mac80211: handle no-preauth flag for control port

This patch adds support for disabling pre-auth rx over the nl80211 control
port for mac80211.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Link: https://lore.kernel.org/r/20200312091055.54257-3-markus.theil@tu-ilmenau.de
[fix indentation slightly, squash feature enablement]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index e511b22..329044c 100644 (file)
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -924,6 +924,7 @@ struct cfg80211_crypto_settings {
        __be16 control_port_ethertype;
        bool control_port_no_encrypt;
        bool control_port_over_nl80211;
+       bool control_port_no_preauth;
        struct key_params *wep_keys;
        int wep_tx_key;
        const u8 *psk;

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 7b654d2..be22bee 100644 (file)
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1034,6 +1034,8 @@ static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
        sdata->control_port_no_encrypt = params->crypto.control_port_no_encrypt;
        sdata->control_port_over_nl80211 =
                                params->crypto.control_port_over_nl80211;
+       sdata->control_port_no_preauth =
+                               params->crypto.control_port_no_preauth;
        sdata->encrypt_headroom = ieee80211_cs_headroom(sdata->local,
                                                        &params->crypto,
                                                        sdata->vif.type);
@@ -1045,6 +1047,8 @@ static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
                        params->crypto.control_port_no_encrypt;
                vlan->control_port_over_nl80211 =
                        params->crypto.control_port_over_nl80211;
+               vlan->control_port_no_preauth =
+                       params->crypto.control_port_no_preauth;
                vlan->encrypt_headroom =
                        ieee80211_cs_headroom(sdata->local,
                                              &params->crypto,

diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index de39f9c..f8ed4f6 100644 (file)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -912,6 +912,7 @@ struct ieee80211_sub_if_data {
        u16 sequence_number;
        __be16 control_port_protocol;
        bool control_port_no_encrypt;
+       bool control_port_no_preauth;
        bool control_port_over_nl80211;
        int encrypt_headroom;
 

diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 128b346..d069825 100644 (file)
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -519,6 +519,8 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
                        master->control_port_no_encrypt;
                sdata->control_port_over_nl80211 =
                        master->control_port_over_nl80211;
+               sdata->control_port_no_preauth =
+                       master->control_port_no_preauth;
                sdata->vif.cab_queue = master->vif.cab_queue;
                memcpy(sdata->vif.hw_queue, master->vif.hw_queue,
                       sizeof(sdata->vif.hw_queue));
@@ -1463,6 +1465,8 @@ static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
 
        sdata->control_port_protocol = cpu_to_be16(ETH_P_PAE);
        sdata->control_port_no_encrypt = false;
+       sdata->control_port_over_nl80211 = false;
+       sdata->control_port_no_preauth = false;
        sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM;
        sdata->vif.bss_conf.idle = true;
        sdata->vif.bss_conf.txpower = INT_MIN; /* unset */

diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 944e86d..ee1b248 100644 (file)
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -589,6 +589,8 @@ struct ieee80211_hw *ieee80211_alloc_hw_nm(size_t priv_data_len,
        wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_FILS_STA);
        wiphy_ext_feature_set(wiphy,
                              NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211);
+       wiphy_ext_feature_set(wiphy,
+                             NL80211_EXT_FEATURE_CONTROL_PORT_NO_PREAUTH);
 
        if (!ops->hw_scan) {
                wiphy->features |= NL80211_FEATURE_LOW_PRIORITY_SCAN |

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 8a2f2fa..16d75da 100644 (file)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -5458,6 +5458,7 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
        sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
        sdata->control_port_over_nl80211 =
                                        req->crypto.control_port_over_nl80211;
+       sdata->control_port_no_preauth = req->crypto.control_port_no_preauth;
        sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto,
                                                        sdata->vif.type);
 

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 2ffb4ee..91a13ae 100644 (file)
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2497,7 +2497,8 @@ static void ieee80211_deliver_skb_to_local_stack(struct sk_buff *skb,
        struct net_device *dev = sdata->dev;
 
        if (unlikely((skb->protocol == sdata->control_port_protocol ||
-                     skb->protocol == cpu_to_be16(ETH_P_PREAUTH)) &&
+                    (skb->protocol == cpu_to_be16(ETH_P_PREAUTH) &&
+                     !sdata->control_port_no_preauth)) &&
                     sdata->control_port_over_nl80211)) {
                struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
                bool noencrypt = !(status->flag & RX_FLAG_DECRYPTED);

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index c6ab377..6d76162 100644 (file)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -9307,6 +9307,9 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
                        return r;
 
                settings->control_port_over_nl80211 = true;
+
+               if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
+                       settings->control_port_no_preauth = true;
        }
 
        if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {