1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * NXP Wireless LAN device driver: station RX data handling
4  *
5  * Copyright 2011-2020 NXP
6  */
7 
8 #include <uapi/linux/ipv6.h>
9 #include <net/ndisc.h>
10 #include "decl.h"
11 #include "ioctl.h"
12 #include "util.h"
13 #include "fw.h"
14 #include "main.h"
15 #include "11n_aggr.h"
16 #include "11n_rxreorder.h"
17 
18 /* This function checks if a frame is IPv4 ARP or IPv6 Neighbour advertisement
19  * frame. If frame has both source and destination mac address as same, this
20  * function drops such gratuitous frames.
21  */
22 static bool
23 mwifiex_discard_gratuitous_arp(struct mwifiex_private *priv,
24 			       struct sk_buff *skb)
25 {
26 	const struct mwifiex_arp_eth_header *arp;
27 	struct ethhdr *eth;
28 	struct ipv6hdr *ipv6;
29 	struct icmp6hdr *icmpv6;
30 
31 	eth = (struct ethhdr *)skb->data;
32 	switch (ntohs(eth->h_proto)) {
33 	case ETH_P_ARP:
34 		arp = (void *)(skb->data + sizeof(struct ethhdr));
35 		if (arp->hdr.ar_op == htons(ARPOP_REPLY) ||
36 		    arp->hdr.ar_op == htons(ARPOP_REQUEST)) {
37 			if (!memcmp(arp->ar_sip, arp->ar_tip, 4))
38 				return true;
39 		}
40 		break;
41 	case ETH_P_IPV6:
42 		ipv6 = (void *)(skb->data + sizeof(struct ethhdr));
43 		icmpv6 = (void *)(skb->data + sizeof(struct ethhdr) +
44 				  sizeof(struct ipv6hdr));
45 		if (NDISC_NEIGHBOUR_ADVERTISEMENT == icmpv6->icmp6_type) {
46 			if (!memcmp(&ipv6->saddr, &ipv6->daddr,
47 				    sizeof(struct in6_addr)))
48 				return true;
49 		}
50 		break;
51 	default:
52 		break;
53 	}
54 
55 	return false;
56 }
57 
58 /*
59  * This function processes the received packet and forwards it
60  * to kernel/upper layer.
61  *
62  * This function parses through the received packet and determines
63  * if it is a debug packet or normal packet.
64  *
65  * For non-debug packets, the function chops off unnecessary leading
66  * header bytes, reconstructs the packet as an ethernet frame or
67  * 802.2/llc/snap frame as required, and sends it to kernel/upper layer.
68  *
69  * The completion callback is called after processing in complete.
70  */
71 int mwifiex_process_rx_packet(struct mwifiex_private *priv,
72 			      struct sk_buff *skb)
73 {
74 	int ret;
75 	struct rx_packet_hdr *rx_pkt_hdr;
76 	struct rxpd *local_rx_pd;
77 	int hdr_chop;
78 	struct ethhdr *eth;
79 	u16 rx_pkt_off, rx_pkt_len;
80 	u8 *offset;
81 	u8 adj_rx_rate = 0;
82 
83 	local_rx_pd = (struct rxpd *) (skb->data);
84 
85 	rx_pkt_off = le16_to_cpu(local_rx_pd->rx_pkt_offset);
86 	rx_pkt_len = le16_to_cpu(local_rx_pd->rx_pkt_length);
87 	rx_pkt_hdr = (void *)local_rx_pd + rx_pkt_off;
88 
89 	if (sizeof(*rx_pkt_hdr) + rx_pkt_off > skb->len) {
90 		mwifiex_dbg(priv->adapter, ERROR,
91 			    "wrong rx packet offset: len=%d, rx_pkt_off=%d\n",
92 			    skb->len, rx_pkt_off);
93 		priv->stats.rx_dropped++;
94 		dev_kfree_skb_any(skb);
95 		return -1;
96 	}
97 
98 	if ((!memcmp(&rx_pkt_hdr->rfc1042_hdr, bridge_tunnel_header,
99 		     sizeof(bridge_tunnel_header))) ||
100 	    (!memcmp(&rx_pkt_hdr->rfc1042_hdr, rfc1042_header,
101 		     sizeof(rfc1042_header)) &&
102 	     ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_AARP &&
103 	     ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_IPX)) {
104 		/*
105 		 *  Replace the 803 header and rfc1042 header (llc/snap) with an
106 		 *    EthernetII header, keep the src/dst and snap_type
107 		 *    (ethertype).
