summaryrefslogtreecommitdiffstats
path: root/sys/net80211/ieee80211_ht.c
diff options
context:
space:
mode:
authorsam <sam@FreeBSD.org>2008-09-06 17:38:20 +0000
committersam <sam@FreeBSD.org>2008-09-06 17:38:20 +0000
commit9db405bfbdab2b180d27334b75882b51ad26aff3 (patch)
tree3761df2c9d5a3063caa17e45ecd45c6bb0bd291d /sys/net80211/ieee80211_ht.c
parent7923b9382d951cbc40e17ebeea2a8f7f290be639 (diff)
downloadFreeBSD-src-9db405bfbdab2b180d27334b75882b51ad26aff3.zip
FreeBSD-src-9db405bfbdab2b180d27334b75882b51ad26aff3.tar.gz
o validate the ba policy in addba response
o leave a check for the max ba window disabled; we accept out of range values and just truncate them but may want to act differently in the future
Diffstat (limited to 'sys/net80211/ieee80211_ht.c')
-rw-r--r--sys/net80211/ieee80211_ht.c28
1 files changed, 27 insertions, 1 deletions
diff --git a/sys/net80211/ieee80211_ht.c b/sys/net80211/ieee80211_ht.c
index 364ed24..9ab7086 100644
--- a/sys/net80211/ieee80211_ht.c
+++ b/sys/net80211/ieee80211_ht.c
@@ -1402,7 +1402,7 @@ ieee80211_aggr_recv_action(struct ieee80211_node *ni,
const struct ieee80211_action *ia;
struct ieee80211_rx_ampdu *rap;
struct ieee80211_tx_ampdu *tap;
- uint8_t dialogtoken;
+ uint8_t dialogtoken, policy;
uint16_t baparamset, batimeout, baseqctl, code;
uint16_t args[4];
int tid, ac, bufsiz;
@@ -1470,6 +1470,7 @@ ieee80211_aggr_recv_action(struct ieee80211_node *ni,
baparamset = LE_READ_2(frm+5);
tid = MS(baparamset, IEEE80211_BAPS_TID);
bufsiz = MS(baparamset, IEEE80211_BAPS_BUFSIZ);
+ policy = MS(baparamset, IEEE80211_BAPS_POLICY);
batimeout = LE_READ_2(frm+7);
ac = TID_TO_WME_AC(tid);
@@ -1493,6 +1494,31 @@ ieee80211_aggr_recv_action(struct ieee80211_node *ni,
vap->iv_stats.is_addba_badtoken++;
return;
}
+ /* NB: assumes IEEE80211_AGGR_IMMEDIATE is 1 */
+ if (policy != (tap->txa_flags & IEEE80211_AGGR_IMMEDIATE)) {
+ IEEE80211_DISCARD_MAC(vap,
+ IEEE80211_MSG_ACTION | IEEE80211_MSG_11N,
+ ni->ni_macaddr, "ADDBA response",
+ "policy mismatch: expecting %s, "
+ "received %s, tid %d code %d",
+ tap->txa_flags & IEEE80211_AGGR_IMMEDIATE,
+ policy, tid, code);
+ vap->iv_stats.is_addba_badpolicy++;
+ return;
+ }
+#if 0
+ /* XXX we take MIN in ieee80211_addba_response */
+ if (bufsiz > IEEE80211_AGGR_BAWMAX) {
+ IEEE80211_DISCARD_MAC(vap,
+ IEEE80211_MSG_ACTION | IEEE80211_MSG_11N,
+ ni->ni_macaddr, "ADDBA response",
+ "BA window too large: max %d, "
+ "received %d, tid %d code %d",
+ bufsiz, IEEE80211_AGGR_BAWMAX, tid, code);
+ vap->iv_stats.is_addba_badbawinsize++;
+ return;
+ }
+#endif
IEEE80211_NOTE(vap,
IEEE80211_MSG_ACTION | IEEE80211_MSG_11N, ni,
OpenPOWER on IntegriCloud