samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacmn: Enable peer authorize by default

Browse Source 
Drop non-EAPOL frames from unauthorized peer in security mode.
Enabling this feature by default with this change.

Change-Id: I9878b37088149e34f456a38a9c0f722e4c5ee49a
CRs-Fixed: 2943789
This commit is contained in:
Varsha Mishra
2021-02-11 18:08:41 +05:30
committed by Madan Koyyalamudi
parent 718d6aeece
commit 6c720adf28
1 changed files with 17 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
dp/wifi3.0/dp_rx.c
View File

@@ -2804,28 +2804,6 @@ done:
if (qdf_likely(peer)) { if (qdf_likely(peer)) {
vdev = peer->vdev; vdev = peer->vdev;
/*
* In encryption mode, all data packets except
* EAPOL frames should be dropped when peer is not
* authenticated. Thie feature is enabled for all peers
* under this vdev when peer_authorize flag is set.
*/
if (qdf_unlikely(vdev->peer_authorize)) {
if (qdf_unlikely(vdev->sec_type != cdp_sec_type_none)) {
/*
* Allow only EAPOL frames
*/
if (qdf_unlikely(!peer->authorize &&
!qdf_nbuf_is_ipv4_eapol_pkt(nbuf))) {
qdf_nbuf_free(nbuf);
nbuf = next;
DP_STATS_INC(soc, rx.err.peer_unauth_rx_pkt_drop, 1);
continue;
}
}
}
} else { } else {
nbuf->next = NULL; nbuf->next = NULL;
dp_rx_deliver_to_pkt_capture_no_peer( dp_rx_deliver_to_pkt_capture_no_peer(
@@ -2985,6 +2963,23 @@ done:
continue; continue;
} }
/*
* Drop non-EAPOL frames from unauthorized peer.
*/
if (qdf_likely(peer) && qdf_unlikely(!peer->authorize)) {
bool is_eapol = qdf_nbuf_is_ipv4_eapol_pkt(nbuf) ||
qdf_nbuf_is_ipv4_wapi_pkt(nbuf);
if (!is_eapol) {
DP_STATS_INC(soc,
rx.err.peer_unauth_rx_pkt_drop,
1);
qdf_nbuf_free(nbuf);
nbuf = next;
continue;
}
}
if (soc->process_rx_status) if (soc->process_rx_status)
dp_rx_cksum_offload(vdev->pdev, nbuf, rx_tlv_hdr); dp_rx_cksum_offload(vdev->pdev, nbuf, rx_tlv_hdr);