1 // SPDX-License-Identifier: GPL-2.0-only 2 /****************************************************************************** 3 4 Copyright(c) 2003 - 2005 Intel Corporation. All rights reserved. 5 6 7 Contact Information: 8 Intel Linux Wireless <ilw@linux.intel.com> 9 Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 10 11 ******************************************************************************/ 12 #include <linux/compiler.h> 13 #include <linux/errno.h> 14 #include <linux/if_arp.h> 15 #include <linux/in6.h> 16 #include <linux/in.h> 17 #include <linux/ip.h> 18 #include <linux/kernel.h> 19 #include <linux/module.h> 20 #include <linux/netdevice.h> 21 #include <linux/proc_fs.h> 22 #include <linux/skbuff.h> 23 #include <linux/slab.h> 24 #include <linux/tcp.h> 25 #include <linux/types.h> 26 #include <linux/wireless.h> 27 #include <linux/etherdevice.h> 28 #include <linux/uaccess.h> 29 30 #include "libipw.h" 31 32 /* 33 34 802.11 Data Frame 35 36 ,-------------------------------------------------------------------. 37 Bytes | 2 | 2 | 6 | 6 | 6 | 2 | 0..2312 | 4 | 38 |------|------|---------|---------|---------|------|---------|------| 39 Desc. | ctrl | dura | DA/RA | TA | SA | Sequ | Frame | fcs | 40 | | tion | (BSSID) | | | ence | data | | 41 `--------------------------------------------------| |------' 42 Total: 28 non-data bytes `----.----' 43 | 44 .- 'Frame data' expands, if WEP enabled, to <----------' 45 | 46 V 47 ,-----------------------. 48 Bytes | 4 | 0-2296 | 4 | 49 |-----|-----------|-----| 50 Desc. | IV | Encrypted | ICV | 51 | | Packet | | 52 `-----| |-----' 53 `-----.-----' 54 | 55 .- 'Encrypted Packet' expands to 56 | 57 V 58 ,---------------------------------------------------. 59 Bytes | 1 | 1 | 1 | 3 | 2 | 0-2304 | 60 |------|------|---------|----------|------|---------| 61 Desc. | SNAP | SNAP | Control |Eth Tunnel| Type | IP | 62 | DSAP | SSAP | | | | Packet | 63 | 0xAA | 0xAA |0x03 (UI)|0x00-00-F8| | | 64 `---------------------------------------------------- 65 Total: 8 non-data bytes 66 67 802.3 Ethernet Data Frame 68 69 ,-----------------------------------------. 70 Bytes | 6 | 6 | 2 | Variable | 4 | 71 |-------|-------|------|-----------|------| 72 Desc. | Dest. | Source| Type | IP Packet | fcs | 73 | MAC | MAC | | | | 74 `-----------------------------------------' 75 Total: 18 non-data bytes 76 77 In the event that fragmentation is required, the incoming payload is split into 78 N parts of size ieee->fts. The first fragment contains the SNAP header and the 79 remaining packets are just data. 80 81 If encryption is enabled, each fragment payload size is reduced by enough space 82 to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP) 83 So if you have 1500 bytes of payload with ieee->fts set to 500 without 84 encryption it will take 3 frames. With WEP it will take 4 frames as the 85 payload of each frame is reduced to 492 bytes. 86 87 * SKB visualization 88 * 89 * ,- skb->data 90 * | 91 * | ETHERNET HEADER ,-<-- PAYLOAD 92 * | | 14 bytes from skb->data 93 * | 2 bytes for Type --> ,T. | (sizeof ethhdr) 94 * | | | | 95 * |,-Dest.