1 /*
2 * Marvell Wireless LAN device driver: AP TX and RX data handling
3 *
4 * Copyright (C) 2012-2014, Marvell International Ltd.
5 *
6 * This software file (the "File") is distributed by Marvell International
7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
13 *
14 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
16 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
17 * this warranty disclaimer.
18 */
19
20 #include "decl.h"
21 #include "ioctl.h"
22 #include "main.h"
23 #include "wmm.h"
24 #include "11n_aggr.h"
25 #include "11n_rxreorder.h"
26
27 /* This function checks if particular RA list has packets more than low bridge
28 * packet threshold and then deletes packet from this RA list.
29 * Function deletes packets from such RA list and returns true. If no such list
30 * is found, false is returned.
31 */
32 static bool
mwifiex_uap_del_tx_pkts_in_ralist(struct mwifiex_private * priv,struct list_head * ra_list_head)33 mwifiex_uap_del_tx_pkts_in_ralist(struct mwifiex_private *priv,
34 struct list_head *ra_list_head)
35 {
36 struct mwifiex_ra_list_tbl *ra_list;
37 struct sk_buff *skb, *tmp;
38 bool pkt_deleted = false;
39 struct mwifiex_txinfo *tx_info;
40 struct mwifiex_adapter *adapter = priv->adapter;
41
42 list_for_each_entry(ra_list, ra_list_head, list) {
43 if (skb_queue_empty(&ra_list->skb_head))
44 continue;
45
46 skb_queue_walk_safe(&ra_list->skb_head, skb, tmp) {
47 tx_info = MWIFIEX_SKB_TXCB(skb);
48 if (tx_info->flags & MWIFIEX_BUF_FLAG_BRIDGED_PKT) {
49 __skb_unlink(skb, &ra_list->skb_head);
50 mwifiex_write_data_complete(adapter, skb, 0,
51 -1);
52 atomic_dec(&priv->wmm.tx_pkts_queued);
53 pkt_deleted = true;
54 }
55 if ((atomic_read(&adapter->pending_bridged_pkts) <=
56 MWIFIEX_BRIDGED_PKTS_THR_LOW))
57 break;
58 }
59 }
60
61 return pkt_deleted;
62 }
63
64 /* This function deletes packets from particular RA List. RA list index
65 * from which packets are deleted is preserved so that packets from next RA
66 * list are deleted upon subsequent call thus maintaining fairness.
67 */
mwifiex_uap_cleanup_tx_queues(struct mwifiex_private * priv)68 static void mwifiex_uap_cleanup_tx_queues(struct mwifiex_private *priv)
69 {
70 unsigned long flags;
71 struct list_head *ra_list;
72 int i;
73
74 spin_lock_irqsave(&priv->wmm.ra_list_spinlock, flags);
75
76 for (i = 0; i < MAX_NUM_TID; i++, priv->del_list_idx++) {
77 if (priv->del_list_idx == MAX_NUM_TID)
78 priv->del_list_idx = 0;
79 ra_list = &priv->wmm.tid_tbl_ptr[priv->del_list_idx].ra_list;
80 if (mwifiex_uap_del_tx_pkts_in_ralist(priv, ra_list)) {
81 priv->del_list_idx++;
82 break;
83 }
84 }
85
86 spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock, flags);
87 }
88
89
mwifiex_uap_queue_bridged_pkt(struct mwifiex_private * priv,struct sk_buff * skb)90 static void mwifiex_uap_queue_bridged_pkt(struct mwifiex_private *priv,
91 struct sk_buff *skb)
92 {
93 struct mwifiex_adapter *adapter = priv->adapter;
94 struct uap_rxpd *uap_rx_pd;
95 struct rx_packet_hdr *rx_pkt_hdr;
96 struct sk_buff *new_skb;
97 struct mwifiex_txinfo *tx_info;
98 int hdr_chop;
99 struct ethhdr *p_ethhdr;
100
101 uap_rx_pd = (struct uap_rxpd *)(skb->data);
102 rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset);
103
104 if ((atomic_read(&adapter->pending_bridged_pkts) >=
105 MWIFIEX_BRIDGED_PKTS_THR_HIGH)) {
106 dev_err(priv->adapter->dev,
107 "Tx: Bridge packet limit reached. Drop packet!\n");
108 kfree_skb(skb);
109 mwifiex_uap_cleanup_tx_queues(priv);
110 return;
111 }
112
113 if ((!memcmp(&rx_pkt_hdr->rfc1042_hdr, bridge_tunnel_header,
114 sizeof(bridge_tunnel_header))) ||
115 (!memcmp(&rx_pkt_hdr->rfc1042_hdr, rfc1042_header,
116 sizeof(rfc1042_header)) &&
117 ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_AARP &&
118 ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_IPX)) {
119 /* Replace the 803 header and rfc1042 header (llc/snap) with
120 * an Ethernet II header, keep the src/dst and snap_type
121 * (ethertype).
