diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/mac80211/rx.c | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index a5619d1f9a3b..c985c7a537db 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c | |||
@@ -1179,8 +1179,6 @@ static void ieee80211_rx_michael_mic_report(struct net_device *dev, | |||
1179 | else | 1179 | else |
1180 | keyidx = -1; | 1180 | keyidx = -1; |
1181 | 1181 | ||
1182 | /* TODO: verify that this is not triggered by fragmented | ||
1183 | * frames (hw does not verify MIC for them). */ | ||
1184 | if (net_ratelimit()) | 1182 | if (net_ratelimit()) |
1185 | printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC " | 1183 | printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC " |
1186 | "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n", | 1184 | "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n", |
@@ -1188,9 +1186,10 @@ static void ieee80211_rx_michael_mic_report(struct net_device *dev, | |||
1188 | keyidx); | 1186 | keyidx); |
1189 | 1187 | ||
1190 | if (!sta) { | 1188 | if (!sta) { |
1191 | /* Some hardware versions seem to generate incorrect | 1189 | /* |
1192 | * Michael MIC reports; ignore them to avoid triggering | 1190 | * Some hardware seem to generate incorrect Michael MIC |
1193 | * countermeasures. */ | 1191 | * reports; ignore them to avoid triggering countermeasures. |
1192 | */ | ||
1194 | if (net_ratelimit()) | 1193 | if (net_ratelimit()) |
1195 | printk(KERN_DEBUG "%s: ignored spurious Michael MIC " | 1194 | printk(KERN_DEBUG "%s: ignored spurious Michael MIC " |
1196 | "error for unknown address " MAC_FMT "\n", | 1195 | "error for unknown address " MAC_FMT "\n", |
@@ -1201,16 +1200,18 @@ static void ieee80211_rx_michael_mic_report(struct net_device *dev, | |||
1201 | if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) { | 1200 | if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) { |
1202 | if (net_ratelimit()) | 1201 | if (net_ratelimit()) |
1203 | printk(KERN_DEBUG "%s: ignored spurious Michael MIC " | 1202 | printk(KERN_DEBUG "%s: ignored spurious Michael MIC " |
1204 | "error for a frame with no ISWEP flag (src " | 1203 | "error for a frame with no PROTECTED flag (src " |
1205 | MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2)); | 1204 | MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2)); |
1206 | goto ignore; | 1205 | goto ignore; |
1207 | } | 1206 | } |
1208 | 1207 | ||
1209 | if (rx->sdata->type == IEEE80211_IF_TYPE_AP && keyidx) { | 1208 | if (rx->sdata->type == IEEE80211_IF_TYPE_AP && keyidx) { |
1210 | /* AP with Pairwise keys support should never receive Michael | 1209 | /* |
1211 | * MIC errors for non-zero keyidx because these are reserved | 1210 | * APs with pairwise keys should never receive Michael MIC |
1212 | * for group keys and only the AP is sending real multicast | 1211 | * errors for non-zero keyidx because these are reserved for |
1213 | * frames in BSS. */ | 1212 | * group keys and only the AP is sending real multicast |
1213 | * frames in the BSS. | ||
1214 | */ | ||
1214 | if (net_ratelimit()) | 1215 | if (net_ratelimit()) |
1215 | printk(KERN_DEBUG "%s: ignored Michael MIC error for " | 1216 | printk(KERN_DEBUG "%s: ignored Michael MIC error for " |
1216 | "a frame with non-zero keyidx (%d)" | 1217 | "a frame with non-zero keyidx (%d)" |
@@ -1230,10 +1231,6 @@ static void ieee80211_rx_michael_mic_report(struct net_device *dev, | |||
1230 | goto ignore; | 1231 | goto ignore; |
1231 | } | 1232 | } |
1232 | 1233 | ||
1233 | /* TODO: consider verifying the MIC error report with software | ||
1234 | * implementation if we get too many spurious reports from the | ||
1235 | * hardware. */ | ||
1236 | |||
1237 | mac80211_ev_michael_mic_failure(rx->dev, keyidx, hdr); | 1234 | mac80211_ev_michael_mic_failure(rx->dev, keyidx, hdr); |
1238 | ignore: | 1235 | ignore: |
1239 | dev_kfree_skb(rx->skb); | 1236 | dev_kfree_skb(rx->skb); |