Commit f66b60f6 authored by Sven Eckelmann's avatar Sven Eckelmann Committed by Johannes Berg

mac80211: fix parsing of 40Mhz in injected radiotap header

The MCS bandwidth part of the radiotap header is 2 bits wide. The full 2
bit have to compared against IEEE80211_RADIOTAP_MCS_BW_40 and not only if
the first bit is set. Otherwise IEEE80211_RADIOTAP_MCS_BW_40 can be
confused with IEEE80211_RADIOTAP_MCS_BW_20U.

Fixes: dfdfc2be ("mac80211: Parse legacy and HT rate in injected frames")
Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 38de03d2
...@@ -1691,7 +1691,7 @@ static bool ieee80211_parse_tx_radiotap(struct ieee80211_local *local, ...@@ -1691,7 +1691,7 @@ static bool ieee80211_parse_tx_radiotap(struct ieee80211_local *local,
bool rate_found = false; bool rate_found = false;
u8 rate_retries = 0; u8 rate_retries = 0;
u16 rate_flags = 0; u16 rate_flags = 0;
u8 mcs_known, mcs_flags; u8 mcs_known, mcs_flags, mcs_bw;
u16 vht_known; u16 vht_known;
u8 vht_mcs = 0, vht_nss = 0; u8 vht_mcs = 0, vht_nss = 0;
int i; int i;
...@@ -1769,8 +1769,9 @@ static bool ieee80211_parse_tx_radiotap(struct ieee80211_local *local, ...@@ -1769,8 +1769,9 @@ static bool ieee80211_parse_tx_radiotap(struct ieee80211_local *local,
mcs_flags & IEEE80211_RADIOTAP_MCS_SGI) mcs_flags & IEEE80211_RADIOTAP_MCS_SGI)
rate_flags |= IEEE80211_TX_RC_SHORT_GI; rate_flags |= IEEE80211_TX_RC_SHORT_GI;
mcs_bw = mcs_flags & IEEE80211_RADIOTAP_MCS_BW_MASK;
if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_BW && if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_BW &&
mcs_flags & IEEE80211_RADIOTAP_MCS_BW_40) mcs_bw == IEEE80211_RADIOTAP_MCS_BW_40)
rate_flags |= IEEE80211_TX_RC_40_MHZ_WIDTH; rate_flags |= IEEE80211_TX_RC_40_MHZ_WIDTH;
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment