1 // SPDX-License-Identifier: GPL-2.0-only 2 /****************************************************************************** 3 4 Copyright(c) 2003 - 2005 Intel Corporation. All rights reserved. 5 6 7 Contact Information: 8 Intel Linux Wireless <ilw@linux.intel.com> 9 Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 10 11 ******************************************************************************/ 12 #include <linux/compiler.h> 13 #include <linux/errno.h> 14 #include <linux/if_arp.h> 15 #include <linux/in6.h> 16 #include <linux/in.h> 17 #include <linux/ip.h> 18 #include <linux/kernel.h> 19 #include <linux/module.h> 20 #include <linux/netdevice.h> 21 #include <linux/proc_fs.h> 22 #include <linux/skbuff.h> 23 #include <linux/slab.h> 24 #include <linux/tcp.h> 25 #include <linux/types.h> 26 #include <linux/wireless.h> 27 #include <linux/etherdevice.h> 28 #include <linux/uaccess.h> 29 30 #include "libipw.h" 31 32 /* 33 34 802.11 Data Frame 35 36 ,-------------------------------------------------------------------. 37 Bytes | 2 | 2 | 6 | 6 | 6 | 2 | 0..2312 | 4 | 38 |------|------|---------|---------|---------|------|---------|------| 39 Desc. | ctrl | dura | DA/RA | TA | SA | Sequ | Frame | fcs | 40 | | tion | (BSSID) | | | ence | data | | 41 `--------------------------------------------------| |------' 42 Total: 28 non-data bytes `----.----' 43 | 44 .- 'Frame data' expands, if WEP enabled, to <----------' 45 | 46 V 47 ,-----------------------. 48 Bytes | 4 | 0-2296 | 4 | 49 |-----|-----------|-----| 50 Desc. | IV | Encrypted | ICV | 51 | | Packet | | 52 `-----| |-----' 53 `-----.-----' 54 | 55 .- 'Encrypted Packet' expands to 56 | 57 V 58 ,---------------------------------------------------. 59 Bytes | 1 | 1 | 1 | 3 | 2 | 0-2304 | 60 |------|------|---------|----------|------|---------| 61 Desc. | SNAP | SNAP | Control |Eth Tunnel| Type | IP | 62 | DSAP | SSAP | | | | Packet | 63 | 0xAA | 0xAA |0x03 (UI)|0x00-00-F8| | | 64 `---------------------------------------------------- 65 Total: 8 non-data bytes 66 67 802.3 Ethernet Data Frame 68 69 ,-----------------------------------------. 70 Bytes | 6 | 6 | 2 | Variable | 4 | 71 |-------|-------|------|-----------|------| 72 Desc. | Dest. | Source| Type | IP Packet | fcs | 73 | MAC | MAC | | | | 74 `-----------------------------------------' 75 Total: 18 non-data bytes 76 77 In the event that fragmentation is required, the incoming payload is split into 78 N parts of size ieee->fts. The first fragment contains the SNAP header and the 79 remaining packets are just data. 80 81 If encryption is enabled, each fragment payload size is reduced by enough space 82 to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP) 83 So if you have 1500 bytes of payload with ieee->fts set to 500 without 84 encryption it will take 3 frames. With WEP it will take 4 frames as the 85 payload of each frame is reduced to 492 bytes. 86 87 * SKB visualization 88 * 89 * ,- skb->data 90 * | 91 * | ETHERNET HEADER ,-<-- PAYLOAD 92 * | | 14 bytes from skb->data 93 * | 2 bytes for Type --> ,T. | (sizeof ethhdr) 94 * | | | | 95 * |,-Dest.