diff options
Diffstat (limited to 'net/mac80211/rx.c')
| -rw-r--r-- | net/mac80211/rx.c | 38 |
1 files changed, 25 insertions, 13 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 7fa8c6be7bf0..fe2c2a717793 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c | |||
| @@ -331,15 +331,18 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx) | |||
| 331 | { | 331 | { |
| 332 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; | 332 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; |
| 333 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); | 333 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); |
| 334 | int tid; | 334 | int tid, seqno_idx, security_idx; |
| 335 | 335 | ||
| 336 | /* does the frame have a qos control field? */ | 336 | /* does the frame have a qos control field? */ |
| 337 | if (ieee80211_is_data_qos(hdr->frame_control)) { | 337 | if (ieee80211_is_data_qos(hdr->frame_control)) { |
| 338 | u8 *qc = ieee80211_get_qos_ctl(hdr); | 338 | u8 *qc = ieee80211_get_qos_ctl(hdr); |
| 339 | /* frame has qos control */ | 339 | /* frame has qos control */ |
| 340 | tid = *qc & IEEE80211_QOS_CTL_TID_MASK; | 340 | tid = *qc & IEEE80211_QOS_CTL_TID_MASK; |
| 341 | if (*qc & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT) | 341 | if (*qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT) |
| 342 | status->rx_flags |= IEEE80211_RX_AMSDU; | 342 | status->rx_flags |= IEEE80211_RX_AMSDU; |
| 343 | |||
| 344 | seqno_idx = tid; | ||
| 345 | security_idx = tid; | ||
| 343 | } else { | 346 | } else { |
| 344 | /* | 347 | /* |
| 345 | * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"): | 348 | * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"): |
| @@ -352,10 +355,15 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx) | |||
| 352 | * | 355 | * |
| 353 | * We also use that counter for non-QoS STAs. | 356 | * We also use that counter for non-QoS STAs. |
| 354 | */ | 357 | */ |
| 355 | tid = NUM_RX_DATA_QUEUES - 1; | 358 | seqno_idx = NUM_RX_DATA_QUEUES; |
| 359 | security_idx = 0; | ||
| 360 | if (ieee80211_is_mgmt(hdr->frame_control)) | ||
| 361 | security_idx = NUM_RX_DATA_QUEUES; | ||
| 362 | tid = 0; | ||
| 356 | } | 363 | } |
| 357 | 364 | ||
| 358 | rx->queue = tid; | 365 | rx->seqno_idx = seqno_idx; |
| 366 | rx->security_idx = security_idx; | ||
| 359 | /* Set skb->priority to 1d tag if highest order bit of TID is not set. | 367 | /* Set skb->priority to 1d tag if highest order bit of TID is not set. |
| 360 | * For now, set skb->priority to 0 for other cases. */ | 368 | * For now, set skb->priority to 0 for other cases. */ |
| 361 | rx->skb->priority = (tid > 7) ? 0 : tid; | 369 | rx->skb->priority = (tid > 7) ? 0 : tid; |
| @@ -810,7 +818,7 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx) | |||
| 810 | /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ | 818 | /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ |
| 811 | if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { | 819 | if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { |
| 812 | if (unlikely(ieee80211_has_retry(hdr->frame_control) && | 820 | if (unlikely(ieee80211_has_retry(hdr->frame_control) && |
| 813 | rx->sta->last_seq_ctrl[rx->queue] == | 821 | rx->sta->last_seq_ctrl[rx->seqno_idx] == |
| 814 | hdr->seq_ctrl)) { | 822 | hdr->seq_ctrl)) { |
| 815 | if (status->rx_flags & IEEE80211_RX_RA_MATCH) { | 823 | if (status->rx_flags & IEEE80211_RX_RA_MATCH) { |
| 816 | rx->local->dot11FrameDuplicateCount++; | 824 | rx->local->dot11FrameDuplicateCount++; |
| @@ -818,7 +826,7 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx) | |||
| 818 | } | 826 | } |
| 819 | return RX_DROP_UNUSABLE; | 827 | return RX_DROP_UNUSABLE; |
| 820 | } else | 828 | } else |