122 *
123 * The firmware only passes up SNAP frames converting all RX
124 * data from 802.11 to 802.2/LLC/SNAP frames.
125 *
126 * To create the Ethernet II, just move the src, dst address
127 * right before the snap_type.
128 */
129 p_ethhdr = (struct ethhdr *)
130 ((u8 *)(&rx_pkt_hdr->eth803_hdr)
131 + sizeof(rx_pkt_hdr->eth803_hdr)
132 + sizeof(rx_pkt_hdr->rfc1042_hdr)
133 - sizeof(rx_pkt_hdr->eth803_hdr.h_dest)
134 - sizeof(rx_pkt_hdr->eth803_hdr.h_source)
135 - sizeof(rx_pkt_hdr->rfc1042_hdr.snap_type));
136 memcpy(p_ethhdr->h_source, rx_pkt_hdr->eth803_hdr.h_source,
137 sizeof(p_ethhdr->h_source));
138 memcpy(p_ethhdr->h_dest, rx_pkt_hdr->eth803_hdr.h_dest,
139 sizeof(p_ethhdr->h_dest));
140 /* Chop off the rxpd + the excess memory from
141 * 802.2/llc/snap header that was removed.
142 */
143 hdr_chop = (u8 *)p_ethhdr - (u8 *)uap_rx_pd;
144 } else {
145 /* Chop off the rxpd */
146 hdr_chop = (u8 *)&rx_pkt_hdr->eth803_hdr - (u8 *)uap_rx_pd;
147 }
148
149 /* Chop off the leading header bytes so that it points
150 * to the start of either the reconstructed EthII frame
151 * or the 802.2/llc/snap frame.
152 */
153 skb_pull(skb, hdr_chop);
154
155 if (skb_headroom(skb) < MWIFIEX_MIN_DATA_HEADER_LEN) {
156 dev_dbg(priv->adapter->dev,
157 "data: Tx: insufficient skb headroom %d\n",
158 skb_headroom(skb));
159 /* Insufficient skb headroom - allocate a new skb */
160 new_skb =
161 skb_realloc_headroom(skb, MWIFIEX_MIN_DATA_HEADER_LEN);
162 if (unlikely(!new_skb)) {
163 dev_err(priv->adapter->dev,
164 "Tx: cannot allocate new_skb\n");
165 kfree_skb(skb);
166 priv->stats.tx_dropped++;
167 return;
168 }
169
170 kfree_skb(skb);
171 skb = new_skb;
172 dev_dbg(priv->adapter->dev, "info: new skb headroom %d\n",
173 skb_headroom(skb));
174 }
175
176 tx_info = MWIFIEX_SKB_TXCB(skb);
177 memset(tx_info, 0, sizeof(*tx_info));
178 tx_info->bss_num = priv->bss_num;
179 tx_info->bss_type = priv->bss_type;
180 tx_info->flags |= MWIFIEX_BUF_FLAG_BRIDGED_PKT;
181
182 if (is_unicast_ether_addr(rx_pkt_hdr->eth803_hdr.h_dest)) {
183 /* Update bridge packet statistics as the
184 * packet is not going to kernel/upper layer.
185 */
186 priv->stats.rx_bytes += skb->len;
187 priv->stats.rx_packets++;
188
189 /* Sending bridge packet to TX queue, so save the packet
190 * length in TXCB to update statistics in TX complete.
191 */
192 tx_info->pkt_len = skb->len;
193 }
194
195 __net_timestamp(skb);
196 mwifiex_wmm_add_buf_txqueue(priv, skb);
197 atomic_inc(&adapter->tx_pending);
198 atomic_inc(&adapter->pending_bridged_pkts);
199
200 return;
201 }
202
203 /*
204 * This function contains logic for AP packet forwarding.
205 *
206 * If a packet is multicast/broadcast, it is sent to kernel/upper layer
207 * as well as queued back to AP TX queue so that it can be sent to other
208 * associated stations.
209 * If a packet is unicast and RA is present in associated station list,
210 * it is again requeued into AP TX queue.
211 * If a packet is unicast and RA is not in associated station list,
212 * packet is forwarded to kernel to handle routing logic.
