madwifi: fix some potential null pointer derefs with wds

[openwrt-10.03/.git] / package / madwifi / patches / 387-maxassoc.patch

--- a/net80211/ieee80211_var.h
+++ b/net80211/ieee80211_var.h
@@ -198,6 +198,7 @@ struct ieee80211vap {
        u_int32_t iv_debug;                             /* debug msg flags */
        struct ieee80211_stats iv_stats;                /* statistics */
 
+       int iv_max_nodes;
        int iv_monitor_nods_only;                       /* in monitor mode only nods traffic */
        int iv_monitor_txf_len;                         /* in monitor mode, truncate tx packets */
        int iv_monitor_phy_errors;                      /* in monitor mode, accept phy errors */
--- a/net80211/ieee80211_ioctl.h
+++ b/net80211/ieee80211_ioctl.h
@@ -650,6 +650,7 @@ enum {
        IEEE80211_PARAM_RSSI_DIS_THR    = 80,   /* rssi threshold for disconnection */
        IEEE80211_PARAM_RSSI_DIS_COUNT  = 81,   /* counter for rssi threshold */
        IEEE80211_PARAM_WDS_SEP                 = 82,   /* move wds stations into separate interfaces */
+       IEEE80211_PARAM_MAXASSOC                = 83,   /* maximum associated stations */
 };
 
 #define        SIOCG80211STATS                 (SIOCDEVPRIVATE+2)
--- a/net80211/ieee80211_wireless.c
+++ b/net80211/ieee80211_wireless.c
@@ -2875,6 +2875,12 @@ ieee80211_ioctl_setparam(struct net_devi
                else
                        vap->iv_flags_ext &= ~IEEE80211_FEXT_WDSSEP;
                break;
+       case IEEE80211_PARAM_MAXASSOC:
+               if (vap->iv_opmode != IEEE80211_M_HOSTAP)
+                       retv = -EINVAL;
+               else
+                       vap->iv_max_nodes = value;
+               break;
 #ifdef ATH_REVERSE_ENGINEERING
        case IEEE80211_PARAM_DUMPREGS:
                ieee80211_dump_registers(dev, info, w, extra);
@@ -3234,6 +3240,9 @@ ieee80211_ioctl_getparam(struct net_devi
        case IEEE80211_PARAM_WDS_SEP:
                param[0] = !!(vap->iv_flags_ext & IEEE80211_FEXT_WDSSEP);
                break;
+       case IEEE80211_PARAM_MAXASSOC:
+               param[0] = vap->iv_max_nodes;
+               break;
        default:
                return -EOPNOTSUPP;
        }
@@ -5789,6 +5798,10 @@ static const struct iw_priv_args ieee802
         IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "wdssep"},
        { IEEE80211_PARAM_WDS_SEP,
         0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "get_wdssep"},
+       { IEEE80211_PARAM_MAXASSOC,
+        IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, 0, "maxassoc"},
+       { IEEE80211_PARAM_MAXASSOC,
+        0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "get_maxassoc"},
 
 #ifdef ATH_REVERSE_ENGINEERING
        /*
--- a/net80211/ieee80211_input.c
+++ b/net80211/ieee80211_input.c
@@ -4020,7 +4020,26 @@ ieee80211_recv_mgmt(struct ieee80211vap 
                        vap->iv_stats.is_rx_assoc_norate++;
                        return;
                }
+               if (vap->iv_max_nodes > 0) {
+                       unsigned int active_nodes = 0;
+                       struct ieee80211_node *tni;
+
+                       IEEE80211_NODE_TABLE_LOCK_IRQ(&ic->ic_sta);
+                       TAILQ_FOREACH(tni, &ic->ic_sta.nt_node, ni_list) {
+                               if (tni->ni_vap != vap)
+                                       continue;
+                               if (tni->ni_associd == 0)
+                                       continue;
+                               active_nodes++;
+                       }
+                       IEEE80211_NODE_TABLE_UNLOCK_IRQ(&ic->ic_sta);
 
+                       if (active_nodes >= vap->iv_max_nodes) {
+                               /* too many nodes connected */
+                               ieee80211_node_leave(ni);
+                               return;
+                       }
+               }
                if (ni->ni_associd != 0 &&
                    IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan)) {
                        if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME)