Merge "wlan: Drop invalid EAPOL packets in SAP mode" into wlan-driver.lnx.1.0
diff --git a/CORE/HDD/inc/wlan_hdd_cfg.h b/CORE/HDD/inc/wlan_hdd_cfg.h
index 0b5b8fe..bd58455 100644
--- a/CORE/HDD/inc/wlan_hdd_cfg.h
+++ b/CORE/HDD/inc/wlan_hdd_cfg.h
@@ -2110,6 +2110,11 @@
#define CFG_ENABLE_RX_STBC_MAX ( 1 )
#define CFG_ENABLE_RX_STBC_DEFAULT ( 1 )
+#define CFG_ENABLE_TX_STBC "gEnableTXSTBC"
+#define CFG_ENABLE_TX_STBC_MIN ( 0 )
+#define CFG_ENABLE_TX_STBC_MAX ( 1 )
+#define CFG_ENABLE_TX_STBC_DEFAULT ( 1 )
+
/*
* Enable/Disable vsta based on MAX Assoc limit
* defined in WCNSS_qcom_cfg.ini.
@@ -3695,6 +3700,7 @@
v_U16_t configMccParam;
v_U32_t numBuffAdvert;
v_BOOL_t enableRxSTBC;
+ v_BOOL_t enableTxSTBC;
#ifdef FEATURE_WLAN_TDLS
v_BOOL_t fEnableTDLSSupport;
v_BOOL_t fEnableTDLSImplicitTrigger;
diff --git a/CORE/HDD/inc/wlan_hdd_cfg80211.h b/CORE/HDD/inc/wlan_hdd_cfg80211.h
index be208ae..a52093c 100644
--- a/CORE/HDD/inc/wlan_hdd_cfg80211.h
+++ b/CORE/HDD/inc/wlan_hdd_cfg80211.h
@@ -2119,6 +2119,29 @@
}
#endif
+#define JOINT_MULTI_BAND_RSNA 0x01
+#define PEER_KEY_ENABLED 0x02
+#define AMSDU_CAPABLE 0x04
+#define AMSDU_REQUIRED 0x08
+#define PBAC 0x10
+#define EXT_KEY_ID 0x20
+#define OCVC 0x40
+#define RESERVED 0x80
+
+/**
+ * wlan_hdd_mask_unsupported_rsn_caps() - Mask unsupported RSN CAPs in RSN IE
+ * @pBuf: pointer to rsn_ie
+ * @ielen: rsn_ie len
+ *
+ * This function is used to point rsn cap element in rsn IE and mask the rsn
+ * caps bits which driver doesn't support.
+ *
+ * Return: None
+ */
+void
+wlan_hdd_mask_unsupported_rsn_caps(tANI_U8 *pBuf, tANI_S16 ielen);
+
+
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0))
#define nla_parse(a, b, c, d, e) nla_parse(a, b, c, d, e, NULL)
#define cfg80211_sched_scan_results(a) cfg80211_sched_scan_results(a, 0)
diff --git a/CORE/HDD/src/wlan_hdd_cfg.c b/CORE/HDD/src/wlan_hdd_cfg.c
index 02586ab..b16c3d4 100644
--- a/CORE/HDD/src/wlan_hdd_cfg.c
+++ b/CORE/HDD/src/wlan_hdd_cfg.c
@@ -2493,6 +2493,12 @@
CFG_ENABLE_RX_STBC_DEFAULT,
CFG_ENABLE_RX_STBC_MIN,
CFG_ENABLE_RX_STBC_MAX ),
+ REG_VARIABLE( CFG_ENABLE_TX_STBC, WLAN_PARAM_Integer,
+ hdd_config_t, enableTxSTBC,
+ VAR_FLAGS_OPTIONAL | VAR_FLAGS_RANGE_CHECK_ASSUME_DEFAULT,
+ CFG_ENABLE_TX_STBC_DEFAULT,
+ CFG_ENABLE_TX_STBC_MIN,
+ CFG_ENABLE_TX_STBC_MAX ),
#ifdef FEATURE_WLAN_TDLS
REG_VARIABLE( CFG_TDLS_SUPPORT_ENABLE, WLAN_PARAM_Integer,
hdd_config_t, fEnableTDLSSupport,
@@ -5928,6 +5934,14 @@
hddLog(LOGE, "Could not pass on WNI_CFG_VHT_RXSTBC to CCM");
}
+ if (ccmCfgSetInt(pHddCtx->hHal, WNI_CFG_VHT_TXSTBC,
