From patchwork Fri Jul 22 17:18:16 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "'arozansk@redhat.com'" <arozansk@redhat.com>
X-Patchwork-Id: 9243865
Return-Path: <linux-wpan-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	DFB506088F for <patchwork-linux-wpan@patchwork.kernel.org>;
	Fri, 22 Jul 2016 17:18:25 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CBFA62236A
	for <patchwork-linux-wpan@patchwork.kernel.org>;
	Fri, 22 Jul 2016 17:18:25 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id C108427FA8; Fri, 22 Jul 2016 17:18:25 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 595BE2236A
	for <patchwork-linux-wpan@patchwork.kernel.org>;
	Fri, 22 Jul 2016 17:18:25 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753236AbcGVRSZ (ORCPT
	<rfc822;patchwork-linux-wpan@patchwork.kernel.org>);
	Fri, 22 Jul 2016 13:18:25 -0400
Received: from mx1.redhat.com ([209.132.183.28]:51132 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752264AbcGVRSX (ORCPT <rfc822;linux-wpan@vger.kernel.org>);
	Fri, 22 Jul 2016 13:18:23 -0400
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 553878553D;
	Fri, 22 Jul 2016 17:18:23 +0000 (UTC)
Received: from napanee.usersys.redhat.com (dhcp-17-12.bos.redhat.com
	[10.18.17.12])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id u6MHIMFb008092; Fri, 22 Jul 2016 13:18:22 -0400
Received: by napanee.usersys.redhat.com (Postfix, from userid 1000)
	id E8373C08E0; Fri, 22 Jul 2016 13:18:21 -0400 (EDT)
From: Aristeu Rozanski <arozansk@redhat.com>
To: linux-wpan@vger.kernel.org
Cc: Alexander Aring <aar@pengutronix.de>,
	Stefan Schmidt <stefan@osg.samsung.com>,
	Jukka Rissanen <jukka.rissanen@linux.intel.com>,
	Aristeu Rozanski <arozansk@redhat.com>
Subject: [PATCH 3/3] ieee802154: encrypt frame before
	ieee802154_subif_start_xmit is called
Date: Fri, 22 Jul 2016 13:18:16 -0400
Message-Id: <1469207896-26481-3-git-send-email-arozansk@redhat.com>
In-Reply-To: <1469207896-26481-1-git-send-email-arozansk@redhat.com>
References: <1469207896-26481-1-git-send-email-arozansk@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.28]);
	Fri, 22 Jul 2016 17:18:23 +0000 (UTC)
Sender: linux-wpan-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wpan.vger.kernel.org>
X-Mailing-List: linux-wpan@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Move mac802154_llsec_encrypt() call to right before dev_queue_xmit()
call and out of ieee802154_subif_start_xmit(). This prevents packets
failing to send on raw sockets.

Signed-off-by: Aristeu Rozanski <arozansk@redhat.com>
---
 include/net/mac802154.h     | 14 ++++++++++++++
 net/ieee802154/6lowpan/tx.c |  4 ++--
 net/ieee802154/socket.c     |  4 +++-
 net/mac802154/tx.c          | 29 +++++++++++++++++------------
 4 files changed, 36 insertions(+), 15 deletions(-)

diff --git a/include/net/mac802154.h b/include/net/mac802154.h
index e465c85..ee24a0e 100644
--- a/include/net/mac802154.h
+++ b/include/net/mac802154.h
@@ -377,6 +377,20 @@ void ieee802154_wake_queue(struct ieee802154_hw *hw);
 void ieee802154_stop_queue(struct ieee802154_hw *hw);
 
