qcacld-3.0: Add check for RMF frames while sending action frames

qcacld-2.0 to qcacld-3.0 propagation
Currently if PMF is enabled, only sa query action frames
received from supplicant are sent protected. None of the other
action frame category are sent protected.
Adds check for robust action frames, to decide if protection is
needed for the action frame category received from supplicant.

Change-Id: Ib1eb589c530ef99b7e2fedfcd106e0f646d78d93
CRs-Fixed: 960298

core/mac/inc/sir_mac_prot_def.h

@@ -128,6 +128,7 @@
 #define SIR_MAC_ACTION_SPECTRUM_MGMT   0
 #define SIR_MAC_ACTION_QOS_MGMT        1
 #define SIR_MAC_ACTION_DLP             2
+#define SIR_MAC_ACTION_BLKACK          3
 #define SIR_MAC_ACTION_PUBLIC_USAGE    4
 #define SIR_MAC_ACTION_RRM             5
 #define SIR_MAC_ACTION_FAST_BSS_TRNST  6

core/mac/src/pe/lim/lim_p2p.c

@@ -686,59 +686,36 @@ void lim_send_p2p_action_frame(tpAniSirGlobal mac_ctx,
 	}
 
 #ifdef WLAN_FEATURE_11W
-	action_hdr = (tpSirMacActionFrameHdr) (frame + sizeof(tSirMacMgmtHdr));
+	action_hdr = (tpSirMacActionFrameHdr)
+		(frame + sizeof(tSirMacMgmtHdr));
+	mac_hdr = (tpSirMacMgmtHdr) frame;
+	session_entry = pe_find_session_by_bssid(mac_ctx,
+		(uint8_t *) mb_msg->data + BSSID_OFFSET,
+		&session_id);
 
 	/*
-	 * Setting Protected bit for SA_QUERY Action Frame
-	 * This has to be based on the current Connection with the
-	 * station lim_set_protected_bit API will set the protected bit
-	 * if PMF
+	 * Check for session corresponding to ADDR2 as supplicant
+	 * is filling ADDR2  with BSSID
 	 */
-	if ((SIR_MAC_MGMT_ACTION == fc->subType) &&
-		(SIR_MAC_ACTION_SA_QUERY == action_hdr->category)) {
-		mac_hdr = (tpSirMacMgmtHdr) frame;
+	if (NULL == session_entry) {
 		session_entry = pe_find_session_by_bssid(mac_ctx,
-			(uint8_t *) mb_msg->data + BSSID_OFFSET,
-			&session_id);
-
-		/*
-		 * Check for session corresponding to ADDR2 ss supplicant
-		 * is filling ADDR2  with BSSID
-		 */
-		if (NULL == session_entry) {
-			session_entry = pe_find_session_by_bssid(mac_ctx,
-				(uint8_t *) mb_msg->data + ADDR2_OFFSET,
-				 &session_id);
-		}
-
-		if (NULL != session_entry) {
-			lim_set_protected_bit(mac_ctx, session_entry,
-			mac_hdr->da, mac_hdr);
-		} else {
-			lim_log(mac_ctx, LOGE,
-				FL("Dropping SA Query - PE Session not found"));
-			lim_send_sme_rsp(mac_ctx,
-				eWNI_SME_ACTION_FRAME_SEND_CNF,
-				QDF_STATUS_E_FAILURE, mb_msg->sessionId, 0);
-			cds_packet_free((void *)packet);
-			return;
-		}
-
-		/*
-		 * If wep bit is not set in MAC header then we are trying to
-		 * send SA Query via non PMF connection. Drop the packet.
-		 */
-		if (0 == mac_hdr->fc.wep) {
-			lim_log(mac_ctx, LOGE,
-				FL("Dropping SA Query due to non PMF conne."));
-			lim_send_sme_rsp(mac_ctx,
-				eWNI_SME_ACTION_FRAME_SEND_CNF,
-				QDF_STATUS_E_FAILURE, mb_msg->sessionId, 0);
-			cds_packet_free((void *)packet);
-			return;
-		}
+			(uint8_t *) mb_msg->data + ADDR2_OFFSET,
+			 &session_id);
 	}
+	/*
+	 * Setting Protected bit only for Robust Action Frames
+	 * This has to be based on the current Connection with the
+	 * station. lim_set_protected_bit API will set the protected
+	 * bit if connection is PMF
+	 */
+	if (session_entry && (SIR_MAC_MGMT_ACTION == fc->subType) &&
+		session_entry->limRmfEnabled &&
+		(!lim_is_group_addr(mac_hdr->da)) &&
+		lim_is_robust_mgmt_action_frame(action_hdr->category))
+		lim_set_protected_bit(mac_ctx, session_entry,
+					mac_hdr->da, mac_hdr);
 #endif
+
 	lim_tx_action_frame(mac_ctx, mb_msg, msg_len, packet, frame);
 	return;
 }

core/mac/src/pe/lim/lim_process_action_frame.c

@@ -1692,11 +1692,8 @@ lim_drop_unprotected_action_frame(tpAniSirGlobal pMac, tpPESession psessionEntry
 		rmfConnection = true;
 
 	if (rmfConnection && (pHdr->fc.wep == 0)) {
-		PELOGE(lim_log
-			       (pMac, LOGE,
-			       FL("Dropping unprotected Action category %d frame "
-				  "since RMF is enabled."), category);
-		       )
+		lim_log(pMac, LOGE,
+			       FL("Dropping unprotected Action category %d frame since RMF is enabled."), category);
 		return true;
 	} else
 		return false;
@@ -1730,15 +1727,17 @@ void lim_process_action_frame(tpAniSirGlobal mac_ctx,
 	tpSirMacVendorSpecificPublicActionFrameHdr pub_action;
 	uint8_t p2p_oui[] = { 0x50, 0x6F, 0x9A, 0x09 };
 