+ pConfig->enableTxSTBC, NULL, eANI_BOOLEAN_FALSE)
+ == eHAL_STATUS_FAILURE)
+ {
+ fStatus = FALSE;
+ hddLog(LOGE, "Could not pass on WNI_CFG_VHT_TXSTBC to CCM");
+ }
+
#ifdef WLAN_SOFTAP_VSTA_FEATURE
if(pConfig->fEnableVSTASupport)
{
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 31ef7d3..c8035f9 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -9503,6 +9503,11 @@
{
wlan_hdd_band_5_GHZ.ht_cap.cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
}
+ if (pCfg->enableTxSTBC)
+ {
+ wlan_hdd_band_2_4_GHZ.vht_cap.cap |= IEEE80211_VHT_CAP_TXSTBC;
+ wlan_hdd_band_5_GHZ.vht_cap.cap |= IEEE80211_VHT_CAP_TXSTBC;
+ }
/*
* In case of static linked driver at the time of driver unload,
* module exit doesn't happens. Module cleanup helps in cleaning
@@ -12790,14 +12795,6 @@
}
hdd_set_conparam(1);
- status = hdd_sta_id_hash_attach(pAdapter);
- if (VOS_STATUS_SUCCESS != status)
- {
- hddLog(VOS_TRACE_LEVEL_ERROR,
- FL("Failed to initialize hash for AP"));
- return -EINVAL;
- }
-
/*interface type changed update in wiphy structure*/
if(wdev)
{
@@ -16777,6 +16774,102 @@
return 0;
}
+static void framesntohs(v_U16_t *pOut,
+ v_U8_t *pIn,
+ unsigned char fMsb)
+{
+# if defined ( DOT11F_LITTLE_ENDIAN_HOST )
+ if ( !fMsb )
+ {
+ vos_mem_copy(( v_U16_t* )pOut, pIn, 2);
+ }
+ else
+ {
+ *pOut = ( v_U16_t )( *pIn << 8 ) | *( pIn + 1 );
+ }
+# else
+ if ( !fMsb )
+ {
+ *pOut = ( v_U16_t )( *pIn | ( *( pIn + 1 ) << 8 ) );
+ }
+ else
+ {
+ vos_mem_copy(( v_U16_t* )pOut, pIn, 2);
+ }
+# endif
+}
+
+void
+wlan_hdd_mask_unsupported_rsn_caps(tANI_U8 *pBuf, tANI_S16 ielen)
+{
+ u16 pwise_cipher_suite_count, akm_suite_cnt, mask = 0;
+ u8 *rsn_cap;
+
+ if (unlikely(ielen < 2)) {
+ return;
+ }
+
+ pBuf += 2;
+ ielen -= (tANI_U8)2;
+
+ if (unlikely(ielen < 4)) {
+ return;
+ }
+
+ pBuf += 4;
+ ielen -= (tANI_U8)4;
+
+ if (unlikely(ielen < 2)) {
+ return;
+ }
+
+ framesntohs(&pwise_cipher_suite_count, pBuf, 0);
+ pBuf += 2;
+ ielen -= (tANI_U8)2;
+
+ if (unlikely(ielen < pwise_cipher_suite_count * 4)) {
+ return;
+ }
+
+ if (!pwise_cipher_suite_count ||
+ pwise_cipher_suite_count > 4){
+ return;
+ }
+
+ pBuf += (pwise_cipher_suite_count * 4);
+ ielen -= (pwise_cipher_suite_count * 4);
+
+ if (unlikely(ielen < 2)) {
+ return;
+ }
+
+ framesntohs(&akm_suite_cnt, pBuf, 0);
+ pBuf += 2;
+ ielen -= (tANI_U8)2;
+
+ if (unlikely(ielen < akm_suite_cnt * 4)) {
+ return;
+ }
+
+ if (!akm_suite_cnt ||
+ akm_suite_cnt > 4){
+ return;
+ }
+
+ pBuf += (akm_suite_cnt * 4);
+ ielen -= (akm_suite_cnt * 4);
+
