commit 0ebac9cecbfa696841928a27480e8ebf0e38e83b
author Abhishek Singh <absingh@qti.qualcomm.com> Wed Jun 25 13:34:12 2014 +0530
committer Satyanarayana Dash <c_sadash@qti.qualcomm.com> Thu Jun 26 13:15:01 2014 +0530
tree 1155c199d09c651093f0073f71b9e4ef969aa4e6
parent 421bde826a3865e154e6fb60ea418e3858a41a01

wlan:pmf: Fix to send Protected SA Query from hostapd_cli

SAP was sending unprotected SA Query when triggered by
hostapd_cli even if the connection is PMF.
This change set provides the fix so that
1. SA Query is protected in case of PMF connection.
2. SA Query is unprotected in case of non-PMF connection.
3. SA Query is dropped if SAP is not connected to the given STA.

CRs-Fixed: 685220

Change-Id: I2eb1c9b543e1bf67d84498ac695c297cedc45120

CORE/MAC/src/pe/lim/limP2P.c

diff --git a/CORE/MAC/src/pe/lim/limP2P.c b/CORE/MAC/src/pe/lim/limP2P.c
index f3384b1..f31f324 100644
--- a/CORE/MAC/src/pe/lim/limP2P.c
+++ b/CORE/MAC/src/pe/lim/limP2P.c
@@ -942,7 +942,10 @@
     v_U8_t              *pPresenceRspNoaAttr = NULL;
     v_U8_t              *pNewP2PIe = NULL;
     v_U16_t             remainLen = 0;
-
+#ifdef WLAN_FEATURE_11W
+    tpSirMacMgmtHdr        pMacHdr;
+    tpSirMacActionFrameHdr pActionHdr;
+#endif
     nBytes = pMbMsg->msgLen - sizeof(tSirMbMsg);
 
     limLog( pMac, LOG1, FL("sending pFc->type=%d pFc->subType=%d"),
@@ -1133,6 +1136,63 @@
         vos_mem_copy(pFrame, pMbMsg->data, nBytes);
     }
 
+#ifdef WLAN_FEATURE_11W
+    pActionHdr = (tpSirMacActionFrameHdr) (pFrame + sizeof(tSirMacMgmtHdr));
+
+    /*
+     * Setting Protected bit for SA_QUERY Action Frame
+     * This has to be based on the current Connection with the station
+     * limSetProtectedBit API will set the protected bit if connection if PMF
+     */
+
+    if ((SIR_MAC_MGMT_ACTION == pFc->subType) &&
+        (SIR_MAC_ACTION_SA_QUERY == pActionHdr->category))
+    {
+        pMacHdr    = (tpSirMacMgmtHdr ) pFrame;
+        psessionEntry = peFindSessionByBssid(pMac,
+                        (tANI_U8*)pMbMsg->data + BSSID_OFFSET, &sessionId);
+
+        /* Check for session corresponding to ADDR2 ss supplicant is filling
+           ADDR2  with BSSID */
+        if(NULL == psessionEntry)
+        {
+            psessionEntry = peFindSessionByBssid(pMac,
+                       (tANI_U8*)pMbMsg->data + ADDR2_OFFSET, &sessionId);
+        }
+
+        if(NULL != psessionEntry)
+        {
+            limSetProtectedBit(pMac, psessionEntry, pMacHdr->da, pMacHdr);
+        }
+        else
+        {
+            limLog(pMac, LOGE,
+                FL("Dropping SA Query frame - Unable to find PE Session \n"));
+            limSendSmeRsp(pMac, eWNI_SME_ACTION_FRAME_SEND_CNF,
+                    eHAL_STATUS_FAILURE, pMbMsg->sessionId, 0);
+            palPktFree( pMac->hHdd, HAL_TXRX_FRM_802_11_MGMT,
+                    ( void* ) pFrame, ( void* ) pPacket );
+            return;
+        }
+
+        /*
+         * If wep bit is not set in MAC header then we are trying to
+         * send SA Query via non PMF connection. Drop the packet.
+         */
+
+        if(0 ==  pMacHdr->fc.wep)
+        {
+            limLog(pMac, LOGE,
+                FL("Dropping SA Query frame due to non PMF connection\n"));
+            limSendSmeRsp(pMac, eWNI_SME_ACTION_FRAME_SEND_CNF,
+                    eHAL_STATUS_FAILURE, pMbMsg->sessionId, 0);
+            palPktFree( pMac->hHdd, HAL_TXRX_FRM_802_11_MGMT,
+                    ( void* ) pFrame, ( void* ) pPacket );
+            return;
+        }
+    }
+#endif
+
     /* Use BD rate 2 for all P2P related frames. As these frames need to go
      * at OFDM rates. And BD rate2 we configured at 6Mbps.
      */