1/*
2 * NXP Wireless LAN device driver: station RX data handling
3 *
4 * Copyright 2011-2020 NXP
5 *
6 * This software file (the "File") is distributed by NXP
7 * under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License").  You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
13 *
14 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
16 * ARE EXPRESSLY DISCLAIMED.  The License provides additional details about
17 * this warranty disclaimer.
18 */
19
20#include <uapi/linux/ipv6.h>
21#include <net/ndisc.h>
22#include "decl.h"
23#include "ioctl.h"
24#include "util.h"
25#include "fw.h"
26#include "main.h"
27#include "11n_aggr.h"
28#include "11n_rxreorder.h"
29
30/* This function checks if a frame is IPv4 ARP or IPv6 Neighbour advertisement
31 * frame. If frame has both source and destination mac address as same, this
32 * function drops such gratuitous frames.
33 */
34static bool
35mwifiex_discard_gratuitous_arp(struct mwifiex_private *priv,
36			       struct sk_buff *skb)
37{
38	const struct mwifiex_arp_eth_header *arp;
39	struct ethhdr *eth;
40	struct ipv6hdr *ipv6;
41	struct icmp6hdr *icmpv6;
42
43	eth = (struct ethhdr *)skb->data;
44	switch (ntohs(eth->h_proto)) {
45	case ETH_P_ARP:
46		arp = (void *)(skb->data + sizeof(struct ethhdr));
47		if (arp->hdr.ar_op == htons(ARPOP_REPLY) ||
48		    arp->hdr.ar_op == htons(ARPOP_REQUEST)) {
49			if (!memcmp(arp->ar_sip, arp->ar_tip, 4))
50				return true;
51		}
52		break;
53	case ETH_P_IPV6:
54		ipv6 = (void *)(skb->data + sizeof(struct ethhdr));
55		icmpv6 = (void *)(skb->data + sizeof(struct ethhdr) +
56				  sizeof(struct ipv6hdr));
57		if (NDISC_NEIGHBOUR_ADVERTISEMENT == icmpv6->icmp6_type) {
58			if (!memcmp(&ipv6->saddr, &ipv6->daddr,
59				    sizeof(struct in6_addr)))
60				return true;
61		}
62		break;
63	default:
64		break;
65	}
66
67	return false;
68}
69
70/*
71 * This function processes the received packet and forwards it
72 * to kernel/upper layer.
73 *
74 * This function parses through the received packet and determines
75 * if it is a debug packet or normal packet.
76 *
77 * For non-debug packets, the function chops off unnecessary leading
78 * header bytes, reconstructs the packet as an ethernet frame or
79 * 802.2/llc/snap frame as required, and sends it to kernel/upper layer.
80 *
81 * The completion callback is called after processing in complete.
82 */
83int mwifiex_process_rx_packet(struct mwifiex_private *priv,
84			      struct sk_buff *skb)
85{
86	int ret;
87	struct rx_packet_hdr *rx_pkt_hdr;
88	struct rxpd *local_rx_pd;
89	int hdr_chop;
90	struct ethhdr *eth;
91	u16 rx_pkt_off, rx_pkt_len;
92	u8 *offset;
93	u8 adj_rx_rate = 0;
94
95	local_rx_pd = (struct rxpd *) (skb->data);
96
97	rx_pkt_off = le16_to_cpu(local_rx_pd->rx_pkt_offset);
98	rx_pkt_len = le16_to_cpu(local_rx_pd->rx_pkt_length);
99	rx_pkt_hdr = (void *)local_rx_pd + rx_pkt_off;
100
101	if (sizeof(rx_pkt_hdr->eth803_hdr) + sizeof(rfc1042_header) +
102	    rx_pkt_off > skb->len) {
103		mwifiex_dbg(priv->adapter, ERROR,
104			    "wrong rx packet offset: len=%d, rx_pkt_off=%d\n",
105			    skb->len, rx_pkt_off);
106		priv->stats.rx_dropped++;
107		dev_kfree_skb_any(skb);
108		return -1;
109	}
110
111	if (sizeof(*rx_pkt_hdr) + rx_pkt_off <= skb->len &&
112	    ((!memcmp(&rx_pkt_hdr->rfc1042_hdr, bridge_tunnel_header,
113		      sizeof(bridge_tunnel_header))) ||
114	     (!memcmp(&rx_pkt_hdr->rfc1042_hdr, rfc1042_header,
115		      sizeof(rfc1042_header)) &&
116	      ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_AARP &&
117	      ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_IPX))) {
118		/*
119		 *  Replace the 803 header and rfc1042 header (llc/snap) with an
120		 *    EthernetII header, keep the src/dst and snap_type
121		 *    (ethertype).
