Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 156109 Details for
Bug 240354
Broadcom Corporation BCM4306 gets ASSERTION FAILED error
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
jwltest-ieee80211-2_6_21-cherrypick.patch
jwltest-ieee80211-2_6_21-cherrypick.patch (text/plain), 68.50 KB, created by
John W. Linville
on 2007-06-04 18:36:52 UTC
(
hide
)
Description:
jwltest-ieee80211-2_6_21-cherrypick.patch
Filename:
MIME Type:
Creator:
John W. Linville
Created:
2007-06-04 18:36:52 UTC
Size:
68.50 KB
patch
obsolete
>commit d8e2be90d301a0381e9b2528fe2835cf2992bca3 >Author: Daniel Drake <dsd@gentoo.org> >Date: Tue Jul 18 21:30:34 2006 +0100 > > [PATCH] ieee80211: small ERP handling additions > > This adds a flag to the ieee80211_network structure which indicates whether > the stored erp_value is valid (a check against 0 is not enough, since an ERP > of 0 is valid and very meaningful). > > I also added the ERP IE bit-definitions to ieee80211.h. > > This is needed by some upcoming softmac patches. > > Signed-off-by: Daniel Drake <dsd@gentoo.org> > Acked-by: Johannes Berg <johannes@sipsolutions.net> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 5acd0c4153be25269d7cb9a4b09fd6db571c5cc1 >Author: Daniel Drake <dsd@gentoo.org> >Date: Tue Jul 18 21:33:27 2006 +0100 > > [PATCH] softmac: ERP handling and driver-level notifications > > This patch implements ERP handling in softmac so that the drivers can support > protection and preambles properly. > > I added a new struct, ieee80211softmac_bss_info, which is used for > BSS-dependent variables like these. > > A new hook has been added (bssinfo_change), which allows the drivers to be > notified when anything in bssinfo changes. > > I modified the txrates_change API to match the bssinfo_change API. The > existing one is a little messy and the usefulness of providing the old rates > is questionable (and can be implemented at driver level if really necessary). > No drivers are using this API (yet), so this should be safe. > > Signed-off-by: Daniel Drake <dsd@gentoo.org> > Acked-by: Johannes Berg <johannes@sipsolutions.net> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 65b6a2775102cd81e57158ef4b1cb89641f76cfd >Author: Zhu Yi <yi.zhu@intel.com> >Date: Mon Aug 21 11:32:31 2006 +0800 > > [PATCH] ieee80211: Fix header->qos_ctl endian issue > > Signed-off-by: Jackie Wu <jackie.wu@intel.com> > Signed-off-by: Zhu Yi <yi.zhu@intel.com> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 051562f7e980b53f7bc6529f2e55b68e20f5d0e6 >Author: Zhu Yi <yi.zhu@intel.com> >Date: Mon Aug 21 11:32:47 2006 +0800 > > [PATCH] ieee80211: remove ieee80211_tx() is_queue_full warning > > Signed-off-by: Zhu Yi <yi.zhu@intel.com> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit b4328d87ec5711543b818fea2e1cf64f09d326f1 >Author: Zhu Yi <yi.zhu@intel.com> >Date: Mon Aug 21 11:33:09 2006 +0800 > > [PATCH] ieee80211: TKIP and CCMP replay check rework > > Signed-off-by: Hong Liu <hong.liu@intel.com> > Signed-off-by: Zhu Yi <yi.zhu@intel.com> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 5a656949719bf8598ad1e93a56eb11e70a4c3208 >Author: Zhu Yi <yi.zhu@intel.com> >Date: Mon Aug 21 11:33:56 2006 +0800 > > [PATCH] ieee80211: Fix TKIP and WEP decryption error on SMP machines > > The IEEE80211 TKIP and WEP Tx and Rx paths use the same crypto_tfm to encrypt > and decrypt data. During the encrypt and decrypt process, both of them will > set a new key to crypto_tfm. If they happen on the same time, it will > corrupt the crypto_tfm. Thus users will receive an ICV error or Michael MIC > error. This only likely to happen on SMP box with heavy traffic both on Tx > and Rx. The patch use two sets of crypto_tfms to avoid this problem. > > Signed-off-by: Hong Liu <hong.liu@intel.com> > Signed-off-by: Zhu Yi <yi.zhu@intel.com> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit f09fc44d8c25f22c4d985bb93857338ed02feac6 >Author: Zhu Yi <yi.zhu@intel.com> >Date: Mon Aug 21 11:34:19 2006 +0800 > > [PATCH] ieee80211: Workaround malformed 802.11 frames from AP > > Stop processing further but return success when we receive a malformed > packet from the AP. We need this patch to workaround some AP bugs. For > example, the beacon frames from the Orinoco AP1000 contains an IE (value > = 128) with length equals to 8 but the actual frame length is only 7. > > Signed-off-by: Zhu Yi <yi.zhu@intel.com> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 7c28ad2d83ecc637237fe684659a6afbce0bb2a8 >Author: Michael Buesch <mb@bu3sch.de> >Date: Wed Sep 27 15:26:33 2006 +0300 > > [PATCH] softmac: Fix WX and association related races > > This fixes some race conditions in the WirelessExtension > handling and association handling code. > > Signed-off-by: Michael Buesch <mb@bu3sch.de> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 6684e59aa3cf6cb7ebf04ea2953198500c93b0a9 >Author: Laurent Riffard <laurent.riffard@free.fr> >Date: Thu Oct 12 00:17:36 2006 +0200 > > [PATCH] sotftmac: fix a slab corruption in WEP restricted key association > > Fix a slab corruption in ieee80211softmac_auth(). The size of a buffer > was miscomputed. > > see http://bugzilla.kernel.org/show_bug.cgi?id=7245 > > Acked-by: Daniel Drake <dsd@gentoo.org> > Signed-off-by: Laurent Riffard <laurent.riffard@free.fr> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit aec41a0d02342fc9e3b6bb278eae50fa29f04d1f >Author: Jiri Benc <jbenc@suse.cz> >Date: Wed Oct 18 19:34:40 2006 +0200 > > [PATCH] ieee80211: don't flood log with errors > > The "ieee80211: Workaround malformed 802.11 frames from AP" patch (see > http://kernel.org/git/?p=linux/kernel/git/linville/wireless-2.6.git;a=commit;h=f09fc44d8c25f22c4d985bb93857338ed02feac6 ) > fixes the problem with some buggy APs but also converts debug message into > an error one. This floods the log with errors when you are near such AP (you > get a message for every beacon). This patch reverts the error message back > to the debug one. > > Signed-off-by: Jiri Benc <jbenc@suse.cz> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit efa53ebe0d2f50bf342eb1976824f59bba9941eb >Author: Zhu Yi <yi.zhu@intel.com> >Date: Mon Nov 13 11:32:50 2006 +0800 > > [PATCH] ieee80211: Fix kernel panic when QoS is enabled > > The 802.11 header length is affected by the wireless mode (WDS or not) and > type (QoS or not). We should use the variable hdr_len instead of the > hard coded IEEE80211_3ADDR_LEN, otherwise we may touch invalid memory. > > Signed-off-by: Zhu Yi <yi.zhu@intel.com> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit a3df3b6f2e37474cdb8b56d55d31be41c22f9b18 >Author: Michael Buesch <mb@bu3sch.de> >Date: Mon Nov 27 14:37:21 2006 -0600 > > [PATCH] softmac: remove netif_tx_disable when scanning > > In the scan section of ieee80211softmac, network transmits are > disabled. When SoftMAC re-enables transmits, it may override the > wishes of a driver that may have very good reasons for disabling > transmits. At least one failure in bcm43xx can be traced to this > problem. In addition, several unexplained problems may arise from > the unexpected enabling of transmits. Note that making this change > introduces a new bug that would allow transmits for the current session > to be transmitted on the wrong channel; however, the new bug is much > less severe than the one being fixed, as the new one only leads to > a few retransmits, whereas the old one can bring the interface down. > > A fix that will not introduce new bugs is being investigated; however, > the current, more serious one should be fixed now. > > Signed-off-by: Michael Buesch <mb@bu3sch.de> > Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 42a4cf9576f036db69e15fa6b4e72986e17f0359 >Author: matthieu castet <castet.matthieu@free.fr> >Date: Thu Sep 28 19:57:25 2006 +0200 > > [PATCH] ieee80211: allow mtu bigger than 1500 > > Hi > > this patch allow to set the mtu between 1500 and 2304 (max octets in an > MSDU) for devices using ieee80211 linux stack. > > Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 837925df022a667c302b24aad9d6a58f94efd959 >Author: Larry Finger <Larry.Finger@lwfinger.net> >Date: Tue Oct 3 18:49:32 2006 -0500 > > [PATCH] ieee80211: Drop and count duplicate data frames to remove 'replay detected' log messages > > In the SoftMAC version of the IEEE 802.11 stack, not all duplicate messages are > detected. For the most part, there is no difficulty; however for TKIP and CCMP > encryption, the duplicates result in a "replay detected" log message where the > received and previous values of the TSC are identical. This change adds a new > variable to the ieee80211_device structure that holds the 