11 May, 2015
1 commit
-
Remove checking tailroom when adding IV as it uses only
headroom, and move the check to the ICV generation that
actually needs the tailroom.In other case I hit such warning and datapath don't work,
when testing:
- IBSS + WEP
- ath9k with hw crypt enabled
- IPv6 data (ping6)WARNING: CPU: 3 PID: 13301 at net/mac80211/wep.c:102 ieee80211_wep_add_iv+0x129/0x190 [mac80211]()
[...]
Call Trace:
[] dump_stack+0x45/0x57
[] warn_slowpath_common+0x8a/0xc0
[] warn_slowpath_null+0x1a/0x20
[] ieee80211_wep_add_iv+0x129/0x190 [mac80211]
[] ieee80211_crypto_wep_encrypt+0x6b/0xd0 [mac80211]
[] invoke_tx_handlers+0xc51/0xf30 [mac80211]
[...]Cc: stable@vger.kernel.org
Signed-off-by: Janusz Dziedzic
Signed-off-by: Johannes Berg
24 Oct, 2014
1 commit
-
When an IV is generated, only the MAC header is moved back. The network
header location remains the same relative to the skb head, as the new IV
is using headroom space that was reserved in advance.Signed-off-by: Arik Nemtsov
Signed-off-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
23 Jun, 2014
1 commit
-
Since WEP is practically dead, there seems very little
point in keeping WEP weak IV accounting.Signed-off-by: Johannes Berg
17 May, 2013
1 commit
-
mac80211 and the Intel drivers all define crypto
constants, move them to ieee80211.h instead.Reviewed-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
17 May, 2012
2 commits
-
Update the location of the network header when adding encryption
specific headers to a skb. This allows low-level drivers to use the
(now correct) location of the network header.Signed-off-by: Arik Nemtsov
Signed-off-by: John W. Linville -
Add IV-room in skb also for TKIP and WEP.
Extend patch: "mac80211: support adding IV-room in the skb for CCMP keys"Signed-off-by: Janusz Dziedzic
Acked-by: Johannes Berg
Signed-off-by: John W. Linville
14 Mar, 2012
2 commits
-
Not linearizing every SKB will help actually pass
non-linear SKBs all the way up when on an encrypted
connection. For now, linearize TKIP completely as
it is lower performance and I don't quite grok all
the details.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
This is better done inside the WEP decrypt
function where it doesn't have to check all
the conditions any more since they've been
tested already.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
22 Nov, 2011
1 commit
-
We are currently linking the skbs by using skb->next
directly. This works, but the preferred way is to use
a struct sk_buff_head instead. That also prepares for
passing that to drivers directly.While at it I noticed we calculate the duration for
fragments twice -- remove one of them.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
05 Apr, 2011
1 commit
-
The only thing that using crypto_blkcipher with ecb does over just using
arc4 directly is wrapping the encrypt/decrypt function into a for loop,
looping over each individual character.
To be able to do this, it pulls in around 40 kb worth of unnecessary
kernel modules (at least on a MIPS embedded device).
Using arc4 directly not only eliminates those dependencies, it also makes
the code smaller.Signed-off-by: Felix Fietkau
Signed-off-by: John W. Linville
12 Oct, 2010
1 commit
-
Since this small buffer isn't used for DMA,
we can simply allocate it on the stack, it
just needs to be 16 bytes of which only 8
will be used for WEP40 keys.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
17 Aug, 2010
1 commit
-
Currently, mac80211 translates the cfg80211
cipher suite selectors into ALG_* values.
