aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/rx.c62
-rw-r--r--net/mac80211/tx.c2
2 files changed, 25 insertions, 39 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 60e9ea11115f..4e9631c140a3 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -821,7 +821,7 @@ ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
821 821
822static inline struct ieee80211_fragment_entry * 822static inline struct ieee80211_fragment_entry *
823ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata, 823ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
824 u16 fc, unsigned int frag, unsigned int seq, 824 unsigned int frag, unsigned int seq,
825 int rx_queue, struct ieee80211_hdr *hdr) 825 int rx_queue, struct ieee80211_hdr *hdr)
826{ 826{
827 struct ieee80211_fragment_entry *entry; 827 struct ieee80211_fragment_entry *entry;
@@ -830,7 +830,6 @@ ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
830 idx = sdata->fragment_next; 830 idx = sdata->fragment_next;
831 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) { 831 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
832 struct ieee80211_hdr *f_hdr; 832 struct ieee80211_hdr *f_hdr;
833 u16 f_fc;
834 833
835 idx--; 834 idx--;
836 if (idx < 0) 835 if (idx < 0)
@@ -842,10 +841,13 @@ ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
842 entry->last_frag + 1 != frag) 841 entry->last_frag + 1 != frag)
843 continue; 842 continue;
844 843
845 f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data; 844 f_hdr = (struct ieee80211_hdr *)entry->skb_list.next->data;
846 f_fc = le16_to_cpu(f_hdr->frame_control);
847 845
848 if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) || 846 /*
847 * Check ftype and addresses are equal, else check next fragment
848 */
849 if (((hdr->frame_control ^ f_hdr->frame_control) &
850 cpu_to_le16(IEEE80211_FCTL_FTYPE)) ||
849 compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 || 851 compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 ||
850 compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0) 852 compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0)
851 continue; 853 continue;
@@ -870,11 +872,11 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
870 struct sk_buff *skb; 872 struct sk_buff *skb;
871 DECLARE_MAC_BUF(mac); 873 DECLARE_MAC_BUF(mac);
872 874
873 hdr = (struct ieee80211_hdr *) rx->skb->data; 875 hdr = (struct ieee80211_hdr *)rx->skb->data;
874 sc = le16_to_cpu(hdr->seq_ctrl); 876 sc = le16_to_cpu(hdr->seq_ctrl);
875 frag = sc & IEEE80211_SCTL_FRAG; 877 frag = sc & IEEE80211_SCTL_FRAG;
876 878
877 if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) || 879 if (likely((!ieee80211_has_morefrags(hdr->frame_control) && frag == 0) ||
878 (rx->skb)->len < 24 || 880 (rx->skb)->len < 24 ||
879 is_multicast_ether_addr(hdr->addr1))) { 881 is_multicast_ether_addr(hdr->addr1))) {
880 /* not fragmented */ 882 /* not fragmented */
@@ -889,7 +891,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
889 entry = ieee80211_reassemble_add(rx->sdata, frag, seq, 891 entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
890 rx->queue, &(rx->skb)); 892 rx->queue, &(rx->skb));
891 if (rx->key && rx->key->conf.alg == ALG_CCMP && 893 if (rx->key && rx->key->conf.alg == ALG_CCMP &&
892 (rx->fc & IEEE80211_FCTL_PROTECTED)) { 894 ieee80211_has_protected(hdr->frame_control)) {
893 /* Store CCMP PN so that we can verify that the next 895 /* Store CCMP PN so that we can verify that the next
894 * fragment has a sequential PN value. */ 896 * fragment has a sequential PN value. */
895 entry->ccmp = 1; 897 entry->ccmp = 1;
@@ -903,8 +905,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
903 /* This is a fragment for a frame that should already be pending in 905 /* This is a fragment for a frame that should already be pending in
904 * fragment cache. Add this fragment to the end of the pending entry. 906 * fragment cache. Add this fragment to the end of the pending entry.
