net80211: drop m_pullup call from ieee80211_crypto_decap.

For most wireless drivers Rx mbuf is allocated as one contiguous chunk; only few are using chains for allocations - but even then at least MCLBYTES (minus Rx descriptor size) is available in the first mbuf. In addition to the above, m_pullup was never called here - otherwise, reallocation will break post-crypto_decap logic (ieee80211_decap, ieee80211_deliver_data...), so just remove it; length check is left in case if some truncated frame appears here. PR: 234241 MFC after: 1 week
2019-01-19 16:04:26 +00:00 · 2019-01-19 16:04:26 +00:00 · 1270bd5e41
commit 1270bd5e41
parent 4881e4aa99
1 changed files with 6 additions and 5 deletions
--- a/sys/net80211/ieee80211_crypto.c
+++ b/sys/net80211/ieee80211_crypto.c
@ -662,14 +662,15 @@ ieee80211_crypto_decap(struct ieee80211_node *ni, struct mbuf *m, int hdrlen,
 		k = &ni->ni_ucastkey;

 	/*
-	 * Insure crypto header is contiguous for all decap work.
+	 * Insure crypto header is contiguous and long enough for all
+	 * decap work.
 	 */
 	cip = k->wk_cipher;
-	if (m->m_len < hdrlen + cip->ic_header &&
-	    (m = m_pullup(m, hdrlen + cip->ic_header)) == NULL) {
+	if (m->m_len < hdrlen + cip->ic_header) {
 		IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2,
-		    "unable to pullup %s header", cip->ic_name);
-		vap->iv_stats.is_rx_wepfail++;	/* XXX */
+		    "frame is too short (%d < %u) for crypto decap",
+		    cip->ic_name, m->m_len, hdrlen + cip->ic_header);
+		vap->iv_stats.is_rx_tooshort++;
 		*key = NULL;
 		return (0);
 	}