---- a/drivers/net/wireless/ath/ath9k/main.c
-+++ b/drivers/net/wireless/ath/ath9k/main.c
-@@ -1048,6 +1048,8 @@ static int ath9k_start(struct ieee80211_
- "Starting driver with initial channel: %d MHz\n",
- curchan->center_freq);
+--- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c
++++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c
+@@ -510,7 +510,11 @@ int ath9k_hw_process_rxdesc_edma(struct
+ */
+ if (rxsp->status11 & AR_CRCErr)
+ rxs->rs_status |= ATH9K_RXERR_CRC;
+- else if (rxsp->status11 & AR_PHYErr) {
++ else if (rxsp->status11 & AR_DecryptCRCErr)
++ rxs->rs_status |= ATH9K_RXERR_DECRYPT;
++ else if (rxsp->status11 & AR_MichaelErr)
++ rxs->rs_status |= ATH9K_RXERR_MIC;
++ if (rxsp->status11 & AR_PHYErr) {
+ phyerr = MS(rxsp->status11, AR_PHYErrCode);
+ /*
+ * If we reach a point here where AR_PostDelimCRCErr is
+@@ -532,11 +536,7 @@ int ath9k_hw_process_rxdesc_edma(struct
+ rxs->rs_status |= ATH9K_RXERR_PHY;
+ rxs->rs_phyerr = phyerr;
+ }
+-
+- } else if (rxsp->status11 & AR_DecryptCRCErr)
+- rxs->rs_status |= ATH9K_RXERR_DECRYPT;
+- else if (rxsp->status11 & AR_MichaelErr)
+- rxs->rs_status |= ATH9K_RXERR_MIC;
++ };
+ }
-+ ath9k_ps_wakeup(sc);
-+
- mutex_lock(&sc->mutex);
+ if (rxsp->status11 & AR_KeyMiss)
+--- a/drivers/net/wireless/ath/carl9170/tx.c
++++ b/drivers/net/wireless/ath/carl9170/tx.c
+@@ -1236,6 +1236,7 @@ static bool carl9170_tx_ps_drop(struct a
+ {
+ struct ieee80211_sta *sta;
+ struct carl9170_sta_info *sta_info;
++ struct ieee80211_tx_info *tx_info;
- /* setup initial channel */
-@@ -1143,6 +1145,8 @@ static int ath9k_start(struct ieee80211_
- mutex_unlock:
- mutex_unlock(&sc->mutex);
+ rcu_read_lock();
+ sta = __carl9170_get_tx_sta(ar, skb);
+@@ -1243,12 +1244,13 @@ static bool carl9170_tx_ps_drop(struct a
+ goto out_rcu;
-+ ath9k_ps_restore(sc);
-+
- return r;
- }
+ sta_info = (void *) sta->drv_priv;
+- if (unlikely(sta_info->sleeping)) {
+- struct ieee80211_tx_info *tx_info;
++ tx_info = IEEE80211_SKB_CB(skb);
+
++ if (unlikely(sta_info->sleeping) &&
++ !(tx_info->flags & (IEEE80211_TX_CTL_NO_PS_BUFFER |
++ IEEE80211_TX_CTL_CLEAR_PS_FILT))) {
+ rcu_read_unlock();
+
+- tx_info = IEEE80211_SKB_CB(skb);
+ if (tx_info->flags & IEEE80211_TX_CTL_AMPDU)
+ atomic_dec(&ar->tx_ampdu_upload);
+
+--- a/drivers/net/wireless/iwlegacy/4965-mac.c
++++ b/drivers/net/wireless/iwlegacy/4965-mac.c
+@@ -1694,7 +1694,7 @@ il4965_tx_skb(struct il_priv *il, struct
+ sta_priv = (void *)sta->drv_priv;
+
+ if (sta_priv && sta_priv->asleep &&
+- (info->flags & IEEE80211_TX_CTL_POLL_RESPONSE)) {
++ (info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER)) {
+ /*
+ * This sends an asynchronous command to the device,
+ * but we can rely on it being processed before the
+--- a/drivers/net/wireless/iwlwifi/iwl-agn-tx.c
++++ b/drivers/net/wireless/iwlwifi/iwl-agn-tx.c
+@@ -322,7 +322,7 @@ int iwlagn_tx_skb(struct iwl_priv *priv,
+ sta_priv = (void *)info->control.sta->drv_priv;
+
+ if (sta_priv && sta_priv->asleep &&
+- (info->flags & IEEE80211_TX_CTL_POLL_RESPONSE)) {
++ (info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER)) {
+ /*
+ * This sends an asynchronous command to the device,
+ * but we can rely on it being processed before the
+@@ -331,6 +331,10 @@ int iwlagn_tx_skb(struct iwl_priv *priv,
+ * counter.