122		 *  The firmware only passes up SNAP frames converting
123		 *    all RX Data from 802.11 to 802.2/LLC/SNAP frames.
124		 *  To create the Ethernet II, just move the src, dst address
125		 *    right before the snap_type.
126		 */
127		eth = (struct ethhdr *)
128			((u8 *) &rx_pkt_hdr->eth803_hdr
129			 + sizeof(rx_pkt_hdr->eth803_hdr) +
130			 sizeof(rx_pkt_hdr->rfc1042_hdr)
131			 - sizeof(rx_pkt_hdr->eth803_hdr.h_dest)
132			 - sizeof(rx_pkt_hdr->eth803_hdr.h_source)
133			 - sizeof(rx_pkt_hdr->rfc1042_hdr.snap_type));
134
135		memcpy(eth->h_source, rx_pkt_hdr->eth803_hdr.h_source,
136		       sizeof(eth->h_source));
137		memcpy(eth->h_dest, rx_pkt_hdr->eth803_hdr.h_dest,
138		       sizeof(eth->h_dest));
139
140		/* Chop off the rxpd + the excess memory from the 802.2/llc/snap
141		   header that was removed. */
142		hdr_chop = (u8 *) eth - (u8 *) local_rx_pd;
143	} else {
144		/* Chop off the rxpd */
145		hdr_chop = (u8 *) &rx_pkt_hdr->eth803_hdr -
146			(u8 *) local_rx_pd;
147	}
148
149	/* Chop off the leading header bytes so the it points to the start of
150	   either the reconstructed EthII frame or the 802.2/llc/snap frame */
151	skb_pull(skb, hdr_chop);
152
153	if (priv->hs2_enabled &&
154	    mwifiex_discard_gratuitous_arp(priv, skb)) {
155		mwifiex_dbg(priv->adapter, INFO, "Bypassed Gratuitous ARP\n");
156		dev_kfree_skb_any(skb);
157		return 0;
158	}
159
160	if (ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
161	    ntohs(rx_pkt_hdr->eth803_hdr.h_proto) == ETH_P_TDLS) {
162		offset = (u8 *)local_rx_pd + rx_pkt_off;
163		mwifiex_process_tdls_action_frame(priv, offset, rx_pkt_len);
164	}
165
166	/* Only stash RX bitrate for unicast packets. */
167	if (likely(!is_multicast_ether_addr(rx_pkt_hdr->eth803_hdr.h_dest))) {
168		priv->rxpd_rate = local_rx_pd->rx_rate;
169		priv->rxpd_htinfo = local_rx_pd->ht_info;
170	}
171
172	if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA ||
173	    GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP) {
174		adj_rx_rate = mwifiex_adjust_data_rate(priv,
175						       local_rx_pd->rx_rate,
176						       local_rx_pd->ht_info);
177		mwifiex_hist_data_add(priv, adj_rx_rate, local_rx_pd->snr,
178				      local_rx_pd->nf);
179	}
180
181	ret = mwifiex_recv_packet(priv, skb);
182	if (ret == -1)
183		mwifiex_dbg(priv->adapter, ERROR,
184			    "recv packet failed\n");
185
186	return ret;
187}
188
189/*
190 * This function processes the received buffer.
191 *
192 * The function looks into the RxPD and performs sanity tests on the
193 * received buffer to ensure its a valid packet, before processing it
194 * further. If the packet is determined to be aggregated, it is
195 * de-aggregated accordingly. Non-unicast packets are sent directly to
196 * the kernel/upper layers. Unicast packets are handed over to the
197 * Rx reordering routine if 11n is enabled.
198 *
199 * The completion callback is called after processing in complete.
