From 806b68fc7744b61cbca7392532662bfe7b3f3f6e Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Wed, 2 Mar 2016 14:56:48 +0000 Subject: [PATCH] mac80211: add a number of pending fixes Signed-off-by: Felix Fietkau SVN-Revision: 48883 --- ...ix-Public-Action-frame-RX-in-AP-mode.patch | 35 ++++++++++ ...iotap-VHT-info-to-rtap_namespace_siz.patch | 21 ++++++ ...sing-of-40Mhz-in-injected-radiotap-h.patch | 36 ++++++++++ ...11-parse-VHT-info-in-injected-frames.patch | 65 +++++++++++++++++++ ...pass-injected-frames-without-a-valid.patch | 23 +++++++ 5 files changed, 180 insertions(+) create mode 100644 package/kernel/mac80211/patches/338-mac80211-Fix-Public-Action-frame-RX-in-AP-mode.patch create mode 100644 package/kernel/mac80211/patches/339-cfg80211-add-radiotap-VHT-info-to-rtap_namespace_siz.patch create mode 100644 package/kernel/mac80211/patches/340-mac80211-fix-parsing-of-40Mhz-in-injected-radiotap-h.patch create mode 100644 package/kernel/mac80211/patches/341-mac80211-parse-VHT-info-in-injected-frames.patch create mode 100644 package/kernel/mac80211/patches/342-mac80211-do-not-pass-injected-frames-without-a-valid.patch diff --git a/package/kernel/mac80211/patches/338-mac80211-Fix-Public-Action-frame-RX-in-AP-mode.patch b/package/kernel/mac80211/patches/338-mac80211-Fix-Public-Action-frame-RX-in-AP-mode.patch new file mode 100644 index 0000000000..56cd94aa15 --- /dev/null +++ b/package/kernel/mac80211/patches/338-mac80211-Fix-Public-Action-frame-RX-in-AP-mode.patch @@ -0,0 +1,35 @@ +From: Jouni Malinen +Date: Tue, 1 Mar 2016 00:29:00 +0200 +Subject: [PATCH] mac80211: Fix Public Action frame RX in AP mode + +Public Action frames use special rules for how the BSSID field (Address +3) is set. A wildcard BSSID is used in cases where the transmitter and +recipient are not members of the same BSS. As such, we need to accept +Public Action frames with wildcard BSSID. + +Commit db8e17324553 ("mac80211: ignore frames between TDLS peers when +operating as AP") added a rule that drops Action frames to TDLS-peers +based on an Action frame having different DA (Address 1) and BSSID +(Address 3) values. This is not correct since it misses the possibility +of BSSID being a wildcard BSSID in which case the Address 1 would not +necessarily match. + +Fix this by allowing mac80211 to accept wildcard BSSID in an Action +frame when in AP mode. + +Fixes: db8e17324553 ("mac80211: ignore frames between TDLS peers when operating as AP") +Cc: stable@vger.kernel.org +Signed-off-by: Jouni Malinen +Signed-off-by: Johannes Berg +--- + +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -3374,6 +3374,7 @@ static bool ieee80211_accept_frame(struc + return false; + /* ignore action frames to TDLS-peers */ + if (ieee80211_is_action(hdr->frame_control) && ++ !is_broadcast_ether_addr(bssid) && + !ether_addr_equal(bssid, hdr->addr1)) + return false; + } diff --git a/package/kernel/mac80211/patches/339-cfg80211-add-radiotap-VHT-info-to-rtap_namespace_siz.patch b/package/kernel/mac80211/patches/339-cfg80211-add-radiotap-VHT-info-to-rtap_namespace_siz.patch