aboutsummaryrefslogtreecommitdiffstats
path: root/package/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'package/kernel')
-rw-r--r--package/kernel/mac80211/patches/subsys/363-mac80211-accept-deauth-frames-in-IBSS-mode.patch39
-rw-r--r--package/kernel/mac80211/patches/subsys/364-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch38
2 files changed, 77 insertions, 0 deletions
diff --git a/package/kernel/mac80211/patches/subsys/363-mac80211-accept-deauth-frames-in-IBSS-mode.patch b/package/kernel/mac80211/patches/subsys/363-mac80211-accept-deauth-frames-in-IBSS-mode.patch
new file mode 100644
index 0000000000..ad0792b4f6
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/363-mac80211-accept-deauth-frames-in-IBSS-mode.patch
@@ -0,0 +1,39 @@
+From 95697f9907bfe3eab0ef20265a766b22e27dde64 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Fri, 4 Oct 2019 15:37:05 +0300
+Subject: [PATCH] mac80211: accept deauth frames in IBSS mode
+
+We can process deauth frames and all, but we drop them very
+early in the RX path today - this could never have worked.
+
+Fixes: 2cc59e784b54 ("mac80211: reply to AUTH with DEAUTH if sta allocation fails in IBSS")
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Link: https://lore.kernel.org/r/20191004123706.15768-2-luca@coelho.fi
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+ net/mac80211/rx.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -3467,9 +3467,18 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_
+ case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP):
+ /* process for all: mesh, mlme, ibss */
+ break;
++ case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
++ if (is_multicast_ether_addr(mgmt->da) &&
++ !is_broadcast_ether_addr(mgmt->da))
++ return RX_DROP_MONITOR;
++
++ /* process only for station/IBSS */
++ if (sdata->vif.type != NL80211_IFTYPE_STATION &&
++ sdata->vif.type != NL80211_IFTYPE_ADHOC)
++ return RX_DROP_MONITOR;
++ break;
+ case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP):
+ case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP):
+- case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
+ case cpu_to_le16(IEEE80211_STYPE_DISASSOC):
+ if (is_multicast_ether_addr(mgmt->da) &&
+ !is_broadcast_ether_addr(mgmt->da))
diff --git a/package/kernel/mac80211/patches/subsys/364-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch b/package/kernel/mac80211/patches/subsys/364-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch
new file mode 100644
index 0000000000..dc7cac5ad1
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/364-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch
@@ -0,0 +1,38 @@
+From b478e06a16a8baa00c5ecc87c1d636981f2206d5 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Tue, 29 Oct 2019 10:25:25 +0100
+Subject: [PATCH] mac80211: sta: randomize BA session dialog token allocator
+
+We currently always start the dialog token generator at zero,
+so the first dialog token we use is always 1. This would be
+OK if we had a perfect guarantee that we always do a proper
+deauth/re-auth handshake, but in IBSS mode this doesn't always
+happen properly.
+
+To make problems with block ack (aggregation) sessions getting
+stuck less likely, randomize the dialog token so if we start a
+new session but the peer still has old state for us, it can
+better detect this.
+
+This is really just a workaround to make things a bit more
+robust than they are now - a better fix would be to do a full
+authentication handshake in IBSS mode upon having discovered a
+new station, and on the receiver resetting the state (removing
+and re-adding the station) on receiving the authentication
+packet.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+ net/mac80211/sta_info.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -324,6 +324,7 @@ struct sta_info *sta_info_alloc(struct i
+ INIT_WORK(&sta->drv_deliver_wk, sta_deliver_ps_frames);
+ INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
+ mutex_init(&sta->ampdu_mlme.mtx);
++ sta->ampdu_mlme.dialog_token_allocator = prandom_u32_max(U8_MAX);
+ #ifdef CPTCFG_MAC80211_MESH
+ if (ieee80211_vif_is_mesh(&sdata->vif)) {
+ sta->mesh = kzalloc(sizeof(*sta->mesh), gfp);