213 */
mwifiex_handle_uap_rx_forward(struct mwifiex_private * priv,struct sk_buff * skb)214 int mwifiex_handle_uap_rx_forward(struct mwifiex_private *priv,
215 struct sk_buff *skb)
216 {
217 struct mwifiex_adapter *adapter = priv->adapter;
218 struct uap_rxpd *uap_rx_pd;
219 struct rx_packet_hdr *rx_pkt_hdr;
220 u8 ra[ETH_ALEN];
221 struct sk_buff *skb_uap;
222
223 uap_rx_pd = (struct uap_rxpd *)(skb->data);
224 rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset);
225
226 /* don't do packet forwarding in disconnected state */
227 if (!priv->media_connected) {
228 dev_err(adapter->dev, "drop packet in disconnected state.\n");
229 dev_kfree_skb_any(skb);
230 return 0;
231 }
232
233 memcpy(ra, rx_pkt_hdr->eth803_hdr.h_dest, ETH_ALEN);
234
235 if (is_multicast_ether_addr(ra)) {
236 skb_uap = skb_copy(skb, GFP_ATOMIC);
237 mwifiex_uap_queue_bridged_pkt(priv, skb_uap);
238 } else {
239 if (mwifiex_get_sta_entry(priv, ra)) {
240 /* Requeue Intra-BSS packet */
241 mwifiex_uap_queue_bridged_pkt(priv, skb);
242 return 0;
243 }
244 }
245
246 /* Forward unicat/Inter-BSS packets to kernel. */
247 return mwifiex_process_rx_packet(priv, skb);
248 }
249
250 /*
251 * This function processes the packet received on AP interface.
252 *
253 * The function looks into the RxPD and performs sanity tests on the
254 * received buffer to ensure its a valid packet before processing it
255 * further. If the packet is determined to be aggregated, it is
256 * de-aggregated accordingly. Then skb is passed to AP packet forwarding logic.
257 *
258 * The completion callback is called after processing is complete.
259 */
mwifiex_process_uap_rx_packet(struct mwifiex_private * priv,struct sk_buff * skb)260 int mwifiex_process_uap_rx_packet(struct mwifiex_private *priv,
261 struct sk_buff *skb)
262 {
263 struct mwifiex_adapter *adapter = priv->adapter;
264 int ret;
265 struct uap_rxpd *uap_rx_pd;
266 struct rx_packet_hdr *rx_pkt_hdr;
267 u16 rx_pkt_type;
268 u8 ta[ETH_ALEN], pkt_type;
269 unsigned long flags;
270 struct mwifiex_sta_node *node;
271
272 uap_rx_pd = (struct uap_rxpd *)(skb->data);
273 rx_pkt_type = le16_to_cpu(uap_rx_pd->rx_pkt_type);
274 rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset);
275
276 if ((le16_to_cpu(uap_rx_pd->rx_pkt_offset) +
277 le16_to_cpu(uap_rx_pd->rx_pkt_length)) > (u16) skb->len) {
278 dev_err(adapter->dev,
279 "wrong rx packet: len=%d, offset=%d, length=%d\n",
280 skb->len, le16_to_cpu(uap_rx_pd->rx_pkt_offset),
281 le16_to_cpu(uap_rx_pd->rx_pkt_length));
282 priv->stats.rx_dropped++;
283 dev_kfree_skb_any(skb);
284 return 0;
285 }
286
287 if (rx_pkt_type == PKT_TYPE_MGMT) {
288 ret = mwifiex_process_mgmt_packet(priv, skb);
289 if (ret)
290 dev_err(adapter->dev, "Rx of mgmt packet failed");
291 dev_kfree_skb_any(skb);
292 return ret;
293 }
294
295 memcpy(ta, rx_pkt_hdr->eth803_hdr.h_source, ETH_ALEN);
296
297 if (rx_pkt_type != PKT_TYPE_BAR && uap_rx_pd->priority < MAX_NUM_TID) {
298 spin_lock_irqsave(&priv->sta_list_spinlock, flags);
299 node = mwifiex_get_sta_entry(priv, ta);
300 if (node)
301 node->rx_seq[uap_rx_pd->priority] =
302 le16_to_cpu(uap_rx_pd->seq_num);
303 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags);
304 }
305
306 if (!priv->ap_11n_enabled ||
307 (!mwifiex_11n_get_rx_reorder_tbl(priv, uap_rx_pd->priority, ta) &&
308 (le16_to_cpu(uap_rx_pd->rx_pkt_type) != PKT_TYPE_AMSDU))) {
309 ret = mwifiex_handle_uap_rx_forward(priv, skb);
310 return ret;
311 }
312
313 /* Reorder and send to kernel */
314 pkt_type = (u8)le16_to_cpu(uap_rx_pd->rx_pkt_type);
315 ret = mwifiex_11n_rx_reorder_pkt(priv, le16_to_cpu(uap_rx_pd->seq_num),
316 uap_rx_pd->priority, ta, pkt_type,
317 skb);
318
319 if (ret || (rx_pkt_type == PKT_TYPE_BAR))
320 dev_kfree_skb_any(skb);
321
322 if (ret)
323 priv->stats.rx_dropped++;
324
325 return ret;
326 }
327
328 /*
329 * This function fills the TxPD for AP tx packets.