'seq_ctl' value for > the previous frame. When a new frame repeats the value, the frame is dropped and > the appropriate counter is incremented. > > Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 5398d5901dcb677d24d839d3feac7209e250b161 >Author: Larry Finger <Larry.Finger@lwfinger.net> >Date: Sat Nov 4 13:29:50 2006 -0600 > > [PATCH] ieee80211softmac: fix verbosity when debug disabled > > SoftMAC contains a number of debug-type messages that continue to print > even when debugging is turned off. This patch substitutes dprintkl for > printkl for those lines. > > Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> > Acked-by: Johannes Berg <johannes@sipsolutions.net> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 571d6eee9b5bce28fcbeb7588890ad5ca3f8c718 >Author: Arnaldo Carvalho de Melo <acme@mandriva.com> >Date: Tue Nov 21 01:26:49 2006 -0200 > > [PATCH] Check ieee80211softmac_auth_resp kmalloc result > > And use kmemdup and kzalloc where applicable > > Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 718cc4ca2bfb3263c7ea3ceba9c194f9cd7292e2 >Author: Daniel Drake <dsd@gentoo.org> >Date: Wed Nov 22 03:15:46 2006 +0000 > > [PATCH] ieee80211: Provide generic get_stats implementation > > bcm43xx and ipw2100 currently duplicate the same simplistic get_stats > handler. Additionally, zd1211rw requires the same handler to fix a > bug where all stats are reported as 0. > > This patch adds a generic implementation to the ieee80211 layer, > which drivers are free to override. > > Signed-off-by: Daniel Drake <dsd@gentoo.org> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 38e3a6466f369944a2a1ec9aee9a9e472689d0a9 >Author: Larry Finger <Larry.Finger@lwfinger.net> >Date: Sat Nov 25 18:30:03 2006 -0600 > > [PATCH] softmac: reduce scan debug output > > When scanning in debug mode, softmac is very chatty in that it puts > 3 lines in the logs for each time it scans. This patch has only one > line containing all the information previously reported. > > Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 2b50c24554d31c2db2f93b1151b5991e62f96594 >Author: Ulrich Kunitz <kune@deine-taler.de> >Date: Sun Dec 3 16:32:00 2006 +0100 > > [PATCH] softmac: Fixed handling of deassociation from AP > > In 2.6.19 a deauthentication from the AP doesn't start a > reassociation by the softmac code. It appears that > mac->associnfo.associating must be set and the > ieee80211softmac_assoc_work function must be scheduled. This patch > fixes that. > > Signed-off-by: Ulrich Kunitz <kune@deine-taler.de> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit cc8ce997d2a4e524b1acea44beaf5bcfefdb1bfe >Author: Maxime Austruy <maxime@tralhalla.org> >Date: Sun Dec 3 10:40:01 2006 -0600 > > [PATCH] softmac: fix unbalanced mutex_lock/unlock in ieee80211softmac_wx_set_mlme > > Routine ieee80211softmac_wx_set_mlme has one return that fails > to release a mutex acquired at entry. > > Signed-off-by: Maxime Austruy <maxime@tralhalla.org> > Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 0c234ae655a45ac3ee53a25b2e56e9bb6c27d71d >Author: Ulrich Kunitz <kune@deine-taler.de> >Date: Sun Dec 10 18:27:01 2006 +0100 > > [PATCH] ieee80211softmac: Fix mutex_lock at exit of ieee80211_softmac_get_genie > > ieee80211softmac_wx_get_genie locks the associnfo mutex at > function exit. This patch fixes it. The patch is against Linus' > tree (commit af1713e0). > > Signed-off-by: Ulrich Kunitz <kune@deine-taler.de> > Signed-off-by: Michael Buesch <mb@bu3sch.de> > Acked-by: Johannes Berg <johannes@sipsolutions.net> > Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> > Signed-off-by: Andrew Morton <akpm@osdl.org> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 6bbdce5ac755e3b3cdcf9bb9fdbcc2af78ad34d0 >Author: John W. Linville <linville@tuxdriver.com> >Date: Tue Jan 2 21:22:05 2007 -0500 > > [PATCH] softmac: avoid assert in ieee80211softmac_wx_get_rate > > Unconfigured bcm43xx device can hit an assert() during wx_get_rate > queries. This is because bcm43xx calls ieee80211softmac_start late > (i.e. during open instead of probe). > > bcm43xx_net_open -> > bcm43xx_init_board -> > bcm43xx_select_wireless_core -> > ieee80211softmac_start > > Fix is to check that device is running before completing > ieee80211softmac_wx_get_rate. > > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit 46b8c85e1df091fe2d53ae7d02addb0dc58a9123 >Author: Larry Finger <Larry.Finger@lwfinger.net> >Date: Wed Jan 31 18:50:19 2007 -0600 > > [PATCH] ieee80211: Fix sparse warning > > Sparse issues the warning "warning: symbol 'crypt' shadows an earlier one" > in net/ieee80211/ieee80211_tx.c. > > Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >commit bb52a653eaef4aee877b2fa36de8699926f788bd >Author: Larry Finger <Larry.Finger@lwfinger.net> >Date: Tue Feb 13 18:58:03 2007 -0600 > > [PATCH] ieee80211softmac: Fix setting of initial transmit rates > > There is a bug in ieee80211softmac that always sets the user rate > to 11Mbs, no matter the capabilities of the device. This bug was > probably beneficial as long as the bcm43xx cards were rate limited; > however, most are now capable of relatively high speeds. This patch > fixes that bug and eliminates an assert that is no longer needed. > > Once the cards are capable of full OFDM speeds, the 24 Mbs rate will > be changed to 54 Mbs. > > Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> > Signed-off-by: John W. Linville <linville@tuxdriver.com> > >--- linux-2.6.18.noarch/include/net/ieee80211.h.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/include/net/ieee80211.h 2007-05-16 15:32:18.000000000 -0400 >@@ -240,6 +240,11 @@ struct ieee80211_snap_hdr { > #define WLAN_CAPABILITY_SHORT_SLOT_TIME (1<<10) > #define WLAN_CAPABILITY_DSSS_OFDM (1<<13) > >+/* 802.11g ERP information element */ >+#define WLAN_ERP_NON_ERP_PRESENT (1<<0) >+#define WLAN_ERP_USE_PROTECTION (1<<1) >+#define WLAN_ERP_BARKER_PREAMBLE (1<<2) >+ > /* Status codes */ > enum ieee80211_statuscode { > WLAN_STATUS_SUCCESS = 0, >@@ -747,6 +752,8 @@ struct ieee80211_txb { > #define NETWORK_HAS_IBSS_DFS (1<<8) > #define NETWORK_HAS_TPC_REPORT (1<<9) > >+#define NETWORK_HAS_ERP_VALUE (1<<10) >+ > #define QOS_QUEUE_NUM 4 > #define QOS_OUI_LEN 3 > #define QOS_OUI_TYPE 2 >@@ -1069,6 +1076,8 @@ struct ieee80211_device { > int perfect_rssi; > int worst_rssi; > >+ u16 prev_seq_ctl; /* used to drop duplicate frames */ >+ > /* Callback functions */ > void (*set_security) (struct net_device * dev, > struct ieee80211_security * sec); >--- linux-2.6.18.noarch/include/net/ieee80211softmac.h.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/include/net/ieee80211softmac.h 2007-05-16 15:32:18.000000000 -0400 >@@ -63,13 +63,11 @@ struct ieee80211softmac_wpa { > > /* > * Information about association >- * >- * Do we need a lock for this? >- * We only ever use this structure inlined >- * into our global struct. I've used its lock, >- * but maybe we need a local one here? > */ > struct ieee80211softmac_assoc_info { >+ >+ struct mutex mutex; >+ > /* > * This is the requested ESSID. It is written > * only by the WX handlers. >@@ -86,9 +84,6 @@ struct ieee80211softmac_assoc_info { > > /* BSSID we're trying to associate to */ > char bssid[ETH_ALEN]; >- >- /* Rates supported by the network */ >- struct ieee80211softmac_ratesinfo supported_rates; > > /* some flags. > * static_essid is valid if the essid is constant, >@@ -102,11 +97,13 @@ struct ieee80211softmac_assoc_info { > * > * bssfixed is used for SIOCSIWAP. > */ >- u8 static_essid:1, >- associating:1, >- assoc_wait:1, >- bssvalid:1, >- bssfixed:1; >+ u8 static_essid; >+ u8 short_preamble_available; >+ u8 associating; >+ u8 associated; >+ u8 assoc_wait; >+ u8 bssvalid; >+ u8 bssfixed; > > /* Scan retries remaining */ > int scan_retry; >@@ -115,6 +112,19 @@ struct ieee80211softmac_assoc_info { > struct work_struct timeout; > }; > >+struct ieee80211softmac_bss_info { >+ /* Rates supported by the network */ >+ struct ieee80211softmac_ratesinfo supported_rates; >+ >+ /* This indicates whether frames can currently be transmitted with >+ * short preamble (only use this variable during TX at CCK rates) */ >+ u8 short_preamble:1; >+ >+ /* This indicates whether protection (e.g. self-CTS) should be used >+ * when transmitting with OFDM modulation */ >+ u8 use_protection:1; >+}; >+ > enum { > IEEE80211SOFTMAC_AUTH_OPEN_REQUEST = 1, > IEEE80211SOFTMAC_AUTH_OPEN_RESPONSE = 2, >@@ -157,6 +167,10 @@ struct ieee80211softmac_txrates { > #define IEEE80211SOFTMAC_TXRATECHG_MCAST (1 << 2) /* mcast_rate */ > #define IEEE80211SOFTMAC_TXRATECHG_MGT_MCAST (1 << 3) /* mgt_mcast_rate */ > >+#define IEEE80211SOFTMAC_BSSINFOCHG_RATES (1 << 0) /* supported_rates */ >+#define IEEE80211SOFTMAC_BSSINFOCHG_SHORT_PREAMBLE (1 << 1) /* short_preamble */ >+#define IEEE80211SOFTMAC_BSSINFOCHG_PROTECTION (1 << 2) /* use_protection */ >+ > struct ieee80211softmac_device { > /* 802.11 structure for data stuff */ > struct ieee80211_device *ieee; >@@ -200,22 +214,27 @@ struct ieee80211softmac_device { > * The driver just needs to read them. > */ > struct ieee80211softmac_txrates txrates; >- /* If the driver needs to do stuff on TX rate changes, assign this callback. */ >+ >+ /* If the driver needs to do stuff on TX rate changes, assign this >+ * callback. See IEEE80211SOFTMAC_TXRATECHG for change flags. */ > void (*txrates_change)(struct net_device *dev, >- u32 changes, /* see IEEE80211SOFTMAC_TXRATECHG flags */ >- const struct ieee80211softmac_txrates *rates_before_change); >+ u32 changes); >+ >+ /* If the driver needs to do stuff when BSS properties change, assign >+ * this callback. see IEEE80211SOFTMAC_BSSINFOCHG for change flags. */ >+ void (*bssinfo_change)(struct net_device *dev, >+ u32 changes); > > /* private stuff follows */ > /* this lock protects this structure */ > spinlock_t lock; >- >- /* couple of flags */ >- u8 scanning:1, /* protects scanning from being done multiple times at once */ >- associated:1, >- running:1; >- >+ >+ u8 running; /* SoftMAC started? */ >+ u8 scanning; >+ > struct ieee80211softmac_scaninfo *scaninfo; > struct ieee80211softmac_assoc_info associnfo; >+ struct ieee80211softmac_bss_info bssinfo; > > struct list_head auth_queue; > struct list_head events; >@@ -228,7 +247,7 @@ struct ieee80211softmac_device { > > /* we need to keep a list of network structs we copied */ > struct list_head network_list; >- >+ > /* This must be the last item so that it points to the data > * allocated beyond this structure by alloc_ieee80211 */ > u8 priv[0]; >@@ -265,7 +284,7 @@ static inline u8 ieee80211softmac_sugges > { > struct ieee80211softmac_txrates *txrates = &mac->txrates; > >- if (!mac->associated) >+ if (!mac->associnfo.associated) > return txrates->mgt_mcast_rate; > > /* We are associated, sending unicast frame */ >@@ -279,6 +298,24 @@ static inline u8 ieee80211softmac_sugges > return txrates->mcast_rate; > } > >+/* Helper function which advises you when it is safe to transmit with short >+ * preamble. >+ * You should only call this function when transmitting at CCK rates. */ >+static inline int ieee80211softmac_short_preamble_ok(struct ieee80211softmac_device *mac, >+ int is_multicast, >+ int is_mgt) >+{ >+ return (is_multicast && is_mgt) ? 0 : mac->bssinfo.short_preamble; >+} >+ >+/* Helper function which advises you whether protection (e.g. self-CTS) is >+ * needed. 1 = protection needed, 0 = no protection needed >+ * Only use this function when transmitting with OFDM modulation. */ >+static inline int ieee80211softmac_protection_needed(struct ieee80211softmac_device *mac) >+{ >+ return mac->bssinfo.use_protection; >+} >+ > /* Start the SoftMAC. Call this after you initialized the device > * and it is ready to run. > */ >--- linux-2.6.18.noarch/net/ieee80211/ieee80211_crypt_wep.c.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/net/ieee80211/ieee80211_crypt_wep.c 2007-05-16 15:32:18.000000000 -0400 >@@ -32,7 +32,8 @@ struct prism2_wep_data { > u8 key[WEP_KEY_LEN + 1]; > u8 key_len; > u8 key_idx; >- struct crypto_tfm *tfm; >+ struct crypto_tfm *tx_tfm; >+ struct crypto_tfm *rx_tfm; > }; > > static void *prism2_wep_init(int keyidx) >@@ -44,13 +45,19 @@ static void *prism2_wep_init(int keyidx) > goto fail; > priv->key_idx = keyidx; > >- priv->tfm = crypto_alloc_tfm("arc4", 0); >- if (priv->tfm == NULL) { >+ priv->tx_tfm = crypto_alloc_tfm("arc4", 0); >+ if (priv->tx_tfm == NULL) { > printk(KERN_DEBUG "ieee80211_crypt_wep: could not allocate " > "crypto API arc4\n"); > goto fail; > } > >+ priv->rx_tfm = crypto_alloc_tfm("arc4", 0); >+ if (priv->rx_tfm == NULL) { >+ printk(KERN_DEBUG "ieee80211_crypt_wep: could not allocate " >+ "crypto API arc4\n"); >+ goto fail; >+ } > /* start WEP IV from a random value */ > get_random_bytes(&priv->iv, 4); > >@@ -58,8 +65,10 @@ static void *prism2_wep_init(int keyidx) > > fail: > if (priv) { >- if (priv->tfm) >- crypto_free_tfm(priv->tfm); >+ if (priv->tx_tfm) >+ crypto_free_tfm(priv->tx_tfm); >+ if (priv->rx_tfm) >+ crypto_free_tfm(priv->rx_tfm); > kfree(priv); > } > return NULL; >@@ -68,8 +77,12 @@ static void *prism2_wep_init(int keyidx) > static void prism2_wep_deinit(void *priv) > { > struct prism2_wep_data *_priv = priv; >- if (_priv && _priv->tfm) >- crypto_free_tfm(_priv->tfm); >+ if (_priv) { >+ if (_priv->tx_tfm) >+ crypto_free_tfm(_priv->tx_tfm); >+ if (_priv->rx_tfm) >+ crypto_free_tfm(_priv->rx_tfm); >+ } > kfree(priv); > } > >@@ -151,11 +164,11 @@ static int prism2_wep_encrypt(struct sk_ > icv[2] = crc >> 16; > icv[3] = crc >> 24; > >- crypto_cipher_setkey(wep->tfm, key, klen); >+ crypto_cipher_setkey(wep->tx_tfm, key, klen); > sg.page = virt_to_page(pos); > sg.offset = offset_in_page(pos); > sg.length = len + 4; >- crypto_cipher_encrypt(wep->tfm, &sg, &sg, len + 4); >+ crypto_cipher_encrypt(wep->tx_tfm, &sg, &sg, len + 4); > > return 0; > } >@@ -194,11 +207,11 @@ static int prism2_wep_decrypt(struct sk_ > /* Apply RC4 to data and compute CRC32 over decrypted data */ > plen = skb->len - hdr_len - 8; > >- crypto_cipher_setkey(wep->tfm, key, klen); >+ crypto_cipher_setkey(wep->rx_tfm, key, klen); > sg.page = virt_to_page(pos); > sg.offset = offset_in_page(pos); > sg.length = plen + 4; >- crypto_cipher_decrypt(wep->tfm, &sg, &sg, plen + 4); >+ crypto_cipher_decrypt(wep->rx_tfm, &sg, &sg, plen + 4); > > crc = ~crc32_le(~0, pos, plen); > icv[0] = crc; >--- linux-2.6.18.noarch/net/ieee80211/ieee80211_module.c.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/net/ieee80211/ieee80211_module.c 2007-05-16 15:32:18.000000000 -0400 >@@ -67,7 +67,7 @@ static int ieee80211_networks_allocate(s > return 0; > > ieee->networks = >- kmalloc(MAX_NETWORK_COUNT * sizeof(struct ieee80211_network), >+ kzalloc(MAX_NETWORK_COUNT * sizeof(struct ieee80211_network), > GFP_KERNEL); > if (!ieee->networks) { > printk(KERN_WARNING "%s: Out of memory allocating beacons\n", >@@ -75,9 +75,6 @@ static int ieee80211_networks_allocate(s > return -ENOMEM; > } > >- memset(ieee->networks, 0, >- MAX_NETWORK_COUNT * sizeof(struct ieee80211_network)); >- > return 0; > } > >@@ -118,6 +115,21 @@ static void ieee80211_networks_initializ > &ieee->network_free_list); > } > >+static int ieee80211_change_mtu(struct net_device *dev, int new_mtu) >+{ >+ if ((new_mtu < 68) || (new_mtu > IEEE80211_DATA_LEN)) >+ return -EINVAL; >+ dev->mtu = new_mtu; >+ return 0; >+} >+ >+static struct net_device_stats *ieee80211_generic_get_stats( >+ struct net_device *dev) >+{ >+ struct ieee80211_device *ieee = netdev_priv(dev); >+ return &ieee->stats; >+} >+ > struct net_device *alloc_ieee80211(int sizeof_priv) > { > struct ieee80211_device *ieee; >@@ -133,6 +145,11 @@ struct net_device *alloc_ieee80211(int s > } > ieee = netdev_priv(dev); > dev->hard_start_xmit = ieee80211_xmit; >+ dev->change_mtu = ieee80211_change_mtu; >+ >+ /* Drivers are free to override this if the generic implementation >+ * does not meet their needs. */ >+ dev->get_stats = ieee80211_generic_get_stats; > > ieee->dev = dev; > >--- linux-2.6.18.noarch/net/ieee80211/softmac/ieee80211softmac_auth.c.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/net/ieee80211/softmac/ieee80211softmac_auth.c 2007-05-16 15:39:16.000000000 -0400 >@@ -158,7 +158,7 @@ ieee80211softmac_auth_resp(struct net_de > /* Make sure that we've got an auth queue item for this request */ > if(aq == NULL) > { >- printkl(KERN_DEBUG PFX "Authentication response received from "MAC_FMT" but no queue item exists.\n", MAC_ARG(auth->header.addr2)); >+ dprintkl(KERN_DEBUG PFX "Authentication response received from "MAC_FMT" but no queue item exists.\n", MAC_ARG(auth->header.addr2)); > /* Error #? */ > return -1; > } >@@ -166,7 +166,7 @@ ieee80211softmac_auth_resp(struct net_de > /* Check for out of order authentication */ > if(!net->authenticating) > { >- printkl(KERN_DEBUG PFX "Authentication response received from "MAC_FMT" but did not request authentication.\n",MAC_ARG(auth->header.addr2)); >+ dprintkl(KERN_DEBUG PFX "Authentication response received from "MAC_FMT" but did not request authentication.