aboutsummaryrefslogtreecommitdiffstats
path: root/net/ieee80211
Commit message (Collapse)AuthorAge
* [IEEE80211]: avoid integer underflow for runt rx framesJohn W. Linville2007-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reported by Chris Evans <scarybeasts@gmail.com>: > The summary is that an evil 80211 frame can crash out a victim's > machine. It only applies to drivers using the 80211 wireless code, and > only then to certain drivers (and even then depends on a card's > firmware not dropping a dubious packet). I must confess I'm not > keeping track of Linux wireless support, and the different protocol > stacks etc. > > Details are as follows: > > ieee80211_rx() does not explicitly check that "skb->len >= hdrlen". > There are other skb->len checks, but not enough to prevent a subtle > off-by-two error if the frame has the IEEE80211_STYPE_QOS_DATA flag > set. > > This leads to integer underflow and crash here: > > if (frag != 0) > flen -= hdrlen; > > (flen is subsequently used as a memcpy length parameter). How about this? Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] softmac: Fix inability to associate with WEP networksLarry Finger2007-09-21
| | | | | | | | | | | Commit 4cf92a3c was submitted as a fix for bug #8686 at bugzilla.kernel.org (http://bugzilla.kernel.org/show_bug.cgi?id=8686). Unfortunately, the fix led to a new bug, reported by Yoshifuji Hideaki, that prevented association for WEP encrypted networks that use ifconfig to control the device. This patch effectively reverts the earlier commit and does a proper fix for bug #8686. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] softmac: Fix deadlock of wx_set_essid with assoc workMichael Buesch2007-08-06
| | | | | | | | | The essid wireless extension does deadlock against the assoc mutex, as we don't unlock the assoc mutex when flushing the workqueue, which also holds the lock. Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] softmac: Channel is listed twice in scan outputJean Tourrilhes2007-07-17
| | | | | | | | | SoftMAC outputs the channel twice in the scan output. It should display frequency and channel, but only once for each. Signed-off-by: Jean Tourrilhes <jt@hpl.hp.com> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] softmac: Fix ESSID problemJean Tourrilhes2007-07-10
| | | | | | | | | | | Victor Porton reported that the SoftMAC layer had random problem when setting the ESSID : http://bugzilla.kernel.org/show_bug.cgi?id=8686 After investigation, it turned out to be worse, the SoftMAC layer is left in an inconsistent state. The fix is pretty trivial. Signed-off-by: Jean Tourrilhes <jt@hpl.hp.com> Acked-by: Michael Buesch <mb@bu3sch.df> Acked-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] softmac: use list_for_each_entryAkinobu Mita2007-07-08
| | | | | | | | | | Cleanup using list_for_each_entry. Cc: Johannes Berg <johannes@sipsolutions.net> Cc: Joe Jezak <josejx@gentoo.org> Cc: Daniel Drake <dsd@gentoo.org> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] softmac: alloc_ieee80211() NULL checkAkinobu Mita2007-05-29
| | | | | | | | | | This patch adds missing NULL check and trims a line longer than 80 columns. Cc: Johannes Berg <johannes@sipsolutions.net> Cc: Joe Jezak <josejx@gentoo.org> Cc: Daniel Drake <dsd@gentoo.org> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] ieee80211: fix incomplete error messageAkinobu Mita2007-05-29
| | | | | | | | | Fix error message: Unable to network device. --> Unable to allocate network device. Cc: James Ketrenos <jketreno@linux.intel.com> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] ieee80211: include frequency in scan resultsLarry Finger2007-05-08
| | | | | | | | | In ieee80211, the output of scan results lists channels, but not frequencies, which are needed by NetworkManager. This patch uses the new ieee80211_channel_to_freq routine to add the frequency to the output. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] ieee80211: add ieee80211_channel_to_freqLarry Finger2007-05-08
| | | | | | | | The routines that interrogate the ieee80211_geo struct are missing a channel to frequency entry. This patch adds it. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] ieee80211: add missing global needed by IEEE80211_DEBUG_XXXXLarry Finger2007-04-28
| | | | | | | | | Using any of the IEEE80211_DEBUG_XXXX macros in any ieee80211_crypt routine built as a module results in a missing global for 'ieee80211_debug_level'. The fix is to export the symbol in ieee80211. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] ieee80211-crypt: Make some TKIP and CCMP error logging conditionalLarry Finger2007-04-28
