> +/* Management MIC information element (IEEE 802.11w) */
> +struct ieee80211_mmie {
> + u8 element_id;
> + u8 length;
> + u8 key_id[2]; /* little endian, but may be unaligned */
Since you say the struct is packed you should be able to use __le16 just
fine.
> + if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) {
I think one set of parentheses suffices ;)
> + if (skb_tailroom(skb) < sizeof(*mmie)) {
> + if (pskb_expand_head(skb, skb_headroom(skb),
> + skb_tailroom(skb) + sizeof((*mmie)),
> + GFP_ATOMIC) < 0)
> + return TX_DROP;
> + }
I tried ensure pskb_expand_head is only called at most once when the
frame is handed to master_start_xmit to avoid problems with skb truesize
and such. Could you add the necessary space at that point already,
possibly simply reserving max(mmic-len, mmie-len) or so instead of the
current mmic-len (I think)? I'd hate to add back calls to
pskb_expand_head at other places, and it's only 18 bytes so not really
huge.
> + if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT)
> + return RX_CONTINUE;
Harvey just added a bunch of helper inlines to include/linux/ieee80211.h
for stuff like that, I think you could use one of them here.
> + mmie = (struct ieee80211_mmie *)
> + (skb->data + skb->len - sizeof(*mmie));
> + if (mmie->element_id != WLAN_EID_MMIE ||
> + mmie->length != sizeof(*mmie) - 2)
> + return RX_DROP_UNUSABLE; /* Invalid MMIE */
Is that what the draft says? Because iterating the IEs would be
different, this means you could potentially have something like a vendor
IE last that encapsulates the MMIE including type/len fields, which
should probably not be used?
> + /* Remove MMIE */
> + skb_trim(skb, skb->len - sizeof(*mmie));
Is that actually necessary? Since it's an IE, it should be ignored by
all other code, no? Not that it matters though.
johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