--. ,--Src.---. | | | 96 * | 6 bytes| | 6 bytes | | | | 97 * v | | | | | | 98 * 0 | v 1 | v | v 2 99 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 100 * ^ | ^ | ^ | 101 * | | | | | | 102 * | | | | `T' <---- 2 bytes for Type 103 * | | | | 104 * | | '---SNAP--' <-------- 6 bytes for SNAP 105 * | | 106 * `-IV--' <-------------------- 4 bytes for IV (WEP) 107 * 108 * SNAP HEADER 109 * 110 */ 111 112 static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 }; 113 static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 }; 114 libipw_copy_snap(u8 * data,__be16 h_proto)115 static int libipw_copy_snap(u8 * data, __be16 h_proto) 116 { 117 struct libipw_snap_hdr *snap; 118 u8 *oui; 119 120 snap = (struct libipw_snap_hdr *)data; 121 snap->dsap = 0xaa; 122 snap->ssap = 0xaa; 123 snap->ctrl = 0x03; 124 125 if (h_proto == htons(ETH_P_AARP) || h_proto == htons(ETH_P_IPX)) 126 oui = P802_1H_OUI; 127 else 128 oui = RFC1042_OUI; 129 snap->oui[0] = oui[0]; 130 snap->oui[1] = oui[1]; 131 snap->oui[2] = oui[2]; 132 133 memcpy(data + SNAP_SIZE, &h_proto, sizeof(u16)); 134 135 return SNAP_SIZE + sizeof(u16); 136 } 137 libipw_encrypt_fragment(struct libipw_device * ieee,struct sk_buff * frag,int hdr_len)138 static int libipw_encrypt_fragment(struct libipw_device *ieee, 139 struct sk_buff *frag, int hdr_len) 140 { 141 struct lib80211_crypt_data *crypt = 142 ieee->crypt_info.crypt[ieee->crypt_info.tx_keyidx]; 143 int res; 144 145 if (crypt == NULL) 146 return -1; 147 148 /* To encrypt, frame format is: 149 * IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */ 150 atomic_inc(&crypt->refcnt); 151 res = 0; 152 if (crypt->ops && crypt->ops->encrypt_mpdu) 153 res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv); 154 155 atomic_dec(&crypt->refcnt); 156 if (res < 0) { 157 printk(KERN_INFO "%s: Encryption failed: len=%d.\n", 158 ieee->dev->name, frag->len); 159 ieee->ieee_stats.tx_discards++; 160 return -1; 161 } 162 163 return 0; 164 } 165 libipw_txb_free(struct libipw_txb * txb)166 void libipw_txb_free(struct libipw_txb *txb) 167 { 168 int i; 169 if (unlikely(!txb)) 170 return; 171 for (i = 0; i < txb->nr_frags; i++) 172 if (txb->fragments[i]) 173 dev_kfree_skb_any(txb->fragments[i]); 174 kfree(txb); 175 } 176 libipw_alloc_txb(int nr_frags,int txb_size,int headroom,gfp_t gfp_mask)177 static struct libipw_txb *libipw_alloc_txb(int nr_frags, int txb_size, 178 int headroom, gfp_t gfp_mask) 179 { 180 struct libipw_txb *txb; 181 int i; 182 183 txb = kzalloc(struct_size(txb, fragments, nr_frags), gfp_mask); 184 if (!txb) 185 return NULL; 186 187 txb->nr_frags = nr_frags; 188 txb->frag_size = txb_size; 189 190 for (i = 0; i < nr_frags; i++) { 191 txb->fragments[i] = __dev_alloc_skb(txb_size + headroom, 192 gfp_mask); 193 if (unlikely(!txb->fragments[i])) { 194 i--; 195 break; 196 } 197 skb_reserve(txb->fragments[i], headroom); 198 } 199 if (unlikely(i != nr_frags)) { 200 while (i >= 0) 201 dev_kfree_skb_any(txb->fragments[i--]); 202 kfree(txb); 203 return NULL; 204 } 205 return txb; 206 } 207 libipw_classify(struct sk_buff * skb)208 