[package] ppp: don't die on malformed PADS frames that might appear on instable DSL...
[openwrt.git] / package / madwifi / patches / 393-mbss_vap_auth.patch
index 3b8a522..a2637cc 100644 (file)
@@ -19,7 +19,7 @@
        if (ni == NULL) {
                ni = ieee80211_alloc_node_table(vap, se->se_macaddr);
                IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
        if (ni == NULL) {
                ni = ieee80211_alloc_node_table(vap, se->se_macaddr);
                IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
-@@ -1391,6 +1394,53 @@ ieee80211_add_neighbor(struct ieee80211v
+@@ -1394,6 +1397,53 @@ ieee80211_add_neighbor(struct ieee80211v
        return ni;
  }
  
        return ni;
  }
  
@@ -73,7 +73,7 @@
  /*
   * Return the node for the sender of a frame; if the sender is unknown return 
   * NULL. The caller is expected to deal with this. (The frame is sent to all 
  /*
   * Return the node for the sender of a frame; if the sender is unknown return 
   * NULL. The caller is expected to deal with this. (The frame is sent to all 
-@@ -1400,10 +1450,10 @@ ieee80211_add_neighbor(struct ieee80211v
+@@ -1403,10 +1453,10 @@ ieee80211_add_neighbor(struct ieee80211v
   */
  struct ieee80211_node *
  #ifdef IEEE80211_DEBUG_REFCNT
   */
  struct ieee80211_node *
  #ifdef IEEE80211_DEBUG_REFCNT
@@ -86,7 +86,7 @@
        const struct ieee80211_frame_min *wh)
  #endif
  {
        const struct ieee80211_frame_min *wh)
  #endif
  {
-@@ -1411,9 +1461,8 @@ ieee80211_find_rxnode(struct ieee80211co
+@@ -1414,9 +1464,8 @@ ieee80211_find_rxnode(struct ieee80211co
        ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL)
  #define       IS_PSPOLL(wh) \
        ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL)
        ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL)
  #define       IS_PSPOLL(wh) \
        ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL)
@@ -98,7 +98,7 @@
        const u_int8_t *addr;
  
        if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/)
        const u_int8_t *addr;
  
        if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/)
-@@ -1426,32 +1475,24 @@ ieee80211_find_rxnode(struct ieee80211co
+@@ -1429,32 +1478,25 @@ ieee80211_find_rxnode(struct ieee80211co
  
        /* XXX check ic_bss first in station mode */
        /* XXX 4-address frames? */
  
        /* XXX check ic_bss first in station mode */
        /* XXX 4-address frames? */
 -                              else
 -                                      return NULL;
 +                                      ni = ieee80211_ref_node(avp->iv_wdsnode);
 -                              else
 -                                      return NULL;
 +                                      ni = ieee80211_ref_node(avp->iv_wdsnode);
++                              return ni;
                        }
 +                      if (!(vap->iv_flags_ext & IEEE80211_FEXT_WDS))
 +                              return NULL;
                        }
 +                      if (!(vap->iv_flags_ext & IEEE80211_FEXT_WDS))
 +                              return NULL;
  }
  #ifdef IEEE80211_DEBUG_REFCNT
  EXPORT_SYMBOL(ieee80211_find_rxnode_debug);
  }
  #ifdef IEEE80211_DEBUG_REFCNT
  EXPORT_SYMBOL(ieee80211_find_rxnode_debug);
-@@ -1476,15 +1517,14 @@ ieee80211_find_txnode(struct ieee80211va
+@@ -1479,15 +1521,14 @@ ieee80211_find_txnode(struct ieee80211va
        struct ieee80211com *ic = vap->iv_ic;
        struct ieee80211_node_table *nt;
        struct ieee80211_node *ni = NULL;
        struct ieee80211com *ic = vap->iv_ic;
        struct ieee80211_node_table *nt;
        struct ieee80211_node *ni = NULL;
  
        /*
         * The destination address should be in the node table
  
        /*
         * The destination address should be in the node table
-@@ -1502,11 +1542,22 @@ ieee80211_find_txnode(struct ieee80211va
+@@ -1505,11 +1546,22 @@ ieee80211_find_txnode(struct ieee80211va
        /* XXX: Can't hold lock across dup_bss due to recursive locking. */
        nt = &vap->iv_ic->ic_sta;
        IEEE80211_NODE_TABLE_LOCK_IRQ(nt);
        /* XXX: Can't hold lock across dup_bss due to recursive locking. */
        nt = &vap->iv_ic->ic_sta;
        IEEE80211_NODE_TABLE_LOCK_IRQ(nt);
        IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt);
  
        if (ni == NULL) {
        IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt);
  
        if (ni == NULL) {
-@@ -1961,13 +2012,29 @@ remove_worse_nodes(void *arg, struct iee
+@@ -1964,13 +2016,32 @@ remove_worse_nodes(void *arg, struct iee
                }
  }
  