\n",MAC_ARG(auth->header.addr2)); > return -1; > } > >@@ -216,10 +216,17 @@ ieee80211softmac_auth_resp(struct net_de > net->challenge_len = *data++; > if (net->challenge_len > WLAN_AUTH_CHALLENGE_LEN) > net->challenge_len = WLAN_AUTH_CHALLENGE_LEN; >- if (net->challenge != NULL) >- kfree(net->challenge); >- net->challenge = kmalloc(net->challenge_len, GFP_ATOMIC); >+ kfree(net->challenge); >+ net->challenge = kmalloc(net->challenge_len, >+ GFP_ATOMIC); > memcpy(net->challenge, data, net->challenge_len); >+ if (net->challenge == NULL) { >+ printkl(KERN_NOTICE PFX "Shared Key " >+ "Authentication failed due to " >+ "memory shortage.\n"); >+ spin_unlock_irqrestore(&mac->lock, flags); >+ break; >+ } > aq->state = IEEE80211SOFTMAC_AUTH_SHARED_RESPONSE; > > /* We reuse the work struct from the auth request here. >@@ -328,6 +335,8 @@ ieee80211softmac_deauth_from_net(struct > /* can't transmit data right now... */ > netif_carrier_off(mac->dev); > spin_unlock_irqrestore(&mac->lock, flags); >+ >+ ieee80211softmac_try_reassoc(mac); > } > > /* >@@ -342,7 +351,7 @@ ieee80211softmac_deauth_req(struct ieee8 > /* Make sure the network is authenticated */ > if (!net->authenticated) > { >- printkl(KERN_DEBUG PFX "Can't send deauthentication packet, network is not authenticated.\n"); >+ dprintkl(KERN_DEBUG PFX "Can't send deauthentication packet, network is not authenticated.\n"); > /* Error okay? */ > return -EPERM; > } >@@ -376,7 +385,7 @@ ieee80211softmac_deauth_resp(struct net_ > net = ieee80211softmac_get_network_by_bssid(mac, deauth->header.addr2); > > if (net == NULL) { >- printkl(KERN_DEBUG PFX "Received deauthentication packet from "MAC_FMT", but that network is unknown.\n", >+ dprintkl(KERN_DEBUG PFX "Received deauthentication packet from "MAC_FMT", but that network is unknown.\n", > MAC_ARG(deauth->header.addr2)); > return 0; > } >@@ -384,7 +393,7 @@ ieee80211softmac_deauth_resp(struct net_ > /* Make sure the network is authenticated */ > if(!net->authenticated) > { >- printkl(KERN_DEBUG PFX "Can't perform deauthentication, network is not authenticated.\n"); >+ dprintkl(KERN_DEBUG PFX "Can't perform deauthentication, network is not authenticated.\n"); > /* Error okay? */ > return -EPERM; > } >--- linux-2.6.18.noarch/net/ieee80211/softmac/ieee80211softmac_module.c.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/net/ieee80211/softmac/ieee80211softmac_module.c 2007-05-16 15:32:18.000000000 -0400 >@@ -44,6 +44,7 @@ struct net_device *alloc_ieee80211softma > softmac->ieee->handle_assoc_response = ieee80211softmac_handle_assoc_response; > softmac->ieee->handle_reassoc_request = ieee80211softmac_handle_reassoc_req; > softmac->ieee->handle_disassoc = ieee80211softmac_handle_disassoc; >+ softmac->ieee->handle_beacon = ieee80211softmac_handle_beacon; > softmac->scaninfo = NULL; > > softmac->associnfo.scan_retry = IEEE80211SOFTMAC_ASSOC_SCAN_RETRY_LIMIT; >@@ -56,6 +57,7 @@ struct net_device *alloc_ieee80211softma > INIT_LIST_HEAD(&softmac->network_list); > INIT_LIST_HEAD(&softmac->events); > >+ mutex_init(&softmac->associnfo.mutex); > INIT_WORK(&softmac->associnfo.work, ieee80211softmac_assoc_work, softmac); > INIT_WORK(&softmac->associnfo.timeout, ieee80211softmac_assoc_timeout, softmac); > softmac->start_scan = ieee80211softmac_start_scan_implementation; >@@ -209,35 +211,59 @@ static u8 highest_supported_rate(struct > return user_rate; > } > >+void ieee80211softmac_process_erp(struct ieee80211softmac_device *mac, >+ u8 erp_value) >+{ >+ int use_protection; >+ int short_preamble; >+ u32 changes = 0; >+ >+ /* Barker preamble mode */ >+ short_preamble = ((erp_value & WLAN_ERP_BARKER_PREAMBLE) == 0 >+ && mac->associnfo.short_preamble_available) ? 1 : 0; >+ >+ /* Protection needed? */ >+ use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0; >+ >+ if (mac->bssinfo.short_preamble != short_preamble) { >+ changes |= IEEE80211SOFTMAC_BSSINFOCHG_SHORT_PREAMBLE; >+ mac->bssinfo.short_preamble = short_preamble; >+ } >+ >+ if (mac->bssinfo.use_protection != use_protection) { >+ changes |= IEEE80211SOFTMAC_BSSINFOCHG_PROTECTION; >+ mac->bssinfo.use_protection = use_protection; >+ } >+ >+ if (mac->bssinfo_change && changes) >+ mac->bssinfo_change(mac->dev, changes); >+} >+ > void ieee80211softmac_recalc_txrates(struct ieee80211softmac_device *mac) > { > struct ieee80211softmac_txrates *txrates = &mac->txrates; >- struct ieee80211softmac_txrates oldrates; > u32 change = 0; > >- if (mac->txrates_change) >- oldrates = mac->txrates; >- > change |= IEEE80211SOFTMAC_TXRATECHG_DEFAULT; >- txrates->default_rate = highest_supported_rate(mac, &mac->associnfo.supported_rates, 0); >+ txrates->default_rate = highest_supported_rate(mac, &mac->bssinfo.supported_rates, 0); > > change |= IEEE80211SOFTMAC_TXRATECHG_DEFAULT_FBACK; > txrates->default_fallback = lower_rate(mac, txrates->default_rate); > > change |= IEEE80211SOFTMAC_TXRATECHG_MCAST; >- txrates->mcast_rate = highest_supported_rate(mac, &mac->associnfo.supported_rates, 1); >+ txrates->mcast_rate = highest_supported_rate(mac, &mac->bssinfo.supported_rates, 1); > > if (mac->txrates_change) >- mac->txrates_change(mac->dev, change, &oldrates); >+ mac->txrates_change(mac->dev, change); > > } > >-void ieee80211softmac_init_txrates(struct ieee80211softmac_device *mac) >+void ieee80211softmac_init_bss(struct ieee80211softmac_device *mac) > { > struct ieee80211_device *ieee = mac->ieee; > u32 change = 0; > struct ieee80211softmac_txrates *txrates = &mac->txrates; >- struct ieee80211softmac_txrates oldrates; >+ struct ieee80211softmac_bss_info *bssinfo = &mac->bssinfo; > > /* TODO: We need some kind of state machine to lower the default rates > * if we loose too many packets. >@@ -245,19 +271,10 @@ void ieee80211softmac_init_txrates(struc > /* Change the default txrate to the highest possible value. > * The txrate machine will lower it, if it is too high. > */ >- if (mac->txrates_change) >- oldrates = mac->txrates; >- /* FIXME: We don't correctly handle backing down to lower >- rates, so 801.11g devices start off at 11M for now. People >- can manually change it if they really need to, but 11M is >- more reliable. Note similar logic in >- ieee80211softmac_wx_set_rate() */ >- if (ieee->modulation & IEEE80211_CCK_MODULATION) { >+ if (ieee->modulation & IEEE80211_OFDM_MODULATION) >+ txrates->user_rate = IEEE80211_OFDM_RATE_24MB; >+ else > txrates->user_rate = IEEE80211_CCK_RATE_11MB; >- } else if (ieee->modulation & IEEE80211_OFDM_MODULATION) { >- txrates->user_rate = IEEE80211_OFDM_RATE_54MB; >- } else >- assert(0); > > txrates->default_rate = IEEE80211_CCK_RATE_1MB; > change |= IEEE80211SOFTMAC_TXRATECHG_DEFAULT; >@@ -272,7 +289,23 @@ void ieee80211softmac_init_txrates(struc > change |= IEEE80211SOFTMAC_TXRATECHG_MGT_MCAST; > > if (mac->txrates_change) >- mac->txrates_change(mac->dev, change, &oldrates); >+ mac->txrates_change(mac->dev, change); >+ >+ change = 0; >+ >+ bssinfo->supported_rates.count = 0; >+ memset(bssinfo->supported_rates.rates, 0, >+ sizeof(bssinfo->supported_rates.rates)); >+ change |= IEEE80211SOFTMAC_BSSINFOCHG_RATES; >+ >+ bssinfo->short_preamble = 0; >+ change |= IEEE80211SOFTMAC_BSSINFOCHG_SHORT_PREAMBLE; >+ >+ bssinfo->use_protection = 0; >+ change |= IEEE80211SOFTMAC_BSSINFOCHG_PROTECTION; >+ >+ if (mac->bssinfo_change) >+ mac->bssinfo_change(mac->dev, change); > > mac->running = 1; > } >@@ -282,7 +315,7 @@ void ieee80211softmac_start(struct net_d > struct ieee80211softmac_device *mac = ieee80211_priv(dev); > > ieee80211softmac_start_check_rates(mac); >- ieee80211softmac_init_txrates(mac); >+ ieee80211softmac_init_bss(mac); > } > EXPORT_SYMBOL_GPL(ieee80211softmac_start); > >@@ -335,7 +368,6 @@ u8 ieee80211softmac_lower_rate_delta(str > static void ieee80211softmac_add_txrates_badness(struct ieee80211softmac_device *mac, > int amount) > { >- struct ieee80211softmac_txrates oldrates; > u8 default_rate = mac->txrates.default_rate; > u8 default_fallback = mac->txrates.default_fallback; > u32 changes = 0; >@@ -348,8 +380,6 @@ printk("badness %d\n", mac->txrate_badne > mac->txrate_badness += amount; > if (mac->txrate_badness <= -1000) { > /* Very small badness. Try a faster bitrate. */ >- if (mac->txrates_change) >- memcpy(&oldrates, &mac->txrates, sizeof(oldrates)); > default_rate = raise_rate(mac, default_rate); > changes |= IEEE80211SOFTMAC_TXRATECHG_DEFAULT; > default_fallback = get_fallback_rate(mac, default_rate); >@@ -358,8 +388,6 @@ printk("badness %d\n", mac->txrate_badne > printk("Bitrate raised to %u\n", default_rate); > } else if (mac->txrate_badness >= 10000) { > /* Very high badness. Try a slower bitrate. */ >- if (mac->txrates_change) >- memcpy(&oldrates, &mac->txrates, sizeof(oldrates)); > default_rate = lower_rate(mac, default_rate); > changes |= IEEE80211SOFTMAC_TXRATECHG_DEFAULT; > default_fallback = get_fallback_rate(mac, default_rate); >@@ -372,7 +400,7 @@ printk("Bitrate lowered to %u\n", defaul > mac->txrates.default_fallback = default_fallback; > > if (changes && mac->txrates_change) >- mac->txrates_change(mac->dev, changes, &oldrates); >+ mac->txrates_change(mac->dev, changes); > } > > void ieee80211softmac_fragment_lost(struct net_device *dev, >@@ -416,7 +444,11 @@ ieee80211softmac_create_network(struct i > memcpy(&softnet->supported_rates.rates[softnet->supported_rates.count], net->rates_ex, net->rates_ex_len); > softnet->supported_rates.count += net->rates_ex_len; > sort(softnet->supported_rates.rates, softnet->supported_rates.count, sizeof(softnet->supported_rates.rates[0]), rate_cmp, NULL); >- >+ >+ /* we save the ERP value because it is needed at association time, and >+ * many AP's do not include an ERP IE in the association response. */ >+ softnet->erp_value = net->erp_value; >+ > softnet->capabilities = net->capability; > return softnet; > } >--- linux-2.6.18.noarch/net/ieee80211/softmac/ieee80211softmac_priv.h.