1 /*
2 * NXP Wireless LAN device driver: station RX data handling
3 *
4 * Copyright 2011-2020 NXP
5 *
6 * This software file (the "File") is distributed by NXP
7 * under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
13 *
14 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
16 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
17 * this warranty disclaimer.
18 */
19
20 #include <uapi/linux/ipv6.h>
21 #include <net/ndisc.h>
22 #include "decl.h"
23 #include "ioctl.h"
24 #include "util.h"
25 #include "fw.h"
26 #include "main.h"
27 #include "11n_aggr.h"
28 #include "11n_rxreorder.h"
29
30 /* This function checks if a frame is IPv4 ARP or IPv6 Neighbour advertisement
31 * frame. If frame has both source and destination mac address as same, this
32 * function drops such gratuitous frames.
33 */
34 static bool
mwifiex_discard_gratuitous_arp(struct mwifiex_private * priv,struct sk_buff * skb)35 mwifiex_discard_gratuitous_arp(struct mwifiex_private *priv,
36 struct sk_buff *skb)
37 {
38 const struct mwifiex_arp_eth_header *arp;
39 struct ethhdr *eth;
40 struct ipv6hdr *ipv6;
41 struct icmp6hdr *icmpv6;
42
43 eth = (struct ethhdr *)skb->data;
44 switch (ntohs(eth->h_proto)) {
45 case ETH_P_ARP:
46 arp = (void *)(skb->data + sizeof(struct ethhdr));
47 if (arp->hdr.ar_op == htons(ARPOP_REPLY) ||
48 arp->hdr.ar_op == htons(ARPOP_REQUEST)) {
49 if (!memcmp(arp->ar_sip, arp->ar_tip, 4))
50 return true;
51 }
52 break;
53 case ETH_P_IPV6:
54 ipv6 = (void *)(skb->data + sizeof(struct ethhdr));
55 icmpv6 = (void *)(skb->data + sizeof(struct ethhdr) +
56 sizeof(struct ipv6hdr));
57 if (NDISC_NEIGHBOUR_ADVERTISEMENT == icmpv6->icmp6_type) {
58 if (!memcmp(&ipv6->saddr, &ipv6->daddr,
59 sizeof(struct in6_addr)))
60 return true;
61 }
62 break;
63 default:
64 break;
65 }
66
67 return false;
68 }
69
70 /*
71 * This function processes the received packet and forwards it
72 * to kernel/upper layer.
73 *
74 * This function parses through the received packet and determines
75 * if it is a debug packet or normal packet.
76 *
77 * For non-debug packets, the function chops off unnecessary leading
78 * header bytes, reconstructs the packet as an ethernet frame or
79 * 802.2/llc/snap frame as required, and sends it to kernel/upper layer.
80 *
81 * The completion callback is called after processing in complete.
82 */
mwifiex_process_rx_packet(struct mwifiex_private * priv,struct sk_buff * skb)83 int mwifiex_process_rx_packet(struct mwifiex_private *priv,
84 struct sk_buff *skb)
85 {
86 int ret;
87 struct rx_packet_hdr *rx_pkt_hdr;
88 struct rxpd *local_rx_pd;
89 int hdr_chop;
90 struct ethhdr *eth;
91 u16 rx_pkt_off, rx_pkt_len;
92 u8 *offset;
93 u8 adj_rx_rate = 0;
94
95 local_rx_pd = (struct rxpd *) (skb->data);
96
97 rx_pkt_off = le16_to_cpu(local_rx_pd->rx_pkt_offset);
98 rx_pkt_len = le16_to_cpu(local_rx_pd->rx_pkt_length);
99 rx_pkt_hdr = (void *)local_rx_pd + rx_pkt_off;
100
101 if (sizeof(rx_pkt_hdr->eth803_hdr) + sizeof(rfc1042_header) +
102 rx_pkt_off > skb->len) {
103 mwifiex_dbg(priv->adapter, ERROR,
104 "wrong rx packet offset: len=%d, rx_pkt_off=%d\n",
105 skb->len, rx_pkt_off);
106 priv->stats.rx_dropped++;
107 dev_kfree_skb_any(skb);
108 return -1;
109 }
110
111 if (sizeof(*rx_pkt_hdr) + rx_pkt_off <= skb->len &&
112 ((!memcmp(&rx_pkt_hdr->rfc1042_hdr, bridge_tunnel_header,
113 sizeof(bridge_tunnel_header))) ||
114 (!memcmp(&rx_pkt_hdr->rfc1042_hdr, rfc1042_header,
115 sizeof(rfc1042_header)) &&
116 ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_AARP &&
117 ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_IPX))) {
118 /*
119 * Replace the 803 header and rfc1042 header (llc/snap) with an
120 * EthernetII header, keep the src/dst and snap_type
121 * (ethertype).