                }
  }
  
 +      if (ni->ni_vap == rni->ni_vap)
 +              return;
 +
 +      if (ni->ni_vap == rni->ni_vap)
 +              return;
 +
++      if (!IEEE80211_ADDR_EQ(rni->ni_macaddr, ni->ni_macaddr))
++              return;
++
 +      ieee80211_node_leave(ni);
 +}
 +
 +      ieee80211_node_leave(ni);
 +}
 +
  
        KASSERT(skb->len >= sizeof(struct ieee80211_frame_min),
                ("frame length too short: %u", skb->len));
  
        KASSERT(skb->len >= sizeof(struct ieee80211_frame_min),
                ("frame length too short: %u", skb->len));
-@@ -848,10 +847,11 @@ ieee80211_input(struct ieee80211vap * va
+@@ -844,10 +843,11 @@ ieee80211_input(struct ieee80211vap * va
  err:
        vap->iv_devstats.rx_errors++;
  out:
  err:
        vap->iv_devstats.rx_errors++;
  out:
        return type;
  #undef HAS_SEQ
  }
        return type;
  #undef HAS_SEQ
  }
-@@ -933,16 +933,23 @@ int
+@@ -929,16 +929,23 @@ int
  ieee80211_input_all(struct ieee80211com *ic,
        struct sk_buff *skb, int rssi, u_int64_t rtsf)
  {
  ieee80211_input_all(struct ieee80211com *ic,
        struct sk_buff *skb, int rssi, u_int64_t rtsf)
  {
                if (TAILQ_NEXT(vap, iv_next) != NULL) {
                        skb1 = skb_copy(skb, GFP_ATOMIC);
                        if (skb1 == NULL) {
                if (TAILQ_NEXT(vap, iv_next) != NULL) {
                        skb1 = skb_copy(skb, GFP_ATOMIC);
                        if (skb1 == NULL) {
-@@ -954,8 +961,10 @@ ieee80211_input_all(struct ieee80211com 
+@@ -950,8 +957,12 @@ ieee80211_input_all(struct ieee80211com
                        skb1 = skb;
                        skb = NULL;
                }
 -              type = ieee80211_input(vap, NULL, skb1, rssi, rtsf);
 +              type = ieee80211_input(vap, ni, skb1, rssi, rtsf);
                        skb1 = skb;
                        skb = NULL;
                }
 -              type = ieee80211_input(vap, NULL, skb1, rssi, rtsf);
 +              type = ieee80211_input(vap, ni, skb1, rssi, rtsf);
++              if (ni)
++                      ieee80211_unref_node(&ni);
        }
 +
 +out:
        if (skb != NULL)                /* no vaps, reclaim skb */
                ieee80211_dev_kfree_skb(&skb);
        return type;
        }
 +
 +out:
        if (skb != NULL)                /* no vaps, reclaim skb */
                ieee80211_dev_kfree_skb(&skb);
        return type;
-@@ -1146,11 +1155,9 @@ ieee80211_deliver_data(struct ieee80211_
+@@ -1147,11 +1158,9 @@ ieee80211_deliver_data(struct ieee80211_
                         * sending it will not work; just let it be
                         * delivered normally.
                         */
                         * sending it will not work; just let it be
                         * delivered normally.
                         */
                                        !ni1->ni_subif &&
                                    ni1 != vap->iv_bss) {
  
                                        !ni1->ni_subif &&
                                    ni1 != vap->iv_bss) {
  
+@@ -3520,6 +3529,7 @@ ieee80211_recv_mgmt(struct ieee80211vap
+                                (vap->iv_opmode == IEEE80211_M_WDS)) &&
+                               (scan.capinfo & IEEE80211_CAPINFO_ESS))) {
+                       struct ieee80211vap *avp = NULL;
++                      int do_unref = 0;
+                       int found = 0;
+                       IEEE80211_LOCK_IRQ(vap->iv_ic);
+@@ -3553,10 +3563,12 @@ ieee80211_recv_mgmt(struct ieee80211vap
+                                       ni->ni_associd |= 0xc000;
+                                       avp->iv_wdsnode = ieee80211_ref_node(ni);
+                                       IEEE80211_UNLOCK_IRQ(ic);
+-                              } else if (vap->iv_opmode == IEEE80211_M_IBSS) {
++                              } else if ((vap->iv_opmode == IEEE80211_M_IBSS) &&
++                                         IEEE80211_ADDR_EQ(wh->i_addr3, vap->iv_bssid)) {
+                                       /* Create a new entry in the neighbor table. */
+                                       ni = ieee80211_add_neighbor(vap, wh, &scan);
+                               }
++                              do_unref = 1;
+                       } else {
+                               /*
+                                * Copy data from beacon to neighbor table.
+@@ -3595,6 +3607,8 @@ ieee80211_recv_mgmt(struct ieee80211vap
+                               ni->ni_rssi = rssi;
+                               ni->ni_rtsf = rtsf;
+                               ni->ni_last_rx = jiffies;
++                              if (do_unref)
++                                      ieee80211_unref_node(&ni);
+                       }
+               }
+               break;
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
 --- a/ath/if_ath.c
 +++ b/ath/if_ath.c
-@@ -6577,9 +6577,8 @@ ath_recv_mgmt(struct ieee80211vap * vap,
+@@ -6589,9 +6589,8 @@ ath_recv_mgmt(struct ieee80211vap * vap,
  
