From: Girish Kumar M P Date: Thu, 12 Jun 2025 11:25:23 +0000 (+0530) Subject: Add QCA vendor attribute to disable A-MSDU address check validation X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fheads%2Fpending;p=thirdparty%2Fhostap.git Add QCA vendor attribute to disable A-MSDU address check validation Add a new u8 vendor attribute in the subcommand, QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION, QCA_WLAN_VENDOR_ATTR_CONFIG_AMSDU_ADDR_CHECK_VALIDATION, which enables or disables additional validation for Destination Address (DA) and Receiver Address (RA) for A-MSDUs. Such validation may have interoperability issues with deployed devices that intentionally send 3-address frames with different SA and DA, which are being dropped due to this additional validation. To work around this, the additional checks can be disabled using the MAC address of the peer. The separate LLC/SNAP validation for A-MSDUs mitigates the PP A-MSDU not protected vulnerability. This extra layer of protection, we check the SA/DA against the TA/RA respectively. Enabling that by default ensures enhanced security while allowing flexibility for specific already deployed device behavior to function correctly by disabling the additional validation as needed. Signed-off-by: Girish Kumar M P --- diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h index 539405fc8..1c153c074 100644 --- a/src/common/qca-vendor.h +++ b/src/common/qca-vendor.h @@ -4039,6 +4039,15 @@ enum qca_wlan_vendor_attr_config { */ QCA_WLAN_VENDOR_ATTR_CONFIG_TX_POWER_LIMIT_ENABLE = 135, + /* 8-bit unsigned integer to configure the driver to enable or disable + * the A-MSDU address check validation. + * 1 - Enables A-MSDU address check for the + * QCA_WLAN_VENDOR_ATTR_CONFIG_PEER_MAC address. + * 0 - Disables A-MSDU address check for the + * QCA_WLAN_VENDOR_ATTR_CONFIG_PEER_MAC address + */ + QCA_WLAN_VENDOR_ATTR_CONFIG_AMSDU_ADDR_CHECK_VALIDATION = 136, + /* keep last */ QCA_WLAN_VENDOR_ATTR_CONFIG_AFTER_LAST, QCA_WLAN_VENDOR_ATTR_CONFIG_MAX =