| | | | | | | | | | There are messages arising from ieee80211_crypt that spam the logs of casual users. These are changed to be logged only if the user specifically requests the IEEE80211_DEBUG_DROP messages. In either case, the error/drop count is incremented. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] Update my email address from jkmaline@cc.hut.fi to j@w1.fiJouni Malinen2007-04-28
| | | | | | | | | | | | | After 13 years of use, it looks like my email address is finally going to disappear. While this is likely to drop the amount of incoming spam greatly ;-), it may also affect more appropriate messages, so let's update my email address in various places. In addition, Host AP mailing list is subscribers-only and linux-wireless can also be used for discussing issues related to this driver which is now shown in MAINTAINERS. Signed-off-by: Jouni Malinen <j@w1.fi> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [WIRELESS]: Refactor wireless Kconfig.Johannes Berg2007-04-26
| | | | | | | | | | This patch refactors the wireless Kconfig all over and already introduces net/wireless/Kconfig with just the WEXT bit for now, the cfg80211 patch will add to that as well. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SK_BUFF]: Introduce skb_copy_to_linear_data{_offset}Arnaldo Carvalho de Melo2007-04-26
| | | | | | | To clearly state the intent of copying to linear sk_buffs, _offset being a overly long variant but interesting for the sake of saving some bytes. Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
* [SK_BUFF]: Introduce skb_copy_from_linear_data{_offset}Arnaldo Carvalho de Melo2007-04-26
| | | | | | | To clearly state the intent of copying from linear sk_buffs, _offset being a overly long variant but interesting for the sake of saving some bytes. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
* [SK_BUFF]: Convert skb->end to sk_buff_data_tArnaldo Carvalho de Melo2007-04-26
| | | | | | | | Now to convert the last one, skb->data, that will allow many simplifications and removal of some of the offset helpers. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SK_BUFF]: Convert skb->tail to sk_buff_data_tArnaldo Carvalho de Melo2007-04-26
| | | | | | | | | | | | | | | So that it is also an offset from skb->head, reduces its size from 8 to 4 bytes on 64bit architectures, allowing us to combine the 4 bytes hole left by the layer headers conversion, reducing struct sk_buff size to 256 bytes, i.e. 4 64byte cachelines, and since the sk_buff slab cache is SLAB_HWCACHE_ALIGN... :-) Many calculations that previously required that skb->{transport,network, mac}_header be first converted to a pointer now can be done directly, being meaningful as offsets or pointers. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SK_BUFF]: unions of just one member don't get anything done, kill themArnaldo Carvalho de Melo2007-04-26
| | | | | | | | | Renaming skb->h to skb->transport_header, skb->nh to skb->network_header and skb->mac to skb->mac_header, to match the names of the associated helpers (skb[_[re]set]_{transport,network,mac}_header). Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iphArnaldo Carvalho de Melo2007-04-26
| | | | | Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SK_BUFF]: Some more simple skb_reset_network_header conversionsArnaldo Carvalho de Melo2007-04-26
| | | | | | | | | | | | | | | This time of the type: skb->nh.iph = (struct iphdr *)skb->data; That is completely equivalent to: skb->nh.raw = skb->data; Wonder why people love casts... :-) Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SK_BUFF]: Introduce skb_reset_network_header(skb)Arnaldo Carvalho de Melo2007-04-26
| | | | | | | | | | | | For the common, open coded 'skb->nh.raw = skb->data' operation, so that we can later turn skb->nh.raw into a offset, reducing the size of struct sk_buff in 64bit land while possibly keeping it as a pointer on 32bit. This one touches just the most simple case, next will handle the slightly more "complex" cases. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SK_BUFF]: Introduce skb_reset_mac_header(skb)Arnaldo Carvalho de Melo2007-04-26
| | | | | | | | | | | | For the common, open coded 'skb->mac.raw = skb->data' operation, so that we can later turn skb->mac.raw into a offset, reducing the size of struct sk_buff in 64bit land while possibly keeping it as a pointer on 32bit. This one touches just the most simple case, next will handle the slightly more "complex" cases. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ETH]: Make eth_type_trans set skb->dev like the other *_type_transArnaldo Carvalho de Melo2007-04-26
| | | | | | | One less thing for drivers writers to worry about. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET] IEEE80211: Use htons() where appropriate.YOSHIFUJI Hideaki2007-04-26
| | | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] fix typos in net/ieee80211/KconfigPatrick Ringl2007-03-24
