diff options
author | Felix Fietkau <nbd@openwrt.org> | 2011-07-06 09:06:39 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2011-07-06 09:06:39 +0000 |
commit | 3ad9a3e9923dbeea423c7075656477f4b215b4ba (patch) | |
tree | 05ce905c240960968d667a809cb1a1827e30a26d | |
parent | e68ea8543be52197c93926d552560e4e92c60a05 (diff) | |
download | upstream-3ad9a3e9923dbeea423c7075656477f4b215b4ba.tar.gz upstream-3ad9a3e9923dbeea423c7075656477f4b215b4ba.tar.bz2 upstream-3ad9a3e9923dbeea423c7075656477f4b215b4ba.zip |
ath9k: fix reliability issues with TKIP MIC verification
SVN-Revision: 27481
-rw-r--r-- | package/mac80211/patches/550-ath9k_mmic_verify.patch | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/package/mac80211/patches/550-ath9k_mmic_verify.patch b/package/mac80211/patches/550-ath9k_mmic_verify.patch new file mode 100644 index 0000000000..d280dff99c --- /dev/null +++ b/package/mac80211/patches/550-ath9k_mmic_verify.patch @@ -0,0 +1,73 @@ +--- a/drivers/net/wireless/ath/ath9k/recv.c ++++ b/drivers/net/wireless/ath/ath9k/recv.c +@@ -814,16 +814,17 @@ static bool ath9k_rx_accept(struct ath_c + struct ath_rx_status *rx_stats, + bool *decrypt_error) + { +-#define is_mc_or_valid_tkip_keyix ((is_mc || \ +- (rx_stats->rs_keyix != ATH9K_RXKEYIX_INVALID && \ +- test_bit(rx_stats->rs_keyix, common->tkip_keymap)))) +- ++ bool is_mc, is_valid_tkip, mic_error = false; + struct ath_hw *ah = common->ah; + __le16 fc; + u8 rx_status_len = ah->caps.rx_status_len; + + fc = hdr->frame_control; + ++ is_mc = !!is_multicast_ether_addr(hdr->addr1); ++ is_valid_tkip = rx_stats->rs_keyix != ATH9K_RXKEYIX_INVALID && ++ test_bit(rx_stats->rs_keyix, common->tkip_keymap); ++ + if (!rx_stats->rs_datalen) + return false; + /* +@@ -853,19 +854,19 @@ static bool ath9k_rx_accept(struct ath_c + if (rx_stats->rs_status & ATH9K_RXERR_DECRYPT) { + *decrypt_error = true; + } else if (rx_stats->rs_status & ATH9K_RXERR_MIC) { +- bool is_mc; + /* + * The MIC error bit is only valid if the frame + * is not a control frame or fragment, and it was +- * decrypted using a valid TKIP key. ++ * decrypted using a valid TKIP key. For multicast ++ * frames the hardware will not return a valid ++ * key index, so accept the MIC bit for those ++ * as well. + */ +- is_mc = !!is_multicast_ether_addr(hdr->addr1); +- + if (!ieee80211_is_ctl(fc) && + !ieee80211_has_morefrags(fc) && + !(le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG) && +- is_mc_or_valid_tkip_keyix) +- rxs->flag |= RX_FLAG_MMIC_ERROR; ++ (is_mc || is_valid_tkip)) ++ mic_error = true; + else + rx_stats->rs_status &= ~ATH9K_RXERR_MIC; + } +@@ -886,6 +887,22 @@ static bool ath9k_rx_accept(struct ath_c + } + } + } ++ ++ /* ++ * For unicast frames the MIC error bit can have false positives, ++ * so all MIC error reports need to be validated in software. ++ * False negatives are not common, so skip software verification ++ * if the hardware considers the MIC valid. ++ */ ++ if (is_valid_tkip && ieee80211_is_data_present(hdr->frame_control) && ++ !(rx_stats->rs_status & (ATH9K_RXERR_DECRYPT | ATH9K_RXERR_CRC | ++ ATH9K_RXERR_MIC))) { ++ /* Strip the Michael MIC */ ++ rx_stats->rs_datalen -= 8; ++ rxs->flag |= RX_FLAG_MMIC_STRIPPED; ++ } else if (is_mc && mic_error) { ++ rxs->flag |= RX_FLAG_MMIC_ERROR; ++ } + return true; + } + |