx->skb); | ||
1955 | |||
1944 | switch (mgmt->u.action.u.addba_req.action_code) { | 1956 | switch (mgmt->u.action.u.addba_req.action_code) { |
1945 | case WLAN_ACTION_ADDBA_REQ: | 1957 | case WLAN_ACTION_ADDBA_REQ: |
1946 | if (len < (IEEE80211_MIN_ACTION_SIZE + | 1958 | if (len < (IEEE80211_MIN_ACTION_SIZE + |