mirror of https://github.com/hak5/openwrt.git
mac80211: rework wds sta fix - check for the protocol of the incoming frame instead of just the authorized state
SVN-Revision: 25039lede-17.01
parent
781df33e2a
commit
817ee250d7
|
@ -1,18 +1,42 @@
|
|||
--- a/net/mac80211/rx.c
|
||||
+++ b/net/mac80211/rx.c
|
||||
@@ -1561,9 +1561,13 @@ __ieee80211_data_to_8023(struct ieee8021
|
||||
@@ -1556,17 +1556,36 @@ __ieee80211_data_to_8023(struct ieee8021
|
||||
{
|
||||
struct ieee80211_sub_if_data *sdata = rx->sdata;
|
||||
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
|
||||
+ bool check_port_control = false;
|
||||
+ struct ethhdr *ehdr;
|
||||
+ int ret;
|
||||
|
||||
if (ieee80211_has_a4(hdr->frame_control) &&
|
||||
sdata->vif.type == NL80211_IFTYPE_AP_VLAN && !sdata->u.vlan.sta)
|
||||
return -1;
|
||||
|
||||
+ if (!ieee80211_802_1x_port_control(rx) &&
|
||||
+ sdata->vif.type == NL80211_IFTYPE_STATION &&
|
||||
+ !!sdata->u.mgd.use_4addr != !!ieee80211_has_a4(hdr->frame_control))
|
||||
+ return -1;
|
||||
+ if (sdata->vif.type == NL80211_IFTYPE_STATION &&
|
||||
+ !!sdata->u.mgd.use_4addr != !!ieee80211_has_a4(hdr->frame_control)) {
|
||||
+
|
||||
+ if (!sdata->u.mgd.use_4addr)
|
||||
+ return -1;
|
||||
+ else
|
||||
+ check_port_control = true;
|
||||
+ }
|
||||
+
|
||||
if (is_multicast_ether_addr(hdr->addr1) &&
|
||||
- ((sdata->vif.type == NL80211_IFTYPE_AP_VLAN && sdata->u.vlan.sta) ||
|
||||
- (sdata->vif.type == NL80211_IFTYPE_STATION && sdata->u.mgd.use_4addr)))
|
||||
+ sdata->vif.type == NL80211_IFTYPE_AP_VLAN && sdata->u.vlan.sta)
|
||||
+ return -1;
|
||||
+
|
||||
+ ret = ieee80211_data_to_8023(rx->skb, sdata->vif.addr, sdata->vif.type);
|
||||
+ if (ret < 0 || !check_port_control)
|
||||
+ return ret;
|
||||
+
|
||||
+ ehdr = (struct ethhdr *) rx->skb->data;
|
||||
+ if (ehdr->h_proto != rx->sdata->control_port_protocol)
|
||||
return -1;
|
||||
|
||||
return ieee80211_data_to_8023(rx->skb, sdata->vif.addr, sdata->vif.type);
|
||||
- return ieee80211_data_to_8023(rx->skb, sdata->vif.addr, sdata->vif.type);
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in New Issue