--. ,--Src.---. | | | 96 * | 6 bytes| | 6 bytes | | | | 97 * v | | | | | | 98 * 0 | v 1 | v | v 2 99 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 100 * ^ | ^ | ^ | 101 * | | | | | | 102 * | | | | `T' <---- 2 bytes for Type 103 * | | | | 104 * | | '---SNAP--' <-------- 6 bytes for SNAP 105 * | | 106 * `-IV--' <-------------------- 4 bytes for IV (WEP) 107 * 108 * SNAP HEADER 109 * 110 */ 111 112 static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 }; 113 static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 }; 114 115 static int libipw_copy_snap(u8 * data, __be16 h_proto) 116 { 117 struct libipw_snap_hdr *snap; 118 u8 *oui; 119 120 snap = (struct libipw_snap_hdr *)data; 121 snap->dsap = 0xaa; 122 snap->ssap = 0xaa; 123 snap->ctrl = 0x03; 124 125 if (h_proto == htons(ETH_P_AARP) || h_proto == htons(ETH_P_IPX)) 126 oui = P802_1H_OUI; 127 else 128 oui = RFC1042_OUI; 129 snap->oui[0] = oui[0]; 130 snap->oui[1] = oui[1]; 131 snap->oui[2] = oui[2]; 132 133 memcpy(data + SNAP_SIZE, &h_proto, sizeof(u16)); 134 135 return SNAP_SIZE + sizeof(u16); 136 } 137 138 static int libipw_encrypt_fragment(struct libipw_device *ieee, 139 struct sk_buff *frag, int hdr_len) 140 { 141 struct lib80211_crypt_data *crypt = 142 ieee->crypt_info.crypt[ieee->crypt_info.tx_keyidx]; 143 int res; 144 145 if (crypt == NULL) 146 return -1; 147 148 /* To encrypt, frame format is: 149 * IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */ 150 atomic_inc(&crypt->refcnt); 151 res = 0; 152 if (crypt->ops && crypt->ops->encrypt_mpdu) 153 res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv); 154 155 atomic_dec(&crypt->refcnt); 156 if (res < 0) { 157 printk(KERN_INFO "%s: Encryption failed: len=%d.\n", 158 ieee->dev->name, frag->len); 159 ieee->ieee_stats.tx_discards++; 160 return -1; 161 } 162 163 return 0; 164 } 165 166 void libipw_txb_free(struct libipw_txb *txb) 167 { 168 int i; 169 if (unlikely(!txb)) 170 return; 171 for (i = 0; i < txb->nr_frags; i++) 172 if (txb->fragments[i]) 173 dev_kfree_skb_any(txb->fragments[i]); 174 kfree(txb); 175 } 176 177 static struct libipw_txb *libipw_alloc_txb(int nr_frags, int txb_size, 178 int headroom, gfp_t gfp_mask) 179 { 180 struct libipw_txb *txb; 181 int i; 182 183 txb = kmalloc(struct_size(txb, fragments, nr_frags), gfp_mask); 184 if (!txb) 185 return NULL; 186 187 memset(txb, 0, sizeof(struct libipw_txb)); 188 txb->nr_frags = nr_frags; 189 txb->frag_size = txb_size; 190 191 for (i = 0; i < nr_frags; i++) { 192 txb->fragments[i] = __dev_alloc_skb(txb_size + headroom, 193 gfp_mask); 194 if (unlikely(!txb->fragments[i])) { 195 i--; 196 break; 197 } 198 skb_reserve(txb->fragments[i], headroom); 199 } 200 if (unlikely(i != nr_frags)) { 201 while (i >= 0) 202 dev_kfree_skb_any(txb->fragments[i--]); 203 kfree(txb); 204 return NULL; 205 } 206 return txb; 207 } 208 209 static int libipw_classify(struct sk_buff *skb) 210 { 211 struct ethhdr *eth; 212 struct iphdr *ip; 213 214 