According to IEEE 802.11-2012 section 8.3.2 table 8-19, the outer SA/DA
of A-MSDU frames need to be changed depending on FromDS/ToDS values.
Signed-off-by: Michael Braun <[email protected]>
--
v2:
- avoid the extra write to amsdu_hdr
- avoid copy of asmdu_hdr into skb, use ptr instead
---
net/mac80211/tx.c | 45 ++++++++++++++++++++++++++++++++++++---------
1 file changed, 36 insertions(+), 9 deletions(-)
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 5023966..ebd2aa6 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3046,11 +3046,12 @@ static bool ieee80211_amsdu_prepare_head(struct ieee80211_sub_if_data *sdata,
struct ieee80211_local *local = sdata->local;
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
struct ieee80211_hdr *hdr;
- struct ethhdr amsdu_hdr;
+ struct ethhdr *amsdu_hdr;
int hdr_len = fast_tx->hdr_len - sizeof(rfc1042_header);
int subframe_len = skb->len - hdr_len;
void *data;
u8 *qc;
+ const u8 *src_addr, *dst_addr, *bssid;
if (info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE)
return false;
@@ -3058,19 +3059,45 @@ static bool ieee80211_amsdu_prepare_head(struct ieee80211_sub_if_data *sdata,
if (info->control.flags & IEEE80211_TX_CTRL_AMSDU)
return true;
- if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(amsdu_hdr),
+ if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(*amsdu_hdr),
&subframe_len))
return false;
- amsdu_hdr.h_proto = cpu_to_be16(subframe_len);
- memcpy(amsdu_hdr.h_source, skb->data + fast_tx->sa_offs, ETH_ALEN);
- memcpy(amsdu_hdr.h_dest, skb->data + fast_tx->da_offs, ETH_ALEN);
+ data = skb_push(skb, sizeof(*amsdu_hdr));
+ memmove(data, data + sizeof(*amsdu_hdr), hdr_len);
+ hdr = data;
+ amsdu_hdr = data + hdr_len;
+
+ /* according to IEEE 802.11-2012 8.3.2 table 8-19, the outer SA/DA
+ * fields needs to be changed to BSSID for A-MSDU frames depending
+ * on FromDS/ToDS values.
+ */
+ switch (sdata->vif.type) {
+ case NL80211_IFTYPE_STATION:
+ bssid = sdata->u.mgd.bssid;
+ break;
+ case NL80211_IFTYPE_AP:
+ case NL80211_IFTYPE_AP_VLAN:
+ bssid = sdata->vif.addr;
+ break;
+ default:
+ bssid = NULL;
+ }
+
+ if (bssid && ieee80211_has_fromds(hdr->frame_control))
+ src_addr = bssid;
+ else
+ src_addr = skb->data + fast_tx->sa_offs;
+
+ if (bssid && ieee80211_has_tods(hdr->frame_control))
+ dst_addr = bssid;
+ else
+ dst_addr = skb->data + fast_tx->da_offs;
- data = skb_push(skb, sizeof(amsdu_hdr));
- memmove(data, data + sizeof(amsdu_hdr), hdr_len);
- memcpy(data + hdr_len, &amsdu_hdr, sizeof(amsdu_hdr));
+ amsdu_hdr->h_proto = cpu_to_be16(subframe_len);
+ memcpy(amsdu_hdr->h_source, src_addr, ETH_ALEN);
+ memcpy(amsdu_hdr->h_dest, dst_addr, ETH_ALEN);
- hdr = data;
qc = ieee80211_get_qos_ctl(hdr);
*qc |= IEEE80211_QOS_CTL_A_MSDU_PRESENT;
--
2.1.4
Am 12.10.2016 14:25, schrieb Johannes Berg:
> So, I actually think my first instinct that you were erroneously
> changing the inner header *was* right.
You're right.
> Seems like this code should be inserted towards the end of
> ieee80211_amsdu_aggregate() instead, where it's adding the RFC 1042
> header?
I'm not convinced.
ieee80211_amsdu_aggregate handles two skbs: the "skb" var and the "head"
var.
The skb is appended to the frag list of head by setting frag_tail and
does not appear to have an ieee80211_hdr, as memmove is only 2 *
ETH_ALEN. Additionally, the rfc1042_header is written after 2 bytes
containing subframe_len, so it looks like an A-MSDU subframe with
rfc1042_header is inserted at the beginning of the inner MSDU.
Only the head skb is processed by ieee80211_amsdu_prepare_head and
appears to have an 802.11 header. So its da/sa address should be
changed.
Regards,
M. Braun
On Wed, 2016-10-12 at 12:57 +0200, Michael Braun wrote:
> According to IEEE 802.11-2012 section 8.3.2 table 8-19, the outer
> SA/DA of A-MSDU frames need to be changed depending on FromDS/ToDS
> values.
actually ...
> struct ieee80211_hdr *hdr;
802.11 header
> - struct ethhdr amsdu_hdr;
> + struct ethhdr *amsdu_hdr;
> int hdr_len = fast_tx->hdr_len - sizeof(rfc1042_header);
802.11 header length
> + data = skb_push(skb, sizeof(*amsdu_hdr));
push ethernet header in
> + memmove(data, data + sizeof(*amsdu_hdr), hdr_len);
move 802.11 header from back to front
> + hdr = data;
hdr is at the beginning of the frame
> + amsdu_hdr = data + hdr_len;
amsdu_hdr is actually the *inner* header after all.
So, I actually think my first instinct that you were erroneously
changing the inner header *was* right.
Seems like this code should be inserted towards the end of
ieee80211_amsdu_aggregate() instead, where it's adding the RFC 1042
header?
Need Felix to take a look, I guess.
johannes