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/net/ieee80211/softmac/ieee80211softmac_priv.h 2007-05-16 15:32:18.000000000 -0400 >@@ -116,9 +116,11 @@ ieee80211softmac_get_network_by_essid(st > struct ieee80211softmac_essid *essid); > > /* Rates related */ >+void ieee80211softmac_process_erp(struct ieee80211softmac_device *mac, >+ u8 erp_value); > int ieee80211softmac_ratesinfo_rate_supported(struct ieee80211softmac_ratesinfo *ri, u8 rate); > u8 ieee80211softmac_lower_rate_delta(struct ieee80211softmac_device *mac, u8 rate, int delta); >-void ieee80211softmac_init_txrates(struct ieee80211softmac_device *mac); >+void ieee80211softmac_init_bss(struct ieee80211softmac_device *mac); > void ieee80211softmac_recalc_txrates(struct ieee80211softmac_device *mac); > static inline u8 lower_rate(struct ieee80211softmac_device *mac, u8 rate) { > return ieee80211softmac_lower_rate_delta(mac, rate, 1); >@@ -133,6 +135,9 @@ static inline u8 get_fallback_rate(struc > /*** prototypes from _io.c */ > int ieee80211softmac_send_mgt_frame(struct ieee80211softmac_device *mac, > void* ptrarg, u32 type, u32 arg); >+int ieee80211softmac_handle_beacon(struct net_device *dev, >+ struct ieee80211_beacon *beacon, >+ struct ieee80211_network *network); > > /*** prototypes from _auth.c */ > /* do these have to go into the public header? */ >@@ -189,6 +194,7 @@ struct ieee80211softmac_network { > authenticated:1, > auth_desynced_once:1; > >+ u8 erp_value; /* Saved ERP value */ > u16 capabilities; /* Capabilities bitfield */ > u8 challenge_len; /* Auth Challenge length */ > char *challenge; /* Challenge Text */ >@@ -232,4 +238,6 @@ void ieee80211softmac_call_events_locked > int ieee80211softmac_notify_internal(struct ieee80211softmac_device *mac, > int event, void *event_context, notify_function_ptr fun, void *context, gfp_t gfp_mask); > >+void ieee80211softmac_try_reassoc(struct ieee80211softmac_device *mac); >+ > #endif /* IEEE80211SOFTMAC_PRIV_H_ */ >--- linux-2.6.18.noarch/net/ieee80211/softmac/ieee80211softmac_io.c.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/net/ieee80211/softmac/ieee80211softmac_io.c 2007-05-16 15:32:18.000000000 -0400 >@@ -304,7 +304,7 @@ ieee80211softmac_auth(struct ieee80211_a > 2 + /* Auth Transaction Seq */ > 2 + /* Status Code */ > /* Challenge Text IE */ >- is_shared_response ? 0 : 1 + 1 + net->challenge_len >+ (is_shared_response ? 1 + 1 + net->challenge_len : 0) > ); > if (unlikely((*pkt) == NULL)) > return 0; >@@ -467,3 +467,22 @@ ieee80211softmac_send_mgt_frame(struct i > kfree(pkt); > return 0; > } >+ >+/* Beacon handling */ >+int ieee80211softmac_handle_beacon(struct net_device *dev, >+ struct ieee80211_beacon *beacon, >+ struct ieee80211_network *network) >+{ >+ struct ieee80211softmac_device *mac = ieee80211_priv(dev); >+ >+ /* This might race, but we don't really care and it's not worth >+ * adding heavyweight locking in this fastpath. >+ */ >+ if (mac->associnfo.associated) { >+ if (memcmp(network->bssid, mac->associnfo.bssid, ETH_ALEN) == 0) >+ ieee80211softmac_process_erp(mac, network->erp_value); >+ } >+ >+ return 0; >+} >+ >--- linux-2.6.18.noarch/net/ieee80211/softmac/ieee80211softmac_wx.c.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/net/ieee80211/softmac/ieee80211softmac_wx.c 2007-05-16 15:32:18.000000000 -0400 >@@ -73,13 +73,14 @@ ieee80211softmac_wx_set_essid(struct net > struct ieee80211softmac_network *n; > struct ieee80211softmac_auth_queue_item *authptr; > int length = 0; >- unsigned long flags; >+ >+ mutex_lock(&sm->associnfo.mutex); > > /* Check if we're already associating to this or another network > * If it's another network, cancel and start over with our new network > * If it's our network, ignore the change, we're already doing it! > */ >- if((sm->associnfo.associating || sm->associated) && >+ if((sm->associnfo.associating || sm->associnfo.associated) && > (data->essid.flags && data->essid.length && extra)) { > /* Get the associating network */ > n = ieee80211softmac_get_network_by_bssid(sm, sm->associnfo.bssid); >@@ -87,10 +88,9 @@ ieee80211softmac_wx_set_essid(struct net > !memcmp(n->essid.data, extra, n->essid.len)) { > dprintk(KERN_INFO PFX "Already associating or associated to "MAC_FMT"\n", > MAC_ARG(sm->associnfo.bssid)); >- return 0; >+ goto out; > } else { > dprintk(KERN_INFO PFX "Canceling existing associate request!\n"); >- spin_lock_irqsave(&sm->lock,flags); > /* Cancel assoc work */ > cancel_delayed_work(&sm->associnfo.work); > /* We don't have to do this, but it's a little cleaner */ >@@ -98,14 +98,13 @@ ieee80211softmac_wx_set_essid(struct net > cancel_delayed_work(&authptr->work); > sm->associnfo.bssvalid = 0; > sm->associnfo.bssfixed = 0; >- spin_unlock_irqrestore(&sm->lock,flags); > flush_scheduled_work(); >+ sm->associnfo.associating = 0; >+ sm->associnfo.associated = 0; > } > } > > >- spin_lock_irqsave(&sm->lock, flags); >- > sm->associnfo.static_essid = 0; > sm->associnfo.assoc_wait = 0; > >@@ -121,10 +120,12 @@ ieee80211softmac_wx_set_essid(struct net > * If applicable, we have already copied the data in */ > sm->associnfo.req_essid.len = length; > >+ sm->associnfo.associating = 1; > /* queue lower level code to do work (if necessary) */ > schedule_work(&sm->associnfo.work); >+out: >+ mutex_unlock(&sm->associnfo.mutex); > >- spin_unlock_irqrestore(&sm->lock, flags); > return 0; > } > EXPORT_SYMBOL_GPL(ieee80211softmac_wx_set_essid); >@@ -136,10 +137,8 @@ ieee80211softmac_wx_get_essid(struct net > char *extra) > { > struct ieee80211softmac_device *sm = ieee80211_priv(net_dev); >- unsigned long flags; > >- /* avoid getting inconsistent information */ >- spin_lock_irqsave(&sm->lock, flags); >+ mutex_lock(&sm->associnfo.mutex); > /* If all fails, return ANY (empty) */ > data->essid.length = 0; > data->essid.flags = 0; /* active */ >@@ -152,12 +151,13 @@ ieee80211softmac_wx_get_essid(struct net > } > > /* If we're associating/associated, return that */ >- if (sm->associated || sm->associnfo.associating) { >+ if (sm->associnfo.associated || sm->associnfo.associating) { > data->essid.length = sm->associnfo.associate_essid.len; > data->essid.flags = 1; /* active */ > memcpy(extra, sm->associnfo.associate_essid.data, sm->associnfo.associate_essid.len); > } >- spin_unlock_irqrestore(&sm->lock, flags); >+ mutex_unlock(&sm->associnfo.mutex); >+ > return 0; > } > EXPORT_SYMBOL_GPL(ieee80211softmac_wx_get_essid); >@@ -177,15 +177,10 @@ ieee80211softmac_wx_set_rate(struct net_ > int err = -EINVAL; > > if (in_rate == -1) { >- /* FIXME: We don't correctly handle backing down to lower >- rates, so 801.11g devices start off at 11M for now. People >- can manually change it if they really need to, but 11M is >- more reliable. Note similar logic in >- ieee80211softmac_wx_set_rate() */ >- if (ieee->modulation & IEEE80211_CCK_MODULATION) >- in_rate = 11000000; >+ if (ieee->modulation & IEEE80211_OFDM_MODULATION) >+ in_rate = 24000000; > else >- in_rate = 54000000; >+ in_rate = 11000000; > } > > switch (in_rate) { >@@ -265,6 +260,12 @@ ieee80211softmac_wx_get_rate(struct net_ > int err = -EINVAL; > > spin_lock_irqsave(&mac->lock, flags); >+ >+ if (unlikely(!mac->running)) { >+ err = -ENODEV; >+ goto out_unlock; >+ } >+ > switch (mac->txrates.default_rate) { > case IEEE80211_CCK_RATE_1MB: > data->bitrate.value = 1000000; >@@ -322,15 +323,15 @@ ieee80211softmac_wx_get_wap(struct net_d > { > struct ieee80211softmac_device *mac = ieee80211_priv(net_dev); > int err = 0; >- unsigned long flags; > >- spin_lock_irqsave(&mac->lock, flags); >+ mutex_lock(&mac->associnfo.mutex); > if (mac->associnfo.bssvalid) > memcpy(data->ap_addr.sa_data, mac->associnfo.bssid, ETH_ALEN); > else > memset(data->ap_addr.sa_data, 