From c29b9b9b0235d56e5602f61ed38702dd376aae20 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Fri, 14 Sep 2007 11:10:24 -0400 Subject: [PATCH] [MAC80211]: don't send invalid QoS frames Kalle Valo noticed that QoS frames are sent with an invalid QoS control field; this is because we increase the header length but neither initialise the space nor actually have enough space in the header structure for the QoS control field. This patch fixes it by treating the QoS field specially and appending it explicitly, initialising it to zero. Signed-off-by: Johannes Berg Acked-by: Michael Wu Signed-off-by: John W. Linville Signed-off-by: David S. Miller --- net/mac80211/tx.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 9e952e37b7d..0820f127da2 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -1487,7 +1487,20 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb, nh_pos += encaps_len; h_pos += encaps_len; } - memcpy(skb_push(skb, hdrlen), &hdr, hdrlen); + + if (fc & IEEE80211_STYPE_QOS_DATA) { + __le16 *qos_control; + + qos_control = (__le16*) skb_push(skb, 2); + memcpy(skb_push(skb, hdrlen - 2), &hdr, hdrlen - 2); + /* + * Maybe we could actually set some fields here, for now just + * initialise to zero to indicate no special operation. + */ + *qos_control = 0; + } else + memcpy(skb_push(skb, hdrlen), &hdr, hdrlen); + nh_pos += hdrlen; h_pos += hdrlen;