+ * For now set the counter to just 1 since we do not
+ * support uAPSD yet.
++ *
++ * FIXME: If we get two non-bufferable frames one
++ * after the other, we might only send out one of
++ * them because this is racy.
+ */
+ iwl_sta_modify_sleep_tx_count(priv, sta_id, 1);
+ }
+--- a/drivers/net/wireless/p54/txrx.c
++++ b/drivers/net/wireless/p54/txrx.c
+@@ -690,7 +690,7 @@ static void p54_tx_80211_header(struct p
+ if (!(info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ))
+ *flags |= P54_HDR_FLAG_DATA_OUT_SEQNR;
+
+- if (info->flags & IEEE80211_TX_CTL_POLL_RESPONSE)
++ if (info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER)
+ *flags |= P54_HDR_FLAG_DATA_OUT_NOCANCEL;
+
+ if (info->flags & IEEE80211_TX_CTL_CLEAR_PS_FILT)
+--- a/include/net/mac80211.h
++++ b/include/net/mac80211.h
+@@ -341,9 +341,9 @@ struct ieee80211_bss_conf {
+ * used to indicate that a frame was already retried due to PS
+ * @IEEE80211_TX_INTFL_DONT_ENCRYPT: completely internal to mac80211,
+ * used to indicate frame should not be encrypted
+- * @IEEE80211_TX_CTL_POLL_RESPONSE: This frame is a response to a poll
+- * frame (PS-Poll or uAPSD) and should be sent although the station
+- * is in powersave mode.
++ * @IEEE80211_TX_CTL_NO_PS_BUFFER: This frame is a response to a poll
++ * frame (PS-Poll or uAPSD) or a non-bufferable MMPDU and must
++ * be sent although the station is in powersave mode.
+ * @IEEE80211_TX_CTL_MORE_FRAMES: More frames will be passed to the
+ * transmit function after the current frame, this can be used
+ * by drivers to kick the DMA queue only if unset or when the
+@@ -399,7 +399,7 @@ enum mac80211_tx_control_flags {
+ IEEE80211_TX_INTFL_NEED_TXPROCESSING = BIT(14),
+ IEEE80211_TX_INTFL_RETRIED = BIT(15),
+ IEEE80211_TX_INTFL_DONT_ENCRYPT = BIT(16),
+- IEEE80211_TX_CTL_POLL_RESPONSE = BIT(17),
++ IEEE80211_TX_CTL_NO_PS_BUFFER = BIT(17),
+ IEEE80211_TX_CTL_MORE_FRAMES = BIT(18),
+ IEEE80211_TX_INTFL_RETRANSMISSION = BIT(19),
+ /* hole at 20, use later */
+@@ -425,7 +425,7 @@ enum mac80211_tx_control_flags {
+ IEEE80211_TX_CTL_SEND_AFTER_DTIM | IEEE80211_TX_CTL_AMPDU | \
+ IEEE80211_TX_STAT_TX_FILTERED | IEEE80211_TX_STAT_ACK | \
+ IEEE80211_TX_STAT_AMPDU | IEEE80211_TX_STAT_AMPDU_NO_BACK | \
+- IEEE80211_TX_CTL_RATE_CTRL_PROBE | IEEE80211_TX_CTL_POLL_RESPONSE | \
++ IEEE80211_TX_CTL_RATE_CTRL_PROBE | IEEE80211_TX_CTL_NO_PS_BUFFER | \
+ IEEE80211_TX_CTL_MORE_FRAMES | IEEE80211_TX_CTL_LDPC | \
+ IEEE80211_TX_CTL_STBC | IEEE80211_TX_STATUS_EOSP)
+
+@@ -1634,7 +1634,7 @@ void ieee80211_free_txskb(struct ieee802
+ * the station sends a PS-Poll or a uAPSD trigger frame, mac80211
+ * will inform the driver of this with the @allow_buffered_frames
+ * callback; this callback is optional. mac80211 will then transmit
+- * the frames as usual and set the %IEEE80211_TX_CTL_POLL_RESPONSE
++ * the frames as usual and set the %IEEE80211_TX_CTL_NO_PS_BUFFER
+ * on each frame. The last frame in the service period (or the only
+ * response to a PS-Poll) also has %IEEE80211_TX_STATUS_EOSP set to
+ * indicate that it ends the service period; as this frame must have
+@@ -1642,6 +1642,9 @@ void ieee80211_free_txskb(struct ieee802
+ * When TX status is reported for this frame, the service period is
+ * marked has having ended and a new one can be started by the peer.