0xff, ETH_ALEN); > data->ap_addr.sa_family = ARPHRD_ETHER; >- spin_unlock_irqrestore(&mac->lock, flags); >+ mutex_unlock(&mac->associnfo.mutex); >+ > return err; > } > EXPORT_SYMBOL_GPL(ieee80211softmac_wx_get_wap); >@@ -342,28 +343,27 @@ ieee80211softmac_wx_set_wap(struct net_d > char *extra) > { > struct ieee80211softmac_device *mac = ieee80211_priv(net_dev); >- unsigned long flags; > > /* sanity check */ > if (data->ap_addr.sa_family != ARPHRD_ETHER) { > return -EINVAL; > } > >- spin_lock_irqsave(&mac->lock, flags); >+ mutex_lock(&mac->associnfo.mutex); > if (is_broadcast_ether_addr(data->ap_addr.sa_data)) { > /* the bssid we have is not to be fixed any longer, > * and we should reassociate to the best AP. */ > mac->associnfo.bssfixed = 0; > /* force reassociation */ > mac->associnfo.bssvalid = 0; >- if (mac->associated) >+ if (mac->associnfo.associated) > schedule_work(&mac->associnfo.work); > } else if (is_zero_ether_addr(data->ap_addr.sa_data)) { > /* the bssid we have is no longer fixed */ > mac->associnfo.bssfixed = 0; > } else { > if (!memcmp(mac->associnfo.bssid, data->ap_addr.sa_data, ETH_ALEN)) { >- if (mac->associnfo.associating || mac->associated) { >+ if (mac->associnfo.associating || mac->associnfo.associated) { > /* bssid unchanged and associated or associating - just return */ > goto out; > } >@@ -378,7 +378,8 @@ ieee80211softmac_wx_set_wap(struct net_d > } > > out: >- spin_unlock_irqrestore(&mac->lock, flags); >+ mutex_unlock(&mac->associnfo.mutex); >+ > return 0; > } > EXPORT_SYMBOL_GPL(ieee80211softmac_wx_set_wap); >@@ -394,7 +395,8 @@ ieee80211softmac_wx_set_genie(struct net > int err = 0; > char *buf; > int i; >- >+ >+ mutex_lock(&mac->associnfo.mutex); > spin_lock_irqsave(&mac->lock, flags); > /* bleh. shouldn't be locked for that kmalloc... */ > >@@ -432,6 +434,8 @@ ieee80211softmac_wx_set_genie(struct net > > out: > spin_unlock_irqrestore(&mac->lock, flags); >+ mutex_unlock(&mac->associnfo.mutex); >+ > return err; > } > EXPORT_SYMBOL_GPL(ieee80211softmac_wx_set_genie); >@@ -446,7 +450,8 @@ ieee80211softmac_wx_get_genie(struct net > unsigned long flags; > int err = 0; > int space = wrqu->data.length; >- >+ >+ mutex_lock(&mac->associnfo.mutex); > spin_lock_irqsave(&mac->lock, flags); > > wrqu->data.length = 0; >@@ -459,6 +464,8 @@ ieee80211softmac_wx_get_genie(struct net > err = -E2BIG; > } > spin_unlock_irqrestore(&mac->lock, flags); >+ mutex_unlock(&mac->associnfo.mutex); >+ > return err; > } > EXPORT_SYMBOL_GPL(ieee80211softmac_wx_get_genie); >@@ -473,10 +480,13 @@ ieee80211softmac_wx_set_mlme(struct net_ > struct iw_mlme *mlme = (struct iw_mlme *)extra; > u16 reason = cpu_to_le16(mlme->reason_code); > struct ieee80211softmac_network *net; >+ int err = -EINVAL; >+ >+ mutex_lock(&mac->associnfo.mutex); > > if (memcmp(mac->associnfo.bssid, mlme->addr.sa_data, ETH_ALEN)) { > printk(KERN_DEBUG PFX "wx_set_mlme: requested operation on net we don't use\n"); >- return -EINVAL; >+ goto out; > } > > switch (mlme->cmd) { >@@ -484,14 +494,23 @@ ieee80211softmac_wx_set_mlme(struct net_ > net = ieee80211softmac_get_network_by_bssid_locked(mac, mlme->addr.sa_data); > if (!net) { > printk(KERN_DEBUG PFX "wx_set_mlme: we should know the net here...\n"); >- return -EINVAL; >+ goto out; > } >- return ieee80211softmac_deauth_req(mac, net, reason); >+ err = ieee80211softmac_deauth_req(mac, net, reason); >+ goto out; > case IW_MLME_DISASSOC: > ieee80211softmac_send_disassoc_req(mac, reason); >- return 0; >+ mac->associnfo.associated = 0; >+ mac->associnfo.associating = 0; >+ err = 0; >+ goto out; > default: >- return -EOPNOTSUPP; >+ err = -EOPNOTSUPP; > } >+ >+out: >+ mutex_unlock(&mac->associnfo.mutex); >+ >+ return err; > } > EXPORT_SYMBOL_GPL(ieee80211softmac_wx_set_mlme); >--- linux-2.6.18.noarch/net/ieee80211/softmac/ieee80211softmac_assoc.c.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/net/ieee80211/softmac/ieee80211softmac_assoc.c 2007-05-16 15:32:18.000000000 -0400 >@@ -48,7 +48,7 @@ ieee80211softmac_assoc(struct ieee80211s > dprintk(KERN_INFO PFX "sent association request!\n"); > > spin_lock_irqsave(&mac->lock, flags); >- mac->associated = 0; /* just to make sure */ >+ mac->associnfo.associated = 0; /* just to make sure */ > > /* Set a timer for timeout */ > /* FIXME: make timeout configurable */ >@@ -62,24 +62,22 @@ ieee80211softmac_assoc_timeout(void *d) > { > struct ieee80211softmac_device *mac = (struct ieee80211softmac_device *)d; > struct ieee80211softmac_network *n; >- unsigned long flags; > >- spin_lock_irqsave(&mac->lock, flags); >+ mutex_lock(&mac->associnfo.mutex); > /* we might race against ieee80211softmac_handle_assoc_response, > * so make sure only one of us does something */ >- if (!mac->associnfo.associating) { >- spin_unlock_irqrestore(&mac->lock, flags); >- return; >- } >+ if (!mac->associnfo.associating) >+ goto out; > mac->associnfo.associating = 0; > mac->associnfo.bssvalid = 0; >- mac->associated = 0; >+ mac->associnfo.associated = 0; > > n = ieee80211softmac_get_network_by_bssid_locked(mac, mac->associnfo.bssid); >- spin_unlock_irqrestore(&mac->lock, flags); > > dprintk(KERN_INFO PFX "assoc request timed out!\n"); > ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_TIMEOUT, n); >+out: >+ mutex_unlock(&mac->associnfo.mutex); > } > > void >@@ -93,10 +91,10 @@ ieee80211softmac_disassoc(struct ieee802 > > netif_carrier_off(mac->dev); > >- mac->associated = 0; >+ mac->associnfo.associated = 0; > mac->associnfo.bssvalid = 0; > mac->associnfo.associating = 0; >- ieee80211softmac_init_txrates(mac); >+ ieee80211softmac_init_bss(mac); > ieee80211softmac_call_events_locked(mac, IEEE80211SOFTMAC_EVENT_DISASSOCIATED, NULL); > spin_unlock_irqrestore(&mac->lock, flags); > } >@@ -107,7 +105,7 @@ ieee80211softmac_send_disassoc_req(struc > { > struct ieee80211softmac_network *found; > >- if (mac->associnfo.bssvalid && mac->associated) { >+ if (mac->associnfo.bssvalid && mac->associnfo.associated) { > found = ieee80211softmac_get_network_by_bssid(mac, mac->associnfo.bssid); > if (found) > ieee80211softmac_send_mgt_frame(mac, found, IEEE80211_STYPE_DISASSOC, reason); >@@ -196,17 +194,18 @@ ieee80211softmac_assoc_work(void *d) > int bssvalid; > unsigned long flags; > >+ mutex_lock(&mac->associnfo.mutex); >+ >+ if (!mac->associnfo.associating) >+ goto out; >+ > /* ieee80211_disassoc might clear this */ > bssvalid = mac->associnfo.bssvalid; > > /* meh */ >- if (mac->associated) >+ if (mac->associnfo.associated) > ieee80211softmac_send_disassoc_req(mac, WLAN_REASON_DISASSOC_STA_HAS_LEFT); > >- spin_lock_irqsave(&mac->lock, flags); >- mac->associnfo.associating = 1; >- spin_unlock_irqrestore(&mac->lock, flags); >- > /* try to find the requested network in our list, if we found one already */ > if (bssvalid || mac->associnfo.bssfixed) > found = ieee80211softmac_get_network_by_bssid(mac, mac->associnfo.bssid); >@@ -260,10 +259,8 @@ ieee80211softmac_assoc_work(void *d) > > if (!found) { > if (mac->associnfo.scan_retry > 0) { >- spin_lock_irqsave(&mac->lock, flags); > mac->associnfo.scan_retry--; >- spin_unlock_irqrestore(&mac->lock, flags); >- >+ > /* We know of no such network. Let's scan. > * NB: this also happens if we had no memory to copy the network info... > * Maybe we can hope to have more memory after scanning finishes ;) >@@ -272,19 +269,17 @@ ieee80211softmac_assoc_work(void *d) > ieee80211softmac_notify(mac->dev, IEEE80211SOFTMAC_EVENT_SCAN_FINISHED, ieee80211softmac_assoc_notify_scan, NULL); > if (ieee80211softmac_start_scan(mac)) > dprintk(KERN_INFO PFX "Associate: failed to initiate scan. Is device up?\n"); >- return; >+ goto out; > } else { >- spin_lock_irqsave(&mac->lock, flags); > mac->associnfo.associating = 0; >- mac->associated = 0; >- spin_unlock_irqrestore(&mac->lock, flags); >+ mac->associnfo.associated = 0; > > dprintk(KERN_INFO PFX "Unable to find matching network after scan!\n"); > /* reset the retry counter for the next user request since we > * break out and don't reschedule ourselves after this point. */ > mac->associnfo.scan_retry = IEEE80211SOFTMAC_ASSOC_SCAN_RETRY_LIMIT; > ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_NET_NOT_FOUND, NULL); >- return; >+ goto out; > } > } > >@@ -297,7 +292,7 @@ ieee80211softmac_assoc_work(void *d) > /* copy the ESSID for displaying it */ > mac->associnfo.associate_essid.len = found->essid.len; > memcpy(mac->associnfo.associate_essid.data, found->essid.data, IW_ESSID_MAX_SIZE + 1); >- >+ > /* we found a network! authenticate (if necessary) and associate to it. */ > if (found->authenticating) { > dprintk(KERN_INFO PFX "Already requested authentication, waiting...