108 		 *  The firmware only passes up SNAP frames converting
109 		 *    all RX Data from 802.11 to 802.2/LLC/SNAP frames.
110 		 *  To create the Ethernet II, just move the src, dst address
111 		 *    right before the snap_type.
112 		 */
113 		eth = (struct ethhdr *)
114 			((u8 *) &rx_pkt_hdr->eth803_hdr
115 			 + sizeof(rx_pkt_hdr->eth803_hdr) +
116 			 sizeof(rx_pkt_hdr->rfc1042_hdr)
117 			 - sizeof(rx_pkt_hdr->eth803_hdr.h_dest)
118 			 - sizeof(rx_pkt_hdr->eth803_hdr.h_source)
119 			 - sizeof(rx_pkt_hdr->rfc1042_hdr.snap_type));
120 
121 		memcpy(eth->h_source, rx_pkt_hdr->eth803_hdr.h_source,
122 		       sizeof(eth->h_source));
123 		memcpy(eth->h_dest, rx_pkt_hdr->eth803_hdr.h_dest,
124 		       sizeof(eth->h_dest));
125 
126 		/* Chop off the rxpd + the excess memory from the 802.2/llc/snap
127 		   header that was removed. */
128 		hdr_chop = (u8 *) eth - (u8 *) local_rx_pd;
129 	} else {
130 		/* Chop off the rxpd */
131 		hdr_chop = (u8 *) &rx_pkt_hdr->eth803_hdr -
132 			(u8 *) local_rx_pd;
133 	}
134 
135 	/* Chop off the leading header bytes so the it points to the start of
136 	   either the reconstructed EthII frame or the 802.2/llc/snap frame */
137 	skb_pull(skb, hdr_chop);
138 
139 	if (priv->hs2_enabled &&
140 	    mwifiex_discard_gratuitous_arp(priv, skb)) {
141 		mwifiex_dbg(priv->adapter, INFO, "Bypassed Gratuitous ARP\n");
142 		dev_kfree_skb_any(skb);
143 		return 0;
144 	}
145 
146 	if (ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
147 	    ntohs(rx_pkt_hdr->eth803_hdr.h_proto) == ETH_P_TDLS) {
148 		offset = (u8 *)local_rx_pd + rx_pkt_off;
149 		mwifiex_process_tdls_action_frame(priv, offset, rx_pkt_len);
150 	}
151 
152 	/* Only stash RX bitrate for unicast packets. */
153 	if (likely(!is_multicast_ether_addr(rx_pkt_hdr->eth803_hdr.h_dest))) {
154 		priv->rxpd_rate = local_rx_pd->rx_rate;
155 		priv->rxpd_htinfo = local_rx_pd->ht_info;
156 	}
157 
158 	if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA ||
159 	    GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP) {
160 		adj_rx_rate = mwifiex_adjust_data_rate(priv,
161 						       local_rx_pd->rx_rate,
162 						       local_rx_pd->ht_info);
163 		mwifiex_hist_data_add(priv, adj_rx_rate, local_rx_pd->snr,
164 				      local_rx_pd->nf);
165 	}
166 
167 	ret = mwifiex_recv_packet(priv, skb);
168 	if (ret == -1)
169 		mwifiex_dbg(priv->adapter, ERROR,
170 			    "recv packet failed\n");
171 
172 	return ret;
173 }
174 
175 /*
176  * This function processes the received buffer.
177  *
178  * The function looks into the RxPD and performs sanity tests on the
179  * received buffer to ensure its a valid packet, before processing it
180  * further. If the packet is determined to be aggregated, it is
181  * de-aggregated accordingly. Non-unicast packets are sent directly to
182  * the kernel/upper layers. Unicast packets are handed over to the
183  * Rx reordering routine if 11n is enabled.
184  *
185  * The completion callback is called after processing in complete.