eth = (struct ethhdr *)skb->data; 215 if (eth->h_proto != htons(ETH_P_IP)) 216 return 0; 217 218 ip = ip_hdr(skb); 219 switch (ip->tos & 0xfc) { 220 case 0x20: 221 return 2; 222 case 0x40: 223 return 1; 224 case 0x60: 225 return 3; 226 case 0x80: 227 return 4; 228 case 0xa0: 229 return 5; 230 case 0xc0: 231 return 6; 232 case 0xe0: 233 return 7; 234 default: 235 return 0; 236 } 237 } 238 239 /* Incoming skb is converted to a txb which consists of 240 * a block of 802.11 fragment packets (stored as skbs) */ 241 netdev_tx_t libipw_xmit(struct sk_buff *skb, struct net_device *dev) 242 { 243 struct libipw_device *ieee = netdev_priv(dev); 244 struct libipw_txb *txb = NULL; 245 struct libipw_hdr_3addrqos *frag_hdr; 246 int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size, 247 rts_required; 248 unsigned long flags; 249 int encrypt, host_encrypt, host_encrypt_msdu; 250 __be16 ether_type; 251 int bytes, fc, hdr_len; 252 struct sk_buff *skb_frag; 253 struct libipw_hdr_3addrqos header = {/* Ensure zero initialized */ 254 .duration_id = 0, 255 .seq_ctl = 0, 256 .qos_ctl = 0 257 }; 258 u8 dest[ETH_ALEN], src[ETH_ALEN]; 259 struct lib80211_crypt_data *crypt; 260 int priority = skb->priority; 261 int snapped = 0; 262 263 if (ieee->is_queue_full && (*ieee->is_queue_full) (dev, priority)) 264 return NETDEV_TX_BUSY; 265 266 spin_lock_irqsave(&ieee->lock, flags); 267 268 /* If there is no driver handler to take the TXB, dont' bother 269 * creating it... */ 270 if (!ieee->hard_start_xmit) { 271 printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name); 272 goto success; 273 } 274 275 if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) { 276 printk(KERN_WARNING "%s: skb too small (%d).\n", 277 ieee->dev->name, skb->len); 278 goto success; 279 } 280 281 ether_type = ((struct ethhdr *)skb->data)->h_proto; 282 283 crypt = ieee->crypt_info.crypt[ieee->crypt_info.tx_keyidx]; 284 285 encrypt = !(ether_type == htons(ETH_P_PAE) && ieee->ieee802_1x) && 286 ieee->sec.encrypt; 287 288 host_encrypt = ieee->host_encrypt && encrypt && crypt; 289 host_encrypt_msdu = ieee->host_encrypt_msdu && encrypt && crypt; 290 291 if (!encrypt && ieee->ieee802_1x && 292 ieee->drop_unencrypted && ether_type != htons(ETH_P_PAE)) { 293 dev->stats.tx_dropped++; 294 goto success; 295 } 296 297 /* Save source and destination addresses */ 298 skb_copy_from_linear_data(skb, dest, ETH_ALEN); 299 skb_copy_from_linear_data_offset(skb, ETH_ALEN, src, ETH_ALEN); 300 301 if (host_encrypt) 302 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA | 303 IEEE80211_FCTL_PROTECTED; 304 else 305 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA; 306 307 if (ieee->iw_mode == IW_MODE_INFRA) { 308 fc |= IEEE80211_FCTL_TODS; 309 /* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */ 310 memcpy(header.addr1, ieee->bssid, ETH_ALEN); 311 memcpy(header.addr2, src, ETH_ALEN); 312 memcpy(header.addr3, dest, ETH_ALEN); 313 } else if (ieee->iw_mode == IW_MODE_ADHOC) { 314 /* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */ 315 memcpy(header.addr1, dest, ETH_ALEN); 316 memcpy(header.addr2, src, ETH_ALEN); 317 memcpy(header.addr3, ieee->bssid, ETH_ALEN); 318 } 319 hdr_len = LIBIPW_3ADDR_LEN; 320 321 if (ieee->is_qos_active && ieee->is_qos_active(dev, skb)) { 322 fc |= IEEE80211_STYPE_QOS_DATA; 323 hdr_len += 2; 324 325 skb->priority = libipw_classify(skb); 326 header.qos_ctl |= cpu_to_le16(skb->priority & LIBIPW_QCTL_TID); 327 } 328 header.frame_ctl = cpu_to_le16(fc); 329 330 /* Advance the SKB to the start of the payload */ 331 skb_pull(skb, sizeof(struct ethhdr)); 332 333 /* Determine total amount of storage required for TXB packets */ 334 bytes = skb->len + SNAP_SIZE + sizeof(u16); 335 336 /* Encrypt msdu first on the whole data packet. */ 337 if ((host_encrypt || host_encrypt_msdu) && 338 crypt && crypt->ops && crypt->ops->encrypt_msdu) { 339 int res = 0; 340 int len = bytes + hdr_len + crypt->ops->extra_msdu_prefix_len + 341 crypt->ops->extra_msdu_postfix_len; 342 struct sk_buff *skb_new = dev_alloc_skb(len); 343 344 if (unlikely(!skb_new)) 345 goto failed; 346 347 skb_reserve(skb_new, crypt->ops->extra_msdu_prefix_len); 348 skb_put_data(skb_new, &header, hdr_len); 349 snapped = 1; 350 libipw_copy_snap(skb_put(skb_new, SNAP_SIZE + sizeof(u16)), 351 ether_type); 352 skb_copy_from_linear_data(skb, skb_put(skb_new, skb->len), skb->len); 353 res = crypt->ops->encrypt_msdu(skb_new, hdr_len, crypt->priv); 354 if (res < 0) { 355 LIBIPW_ERROR("msdu encryption failed\n"); 356 dev_kfree_skb_any(skb_new); 357 goto failed; 358 } 359 dev_kfree_skb_any(skb); 360 skb = skb_new; 361 bytes += crypt->ops->extra_msdu_prefix_len + 362 crypt->ops->extra_msdu_postfix_len; 363 skb_pull(skb, hdr_len); 364 } 365 366 if (host_encrypt || ieee->host_open_frag) { 367 /* Determine fragmentation size based on destination (multicast 368 * and broadcast are not fragmented) */ 369 if (is_multicast_ether_addr(dest) || 370 is_broadcast_ether_addr(dest)) 371 frag_size = MAX_FRAG_THRESHOLD; 372 else 373 frag_size = ieee->fts; 374 375 /* Determine amount of payload per fragment. Regardless of if 376 * this stack is providing the full 802.11 header, one will 377 * eventually be affixed to this fragment -- so we must account 378 * for it when determining the amount of payload space. */ 379 bytes_per_frag = frag_size - hdr_len; 380 if (ieee->config & 381 (CFG_LIBIPW_COMPUTE_FCS | CFG_LIBIPW_RESERVE_FCS)) 382 bytes_per_frag -= LIBIPW_FCS_LEN; 383 384 /* Each fragment may need to have room for encryption 385 * pre/postfix */ 386 if (host_encrypt) 387 bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len + 388 crypt->ops->extra_mpdu_postfix_len; 389 390 /* Number of fragments is the total 391 * bytes_per_frag / payload_per_fragment */ 392 nr_frags = bytes / bytes_per_frag; 393 bytes_last_frag = bytes % bytes_per_frag; 394 if (bytes_last_frag) 395 nr_frags++; 396 else 397 bytes_last_frag = bytes_per_frag; 398 } else { 399 nr_frags = 1; 400 bytes_per_frag = bytes_last_frag = bytes; 401 frag_size = bytes + hdr_len; 402 } 403 404 rts_required = (frag_size > ieee->rts 405 && ieee->config & CFG_LIBIPW_RTS); 406 if (rts_required) 407 nr_frags++; 408 409 /* When we allocate the TXB we allocate enough space for the reserve 410 * and full fragment bytes (bytes_per_frag doesn't include prefix, 411 * postfix, header, FCS, etc.) */ 412 txb = libipw_alloc_txb(nr_frags, frag_size, 413 ieee->tx_headroom, GFP_ATOMIC); 414 if (unlikely(!txb)) { 415 printk(KERN_WARNING "%s: Could not allocate TXB\n", 416 ieee->dev->name); 417 goto failed; 418 } 419 txb->encrypted = encrypt; 420 if (host_encrypt) 421 txb->payload_size = frag_size * (nr_frags - 1) + 422 bytes_last_frag; 423 else 424 txb->payload_size = bytes; 425 426 if (rts_required) { 427 skb_frag = txb->fragments[0]; 428 frag_hdr = skb_put(skb_frag, hdr_len); 429 430 /* 431 * Set header frame_ctl to the RTS. 432 */ 433 header.frame_ctl = 434 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS); 435 memcpy(frag_hdr, &header, hdr_len); 436 437 /* 438 * Restore header frame_ctl to the original data setting. 439 */ 440 header.frame_ctl = cpu_to_le16(fc); 441 442 if (ieee->config & 443 (CFG_LIBIPW_COMPUTE_FCS | CFG_LIBIPW_RESERVE_FCS)) 444 skb_put(skb_frag, 4); 445 446 txb->rts_included = 1; 447 i = 1; 448 } else 449 i = 0; 450 451 for (; i < nr_frags; i++) { 452 skb_frag = txb->fragments[i]; 453 454 if (host_encrypt) 455 skb_reserve(skb_frag, 456 crypt->ops->extra_mpdu_prefix_len); 457 458 frag_hdr = skb_put_data(skb_frag, &header, hdr_len); 459 460 /* If this is not the last fragment, then add the MOREFRAGS 461 * bit to the frame control */ 462 if (i != nr_frags - 1) { 463 frag_hdr->frame_ctl = 464 cpu_to_le16(fc | IEEE80211_FCTL_MOREFRAGS); 465 bytes = bytes_per_frag; 466 } else { 467 /* The last fragment takes the remaining length */ 468 bytes = bytes_last_frag; 469 } 470 471 if (i == 0 && !snapped) { 472 libipw_copy_snap(skb_put 473 (skb_frag, SNAP_SIZE + sizeof(u16)), 474 ether_type); 475 bytes -= SNAP_SIZE + sizeof(u16); 476 } 477 478 skb_copy_from_linear_data(skb, skb_put(skb_frag, bytes), bytes); 479 480 /* Advance the SKB... */ 481 skb_pull(skb, bytes); 482 483 /* Encryption routine will move the header forward in order 484 * to insert the IV between the header and the payload */ 485 if (host_encrypt) 486 libipw_encrypt_fragment(ieee, skb_frag, hdr_len); 487 488 if (ieee->config & 489 (CFG_LIBIPW_COMPUTE_FCS | CFG_LIBIPW_RESERVE_FCS)) 490 skb_put(skb_frag, 4); 491 } 492 493 success: 494 spin_unlock_irqrestore(&ieee->lock, flags); 495 496 dev_kfree_skb_any(skb); 497 498 if (txb) { 499 netdev_tx_t ret = (*ieee->hard_start_xmit)(txb, dev, priority); 500 if (ret == NETDEV_TX_OK) { 501 dev->stats.tx_packets++; 502 dev->stats.tx_bytes += txb->payload_size; 503 return NETDEV_TX_OK; 504 } 505 506 libipw_txb_free(txb); 507 } 508 509 return NETDEV_TX_OK; 510 511 failed: 512 spin_unlock_irqrestore(&ieee->lock, flags); 513 netif_stop_queue(dev); 514 dev->stats.tx_errors++; 515 return NETDEV_TX_BUSY; 516 } 517 EXPORT_SYMBOL(libipw_xmit); 518 519 EXPORT_SYMBOL(libipw_txb_free); 520