+ *
++ * Additionally, non-bufferable MMPDUs can also be transmitted by
++ * mac80211 with the %IEEE80211_TX_CTL_NO_PS_BUFFER set in them.
++ *
+ * Another race condition can happen on some devices like iwlwifi
+ * when there are frames queued for the station and it wakes up
+ * or polls; the frames that are already queued could end up being
+@@ -2140,7 +2143,7 @@ enum ieee80211_frame_release_type {
+ * @allow_buffered_frames: Prepare device to allow the given number of frames
+ * to go out to the given station. The frames will be sent by mac80211
+ * via the usual TX path after this call. The TX information for frames
+- * released will also have the %IEEE80211_TX_CTL_POLL_RESPONSE flag set
++ * released will also have the %IEEE80211_TX_CTL_NO_PS_BUFFER flag set
+ * and the last one will also have %IEEE80211_TX_STATUS_EOSP set. In case
+ * frames from multiple TIDs are released and the driver might reorder
+ * them between the TIDs, it must set the %IEEE80211_TX_STATUS_EOSP flag
+--- a/net/mac80211/agg-rx.c
++++ b/net/mac80211/agg-rx.c
+@@ -187,6 +187,8 @@ static void ieee80211_send_addba_resp(st
+ memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
+ else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
+ memcpy(mgmt->bssid, sdata->u.ibss.bssid, ETH_ALEN);
++ else if (sdata->vif.type == NL80211_IFTYPE_WDS)
++ memcpy(mgmt->bssid, da, ETH_ALEN);
---- a/net/mac80211/ibss.c
-+++ b/net/mac80211/ibss.c
-@@ -661,7 +661,6 @@ static void ieee80211_sta_find_ibss(stru
- static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
- struct sk_buff *req)
+ mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
+ IEEE80211_STYPE_ACTION);
+--- a/net/mac80211/agg-tx.c
++++ b/net/mac80211/agg-tx.c
+@@ -81,7 +81,8 @@ static void ieee80211_send_addba_request
+ memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
+ if (sdata->vif.type == NL80211_IFTYPE_AP ||
+ sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
+- sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
++ sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
++ sdata->vif.type == NL80211_IFTYPE_WDS)
+ memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
+ else if (sdata->vif.type == NL80211_IFTYPE_STATION)
+ memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
+@@ -471,6 +472,7 @@ int ieee80211_start_tx_ba_session(struct
+ sdata->vif.type != NL80211_IFTYPE_MESH_POINT &&
+ sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
+ sdata->vif.type != NL80211_IFTYPE_AP &&
++ sdata->vif.type != NL80211_IFTYPE_WDS &&
+ sdata->vif.type != NL80211_IFTYPE_ADHOC)
+ return -EINVAL;
+
+--- a/net/mac80211/debugfs_sta.c
++++ b/net/mac80211/debugfs_sta.c
+@@ -63,11 +63,11 @@ static ssize_t sta_flags_read(struct fil
+ test_sta_flag(sta, WLAN_STA_##flg) ? #flg "\n" : ""
+
+ int res = scnprintf(buf, sizeof(buf),
+- "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
++ "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
+ TEST(AUTH), TEST(ASSOC), TEST(PS_STA),
+ TEST(PS_DRIVER), TEST(AUTHORIZED),
+ TEST(SHORT_PREAMBLE),
+- TEST(WME), TEST(WDS), TEST(CLEAR_PS_FILT),
++ TEST(WME), TEST(CLEAR_PS_FILT),
+ TEST(MFP), TEST(BLOCK_BA), TEST(PSPOLL),
+ TEST(UAPSD), TEST(SP), TEST(TDLS_PEER),
+ TEST(TDLS_PEER_AUTH), TEST(4ADDR_EVENT),
+--- a/net/mac80211/iface.c