+ if (unlikely(ielen < 2)) {
+ return;
+ }
+
+ rsn_cap = pBuf;
+ mask = ~(JOINT_MULTI_BAND_RSNA | PEER_KEY_ENABLED | AMSDU_CAPABLE |
+ AMSDU_REQUIRED | PBAC | EXT_KEY_ID | OCVC | RESERVED);
+ rsn_cap[1] &= mask;
+
+ return;
+}
/*
* FUNCTION: wlan_hdd_cfg80211_set_ie
@@ -17089,6 +17182,8 @@
memcpy( pWextState->WPARSNIE, genie - 2, (eLen + 2)/*ie_len*/);
pWextState->roamProfile.pRSNReqIE = pWextState->WPARSNIE;
pWextState->roamProfile.nRSNReqIELength = eLen + 2; //ie_len;
+ wlan_hdd_mask_unsupported_rsn_caps(pWextState->WPARSNIE + 2,
+ eLen);
break;
/* Appending extended capabilities with Interworking or
diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c
index c2d917e..8115be8 100644
--- a/CORE/HDD/src/wlan_hdd_hostapd.c
+++ b/CORE/HDD/src/wlan_hdd_hostapd.c
@@ -5556,6 +5556,15 @@
ini_cfg->apEndChannelNum,
ini_cfg->apOperatingBand);
}
+
+ status = hdd_sta_id_hash_attach(pAdapter);
+ if (VOS_STATUS_SUCCESS != status)
+ {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ FL("Failed to initialize hash for AP"));
+ goto error_wmm_init;
+ }
+
/* Action frame registered in one adapter which will
* applicable to all interfaces
*/
diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c
index 547d901..9b18837 100644
--- a/CORE/HDD/src/wlan_hdd_main.c
+++ b/CORE/HDD/src/wlan_hdd_main.c
@@ -4039,7 +4039,6 @@
static void hdd_init_sw_pta(hdd_context_t *hdd_ctx)
{
init_completion(&hdd_ctx->sw_pta_comp);
- wcnss_update_bt_profile();
}
static void hdd_deinit_sw_pta(hdd_context_t *hdd_ctx)
@@ -10119,14 +10118,6 @@
hdd_initialize_adapter_common(pAdapter);
- status = hdd_sta_id_hash_attach(pAdapter);
- if (VOS_STATUS_SUCCESS != status)
- {
- hddLog(VOS_TRACE_LEVEL_FATAL,
- FL("failed to attach hash for session %d"), session_type);
- goto err_free_netdev;
- }
-
status = hdd_register_hostapd( pAdapter, rtnl_held );
if( VOS_STATUS_SUCCESS != status )
{
@@ -11696,12 +11687,6 @@
case WLAN_HDD_SOFTAP:
if (pHddCtx->cfg_ini->sap_internal_restart) {
hdd_init_ap_mode(pAdapter, true);
- status = hdd_sta_id_hash_attach(pAdapter);
- if (VOS_STATUS_SUCCESS != status)
- {
- hddLog(VOS_TRACE_LEVEL_FATAL,
- FL("failed to attach hash for"));
- }
}
break;
@@ -14168,6 +14153,7 @@
#endif /* WLAN_KD_READY_NOTIFIER */
vos_set_roam_delay_stats_enabled(pHddCtx->cfg_ini->gEnableRoamDelayStats);
+ hdd_init_sw_pta(pHddCtx);
status = vos_open( &pVosContext, pHddCtx->parent_dev);
if ( !VOS_IS_STATUS_SUCCESS( status ))
{
@@ -14800,7 +14786,7 @@
mutex_init(&pHddCtx->cache_channel_lock);
- hdd_init_sw_pta(pHddCtx);
+ wcnss_update_bt_profile();
