mac80211: Scale down to non-HT association with TKIP/WEP as pairwise cipher
As TKIP is not updated to new security needs which arise when TKIP is used to encrypt A-MPDU aggregated data frames, IEEE802.11n does not allow any cipher other than CCMP (Which has new extensions defined) as pairwise cipher between HT peers. When such configuration (TKIP/WEP in HT) is forced, we still associate in non-HT mode (11a/b/g). Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
parent
9ee677c227
commit
eb46936b9f
4 changed files with 22 additions and 3 deletions
|
@ -258,6 +258,7 @@ struct mesh_preq_queue {
|
|||
#define IEEE80211_STA_AUTO_BSSID_SEL BIT(11)
|
||||
#define IEEE80211_STA_AUTO_CHANNEL_SEL BIT(12)
|
||||
#define IEEE80211_STA_PRIVACY_INVOKED BIT(13)
|
||||
#define IEEE80211_STA_TKIP_WEP_USED BIT(14)
|
||||
/* flags for MLME request */
|
||||
#define IEEE80211_STA_REQ_SCAN 0
|
||||
#define IEEE80211_STA_REQ_DIRECT_PROBE 1
|
||||
|
|
|
@ -459,7 +459,8 @@ static int ieee80211_stop(struct net_device *dev)
|
|||
synchronize_rcu();
|
||||
skb_queue_purge(&sdata->u.sta.skb_queue);
|
||||
|
||||
sdata->u.sta.flags &= ~IEEE80211_STA_PRIVACY_INVOKED;
|
||||
sdata->u.sta.flags &= ~(IEEE80211_STA_PRIVACY_INVOKED |
|
||||
IEEE80211_STA_TKIP_WEP_USED);
|
||||
kfree(sdata->u.sta.extra_ie);
|
||||
sdata->u.sta.extra_ie = NULL;
|
||||
sdata->u.sta.extra_ie_len = 0;
|
||||
|
|
|
@ -391,10 +391,17 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
|
|||
}
|
||||
|
||||
/* wmm support is a must to HT */
|
||||
/*
|
||||
* IEEE802.11n does not allow TKIP/WEP as pairwise
|
||||
* ciphers in HT mode. We still associate in non-ht
|
||||
* mode (11a/b/g) if any one of these ciphers is
|
||||
* configured as pairwise.
|
||||
*/
|
||||
if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED) &&
|
||||
sband->ht_cap.ht_supported &&
|
||||
(ht_ie = ieee80211_bss_get_ie(bss, WLAN_EID_HT_INFORMATION)) &&
|
||||
ht_ie[1] >= sizeof(struct ieee80211_ht_info)) {
|
||||
ht_ie[1] >= sizeof(struct ieee80211_ht_info) &&
|
||||
(!(ifsta->flags & IEEE80211_STA_TKIP_WEP_USED))) {
|
||||
struct ieee80211_ht_info *ht_info =
|
||||
(struct ieee80211_ht_info *)(ht_ie + 2);
|
||||
u16 cap = sband->ht_cap.cap;
|
||||
|
|
|
@ -903,12 +903,22 @@ static int ieee80211_ioctl_siwauth(struct net_device *dev,
|
|||
|
||||
switch (data->flags & IW_AUTH_INDEX) {
|
||||
case IW_AUTH_WPA_VERSION:
|
||||
case IW_AUTH_CIPHER_PAIRWISE:
|
||||
case IW_AUTH_CIPHER_GROUP:
|
||||
case IW_AUTH_WPA_ENABLED:
|
||||
case IW_AUTH_RX_UNENCRYPTED_EAPOL:
|
||||
case IW_AUTH_KEY_MGMT:
|
||||
break;
|
||||
case IW_AUTH_CIPHER_PAIRWISE:
|
||||
if (sdata->vif.type == NL80211_IFTYPE_STATION) {
|
||||
if (data->value & (IW_AUTH_CIPHER_WEP40 |
|
||||
IW_AUTH_CIPHER_WEP104 | IW_AUTH_CIPHER_TKIP))
|
||||
sdata->u.sta.flags |=
|
||||
IEEE80211_STA_TKIP_WEP_USED;
|
||||
else
|
||||
sdata->u.sta.flags &=
|
||||
~IEEE80211_STA_TKIP_WEP_USED;
|
||||
}
|
||||
break;
|
||||
case IW_AUTH_DROP_UNENCRYPTED:
|
||||
sdata->drop_unencrypted = !!data->value;
|
||||
break;
|
||||
|
|
Loading…
Reference in a new issue