diff options
author | Vasanthakumar Thiagarajan <vasanth@atheros.com> | 2008-12-23 21:30:50 +0530 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2009-01-29 15:58:47 -0500 |
commit | eb46936b9f2b639f4edeeaf9154d49476fc30fe5 (patch) | |
tree | 07c5ba68d5a49c722c019e401d8f8abf53c60e20 /net | |
parent | 9ee677c2276bfcbcf68042ec2718a504af0c5fd7 (diff) | |
download | linux-eb46936b9f2b639f4edeeaf9154d49476fc30fe5.tar.gz linux-eb46936b9f2b639f4edeeaf9154d49476fc30fe5.tar.bz2 linux-eb46936b9f2b639f4edeeaf9154d49476fc30fe5.zip |
mac80211: Scale down to non-HT association with TKIP/WEP as pairwise cipher
As TKIP is not updated to new security needs which arise when
TKIP is used to encrypt A-MPDU aggregated data frames, IEEE802.11n
does not allow any cipher other than CCMP (Which has new extensions
defined) as pairwise cipher between HT peers.
When such configuration (TKIP/WEP in HT) is forced, we still
associate in non-HT mode (11a/b/g).
Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
-rw-r--r-- | net/mac80211/ieee80211_i.h | 1 | ||||
-rw-r--r-- | net/mac80211/iface.c | 3 | ||||
-rw-r--r-- | net/mac80211/mlme.c | 9 | ||||
-rw-r--r-- | net/mac80211/wext.c | 12 |
4 files changed, 22 insertions, 3 deletions
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index f3eec989662b..5f8ad885a48a 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -258,6 +258,7 @@ struct mesh_preq_queue { #define IEEE80211_STA_AUTO_BSSID_SEL BIT(11) #define IEEE80211_STA_AUTO_CHANNEL_SEL BIT(12) #define IEEE80211_STA_PRIVACY_INVOKED BIT(13) +#define IEEE80211_STA_TKIP_WEP_USED BIT(14) /* flags for MLME request */ #define IEEE80211_STA_REQ_SCAN 0 #define IEEE80211_STA_REQ_DIRECT_PROBE 1 diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index b9074824862a..1eefc5df4954 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -459,7 +459,8 @@ static int ieee80211_stop(struct net_device *dev) synchronize_rcu(); skb_queue_purge(&sdata->u.sta.skb_queue); - sdata->u.sta.flags &= ~IEEE80211_STA_PRIVACY_INVOKED; + sdata->u.sta.flags &= ~(IEEE80211_STA_PRIVACY_INVOKED | + IEEE80211_STA_TKIP_WEP_USED); kfree(sdata->u.sta.extra_ie); sdata->u.sta.extra_ie = NULL; sdata->u.sta.extra_ie_len = 0; diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 2b890af01ba4..b688425d7555 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -391,10 +391,17 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata, } /* wmm support is a must to HT */ + /* + * IEEE802.11n does not allow TKIP/WEP as pairwise + * ciphers in HT mode. We still associate in non-ht + * mode (11a/b/g) if any one of these ciphers is + * configured as pairwise. + */ if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED) && sband->ht_cap.ht_supported && (ht_ie = ieee80211_bss_get_ie(bss, WLAN_EID_HT_INFORMATION)) && - ht_ie[1] >= sizeof(struct ieee80211_ht_info)) { + ht_ie[1] >= sizeof(struct ieee80211_ht_info) && + (!(ifsta->flags & IEEE80211_STA_TKIP_WEP_USED))) { struct ieee80211_ht_info *ht_info = (struct ieee80211_ht_info *)(ht_ie + 2); u16 cap = sband->ht_cap.cap; diff --git a/net/mac80211/wext.c b/net/mac80211/wext.c index 7162d5816f39..011592fd4528 100644 --- a/net/mac80211/wext.c +++ b/net/mac80211/wext.c @@ -903,12 +903,22 @@ static int ieee80211_ioctl_siwauth(struct net_device *dev, switch (data->flags & IW_AUTH_INDEX) { case IW_AUTH_WPA_VERSION: - case IW_AUTH_CIPHER_PAIRWISE: case IW_AUTH_CIPHER_GROUP: case IW_AUTH_WPA_ENABLED: case IW_AUTH_RX_UNENCRYPTED_EAPOL: case IW_AUTH_KEY_MGMT: break; + case IW_AUTH_CIPHER_PAIRWISE: + if (sdata->vif.type == NL80211_IFTYPE_STATION) { + if (data->value & (IW_AUTH_CIPHER_WEP40 | + IW_AUTH_CIPHER_WEP104 | IW_AUTH_CIPHER_TKIP)) + sdata->u.sta.flags |= + IEEE80211_STA_TKIP_WEP_USED; + else + sdata->u.sta.flags &= + ~IEEE80211_STA_TKIP_WEP_USED; + } + break; case IW_AUTH_DROP_UNENCRYPTED: sdata->drop_unencrypted = !!data->value; break; |