mac80211_hwsim: check ATTR_FREQ for wmediumd (netlink) packets

If a packet is received from netlink with the frequency value set it is
checked against the current radio's frequency and discarded if different.
The frequency is also checked against data2->tmp_chan to support the "hw"
off-channel/scan case.

Signed-off-by: Adam Welle <arwelle@cert.org>
[allow both simultaneously, add locking]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index 297b192..c32889a 100644 (file)
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -2879,10 +2879,25 @@ static int hwsim_cloned_frame_received_nl(struct sk_buff *skb_2,
 
        /* A frame is received from user space */
        memset(&rx_status, 0, sizeof(rx_status));
-       /* TODO: Check ATTR_FREQ if it exists, and maybe throw away off-channel
-        * packets?
-        */
-       rx_status.freq = data2->channel->center_freq;
+       if (info->attrs[HWSIM_ATTR_FREQ]) {
+               /* throw away off-channel packets, but allow both the temporary
+                * ("hw" scan/remain-on-channel) and regular channel, since the
+                * internal datapath also allows this
+                */
+               mutex_lock(&data2->mutex);
+               rx_status.freq = nla_get_u32(info->attrs[HWSIM_ATTR_FREQ]);
+
+               if (rx_status.freq != data2->channel->center_freq &&
+                   (!data2->tmp_chan ||
+                    rx_status.freq != data2->tmp_chan->center_freq)) {
+                       mutex_unlock(&data2->mutex);
+                       goto out;
+               }
+               mutex_unlock(&data2->mutex);
+       } else {
+               rx_status.freq = data2->channel->center_freq;
+       }
+
        rx_status.band = data2->channel->band;
        rx_status.rate_idx = nla_get_u32(info->attrs[HWSIM_ATTR_RX_RATE]);
        rx_status.signal = nla_get_u32(info->attrs[HWSIM_ATTR_SIGNAL]);