++++ b/net/mac80211/iface.c
+@@ -178,7 +178,6 @@ static int ieee80211_do_open(struct net_
{
-- struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(req);
- struct ieee80211_mgmt *mgmt = (void *)req->data;
- struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
+ struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
struct ieee80211_local *local = sdata->local;
-@@ -685,7 +684,7 @@ static void ieee80211_rx_mgmt_probe_req(
- mgmt->bssid, tx_last_beacon);
- #endif /* CONFIG_MAC80211_IBSS_DEBUG */
-
-- if (!tx_last_beacon && !(rx_status->rx_flags & IEEE80211_RX_RA_MATCH))
-+ if (!tx_last_beacon && is_multicast_ether_addr(mgmt->da))
- return;
-
- if (memcmp(mgmt->bssid, ifibss->bssid, ETH_ALEN) != 0 &&
---- a/net/mac80211/rc80211_minstrel_ht.c
-+++ b/net/mac80211/rc80211_minstrel_ht.c
-@@ -659,18 +659,14 @@ minstrel_ht_update_caps(void *priv, stru
- struct ieee80211_mcs_info *mcs = &sta->ht_cap.mcs;
- struct ieee80211_local *local = hw_to_local(mp->hw);
- u16 sta_cap = sta->ht_cap.cap;
-+ int n_supported = 0;
- int ack_dur;
- int stbc;
- int i;
-
- /* fall back to the old minstrel for legacy stations */
-- if (!sta->ht_cap.ht_supported) {
-- msp->is_ht = false;
-- memset(&msp->legacy, 0, sizeof(msp->legacy));
-- msp->legacy.r = msp->ratelist;
-- msp->legacy.sample_table = msp->sample_table;
-- return mac80211_minstrel.rate_init(priv, sband, sta, &msp->legacy);
+- struct sta_info *sta;
+ u32 changed = 0;
+ int res;
+ u32 hw_reconf_flags = 0;
+@@ -309,28 +308,6 @@ static int ieee80211_do_open(struct net_
+
+ set_bit(SDATA_STATE_RUNNING, &sdata->state);
+
+- if (sdata->vif.type == NL80211_IFTYPE_WDS) {
+- /* Create STA entry for the WDS peer */
+- sta = sta_info_alloc(sdata, sdata->u.wds.remote_addr,
+- GFP_KERNEL);
+- if (!sta) {
+- res = -ENOMEM;
+- goto err_del_interface;
+- }
+-
+- sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
+- sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC);
+- sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED);
+-
+- res = sta_info_insert(sta);
+- if (res) {
+- /* STA has been freed */
+- goto err_del_interface;
+- }
+-
+- rate_control_rate_init(sta);
- }
-+ if (!sta->ht_cap.ht_supported)
-+ goto use_legacy;
+-
+ /*
+ * set_multicast_list will be invoked by the networking core
+ * which will check whether any increments here were done in
+@@ -357,8 +334,7 @@ static int ieee80211_do_open(struct net_
+ netif_tx_start_all_queues(dev);
- BUILD_BUG_ON(ARRAY_SIZE(minstrel_mcs_groups) !=
- MINSTREL_MAX_STREAMS * MINSTREL_STREAM_GROUPS);
-@@ -725,7 +721,22 @@ minstrel_ht_update_caps(void *priv, stru
+ return 0;
+- err_del_interface:
+- drv_remove_interface(local, sdata);
++
+ err_stop:
+ if (!local->open_count)
+ drv_stop(local);
+@@ -722,6 +698,70 @@ static void ieee80211_if_setup(struct ne
+ dev->destructor = free_netdev;
+ }
- mi->groups[i].supported =
- mcs->rx_mask[minstrel_mcs_groups[i].streams - 1];
++static void ieee80211_wds_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
++ struct sk_buff *skb)
++{
++ struct ieee80211_local *local = sdata->local;
++ struct ieee80211_rx_status *rx_status;
++ struct ieee802_11_elems elems;
++ struct ieee80211_mgmt *mgmt;
++ struct sta_info *sta;
++ size_t baselen;
++ u32 rates = 0;
++ u16 stype;
++ bool new = false;
