1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * NXP Wireless LAN device driver: station RX data handling
4  *
5  * Copyright 2011-2020 NXP
6  */
7 
8 #include <uapi/linux/ipv6.h>
9 #include <net/ndisc.h>
10 #include "decl.h"
11 #include "ioctl.h"
12 #include "util.h"
13 #include "fw.h"
14 #include "main.h"
15 #include "11n_aggr.h"
16 #include "11n_rxreorder.h"
17 
18 /* This function checks if a frame is IPv4 ARP or IPv6 Neighbour advertisement
19  * frame. If frame has both source and destination mac address as same, this
20  * function drops such gratuitous frames.
21  */
22 static bool
23 mwifiex_discard_gratuitous_arp(struct mwifiex_private *priv,
24 			       struct sk_buff *skb)
25 {
26 	const struct mwifiex_arp_eth_header *arp;
27 	struct ethhdr *eth;
28 	struct ipv6hdr *ipv6;
29 	struct icmp6hdr *icmpv6;
30 
31 	eth = (struct ethhdr *)skb->data;
32 	switch (ntohs(eth->h_proto)) {
33 	case ETH_P_ARP:
34 		arp = (void *)(skb->data + sizeof(struct ethhdr));
35 		if (arp->hdr.ar_op == htons(ARPOP_REPLY) ||
36 		    arp->hdr.ar_op == htons(ARPOP_REQUEST)) {
37 			if (!memcmp(arp->ar_sip, arp->ar_tip, 4))
38 				return true;
39 		}
40 		break;
41 	case ETH_P_IPV6:
42 		ipv6 = (void *)(skb->data + sizeof(struct ethhdr));
43 		icmpv6 = (void *)(skb->data + sizeof(struct ethhdr) +
44 				  sizeof(struct ipv6hdr));
45 		if (NDISC_NEIGHBOUR_ADVERTISEMENT == icmpv6->icmp6_type) {
46 			if (!memcmp(&ipv6->saddr, &ipv6->daddr,
47 				    sizeof(struct in6_addr)))
48 				return true;
49 		}
50 		break;
51 	default:
52 		break;
53 	}
54 
55 	return false;
56 }
57 
58 /*
59  * This function processes the received packet and forwards it
60  * to kernel/upper layer.
61  *
62  * This function parses through the received packet and determines
63  * if it is a debug packet or normal packet.
64  *
65  * For non-debug packets, the function chops off unnecessary leading
66  * header bytes, reconstructs the packet as an ethernet frame or
67  * 802.2/llc/snap frame as required, and sends it to kernel/upper layer.
68  *
69  * The completion callback is called after processing in complete.
70  */
71 int mwifiex_process_rx_packet(struct mwifiex_private *priv,
72 			      struct sk_buff *skb)
73 {
74 	int ret;
75 	struct rx_packet_hdr *rx_pkt_hdr;
76 	struct rxpd *local_rx_pd;
77 	int hdr_chop;
78 	struct ethhdr *eth;
79 	u16 rx_pkt_off, rx_pkt_len;
80 	u8 *offset;
81 	u8 adj_rx_rate = 0;
82 
83 	local_rx_pd = (struct rxpd *) (skb->data);
84 
85 	rx_pkt_off = le16_to_cpu(local_rx_pd->rx_pkt_offset);
86 	rx_pkt_len = le16_to_cpu(local_rx_pd->rx_pkt_length);
87 	rx_pkt_hdr = (void *)local_rx_pd + rx_pkt_off;
88 
89 	if (sizeof(*rx_pkt_hdr) + rx_pkt_off > skb->len) {
90 		mwifiex_dbg(priv->adapter, ERROR,
91 			    "wrong rx packet offset: len=%d, rx_pkt_off=%d\n",
92 			    skb->len, rx_pkt_off);
93 		priv->stats.rx_dropped++;
94 		dev_kfree_skb_any(skb);
95 	}
96 
97 	if ((!memcmp(&rx_pkt_hdr->rfc1042_hdr, bridge_tunnel_header,
98 		     sizeof(bridge_tunnel_header))) ||
99 	    (!memcmp(&rx_pkt_hdr->rfc1042_hdr, rfc1042_header,
100 		     sizeof(rfc1042_header)) &&
101 	     ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_AARP &&
102 	     ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_IPX)) {
103 		/*
104 		 *  Replace the 803 header and rfc1042 header (llc/snap) with an
105 		 *    EthernetII header, keep the src/dst and snap_type
106 		 *    (ethertype).