static int libipw_classify(struct sk_buff *skb) 209 { 210 struct ethhdr *eth; 211 struct iphdr *ip; 212 213 eth = (struct ethhdr *)skb->data; 214 if (eth->h_proto != htons(ETH_P_IP)) 215 return 0; 216 217 ip = ip_hdr(skb); 218 switch (ip->tos & 0xfc) { 219 case 0x20: 220 return 2; 221 case 0x40: 222 return 1; 223 case 0x60: 224 return 3; 225 case 0x80: 226 return 4; 227 case 0xa0: 228 return 5; 229 case 0xc0: 230 return 6; 231 case 0xe0: 232 return 7; 233 default: 234 return 0; 235 } 236 } 237 238 /* Incoming skb is converted to a txb which consists of 239 * a block of 802.11 fragment packets (stored as skbs) */ libipw_xmit(struct sk_buff * skb,struct net_device * dev)240 netdev_tx_t libipw_xmit(struct sk_buff *skb, struct net_device *dev) 241 { 242 struct libipw_device *ieee = netdev_priv(dev); 243 struct libipw_txb *txb = NULL; 244 struct libipw_hdr_3addrqos *frag_hdr; 245 int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size, 246 rts_required; 247 unsigned long flags; 248 int encrypt, host_encrypt, host_encrypt_msdu; 249 __be16 ether_type; 250 int bytes, fc, hdr_len; 251 struct sk_buff *skb_frag; 252 struct libipw_hdr_3addrqos header = {/* Ensure zero initialized */ 253 .duration_id = 0, 254 .seq_ctl = 0, 255 .qos_ctl = 0 256 }; 257 u8 dest[ETH_ALEN], src[ETH_ALEN]; 258 struct lib80211_crypt_data *crypt; 259 int priority = skb->priority; 260 int snapped = 0; 261 262 if (ieee->is_queue_full && (*ieee->is_queue_full) (dev, priority)) 263 return NETDEV_TX_BUSY; 264 265 spin_lock_irqsave(&ieee->lock, flags); 266 267 /* If there is no driver handler to take the TXB, dont' bother 268 * creating it... */ 269 if (!ieee->hard_start_xmit) { 270 printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name); 271 goto success; 272 } 273 274 if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) { 275 printk(KERN_WARNING "%s: skb too small (%d).\n", 276 ieee->dev->name, skb->len); 277 goto success; 278 } 279 280 ether_type = ((struct ethhdr *)skb->data)->h_proto; 281 282 crypt = ieee->crypt_info.crypt[ieee->crypt_info.tx_keyidx]; 283 284 encrypt = !(ether_type == htons(ETH_P_PAE) && ieee->ieee802_1x) && 285 ieee->sec.encrypt; 286 287 host_encrypt = ieee->host_encrypt && encrypt && crypt; 288 host_encrypt_msdu = ieee->host_encrypt_msdu && encrypt && crypt; 289 290 if (!encrypt && ieee->ieee802_1x && 291 ieee->drop_unencrypted && ether_type != htons(ETH_P_PAE)) { 292 dev->stats.tx_dropped++; 293 goto success; 294 } 295 296 /* Save source and destination addresses */ 297 skb_copy_from_linear_data(skb, dest, ETH_ALEN); 298 skb_copy_from_linear_data_offset(skb, ETH_ALEN, src, ETH_ALEN); 299 300 if (host_encrypt) 301 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA | 302 IEEE80211_FCTL_PROTECTED; 303 else 304 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA; 305 306 if (ieee->iw_mode == IW_MODE_INFRA) { 307 fc |= IEEE80211_FCTL_TODS; 308 /* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */ 309 memcpy(header.addr1, ieee->bssid, ETH_ALEN); 310 memcpy(header.addr2, src, ETH_ALEN); 311 memcpy(header.addr3, dest, ETH_ALEN); 312 } else