\n"); >@@ -305,7 +300,7 @@ ieee80211softmac_assoc_work(void *d) > mac->associnfo.assoc_wait = 1; > ieee80211softmac_notify_internal(mac, IEEE80211SOFTMAC_EVENT_ANY, found, ieee80211softmac_assoc_notify_auth, NULL, GFP_KERNEL); > } >- return; >+ goto out; > } > if (!found->authenticated && !found->authenticating) { > /* This relies on the fact that _auth_req only queues the work, >@@ -321,11 +316,14 @@ ieee80211softmac_assoc_work(void *d) > mac->associnfo.assoc_wait = 0; > ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_FAILED, found); > } >- return; >+ goto out; > } > /* finally! now we can start associating */ > mac->associnfo.assoc_wait = 0; > ieee80211softmac_assoc(mac, found); >+ >+out: >+ mutex_unlock(&mac->associnfo.mutex); > } > > /* call this to do whatever is necessary when we're associated */ >@@ -334,11 +332,19 @@ ieee80211softmac_associated(struct ieee8 > struct ieee80211_assoc_response * resp, > struct ieee80211softmac_network *net) > { >+ u16 cap = le16_to_cpu(resp->capability); >+ u8 erp_value = net->erp_value; >+ > mac->associnfo.associating = 0; >- mac->associnfo.supported_rates = net->supported_rates; >+ mac->bssinfo.supported_rates = net->supported_rates; > ieee80211softmac_recalc_txrates(mac); > >- mac->associated = 1; >+ mac->associnfo.associated = 1; >+ >+ mac->associnfo.short_preamble_available = >+ (cap & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0; >+ ieee80211softmac_process_erp(mac, erp_value); >+ > if (mac->set_bssid_filter) > mac->set_bssid_filter(mac->dev, net->bssid); > memcpy(mac->ieee->bssid, net->bssid, ETH_ALEN); >@@ -351,9 +357,9 @@ ieee80211softmac_associated(struct ieee8 > int > ieee80211softmac_handle_assoc_response(struct net_device * dev, > struct ieee80211_assoc_response * resp, >- struct ieee80211_network * _ieee80211_network_do_not_use) >+ struct ieee80211_network * _ieee80211_network) > { >- /* NOTE: the network parameter has to be ignored by >+ /* NOTE: the network parameter has to be mostly ignored by > * this code because it is the ieee80211's pointer > * to the struct, not ours (we made a copy) > */ >@@ -385,6 +391,11 @@ ieee80211softmac_handle_assoc_response(s > /* now that we know it was for us, we can cancel the timeout */ > cancel_delayed_work(&mac->associnfo.timeout); > >+ /* if the association response included an ERP IE, update our saved >+ * copy */ >+ if (_ieee80211_network->flags & NETWORK_HAS_ERP_VALUE) >+ network->erp_value = _ieee80211_network->erp_value; >+ > switch (status) { > case 0: > dprintk(KERN_INFO PFX "associated!\n"); >@@ -408,7 +419,7 @@ ieee80211softmac_handle_assoc_response(s > dprintk(KERN_INFO PFX "associating failed (reason: 0x%x)!\n", status); > mac->associnfo.associating = 0; > mac->associnfo.bssvalid = 0; >- mac->associated = 0; >+ mac->associnfo.associated = 0; > ieee80211softmac_call_events_locked(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_FAILED, network); > } > >@@ -416,6 +427,17 @@ ieee80211softmac_handle_assoc_response(s > return 0; > } > >+void >+ieee80211softmac_try_reassoc(struct ieee80211softmac_device *mac) >+{ >+ unsigned long flags; >+ >+ spin_lock_irqsave(&mac->lock, flags); >+ mac->associnfo.associating = 1; >+ schedule_work(&mac->associnfo.work); >+ spin_unlock_irqrestore(&mac->lock, flags); >+} >+ > int > ieee80211softmac_handle_disassoc(struct net_device * dev, > struct ieee80211_disassoc *disassoc) >@@ -434,8 +456,7 @@ ieee80211softmac_handle_disassoc(struct > dprintk(KERN_INFO PFX "got disassoc frame\n"); > ieee80211softmac_disassoc(mac); > >- /* try to reassociate */ >- schedule_work(&mac->associnfo.work); >+ ieee80211softmac_try_reassoc(mac); > > return 0; > } >--- linux-2.6.18.noarch/net/ieee80211/softmac/ieee80211softmac_scan.c.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/net/ieee80211/softmac/ieee80211softmac_scan.c 2007-05-16 15:32:18.000000000 -0400 >@@ -47,7 +47,6 @@ ieee80211softmac_start_scan(struct ieee8 > sm->scanning = 1; > spin_unlock_irqrestore(&sm->lock, flags); > >- netif_tx_disable(sm->ieee->dev); > ret = sm->start_scan(sm->dev); > if (ret) { > spin_lock_irqsave(&sm->lock, flags); >@@ -135,7 +134,8 @@ void ieee80211softmac_scan(void *d) > si->started = 0; > spin_unlock_irqrestore(&sm->lock, flags); > >- dprintk(PFX "Scanning finished\n"); >+ dprintk(PFX "Scanning finished: scanned %d channels starting with channel %d\n", >+ sm->scaninfo->number_channels, sm->scaninfo->channels[0].channel); > ieee80211softmac_scan_finished(sm); > complete_all(&sm->scaninfo->finished); > } >@@ -183,8 +183,6 @@ int ieee80211softmac_start_scan_implemen > sm->scaninfo->channels = sm->ieee->geo.bg; > sm->scaninfo->number_channels = sm->ieee->geo.bg_channels; > } >- dprintk(PFX "Start scanning with channel: %d\n", sm->scaninfo->channels[0].channel); >- dprintk(PFX "Scanning %d channels\n", sm->scaninfo->number_channels); > sm->scaninfo->current_channel_idx = 0; > sm->scaninfo->started = 1; > sm->scaninfo->stop = 0; >@@ -248,7 +246,6 @@ void ieee80211softmac_scan_finished(stru > if (net) > sm->set_channel(sm->dev, net->channel); > } >- netif_wake_queue(sm->ieee->dev); > ieee80211softmac_call_events(sm, IEEE80211SOFTMAC_EVENT_SCAN_FINISHED, NULL); > } > EXPORT_SYMBOL_GPL(ieee80211softmac_scan_finished); >--- linux-2.6.18.noarch/net/ieee80211/ieee80211_crypt_tkip.c.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/net/ieee80211/ieee80211_crypt_tkip.c 2007-05-16 15:32:18.000000000 -0400 >@@ -52,8 +52,10 @@ struct ieee80211_tkip_data { > > int key_idx; > >- struct crypto_tfm *tfm_arc4; >- struct crypto_tfm *tfm_michael; >+ struct crypto_tfm *tx_tfm_arc4; >+ struct crypto_tfm *tx_tfm_michael; >+ struct crypto_tfm *rx_tfm_arc4; >+ struct crypto_tfm *rx_tfm_michael; > > /* scratch buffers for virt_to_page() (crypto API) */ > u8 rx_hdr[16], tx_hdr[16]; >@@ -85,15 +87,29 @@ static void *ieee80211_tkip_init(int key > > priv->key_idx = key_idx; > >- priv->tfm_arc4 = crypto_alloc_tfm("arc4", 0); >- if (priv->tfm_arc4 == NULL) { >+ priv->tx_tfm_arc4 = crypto_alloc_tfm("arc4", 0); >+ if (priv->tx_tfm_arc4 == NULL) { > printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " > "crypto API arc4\n"); > goto fail; > } > >- priv->tfm_michael = crypto_alloc_tfm("michael_mic", 0); >- if (priv->tfm_michael == NULL) { >+ priv->tx_tfm_michael = crypto_alloc_tfm("michael_mic", 0); >+ if (priv->tx_tfm_michael == NULL) { >+ printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " >+ "crypto API michael_mic\n"); >+ goto fail; >+ } >+ >+ priv->rx_tfm_arc4 = crypto_alloc_tfm("arc4", 0); >+ if (priv->rx_tfm_arc4 == NULL) { >+ printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " >+ "crypto API arc4\n"); >+ goto fail; >+ } >+ >+ priv->rx_tfm_michael = crypto_alloc_tfm("michael_mic", 0); >+ if (priv->rx_tfm_michael == NULL) { > printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " > "crypto API michael_mic\n"); > goto fail; >@@ -103,10 +119,14 @@ static void *ieee80211_tkip_init(int key > > fail: > if (priv) { >- if (priv->tfm_michael) >- crypto_free_tfm(priv->tfm_michael); >- if (priv->tfm_arc4) >- crypto_free_tfm(priv->tfm_arc4); >+ if (priv->tx_tfm_michael) >+ crypto_free_tfm(priv->tx_tfm_michael); >+ if (priv->tx_tfm_arc4) >+ crypto_free_tfm(priv->tx_tfm_arc4); >+ if (priv->rx_tfm_michael) >+ crypto_free_tfm(priv->rx_tfm_michael); >+ if (priv->rx_tfm_arc4) >+ crypto_free_tfm(priv->rx_tfm_arc4); > kfree(priv); > } > >@@ -116,10 +136,16 @@ static void *ieee80211_tkip_init(int key > static void ieee80211_tkip_deinit(void *priv) > { > struct ieee80211_tkip_data *_priv = priv; >- if (_priv && _priv->tfm_michael) >- crypto_free_tfm(_priv->tfm_michael); >- if (_priv && _priv->tfm_arc4) >- crypto_free_tfm(_priv->tfm_arc4); >+ if (_priv) { >+ if (_priv->tx_tfm_michael) >+ crypto_free_tfm(_priv->tx_tfm_michael); >+ if (_priv->tx_tfm_arc4) >+ crypto_free_tfm(_priv->tx_tfm_arc4); >+ if (_priv->rx_tfm_michael) >+ crypto_free_tfm(_priv->rx_tfm_michael); >+ if (_priv->rx_tfm_arc4) >+ crypto_free_tfm(_priv->rx_tfm_arc4); >+ } > kfree(priv); > } > >@@ -351,12 +377,25 @@ static int ieee80211_tkip_encrypt(struct > icv[2] = crc >> 16; > icv[3] = crc >> 24; > >- crypto_cipher_setkey(tkey->tfm_arc4, rc4key, 16); >+ crypto_cipher_setkey(tkey->tx_tfm_arc4, rc4key, 16); > sg.page = virt_to_page(pos); > sg.offset = offset_in_page(pos); > sg.length = len + 4; >- crypto_cipher_encrypt(tkey->tfm_arc4, &sg, &sg, len + 4); >+ crypto_cipher_encrypt(tkey->tx_tfm_arc4, &sg, &sg, len + 4); >+ >+ return 0; >+} > >+/* >+ * deal with seq counter wrapping correctly. >+ * refer to timer_after() for jiffies wrapping handling >+ */ >+static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n, >+ u32 iv32_o, u16 