On Tue, 2007-12-18 at 17:23 +0200, Ron Rindjunsky wrote:
> This patch fixes should_drop_frame function to pass in ps poll control
> frames required for power save functioanlity. Interface types that do not
> have interest for PS POLL frames now drop it in handler.
>
> Signed-off-by: Ron Rindjunsky <ron.rindjunsky@xxxxxxxxx>
Looks good to me.
Acked-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx>
> ---
> net/mac80211/rx.c | 11 +++++++++--
> net/mac80211/util.c | 7 ++++++-
> 2 files changed, 15 insertions(+), 3 deletions(-)
>
> diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
> index 50f99e7..e94cf30 100644
> --- a/net/mac80211/rx.c
> +++ b/net/mac80211/rx.c
> @@ -61,8 +61,10 @@ static inline int should_drop_frame(struct ieee80211_rx_status *status,
> return 1;
> if (unlikely(skb->len < 16 + present_fcs_len + radiotap_len))
> return 1;
> - if ((hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_FTYPE)) ==
> - cpu_to_le16(IEEE80211_FTYPE_CTL))
> + if (((hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_FTYPE)) ==
> + cpu_to_le16(IEEE80211_FTYPE_CTL)) &&
> + ((hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_STYPE)) !=
> + cpu_to_le16(IEEE80211_STYPE_PSPOLL)))
> return 1;
> return 0;
> }
> @@ -880,6 +882,7 @@ ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx)
> static ieee80211_txrx_result
> ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx)
> {
> + struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
> struct sk_buff *skb;
> int no_pending_pkts;
> DECLARE_MAC_BUF(mac);
> @@ -890,6 +893,10 @@ ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx)
> !(rx->flags & IEEE80211_TXRXD_RXRA_MATCH)))
> return TXRX_CONTINUE;
>
> + if ((sdata->type != IEEE80211_IF_TYPE_AP) &&
> + (sdata->type != IEEE80211_IF_TYPE_VLAN))
> + return TXRX_DROP;
> +
> skb = skb_dequeue(&rx->sta->tx_filtered);
> if (!skb) {
> skb = skb_dequeue(&rx->sta->ps_tx_buf);
> diff --git a/net/mac80211/util.c b/net/mac80211/util.c
> index 7b278e9..fb7fd89 100644
> --- a/net/mac80211/util.c
> +++ b/net/mac80211/util.c
> @@ -135,13 +135,16 @@ u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len)
> {
> u16 fc;
>
> - if (len < 24)
> + /* drop ACK/CTS frames and incorrect hdr len (ctrl) */
> + if (len < 16)
> return NULL;
>
> fc = le16_to_cpu(hdr->frame_control);
>
> switch (fc & IEEE80211_FCTL_FTYPE) {
> case IEEE80211_FTYPE_DATA:
> + if (len < 24) /* drop incorrect hdr len (data) */
> + return NULL;
> switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
> case IEEE80211_FCTL_TODS:
> return hdr->addr1;
> @@ -154,6 +157,8 @@ u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len)
> }
> break;
> case IEEE80211_FTYPE_MGMT:
> + if (len < 24) /* drop incorrect hdr len (mgmt) */
> + return NULL;
> return hdr->addr3;
> case IEEE80211_FTYPE_CTL:
> if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)
Attachment:
signature.asc
Description: This is a digitally signed message part
