tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
don't use net/ieee80211.h
Convert all the drivers using net/ieee80211.h to use linux/ieee80211.h.
Contains a bugfix in libertas where the SSID parsing could overrun the
buffer when the AP sends invalid information.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Dan Williams <dcbw@redhat.com> [airo, libertas]
Acked-by: Pavel Roskin <proski@gnu.org> [orinoco]
Acked-by: David Kilroy <kilroyd@googlemail.com> [orinoco]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
authored by
Johannes Berg
and committed by
John W. Linville
2c706002
9b1fbae4
+167
-158
+9
-8
drivers/net/ps3_gelic_wireless.c
+9
-8
drivers/net/ps3_gelic_wireless.c
···
30
30
#include <linux/ip.h>
31
31
#include <linux/tcp.h>
32
32
#include <linux/wireless.h>
33
+
#include <linux/ieee80211.h>
34
+
#include <linux/if_arp.h>
33
35
#include <linux/ctype.h>
34
36
#include <linux/string.h>
35
37
#include <net/iw_handler.h>
36
-
#include <net/ieee80211.h>
37
38
38
39
#include <linux/dma-mapping.h>
39
40
#include <net/checksum.h>
···
450
449
451
450
/* element id */
452
451
if (rsn)
453
-
*buf++ = MFIE_TYPE_RSN;
452
+
*buf++ = WLAN_EID_RSN;
454
453
else
455
-
*buf++ = MFIE_TYPE_GENERIC;
454
+
*buf++ = WLAN_EID_GENERIC;
456
455
457
456
/* length filed; set later */
458
457
buf++;
···
540
539
break;
541
540
542
541
switch (item_id) {
543
-
case MFIE_TYPE_GENERIC:
542
+
case WLAN_EID_GENERIC:
544
543
if ((OUI_LEN + 1 <= item_len) &&
545
544
!memcmp(pos, wpa_oui, OUI_LEN) &&
546
545
pos[OUI_LEN] == 0x01) {
···
548
547
ie_info->wpa.len = item_len + 2;
549
548
}
550
549
break;
551
-
case MFIE_TYPE_RSN:
550
+
case WLAN_EID_RSN:
552
551
ie_info->rsn.data = pos - 2;
553
552
/* length includes the header */
554
553
ie_info->rsn.len = item_len + 2;
···
582
581
char *tmp;
583
582
u8 rate;
584
583
unsigned int i, j, len;
585
-
u8 buf[MAX_WPA_IE_LEN];
584
+
u8 buf[64]; /* arbitrary size large enough */
586
585
587
586
pr_debug("%s: <-\n", __func__);
588
587
···
1735
1734
target->essid_len = strnlen(scan_info->essid,
1736
1735
sizeof(scan_info->essid));
1737
1736
target->rate_len = 0;
1738
-
for (r = 0; r < MAX_RATES_LENGTH; r++)
1737
+
for (r = 0; r < 12; r++)
1739
1738
if (scan_info->rate[r])
1740
1739
target->rate_len++;
1741
1740
if (8 < target->rate_len)
1742
1741
pr_info("%s: AP returns %d rates\n", __func__,
1743
1742
target->rate_len);
1744
1743
target->rate_ext_len = 0;
1745
-
for (r = 0; r < MAX_RATES_EX_LENGTH; r++)
1744
+
for (r = 0; r < 16; r++)
1746
1745
if (scan_info->ext_rate[r])
1747
1746
target->rate_ext_len++;
1748
1747
list_move_tail(&target->list, &wl->network_list);
+2
-2
drivers/net/ps3_gelic_wireless.h
+2
-2
drivers/net/ps3_gelic_wireless.h
···
164
164
__be16 security;
165
165
u8 bssid[8]; /* last ETH_ALEN are valid. bssid[0],[1] are unused */
166
166
u8 essid[32]; /* IW_ESSID_MAX_SIZE */
167
-
u8 rate[16]; /* first MAX_RATES_LENGTH(12) are valid */
168
-
u8 ext_rate[16]; /* first MAX_RATES_EX_LENGTH(16) are valid */
167
+
u8 rate[16]; /* first 12 are valid */
168
+
u8 ext_rate[16]; /* first 16 are valid */
169
169
__be32 reserved1;
170
170
__be32 reserved2;
171
171
__be32 reserved3;
+24
-26
drivers/net/wireless/airo.c
+24
-26
drivers/net/wireless/airo.c
···
47
47
#include <linux/ioport.h>
48
48
#include <linux/pci.h>
49
49
#include <asm/uaccess.h>
50
-
#include <net/ieee80211.h>
51
50
#include <linux/kthread.h>
52
51
#include <linux/freezer.h>
52
+
53
+
#include <linux/ieee80211.h>
53
54
54
55
#include "airo.h"
55
56
···
7266
7265
if (test_bit(FLAG_WPA_CAPABLE, &ai->flags)) {
7267
7266
unsigned int num_null_ies = 0;
7268
7267
u16 length = sizeof (bss->extra.iep);
7269
-
struct ieee80211_info_element *info_element =
7270
-
(struct ieee80211_info_element *) &bss->extra.iep;
7268
+
u8 *ie = (void *)&bss->extra.iep;
7271
7269
7272
-
while ((length >= sizeof(*info_element)) && (num_null_ies < 2)) {
7273
-
if (sizeof(*info_element) + info_element->len > length) {
7270
+
while ((length >= 2) && (num_null_ies < 2)) {
7271
+
if (2 + ie[1] > length) {
7274
7272
/* Invalid element, don't continue parsing IE */
7275
7273
break;
7276
7274
}
7277
7275
7278
-
switch (info_element->id) {
7279
-
case MFIE_TYPE_SSID:
7276
+
switch (ie[0]) {
7277
+
case WLAN_EID_SSID:
7280
7278
/* Two zero-length SSID elements
7281
7279
* mean we're done parsing elements */
7282
-
if (!info_element->len)
7280
+
if (!ie[1])
7283
7281
num_null_ies++;
7284
7282
break;
7285
7283
7286
-
case MFIE_TYPE_GENERIC:
7287
-
if (info_element->len >= 4 &&
7288
-
info_element->data[0] == 0x00 &&
7289
-
info_element->data[1] == 0x50 &&
7290
-
info_element->data[2] == 0xf2 &&
7291
-
info_element->data[3] == 0x01) {
7284
+
case WLAN_EID_GENERIC:
7285
+
if (ie[1] >= 4 &&
7286
+
ie[2] == 0x00 &&
7287
+
ie[3] == 0x50 &&
7288
+
ie[4] == 0xf2 &&
7289
+
ie[5] == 0x01) {
7292
7290
iwe.cmd = IWEVGENIE;
7293
-
iwe.u.data.length = min(info_element->len + 2,
7294
-
MAX_WPA_IE_LEN);
7291
+
/* 64 is an arbitrary cut-off */
7292
+