 /**
+ * ieee802154_finish_frame - finish a frame before queueing for transmission
+ *
+ * @skb: the buffer to be finished
+ */
+#ifdef CONFIG_MAC802154
+int ieee802154_finish_frame(struct sk_buff *skb);
+#else	/* CONFIG_MAC802154 */
+static inline int ieee802154_finish_frame(struct sk_buff *skb)
+{
+	return dev_queue_xmit(skb);
+}
+#endif	/* !CONFIG_MAC802154 */
+
+/**
  * ieee802154_xmit_complete - frame transmission complete
  *
  * @hw: pointer as obtained from ieee802154_alloc_hw().
diff --git a/net/ieee802154/6lowpan/tx.c b/net/ieee802154/6lowpan/tx.c
index e459afd..113d3c8 100644
--- a/net/ieee802154/6lowpan/tx.c
+++ b/net/ieee802154/6lowpan/tx.c
@@ -135,7 +135,7 @@ lowpan_xmit_fragment(struct sk_buff *skb, const struct ieee802154_hdr *wpan_hdr,
 
 	raw_dump_table(__func__, " fragment dump", frag->data, frag->len);
 
-	return dev_queue_xmit(frag);
+	return ieee802154_finish_frame(frag);
 }
 
 static int
@@ -286,7 +286,7 @@ netdev_tx_t lowpan_xmit(struct sk_buff *skb, struct net_device *ldev)
 		skb->dev = lowpan_802154_dev(ldev)->wdev;
 		ldev->stats.tx_packets++;
 		ldev->stats.tx_bytes += dgram_size;
-		return dev_queue_xmit(skb);
+		return ieee802154_finish_frame(skb);
 	} else {
 		netdev_tx_t rc;
 
diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c
index e0bd013..8ef159a 100644
--- a/net/ieee802154/socket.c
+++ b/net/ieee802154/socket.c
@@ -33,6 +33,7 @@
 
 #include <net/af_ieee802154.h>
 #include <net/ieee802154_netdev.h>
+#include <net/mac802154.h>
 
 /* Utility function for families */
 static struct net_device*
@@ -306,6 +307,7 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
 
 	dev_put(dev);
 
+	/* For raw sockets we don't go through ieee802154_finish_frame() */
 	err = dev_queue_xmit(skb);
 	if (err > 0)
 		err = net_xmit_errno(err);
@@ -695,7 +697,7 @@ static int dgram_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
 
 	dev_put(dev);
 
-	err = dev_queue_xmit(skb);
+	err = ieee802154_finish_frame(skb);
 	if (err > 0)
 		err = net_xmit_errno(err);
 
diff --git a/net/mac802154/tx.c b/net/mac802154/tx.c
index 7e25345..82a996e 100644
--- a/net/mac802154/tx.c
+++ b/net/mac802154/tx.c
@@ -56,6 +56,23 @@ err_tx:
 	netdev_dbg(dev, "transmission failed\n");
 }
 
+int ieee802154_finish_frame(struct sk_buff *skb)
+{
+	struct net_device *dev = skb->dev;
+	struct ieee802154_sub_if_data *sdata = IEEE802154_DEV_TO_SUB_IF(dev);
+	int rc;
+
+	rc = mac802154_llsec_encrypt(&sdata->sec, skb);
+	if (rc) {
+		netdev_warn(dev, "encryption failed: %i\n", rc);
+		kfree_skb(skb);
+		return NET_XMIT_DROP;
+	}
+
+	return dev_queue_xmit(skb);
+}
+EXPORT_SYMBOL_GPL(ieee802154_finish_frame);
+
 static netdev_tx_t
 ieee802154_tx(struct ieee802154_local *local, struct sk_buff *skb)
 {
@@ -107,18 +124,6 @@ netdev_tx_t
 ieee802154_subif_start_xmit(struct sk_buff *skb, struct net_device *dev)
 {
 	struct ieee802154_sub_if_data *sdata = IEEE802154_DEV_TO_SUB_IF(dev);
-	int rc;
-
-	/* TODO we should move it to wpan_dev_hard_header and dev_hard_header
-	 * functions. The reason is wireshark will show a mac header which is
-	 * with security fields but the payload is not encrypted.
-	 */
-	rc = mac802154_llsec_encrypt(&sdata->sec, skb);
-	if (rc) {
-		netdev_warn(dev, "encryption failed: %i\n", rc);
-		kfree_skb(skb);
-		return NETDEV_TX_OK;
-	}
 
 	skb->skb_iif = dev->ifindex;