122 * The firmware only passes up SNAP frames converting
123 * all RX Data from 802.11 to 802.2/LLC/SNAP frames.
124 * To create the Ethernet II, just move the src, dst address
125 * right before the snap_type.
126 */
127 eth = (struct ethhdr *)
128 ((u8 *) &rx_pkt_hdr->eth803_hdr
129 + sizeof(rx_pkt_hdr->eth803_hdr) +
130 sizeof(rx_pkt_hdr->rfc1042_hdr)
131 - sizeof(rx_pkt_hdr->eth803_hdr.h_dest)
132 - sizeof(rx_pkt_hdr->eth803_hdr.h_source)
133 - sizeof(rx_pkt_hdr->rfc1042_hdr.snap_type));
134
135 memcpy(eth->h_source, rx_pkt_hdr->eth803_hdr.h_source,
136 sizeof(eth->h_source));
137 memcpy(eth->h_dest, rx_pkt_hdr->eth803_hdr.h_dest,
138 sizeof(eth->h_dest));
139
140 /* Chop off the rxpd + the excess memory from the 802.2/llc/snap
141 header that was removed. */
142 hdr_chop = (u8 *) eth - (u8 *) local_rx_pd;
143 } else {
144 /* Chop off the rxpd */
145 hdr_chop = (u8 *) &rx_pkt_hdr->eth803_hdr -
146 (u8 *) local_rx_pd;
147 }
148
149 /* Chop off the leading header bytes so the it points to the start of
150 either the reconstructed EthII frame or the 802.2/llc/snap frame */
151 skb_pull(skb, hdr_chop);
152
153 if (priv->hs2_enabled &&
154 mwifiex_discard_gratuitous_arp(priv, skb)) {
155 mwifiex_dbg(priv->adapter, INFO, "Bypassed Gratuitous ARP\n");
156 dev_kfree_skb_any(skb);
157 return 0;
158 }
159
160 if (ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
161 ntohs(rx_pkt_hdr->eth803_hdr.h_proto) == ETH_P_TDLS) {
162 offset = (u8 *)local_rx_pd + rx_pkt_off;
163 mwifiex_process_tdls_action_frame(priv, offset, rx_pkt_len);
164 }
165
166 /* Only stash RX bitrate for unicast packets. */
167 if (likely(!is_multicast_ether_addr(rx_pkt_hdr->eth803_hdr.h_dest))) {
168 priv->rxpd_rate = local_rx_pd->rx_rate;
169 priv->rxpd_htinfo = local_rx_pd->ht_info;
170 }
171
172 if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA ||
173 GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP) {
174 adj_rx_rate = mwifiex_adjust_data_rate(priv,
175 local_rx_pd->rx_rate,
176 local_rx_pd->ht_info);
177 mwifiex_hist_data_add(priv, adj_rx_rate, local_rx_pd->snr,
178 local_rx_pd->nf);
179 }
180
181 ret = mwifiex_recv_packet(priv, skb);
182 if (ret == -1)
183 mwifiex_dbg(priv->adapter, ERROR,
184 "recv packet failed\n");
185
186 return ret;
187 }
188
189 /*
190 * This function processes the received buffer.
191 *
192 * The function looks into the RxPD and performs sanity tests on the
193 * received buffer to ensure its a valid packet, before processing it
194 * further. If the packet is determined to be aggregated, it is
195 * de-aggregated accordingly. Non-unicast packets are sent directly to
196 * the kernel/upper layers. Unicast packets are handed over to the
197 * Rx reordering routine if 11n is enabled.
198 *
199 * The completion callback is called after processing in complete.