107 		 *  The firmware only passes up SNAP frames converting
108 		 *    all RX Data from 802.11 to 802.2/LLC/SNAP frames.
109 		 *  To create the Ethernet II, just move the src, dst address
110 		 *    right before the snap_type.
111 		 */
112 		eth = (struct ethhdr *)
113 			((u8 *) &rx_pkt_hdr->eth803_hdr
114 			 + sizeof(rx_pkt_hdr->eth803_hdr) +
115 			 sizeof(rx_pkt_hdr->rfc1042_hdr)
116 			 - sizeof(rx_pkt_hdr->eth803_hdr.h_dest)
117 			 - sizeof(rx_pkt_hdr->eth803_hdr.h_source)
118 			 - sizeof(rx_pkt_hdr->rfc1042_hdr.snap_type));
119 
120 		memcpy(eth->h_source, rx_pkt_hdr->eth803_hdr.h_source,
121 		       sizeof(eth->h_source));
122 		memcpy(eth->h_dest, rx_pkt_hdr->eth803_hdr.h_dest,
123 		       sizeof(eth->h_dest));
124 
125 		/* Chop off the rxpd + the excess memory from the 802.2/llc/snap
126 		   header that was removed. */
127 		hdr_chop = (u8 *) eth - (u8 *) local_rx_pd;
128 	} else {
129 		/* Chop off the rxpd */
130 		hdr_chop = (u8 *) &rx_pkt_hdr->eth803_hdr -
131 			(u8 *) local_rx_pd;
132 	}
133 
134 	/* Chop off the leading header bytes so the it points to the start of
135 	   either the reconstructed EthII frame or the 802.2/llc/snap frame */
136 	skb_pull(skb, hdr_chop);
137 
138 	if (priv->hs2_enabled &&
139 	    mwifiex_discard_gratuitous_arp(priv, skb)) {
140 		mwifiex_dbg(priv->adapter, INFO, "Bypassed Gratuitous ARP\n");
141 		dev_kfree_skb_any(skb);
142 		return 0;
143 	}
144 
145 	if (ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
146 	    ntohs(rx_pkt_hdr->eth803_hdr.h_proto) == ETH_P_TDLS) {
147 		offset = (u8 *)local_rx_pd + rx_pkt_off;
148 		mwifiex_process_tdls_action_frame(priv, offset, rx_pkt_len);
149 	}
150 
151 	/* Only stash RX bitrate for unicast packets. */
152 	if (likely(!is_multicast_ether_addr(rx_pkt_hdr->eth803_hdr.h_dest))) {
153 		priv->rxpd_rate = local_rx_pd->rx_rate;
154 		priv->rxpd_htinfo = local_rx_pd->ht_info;
155 	}
156 
157 	if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA ||
158 	    GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP) {
159 		adj_rx_rate = mwifiex_adjust_data_rate(priv,
160 						       local_rx_pd->rx_rate,
161 						       local_rx_pd->ht_info);
162 		mwifiex_hist_data_add(priv, adj_rx_rate, local_rx_pd->snr,
163 				      local_rx_pd->nf);
164 	}
165 
166 	ret = mwifiex_recv_packet(priv, skb);
167 	if (ret == -1)
168 		mwifiex_dbg(priv->adapter, ERROR,
169 			    "recv packet failed\n");
170 
171 	return ret;
172 }
173 
174 /*
175  * This function processes the received buffer.
176  *
177  * The function looks into the RxPD and performs sanity tests on the
178  * received buffer to ensure its a valid packet, before processing it
179  * further. If the packet is determined to be aggregated, it is
180  * de-aggregated accordingly. Non-unicast packets are sent directly to
181  * the kernel/upper layers. Unicast packets are handed over to the
182  * Rx reordering routine if 11n is enabled.
183  *
184  * The completion callback is called after processing in complete.
