| From 05ca0c3e58c3b0fb194d327ce72c5cfb499361f6 Mon Sep 17 00:00:00 2001 |
| From: Vamsi Krishna <vamsin@qti.qualcomm.com> |
| Date: Fri, 2 Dec 2016 23:59:08 +0200 |
| Subject: [PATCH] nl80211: Use different attrs for BSSID and random MAC addr in |
| scan req |
| |
| commit 2fa436b3a2a7009c11a3bc03fe0ff4c26e80fd87 upstream. |
| |
| NL80211_ATTR_MAC was used to set both the specific BSSID to be scanned |
| and the random MAC address to be used when privacy is enabled. When both |
| the features are enabled, both the BSSID and the local MAC address were |
| getting same value causing Probe Request frames to go with unintended |
| DA. Hence, this has been fixed by using a different NL80211_ATTR_BSSID |
| attribute to set the specific BSSID (which was the more recent addition |
| in cfg80211) for a scan. |
| |
| Backwards compatibility with old userspace software is maintained to |
| some extent by allowing NL80211_ATTR_MAC to be used to set the specific |
| BSSID when scanning without enabling random MAC address use. |
| |
| Scanning with random source MAC address was introduced by commit |
| ad2b26abc157 ("cfg80211: allow drivers to support random MAC addresses |
| for scan") and the issue was introduced with the addition of the second |
| user for the same attribute in commit 818965d39177 ("cfg80211: Allow a |
| scan request for a specific BSSID"). |
| |
| Fixes: 818965d39177 ("cfg80211: Allow a scan request for a specific BSSID") |
| Signed-off-by: Vamsi Krishna <vamsin@qti.qualcomm.com> |
| Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> |
| Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h |
| index 220694151434..96be3a9b7e4c 100644 |
| --- a/include/uapi/linux/nl80211.h |
| +++ b/include/uapi/linux/nl80211.h |
| @@ -322,7 +322,7 @@ |
| * @NL80211_CMD_GET_SCAN: get scan results |
| * @NL80211_CMD_TRIGGER_SCAN: trigger a new scan with the given parameters |
| * %NL80211_ATTR_TX_NO_CCK_RATE is used to decide whether to send the |
| - * probe requests at CCK rate or not. %NL80211_ATTR_MAC can be used to |
| + * probe requests at CCK rate or not. %NL80211_ATTR_BSSID can be used to |
| * specify a BSSID to scan for; if not included, the wildcard BSSID will |
| * be used. |
| * @NL80211_CMD_NEW_SCAN_RESULTS: scan notification (as a reply to |
| @@ -1867,6 +1867,9 @@ enum nl80211_commands { |
| * @NL80211_ATTR_MESH_PEER_AID: Association ID for the mesh peer (u16). This is |
| * used to pull the stored data for mesh peer in power save state. |
| * |
| + * @NL80211_ATTR_BSSID: The BSSID of the AP. Note that %NL80211_ATTR_MAC is also |
| + * used in various commands/events for specifying the BSSID. |
| + * |
| * @NUM_NL80211_ATTR: total number of nl80211_attrs available |
| * @NL80211_ATTR_MAX: highest attribute number currently defined |
| * @__NL80211_ATTR_AFTER_LAST: internal use |
| @@ -2261,6 +2264,8 @@ enum nl80211_attrs { |
| |
| NL80211_ATTR_MESH_PEER_AID, |
| |
| + NL80211_ATTR_BSSID, |
| + |
| /* add attributes here, update the policy in nl80211.c */ |
| |
| __NL80211_ATTR_AFTER_LAST, |
| diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c |
| index 4809f4d2cdcc..7e6703ea0a8e 100644 |
| --- a/net/wireless/nl80211.c |
| +++ b/net/wireless/nl80211.c |
| @@ -409,6 +409,7 @@ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = { |
| .len = VHT_MUMIMO_GROUPS_DATA_LEN |
| }, |
| [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN }, |
| + [NL80211_ATTR_BSSID] = { .len = ETH_ALEN }, |
| }; |
| |
| /* policy for the key attributes */ |
| @@ -6302,7 +6303,20 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) |
| request->no_cck = |
| nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); |
| |
| - if (info->attrs[NL80211_ATTR_MAC]) |
| + /* Initial implementation used NL80211_ATTR_MAC to set the specific |
| + * BSSID to scan for. This was problematic because that same attribute |
| + * was already used for another purpose (local random MAC address). The |
| + * NL80211_ATTR_BSSID attribute was added to fix this. For backwards |
| + * compatibility with older userspace components, also use the |
| + * NL80211_ATTR_MAC value here if it can be determined to be used for |
| + * the specific BSSID use case instead of the random MAC address |
| + * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use). |
| + */ |
| + if (info->attrs[NL80211_ATTR_BSSID]) |
| + memcpy(request->bssid, |
| + nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN); |
| + else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) && |
| + info->attrs[NL80211_ATTR_MAC]) |
| memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]), |
| ETH_ALEN); |
| else |
| -- |
| 2.10.1 |
| |