2011-09-01 19:32:21

by Thomas Pedersen

Subject: [PATCH] mac80211: check if mesh frame is in RMC after decrypt

To check whether a frame is in the RMC, we need access to the mesh
header. This header is encrypted in encrypted data frames, so make this
check after the frame has been decrypted.

Signed-off-by: Thomas Pedersen <[email protected]>
---
net/mac80211/rx.c | 15 ++++++---------
1 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 1fe26fa..9410b9f 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -476,7 +476,6 @@ static ieee80211_rx_result
ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
{
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
- unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control);
char *dev_addr = rx->sdata->vif.addr;

if (ieee80211_is_data(hdr->frame_control)) {
@@ -524,14 +523,6 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)

}

-#define msh_h_get(h, l) ((struct ieee80211s_hdr *) ((u8 *)h + l))
-
- if (ieee80211_is_data(hdr->frame_control) &&
- is_multicast_ether_addr(hdr->addr1) &&
- mesh_rmc_check(hdr->addr3, msh_h_get(hdr, hdrlen), rx->sdata))
- return RX_DROP_MONITOR;
-#undef msh_h_get
-
return RX_CONTINUE;
}

@@ -1827,6 +1818,12 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
hdrlen = ieee80211_hdrlen(hdr->frame_control);
mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);

+ /* frame is in RMC, don't forward */
+ if (ieee80211_is_data(hdr->frame_control) &&
+ is_multicast_ether_addr(hdr->addr1) &&
+ mesh_rmc_check(hdr->addr3, mesh_hdr, rx->sdata))
+ return RX_DROP_MONITOR;
+
if (!ieee80211_is_data(hdr->frame_control))
return RX_CONTINUE;

--
1.7.4.1

2011-09-01 20:10:01

by Javier Cardona

Subject: Re: [PATCH] mac80211: check if mesh frame is in RMC after decrypt

On Thu, Sep 1, 2011 at 12:32 PM, Thomas Pedersen <[email protected]> wrote:
> To check whether a frame is in the RMC, we need access to the mesh
> header. ?This header is encrypted in encrypted data frames, so make this
> check after the frame has been decrypted.
>
> Signed-off-by: Thomas Pedersen <[email protected]>
Signed-off-by: Javier Cardona <[email protected]>

> ---
> ?net/mac80211/rx.c | ? 15 ++++++---------
> ?1 files changed, 6 insertions(+), 9 deletions(-)
>
> diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
> index 1fe26fa..9410b9f 100644
> --- a/net/mac80211/rx.c
> +++ b/net/mac80211/rx.c
> @@ -476,7 +476,6 @@ static ieee80211_rx_result
> ?ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
> ?{
> ? ? ? ?struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
> - ? ? ? unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control);
> ? ? ? ?char *dev_addr = rx->sdata->vif.addr;
>
> ? ? ? ?if (ieee80211_is_data(hdr->frame_control)) {
> @@ -524,14 +523,6 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
>
> ? ? ? ?}
>
> -#define msh_h_get(h, l) ((struct ieee80211s_hdr *) ((u8 *)h + l))
> -
> - ? ? ? if (ieee80211_is_data(hdr->frame_control) &&
> - ? ? ? ? ? is_multicast_ether_addr(hdr->addr1) &&
> - ? ? ? ? ? mesh_rmc_check(hdr->addr3, msh_h_get(hdr, hdrlen), rx->sdata))
> - ? ? ? ? ? ? ? return RX_DROP_MONITOR;
> -#undef msh_h_get
> -
> ? ? ? ?return RX_CONTINUE;
> ?}
>
> @@ -1827,6 +1818,12 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
> ? ? ? ?hdrlen = ieee80211_hdrlen(hdr->frame_control);
> ? ? ? ?mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
>
> + ? ? ? /* frame is in RMC, don't forward */
> + ? ? ? if (ieee80211_is_data(hdr->frame_control) &&
> + ? ? ? ? ? is_multicast_ether_addr(hdr->addr1) &&
> + ? ? ? ? ? mesh_rmc_check(hdr->addr3, mesh_hdr, rx->sdata))
> + ? ? ? ? ? ? ? return RX_DROP_MONITOR;
> +
> ? ? ? ?if (!ieee80211_is_data(hdr->frame_control))
> ? ? ? ? ? ? ? ?return RX_CONTINUE;
>
> --
> 1.7.4.1
>
>



--
Javier Cardona
cozybit Inc.
http://www.cozybit.com