        sc->sc_recv_mgmt(vap, ni_or_null, skb, subtype, rssi, rtsf);
  
  
        sc->sc_recv_mgmt(vap, ni_or_null, skb, subtype, rssi, rtsf);
  
                 (const struct ieee80211_frame_min *)skb->data);
        if (ni == NULL) {
                DPRINTF(sc, ATH_DEBUG_BEACON, "Dropping; node unknown.\n");
                 (const struct ieee80211_frame_min *)skb->data);
        if (ni == NULL) {
                DPRINTF(sc, ATH_DEBUG_BEACON, "Dropping; node unknown.\n");
-@@ -6734,7 +6733,9 @@ ath_rx_poll(struct net_device *dev, int 
+@@ -6746,7 +6745,9 @@ ath_rx_poll(struct net_device *dev, int
        struct ath_desc *ds;
        struct ath_rx_status *rs;
        struct sk_buff *skb = NULL;
        struct ath_desc *ds;
        struct ath_rx_status *rs;
        struct sk_buff *skb = NULL;
        unsigned int len;
        int type;
        u_int phyerr;
        unsigned int len;
        int type;
        u_int phyerr;
-@@ -6889,12 +6890,15 @@ rx_accept:
+@@ -6901,12 +6902,15 @@ rx_accept:
                skb_trim(skb, skb->len - IEEE80211_CRC_LEN);
  
                if (mic_fail) {
                skb_trim(skb, skb->len - IEEE80211_CRC_LEN);
  
                if (mic_fail) {
  
                        if (ni && ni->ni_table) {
                                ieee80211_check_mic(ni, skb);
  
                        if (ni && ni->ni_table) {
                                ieee80211_check_mic(ni, skb);
-@@ -6956,11 +6960,24 @@ drop_micfail:
+@@ -6968,11 +6972,24 @@ drop_micfail:
                 * for its use.  If the sender is unknown spam the
                 * frame; it'll be dropped where it's not wanted.
                 */
                 * for its use.  If the sender is unknown spam the
                 * frame; it'll be dropped where it's not wanted.
                 */
                        ATH_RSSI_LPF(ATH_NODE(ni)->an_avgrssi, rs->rs_rssi);
                        type = ieee80211_input(ni->ni_vap, ni, skb, rs->rs_rssi, bf->bf_tsf);
                        ieee80211_unref_node(&ni);
                        ATH_RSSI_LPF(ATH_NODE(ni)->an_avgrssi, rs->rs_rssi);
                        type = ieee80211_input(ni->ni_vap, ni, skb, rs->rs_rssi, bf->bf_tsf);
                        ieee80211_unref_node(&ni);
-@@ -6969,24 +6986,35 @@ drop_micfail:
+@@ -6981,24 +6998,39 @@ drop_micfail:
                         * No key index or no entry, do a lookup and
                         * add the node to the mapping table if possible.
                         */
                         * No key index or no entry, do a lookup and
                         * add the node to the mapping table if possible.
                         */
 -                              (const struct ieee80211_frame_min *)skb->data);
 +
 +lookup_slowpath:
 -                              (const struct ieee80211_frame_min *)skb->data);
 +
 +lookup_slowpath:
-+                      vap = ieee80211_find_rxvap(ic, wh->i_addr1);
++                      if (IEEE80211_IS_MULTICAST(wh->i_addr1))
++                              vap = NULL;
++                      else
++                              vap = ieee80211_find_rxvap(ic, wh->i_addr1);
++
 +                      if (vap)
 +                              ni = ieee80211_find_rxnode(ic, vap, wh);
 +                      else
 +                      if (vap)
 +                              ni = ieee80211_find_rxnode(ic, vap, wh);
 +                      else
This page took 0.029154 seconds and 4 git commands to generate.