905 */ 907 */
906 entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq, 908 entry = ieee80211_reassemble_find(rx->sdata, frag, seq, rx->queue, hdr);
907 rx->queue, hdr);
908 if (!entry) { 909 if (!entry) {
909 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag); 910 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
910 return RX_DROP_MONITOR; 911 return RX_DROP_MONITOR;
@@ -929,7 +930,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
929 memcpy(entry->last_pn, pn, CCMP_PN_LEN); 930 memcpy(entry->last_pn, pn, CCMP_PN_LEN);
930 } 931 }
931 932
932 skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc)); 933 skb_pull(rx->skb, ieee80211_hdrlen(hdr->frame_control));
933 __skb_queue_tail(&entry->skb_list, rx->skb); 934 __skb_queue_tail(&entry->skb_list, rx->skb);
934 entry->last_frag = frag; 935 entry->last_frag = frag;
935 entry->extra_len += rx->skb->len; 936 entry->extra_len += rx->skb->len;
@@ -1096,7 +1097,7 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1096{ 1097{
1097 struct net_device *dev = rx->dev; 1098 struct net_device *dev = rx->dev;
1098 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; 1099 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
1099 u16 fc, hdrlen, ethertype; 1100 u16 hdrlen, ethertype;
1100 u8 *payload; 1101 u8 *payload;
1101 u8 dst[ETH_ALEN]; 1102 u8 dst[ETH_ALEN];
1102 u8 src[ETH_ALEN] __aligned(2); 1103 u8 src[ETH_ALEN] __aligned(2);
@@ -1107,12 +1108,10 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1107 DECLARE_MAC_BUF(mac3); 1108 DECLARE_MAC_BUF(mac3);
1108 DECLARE_MAC_BUF(mac4); 1109 DECLARE_MAC_BUF(mac4);
1109 1110
1110 fc = rx->fc; 1111 if (unlikely(!ieee80211_is_data_present(hdr->frame_control)))
1111
1112 if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
1113 return -1; 1112 return -1;
1114 1113
1115 hdrlen = ieee80211_get_hdrlen(fc); 1114 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1116 1115
1117 if (ieee80211_vif_is_mesh(&sdata->vif)) 1116 if (ieee80211_vif_is_mesh(&sdata->vif))
1118 hdrlen += ieee80211_get_mesh_hdrlen( 1117 hdrlen += ieee80211_get_mesh_hdrlen(
@@ -1127,41 +1126,28 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1127 * 1 0 BSSID SA DA n/a 1126 * 1 0 BSSID SA DA n/a
1128 * 1 1 RA TA DA SA 1127 * 1 1 RA TA DA SA
1129 */ 1128 */
1129 memcpy(dst, ieee80211_get_DA(hdr), ETH_ALEN);
1130 memcpy(src, ieee80211_get_SA(hdr), ETH_ALEN);
1130 1131
1131 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) { 1132 switch (hdr->frame_control &
1132 case IEEE80211_FCTL_TODS: 1133 cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
1133 /* BSSID SA DA */ 1134 case __constant_cpu_to_le16(IEEE80211_FCTL_TODS):
1134 memcpy(dst, hdr->addr3, ETH_ALEN);
1135 memcpy(src, hdr->addr2, ETH_ALEN);
1136
1137 if (unlikely(sdata->vif.type != IEEE80211_IF_TYPE_AP && 1135 if (unlikely(sdata->vif.type != IEEE80211_IF_TYPE_AP &&
1138 sdata->vif.type != IEEE80211_IF_TYPE_VLAN)) 1136 sdata->vif.type != IEEE80211_IF_TYPE_VLAN))
1139 return -1; 1137 return -1;
1140 break; 1138 break;
1141 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS): 1139 case __constant_cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
1142 /* RA TA DA SA */ 1140 if (unlikely(sdata->vif.type != IEEE80211_IF_TYPE_WDS &&
1143 memcpy(dst, hdr->addr3, ETH_ALEN);
1144 memcpy(src, hdr->addr4, ETH_ALEN);
1145
1146 if (unlikely(sdata->vif.type != IEEE80211_IF_TYPE_WDS &&
1147 sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT)) 1141 sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT))
1148 return -1; 1142 return -1;
1149 break; 1143 break;
1150 case IEEE80211_FCTL_FROMDS: 1144 case __constant_cpu_to_le16(IEEE80211_FCTL_FROMDS):
1151 /* DA BSSID SA */
1152 memcpy(dst, hdr->addr1, ETH_ALEN);
1153 memcpy(src, hdr->addr3, ETH_ALEN);
1154
1155 if (sdata->vif.type != IEEE80211_IF_TYPE_STA || 1145 if (sdata->vif.type != IEEE80211_IF_TYPE_STA ||
1156 (is_multicast_ether_addr(dst) && 1146 (is_multicast_ether_addr(dst) &&
1157 !compare_ether_addr(src, dev->dev_addr))) 1147 !compare_ether_addr(src, dev->dev_addr)))
1158 return -1; 1148 return -1;
1159 break; 1149 break;
1160 case 0: 1150 case __constant_cpu_to_le16(0):
1161 /* DA SA BSSID */
1162 memcpy(dst, hdr->addr1, ETH_ALEN);
1163 memcpy(src, hdr->addr2, ETH_ALEN);
1164
1165 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS) 1151 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS)
1166 return -1; 1152 return -1;
1167 break; 1153 break;
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 4788f7b91f49..24146f3387a7 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1025,7 +1025,7 @@ __ieee80211_tx_prepare(struct ieee80211_tx_data *tx,
1025 else if (test_and_clear_sta_flags(tx->sta, WLAN_STA_CLEAR_PS_FILT)) 1025 else if (test_and_clear_sta_flags(tx->sta, WLAN_STA_CLEAR_PS_FILT))
1026 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT; 1026 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1027 1027
1028 hdrlen = ieee80211_get_hdrlen(tx->fc); 1028 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1029 if (skb->len > hdrlen + sizeof(rfc1042_header) + 2) { 1029 if (skb->len > hdrlen + sizeof(rfc1042_header) + 2) {
1030 u8 *pos = &skb->data[hdrlen + sizeof(rfc1042_header)]; 1030 u8 *pos = &skb->data[hdrlen + sizeof(rfc1042_header)];
1031 tx->ethertype = (pos[0] << 8) | pos[1]; 1031 tx->ethertype = (pos[0] << 8) | pos[1];