Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacmn: Enable Peer authorization support in RX path

In security mode, allow only EAPOL frames in receive path
when peer is not authorized. This feature is enabled per VAP
based on vdev flag and will be applicable for all peers in that
VAP

Change-Id: Ic5dea09c2083f31e8cd301a0cdc3565f247b735c
Mainak Sen 4 years ago
parent
6676daab7d
commit
37a91751be
5 changed files with 40 additions and 0 deletions
Unified View Show Diff Stats
  1. 4 0
      dp/inc/cdp_txrx_cmn_struct.h
  2. 7 0
      dp/wifi3.0/dp_main.c
  3. 22 0
      dp/wifi3.0/dp_rx.c
  4. 2 0
      dp/wifi3.0/dp_stats.c
  5. 5 0
      dp/wifi3.0/dp_types.h

+ 4 - 0
dp/inc/cdp_txrx_cmn_struct.h
View File 

@@ -1105,6 +1105,7 @@ enum cdp_pdev_param_type {
 
  * @cdp_vdev_param_safe_mode: set safe mode
 
  * @cdp_vdev_param_safe_mode: set safe mode
 
  * @cdp_vdev_param_drop_unenc: set drop unencrypted flag
 
  * @cdp_vdev_param_drop_unenc: set drop unencrypted flag
 
  * @cdp_vdev_param_hlos_tid_override: set hlos tid override
 
  * @cdp_vdev_param_hlos_tid_override: set hlos tid override
 
+ * @cdp_vdev_param_peer_authorize: set peer authorize
 
  *
 
  *
 
  * @cdp_pdev_param_dbg_snf: Enable debug sniffer feature
 
  * @cdp_pdev_param_dbg_snf: Enable debug sniffer feature
 
  * @cdp_pdev_param_bpr_enable: Enable bcast probe feature
 
  * @cdp_pdev_param_bpr_enable: Enable bcast probe feature
 
@@ -1171,6 +1172,7 @@ typedef union cdp_config_param_t {
 
 	uint32_t cdp_vdev_param_drop_unenc;
 
 	uint32_t cdp_vdev_param_drop_unenc;
 
 	uint8_t cdp_vdev_param_hlos_tid_override;
 
 	uint8_t cdp_vdev_param_hlos_tid_override;
 
 	bool cdp_vdev_param_wds_ext;
 
 	bool cdp_vdev_param_wds_ext;
 
+	uint8_t cdp_vdev_param_peer_authorize;
 
 
 
 	/* pdev params */
 
 	/* pdev params */
 
 	bool cdp_pdev_param_cptr_latcy;
 
 	bool cdp_pdev_param_cptr_latcy;
 
@@ -1282,6 +1284,7 @@ enum cdp_pdev_bpr_param {
 
  * @CDP_ENABLE_IGMP_MCAST_EN: enable/disable igmp multicast enhancement
 
  * @CDP_ENABLE_IGMP_MCAST_EN: enable/disable igmp multicast enhancement
 
  * @CDP_ENABLE_HLOS_TID_OVERRIDE: set hlos tid override flag
 
  * @CDP_ENABLE_HLOS_TID_OVERRIDE: set hlos tid override flag
 
  * @CDP_CFG_WDS_EXT: enable/disable wds ext feature
 
  * @CDP_CFG_WDS_EXT: enable/disable wds ext feature
 
+ * @CDP_ENABLE_PEER_AUTHORIZE: enable peer authorize flag
 
  */
 
  */
 
 enum cdp_vdev_param_type {
 
 enum cdp_vdev_param_type {
 
 	CDP_ENABLE_NAWDS,
 
 	CDP_ENABLE_NAWDS,
 
@@ -1312,6 +1315,7 @@ enum cdp_vdev_param_type {
 
 #ifdef QCA_SUPPORT_WDS_EXTENDED
 
 #ifdef QCA_SUPPORT_WDS_EXTENDED
 
 	CDP_CFG_WDS_EXT,
 
 	CDP_CFG_WDS_EXT,
 
 #endif /* QCA_SUPPORT_WDS_EXTENDED */
 
 #endif /* QCA_SUPPORT_WDS_EXTENDED */
 
+	CDP_ENABLE_PEER_AUTHORIZE,
 
 };
 
 };
 
 
 
 /*
 
 /*

+ 7 - 0
dp/wifi3.0/dp_main.c
View File 

@@ -9113,6 +9113,10 @@ static QDF_STATUS dp_get_vdev_param(struct cdp_soc_t *cdp_soc, uint8_t vdev_id,
 
 		val->cdp_vdev_param_hlos_tid_override =
 
 		val->cdp_vdev_param_hlos_tid_override =
 
 			    dp_vdev_get_hlos_tid_override((struct cdp_vdev *)vdev);
 
 			    dp_vdev_get_hlos_tid_override((struct cdp_vdev *)vdev);
 
 		break;
 
 		break;
 
+	case CDP_ENABLE_PEER_AUTHORIZE:
 
+		val->cdp_vdev_param_peer_authorize =
 
+			    vdev->peer_authorize;
 