goto success;
err_open_cesium_nl_sock:
@@ -16276,8 +16262,12 @@
hdd_context_t *hdd_ctx = NULL;
hdd_adapter_t *adapter = NULL;
v_CONTEXT_t vos_context = NULL;
+ tANI_U8 type = 0;
+ tANI_U8 subType = 0;
struct ieee80211_mgmt *mgmt =
(struct ieee80211_mgmt *)frame_ind->frameBuf;
+ tANI_U8* pbFrames;
+ tANI_U32 nFrameLength;
/* Get the global VOSS context.*/
vos_context = vos_get_global_context(VOS_MODULE_ID_SYS, NULL);
@@ -16299,7 +16289,38 @@
return;
}
- adapter = hdd_get_adapter_by_sme_session_id(hdd_ctx,
+ /* Try to retrieve the adapter from the mac address list*/
+ type = WLAN_HDD_GET_TYPE_FRM_FC(pbFrames[0]);
+ subType = WLAN_HDD_GET_SUBTYPE_FRM_FC(pbFrames[0]);
+ pbFrames = frame_ind->frameBuf;
+ nFrameLength = frame_ind->frameLen;
+
+ /* Get pAdapter from Destination mac address of the frame */
+ if ((type == SIR_MAC_MGMT_FRAME) &&
+ (subType != SIR_MAC_MGMT_PROBE_REQ) &&
+ (frame_ind->frameLen > WLAN_HDD_80211_FRM_DA_OFFSET + VOS_MAC_ADDR_SIZE)
+ &&
+ !vos_is_macaddr_broadcast(
+ (v_MACADDR_t *)&pbFrames[WLAN_HDD_80211_FRM_DA_OFFSET]))
+ {
+ adapter = hdd_get_adapter_by_macaddr(hdd_ctx,
+ &pbFrames[WLAN_HDD_80211_FRM_DA_OFFSET]);
+ if (NULL == adapter)
+ {
+ /* Under assumtion that we don't receive any action frame
+ * with BCST as destination we dropping action frame
+ */
+ hddLog(VOS_TRACE_LEVEL_FATAL,"pAdapter for action frame is NULL Macaddr = "
+ MAC_ADDRESS_STR ,
+ MAC_ADDR_ARRAY(&pbFrames[WLAN_HDD_80211_FRM_DA_OFFSET]));
+ hddLog(VOS_TRACE_LEVEL_FATAL, "%s: Frame Type = %d Frame Length = %d"
+ " subType = %d",__func__,frame_ind->frameType,nFrameLength,subType);
+ return;
+ }
+ }
+
+ if (adapter == NULL)
+ adapter = hdd_get_adapter_by_sme_session_id(hdd_ctx,
frame_ind->sessionId);
if ((NULL != adapter) &&
diff --git a/CORE/HDD/src/wlan_hdd_p2p.c b/CORE/HDD/src/wlan_hdd_p2p.c
index b0f5f00..b30046f 100644
--- a/CORE/HDD/src/wlan_hdd_p2p.c
+++ b/CORE/HDD/src/wlan_hdd_p2p.c
@@ -253,13 +253,11 @@
)
{
tANI_U8 sessionId = pAdapter->sessionId;
- if( REMAIN_ON_CHANNEL_REQUEST == req_type )
- {
+ wlan_hdd_cfg80211_deregister_frames(pAdapter);
sme_DeregisterMgmtFrame(
hHal, sessionId,
(SIR_MAC_MGMT_FRAME << 2) | ( SIR_MAC_MGMT_PROBE_REQ << 4),
NULL, 0 );
- }
}
else if (WLAN_HDD_P2P_GO == pAdapter->device_mode)
{
@@ -661,8 +659,6 @@
return -EINVAL;
}
- if( REMAIN_ON_CHANNEL_REQUEST == request_type)
- {
if( eHAL_STATUS_SUCCESS != sme_RegisterMgmtFrame(
WLAN_HDD_GET_HAL_CTX(pAdapter),
sessionId, (SIR_MAC_MGMT_FRAME << 2) |
@@ -670,7 +666,7 @@
{
hddLog(VOS_TRACE_LEVEL_ERROR, "sme_RegisterMgmtFrame returned fail");