++ enum ieee80211_band band = local->hw.conf.channel->band;
++ struct ieee80211_supported_band *sband = local->hw.wiphy->bands[band];
+
-+ if (mi->groups[i].supported)
-+ n_supported++;
- }
++ rx_status = IEEE80211_SKB_RXCB(skb);
++ mgmt = (struct ieee80211_mgmt *) skb->data;
++ stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
+
-+ if (!n_supported)
-+ goto use_legacy;
++ if (stype != IEEE80211_STYPE_BEACON)
++ return;
+
-+ return;
++ baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
++ if (baselen > skb->len)
++ return;
+
-+use_legacy:
-+ msp->is_ht = false;
-+ memset(&msp->legacy, 0, sizeof(msp->legacy));
-+ msp->legacy.r = msp->ratelist;
-+ msp->legacy.sample_table = msp->sample_table;
-+ return mac80211_minstrel.rate_init(priv, sband, sta, &msp->legacy);
- }
-
- static void
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -814,8 +814,8 @@ struct ieee80211_local {
-
- struct rate_control_ref *rate_ctrl;
-
-- struct crypto_blkcipher *wep_tx_tfm;
-- struct crypto_blkcipher *wep_rx_tfm;
-+ struct crypto_cipher *wep_tx_tfm;
-+ struct crypto_cipher *wep_rx_tfm;
- u32 wep_iv;
-
- /* see iface.c */
---- a/net/mac80211/tkip.c
-+++ b/net/mac80211/tkip.c
-@@ -202,7 +202,7 @@ EXPORT_SYMBOL(ieee80211_get_tkip_key);
- * @payload_len is the length of payload (_not_ including IV/ICV length).
- * @ta is the transmitter addresses.
- */
--int ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
-+int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm,
- struct ieee80211_key *key,
- u8 *pos, size_t payload_len, u8 *ta)
++ ieee802_11_parse_elems(mgmt->u.probe_resp.variable,
++ skb->len - baselen, &elems);
++
++ rates = ieee80211_sta_get_rates(local, &elems, band);
++
++ rcu_read_lock();
++
++ sta = sta_info_get(sdata, sdata->u.wds.remote_addr);
++
++ if (!sta) {
++ rcu_read_unlock();
++ sta = sta_info_alloc(sdata, sdata->u.wds.remote_addr,
++ GFP_KERNEL);
++ if (!sta)
++ return;
++
++ new = true;
++ }
++
++ sta->last_rx = jiffies;
++ sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
++
++ if (elems.ht_cap_elem)
++ ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
++ elems.ht_cap_elem, &sta->sta.ht_cap);
++
++ if (elems.wmm_param)
++ set_sta_flag(sta, WLAN_STA_WME);
++
++ if (new) {
++ set_sta_flag(sta, WLAN_STA_AUTHORIZED);
++ rate_control_rate_init(sta);
++ sta_info_insert_rcu(sta);
++ }
++
++ rcu_read_unlock();
++}
++
+ static void ieee80211_iface_work(struct work_struct *work)
{
-@@ -223,7 +223,7 @@ int ieee80211_tkip_encrypt_data(struct c
- * beginning of the buffer containing IEEE 802.11 header payload, i.e.,
- * including IV, Ext. IV, real data, Michael MIC, ICV. @payload_len is the
- * length of payload, including IV, Ext. IV, MIC, ICV. */
--int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
-+int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm,
- struct ieee80211_key *key,
- u8 *payload, size_t payload_len, u8 *ta,
- u8 *ra, int only_iv, int queue,
---- a/net/mac80211/tkip.h
-+++ b/net/mac80211/tkip.h
-@@ -15,7 +15,7 @@
-
- u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key, u16 iv16);
-
--int ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
-+int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm,
- struct ieee80211_key *key,
- u8 *pos, size_t payload_len, u8 *ta);