200 */
201int mwifiex_process_sta_rx_packet(struct mwifiex_private *priv,
202				  struct sk_buff *skb)
203{
204	struct mwifiex_adapter *adapter = priv->adapter;
205	int ret = 0;
206	struct rxpd *local_rx_pd;
207	struct rx_packet_hdr *rx_pkt_hdr;
208	u8 ta[ETH_ALEN];
209	u16 rx_pkt_type, rx_pkt_offset, rx_pkt_length, seq_num;
210	struct mwifiex_sta_node *sta_ptr;
211
212	local_rx_pd = (struct rxpd *) (skb->data);
213	rx_pkt_type = le16_to_cpu(local_rx_pd->rx_pkt_type);
214	rx_pkt_offset = le16_to_cpu(local_rx_pd->rx_pkt_offset);
215	rx_pkt_length = le16_to_cpu(local_rx_pd->rx_pkt_length);
216	seq_num = le16_to_cpu(local_rx_pd->seq_num);
217
218	rx_pkt_hdr = (void *)local_rx_pd + rx_pkt_offset;
219
220	if ((rx_pkt_offset + rx_pkt_length) > skb->len ||
221	    sizeof(rx_pkt_hdr->eth803_hdr) + rx_pkt_offset > skb->len) {
222		mwifiex_dbg(adapter, ERROR,
223			    "wrong rx packet: len=%d, rx_pkt_offset=%d, rx_pkt_length=%d\n",
224			    skb->len, rx_pkt_offset, rx_pkt_length);
225		priv->stats.rx_dropped++;
226		dev_kfree_skb_any(skb);
227		return ret;
228	}
229
230	if (rx_pkt_type == PKT_TYPE_MGMT) {
231		ret = mwifiex_process_mgmt_packet(priv, skb);
232		if (ret)
233			mwifiex_dbg(adapter, DATA, "Rx of mgmt packet failed");
234		dev_kfree_skb_any(skb);
235		return ret;
236	}
237
238	/*
239	 * If the packet is not an unicast packet then send the packet
240	 * directly to os. Don't pass thru rx reordering
241	 */
242	if ((!IS_11N_ENABLED(priv) &&
243	     !(ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
244	       !(local_rx_pd->flags & MWIFIEX_RXPD_FLAGS_TDLS_PACKET))) ||
245	    !ether_addr_equal_unaligned(priv->curr_addr, rx_pkt_hdr->eth803_hdr.h_dest)) {
246		mwifiex_process_rx_packet(priv, skb);
247		return ret;
248	}
249
250	if (mwifiex_queuing_ra_based(priv) ||
251	    (ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) &&
252	     local_rx_pd->flags & MWIFIEX_RXPD_FLAGS_TDLS_PACKET)) {
253		memcpy(ta, rx_pkt_hdr->eth803_hdr.h_source, ETH_ALEN);
254		if (local_rx_pd->flags & MWIFIEX_RXPD_FLAGS_TDLS_PACKET &&
255		    local_rx_pd->priority < MAX_NUM_TID) {
256			sta_ptr = mwifiex_get_sta_entry(priv, ta);
257			if (sta_ptr)
258				sta_ptr->rx_seq[local_rx_pd->priority] =
259					      le16_to_cpu(local_rx_pd->seq_num);
260			mwifiex_auto_tdls_update_peer_signal(priv, ta,
261							     local_rx_pd->snr,
262							     local_rx_pd->nf);
263		}
264	} else {
265		if (rx_pkt_type != PKT_TYPE_BAR &&
266		    local_rx_pd->priority < MAX_NUM_TID)
267			priv->rx_seq[local_rx_pd->priority] = seq_num;
268		memcpy(ta, priv->curr_bss_params.bss_descriptor.mac_address,
269		       ETH_ALEN);
270	}
271
272	/* Reorder and send to OS */
273	ret = mwifiex_11n_rx_reorder_pkt(priv, seq_num, local_rx_pd->priority,
274					 ta, (u8) rx_pkt_type, skb);
275
276	if (ret || (rx_pkt_type == PKT_TYPE_BAR))
277		dev_kfree_skb_any(skb);
278
279	if (ret)
280		priv->stats.rx_dropped++;
281
282	return ret;
283}
284