iwe.u.data.length = min(ie[1] + 2,
7293
+
64);
7295
7294
current_ev = iwe_stream_add_point(
7296
7295
info, current_ev,
7297
-
end_buf, &iwe,
7298
-
(char *) info_element);
7296
+
end_buf, &iwe, ie);
7299
7297
}
7300
7298
break;
7301
7299
7302
-
case MFIE_TYPE_RSN:
7300
+
case WLAN_EID_RSN:
7303
7301
iwe.cmd = IWEVGENIE;
7304
-
iwe.u.data.length = min(info_element->len + 2,
7305
-
MAX_WPA_IE_LEN);
7302
+
/* 64 is an arbitrary cut-off */
7303
+
iwe.u.data.length = min(ie[1] + 2, 64);
7306
7304
current_ev = iwe_stream_add_point(
7307
7305
info, current_ev, end_buf,
7308
-
&iwe, (char *) info_element);
7306
+
&iwe, ie);
7309
7307
break;
7310
7308
7311
7309
default:
7312
7310
break;
7313
7311
}
7314
7312
7315
-
length -= sizeof(*info_element) + info_element->len;
7316
-
info_element =
7317
-
(struct ieee80211_info_element *)&info_element->
7318
-
data[info_element->len];
7313
+
length -= 2 + ie[1];
7314
+
ie += 2 + ie[1];
7319
7315
}
7320
7316
}
7321
7317
return current_ev;
+35
-35
drivers/net/wireless/atmel.c
+35
-35
drivers/net/wireless/atmel.c
···
67
67
#include <linux/moduleparam.h>
68
68
#include <linux/firmware.h>
69
69
#include <linux/jiffies.h>
70
-
#include <net/ieee80211.h>
70
+
#include <linux/ieee80211.h>
71
71
#include "atmel.h"
72
72
73
73
#define DRIVER_MAJOR 0
···
569
569
static void atmel_command_irq(struct atmel_private *priv);
570
570
static int atmel_validate_channel(struct atmel_private *priv, int channel);
571
571
static void atmel_management_frame(struct atmel_private *priv,
572
-
struct ieee80211_hdr_4addr *header,
572
+
struct ieee80211_hdr *header,
573
573
u16 frame_len, u8 rssi);
574
574
static void atmel_management_timer(u_long a);
575
575
static void atmel_send_command(struct atmel_private *priv, int command,
···
577
577
static int atmel_send_command_wait(struct atmel_private *priv, int command,
578
578
void *cmd, int cmd_size);
579
579
static void atmel_transmit_management_frame(struct atmel_private *priv,
580
-
struct ieee80211_hdr_4addr *header,
580
+
struct ieee80211_hdr *header,
581
581
u8 *body, int body_len);
582
582
583
583
static u8 atmel_get_mib8(struct atmel_private *priv, u8 type, u8 index);
···
785
785
{
786
786
static const u8 SNAP_RFC1024[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
787
787
struct atmel_private *priv = netdev_priv(dev);
788
-
struct ieee80211_hdr_4addr header;
788
+
struct ieee80211_hdr header;
789
789
unsigned long flags;
790
790
u16 buff, frame_ctl, len = (ETH_ZLEN < skb->len) ? skb->len : ETH_ZLEN;
791
791
···
823
823
824
824
frame_ctl = IEEE80211_FTYPE_DATA;
825
825
header.duration_id = 0;
826
-
header.seq_ctl = 0;
826
+
header.seq_ctrl = 0;
827
827
if (priv->wep_is_on)
828
828
frame_ctl |= IEEE80211_FCTL_PROTECTED;
829
829
if (priv->operating_mode == IW_MODE_ADHOC) {
···
840
840
if (priv->use_wpa)
841
841
memcpy(&header.addr4, SNAP_RFC1024, 6);
842
842
843
-
header.frame_ctl = cpu_to_le16(frame_ctl);
843
+
header.frame_control = cpu_to_le16(frame_ctl);
844
844
/* Copy the wireless header into the card */
845
845
atmel_copy_to_card(dev, buff, (unsigned char *)&header, DATA_FRAME_WS_HEADER_SIZE);
846
846
/* Copy the packet sans its 802.3 header addresses which have been replaced */
···
860
860
}
861
861
862
862
static void atmel_transmit_management_frame(struct atmel_private *priv,
863
-
struct ieee80211_hdr_4addr *header,
863
+
struct ieee80211_hdr *header,
864
864
u8 *body, int body_len)
865
865
{
866
866
u16 buff;
···
876
876
}
877
877
878
878
static void fast_rx_path(struct atmel_private *priv,
879
-
struct ieee80211_hdr_4addr *header,
879
+
struct ieee80211_hdr *header,
880
880
u16 msdu_size, u16 rx_packet_loc, u32 crc)
881
881
{
882
882
/* fast path: unfragmented packet copy directly into skbuf */
···
914
914
}
915
915
916
916
memcpy(skbp, header->addr1, 6); /* destination address */
917
-
if (le16_to_cpu(header->frame_ctl) & IEEE80211_FCTL_FROMDS)
917
+
if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
918
918
memcpy(&skbp[6], header->addr3, 6);
919
919
else
920
920
memcpy(&skbp[6], header->addr2, 6); /* source address */
···
949
949
}
950
950
951
951
static void frag_rx_path(struct atmel_private *priv,
952
-
struct ieee80211_hdr_4addr *header,
952
+
struct ieee80211_hdr *header,
953
953
u16 msdu_size, u16 rx_packet_loc, u32 crc, u16 seq_no,
954
954
u8 frag_no, int more_frags)
955
955
{
···
957
957
u8 source[6];
958
958
struct sk_buff *skb;
959
959
960
-
if (le16_to_cpu(header->frame_ctl) & IEEE80211_FCTL_FROMDS)
960
+
if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
961
961
memcpy(source, header->addr3, 6);
962
962
else
963
963
memcpy(source, header->addr2, 6);
···
1039
1039
static void rx_done_irq(struct atmel_private *priv)
1040
1040
{
1041
1041
int i;
1042
-
struct ieee80211_hdr_4addr header;
1042
+
struct ieee80211_hdr header;
1043
1043
1044
1044
for (i = 0;
1045
1045
atmel_rmem8(priv, atmel_rx(priv, RX_DESC_FLAGS_OFFSET, priv->rx_desc_head)) == RX_DESC_FLAG_VALID &&
···
1066
1066
goto next;
1067
1067
}
1068
1068
1069
-