new file mode 100644 index 0000000000..15d6cd03ea --- /dev/null +++ b/package/kernel/mac80211/patches/339-cfg80211-add-radiotap-VHT-info-to-rtap_namespace_siz.patch @@ -0,0 +1,21 @@ +From: Lorenzo Bianconi +Date: Fri, 19 Feb 2016 11:43:04 +0100 +Subject: [PATCH] cfg80211: add radiotap VHT info to rtap_namespace_sizes + +Add IEEE80211_RADIOTAP_VHT entry to rtap_namespace_sizes array in order to +define alignment and size of VHT info in tx radiotap + +Signed-off-by: Lorenzo Bianconi +Signed-off-by: Johannes Berg +--- + +--- a/net/wireless/radiotap.c ++++ b/net/wireless/radiotap.c +@@ -43,6 +43,7 @@ static const struct radiotap_align_size + [IEEE80211_RADIOTAP_DATA_RETRIES] = { .align = 1, .size = 1, }, + [IEEE80211_RADIOTAP_MCS] = { .align = 1, .size = 3, }, + [IEEE80211_RADIOTAP_AMPDU_STATUS] = { .align = 4, .size = 8, }, ++ [IEEE80211_RADIOTAP_VHT] = { .align = 2, .size = 12, }, + /* + * add more here as they are defined in radiotap.h + */ diff --git a/package/kernel/mac80211/patches/340-mac80211-fix-parsing-of-40Mhz-in-injected-radiotap-h.patch b/package/kernel/mac80211/patches/340-mac80211-fix-parsing-of-40Mhz-in-injected-radiotap-h.patch new file mode 100644 index 0000000000..de1b38625c --- /dev/null +++ b/package/kernel/mac80211/patches/340-mac80211-fix-parsing-of-40Mhz-in-injected-radiotap-h.patch @@ -0,0 +1,36 @@ +From: Sven Eckelmann +Date: Wed, 24 Feb 2016 16:25:49 +0100 +Subject: [PATCH] mac80211: fix parsing of 40Mhz in injected radiotap + header + +The MCS bandwidth part of the radiotap header is 2 bits wide. The full 2 +bit have to compared against IEEE80211_RADIOTAP_MCS_BW_40 and not only if +the first bit is set. Otherwise IEEE80211_RADIOTAP_MCS_BW_40 can be +confused with IEEE80211_RADIOTAP_MCS_BW_20U. + +Fixes: 5ec3aed9ba4c ("mac80211: Parse legacy and HT rate in injected frames") +Signed-off-by: Sven Eckelmann +--- + +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -1689,7 +1689,7 @@ static bool ieee80211_parse_tx_radiotap( + bool rate_found = false; + u8 rate_retries = 0; + u16 rate_flags = 0; +- u8 mcs_known, mcs_flags; ++ u8 mcs_known, mcs_flags, mcs_bw; + int i; + + info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | +@@ -1765,8 +1765,9 @@ static bool ieee80211_parse_tx_radiotap( + mcs_flags & IEEE80211_RADIOTAP_MCS_SGI) + rate_flags |= IEEE80211_TX_RC_SHORT_GI; + ++ mcs_bw = mcs_flags & IEEE80211_RADIOTAP_MCS_BW_MASK; + if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_BW && +- mcs_flags & IEEE80211_RADIOTAP_MCS_BW_40) ++ mcs_bw == IEEE80211_RADIOTAP_MCS_BW_40) + rate_flags |= IEEE80211_TX_RC_40_MHZ_WIDTH; + break; + diff --git a/package/kernel/mac80211/patches/341-mac80211-parse-VHT-info-in-injected-frames.patch b/package/kernel/mac80211/patches/341-mac80211-parse-VHT-info-in-injected-frames.patch new file mode 100644 index 0000000000..ac1f2517f2 --- /dev/null +++ b/package/kernel/mac80211/patches/341-mac80211-parse-VHT-info-in-injected-frames.patch @@ -0,0 +1,65 @@ +From: Lorenzo Bianconi +Date: Tue, 23 