iv16_o) >+{ >+ if ((s32)iv32_n - (s32)iv32_o < 0 || >+ (iv32_n == iv32_o && iv16_n <= iv16_o)) >+ return 1; > return 0; > } > >@@ -414,8 +453,7 @@ static int ieee80211_tkip_decrypt(struct > iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24); > pos += 8; > >- if (iv32 < tkey->rx_iv32 || >- (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) { >+ if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) { > if (net_ratelimit()) { > printk(KERN_DEBUG "TKIP: replay detected: STA=" MAC_FMT > " previous TSC %08x%04x received TSC " >@@ -434,11 +472,11 @@ static int ieee80211_tkip_decrypt(struct > > plen = skb->len - hdr_len - 12; > >- crypto_cipher_setkey(tkey->tfm_arc4, rc4key, 16); >+ crypto_cipher_setkey(tkey->rx_tfm_arc4, rc4key, 16); > sg.page = virt_to_page(pos); > sg.offset = offset_in_page(pos); > sg.length = plen + 4; >- crypto_cipher_decrypt(tkey->tfm_arc4, &sg, &sg, plen + 4); >+ crypto_cipher_decrypt(tkey->rx_tfm_arc4, &sg, &sg, plen + 4); > > crc = ~crc32_le(~0, pos, plen); > icv[0] = crc; >@@ -472,12 +510,12 @@ static int ieee80211_tkip_decrypt(struct > return keyidx; > } > >-static int michael_mic(struct ieee80211_tkip_data *tkey, u8 * key, u8 * hdr, >+static int michael_mic(struct crypto_tfm *tfm_michael, u8 * key, u8 * hdr, > u8 * data, size_t data_len, u8 * mic) > { > struct scatterlist sg[2]; > >- if (tkey->tfm_michael == NULL) { >+ if (tfm_michael == NULL) { > printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n"); > return -1; > } >@@ -489,10 +527,10 @@ static int michael_mic(struct ieee80211_ > sg[1].offset = offset_in_page(data); > sg[1].length = data_len; > >- crypto_digest_init(tkey->tfm_michael); >- crypto_digest_setkey(tkey->tfm_michael, key, 8); >- crypto_digest_update(tkey->tfm_michael, sg, 2); >- crypto_digest_final(tkey->tfm_michael, mic); >+ crypto_digest_init(tfm_michael); >+ crypto_digest_setkey(tfm_michael, key, 8); >+ crypto_digest_update(tfm_michael, sg, 2); >+ crypto_digest_final(tfm_michael, mic); > > return 0; > } >@@ -528,7 +566,7 @@ static void michael_mic_hdr(struct sk_bu > if (stype & IEEE80211_STYPE_QOS_DATA) { > const struct ieee80211_hdr_3addrqos *qoshdr = > (struct ieee80211_hdr_3addrqos *)skb->data; >- hdr[12] = le16_to_cpu(qoshdr->qos_ctl) & IEEE80211_QCTL_TID; >+ hdr[12] = qoshdr->qos_ctl & cpu_to_le16(IEEE80211_QCTL_TID); > } else > hdr[12] = 0; /* priority */ > >@@ -550,7 +588,7 @@ static int ieee80211_michael_mic_add(str > > michael_mic_hdr(skb, tkey->tx_hdr); > pos = skb_put(skb, 8); >- if (michael_mic(tkey, &tkey->key[16], tkey->tx_hdr, >+ if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr, > skb->data + hdr_len, skb->len - 8 - hdr_len, pos)) > return -1; > >@@ -588,7 +626,7 @@ static int ieee80211_michael_mic_verify( > return -1; > > michael_mic_hdr(skb, tkey->rx_hdr); >- if (michael_mic(tkey, &tkey->key[24], tkey->rx_hdr, >+ if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr, > skb->data + hdr_len, skb->len - 8 - hdr_len, mic)) > return -1; > if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) { >@@ -618,14 +656,18 @@ static int ieee80211_tkip_set_key(void * > { > struct ieee80211_tkip_data *tkey = priv; > int keyidx; >- struct crypto_tfm *tfm = tkey->tfm_michael; >- struct crypto_tfm *tfm2 = tkey->tfm_arc4; >+ struct crypto_tfm *tfm = tkey->tx_tfm_michael; >+ struct crypto_tfm *tfm2 = tkey->tx_tfm_arc4; >+ struct crypto_tfm *tfm3 = tkey->rx_tfm_michael; >+ struct crypto_tfm *tfm4 = tkey->rx_tfm_arc4; > > keyidx = tkey->key_idx; > memset(tkey, 0, sizeof(*tkey)); > tkey->key_idx = keyidx; >- tkey->tfm_michael = tfm; >- tkey->tfm_arc4 = tfm2; >+ tkey->tx_tfm_michael = tfm; >+ tkey->tx_tfm_arc4 = tfm2; >+ tkey->rx_tfm_michael = tfm3; >+ tkey->rx_tfm_arc4 = tfm4; > if (len == TKIP_KEY_LEN) { > memcpy(tkey->key, key, TKIP_KEY_LEN); > tkey->key_set = 1; >--- linux-2.6.18.noarch/net/ieee80211/ieee80211_rx.c.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/net/ieee80211/ieee80211_rx.c 2007-05-16 15:37:45.000000000 -0400 >@@ -479,6 +479,11 @@ int ieee80211_rx(struct ieee80211_device > goto rx_exit; > } > #endif >+ /* drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.29) */ >+ if (sc == ieee->prev_seq_ctl) >+ goto rx_dropped; >+ else >+ ieee->prev_seq_ctl = sc; > > /* Data frame - extract src/dst addresses */ > if (skb->len < IEEE80211_3ADDR_LEN) >@@ -1067,7 +1072,10 @@ static int ieee80211_parse_info_param(st > info_element->len + > sizeof(*info_element), > length, info_element->id); >- return 1; >+ /* We stop processing but don't return an error here >+ * because some misbehaviour APs break this rule. ie. >+ * Orinoco AP1000. */ >+ break; > } > > switch (info_element->id) { >@@ -1166,6 +1174,7 @@ static int ieee80211_parse_info_param(st > > case MFIE_TYPE_ERP_INFO: > network->erp_value = info_element->data[0]; >+ network->flags |= NETWORK_HAS_ERP_VALUE; > IEEE80211_DEBUG_MGMT("MFIE_TYPE_ERP_SET: %d\n", > network->erp_value); > break; >@@ -1234,12 +1243,12 @@ static int ieee80211_parse_info_param(st > case MFIE_TYPE_IBSS_DFS: > if (network->ibss_dfs) > break; >- network->ibss_dfs = >- kmalloc(info_element->len, GFP_ATOMIC); >- if (!network->ibss_dfs) >- return 1; >+ network->ibss_dfs = kmalloc(info_element->len, >+ GFP_ATOMIC); > memcpy(network->ibss_dfs, info_element->data, > info_element->len); >+ if (!network->ibss_dfs) >+ return 1; > network->flags |= NETWORK_HAS_IBSS_DFS; > break; > >--- linux-2.6.18.noarch/net/ieee80211/ieee80211_tx.c.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/net/ieee80211/ieee80211_tx.c 2007-05-16 15:32:18.000000000 -0400 >@@ -337,7 +337,7 @@ int ieee80211_xmit(struct sk_buff *skb, > hdr_len += 2; > > skb->priority = ieee80211_classify(skb); >- header.qos_ctl |= skb->priority & IEEE80211_QCTL_TID; >+ header.qos_ctl |= cpu_to_le16(skb->priority & IEEE80211_QCTL_TID); > } > header.frame_ctl = cpu_to_le16(fc); > >@@ -390,7 +390,7 @@ int ieee80211_xmit(struct sk_buff *skb, > * this stack is providing the full 802.11 header, one will > * eventually be affixed to this fragment -- so we must account > * for it when determining the amount of payload space. */ >- bytes_per_frag = frag_size - IEEE80211_3ADDR_LEN; >+ bytes_per_frag = frag_size - hdr_len; > if (ieee->config & > (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS)) > bytes_per_frag -= IEEE80211_FCS_LEN; >@@ -412,7 +412,7 @@ int ieee80211_xmit(struct sk_buff *skb, > } else { > nr_frags = 1; > bytes_per_frag = bytes_last_frag = bytes; >- frag_size = bytes + IEEE80211_3ADDR_LEN; >+ frag_size = bytes + hdr_len; > } > > rts_required = (frag_size > ieee->rts >@@ -502,9 +502,6 @@ int ieee80211_xmit(struct sk_buff *skb, > if (host_encrypt) > ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len); > else if (host_build_iv) { >- struct ieee80211_crypt_data *crypt; >- >- crypt = ieee->crypt[ieee->tx_keyidx]; > atomic_inc(&crypt->refcnt); > if (crypt->ops->build_iv) > crypt->ops->build_iv(skb_frag, hdr_len, >@@ -532,13 +529,6 @@ int ieee80211_xmit(struct sk_buff *skb, > return 0; > } > >- if (ret == NETDEV_TX_BUSY) { >- printk(KERN_ERR "%s: NETDEV_TX_BUSY returned; " >- "driver should report queue full via " >- "ieee_device->is_queue_full.\n", >- ieee->dev->name); >- } >- > ieee80211_txb_free(txb); > } > >--- linux-2.6.18.noarch/net/ieee80211/ieee80211_crypt_ccmp.c.orig 2007-05-16 15:32:12.000000000 -0400 >+++ linux-2.6.18.noarch/net/ieee80211/ieee80211_crypt_ccmp.c 2007-05-16 15:32:18.000000000 -0400 >@@ -271,6 +271,27 @@ static int ieee80211_ccmp_encrypt(struct > return 0; > } > >+/* >+ * deal with seq counter wrapping correctly. >+ * refer to timer_after() for jiffies wrapping handling >+ */ >+static inline int ccmp_replay_check(u8 *pn_n, u8 *pn_o) >+{ >+ u32 iv32_n, iv16_n; >+ u32 iv32_o, iv16_o; >+ >+ iv32_n = (pn_n[0] << 24) | (pn_n[1] << 16) | (pn_n[2] << 8) | pn_n[3]; >+ iv16_n = (pn_n[4] << 8) | pn_n[5]; >+ >+ iv32_o = (pn_o[0] << 24) | (pn_o[1] << 16) | (pn_o[2] << 8) | pn_o[3]; >+ iv16_o = (pn_o[4] << 8) | pn_o[5]; >+ >+ if ((s32)iv32_n - (s32)iv32_o < 0 || >+ (iv32_n == iv32_o && iv16_n <= iv16_o)) >+ return 1; >+ return 0; >+} >+ > static int ieee80211_ccmp_decrypt(struct sk_buff *skb, int hdr_len, void *priv) > { > struct ieee80211_ccmp_data *key = priv; >@@ -323,7 +344,7 @@ static int ieee80211_ccmp_decrypt(struct > pn[5] = pos[0]; > pos += 8; > >- if (memcmp(pn, key->rx_pn, CCMP_PN_LEN) <= 0) { >+ if (ccmp_replay_check(pn, key->rx_pn)) { > if (net_ratelimit()) { > printk(KERN_DEBUG "CCMP: replay detected: STA=" MAC_FMT > " previous PN %02x%02x%02x%02x%02x%02x "
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=156109">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 240354
: 156109