200 */
mwifiex_process_sta_rx_packet(struct mwifiex_private * priv,struct sk_buff * skb)201 int mwifiex_process_sta_rx_packet(struct mwifiex_private *priv,
202 struct sk_buff *skb)
203 {
204 struct mwifiex_adapter *adapter = priv->adapter;
205 int ret = 0;
206 struct rxpd *local_rx_pd;
207 struct rx_packet_hdr *rx_pkt_hdr;
208 u8 ta[ETH_ALEN];
209 u16 rx_pkt_type, rx_pkt_offset, rx_pkt_length, seq_num;
210 struct mwifiex_sta_node *sta_ptr;
211
212 local_rx_pd = (struct rxpd *) (skb->data);
213 rx_pkt_type = le16_to_cpu(local_rx_pd->rx_pkt_type);
214 rx_pkt_offset = le16_to_cpu(local_rx_pd->rx_pkt_offset);
215 rx_pkt_length = le16_to_cpu(local_rx_pd->rx_pkt_length);
216 seq_num = le16_to_cpu(local_rx_pd->seq_num);
217
218 rx_pkt_hdr = (void *)local_rx_pd + rx_pkt_offset;
219
220 if ((rx_pkt_offset + rx_pkt_length) > skb->len ||
221 sizeof(rx_pkt_hdr->eth803_hdr) + rx_pkt_offset > skb->len) {
222 mwifiex_dbg(adapter, ERROR,
223 "wrong rx packet: len=%d, rx_pkt_offset=%d, rx_pkt_length=%d\n",
224 skb->len, rx_pkt_offset, rx_pkt_length);
225 priv->stats.rx_dropped++;
226 dev_kfree_skb_any(skb);
227 return ret;
228 }
229
230 if (rx_pkt_type == PKT_TYPE_MGMT) {
231 ret = mwifiex_process_mgmt_packet(priv, skb);
232 if (ret)
233 mwifiex_dbg(adapter, DATA, "Rx of mgmt packet failed");
234 dev_kfree_skb_any(skb);
235 return ret;
236 }
237
238 /*
239 * If the packet is not an unicast packet then send the packet
240 * directly to os. Don't pass thru rx reordering
241 */
242 if ((!IS_11N_ENABLED(priv) &&
243 !(ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
244 !(local_rx_pd->flags & MWIFIEX_RXPD_FLAGS_TDLS_PACKET))) ||
245 !ether_addr_equal_unaligned(priv->curr_addr, rx_pkt_hdr->eth803_hdr.h_dest)) {
246 mwifiex_process_rx_packet(priv, skb);
247 return ret;
248 }
249
250 if (mwifiex_queuing_ra_based(priv) ||
251 (ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
252 local_rx_pd->flags & MWIFIEX_RXPD_FLAGS_TDLS_PACKET)) {
253 memcpy(ta, rx_pkt_hdr->eth803_hdr.h_source, ETH_ALEN);
254 if (local_rx_pd->flags & MWIFIEX_RXPD_FLAGS_TDLS_PACKET &&
255 local_rx_pd->priority < MAX_NUM_TID) {
256 sta_ptr = mwifiex_get_sta_entry(priv, ta);
257 if (sta_ptr)
258 sta_ptr->rx_seq[local_rx_pd->priority] =
259 le16_to_cpu(local_rx_pd->seq_num);
260 mwifiex_auto_tdls_update_peer_signal(priv, ta,
261 local_rx_pd->snr,
262 local_rx_pd->nf);
263 }
264 } else {
265 if (rx_pkt_type != PKT_TYPE_BAR &&
266 local_rx_pd->priority < MAX_NUM_TID)
267 priv->rx_seq[local_rx_pd->priority] = seq_num;
268 memcpy(ta, priv->curr_bss_params.bss_descriptor.mac_address,
269 ETH_ALEN);
270 }
271
272 /* Reorder and send to OS */
273 ret = mwifiex_11n_rx_reorder_pkt(priv, seq_num, local_rx_pd->priority,
274 ta, (u8) rx_pkt_type, skb);
275
276 if (ret || (rx_pkt_type == PKT_TYPE_BAR))
277 dev_kfree_skb_any(skb);
278
279 if (ret)
280 priv->stats.rx_dropped++;
281
282 return ret;
283 }
284