330 *
331 * The Tx buffer received by this function should already have the
332 * header space allocated for TxPD.
333 *
334 * This function inserts the TxPD in between interface header and actual
335 * data and adjusts the buffer pointers accordingly.
336 *
337 * The following TxPD fields are set by this function, as required -
338 * - BSS number
339 * - Tx packet length and offset
340 * - Priority
341 * - Packet delay
342 * - Priority specific Tx control
343 * - Flags
344 */
mwifiex_process_uap_txpd(struct mwifiex_private * priv,struct sk_buff * skb)345 void *mwifiex_process_uap_txpd(struct mwifiex_private *priv,
346 struct sk_buff *skb)
347 {
348 struct mwifiex_adapter *adapter = priv->adapter;
349 struct uap_txpd *txpd;
350 struct mwifiex_txinfo *tx_info = MWIFIEX_SKB_TXCB(skb);
351 int pad;
352 u16 pkt_type, pkt_offset;
353 int hroom = (priv->adapter->iface_type == MWIFIEX_USB) ? 0 :
354 INTF_HEADER_LEN;
355
356 if (!skb->len) {
357 dev_err(adapter->dev, "Tx: bad packet length: %d\n", skb->len);
358 tx_info->status_code = -1;
359 return skb->data;
360 }
361
362 BUG_ON(skb_headroom(skb) < MWIFIEX_MIN_DATA_HEADER_LEN);
363
364 pkt_type = mwifiex_is_skb_mgmt_frame(skb) ? PKT_TYPE_MGMT : 0;
365
366 pad = ((void *)skb->data - (sizeof(*txpd) + hroom) - NULL) &
367 (MWIFIEX_DMA_ALIGN_SZ - 1);
368
369 skb_push(skb, sizeof(*txpd) + pad);
370
371 txpd = (struct uap_txpd *)skb->data;
372 memset(txpd, 0, sizeof(*txpd));
373 txpd->bss_num = priv->bss_num;
374 txpd->bss_type = priv->bss_type;
375 txpd->tx_pkt_length = cpu_to_le16((u16)(skb->len - (sizeof(*txpd) +
376 pad)));
377 txpd->priority = (u8)skb->priority;
378
379 txpd->pkt_delay_2ms = mwifiex_wmm_compute_drv_pkt_delay(priv, skb);
380
381 if (tx_info->flags & MWIFIEX_BUF_FLAG_EAPOL_TX_STATUS ||
382 tx_info->flags & MWIFIEX_BUF_FLAG_ACTION_TX_STATUS) {
383 txpd->tx_token_id = tx_info->ack_frame_id;
384 txpd->flags |= MWIFIEX_TXPD_FLAGS_REQ_TX_STATUS;
385 }
386
387 if (txpd->priority < ARRAY_SIZE(priv->wmm.user_pri_pkt_tx_ctrl))
388 /*
389 * Set the priority specific tx_control field, setting of 0 will
390 * cause the default value to be used later in this function.
391 */
392 txpd->tx_control =
393 cpu_to_le32(priv->wmm.user_pri_pkt_tx_ctrl[txpd->priority]);
394
395 /* Offset of actual data */
396 pkt_offset = sizeof(*txpd) + pad;
397 if (pkt_type == PKT_TYPE_MGMT) {
398 /* Set the packet type and add header for management frame */
399 txpd->tx_pkt_type = cpu_to_le16(pkt_type);
400 pkt_offset += MWIFIEX_MGMT_FRAME_HEADER_SIZE;
401 }
402
403 txpd->tx_pkt_offset = cpu_to_le16(pkt_offset);
404
405 /* make space for INTF_HEADER_LEN */
406 skb_push(skb, hroom);
407
408 if (!txpd->tx_control)
409 /* TxCtrl set by user or default */
410 txpd->tx_control = cpu_to_le32(priv->pkt_tx_ctrl);
411
412 return skb->data;
413 }
414