|
|
@@ -2804,28 +2804,6 @@ done:
|
|
|
|
|
|
if (qdf_likely(peer)) {
|
|
|
vdev = peer->vdev;
|
|
|
-
|
|
|
- /*
|
|
|
- * In encryption mode, all data packets except
|
|
|
- * EAPOL frames should be dropped when peer is not
|
|
|
- * authenticated. Thie feature is enabled for all peers
|
|
|
- * under this vdev when peer_authorize flag is set.
|
|
|
- */
|
|
|
- if (qdf_unlikely(vdev->peer_authorize)) {
|
|
|
- if (qdf_unlikely(vdev->sec_type != cdp_sec_type_none)) {
|
|
|
- /*
|
|
|
- * Allow only EAPOL frames
|
|
|
- */
|
|
|
- if (qdf_unlikely(!peer->authorize &&
|
|
|
- !qdf_nbuf_is_ipv4_eapol_pkt(nbuf))) {
|
|
|
- qdf_nbuf_free(nbuf);
|
|
|
- nbuf = next;
|
|
|
- DP_STATS_INC(soc, rx.err.peer_unauth_rx_pkt_drop, 1);
|
|
|
- continue;
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
} else {
|
|
|
nbuf->next = NULL;
|
|
|
dp_rx_deliver_to_pkt_capture_no_peer(
|
|
|
@@ -2985,6 +2963,23 @@ done:
|
|
|
continue;
|
|
|
}
|
|
|
|
|
|
+ /*
|
|
|
+ * Drop non-EAPOL frames from unauthorized peer.
|
|
|
+ */
|
|
|
+ if (qdf_likely(peer) && qdf_unlikely(!peer->authorize)) {
|
|
|
+ bool is_eapol = qdf_nbuf_is_ipv4_eapol_pkt(nbuf) ||
|
|
|
+ qdf_nbuf_is_ipv4_wapi_pkt(nbuf);
|
|
|
+
|
|
|
+ if (!is_eapol) {
|
|
|
+ DP_STATS_INC(soc,
|
|
|
+ rx.err.peer_unauth_rx_pkt_drop,
|
|
|
+ 1);
|
|
|
+ qdf_nbuf_free(nbuf);
|
|
|
+ nbuf = next;
|
|
|
+ continue;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
if (soc->process_rx_status)
|
|
|
dp_rx_cksum_offload(vdev->pdev, nbuf, rx_tlv_hdr);
|
|
|
|
Varsha Mishra