186  */
187 int mwifiex_process_sta_rx_packet(struct mwifiex_private *priv,
188 				  struct sk_buff *skb)
189 {
190 	struct mwifiex_adapter *adapter = priv->adapter;
191 	int ret = 0;
192 	struct rxpd *local_rx_pd;
193 	struct rx_packet_hdr *rx_pkt_hdr;
194 	u8 ta[ETH_ALEN];
195 	u16 rx_pkt_type, rx_pkt_offset, rx_pkt_length, seq_num;
196 	struct mwifiex_sta_node *sta_ptr;
197 
198 	local_rx_pd = (struct rxpd *) (skb->data);
199 	rx_pkt_type = le16_to_cpu(local_rx_pd->rx_pkt_type);
200 	rx_pkt_offset = le16_to_cpu(local_rx_pd->rx_pkt_offset);
201 	rx_pkt_length = le16_to_cpu(local_rx_pd->rx_pkt_length);
202 	seq_num = le16_to_cpu(local_rx_pd->seq_num);
203 
204 	rx_pkt_hdr = (void *)local_rx_pd + rx_pkt_offset;
205 
206 	if ((rx_pkt_offset + rx_pkt_length) > skb->len ||
207 	    sizeof(rx_pkt_hdr->eth803_hdr) + rx_pkt_offset > skb->len) {
208 		mwifiex_dbg(adapter, ERROR,
209 			    "wrong rx packet: len=%d, rx_pkt_offset=%d, rx_pkt_length=%d\n",
210 			    skb->len, rx_pkt_offset, rx_pkt_length);
211 		priv->stats.rx_dropped++;
212 		dev_kfree_skb_any(skb);
213 		return ret;
214 	}
215 
216 	if (rx_pkt_type == PKT_TYPE_MGMT) {
217 		ret = mwifiex_process_mgmt_packet(priv, skb);
218 		if (ret)
219 			mwifiex_dbg(adapter, DATA, "Rx of mgmt packet failed");
220 		dev_kfree_skb_any(skb);
221 		return ret;
222 	}
223 
224 	/*
225 	 * If the packet is not an unicast packet then send the packet
226 	 * directly to os. Don't pass thru rx reordering
227 	 */
228 	if ((!IS_11N_ENABLED(priv) &&
229 	     !(ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
230 	       !(local_rx_pd->flags & MWIFIEX_RXPD_FLAGS_TDLS_PACKET))) ||
231 	    !ether_addr_equal_unaligned(priv->curr_addr, rx_pkt_hdr->eth803_hdr.h_dest)) {
232 		mwifiex_process_rx_packet(priv, skb);
233 		return ret;
234 	}
235 
236 	if (mwifiex_queuing_ra_based(priv) ||
237 	    (ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
238 	     local_rx_pd->flags & MWIFIEX_RXPD_FLAGS_TDLS_PACKET)) {
239 		memcpy(ta, rx_pkt_hdr->eth803_hdr.h_source, ETH_ALEN);
240 		if (local_rx_pd->flags & MWIFIEX_RXPD_FLAGS_TDLS_PACKET &&
241 		    local_rx_pd->priority < MAX_NUM_TID) {
242 			sta_ptr = mwifiex_get_sta_entry(priv, ta);
243 			if (sta_ptr)
244 				sta_ptr->rx_seq[local_rx_pd->priority] =
245 					      le16_to_cpu(local_rx_pd->seq_num);
246 			mwifiex_auto_tdls_update_peer_signal(priv, ta,
247 							     local_rx_pd->snr,
248 							     local_rx_pd->nf);
249 		}
250 	} else {
251 		if (rx_pkt_type != PKT_TYPE_BAR &&
252 		    local_rx_pd->priority < MAX_NUM_TID)
253 			priv->rx_seq[local_rx_pd->priority] = seq_num;
254 		memcpy(ta, priv->curr_bss_params.bss_descriptor.mac_address,
255 		       ETH_ALEN);
256 	}
257 
258 	/* Reorder and send to OS */
259 	ret = mwifiex_11n_rx_reorder_pkt(priv, seq_num, local_rx_pd->priority,
260 					 ta, (u8) rx_pkt_type, skb);
261 
262 	if (ret || (rx_pkt_type == PKT_TYPE_BAR))
263 		dev_kfree_skb_any(skb);
264 
265 	if (ret)
266 		priv->stats.rx_dropped++;
267 
268 	return ret;
269 }
270