Feb 2016 15:43:35 +0100 +Subject: [PATCH] mac80211: parse VHT info in injected frames + +Add VHT radiotap parsing support to ieee80211_parse_tx_radiotap(). +That capability has been tested using a d-link dir-860l rev b1 running +OpenWrt trunk and mt76 driver + +Signed-off-by: Lorenzo Bianconi +--- + +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -1690,6 +1690,8 @@ static bool ieee80211_parse_tx_radiotap( + u8 rate_retries = 0; + u16 rate_flags = 0; + u8 mcs_known, mcs_flags, mcs_bw; ++ u16 vht_known; ++ u8 vht_mcs = 0, vht_nss = 0; + int i; + + info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | +@@ -1771,6 +1773,32 @@ static bool ieee80211_parse_tx_radiotap( + rate_flags |= IEEE80211_TX_RC_40_MHZ_WIDTH; + break; + ++ case IEEE80211_RADIOTAP_VHT: ++ vht_known = get_unaligned_le16(iterator.this_arg); ++ rate_found = true; ++ ++ rate_flags = IEEE80211_TX_RC_VHT_MCS; ++ if ((vht_known & IEEE80211_RADIOTAP_VHT_KNOWN_GI) && ++ (iterator.this_arg[2] & ++ IEEE80211_RADIOTAP_VHT_FLAG_SGI)) ++ rate_flags |= IEEE80211_TX_RC_SHORT_GI; ++ if (vht_known & ++ IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH) { ++ if (iterator.this_arg[3] == 1) ++ rate_flags |= ++ IEEE80211_TX_RC_40_MHZ_WIDTH; ++ else if (iterator.this_arg[3] == 4) ++ rate_flags |= ++ IEEE80211_TX_RC_80_MHZ_WIDTH; ++ else if (iterator.this_arg[3] == 11) ++ rate_flags |= ++ IEEE80211_TX_RC_160_MHZ_WIDTH; ++ } ++ ++ vht_mcs = iterator.this_arg[4] >> 4; ++ vht_nss = iterator.this_arg[4] & 0xF; ++ break; ++ + /* + * Please update the file + * Documentation/networking/mac80211-injection.txt +@@ -1796,6 +1824,9 @@ static bool ieee80211_parse_tx_radiotap( + + if (rate_flags & IEEE80211_TX_RC_MCS) { + info->control.rates[0].idx = rate; ++ } else if (rate_flags & IEEE80211_TX_RC_VHT_MCS) { ++ ieee80211_rate_set_vht(info->control.rates, vht_mcs, ++ vht_nss); + } else { + for (i = 0; i < sband->n_bitrates; i++) { + if (rate * 5 != sband->bitrates[i].bitrate) diff --git a/package/kernel/mac80211/patches/342-mac80211-do-not-pass-injected-frames-without-a-valid.patch b/package/kernel/mac80211/patches/342-mac80211-do-not-pass-injected-frames-without-a-valid.patch new file mode 100644 index 0000000000..d7452c29c1 --- /dev/null +++ b/package/kernel/mac80211/patches/342-mac80211-do-not-pass-injected-frames-without-a-valid.patch @@ -0,0 +1,23 @@ +From: Felix Fietkau +Date: Wed, 2 Mar 2016 15:51:40 +0100 +Subject: [PATCH] mac80211: do not pass injected frames without a valid rate to + the driver + +Fall back to rate control if the requested bitrate was not found. + +Fixes: dfdfc2beb0dd ("mac80211: Parse legacy and HT rate in injected frames") +Signed-off-by: Felix Fietkau +--- + +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -1837,6 +1837,9 @@ static bool ieee80211_parse_tx_radiotap( + } + } + ++ if (info->control.rates[0].idx < 0) ++ info->control.flags &= ~IEEE80211_TX_CTRL_RATE_INJECT; ++ + info->control.rates[0].flags = rate_flags; + info->control.rates[0].count = min_t(u8, rate_retries + 1, + local->hw.max_rate_tries);