185  */
186 int mwifiex_process_sta_rx_packet(struct mwifiex_private *priv,
187 				  struct sk_buff *skb)
188 {
189 	struct mwifiex_adapter *adapter = priv->adapter;
190 	int ret = 0;
191 	struct rxpd *local_rx_pd;
192 	struct rx_packet_hdr *rx_pkt_hdr;
193 	u8 ta[ETH_ALEN];
194 	u16 rx_pkt_type, rx_pkt_offset, rx_pkt_length, seq_num;
195 	struct mwifiex_sta_node *sta_ptr;
196 
197 	local_rx_pd = (struct rxpd *) (skb->data);
198 	rx_pkt_type = le16_to_cpu(local_rx_pd->rx_pkt_type);
199 	rx_pkt_offset = le16_to_cpu(local_rx_pd->rx_pkt_offset);
200 	rx_pkt_length = le16_to_cpu(local_rx_pd->rx_pkt_length);
201 	seq_num = le16_to_cpu(local_rx_pd->seq_num);
202 
203 	rx_pkt_hdr = (void *)local_rx_pd + rx_pkt_offset;
204 
205 	if ((rx_pkt_offset + rx_pkt_length) > skb->len ||
206 	    sizeof(rx_pkt_hdr->eth803_hdr) + rx_pkt_offset > skb->len) {
207 		mwifiex_dbg(adapter, ERROR,
208 			    "wrong rx packet: len=%d, rx_pkt_offset=%d, rx_pkt_length=%d\n",
209 			    skb->len, rx_pkt_offset, rx_pkt_length);
210 		priv->stats.rx_dropped++;
211 		dev_kfree_skb_any(skb);
212 		return ret;
213 	}
214 
215 	if (rx_pkt_type == PKT_TYPE_MGMT) {
216 		ret = mwifiex_process_mgmt_packet(priv, skb);
217 		if (ret)
218 			mwifiex_dbg(adapter, DATA, "Rx of mgmt packet failed");
219 		dev_kfree_skb_any(skb);
220 		return ret;
221 	}
222 
223 	/*
224 	 * If the packet is not an unicast packet then send the packet
225 	 * directly to os. Don't pass thru rx reordering
226 	 */
227 	if ((!IS_11N_ENABLED(priv) &&
228 	     !(ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
229 	       !(local_rx_pd->flags & MWIFIEX_RXPD_FLAGS_TDLS_PACKET))) ||
230 	    !ether_addr_equal_unaligned(priv->curr_addr, rx_pkt_hdr->eth803_hdr.h_dest)) {
231 		mwifiex_process_rx_packet(priv, skb);
232 		return ret;
233 	}
234 
235 	if (mwifiex_queuing_ra_based(priv) ||
236 	    (ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
237 	     local_rx_pd->flags & MWIFIEX_RXPD_FLAGS_TDLS_PACKET)) {
238 		memcpy(ta, rx_pkt_hdr->eth803_hdr.h_source, ETH_ALEN);
239 		if (local_rx_pd->flags & MWIFIEX_RXPD_FLAGS_TDLS_PACKET &&
240 		    local_rx_pd->priority < MAX_NUM_TID) {
241 			sta_ptr = mwifiex_get_sta_entry(priv, ta);
242 			if (sta_ptr)
243 				sta_ptr->rx_seq[local_rx_pd->priority] =
244 					      le16_to_cpu(local_rx_pd->seq_num);
245 			mwifiex_auto_tdls_update_peer_signal(priv, ta,
246 							     local_rx_pd->snr,
247 							     local_rx_pd->nf);
248 		}
249 	} else {
250 		if (rx_pkt_type != PKT_TYPE_BAR &&
251 		    local_rx_pd->priority < MAX_NUM_TID)
252 			priv->rx_seq[local_rx_pd->priority] = seq_num;
253 		memcpy(ta, priv->curr_bss_params.bss_descriptor.mac_address,
254 		       ETH_ALEN);
255 	}
256 
257 	/* Reorder and send to OS */
258 	ret = mwifiex_11n_rx_reorder_pkt(priv, seq_num, local_rx_pd->priority,
259 					 ta, (u8) rx_pkt_type, skb);
260 
261 	if (ret || (rx_pkt_type == PKT_TYPE_BAR))
262 		dev_kfree_skb_any(skb);
263 
264 	if (ret)
265 		priv->stats.rx_dropped++;
266 
267 	return ret;
268 }
269