mac80211: Restore rx.fc before every invocation of ieee80211_invoke_rx_handlers

This patch fixes a problem with rx handling on multiple interfaces. Especially
when using hardware-scanning and a wireless driver (i.e. iwlwifi) which is
able to receive data while scanning.

The rx handlers can modify the skb and the frame control field (see
ieee80211_rx_h_remove_qos_control) but since every interface gets its own
copy of the skb each should get its own copy of rx.fc too.

In my case the wlan0-interface did not remove the qos-control from the frame
because the corresponding flag in rx.fc was already removed while processing
the frame on the master interface. Therefore somehow corrupted frames were
passed to the userspace.

Signed-off-by: Helmut Schaa <hschaa@suse.de>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 505159f..306e6fc 100644 (file)
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1746,6 +1746,7 @@ void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
                                       prev->dev->name);
                        continue;
                }
+               rx.fc = le16_to_cpu(hdr->frame_control);
                rx.skb = skb_new;
                rx.dev = prev->dev;
                rx.sdata = prev;
@@ -1754,6 +1755,7 @@ void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
                prev = sdata;
        }
        if (prev) {
+               rx.fc = le16_to_cpu(hdr->frame_control);
                rx.skb = skb;
                rx.dev = prev->dev;
                rx.sdata = prev;