| | | | | | | | This is just a QA / cosmetic fix .. [ "a modules" => "a module" ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Merge branch 'upstream' into upstream-jgarzikJohn W. Linville2007-02-17
|\ | | | | | | | | | | | | Conflicts: net/ieee80211/softmac/ieee80211softmac_module.c net/ieee80211/softmac/ieee80211softmac_wx.c
| * [PATCH] ieee80211softmac: Fix setting of initial transmit ratesLarry Finger2007-02-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a bug in ieee80211softmac that always sets the user rate to 11Mbs, no matter the capabilities of the device. This bug was probably beneficial as long as the bcm43xx cards were rate limited; however, most are now capable of relatively high speeds. This patch fixes that bug and eliminates an assert that is no longer needed. Once the cards are capable of full OFDM speeds, the 24 Mbs rate will be changed to 54 Mbs. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | Merge branch 'gfar' of ↵Jeff Garzik2007-02-17
|\ \ | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/galak/powerpc into upstream
| * | [NET] IEEE80211: Fix whitespace errors.YOSHIFUJI Hideaki2007-02-11
| | | | | | | | | | | | | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | Merge branch 'upstream' of ↵Jeff Garzik2007-02-09
|\ \ \ | |/ / |/| / | |/ master.kernel.org:/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream
| * [PATCH] ieee80211: Fix sparse warningLarry Finger2007-02-09
| | | | | | | | | | | | | | | | Sparse issues the warning "warning: symbol 'crypt' shadows an earlier one" in net/ieee80211/ieee80211_tx.c. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | [PATCH] softmac: avoid assert in ieee80211softmac_wx_get_rateJohn W. Linville2007-02-05
|/ | | | | | | | | | | | | | | | Unconfigured bcm43xx device can hit an assert() during wx_get_rate queries. This is because bcm43xx calls ieee80211softmac_start late (i.e. during open instead of probe). bcm43xx_net_open -> bcm43xx_init_board -> bcm43xx_select_wireless_core -> ieee80211softmac_start Fix is to check that device is running before completing ieee80211softmac_wx_get_rate. Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] ieee80211softmac: Fix mutex_lock at exit of ieee80211_softmac_get_genieUlrich Kunitz2006-12-19
| | | | | | | | | | | | | ieee80211softmac_wx_get_genie locks the associnfo mutex at function exit. This patch fixes it. The patch is against Linus' tree (commit af1713e0). Signed-off-by: Ulrich Kunitz <kune@deine-taler.de> Signed-off-by: Michael Buesch <mb@bu3sch.de> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] ieee80211softmac: Fix errors related to the work_struct changesUlrich Kunitz2006-12-19
| | | | | | | | | | | | | | | | | | | The signature of work functions changed recently from a context pointer to the work structure pointer. This caused a problem in the ieee80211softmac code, because the ieee80211softmac_assox_work function has been called directly with a parameter explicitly casted to (void*). This compiled correctly but resulted in a softlock, because mutex_lock was called with the wrong memory address. The patch fixes the problem. Another issue was a wrong call of the schedule_work function. Softmac works again and this fixes the problem I mentioned earlier in the zd1211rw rx tasklet patch. The patch is against Linus' tree (commit af1713e0). Signed-off-by: Ulrich Kunitz <kune@deine-taler.de> Acked-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] workstruct: fix ieee80211-softmac compile problemDavid Howells2006-12-10
| | | | | | | | | | Fix ieee80211-softmac compile problem where it's using schedule_work() on a delayed_work struct. Signed-off-by: David Howells <dhowells@redhat.com> Cc: "John W. Linville" <linville@tuxdriver.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Merge branch 'upstream' of ↵Jeff Garzik2006-12-07
|\ | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream Conflicts: drivers/net/wireless/zd1211rw/zd_mac.h net/ieee80211/softmac/ieee80211softmac_assoc.c
| * [PATCH] softmac: fix unbalanced mutex_lock/unlock in ↵Maxime Austruy2006-12-05
| | | | | | | | | | | | | | | | | | | | | | ieee80211softmac_wx_set_mlme Routine ieee80211softmac_wx_set_mlme has one return that fails to release a mutex acquired at entry. Signed-off-by: Maxime Austruy <maxime@tralhalla.org> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * [PATCH] softmac: Fixed handling of deassociation from APUlrich Kunitz2006-12-05
| | | | | | | | | | | | | | | | | | | | | | In 2.6.19 a deauthentication from the AP doesn't start a reassociation by the softmac code. It appears that mac->associnfo.associating must be set and the ieee80211softmac_assoc_work function must be scheduled. This patch fixes that. Signed-off-by: Ulrich Kunitz <kune@deine-taler.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | Merge branch 'master' of ↵David Howells2006-12-05