}
- }
+ wlan_hdd_cfg80211_register_frames(pAdapter);
}
else if (WLAN_HDD_P2P_GO == pAdapter->device_mode)
@@ -2814,32 +2810,6 @@
return;
}
- type = WLAN_HDD_GET_TYPE_FRM_FC(pbFrames[0]);
- subType = WLAN_HDD_GET_SUBTYPE_FRM_FC(pbFrames[0]);
-
- /* Get pAdapter from Destination mac address of the frame */
- if ((type == SIR_MAC_MGMT_FRAME) &&
- (subType != SIR_MAC_MGMT_PROBE_REQ) &&
- (nFrameLength > WLAN_HDD_80211_FRM_DA_OFFSET + VOS_MAC_ADDR_SIZE) &&
- !vos_is_macaddr_broadcast(
- (v_MACADDR_t *)&pbFrames[WLAN_HDD_80211_FRM_DA_OFFSET]))
- {
- pAdapter = hdd_get_adapter_by_macaddr( WLAN_HDD_GET_CTX(pAdapter),
- &pbFrames[WLAN_HDD_80211_FRM_DA_OFFSET]);
- if (NULL == pAdapter)
- {
- /* Under assumtion that we don't receive any action frame
- * with BCST as destination we dropping action frame
- */
- hddLog(VOS_TRACE_LEVEL_FATAL,"pAdapter for action frame is NULL Macaddr = "
- MAC_ADDRESS_STR ,
- MAC_ADDR_ARRAY(&pbFrames[WLAN_HDD_80211_FRM_DA_OFFSET]));
- hddLog(VOS_TRACE_LEVEL_FATAL, "%s: Frame Type = %d Frame Length = %d"
- " subType = %d",__func__,frameType,nFrameLength,subType);
- return;
- }
- }
-
if (NULL == pAdapter->dev)
{
diff --git a/CORE/HDD/src/wlan_hdd_tdls.c b/CORE/HDD/src/wlan_hdd_tdls.c
index 13da124..b804968 100644
--- a/CORE/HDD/src/wlan_hdd_tdls.c
+++ b/CORE/HDD/src/wlan_hdd_tdls.c
@@ -1382,6 +1382,8 @@
vos_mem_zero(peer, sizeof(hddTdlsPeer_t));
vos_mem_copy(peer->peerMac, mac, sizeof(peer->peerMac));
+ if (pHddCtx->cfg_ini->fTDLSExternalControl)
+ peer->isForcedPeer = 1;
peer->pHddTdlsCtx = pHddTdlsCtx;
list_add_tail(&peer->node, head);
diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
index 1bb4e18..82d7336 100644
--- a/CORE/HDD/src/wlan_hdd_wext.c
+++ b/CORE/HDD/src/wlan_hdd_wext.c
@@ -2367,6 +2367,8 @@
memcpy( pWextState->WPARSNIE, genie - 2, (eLen + 2));
pWextState->roamProfile.pRSNReqIE = pWextState->WPARSNIE;
pWextState->roamProfile.nRSNReqIELength = eLen + 2;
+ wlan_hdd_mask_unsupported_rsn_caps(pWextState->WPARSNIE + 2,
+ eLen);
break;
default:
diff --git a/CORE/HDD/src/wlan_hdd_wmm.c b/CORE/HDD/src/wlan_hdd_wmm.c
index fbb2c32..62cc55a 100644
--- a/CORE/HDD/src/wlan_hdd_wmm.c
+++ b/CORE/HDD/src/wlan_hdd_wmm.c
@@ -1718,6 +1718,8 @@
hddWmmDscpToUpMap[24] = SME_QOS_WMM_UP_EE;
hddWmmDscpToUpMap[32] = SME_QOS_WMM_UP_CL;
hddWmmDscpToUpMap[40] = SME_QOS_WMM_UP_VI;
+/* Special case for Expedited Forwarding (DSCP 46) in default mapping */
+ hddWmmDscpToUpMap[46] = SME_QOS_WMM_UP_VO;
hddWmmDscpToUpMap[48] = SME_QOS_WMM_UP_VO;
hddWmmDscpToUpMap[56] = SME_QOS_WMM_UP_NC;
