Re: [rt2x00-users] [PATCH v2] rt2x00: Further L2 padding fixes.

[Gertjan van Wingerde <gwingerde@gmail.com>]

On 11/29/09 18:55, Benoit PAPILLAULT wrote:
> Gertjan van Wingerde a écrit :
>>> I fully disagree here. It's a bit of chicken-egg problem. I'm using
>>> monitor mode to debug other wireless drivers, so I need a tool that
>>> gives me the frame as it appears on the radio medium, be it invalid or
>>> not. And I do see lots of invalid 802.11 frames in real life that are
>>> generated by bogus drivers or intended to be bogus in order to crash
>>> wireless drivers.
>>
>> So, what do you suggest we do here?
>>
>> If we don't know what kind of data is given (clearly even the ieee80211 header
>> is malformed), then how can we detect what padding has been added by the hardware.
>> We know that the hardware puts padding between the header and the payload, but in
>> this case we don't even have a full header.
>> The only sane thing to do here is to assume that no padding has been applied at all.
>>
>> Also, do we know how mac80211 reacts to these kinds of frames, so is it safe to
>> pass it to mac80211?
> 
> Here is my feeling :
> 
> - for padding, we need to understand how the hardware behaves. My test
> shows that hardware uses the frame_control field to computes L2PAD flag,
> even if the header is malformed. Padding is always applied after 802.11
> header, if the frame is long enough. Otherwise, no padding of course.
> I've tested on ath9k where ath9k provides FCS field and here FCS can be
> used to check we did proper unpadding. Using ath9k, I then found how
> rt2800 works.
> 

OK. This starts to make sense to me now. Basically what we have to do inside rt2x00
is to refrain from removing L2 padding if the header is malformed (to be detected
by checking whether header_length is 0, as ieee80211_get_hdrlen_from_skb will
return that value for a malformed header) and to refrain from removing L2 padding
when the header consumes the whole frame.
I guess this is best done outside the rt2x00queue_remove_l2pad function, so that
that function can still apply to both the TX and RX cases.

> - regarding invalid frames (yes, they do exists), they must be passed to
> upper layers (here mac80211). If mac80211 crashes on invalid frame, then
> mac80211 should be fixed. A quick check in ieee80211_rx() shows that
> ieee80211_rx_monitor() does this work already (ie, invalid frames are
> forwarded to monitor interfaces and then ignored by other interfaces).
> 

OK. Good to know.

---
Gertjan.