1. 12 Mar, 2012 4 commits
  2. 07 Mar, 2012 1 commit
    • Paul Stewart's avatar
      mac80211: Filter duplicate IE ids · fcff4f10
      Paul Stewart authored
      mac80211 is lenient with respect to reception of corrupted beacons.
      Even if the frame is corrupted as a whole, the available IE elements
      are still passed back and accepted, sometimes replacing legitimate
      data.  It is unknown to what extent this "feature" is made use of,
      but it is clear that in some cases, this is detrimental.  One such
      case is reported in http://crosbug.com/26832 where an AP corrupts
      its beacons but not its probe responses.
      One approach would be to completely reject frames with invaid data
      (for example, if the last tag extends beyond the end of the enclosing
      PDU).  The enclosed approach is much more conservative: we simply
      prevent later IEs from overwriting the state from previous ones.
      This approach hopes that there might be some salient data in the
      IE stream before the corruption, and seeks to at least prevent that
      data from being overwritten.  This approach will fix the case above.
      Further, we flag element structures that contain data we think might
      be corrupted, so that as we fill the mac80211 BSS structure, we try
      not to replace data from an un-corrupted probe response with that
      of a corrupted beacon, for example.
      Short of any statistics gathering in the various forms of AP breakage,
      it's not possible to ascertain the side effects of more stringent
      discarding of data.
      Signed-off-by: default avatarPaul Stewart <pstew@chromium.org>
      Cc: Sam Leffler <sleffler@chromium.org>
      Cc: Eliad Peller <eliad@wizery.com>
      Acked-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  3. 05 Mar, 2012 2 commits
  4. 29 Feb, 2012 4 commits
  5. 27 Feb, 2012 4 commits
  6. 06 Feb, 2012 4 commits
    • Johannes Berg's avatar
      mac80211: redesign auth/assoc · 66e67e41
      Johannes Berg authored
      This is the second part of the auth/assoc redesign,
      the mac80211 part. This moves the auth/assoc code
      out of the work abstraction and into the MLME, so
      that we don't flip channels all the time etc.
      The only downside is that when we are associated,
      we need to drop the association in order to create
      a connection to another AP, but for most drivers
      this is actually desirable and the ability to do
      was never used by any applications. If we want to
      implement resource reservation with FT-OTA, we'd
      probably best do it with explicit R-O-C in wpa_s.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    • Johannes Berg's avatar
      cfg80211: stop tracking authenticated state · 95de817b
      Johannes Berg authored
      To track authenticated state seems to have been
      a design mistake in cfg80211. It is possible to
      have out of band authentication (FT), tracking
      multiple authentications caused more problems
      than it ever helped, and the implementation in
      mac80211 is too complex.
      Remove all this complexity, and let userspace
      do whatever it wants to, mac80211 can deal with
      that just fine. Association is still tracked of
      course, but authentication no longer is. Local
      auth state changes are thus no longer of value,
      so ignore them completely.
      This will also help implement SAE -- asking the
      driver to do an authentication is now almost
      equivalent to sending an authentication frame,
      with the exception of shared key authentication
      which is still handled completely.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    • Johannes Berg's avatar
      mac80211: remove dummy STA support · 7852e361
      Johannes Berg authored
      The dummy STA support was added because I didn't
      want to change the driver API at the time. Now
      that we have state transitions triggering station
      add/remove in the driver, we only call add once a
      station reaches ASSOCIATED, so we can remove the
      dummy station stuff again.
      While at it, tighten the RX check and accept only
      port control (EAP) frames from the AP station if
      it's not associated yet -- in other cases there's
      no race.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    • Johannes Berg's avatar
      mac80211: move managed mode station state modification · c8987876
      Johannes Berg authored
      Move the station state modification right before insert,
      this just makes the current code more readable (you can
      tell that it's before insertion looking at a single
      screenful of code) right now, but some upcoming changes
      will require this.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  7. 30 Jan, 2012 1 commit
    • Johannes Berg's avatar
      mac80211: station state transition error handling · 83d5cc01
      Johannes Berg authored
      In the future, when we start notifying drivers,
      state transitions could potentially fail. To make
      it easier to distinguish between programming bugs
      and driver failures:
       * rename sta_info_move_state() to
         sta_info_pre_move_state() which can only be
         called before the station is inserted (and
         check this with a new station flag).
       * rename sta_info_move_state_checked() to just
         plain sta_info_move_state(), as it will be
         the regular function that can fail for more
         than just one reason (bad transition or an
         error from the driver)
      This makes the programming model easier -- one of
      the functions can only be called before insertion
      and can't fail, the other can fail.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  8. 27 Jan, 2012 2 commits
  9. 24 Jan, 2012 1 commit
  10. 18 Jan, 2012 1 commit
    • Johannes Berg's avatar
      mac80211: fix work removal on deauth request · bc4934bc
      Johannes Berg authored
      When deauth is requested while an auth or assoc
      work item is in progress, we currently delete it
      without regard for any state it might need to
      clean up. Fix it by cleaning up for those items.
      In the case Pontus found, the problem manifested
      itself as such:
      authenticate with 00:23:69:aa:dd:7b (try 1)
      failed to insert Dummy STA entry for the AP (error -17)
      deauthenticating from 00:23:69:aa:dd:7b by local choice (reason=2)
      It could also happen differently if the driver
      uses the tx_sync callback.
      We can't just call the ->done() method of the work
      items because that will lock up due to the locking
      in cfg80211. This fix isn't very clean, but that
      seems acceptable since I have patches pending to
      remove this code completely.
      Cc: stable@vger.kernel.org
      Reported-by: default avatarPontus Fuchs <pontus.fuchs@gmail.com>
      Tested-by: default avatarPontus Fuchs <pontus.fuchs@gmail.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  11. 04 Jan, 2012 1 commit
  12. 19 Dec, 2011 1 commit
  13. 15 Dec, 2011 3 commits
  14. 21 Nov, 2011 2 commits
  15. 17 Nov, 2011 1 commit
  16. 09 Nov, 2011 2 commits
    • Christian Lamparter's avatar
      mac80211: handle HT PHY BSS membership selector value correctly · c74d084f
      Christian Lamparter authored
      802.11n-2009 extends the supported rates element with a
      magic value which can be used to prevent legacy stations
      from joining the BSS.
      However, this magic value is not a rate like the others
      and the magic can simply be ignored/skipped at this late
      Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>---
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    • Johannes Berg's avatar
      mac80211: fix race between connection monitor & suspend · 0ecfe806
      Johannes Berg authored
      When the connection monitor timer fires right before
      suspend, the following will happen:
       timer fires -> monitor_work gets queued
       suspend calls ieee80211_sta_quiesce
        - deletes timer
        - cancels monitor_work synchronously, running it
        [note wrong order of these steps]
       monitor_work runs, re-arming the timer
       later, timer fires while system should be quiesced
      This causes a warning:
      WARNING: at net/mac80211/util.c:540 ieee80211_can_queue_work+0x35/0x40 [mac80211]()
      but is otherwise harmless. I'm not completely sure
      this is the scenario Thomas stumbled across, but it
      is the only way I can right now see the warning in
      a scenario like the one he reported.
      Reported-by: default avatarThomas Meyer <thomas@m3y3r.de>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  17. 07 Nov, 2011 1 commit
  18. 02 Nov, 2011 1 commit
  19. 31 Oct, 2011 2 commits
  20. 03 Oct, 2011 1 commit
  21. 30 Sep, 2011 1 commit
    • Johannes Berg's avatar
      mac80211: optimise station flags · c2c98fde
      Johannes Berg authored
      The flaglock in struct sta_info has long been
      something that I wanted to get rid of, this
      finally does the conversion to atomic bitops.
      The conversion itself is straight-forward in
      most places, a few things needed to change a
      bit since we can no longer use multiple bits
      at the same time.
      On x86-64, this is a fairly significant code
      size reduction:
         text	   data	    bss	    dec	    hex
       427861	  23648	   1008	 452517	  6e7a5	before
       425383	  23648	    976	 450007	  6ddd7	after
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>