mac80211: keep non-zero sequence counter of injected frames

The sequence number of injected frames is being overwritten by the
function ieee80211_tx_h_sequence when the following two conditions
are met:

1. The frame is injected on a virtual interface, and a second virtual
   interface on this device is operating in managed/AP/.. mode.

2. The sender MAC address of the injected frame matches the MAC
   address of the second interface operating in managed/AP/.. mode.

In some cases this may be desired, for instance when hostap is
configured to send certain frames using a monitor interface, in which
case the user-space will not assign a sequence number and instead
injects frames with a sequence number of zero.

However, in case the user-space does assign a non-zero sequence
number, this number should not be overwritten by the kernel. This
patch adds a check to see if injected frames have already been assigned
a non-zero sequence number, and if so, this sequence number will not
be overwritten by the kernel.

Signed-off-by: Mathy Vanhoef <mathy.vanhoef@nyu.edu>

net/mac80211/tx.c

@@ -808,11 +808,14 @@ ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
 	int tid;
 
 	/*
-	 * Packet injection may want to control the sequence
-	 * number, if we have no matching interface then we
-	 * neither assign one ourselves nor ask the driver to.
+	 * Packet injection may want to control the sequence number.
+	 * Do not assign one ourselves, and do not ask the driver to,
+	 * if there is no matching interface or if the injected frame
+	 * was already assigned a non-zero sequence number.
 	 */
-	if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
+	if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR ||
+		     (info->flags & IEEE80211_TX_CTL_INJECTED != 0 &&
+		      hdr->seq_ctrl != 0)))
 		return TX_CONTINUE;
 
 	if (unlikely(ieee80211_is_ctl(hdr->frame_control)))