Add QCA vendor attribute to disable A-MSDU address check validation

Add a new u8 vendor attribute in the subcommand,
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION,
QCA_WLAN_VENDOR_ATTR_CONFIG_AMSDU_ADDR_CHECK_VALIDATION, which enables
or disables additional validation for Destination Address (DA) and
Receiver Address (RA) for A-MSDUs. Such validation may have
interoperability issues with deployed devices that intentionally send
3-address frames with different SA and DA, which are being dropped due
to this additional validation.

To work around this, the additional checks can be disabled using the MAC
address of the peer. The separate LLC/SNAP validation for A-MSDUs
mitigates the PP A-MSDU not protected vulnerability. This extra layer of
protection, we check the SA/DA against the TA/RA respectively. Enabling
that by default ensures enhanced security while allowing flexibility for
specific already deployed device behavior to function correctly by
disabling the additional validation as needed.

Signed-off-by: Girish Kumar M P <gmp@qti.qualcomm.com>

diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h
index 539405fc8f50e5e4ba61bcf597b956174f9ae307..1c153c07453b4e86b60047ecd638bd516e7b7516 100644 (file)
--- a/src/common/qca-vendor.h
+++ b/src/common/qca-vendor.h
@@ -4039,6 +4039,15 @@ enum qca_wlan_vendor_attr_config {
         */
        QCA_WLAN_VENDOR_ATTR_CONFIG_TX_POWER_LIMIT_ENABLE = 135,
 
+       /* 8-bit unsigned integer to configure the driver to enable or disable
+        * the A-MSDU address check validation.
+        *      1 - Enables A-MSDU address check for the
+        *          QCA_WLAN_VENDOR_ATTR_CONFIG_PEER_MAC address.
+        *      0 - Disables A-MSDU address check for the
+        *          QCA_WLAN_VENDOR_ATTR_CONFIG_PEER_MAC address
+        */
+       QCA_WLAN_VENDOR_ATTR_CONFIG_AMSDU_ADDR_CHECK_VALIDATION = 136,
+
        /* keep last */
        QCA_WLAN_VENDOR_ATTR_CONFIG_AFTER_LAST,
        QCA_WLAN_VENDOR_ATTR_CONFIG_MAX =