- enum {
-@@ -24,7 +24,7 @@ enum {
- TKIP_DECRYPT_INVALID_KEYIDX = -2,
- TKIP_DECRYPT_REPLAY = -3,
- };
--int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
-+int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm,
- struct ieee80211_key *key,
- u8 *payload, size_t payload_len, u8 *ta,
- u8 *ra, int only_iv, int queue,
---- a/net/mac80211/wep.c
-+++ b/net/mac80211/wep.c
-@@ -30,17 +30,15 @@ int ieee80211_wep_init(struct ieee80211_
- /* start WEP IV from a random value */
- get_random_bytes(&local->wep_iv, WEP_IV_LEN);
-
-- local->wep_tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
-- CRYPTO_ALG_ASYNC);
-+ local->wep_tx_tfm = crypto_alloc_cipher("arc4", 0, CRYPTO_ALG_ASYNC);
- if (IS_ERR(local->wep_tx_tfm)) {
- local->wep_rx_tfm = ERR_PTR(-EINVAL);
- return PTR_ERR(local->wep_tx_tfm);
- }
+ struct ieee80211_sub_if_data *sdata =
+@@ -826,6 +866,9 @@ static void ieee80211_iface_work(struct
+ break;
+ ieee80211_mesh_rx_queued_mgmt(sdata, skb);
+ break;
++ case NL80211_IFTYPE_WDS:
++ ieee80211_wds_rx_queued_mgmt(sdata, skb);
++ break;
+ default:
+ WARN(1, "frame for unexpected interface type");
+ break;
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -2282,6 +2282,7 @@ ieee80211_rx_h_action(struct ieee80211_r
+ sdata->vif.type != NL80211_IFTYPE_MESH_POINT &&
+ sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
+ sdata->vif.type != NL80211_IFTYPE_AP &&
++ sdata->vif.type != NL80211_IFTYPE_WDS &&
+ sdata->vif.type != NL80211_IFTYPE_ADHOC)
+ break;
-- local->wep_rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
-- CRYPTO_ALG_ASYNC);
-+ local->wep_rx_tfm = crypto_alloc_cipher("arc4", 0, CRYPTO_ALG_ASYNC);
- if (IS_ERR(local->wep_rx_tfm)) {
-- crypto_free_blkcipher(local->wep_tx_tfm);
-+ crypto_free_cipher(local->wep_tx_tfm);
- local->wep_tx_tfm = ERR_PTR(-EINVAL);
- return PTR_ERR(local->wep_rx_tfm);
- }
-@@ -51,9 +49,9 @@ int ieee80211_wep_init(struct ieee80211_
- void ieee80211_wep_free(struct ieee80211_local *local)
- {
- if (!IS_ERR(local->wep_tx_tfm))
-- crypto_free_blkcipher(local->wep_tx_tfm);
-+ crypto_free_cipher(local->wep_tx_tfm);
- if (!IS_ERR(local->wep_rx_tfm))
-- crypto_free_blkcipher(local->wep_rx_tfm);
-+ crypto_free_cipher(local->wep_rx_tfm);
- }
+@@ -2492,14 +2493,15 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_
- static inline bool ieee80211_wep_weak_iv(u32 iv, int keylen)
-@@ -127,12 +125,11 @@ static void ieee80211_wep_remove_iv(stru
- /* Perform WEP encryption using given key. data buffer must have tailroom
- * for 4-byte ICV. data_len must not include this ICV. Note: this function
- * does _not_ add IV. data = RC4(data | CRC32(data)) */
--int ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
-+int ieee80211_wep_encrypt_data(struct crypto_cipher *tfm, u8 *rc4key,
- size_t klen, u8 *data, size_t data_len)
- {
-- struct blkcipher_desc desc = { .tfm = tfm };
-- struct scatterlist sg;
- __le32 icv;
-+ int i;
-
- if (IS_ERR(tfm))
- return -1;
-@@ -140,9 +137,9 @@ int ieee80211_wep_encrypt_data(struct cr
- icv = cpu_to_le32(~crc32_le(~0, data, data_len));
- put_unaligned(icv, (__le32 *)(data + data_len));
-
-- crypto_blkcipher_setkey(tfm, rc4key, klen);
-- sg_init_one(&sg, data, data_len + WEP_ICV_LEN);
-- crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length);
-+ crypto_cipher_setkey(tfm, rc4key, klen);
-+ for (i = 0; i < data_len + WEP_ICV_LEN; i++)
-+ crypto_cipher_encrypt_one(tfm, data + i, data + i);
+ if (!ieee80211_vif_is_mesh(&sdata->vif) &&
+ sdata->vif.type != NL80211_IFTYPE_ADHOC &&
+- sdata->vif.type != NL80211_IFTYPE_STATION)
++ sdata->vif.type != NL80211_IFTYPE_STATION &&
++ sdata->vif.type != NL80211_IFTYPE_WDS)
+ return RX_DROP_MONITOR;
- return 0;
- }
-@@ -186,19 +183,18 @@ int ieee80211_wep_encrypt(struct ieee802
- /* Perform WEP decryption using given key. data buffer includes encrypted
- * payload, including 4-byte ICV, but _not_ IV. data_len must not include ICV.
- * Return 0 on success and -1 on ICV mismatch. */
--int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
-+int ieee80211_wep_decrypt_data(struct crypto_cipher *tfm, u8 *rc4key,
- size_t klen, u8 *data, size_t data_len)
- {
-- struct blkcipher_desc desc = { .tfm = tfm };
-- struct scatterlist sg;
- __le32 crc;
-+ int i;
-
- if (IS_ERR(tfm))
- return -1;
-
-- crypto_blkcipher_setkey(tfm, rc4key, klen);
-- sg_init_one(&sg, data, data_len + WEP_ICV_LEN);
-- crypto_blkcipher_decrypt(&desc, &sg, &sg, sg.length);
-+ crypto_cipher_setkey(tfm, rc4key, klen);
-+ for (i = 0; i < data_len + WEP_ICV_LEN; i++)
-+ crypto_cipher_decrypt_one(tfm, data + i, data + i);
-
- crc = cpu_to_le32(~crc32_le(~0, data, data_len));
- if (memcmp(&crc, data + data_len, WEP_ICV_LEN) != 0)
---- a/net/mac80211/wep.h
-+++ b/net/mac80211/wep.h
-@@ -18,12 +18,12 @@
-
- int ieee80211_wep_init(struct ieee80211_local *local);
- void ieee80211_wep_free(struct ieee80211_local *local);
--int ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
-+int ieee80211_wep_encrypt_data(struct crypto_cipher *tfm, u8 *rc4key,
- size_t klen, u8 *data, size_t data_len);
- int ieee80211_wep_encrypt(struct ieee80211_local *local,
- struct sk_buff *skb,
- const u8 *key, int keylen, int keyidx);
--int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
-+int ieee80211_wep_decrypt_data(struct crypto_cipher *tfm, u8 *rc4key,
- size_t klen, u8 *data, size_t data_len);
- bool ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key);
+ switch (stype) {
+ case cpu_to_le16(IEEE80211_STYPE_AUTH):
+ case cpu_to_le16(IEEE80211_STYPE_BEACON):
+ case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP):
+- /* process for all: mesh, mlme, ibss */
++ /* process for all: mesh, mlme, ibss, wds */
+ break;
+ case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP):
+ case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP):
+@@ -2853,10 +2855,16 @@ static int prepare_for_handlers(struct i
+ }
+ break;
+ case NL80211_IFTYPE_WDS:
+- if (bssid || !ieee80211_is_data(hdr->frame_control))
+- return 0;
+ if (compare_ether_addr(sdata->u.wds.remote_addr, hdr->addr2))
+ return 0;
++
++ if (ieee80211_is_data(hdr->frame_control) ||
++ ieee80211_is_action(hdr->frame_control)) {
++ if (compare_ether_addr(sdata->vif.addr, hdr->addr1))
++ return 0;
++ } else if (!ieee80211_is_beacon(hdr->frame_control))
++ return 0;
++
+ break;
+ default:
+ /* should never get here */
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -1050,7 +1050,7 @@ static void ieee80211_send_null_response
+ * exchange. Also set EOSP to indicate this packet
+ * ends the poll/service period.
