Here are a few more fixes for the current cycle:
* check GCMP encryption vs. fragmentation properly; we'd found this problem quite a while ago but waited for the 802.11 spec to be updated * fix RTS/CTS logic in minstrel_ht * fix RX of certain public action frames in AP mode * add mac80211_hwsim to MAC80211 in MAINTAINERS, this helps the kbuild robot pick up the right tree for it -----BEGIN PGP SIGNATURE----- iQIcBAABCgAGBQJW1u7EAAoJEGt7eEactAAdZXsP/il3dCxYtqYtBOzmR8OkDztn yJiapt9aZ/u1a1mfDKfsJ2/8OLsE4pY/fp3G8TttURKNB/26sHWUEYSHWV2Ecfmi 4QFvAiUeO9Ue50ggASno239hp51KIKGcVF5flqKrCjTaSSyUm8YR78S1NlH2N+lT i+i/AidHEdLnTgvYGOUhWu3QyL7Bm5t5wVZPivZUs0Zoos+tTokEj40eYmetQX27 lQMGa/xbvLHYeBcuLSgdQbzUR1jzOi70b9+QkjqhrYrlsc+MZE8ghwOgeAeQx56B 0sg0fZZVI8DIaCD5S3Pj8EP0WnP990DtM+4nSvtfFUYJxEM7LthEV+bs4Gr1MR2q dZESMisKoRWBf2SyUhoVeUO6bV5kY+eTz/wyQCTdFsp9u6jzOgiY7y2aliqbJFgD 0Ydbyqq1dAeRqFaTg/46OAXkUxHW7/8hQC78Cmintevd1nHivZC3eevG6xj22G1N eUvqy+OIv0d2Hg8+CL6oBsexQrKLg4bQFPR6s/doPnXtgsh5JccFYWujClsrNL26 kRb1kYrIqoVWXwnPp1dLF02s6Ny0+AW4xHLQIAwz5HACsJp+SjnpRP3WF9FTPs3V T71dXQ48MLrQ/EVidCpMwJYoUnZ+BWeUf5hHpkxILIP1f0elx3i50eshlMNA/kwb YzufoqiQhICciwEBAgBM =2rZC -----END PGP SIGNATURE----- Merge tag 'mac80211-for-davem-2016-03-02' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Here are a few more fixes for the current cycle: * check GCMP encryption vs. fragmentation properly; we'd found this problem quite a while ago but waited for the 802.11 spec to be updated * fix RTS/CTS logic in minstrel_ht * fix RX of certain public action frames in AP mode * add mac80211_hwsim to MAC80211 in MAINTAINERS, this helps the kbuild robot pick up the right tree for it ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
68df7247f4
@ -6758,6 +6758,7 @@ S: Maintained
|
||||
F: Documentation/networking/mac80211-injection.txt
|
||||
F: include/net/mac80211.h
|
||||
F: net/mac80211/
|
||||
F: drivers/net/wireless/mac80211_hwsim.[ch]
|
||||
|
||||
MACVLAN DRIVER
|
||||
M: Patrick McHardy <kaber@trash.net>
|
||||
|
@ -92,7 +92,7 @@ struct ieee80211_fragment_entry {
|
||||
u16 extra_len;
|
||||
u16 last_frag;
|
||||
u8 rx_queue;
|
||||
bool ccmp; /* Whether fragments were encrypted with CCMP */
|
||||
bool check_sequential_pn; /* needed for CCMP/GCMP */
|
||||
u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
|
||||
};
|
||||
|
||||
|
@ -872,7 +872,7 @@ minstrel_ht_set_rate(struct minstrel_priv *mp, struct minstrel_ht_sta *mi,
|
||||
* - if station is in dynamic SMPS (and streams > 1)
|
||||
* - for fallback rates, to increase chances of getting through
|
||||
*/
|
||||
if (offset > 0 &&
|
||||
if (offset > 0 ||
|
||||
(mi->sta->smps_mode == IEEE80211_SMPS_DYNAMIC &&
|
||||
group->streams > 1)) {
|
||||
ratetbl->rate[offset].count = ratetbl->rate[offset].count_rts;
|
||||
|
@ -1753,7 +1753,7 @@ ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
|
||||
entry->seq = seq;
|
||||
entry->rx_queue = rx_queue;
|
||||
entry->last_frag = frag;
|
||||
entry->ccmp = 0;
|
||||
entry->check_sequential_pn = false;
|
||||
entry->extra_len = 0;
|
||||
|
||||
return entry;
|
||||
@ -1849,15 +1849,27 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
|
||||
rx->seqno_idx, &(rx->skb));
|
||||
if (rx->key &&
|
||||
(rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP ||
|
||||
rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256) &&
|
||||
rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256 ||
|
||||
rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP ||
|
||||
rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP_256) &&
|
||||
ieee80211_has_protected(fc)) {
|
||||
int queue = rx->security_idx;
|
||||
/* Store CCMP PN so that we can verify that the next
|
||||
* fragment has a sequential PN value. */
|
||||
entry->ccmp = 1;
|
||||
|
||||
/* Store CCMP/GCMP PN so that we can verify that the
|
||||
* next fragment has a sequential PN value.
|
||||
*/
|
||||
entry->check_sequential_pn = true;
|
||||
memcpy(entry->last_pn,
|
||||
rx->key->u.ccmp.rx_pn[queue],
|
||||
IEEE80211_CCMP_PN_LEN);
|
||||
BUILD_BUG_ON(offsetof(struct ieee80211_key,
|
||||
u.ccmp.rx_pn) !=
|
||||
offsetof(struct ieee80211_key,
|
||||
u.gcmp.rx_pn));
|
||||
BUILD_BUG_ON(sizeof(rx->key->u.ccmp.rx_pn[queue]) !=
|
||||
sizeof(rx->key->u.gcmp.rx_pn[queue]));
|
||||
BUILD_BUG_ON(IEEE80211_CCMP_PN_LEN !=
|
||||
IEEE80211_GCMP_PN_LEN);
|
||||
}
|
||||
return RX_QUEUED;
|
||||
}
|
||||
@ -1872,15 +1884,21 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
|
||||
return RX_DROP_MONITOR;
|
||||
}
|
||||
|
||||
/* Verify that MPDUs within one MSDU have sequential PN values.
|
||||
* (IEEE 802.11i, 8.3.3.4.5) */
|
||||
if (entry->ccmp) {
|
||||
/* "The receiver shall discard MSDUs and MMPDUs whose constituent
|
||||
* MPDU PN values are not incrementing in steps of 1."
|
||||
* see IEEE P802.11-REVmc/D5.0, 12.5.3.4.4, item d (for CCMP)
|
||||
* and IEEE P802.11-REVmc/D5.0, 12.5.5.4.4, item d (for GCMP)
|
||||
*/
|
||||
if (entry->check_sequential_pn) {
|
||||
int i;
|
||||
u8 pn[IEEE80211_CCMP_PN_LEN], *rpn;
|
||||
int queue;
|
||||
|
||||
if (!rx->key ||
|
||||
(rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP &&
|
||||
rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP_256))
|
||||
rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP_256 &&
|
||||
rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP &&
|
||||
rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP_256))
|
||||
return RX_DROP_UNUSABLE;
|
||||
memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN);
|
||||
for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) {
|
||||
@ -3366,6 +3384,7 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
|
||||
return false;
|
||||
/* ignore action frames to TDLS-peers */
|
||||
if (ieee80211_is_action(hdr->frame_control) &&
|
||||
!is_broadcast_ether_addr(bssid) &&
|
||||
!ether_addr_equal(bssid, hdr->addr1))
|
||||
return false;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user