/* Get header as far as end of seq_ctl */
1069
+
/* Get header as far as end of seq_ctrl */
1070
1070
atmel_copy_to_host(priv->dev, (char *)&header, rx_packet_loc, 24);
1071
-
frame_ctl = le16_to_cpu(header.frame_ctl);
1072
-
seq_control = le16_to_cpu(header.seq_ctl);
1071
+
frame_ctl = le16_to_cpu(header.frame_control);
1072
+
seq_control = le16_to_cpu(header.seq_ctrl);
1073
1073
1074
1074
/* probe for CRC use here if needed once five packets have
1075
1075
arrived with the same crc status, we assume we know what's
···
1819
1819
/* Determine and validate the key index */
1820
1820
idx = encoding->flags & IW_ENCODE_INDEX;
1821
1821
if (idx) {
1822
-
if (idx < 1 || idx > WEP_KEYS)
1822
+
if (idx < 1 || idx > 4)
1823
1823
return -EINVAL;
1824
1824
idx--;
1825
1825
} else
···
1882
1882
1883
1883
idx = encoding->flags & IW_ENCODE_INDEX;
1884
1884
if (idx) {
1885
-
if (idx < 1 || idx > WEP_KEYS)
1885
+
if (idx < 1 || idx > 4)
1886
1886
return -EINVAL;
1887
1887
idx--;
1888
1888
} else
···
2797
2797
u8 channel)
2798
2798
{
2799
2799
int rejoin = 0;
2800
-
int new = capability & MFIE_TYPE_POWER_CONSTRAINT ?
2800
+
int new = capability & WLAN_CAPABILITY_SHORT_PREAMBLE ?
2801
2801
SHORT_PREAMBLE : LONG_PREAMBLE;
2802
2802
2803
2803
if (priv->preamble != new) {
···
2826
2826
static void send_authentication_request(struct atmel_private *priv, u16 system,
2827
2827
u8 *challenge, int challenge_len)
2828
2828
{
2829
-
struct ieee80211_hdr_4addr header;
2829
+
struct ieee80211_hdr header;
2830
2830
struct auth_body auth;
2831
2831
2832
-
header.frame_ctl = cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH);
2832
+
header.frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH);
2833
2833
header.duration_id = cpu_to_le16(0x8000);
2834
-
header.seq_ctl = 0;
2834
+
header.seq_ctrl = 0;
2835
2835
memcpy(header.addr1, priv->CurrentBSSID, 6);
2836
2836
memcpy(header.addr2, priv->dev->dev_addr, 6);
2837
2837
memcpy(header.addr3, priv->CurrentBSSID, 6);
2838
2838
2839
2839
if (priv->wep_is_on && priv->CurrentAuthentTransactionSeqNum != 1)
2840
2840
/* no WEP for authentication frames with TrSeqNo 1 */
2841
-
header.frame_ctl |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
2841
+
header.frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
2842
2842
2843
2843
auth.alg = cpu_to_le16(system);
2844
2844
···
2861
2861
{
2862
2862
u8 *ssid_el_p;
2863
2863
int bodysize;
2864
-
struct ieee80211_hdr_4addr header;
2864
+
struct ieee80211_hdr header;
2865
2865
struct ass_req_format {
2866
2866
__le16 capability;
2867
2867
__le16 listen_interval;
···
2874
2874
u8 rates[4];
2875
2875
} body;
2876
2876
2877
-
header.frame_ctl = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2877
+
header.frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2878
2878
(is_reassoc ? IEEE80211_STYPE_REASSOC_REQ : IEEE80211_STYPE_ASSOC_REQ));
2879
2879
header.duration_id = cpu_to_le16(0x8000);
2880
-
header.seq_ctl = 0;
2880
+
header.seq_ctrl = 0;
2881
2881
2882
2882
memcpy(header.addr1, priv->CurrentBSSID, 6);
2883
2883
memcpy(header.addr2, priv->dev->dev_addr, 6);
···
2887
2887
if (priv->wep_is_on)
2888
2888
body.capability |= cpu_to_le16(WLAN_CAPABILITY_PRIVACY);
2889
2889
if (priv->preamble == SHORT_PREAMBLE)
2890
-
body.capability |= cpu_to_le16(MFIE_TYPE_POWER_CONSTRAINT);
2890
+
body.capability |= cpu_to_le16(WLAN_CAPABILITY_SHORT_PREAMBLE);
2891
2891
2892
2892
body.listen_interval = cpu_to_le16(priv->listen_interval * priv->beacon_period);
2893
2893
···
2901
2901
bodysize = 12 + priv->SSID_size;
2902
2902
}
2903
2903
2904
-
ssid_el_p[0] = MFIE_TYPE_SSID;
2904
+
ssid_el_p[0] = WLAN_EID_SSID;
2905
2905
ssid_el_p[1] = priv->SSID_size;
2906
2906
memcpy(ssid_el_p + 2, priv->SSID, priv->SSID_size);
2907
-
ssid_el_p[2 + priv->SSID_size] = MFIE_TYPE_RATES;
2907
+
ssid_el_p[2 + priv->SSID_size] = WLAN_EID_SUPP_RATES;
2908
2908
ssid_el_p[3 + priv->SSID_size] = 4; /* len of suported rates */
2909
2909
memcpy(ssid_el_p + 4 + priv->SSID_size, atmel_basic_rates, 4);
2910
2910
···
2912
2912
}
2913
2913
2914
2914
static int is_frame_from_current_bss(struct atmel_private *priv,
2915
-
struct ieee80211_hdr_4addr *header)
2915
+
struct ieee80211_hdr *header)
2916
2916
{
2917
-
if (le16_to_cpu(header->frame_ctl) & IEEE80211_FCTL_FROMDS)
2917
+
if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
2918
2918
return memcmp(header->addr3, priv->CurrentBSSID, 6) == 0;
2919
2919
else
2920
2920
return memcmp(header->addr2, priv->CurrentBSSID, 6) == 0;
···
2962
2962
}
2963
2963
2964
2964
static void store_bss_info(struct atmel_private *priv,
2965
-
struct ieee80211_hdr_4addr *header, u16 capability,
2965
+
struct ieee80211_hdr *header, u16 capability,
2966
2966
u16 beacon_period, u8 channel, u8 rssi, u8 ssid_len,
2967
2967
u8 *ssid, int is_beacon)
2968
2968
{
···
3001
3001
else if (capability & WLAN_CAPABILITY_ESS)
3002
3002
priv->BSSinfo[index].BSStype =IW_MODE_INFRA;
3003
3003
3004
-
priv->BSSinfo[index].preamble = capability & MFIE_TYPE_POWER_CONSTRAINT ?
3004
+
priv->BSSinfo[index].preamble = capability & WLAN_CAPABILITY_SHORT_PREAMBLE ?
3005
3005
SHORT_PREAMBLE : LONG_PREAMBLE;
3006
3006
}
3007
3007
···
3037
3037
}
3038
3038
} else if (system == WLAN_AUTH_SHARED_KEY) {
3039
3039
if (trans_seq_no == 0x0002 &&
3040
-
auth->el_id == MFIE_TYPE_CHALLENGE) {
3040
+
auth->el_id == WLAN_EID_CHALLENGE) {
3041
3041
send_authentication_request(priv, system, auth->chall_text, auth->chall_text_len);
3042
3042
return;
3043
3043
} else if (trans_seq_no == 0x0004) {
···
3288
3288
3289
3289
/* deals with incoming managment frames. */
3290
3290
static void atmel_management_frame(struct atmel_private *priv,
3291
-
struct ieee80211_hdr_4addr *header,
3291
+
struct ieee80211_hdr *header,
3292
3292
u16 frame_len, u8 rssi)
3293
3293
{
3294
3294
u16 subtype;
3295
3295
3296
-
subtype = le16_to_cpu(header->frame_ctl) & IEEE80211_FCTL_STYPE;
3296
+
subtype = le16_to_cpu(header->frame_control) & IEEE80211_FCTL_STYPE;
3297
3297
switch (subtype) {
3298
3298
case IEEE80211_STYPE_BEACON:
3299
3299
case IEEE80211_STYPE_PROBE_RESP:
+10
-8
drivers/net/wireless/libertas/assoc.c
+10
-8
drivers/net/wireless/libertas/assoc.c
···
2
2
3
3
#include <linux/types.h>
4
4
#include <linux/etherdevice.h>
5
+
#include <linux/ieee80211.h>
6
+
#include <linux/if_arp.h>
5
7
#include <net/lib80211.h>
6
8
7
9
#include "assoc.h"
···
343
341
WARN_ON(!assoc_req->channel);
344
342
345
343
/* set Physical parameter set */
346
-
cmd.phyparamset.dsparamset.elementid = MFIE_TYPE_DS_SET;
344
+
cmd.phyparamset.dsparamset.elementid = WLAN_EID_DS_PARAMS;
347
345
cmd.phyparamset.dsparamset.len = 1;
348
346
cmd.phyparamset.dsparamset.currentchan = assoc_req->channel;
349
347
350
348
/* set IBSS parameter set */
351
-
cmd.ssparamset.ibssparamset.elementid = MFIE_TYPE_IBSS_SET;
349
+
cmd.ssparamset.ibssparamset.elementid = WLAN_EID_IBSS_PARAMS;
352
350
cmd.ssparamset.ibssparamset.len = 2;
353
351
cmd.ssparamset.ibssparamset.atimwindow = 0;
354
352
···
432
430
{
433
431
if (!secinfo->wep_enabled && !secinfo->WPAenabled
434
432
&& !secinfo->WPA2enabled
435
-
&& match_bss->wpa_ie[0] != MFIE_TYPE_GENERIC
436
-
&& match_bss->rsn_ie[0] != MFIE_TYPE_RSN
433
+
&& match_bss->wpa_ie[0] != WLAN_EID_GENERIC
434
+
&& match_bss->rsn_ie[0] != WLAN_EID_RSN
437
435
&& !(match_bss->capability & WLAN_CAPABILITY_PRIVACY))
438
436
return 1;
439
437
else
···
455
453
struct bss_descriptor *match_bss)
456
454
{
457
455
if (!secinfo->wep_enabled && secinfo->WPAenabled
458
-
&& (match_bss->wpa_ie[0] == MFIE_TYPE_GENERIC)
456
+
&& (match_bss->wpa_ie[0] == WLAN_EID_GENERIC)
459
457
/* privacy bit may NOT be set in some APs like LinkSys WRT54G
460
458
&& (match_bss->capability & WLAN_CAPABILITY_PRIVACY) */
461
459
)
···
468
466
struct bss_descriptor *match_bss)
469
467
{
470
468
if (!secinfo->wep_enabled && secinfo->WPA2enabled &&
471
-
(match_bss->rsn_ie[0] == MFIE_TYPE_RSN)
469
+
(match_bss->rsn_ie[0] == WLAN_EID_RSN)
472
470
/* privacy bit may NOT be set in some APs like LinkSys WRT54G
473
471
(match_bss->capability & WLAN_CAPABILITY_PRIVACY) */
474
472
)
···
482
480
{
483
481
if (!secinfo->wep_enabled && !secinfo->WPAenabled
484
482
&& !secinfo->WPA2enabled
485
-
&& (match_bss->wpa_ie[0] != MFIE_TYPE_GENERIC)
486
-
&& (match_bss->rsn_ie[0] != MFIE_TYPE_RSN)
483
+
&& (match_bss->wpa_ie[0] != WLAN_EID_GENERIC)
484
+
&& (match_bss->rsn_ie[0] != WLAN_EID_RSN)
487
485
&& (match_bss->capability & WLAN_CAPABILITY_PRIVACY))
488
486
return 1;
489
487
else
+2
-3
drivers/net/wireless/libertas/cmd.c
+2
-3
drivers/net/wireless/libertas/cmd.c
···
5
5
6
6
#include <net/iw_handler.h>
7
7
#include <net/lib80211.h>
8
-
#include <net/ieee80211.h>
9
8
#include <linux/kfifo.h>
10
9
#include "host.h"
11
10
#include "hostcmd.h"
···
1070
1071
1071
1072
switch (action) {
1072
1073
case CMD_ACT_MESH_CONFIG_START:
1073
-
ie->hdr.id = MFIE_TYPE_GENERIC;
1074
+
ie->id = WLAN_EID_GENERIC;
1074
1075
ie->val.oui[0] = 0x00;
1075
1076