+		break;
 
 	default:
 
 	default:
 
 		dp_cdp_err("%pk: param value %d is wrong\n",
 
 		dp_cdp_err("%pk: param value %d is wrong\n",
 
 			   soc, param);
 
 			   soc, param);
 
@@ -9240,6 +9244,9 @@ dp_set_vdev_param(struct cdp_soc_t *cdp_soc, uint8_t vdev_id,
 
 		vdev->wds_ext_enabled = val.cdp_vdev_param_wds_ext;
 
 		vdev->wds_ext_enabled = val.cdp_vdev_param_wds_ext;
 
 		break;
 
 		break;
 
 #endif
 
 #endif
 
+	case CDP_ENABLE_PEER_AUTHORIZE:
 
+		vdev->peer_authorize = val.cdp_vdev_param_peer_authorize;
 
+		break;
 
 	default:
 
 	default:
 
 		break;
 
 		break;
 
 	}
 
 	}

+ 22 - 0
dp/wifi3.0/dp_rx.c
View File 

@@ -2630,6 +2630,28 @@ done:
 
 
 
 		if (qdf_likely(peer)) {
 
 		if (qdf_likely(peer)) {
 
 			vdev = peer->vdev;
 
 			vdev = peer->vdev;
 
+
 
+			/*
 
+			 * In encryption mode, all data packets except
 
+			 * EAPOL frames should be dropped when peer is not
 
+			 * authenticated. Thie feature is enabled for all peers
 
+			 * under this vdev when peer_authorize flag is set.
 
+			 */
 
+			if (qdf_unlikely(vdev->peer_authorize)) {
 
+				if (qdf_unlikely(vdev->sec_type != cdp_sec_type_none)) {
 
+					/*
 
+					 * Allow only EAPOL frames
 
+					 */
 
+					if (qdf_unlikely(!peer->authorize &&
 
+								!qdf_nbuf_is_ipv4_eapol_pkt(nbuf))) {
 
+						qdf_nbuf_free(nbuf);
 
+						nbuf = next;
 
+						DP_STATS_INC(soc, rx.err.peer_unauth_rx_pkt_drop, 1);
 
+						continue;
 
+					}
 
+				}
 
+			}
 
+
 
 		} else {
 
 		} else {
 
 			nbuf->next = NULL;
 
 			nbuf->next = NULL;
 
 			dp_rx_deliver_to_stack_no_peer(soc, nbuf);
 
 			dp_rx_deliver_to_stack_no_peer(soc, nbuf);

+ 2 - 0
dp/wifi3.0/dp_stats.c
View File 

@@ -6542,6 +6542,8 @@ dp_print_soc_rx_stats(struct dp_soc *soc)
 
 		       soc->stats.rx.err.defrag_peer_uninit);
 
 		       soc->stats.rx.err.defrag_peer_uninit);
 
 	DP_PRINT_STATS("Pkts delivered no peer = %d",
 
 	DP_PRINT_STATS("Pkts delivered no peer = %d",
 
 		       soc->stats.rx.err.pkt_delivered_no_peer);
 
 		       soc->stats.rx.err.pkt_delivered_no_peer);
 
+	DP_PRINT_STATS("Pkts drop due to no peer auth :%d",
 
+		       soc->stats.rx.err.peer_unauth_rx_pkt_drop);
 
 	DP_PRINT_STATS("Invalid Pdev = %d",
 
 	DP_PRINT_STATS("Invalid Pdev = %d",
 
 		       soc->stats.rx.err.invalid_pdev);
 
 		       soc->stats.rx.err.invalid_pdev);
 
 	DP_PRINT_STATS("Invalid Peer = %d",
 
 	DP_PRINT_STATS("Invalid Peer = %d",

+ 5 - 0
dp/wifi3.0/dp_types.h
View File 

@@ -995,6 +995,8 @@ struct dp_soc_stats {
 
 			uint32_t msdu_continuation_err;
 
 			uint32_t msdu_continuation_err;
 
 			/* REO OOR eapol drop count */
 
 			/* REO OOR eapol drop count */
 
 			uint32_t reo_err_oor_eapol_drop;
 
 			uint32_t reo_err_oor_eapol_drop;
 
+			/* Non Eapol packet drop count due to peer not authorized  */
 
+			uint32_t peer_unauth_rx_pkt_drop;
 
 		} err;
 
 		} err;
 
 
 
 		/* packet count per core - per ring */
 
 		/* packet count per core - per ring */
 
@@ -2405,6 +2407,9 @@ struct dp_vdev {
 
 	 */
 
 	 */
 
 	uint8_t skip_sw_tid_classification;
 
 	uint8_t skip_sw_tid_classification;
 
 
 
+	/* Flag to enable peer authorization */
 
+	uint8_t peer_authorize;
 
+
 
 	/* AST hash value for BSS peer in HW valid for STA VAP*/
 
 	/* AST hash value for BSS peer in HW valid for STA VAP*/
 
 	uint16_t bss_ast_hash;
 
 	uint16_t bss_ast_hash;