From 69f817b654d683265118188bbfb8bc0d8978cce6 Mon Sep 17 00:00:00 2001 From: Helmut Schaa Date: Fri, 21 Dec 2007 15:16:35 +0100 Subject: mac80211: Restore rx.fc before every invocation of ieee80211_invoke_rx_handlers This patch fixes a problem with rx handling on multiple interfaces. Especially when using hardware-scanning and a wireless driver (i.e. iwlwifi) which is able to receive data while scanning. The rx handlers can modify the skb and the frame control field (see ieee80211_rx_h_remove_qos_control) but since every interface gets its own copy of the skb each should get its own copy of rx.fc too. In my case the wlan0-interface did not remove the qos-control from the frame because the corresponding flag in rx.fc was already removed while processing the frame on the master interface. Therefore somehow corrupted frames were passed to the userspace. Signed-off-by: Helmut Schaa Acked-by: Johannes Berg Signed-off-by: John W. Linville Signed-off-by: David S. Miller --- net/mac80211/rx.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 505159f8dff..306e6fc25d8 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -1746,6 +1746,7 @@ void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb, prev->dev->name); continue; } + rx.fc = le16_to_cpu(hdr->frame_control); rx.skb = skb_new; rx.dev = prev->dev; rx.sdata = prev; @@ -1754,6 +1755,7 @@ void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb, prev = sdata; } if (prev) { + rx.fc = le16_to_cpu(hdr->frame_control); rx.skb = skb; rx.dev = prev->dev; rx.sdata = prev; -- cgit v1.2.3