ie->val.oui[1] = 0x50;
1076
1077
ie->val.oui[2] = 0x43;
···
1082
1083
ie->val.mesh_capability = MARVELL_MESH_CAPABILITY;
1083
1084
ie->val.mesh_id_len = priv->mesh_ssid_len;
1084
1085
memcpy(ie->val.mesh_id, priv->mesh_ssid, priv->mesh_ssid_len);
1085
-
ie->hdr.len = sizeof(struct mrvl_meshie_val) -
1086
+
ie->len = sizeof(struct mrvl_meshie_val) -
1086
1087
IW_ESSID_MAX_SIZE + priv->mesh_ssid_len;
1087
1088
cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie_val));
1088
1089
break;
+6
-1
drivers/net/wireless/libertas/dev.h
+6
-1
drivers/net/wireless/libertas/dev.h
···
10
10
#include <linux/wireless.h>
11
11
#include <linux/ethtool.h>
12
12
#include <linux/debugfs.h>
13
-
#include <net/ieee80211.h>
14
13
15
14
#include "defs.h"
16
15
#include "hostcmd.h"
···
276
277
/** WPA keys */
277
278
struct enc_key wpa_mcast_key;
278
279
struct enc_key wpa_unicast_key;
280
+
281
+
/*
282
+
* In theory, the IE is limited to the IE length, 255,
283
+
* but in practice 64 bytes are enough.
284
+
*/
285
+
#define MAX_WPA_IE_LEN 64
279
286
280
287
/** WPA Information Elements*/
281
288
u8 wpa_ie[MAX_WPA_IE_LEN];
+1
-2
drivers/net/wireless/libertas/main.c
+1
-2
drivers/net/wireless/libertas/main.c
+1
-1
drivers/net/wireless/libertas/persistcfg.c
+1
-1
drivers/net/wireless/libertas/persistcfg.c
···
233
233
/* SSID len */
234
234
ie->val.mesh_id_len = len;
235
235
/* IE len */
236
-
ie->hdr.len = sizeof(struct mrvl_meshie_val) - IW_ESSID_MAX_SIZE + len;
236
+
ie->len = sizeof(struct mrvl_meshie_val) - IW_ESSID_MAX_SIZE + len;
237
237
238
238
ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
239
239
CMD_TYPE_MESH_SET_MESH_IE);
+39
-38
drivers/net/wireless/libertas/scan.c
+39
-38
drivers/net/wireless/libertas/scan.c
···
6
6
*/
7
7
#include <linux/types.h>
8
8
#include <linux/etherdevice.h>
9
+
#include <linux/if_arp.h>
9
10
#include <asm/unaligned.h>
10
-
11
11
#include <net/lib80211.h>
12
12
13
13
#include "host.h"
···
54
54
55
55
//! Scan time specified in the channel TLV for each channel for active scans
56
56
#define MRVDRV_ACTIVE_SCAN_CHAN_TIME 100
57
+
58
+
#define DEFAULT_MAX_SCAN_AGE (15 * HZ)
57
59
58
60
static int lbs_ret_80211_scan(struct lbs_private *priv, unsigned long dummy,
59
61
struct cmd_header *resp);
···
593
591
594
592
/* process variable IE */
595
593
while (pos <= end - 2) {
596
-
struct ieee80211_info_element * elem = (void *)pos;
597
-
598
-
if (pos + elem->len > end) {
594
+
if (pos + pos[1] > end) {
599
595
lbs_deb_scan("process_bss: error in processing IE, "
600
596
"bytes left < IE length\n");
601
597
break;
602
598
}
603
599
604
-
switch (elem->id) {
605
-
case MFIE_TYPE_SSID:
606
-
bss->ssid_len = min_t(int, 32, elem->len);
607
-
memcpy(bss->ssid, elem->data, bss->ssid_len);
600
+
switch (pos[0]) {
601
+
case WLAN_EID_SSID:
602
+
bss->ssid_len = min_t(int, IEEE80211_MAX_SSID_LEN, pos[1]);
603
+
memcpy(bss->ssid, pos + 2, bss->ssid_len);
608
604
lbs_deb_scan("got SSID IE: '%s', len %u\n",
609
605
print_ssid(ssid, bss->ssid, bss->ssid_len),
610
606
bss->ssid_len);
611
607
break;
612
608
613
-
case MFIE_TYPE_RATES:
614
-
n_basic_rates = min_t(uint8_t, MAX_RATES, elem->len);
615
-
memcpy(bss->rates, elem->data, n_basic_rates);
609
+
case WLAN_EID_SUPP_RATES:
610
+
n_basic_rates = min_t(uint8_t, MAX_RATES, pos[1]);
611
+
memcpy(bss->rates, pos + 2, n_basic_rates);
616
612
got_basic_rates = 1;
617
613
lbs_deb_scan("got RATES IE\n");
618
614
break;
619
615
620
-
case MFIE_TYPE_FH_SET:
616
+
case WLAN_EID_FH_PARAMS:
621
617
pFH = (struct ieeetypes_fhparamset *) pos;
622
618
memmove(&bss->phyparamset.fhparamset, pFH,
623
619
sizeof(struct ieeetypes_fhparamset));
624
620
lbs_deb_scan("got FH IE\n");
625
621
break;
626
622
627
-
case MFIE_TYPE_DS_SET:
623
+
case WLAN_EID_DS_PARAMS:
628
624
pDS = (struct ieeetypes_dsparamset *) pos;
629
625
bss->channel = pDS->currentchan;
630
626
memcpy(&bss->phyparamset.dsparamset, pDS,
···
630
630
lbs_deb_scan("got DS IE, channel %d\n", bss->channel);