That isn't all too useful, and some drivers
benefit from the distinction between WEP40
and WEP104 as well. Therefore, convert it
all to use the cipher suite selectors.Signed-off-by: Johannes Berg
Acked-by: Gertjan van Wingerde
Signed-off-by: John W. Linville
17 Jul, 2010
1 commit
-
Do this by poisoning the values of wep_tx_tfm and wep_rx_tfm if either
crypto allocation fails.Reported-by: Stanislaw Gruszka
Signed-off-by: John W. Linville
09 Jul, 2010
1 commit
-
The current mac80211 code assumes that WEP is always available. If WEP
fails to initialize, ieee80211_register_hw will always fail.In some cases (e.g. FIPS certification), the cryptography used by WEP is
unavailable. However, in such cases there is no good reason why CCMP
encryption (or even no link level encryption) cannot be used. So, this
patch removes mac80211's assumption that WEP (and TKIP) will always be
available for use.Signed-off-by: John W. Linville
30 Mar, 2010
1 commit
-
…it slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
23 Jan, 2010
1 commit
-
"mac80211: move control.hw_key assignment" changed an if-else into two
separate if statments, but the if-else is needed to prevent
dereferencing a null info->control.hw_key. This fixes avoids a lock-up
during association on my machine when using WEP.Signed-off-by: John W. Linville
20 Jan, 2010
1 commit
-
When mac80211 asks a driver to encrypt a frame, it
must assign the control.hw_key pointer for it to
know which key to use etc. Currently, mac80211 does
this whenever it would software-encrypt a frame.Change the logic of this code to assign the hw_key
pointer when selecting the key, and later check it
when deciding whether to encrypt the frame or let
it be encrypted by the hardware. This allows us to
later simply skip the encryption function since it
no longer modifies the TX control.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
19 Nov, 2009
1 commit
-
The RX data contains the netdev, which is
duplicated since we have the sdata, and the
RX status pointer, which is duplicate since
we have the skb. Remove those two fields to
have fewer fields that depend on each other
and simply load them as necessary.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
25 Jul, 2009
1 commit
-
This reworks the key operation in cfg80211, and now only
allows, from userspace, configuring keys (via nl80211)
after the connection has been established (in managed
mode), the IBSS been joined (in IBSS mode), at any time
(in AP[_VLAN] modes) or never for all the other modes.In order to do shared key authentication correctly, it
is now possible to give a WEP key to the AUTH command.
To configure static WEP keys, these are given to the
CONNECT or IBSS_JOIN command directly, for a userspace
SME it is assumed it will configure it properly after
the connection has been established.Since mac80211 used to check the default key in IBSS
mode to see whether or not the network is protected,
it needs an update in that area, as well as an update
to make use of the WEP key passed to auth() for shared
key authentication.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
11 Jul, 2009
1 commit
-
The new key work for cfg80211 will only give us the WEP
key for shared auth to do that authentication, and not
via the regular key settings, so we need to be able to
encrypt a single frame in software, and that without a
key struct. Thus, refactor the WEP code to not require
a key structure but use the key, len and idx directly.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
28 Mar, 2009
1 commit
-
Fragmentation currently uses an allocated array to store the
fragment skbs, and then keeps track of which have been sent
and which are still pending etc. This is rather complicated;
make it simpler by just chaining the fragments into skb->next
and removing from that list when sent. Also simplifies all
code that needs to touch fragments, since it now only needs
to walk the skb->next list.This is a prerequisite for fixing the stored packet code,
which I need to do for proper aggregation packet storing.Signed-off-by: Johannes Berg
Reviewed-by: Luis R. Rodriguez
Signed-off-by: John W. Linville
26 Nov, 2008
1 commit
-
Signed-off-by: Ivan Kuten
Signed-off-by: John W. Linville
01 Nov, 2008
1 commit
-
Nothing very interesting, some checkpatch inspired stuff,
some other things.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
07 Oct, 2008
1 commit
-
Free up 2 bytes in skb->cb to be used for multi-rate retry later.
Move iv_len and icv_len initialization into key alloc.Signed-off-by: Felix Fietkau
Signed-off-by: John W. Linville
23 Aug, 2008
2 commits
-
Remove the last users of the rx/tx_data->fc data members and use the
le16 frame_control from the header directly.Signed-off-by: Harvey Harrison
Signed-off-by: John W. Linville -
Signed-off-by: Harvey Harrison
Signed-off-by: John W. Linville
30 Jul, 2008
1 commit
-
Return the proper error code rather than a hard-coded ENOMEM from
ieee80211_wep_init. Also, print the error code on failure.Signed-off-by: Jeremy Fitzhardinge
Signed-off-by: John W. Linville
03 Jul, 2008
1 commit
-
This patch reworks the mac80211 debug settings making them more focused
and adding help text for those that didn't have one. It also removes a
number of printks that can be triggered remotely and add no value, e.g.
"too short deauthentication frame received - ignoring".If somebody really needs to debug that they should just add a monitor
interface and look at the frames in wireshark.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
27 Jun, 2008
1 commit
-
Signed-off-by: Harvey Harrison
Signed-off-by: John W. Linville
04 Jun, 2008
2 commits
-
e039fa4a4195ac4ee895e6f3d1334beed63256fe ("mac80211: move TX info into
skb->cb") misplaced code for setting hardware WEP keys. Move it back.
This fixes kernel panic in b43 if WEP is used and hardware encryption
is enabled.Signed-off-by: Pavel Roskin
Acked-by: Johannes Berg
Signed-off-by: John W. Linville -
This cleans up the skb reallocation code to avoid problems with
skb->truesize, not resize an skb twice for a single output path
because we didn't expand it enough during the first copy and also
removes the code to further expand it during crypto operations
which will no longer be necessary.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
22 May, 2008
1 commit
-
This patch converts mac80211 and all drivers to have transmit
information and status in skb->cb rather than allocating extra
memory for it and copying all the data around. To make it fit,
a union is used where only data that is necessary for all steps
is kept outside of the union.A number of fixes were done by Ivo, as well as the rt2x00 part
of this patch.Signed-off-by: Ivo van Doorn
Signed-off-by: Johannes Berg
Acked-by: David S. Miller
Signed-off-by: John W. Linville
08 May, 2008
1 commit
-
The hw_key_idx inside the ieee80211_key_conf structure does
not provide all the information drivers might need to perform
hardware encryption.This is in particular true for rt2x00 who needs to know the
key algorithm and whether it is a shared or pairwise key.By passing the ieee80211_key_conf pointer it assures us that
drivers can make full use of all information that it should know
about a particular key.Additionally this patch updates all drivers to grab the hw_key_idx from
the ieee80211_key_conf structure.v2: Removed bogus u16 cast
v3: Add warning about ieee80211_tx_control pointers
v4: Update warning about ieee80211_tx_control pointersSigned-off-by: Ivo van Doorn
Acked-by: Johannes Berg
Signed-off-by: John W. Linville
07 Mar, 2008
1 commit
-
Split it into ieee80211_tx_data and ieee80211_rx_data to clarify
usage/flag usage and remove the stupid union thing.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
01 Mar, 2008
2 commits
-
Some instances of RX_DROP mean that the frame was useless,
others mean that the frame should be visible in userspace
on "cooked" monitor interfaces. This patch splits up RX_DROP
and changes each instance appropriately.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
The _DROP result will need to be split in the RX path but not
in the TX path, so for preparation split up the type into two
types, one for RX and one for TX. Also make sure (via sparse)
that they cannot be confused.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
29 Jan, 2008
1 commit
-
This patch moves the decision making about whether a frame is encrypted
with a certain algorithm up into the TX handlers rather than having it
in the crypto algorithm implementation.This fixes a problem with the radiotap injection code where injecting
a non-data packet and requesting encryption could end up asking the
driver to encrypt a packet without giving it a key.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
Signed-off-by: David S. Miller
30 Nov, 2007
1 commit
-
The attached patch rate limits "WEP decrypt failed (ICV)" to avoid
flooding the logfiles.Signed-off-by: Adel Gadllah
Signed-off-by: John W. Linville
11 Nov, 2007
1 commit
-
Make "decrypt failed" and "have no key" debugging messages compile
conditionally upon CONFIG_MAC80211_DEBUG. They have been useful for
finding certain problems in the past, but in many cases they just
clutter a user's logs.A typical example is an enviornment where multiple SSIDs are using a
single BSSID but with different protection schemes or different keys
for each SSID. In such an environment these messages are just noise.
Let's just leave them for those interested enough to turn-on debugging.Signed-off-by: John W. Linville
24 Oct, 2007
1 commit
-
Commits
58b053e4ce9d2fc3023645c1b96e537c72aa8d9a ("Update arch/ to use sg helpers")
45711f1af6eff1a6d010703b4862e0d2b9afd056 ("[SG] Update drivers to use sg helpers")
fa05f1286be25a8ce915c5dd492aea61126b3f33 ("Update net/ to use sg helpers")converted many files to use the scatter gather helpers without ensuring
that the necessary headerfile is included. This
happened to work for ia64, powerpc, sparc64 and x86 because they
happened to drag in that file via their .On most of the others this probably broke.
Instead of increasing the header file spider web I choose to include
directly into the affectes files.Signed-off-by: Ralf Baechle
Signed-off-by: Jens Axboe
Signed-off-by: Linus Torvalds