+#ifdef WLAN_FEATURE_11W
+	if (lim_is_robust_mgmt_action_frame(action_hdr->category) &&
+	   lim_drop_unprotected_action_frame(mac_ctx, session,
+			mac_hdr_11w, action_hdr->category))
+		return;
+#endif
+
 	frame_len = WMA_GET_RX_PAYLOAD_LEN(rx_pkt_info);
 
 	switch (action_hdr->category) {
 	case SIR_MAC_ACTION_QOS_MGMT:
-#ifdef WLAN_FEATURE_11W
-		if (lim_drop_unprotected_action_frame(mac_ctx, session,
-					mac_hdr_11w, action_hdr->category))
-			break;
-#endif
 		if ((session->limQosEnabled) ||
 		    (action_hdr->actionID == SIR_MAC_QOS_MAP_CONFIGURE)) {
 			switch (action_hdr->actionID) {
@@ -1776,11 +1775,6 @@ void lim_process_action_frame(tpAniSirGlobal mac_ctx,
 		break;
 
 	case SIR_MAC_ACTION_SPECTRUM_MGMT:
-#ifdef WLAN_FEATURE_11W
-		if (lim_drop_unprotected_action_frame(mac_ctx, session,
-				mac_hdr_11w, action_hdr->category))
-			break;
-#endif
 		switch (action_hdr->actionID) {
 #ifdef ANI_SUPPORT_11H
 		case SIR_MAC_ACTION_MEASURE_REQUEST_ID:
@@ -1864,14 +1858,6 @@ void lim_process_action_frame(tpAniSirGlobal mac_ctx,
 		break;
 
 	case SIR_MAC_ACTION_WNM:
-#ifdef WLAN_FEATURE_11W
-		if ((session->limRmfEnabled) && (mac_hdr_11w->fc.wep == 0)) {
-			lim_log(mac_ctx, LOG1,
-				FL("Dropping unprot action %d frm (PMF on)"),
-				action_hdr->category);
-			break;
-		}
-#endif
 		lim_log(mac_ctx, LOG1,
 			FL("WNM Action category %d action %d."),
 			action_hdr->category, action_hdr->actionID);
@@ -1901,11 +1887,6 @@ void lim_process_action_frame(tpAniSirGlobal mac_ctx,
 		break;
 
 	case SIR_MAC_ACTION_RRM:
-#ifdef WLAN_FEATURE_11W
-		if (lim_drop_unprotected_action_frame(mac_ctx, session,
-					mac_hdr_11w, action_hdr->category))
-			break;
-#endif
 		if (mac_ctx->rrm.rrmPEContext.rrmEnable) {
 			switch (action_hdr->actionID) {
 			case SIR_MAC_RRM_RADIO_MEASURE_REQ:
@@ -2064,9 +2045,6 @@ void lim_process_action_frame(tpAniSirGlobal mac_ctx,
 		lim_log(mac_ctx, LOG1,
 			FL("SA Query Action category %d action %d."),
 			action_hdr->category, action_hdr->actionID);
-		if (lim_drop_unprotected_action_frame(mac_ctx, session,
-			mac_hdr_11w, action_hdr->category))
-			break;
 		switch (action_hdr->actionID) {
 		case SIR_MAC_SA_QUERY_REQ:
 			/**11w SA query request action frame received**/

core/mac/src/pe/lim/lim_utils.c

@@ -7236,3 +7236,45 @@ void lim_update_obss_scanparams(tpPESession session,
 			scan_params->obssScanActivityThreshold;
 	return;
 }
+
+/**
+ * lim_is_robust_mgmt_action_frame() - Check if action category is
+ * robust action frame
+ * @action_category: Action frame category.
+ *
+ * This function is used to check if given action category is robust
+ * action frame.
+ *
+ * Return: bool
+ */
+bool lim_is_robust_mgmt_action_frame(uint8_t action_category)
+{
+	switch (action_category) {
+	/*
+	 * NOTE: This function doesn't take care of the DMG
+	 * (Directional Multi-Gigatbit) BSS case as 8011ad
+	 * support is not yet added. In future, if the support
+	 * is required then this function need few more arguments
+	 * and little change in logic.
+	 */
+	case SIR_MAC_ACTION_SPECTRUM_MGMT:
+	case SIR_MAC_ACTION_QOS_MGMT:
+	case SIR_MAC_ACTION_DLP:
+	case SIR_MAC_ACTION_BLKACK:
+	case SIR_MAC_ACTION_RRM:
+	case SIR_MAC_ACTION_FAST_BSS_TRNST:
+	case SIR_MAC_ACTION_SA_QUERY:
+	case SIR_MAC_ACTION_PROT_DUAL_PUB:
+	case SIR_MAC_ACTION_WNM:
+	case SIR_MAC_ACITON_MESH:
+	case SIR_MAC_ACTION_MHF:
+	case SIR_MAC_ACTION_FST:
+		return true;
+	default:
+		QDF_TRACE(QDF_MODULE_ID_PE, QDF_TRACE_LEVEL_INFO,
+			FL("non-PMF action category[%d] "),
+			action_category);
+		break;
+	}
+	return false;
+}

core/mac/src/pe/lim/lim_utils.h

@@ -602,4 +602,5 @@ static inline void lim_deactivate_and_change_timer_host_roam(
 {}
 #endif
 
+bool lim_is_robust_mgmt_action_frame(uint8_t action_category);
 #endif /* __LIM_UTILS_H */