631
631
break;
632
632
633
-
case MFIE_TYPE_CF_SET:
633
+
case WLAN_EID_CF_PARAMS:
634
634
pCF = (struct ieeetypes_cfparamset *) pos;
635
635
memcpy(&bss->ssparamset.cfparamset, pCF,
636
636
sizeof(struct ieeetypes_cfparamset));
637
637
lbs_deb_scan("got CF IE\n");
638
638
break;
639
639
640
-
case MFIE_TYPE_IBSS_SET:
640
+
case WLAN_EID_IBSS_PARAMS:
641
641
pibss = (struct ieeetypes_ibssparamset *) pos;
642
642
bss->atimwindow = le16_to_cpu(pibss->atimwindow);
643
643
memmove(&bss->ssparamset.ibssparamset, pibss,
···
645
645
lbs_deb_scan("got IBSS IE\n");
646
646
break;
647
647
648
-
case MFIE_TYPE_COUNTRY:
648
+
case WLAN_EID_COUNTRY:
649
649
pcountryinfo = (struct ieeetypes_countryinfoset *) pos;
650
650
lbs_deb_scan("got COUNTRY IE\n");
651
651
if (pcountryinfo->len < sizeof(pcountryinfo->countrycode)
···
662
662
(int) (pcountryinfo->len + 2));
663
663
break;
664
664
665
-
case MFIE_TYPE_RATES_EX:
665
+
case WLAN_EID_EXT_SUPP_RATES:
666
666
/* only process extended supported rate if data rate is
667
667
* already found. Data rate IE should come before
668
668
* extended supported rate IE
···
673
673
break;
674
674
}
675
675
676
-
n_ex_rates = elem->len;
676
+
n_ex_rates = pos[1];
677
677
if (n_basic_rates + n_ex_rates > MAX_RATES)
678
678
n_ex_rates = MAX_RATES - n_basic_rates;
679
679
680
680
p = bss->rates + n_basic_rates;
681
-
memcpy(p, elem->data, n_ex_rates);
681
+
memcpy(p, pos + 2, n_ex_rates);
682
682
break;
683
683
684
-
case MFIE_TYPE_GENERIC:
685
-
if (elem->len >= 4 &&
686
-
elem->data[0] == 0x00 && elem->data[1] == 0x50 &&
687
-
elem->data[2] == 0xf2 && elem->data[3] == 0x01) {
688
-
bss->wpa_ie_len = min(elem->len + 2, MAX_WPA_IE_LEN);
689
-
memcpy(bss->wpa_ie, elem, bss->wpa_ie_len);
684
+
case WLAN_EID_GENERIC:
685
+
if (pos[1] >= 4 &&
686
+
pos[2] == 0x00 && pos[3] == 0x50 &&
687
+
pos[4] == 0xf2 && pos[5] == 0x01) {
688
+
bss->wpa_ie_len = min(pos[1] + 2, MAX_WPA_IE_LEN);
689
+
memcpy(bss->wpa_ie, pos, bss->wpa_ie_len);
690
690
lbs_deb_scan("got WPA IE\n");
691
-
lbs_deb_hex(LBS_DEB_SCAN, "WPA IE", bss->wpa_ie, elem->len);
692
-
} else if (elem->len >= MARVELL_MESH_IE_LENGTH &&
693
-
elem->data[0] == 0x00 && elem->data[1] == 0x50 &&
694
-
elem->data[2] == 0x43 && elem->data[3] == 0x04) {
691
+
lbs_deb_hex(LBS_DEB_SCAN, "WPA IE", bss->wpa_ie,
692
+
bss->wpa_ie_len);
693
+
} else if (pos[1] >= MARVELL_MESH_IE_LENGTH &&
694
+
pos[2] == 0x00 && pos[3] == 0x50 &&
695
+
pos[4] == 0x43 && pos[4] == 0x04) {
695
696
lbs_deb_scan("got mesh IE\n");
696
697
bss->mesh = 1;
697
698
} else {
698
699
lbs_deb_scan("got generic IE: %02x:%02x:%02x:%02x, len %d\n",
699
-
elem->data[0], elem->data[1],
700
-
elem->data[2], elem->data[3],
701
-
elem->len);
700
+
pos[2], pos[3],
701
+
pos[4], pos[5],
702
+
pos[1]);
702
703
}
703
704
break;
704
705
705
-
case MFIE_TYPE_RSN:
706
+
case WLAN_EID_RSN:
706
707
lbs_deb_scan("got RSN IE\n");
707
-
bss->rsn_ie_len = min(elem->len + 2, MAX_WPA_IE_LEN);
708
-
memcpy(bss->rsn_ie, elem, bss->rsn_ie_len);
708
+
bss->rsn_ie_len = min(pos[1] + 2, MAX_WPA_IE_LEN);
709
+
memcpy(bss->rsn_ie, pos, bss->rsn_ie_len);
709
710
lbs_deb_hex(LBS_DEB_SCAN, "process_bss: RSN_IE",
710
-
bss->rsn_ie, elem->len);
711
+
bss->rsn_ie, bss->rsn_ie_len);
711
712
break;
712
713
713
714
default:
714
715
lbs_deb_scan("got IE 0x%04x, len %d\n",
715
-
elem->id, elem->len);
716
+
pos[0], pos[1]);
716
717
break;
717
718
}
718
719
719
-
pos += elem->len + 2;
720
+
pos += pos[1] + 2;
720
721
}
721
722
722
723
/* Timestamp */
+4
drivers/net/wireless/libertas/scan.h
+4
drivers/net/wireless/libertas/scan.h
+2
-3
drivers/net/wireless/libertas/types.h
+2
-3
drivers/net/wireless/libertas/types.h
···
7
7
#include <linux/if_ether.h>
8
8
#include <asm/byteorder.h>
9
9
#include <linux/wireless.h>
10
-
#include <net/ieee80211.h>
11
10
12
11
struct ieeetypes_cfparamset {
13
12
u8 elementid;
···
257
258
* Note that the len member of the ieee80211_info_element varies depending on