return VOS_STATUS_SUCCESS;
diff --git a/CORE/MAC/inc/wniCfg.h b/CORE/MAC/inc/wniCfg.h
index 0666539..527035c 100644
--- a/CORE/MAC/inc/wniCfg.h
+++ b/CORE/MAC/inc/wniCfg.h
@@ -1199,7 +1199,7 @@
#define WNI_CFG_VHT_TXSTBC_STAMIN 0
#define WNI_CFG_VHT_TXSTBC_STAMAX 1
-#define WNI_CFG_VHT_TXSTBC_STADEF 0
+#define WNI_CFG_VHT_TXSTBC_STADEF 1
#define WNI_CFG_VHT_RXSTBC_STAMIN 0
#define WNI_CFG_VHT_RXSTBC_STAMAX 1
diff --git a/CORE/MAC/src/pe/lim/limAssocUtils.c b/CORE/MAC/src/pe/lim/limAssocUtils.c
index b1ca2c0..6fcc024 100644
--- a/CORE/MAC/src/pe/lim/limAssocUtils.c
+++ b/CORE/MAC/src/pe/lim/limAssocUtils.c
@@ -3045,7 +3045,8 @@
{
pAddStaParams->greenFieldCapable = limGetHTCapability( pMac, eHT_GREENFIELD, psessionEntry);
pAddStaParams->txChannelWidthSet =
- pMac->roam.configParam.channelBondingMode5GHz;
+ pMac->roam.configParam.channelBondingMode5GHz ^
+ pMac->roam.configParam.channelBondingMode24GHz;
// pAddStaParams->txChannelWidthSet = limGetHTCapability( pMac, eHT_SUPPORTED_CHANNEL_WIDTH_SET, psessionEntry);
pAddStaParams->mimoPS = limGetHTCapability( pMac, eHT_MIMO_POWER_SAVE, psessionEntry );
pAddStaParams->rifsMode = limGetHTCapability( pMac, eHT_RIFS_MODE, psessionEntry );
diff --git a/CORE/MAC/src/pe/lim/limProcessMessageQueue.c b/CORE/MAC/src/pe/lim/limProcessMessageQueue.c
index 0972fa6..f04fd4f 100644
--- a/CORE/MAC/src/pe/lim/limProcessMessageQueue.c
+++ b/CORE/MAC/src/pe/lim/limProcessMessageQueue.c
@@ -674,10 +674,10 @@
pNext = NULL;
}
+ limLog( pMac, LOG1,
+ FL("rcvd frame match with registered frame params match %d fc.type %d fc.subType %d"), match, fc.type, fc.subType);
if (match)
{
- limLog( pMac, LOG1,
- FL("rcvd frame match with registered frame params"));
/* Indicate this to SME */
limSendSmeMgmtFrameInd( pMac, pLimMgmtRegistration->sessionId,
diff --git a/CORE/TL/src/wlan_qct_tl.c b/CORE/TL/src/wlan_qct_tl.c
index bc24d80..2b0584f 100644
--- a/CORE/TL/src/wlan_qct_tl.c
+++ b/CORE/TL/src/wlan_qct_tl.c
@@ -8928,6 +8928,7 @@
v_PVOID_t aucBDHeader;
v_U8_t ucTid;
WLANTL_RxMetaInfoType wRxMetaInfo;
+ v_U8_t ucAsf; /* AMSDU sub frame */
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*/
/*------------------------------------------------------------------------
@@ -8978,6 +8979,7 @@
usMPDULen = (v_U16_t)WDA_GET_RX_MPDU_LEN(aucBDHeader);
ucMPDUHLen = (v_U8_t)WDA_GET_RX_MPDU_HEADER_LEN(aucBDHeader);
ucTid = (v_U8_t)WDA_GET_RX_TID(aucBDHeader);
+ ucAsf = (v_U8_t)WDA_GET_RX_ASF(aucBDHeader);
vos_pkt_get_packet_length( vosDataBuff, &usPktLen);
@@ -8995,6 +8997,14 @@
