Date: Tue, 12 Aug 2008 16:14:53 GMT From: Sam Leffler <sam@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 147242 for review Message-ID: <200808121614.m7CGEr9A041161@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=147242 Change 147242 by sam@sam_ebb on 2008/08/12 16:14:13 validate policy parameter in ADDBA response Affected files ... .. //depot/projects/vap/sys/net80211/ieee80211_ht.c#32 edit .. //depot/projects/vap/sys/net80211/ieee80211_ioctl.h#21 edit Differences ... ==== //depot/projects/vap/sys/net80211/ieee80211_ht.c#32 (text+ko) ==== @@ -1404,7 +1404,7 @@ const struct ieee80211_action *ia; struct ieee80211_rx_ampdu *rap; struct ieee80211_tx_ampdu *tap; - uint8_t dialogtoken; + uint8_t dialogtoken, policy; uint16_t baparamset, batimeout, baseqctl, code; uint16_t args[4]; int tid, ac, bufsiz; @@ -1472,6 +1472,7 @@ baparamset = LE_READ_2(frm+5); tid = MS(baparamset, IEEE80211_BAPS_TID); bufsiz = MS(baparamset, IEEE80211_BAPS_BUFSIZ); + policy = MS(baparamset, IEEE80211_BAPS_POLICY); batimeout = LE_READ_2(frm+7); ac = TID_TO_WME_AC(tid); @@ -1495,6 +1496,18 @@ vap->iv_stats.is_addba_badtoken++; return; } + /* NB: assumes IEEE80211_AGGR_IMMEDIATE is 1 */ + if (policy != (tap->txa_flags & IEEE80211_AGGR_IMMEDIATE)) { + IEEE80211_DISCARD_MAC(vap, + IEEE80211_MSG_ACTION | IEEE80211_MSG_11N, + ni->ni_macaddr, "ADDBA response", + "policy mismatch: expecting %s, " + "received %s, tid %d code %d", + tap->txa_flags & IEEE80211_AGGR_IMMEDIATE, + policy, tid, code); + vap->iv_stats.is_addba_badpolicy++; + return; + } IEEE80211_NOTE(vap, IEEE80211_MSG_ACTION | IEEE80211_MSG_11N, ni, ==== //depot/projects/vap/sys/net80211/ieee80211_ioctl.h#21 (text+ko) ==== @@ -207,6 +207,7 @@ uint32_t is_addba_norequest; /* ADDBA response w/o ADDBA */ uint32_t is_addba_badtoken; /* ADDBA response w/ wrong dialogtoken */ + uint32_t is_addba_badpolicy; /* ADDBA resp w/ wrong policy */ uint32_t is_ampdu_stop; /* A-MPDU stream stopped */ uint32_t is_ampdu_stop_failed; /* A-MPDU stream not running */ uint32_t is_ampdu_rx_reorder; /* A-MPDU held for rx reorder */ @@ -215,7 +216,7 @@ uint8_t is_rx_disassoc_code; /* last rx'd disassoc reason */ uint8_t is_rx_authfail_code; /* last rx'd auth fail reason */ uint32_t is_beacon_miss; /* beacon miss notification */ - uint32_t is_spare[14]; + uint32_t is_spare[13]; }; /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808121614.m7CGEr9A041161>