258
259
* the mesh_id_len */
259
260
struct mrvl_meshie_val {
260
-
uint8_t oui[P80211_OUI_LEN];
261
+
uint8_t oui[3];
261
262
uint8_t type;
262
263
uint8_t subtype;
263
264
uint8_t version;
···
269
270
} __attribute__ ((packed));
270
271
271
272
struct mrvl_meshie {
272
-
struct ieee80211_info_element hdr;
273
+
u8 id, len;
273
274
struct mrvl_meshie_val val;
274
275
} __attribute__ ((packed));
275
276
-1
drivers/net/wireless/libertas/wext.c
-1
drivers/net/wireless/libertas/wext.c
+16
-14
drivers/net/wireless/orinoco.c
+16
-14
drivers/net/wireless/orinoco.c
···
86
86
#include <linux/firmware.h>
87
87
#include <linux/if_arp.h>
88
88
#include <linux/wireless.h>
89
+
#include <linux/ieee80211.h>
89
90
#include <net/iw_handler.h>
90
-
#include <net/ieee80211.h>
91
91
92
92
#include <linux/scatterlist.h>
93
93
#include <linux/crypto.h>
···
143
143
#define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2)
144
144
145
145
#define ORINOCO_MIN_MTU 256
146
-
#define ORINOCO_MAX_MTU (IEEE80211_DATA_LEN - ENCAPS_OVERHEAD)
146
+
#define ORINOCO_MAX_MTU (IEEE80211_MAX_DATA_LEN - ENCAPS_OVERHEAD)
147
147
148
148
#define SYMBOL_MAX_VER_LEN (14)
149
149
#define USER_BAP 0
···
392
392
}
393
393
394
394
static inline u8 *orinoco_get_ie(u8 *data, size_t len,
395
-
enum ieee80211_mfie eid)
395
+
enum ieee80211_eid eid)
396
396
{
397
397
u8 *p = data;
398
398
while ((p + 2) < (data + len)) {
···
409
409
{
410
410
u8 *p = data;
411
411
while ((p + 2 + WPA_SELECTOR_LEN) < (data + len)) {
412
-
if ((p[0] == MFIE_TYPE_GENERIC) &&
412
+
if ((p[0] == WLAN_EID_GENERIC) &&
413
413
(memcmp(&p[2], WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0))
414
414
return p;
415
415
p += p[1] + 2;
···
839
839
if ( (new_mtu < ORINOCO_MIN_MTU) || (new_mtu > ORINOCO_MAX_MTU) )
840
840
return -EINVAL;
841
841
842
-
if ( (new_mtu + ENCAPS_OVERHEAD + IEEE80211_HLEN) >
842
+
/* MTU + encapsulation + header length */
843
+
if ( (new_mtu + ENCAPS_OVERHEAD + sizeof(struct ieee80211_hdr)) >
843
844
(priv->nicbuf_size - ETH_HLEN) )
844
845
return -EINVAL;
845
846
···
1255
1254
}
1256
1255
1257
1256
/* sanity check the length */
1258
-
if (datalen > IEEE80211_DATA_LEN + 12) {
1257
+
if (datalen > IEEE80211_MAX_DATA_LEN + 12) {
1259
1258
printk(KERN_DEBUG "%s: oversized monitor frame, "
1260
1259
"data length = %d\n", dev->name, datalen);
1261
1260
stats->rx_length_errors++;
···
1383
1382
data. */
1384
1383
goto out;
1385
1384
}
1386
-
if (length > IEEE80211_DATA_LEN) {
1385
+
if (length > IEEE80211_MAX_DATA_LEN) {
1387
1386
printk(KERN_WARNING "%s: Oversized frame received (%d bytes)\n",
1388
1387
dev->name, length);
1389
1388
stats->rx_length_errors++;
···
3286
3285
3287
3286
/* No need to lock, the hw_unavailable flag is already set in
3288
3287
* alloc_orinocodev() */
3289
-
priv->nicbuf_size = IEEE80211_FRAME_LEN + ETH_HLEN;
3288
+
priv->nicbuf_size = IEEE80211_MAX_FRAME_LEN + ETH_HLEN;
3290
3289
3291
3290
/* Initialize the firmware */
3292
3291
err = hermes_init(hw);
···
4682
4681
/* Determine and validate the key index */
4683
4682
idx = encoding->flags & IW_ENCODE_INDEX;
4684
4683
if (idx) {
4685
-
if ((idx < 1) || (idx > WEP_KEYS))
4684
+
if ((idx < 1) || (idx > 4))
4686
4685
goto out;
4687
4686
idx--;
4688
4687
} else
···
4787
4786
4788
4787
idx = encoding->flags & IW_ENCODE_INDEX;
4789
4788
if (idx) {
4790
-
if ((idx < 1) || (idx > WEP_KEYS))
4789
+
if ((idx < 1) || (idx > 4))
4791
4790
goto out;
4792
4791
idx--;
4793
4792
} else
···
4950
4949
unsigned long flags;
4951
4950
int err = 0;
4952
4951
4953
-
if ((wrqu->data.length > MAX_WPA_IE_LEN) ||
4952
+
/* cut off at IEEE80211_MAX_DATA_LEN */
4953
+
if ((wrqu->data.length > IEEE80211_MAX_DATA_LEN) ||
4954
4954
(wrqu->data.length && (extra == NULL)))
4955
4955
return -EINVAL;
4956
4956
···
5634
5632
&iwe, IW_EV_UINT_LEN);
5635
5633
}
5636
5634
5637
-
ie = orinoco_get_ie(bss->data, sizeof(bss->data), MFIE_TYPE_DS_SET);
5635
+
ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_DS_PARAMS);
5638
5636
channel = ie ? ie[2] : 0;
5639
5637
if ((channel >= 1) && (channel <= NUM_CHANNELS)) {
5640
5638
/* Add channel and frequency */
···
5684
5682
}
5685
5683
5686
5684
/* RSN IE */
5687
-
ie = orinoco_get_ie(bss->data, sizeof(bss->data), MFIE_TYPE_RSN);
5685
+
ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_RSN);
5688
5686
if (ie) {
5689
5687
iwe.cmd = IWEVGENIE;
5690
5688
iwe.u.data.length = ie[1] + 2;
···
5692
5690
&iwe, ie);
5693
5691
}
5694
5692
5695
-
ie = orinoco_get_ie(bss->data, sizeof(bss->data), MFIE_TYPE_RATES);
5693
+
ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_SUPP_RATES);
5696
5694
if (ie) {
5697
5695
char *p = current_ev + iwe_stream_lcp_len(info);
5698
5696
int i;
+12
-12
drivers/net/wireless/rndis_wlan.c
+12
-12
drivers/net/wireless/rndis_wlan.c
···
37
37
#include <linux/usb.h>
38
38
#include <linux/usb/cdc.h>
39
39
#include <linux/wireless.h>
40
+
#include <linux/ieee80211.h>
40
41
#include <linux/if_arp.h>
41
42
#include <linux/ctype.h>
42
43
#include <linux/spinlock.h>
43
44
#include <net/iw_handler.h>
44
-
#include <net/ieee80211.h>
45
45
#include <linux/usb/usbnet.h>
46
46
#include <linux/usb/rndis_host.h>
47
47
···
1652
1652
#ifdef DEBUG
1653
1653
struct usbnet *usbdev = dev->priv;
1654
1654
#endif
1655
-
struct ieee80211_info_element *ie;
1655
+
u8 *ie;
1656
1656
char *current_val;
1657
1657
int bssid_len, ie_len, i;
1658
1658
u32 beacon, atim;
···
1750
1750
ie_len = min(bssid_len - (int)sizeof(*bssid),
1751
1751
(int)le32_to_cpu(bssid->ie_length));
1752
1752
ie_len -= sizeof(struct ndis_80211_fixed_ies);
1753
-
while (ie_len >= sizeof(*ie) && sizeof(*ie) + ie->len <= ie_len) {
1754
-
if ((ie->id == MFIE_TYPE_GENERIC && ie->len >= 4 &&
1755
-
memcmp(ie->data, "\x00\x50\xf2\x01", 4) == 0) ||
1756
-
ie->id == MFIE_TYPE_RSN) {
1753
+
while (ie_len >= 2 && 2 + ie[1] <= ie_len) {
1754
+
if ((ie[0] == WLAN_EID_GENERIC && ie[1] >= 4 &&
1755
+
memcmp(ie + 2, "\x00\x50\xf2\x01", 4) == 0) ||
1756
+
ie[0] == WLAN_EID_RSN) {
1757
1757
devdbg(usbdev, "IE: WPA%d",
1758
-
(ie->id == MFIE_TYPE_RSN) ? 2 : 1);
1758
+
(ie[0] == WLAN_EID_RSN) ? 2 : 1);
1759
1759
iwe.cmd = IWEVGENIE;
1760
-
iwe.u.data.length = min(ie->len + 2, MAX_WPA_IE_LEN);
1761
-
cev = iwe_stream_add_point(info, cev, end_buf, &iwe,
1762
-
(u8 *)ie);
1760
+
/* arbitrary cut-off at 64 */
1761
+
iwe.u.data.length = min(ie[1] + 2, 64);
1762
+
cev = iwe_stream_add_point(info, cev, end_buf, &iwe, ie);
1763
1763
}
1764
1764
1765
-
ie_len -= sizeof(*ie) + ie->len;
1766
-
ie = (struct ieee80211_info_element *)&ie->data[ie->len];
1765
+
ie_len -= 2 + ie[1];
1766
+
ie += 2 + ie[1];
1767
1767
}
1768
1768
1769
1769
return cev;
+2
-2
drivers/net/wireless/wl3501.h
+2
-2
drivers/net/wireless/wl3501.h
···
2
2
#define __WL3501_H__
3
3
4
4
#include <linux/spinlock.h>
5
-
#include <net/ieee80211.h>
5
+
#include <linux/ieee80211.h>
6
6
7
7
/* define for WLA 2.0 */
8
8
#define WL3501_BLKSZ 256
···
548
548
549
549
struct wl3501_80211_tx_hdr {
550
550
struct wl3501_80211_tx_plcp_hdr pclp_hdr;
551
-
struct ieee80211_hdr_4addr mac_hdr;
551
+
struct ieee80211_hdr mac_hdr;
552
552
} __attribute__ ((packed));
553
553
554
554
/*
+2
-2
drivers/net/wireless/zd1201.c
+2
-2
drivers/net/wireless/zd1201.c
···
17
17
#include <linux/netdevice.h>
18
18
#include <linux/etherdevice.h>
19
19
#include <linux/wireless.h>
20
+
#include <linux/ieee80211.h>
20
21
#include <net/iw_handler.h>
21
22
#include <linux/string.h>
22
23
#include <linux/if_arp.h>
23
24
#include <linux/firmware.h>
24
-
#include <net/ieee80211.h>
25
25
#include "zd1201.h"
26
26
27
27
static struct usb_device_id zd1201_table[] = {
···
345
345
frag = kmalloc(sizeof(*frag), GFP_ATOMIC);
346
346
if (!frag)
347
347
goto resubmit;
348
-
skb = dev_alloc_skb(IEEE80211_DATA_LEN +14+2);
348
+
skb = dev_alloc_skb(IEEE80211_MAX_DATA_LEN +14+2);
349
349
if (!skb) {
350
350
kfree(frag);
351
351
goto resubmit;