| 821 | rx->sta->last_seq_ctrl[rx->queue] = hdr->seq_ctrl; | 829 | rx->sta->last_seq_ctrl[rx->seqno_idx] = hdr->seq_ctrl; |
| 822 | } | 830 | } |
| 823 | 831 | ||
| 824 | if (unlikely(rx->skb->len < 16)) { | 832 | if (unlikely(rx->skb->len < 16)) { |
| @@ -1011,6 +1019,9 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) | |||
| 1011 | } | 1019 | } |
| 1012 | 1020 | ||
| 1013 | if (rx->key) { | 1021 | if (rx->key) { |
| 1022 | if (unlikely(rx->key->flags & KEY_FLAG_TAINTED)) | ||
| 1023 | return RX_DROP_MONITOR; | ||
| 1024 | |||
| 1014 | rx->key->tx_rx_count++; | 1025 | rx->key->tx_rx_count++; |
| 1015 | /* TODO: add threshold stuff again */ | 1026 | /* TODO: add threshold stuff again */ |
| 1016 | } else { | 1027 | } else { |
| @@ -1374,11 +1385,10 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | |||
| 1374 | if (frag == 0) { | 1385 | if (frag == 0) { |
| 1375 | /* This is the first fragment of a new frame. */ | 1386 | /* This is the first fragment of a new frame. */ |
| 1376 | entry = ieee80211_reassemble_add(rx->sdata, frag, seq, | 1387 | entry = ieee80211_reassemble_add(rx->sdata, frag, seq, |
| 1377 | rx->queue, &(rx->skb)); | 1388 | rx->seqno_idx, &(rx->skb)); |
| 1378 | if (rx->key && rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP && | 1389 | if (rx->key && rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP && |
| 1379 | ieee80211_has_protected(fc)) { | 1390 | ieee80211_has_protected(fc)) { |
| 1380 | int queue = ieee80211_is_mgmt(fc) ? | 1391 | int queue = rx->security_idx; |
| 1381 | NUM_RX_DATA_QUEUES : rx->queue; | ||
| 1382 | /* Store CCMP PN so that we can verify that the next | 1392 | /* Store CCMP PN so that we can verify that the next |
| 1383 | * fragment has a sequential PN value. */ | 1393 | * fragment has a sequential PN value. */ |
| 1384 | entry->ccmp = 1; | 1394 | entry->ccmp = 1; |
| @@ -1392,7 +1402,8 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | |||
| 1392 | /* This is a fragment for a frame that should already be pending in | 1402 | /* This is a fragment for a frame that should already be pending in |
| 1393 | * fragment cache. Add this fragment to the end of the pending entry. | 1403 | * fragment cache. Add this fragment to the end of the pending entry. |
| 1394 | */ | 1404 | */ |
| 1395 | entry = ieee80211_reassemble_find(rx->sdata, frag, seq, rx->queue, hdr); | 1405 | entry = ieee80211_reassemble_find(rx->sdata, frag, seq, |
| 1406 | rx->seqno_idx, hdr); | ||
| 1396 | if (!entry) { | 1407 | if (!entry) { |
| 1397 | I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag); | 1408 | I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag); |
| 1398 | return RX_DROP_MONITOR; | 1409 | return RX_DROP_MONITOR; |
| @@ -1412,8 +1423,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | |||
| 1412 | if (pn[i]) | 1423 | if (pn[i]) |
| 1413 | break; | 1424 | break; |
| 1414 | } | 1425 | } |
| 1415 | queue = ieee80211_is_mgmt(fc) ? | 1426 | queue = rx->security_idx; |
| 1416 | NUM_RX_DATA_QUEUES : rx->queue; | ||
| 1417 | rpn = rx->key->u.ccmp.rx_pn[queue]; | 1427 | rpn = rx->key->u.ccmp.rx_pn[queue]; |
| 1418 | if (memcmp(pn, rpn, CCMP_PN_LEN)) | 1428 | if (memcmp(pn, rpn, CCMP_PN_LEN)) |
| 1419 | return RX_DROP_UNUSABLE; | 1429 | return RX_DROP_UNUSABLE; |
| @@ -2590,7 +2600,9 @@ void ieee80211_release_reorder_timeout(struct sta_info *sta, int tid) | |||
| 2590 | .sta = sta, | 2600 | .sta = sta, |
| 2591 | .sdata = sta->sdata, | 2601 | .sdata = sta->sdata, |
| 2592 | .local = sta->local, | 2602 | .local = sta->local, |
| 2593 | .queue = tid, | 2603 | /* This is OK -- must be QoS data frame */ |
| 2604 | .security_idx = tid, | ||
| 2605 | .seqno_idx = tid, | ||
| 2594 | .flags = 0, | 2606 | .flags = 0, |
| 2595 | }; | 2607 | }; |
| 2596 | struct tid_ampdu_rx *tid_agg_rx; | 2608 | struct tid_ampdu_rx *tid_agg_rx; |