|\| | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 Conflicts: drivers/ata/libata-scsi.c include/linux/libata.h Futher merge of Linus's head and compilation fixups. Signed-Off-By: David Howells <dhowells@redhat.com>
| * [PATCH] severing skbuff.h -> mm.hAl Viro2006-12-04
| | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | Merge branch 'master' of ↵David Howells2006-12-05
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 Conflicts: drivers/infiniband/core/iwcm.c drivers/net/chelsio/cxgb2.c drivers/net/wireless/bcm43xx/bcm43xx_main.c drivers/net/wireless/prism54/islpci_eth.c drivers/usb/core/hub.h drivers/usb/input/hid-core.c net/core/netpoll.c Fix up merge failures with Linus's head and fix new compilation failures. Signed-Off-By: David Howells <dhowells@redhat.com>
| * [PATCH] softmac: reduce scan debug outputLarry Finger2006-12-02
| | | | | | | | | | | | | | | | | | When scanning in debug mode, softmac is very chatty in that it puts 3 lines in the logs for each time it scans. This patch has only one line containing all the information previously reported. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * [PATCH] ieee80211: Provide generic get_stats implementationDaniel Drake2006-12-02
| | | | | | | | | | | | | | | | | | | | | | | | bcm43xx and ipw2100 currently duplicate the same simplistic get_stats handler. Additionally, zd1211rw requires the same handler to fix a bug where all stats are reported as 0. This patch adds a generic implementation to the ieee80211 layer, which drivers are free to override. Signed-off-by: Daniel Drake <dsd@gentoo.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * [PATCH] Check ieee80211softmac_auth_resp kmalloc resultArnaldo Carvalho de Melo2006-12-02
| | | | | | | | | | | | | | And use kmemdup and kzalloc where applicable Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * [PATCH] ieee80211softmac: fix verbosity when debug disabledLarry Finger2006-12-02
| | | | | | | | | | | | | | | | | | | | SoftMAC contains a number of debug-type messages that continue to print even when debugging is turned off. This patch substitutes dprintkl for printkl for those lines. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * [PATCH] ieee80211: Drop and count duplicate data frames to remove 'replay ↵Larry Finger2006-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | detected' log messages In the SoftMAC version of the IEEE 802.11 stack, not all duplicate messages are detected. For the most part, there is no difficulty; however for TKIP and CCMP encryption, the duplicates result in a "replay detected" log message where the received and previous values of the TSC are identical. This change adds a new variable to the ieee80211_device structure that holds the 'seq_ctl' value for the previous frame. When a new frame repeats the value, the frame is dropped and the appropriate counter is incremented. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * [PATCH] ieee80211: allow mtu bigger than 1500matthieu castet2006-12-02
| | | | | | | | | | | | | | | | | | | | Hi this patch allow to set the mtu between 1500 and 2304 (max octets in an MSDU) for devices using ieee80211 linux stack. Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * [PATCH] ieee80211: Move IV/ICV stripping into ieee80211_rxDaniel Drake2006-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds a host_strip_iv_icv flag to ieee80211 which indicates that ieee80211_rx should strip the IV/ICV/other security features from the payload. This saves on some memmove() calls in the driver and seems like something that belongs in the stack as it can be used by bcm43xx, ipw2200, and zd1211rw I will submit the ipw2200 patch separately as it needs testing. This patch also adds some sensible variable reuse (idx vs keyidx) in ieee80211_rx Signed-off-by: Daniel Drake <dsd@gentoo.org> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * [PATCH] softmac: remove netif_tx_disable when scanningMichael Buesch2006-11-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the scan section of ieee80211softmac, network transmits are disabled. When SoftMAC re-enables transmits, it may override the wishes of a driver that may have very good reasons for disabling transmits. At least one failure in bcm43xx can be traced to this problem. In addition, several unexplained problems may arise from the unexpected enabling of transmits. Note that making this change introduces a new bug that would allow transmits for the current session to be transmitted on the wrong channel; however, the new bug is much less severe than the one being fixed, as the new one only leads to a few retransmits, whereas the old one can bring the interface down. A fix that will not introduce new bugs is being investigated; however, the current, more serious one should be fixed now. Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>