if (ieee->iw_mode == IW_MODE_ADHOC) { 313 /* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */ 314 memcpy(header.addr1, dest, ETH_ALEN); 315 memcpy(header.addr2, src, ETH_ALEN); 316 memcpy(header.addr3, ieee->bssid, ETH_ALEN); 317 } 318 hdr_len = LIBIPW_3ADDR_LEN; 319 320 if (ieee->is_qos_active && ieee->is_qos_active(dev, skb)) { 321 fc |= IEEE80211_STYPE_QOS_DATA; 322 hdr_len += 2; 323 324 skb->priority = libipw_classify(skb); 325 header.qos_ctl |= cpu_to_le16(skb->priority & LIBIPW_QCTL_TID); 326 } 327 header.frame_ctl = cpu_to_le16(fc); 328 329 /* Advance the SKB to the start of the payload */ 330 skb_pull(skb, sizeof(struct ethhdr)); 331 332 /* Determine total amount of storage required for TXB packets */ 333 bytes = skb->len + SNAP_SIZE + sizeof(u16); 334 335 /* Encrypt msdu first on the whole data packet. */ 336 if ((host_encrypt || host_encrypt_msdu) && 337 crypt && crypt->ops && crypt->ops->encrypt_msdu) { 338 int res = 0; 339 int len = bytes + hdr_len + crypt->ops->extra_msdu_prefix_len + 340 crypt->ops->extra_msdu_postfix_len; 341 struct sk_buff *skb_new = dev_alloc_skb(len); 342 343 if (unlikely(!skb_new)) 344 goto failed; 345 346 skb_reserve(skb_new, crypt->ops->extra_msdu_prefix_len); 347 skb_put_data(skb_new, &header, hdr_len); 348 snapped = 1; 349 libipw_copy_snap(skb_put(skb_new, SNAP_SIZE + sizeof(u16)), 350 ether_type); 351 skb_copy_from_linear_data(skb, skb_put(skb_new, skb->len), skb->len); 352 res = crypt->ops->encrypt_msdu(skb_new, hdr_len, crypt->priv); 353 if (res < 0) { 354 LIBIPW_ERROR("msdu encryption failed\n"); 355 dev_kfree_skb_any(skb_new); 356 goto failed; 357 } 358 dev_kfree_skb_any(skb); 359 skb = skb_new; 360 bytes += crypt->ops->extra_msdu_prefix_len + 361 crypt->ops->extra_msdu_postfix_len; 362 skb_pull(skb, hdr_len); 363 } 364 365 if (host_encrypt || ieee->host_open_frag) { 366 /* Determine fragmentation size based on destination (multicast 367 * and broadcast are not fragmented) */ 368 if (is_multicast_ether_addr(dest) || 369 is_broadcast_ether_addr(dest)) 370 frag_size = MAX_FRAG_THRESHOLD; 371 else 372 frag_size = ieee->fts; 373 374 /* Determine amount of payload per fragment. Regardless of if 375 * this stack is providing the full 802.11 header, one will 376 * eventually be affixed to this fragment -- so we must account 377 * for it when determining the amount of payload space. */ 378 bytes_per_frag = frag_size - hdr_len; 379 if (ieee->config & 380 (CFG_LIBIPW_COMPUTE_FCS | CFG_LIBIPW_RESERVE_FCS)) 381 bytes_per_frag -= LIBIPW_FCS_LEN; 382 383 /* Each fragment may need to have room for encryption 384 * pre/postfix */ 385 if (host_encrypt && crypt && crypt->ops) 386 bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len + 387 crypt->ops->extra_mpdu_postfix_len; 388 389 /* Number of fragments is the total 390 * bytes_per_frag / payload_per_fragment */ 391 nr_frags = bytes / bytes_per_frag; 392 bytes_last_frag = bytes % bytes_per_frag; 393 if (bytes_last_frag) 394 nr_frags++; 395 else 396 bytes_last_frag = bytes_per_frag; 397 } else { 398 nr_frags = 1; 399 bytes_per_frag = bytes_last_frag = bytes; 400 frag_size = bytes + hdr_len; 401 } 402 403 rts_required = (frag_size > ieee->rts 404 && ieee->config & CFG_LIBIPW_RTS); 405 if (rts_required) 406 nr_frags++; 407 408 /* When we allocate the TXB we allocate enough space for the reserve 409 * and full fragment bytes (bytes_per_frag doesn't include prefix, 410 * postfix, header, FCS, etc.) */ 411 txb = libipw_alloc_txb(nr_frags, frag_size, 412 ieee->tx_headroom, GFP_ATOMIC); 413 if (unlikely(!txb)) { 414 printk(KERN_WARNING "%s: Could not allocate TXB\n", 415 ieee->dev->name); 416 goto failed; 417 } 418 txb->encrypted = encrypt; 419 if (host_encrypt) 420 txb->payload_size = frag_size * (nr_frags - 1) + 421 bytes_last_frag; 422 else 423 txb->payload_size = bytes; 424 425 if (rts_required) { 426 skb_frag = txb->fragments[0]; 427 frag_hdr = skb_put(skb_frag, hdr_len); 428 429 /* 430 * Set header frame_ctl to the RTS. 431 */ 432 header.frame_ctl = 433 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS); 434 memcpy(frag_hdr, &header, hdr_len); 435 436 /* 437 * Restore header frame_ctl to the original data setting. 438 */ 439 header.frame_ctl = cpu_to_le16(fc); 440 441 if (ieee->config & 442 (CFG_LIBIPW_COMPUTE_FCS | CFG_LIBIPW_RESERVE_FCS)) 443 skb_put(skb_frag, 4); 444 445 txb->rts_included = 1; 446 i = 1; 447 } else 448 i = 0; 449 450 for (; i < nr_frags; i++) { 451 skb_frag = txb->fragments[i]; 452 453 if (host_encrypt) 454 skb_reserve(skb_frag, 455 crypt->ops->extra_mpdu_prefix_len); 456 457 frag_hdr = skb_put_data(skb_frag, &header, hdr_len); 458 459 /* If this is not the last fragment, then add the MOREFRAGS 460 * bit to the frame control */ 461 if (i != nr_frags - 1) { 462 frag_hdr->frame_ctl = 463 cpu_to_le16(fc | IEEE80211_FCTL_MOREFRAGS); 464 bytes = bytes_per_frag; 465 } else { 466 /* The last fragment takes the remaining length */ 467 bytes = bytes_last_frag; 468 } 469 470 if (i == 0 && !snapped) { 471 libipw_copy_snap(skb_put 472 (skb_frag, SNAP_SIZE + sizeof(u16)), 473 ether_type); 474 bytes -= SNAP_SIZE + sizeof(u16); 475 } 476 477 skb_copy_from_linear_data(skb, skb_put(skb_frag, bytes), bytes); 478 479 /* Advance the SKB... */ 480 skb_pull(skb, bytes); 481 482 /* Encryption routine will move the header forward in order 483 * to insert the IV between the header and the payload */ 484 if (host_encrypt) 485 libipw_encrypt_fragment(ieee, skb_frag, hdr_len); 486 487 if (ieee->config & 488 (CFG_LIBIPW_COMPUTE_FCS | CFG_LIBIPW_RESERVE_FCS)) 489 skb_put(skb_frag, 4); 490 } 491 492 success: 493 spin_unlock_irqrestore(&ieee->lock, flags); 494 495 dev_kfree_skb_any(skb); 496 497 if (txb) { 498 netdev_tx_t ret = (*ieee->hard_start_xmit)(txb, dev, priority); 499 if (ret == NETDEV_TX_OK) { 500 dev->stats.tx_packets++; 501 dev->stats.tx_bytes += txb->payload_size; 502 return NETDEV_TX_OK; 503 } 504 505 libipw_txb_free(txb); 506 } 507 508 return NETDEV_TX_OK; 509 510 failed: 511 spin_unlock_irqrestore(&ieee->lock, flags); 512 netif_stop_queue(dev); 513 dev->stats.tx_errors++; 514 return NETDEV_TX_BUSY; 515 } 516 EXPORT_SYMBOL(libipw_xmit); 517 518 EXPORT_SYMBOL(libipw_txb_free); 519