return VOS_STATUS_SUCCESS;
}
+ if (ucAsf) {
+ vos_pkt_return_packet(vosDataBuff);
+ *pvosDataBuff = NULL;
+ VOS_TRACE(VOS_MODULE_ID_TL, VOS_TRACE_LEVEL_ERROR,
+ "WLAN TL: AMSDU frames are not allowed while authentication - dropping");
+ return VOS_STATUS_SUCCESS;
+ }
+
vosStatus = WLANTL_GetEtherType(aucBDHeader,vosDataBuff,ucMPDUHLen,&usEtherType);
if( VOS_IS_STATUS_SUCCESS(vosStatus) )
diff --git a/CORE/TL/src/wlan_qct_tl_ba.c b/CORE/TL/src/wlan_qct_tl_ba.c
index f65ed03..e8c7565 100644
--- a/CORE/TL/src/wlan_qct_tl_ba.c
+++ b/CORE/TL/src/wlan_qct_tl_ba.c
@@ -844,6 +844,9 @@
v_U16_t packetLength;
static v_U32_t numAMSDUFrames;
vos_pkt_t* vosDataBuff;
+ uint8_t llc_hdr[6] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
+ uint8_t broadcast_addr[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*/
/*------------------------------------------------------------------------
Sanity check
@@ -922,6 +925,7 @@
pClientSTA->ucMPDUHeaderLen = ucMPDUHLen;
vos_mem_copy(pClientSTA->aucMPDUHeader, MPDUHeaderAMSDUHeader, ucMPDUHLen);
/* AMSDU header stored to handle garbage data within next frame */
+ pClientSTA->drop_amsdu = false;
}
else
{
@@ -959,6 +963,28 @@
return VOS_STATUS_SUCCESS; /*Not a transport error*/
}
+ if (pClientSTA->drop_amsdu) {
+ vos_pkt_return_packet(vosDataBuff);
+ *ppVosDataBuff = NULL;
+ return VOS_STATUS_SUCCESS;
+ }
+
+ /**
+ * Set drop_amsdu flag and drop AMSDU subframe if
+ * 1. AMSDU subframe header's DA is equal to LLC header or
+ * 2. AMPDU header's DA is a broadcast address
+ */
+ if ((vos_mem_compare2(MPDUHeaderAMSDUHeader + ucMPDUHLen,
+ llc_hdr, 6) == 0) ||
+ (vos_mem_compare2(MPDUHeaderAMSDUHeader + 4, broadcast_addr, 6) == 0)) {
+ pClientSTA->drop_amsdu = true;
+ vos_pkt_return_packet(vosDataBuff);
+ *ppVosDataBuff = NULL;
+ VOS_TRACE(VOS_MODULE_ID_TL, VOS_TRACE_LEVEL_ERROR,
+ "WLAN TL:Invalid AMSDU frame - dropping");
+ return VOS_STATUS_SUCCESS;
+ }
+
/* Find Padding and remove */
vos_mem_copy(&subFrameLength, MPDUHeaderAMSDUHeader + ucMPDUHLen + WLANTL_AMSDU_SUBFRAME_LEN_OFFSET, sizeof(v_U16_t));
subFrameLength = vos_be16_to_cpu(subFrameLength);
diff --git a/CORE/TL/src/wlan_qct_tli.h b/CORE/TL/src/wlan_qct_tli.h
index 868e745..e97e38c 100644
--- a/CORE/TL/src/wlan_qct_tli.h
+++ b/CORE/TL/src/wlan_qct_tli.h
@@ -603,6 +603,9 @@
/* Pointer to the root of the chain */
vos_pkt_t* vosAMSDUChain;
+ /* Drop any invalid amsdu */
+ bool drop_amsdu;
+
/* Used for saving/restoring frame header for 802.3/11 AMSDU sub-frames */
v_U8_t aucMPDUHeader[WLANTL_MPDU_HEADER_LEN];