+ */
+- info->flags |= IEEE80211_TX_CTL_POLL_RESPONSE |
++ info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER |
+ IEEE80211_TX_STATUS_EOSP |
+ IEEE80211_TX_CTL_REQ_TX_STATUS;
+
+@@ -1177,7 +1177,7 @@ ieee80211_sta_ps_deliver_response(struct
+ * STA may still remain is PS mode after this frame
+ * exchange.
+ */
+- info->flags |= IEEE80211_TX_CTL_POLL_RESPONSE;
++ info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
+
+ /*
+ * Use MoreData flag to indicate whether there are
+--- a/net/mac80211/sta_info.h
++++ b/net/mac80211/sta_info.h
+@@ -31,7 +31,6 @@
+ * @WLAN_STA_SHORT_PREAMBLE: Station is capable of receiving short-preamble
+ * frames.
+ * @WLAN_STA_WME: Station is a QoS-STA.
+- * @WLAN_STA_WDS: Station is one of our WDS peers.
+ * @WLAN_STA_CLEAR_PS_FILT: Clear PS filter in hardware (using the
+ * IEEE80211_TX_CTL_CLEAR_PS_FILT control flag) when the next
+ * frame to this station is transmitted.
+@@ -62,7 +61,6 @@ enum ieee80211_sta_info_flags {
+ WLAN_STA_AUTHORIZED,
+ WLAN_STA_SHORT_PREAMBLE,
+ WLAN_STA_WME,
+- WLAN_STA_WDS,
+ WLAN_STA_CLEAR_PS_FILT,
+ WLAN_STA_MFP,
+ WLAN_STA_BLOCK_BA,
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -448,18 +448,23 @@ ieee80211_tx_h_unicast_ps_buf(struct iee
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
+ struct ieee80211_local *local = tx->local;
+
+- if (unlikely(!sta ||
+- ieee80211_is_probe_resp(hdr->frame_control) ||
+- ieee80211_is_auth(hdr->frame_control) ||
+- ieee80211_is_assoc_resp(hdr->frame_control) ||
+- ieee80211_is_reassoc_resp(hdr->frame_control)))
++ if (unlikely(!sta))
+ return TX_CONTINUE;
+
+ if (unlikely((test_sta_flag(sta, WLAN_STA_PS_STA) ||
+ test_sta_flag(sta, WLAN_STA_PS_DRIVER)) &&
+- !(info->flags & IEEE80211_TX_CTL_POLL_RESPONSE))) {
++ !(info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER))) {
+ int ac = skb_get_queue_mapping(tx->skb);
+
++ /* only deauth, disassoc and action are bufferable MMPDUs */
++ if (ieee80211_is_mgmt(hdr->frame_control) &&
++ !ieee80211_is_deauth(hdr->frame_control) &&
++ !ieee80211_is_disassoc(hdr->frame_control) &&
++ !ieee80211_is_action(hdr->frame_control)) {
++ info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
++ return TX_CONTINUE;
++ }
++
+ #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
+ printk(KERN_DEBUG "STA %pM aid %d: PS buffer for AC %d\n",
+ sta->sta.addr, sta->sta.aid, ac);
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -480,7 +480,7 @@ struct ieee80211_if_ibss {
+
+ bool control_port;
+- u8 bssid[ETH_ALEN];
++ u8 bssid[ETH_ALEN] __aligned(2);
+ u8 ssid[IEEE80211_MAX_SSID_LEN];
+ u8 ssid_len, ie_len;
+ u8 *ie;
projects / openwrt.git / blobdiff