提交 eb46936b 编写于 作者: V Vasanthakumar Thiagarajan 提交者: John W. Linville

mac80211: Scale down to non-HT association with TKIP/WEP as pairwise cipher

As TKIP is not updated to new security needs which arise when
TKIP is used to encrypt A-MPDU aggregated data frames, IEEE802.11n
does not allow any cipher other than CCMP (Which has new extensions
defined) as pairwise cipher between HT peers.

When such configuration (TKIP/WEP in HT) is forced, we still
associate in non-HT mode (11a/b/g).
Signed-off-by: NVasanthakumar Thiagarajan <vasanth@atheros.com>
Acked-by: NJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
上级 9ee677c2
...@@ -258,6 +258,7 @@ struct mesh_preq_queue { ...@@ -258,6 +258,7 @@ struct mesh_preq_queue {
#define IEEE80211_STA_AUTO_BSSID_SEL BIT(11) #define IEEE80211_STA_AUTO_BSSID_SEL BIT(11)
#define IEEE80211_STA_AUTO_CHANNEL_SEL BIT(12) #define IEEE80211_STA_AUTO_CHANNEL_SEL BIT(12)
#define IEEE80211_STA_PRIVACY_INVOKED BIT(13) #define IEEE80211_STA_PRIVACY_INVOKED BIT(13)
#define IEEE80211_STA_TKIP_WEP_USED BIT(14)
/* flags for MLME request */ /* flags for MLME request */
#define IEEE80211_STA_REQ_SCAN 0 #define IEEE80211_STA_REQ_SCAN 0
#define IEEE80211_STA_REQ_DIRECT_PROBE 1 #define IEEE80211_STA_REQ_DIRECT_PROBE 1
......
...@@ -459,7 +459,8 @@ static int ieee80211_stop(struct net_device *dev) ...@@ -459,7 +459,8 @@ static int ieee80211_stop(struct net_device *dev)
synchronize_rcu(); synchronize_rcu();
skb_queue_purge(&sdata->u.sta.skb_queue); skb_queue_purge(&sdata->u.sta.skb_queue);
sdata->u.sta.flags &= ~IEEE80211_STA_PRIVACY_INVOKED; sdata->u.sta.flags &= ~(IEEE80211_STA_PRIVACY_INVOKED |
IEEE80211_STA_TKIP_WEP_USED);
kfree(sdata->u.sta.extra_ie); kfree(sdata->u.sta.extra_ie);
sdata->u.sta.extra_ie = NULL; sdata->u.sta.extra_ie = NULL;
sdata->u.sta.extra_ie_len = 0; sdata->u.sta.extra_ie_len = 0;
......
...@@ -391,10 +391,17 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata, ...@@ -391,10 +391,17 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
} }
/* wmm support is a must to HT */ /* wmm support is a must to HT */
/*
* IEEE802.11n does not allow TKIP/WEP as pairwise
* ciphers in HT mode. We still associate in non-ht
* mode (11a/b/g) if any one of these ciphers is
* configured as pairwise.
*/
if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED) && if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED) &&
sband->ht_cap.ht_supported && sband->ht_cap.ht_supported &&
(ht_ie = ieee80211_bss_get_ie(bss, WLAN_EID_HT_INFORMATION)) && (ht_ie = ieee80211_bss_get_ie(bss, WLAN_EID_HT_INFORMATION)) &&
ht_ie[1] >= sizeof(struct ieee80211_ht_info)) { ht_ie[1] >= sizeof(struct ieee80211_ht_info) &&
(!(ifsta->flags & IEEE80211_STA_TKIP_WEP_USED))) {
struct ieee80211_ht_info *ht_info = struct ieee80211_ht_info *ht_info =
(struct ieee80211_ht_info *)(ht_ie + 2); (struct ieee80211_ht_info *)(ht_ie + 2);
u16 cap = sband->ht_cap.cap; u16 cap = sband->ht_cap.cap;
......
...@@ -903,12 +903,22 @@ static int ieee80211_ioctl_siwauth(struct net_device *dev, ...@@ -903,12 +903,22 @@ static int ieee80211_ioctl_siwauth(struct net_device *dev,
switch (data->flags & IW_AUTH_INDEX) { switch (data->flags & IW_AUTH_INDEX) {
case IW_AUTH_WPA_VERSION: case IW_AUTH_WPA_VERSION:
case IW_AUTH_CIPHER_PAIRWISE:
case IW_AUTH_CIPHER_GROUP: case IW_AUTH_CIPHER_GROUP:
case IW_AUTH_WPA_ENABLED: case IW_AUTH_WPA_ENABLED:
case IW_AUTH_RX_UNENCRYPTED_EAPOL: case IW_AUTH_RX_UNENCRYPTED_EAPOL:
case IW_AUTH_KEY_MGMT: case IW_AUTH_KEY_MGMT:
break; break;
case IW_AUTH_CIPHER_PAIRWISE:
if (sdata->vif.type == NL80211_IFTYPE_STATION) {
if (data->value & (IW_AUTH_CIPHER_WEP40 |
IW_AUTH_CIPHER_WEP104 | IW_AUTH_CIPHER_TKIP))
sdata->u.sta.flags |=
IEEE80211_STA_TKIP_WEP_USED;
else
sdata->u.sta.flags &=
~IEEE80211_STA_TKIP_WEP_USED;
}
break;
case IW_AUTH_DROP_UNENCRYPTED: case IW_AUTH_DROP_UNENCRYPTED:
sdata->drop_unencrypted = !!data->value; sdata->drop_unencrypted = !!data->value;
break; break;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册