LXR linux/drivers/staging/rtl8188eu/core/rtw

   1// SPDX-License-Identifier: GPL-2.0
   2/******************************************************************************
   3 *
   4 * Copyright(c) 2007 - 2012 Realtek Corporation. All rights reserved.
   5 *
   6 ******************************************************************************/
   7#define _RTW_RECV_C_
   8
   9#include <linux/ieee80211.h>
  10#include <linux/if_ether.h>
  11
  12#include <osdep_service.h>
  13#include <drv_types.h>
  14#include <recv_osdep.h>
  15#include <mlme_osdep.h>
  16#include <mon.h>
  17#include <wifi.h>
  18#include <linux/vmalloc.h>
  19#include <linux/etherdevice.h>
  20#include <net/cfg80211.h>
  21
  22#define LLC_HEADER_SIZE                 6       /*  LLC Header Length */
  23
  24static u8 SNAP_ETH_TYPE_IPX[2] = {0x81, 0x37};
  25static u8 SNAP_ETH_TYPE_APPLETALK_AARP[2] = {0x80, 0xf3};
  26
  27static void rtw_signal_stat_timer_hdl(struct timer_list *t);
  28
  29void _rtw_init_sta_recv_priv(struct sta_recv_priv *psta_recvpriv)
  30{
  31        memset((u8 *)psta_recvpriv, 0, sizeof(struct sta_recv_priv));
  32
  33        spin_lock_init(&psta_recvpriv->lock);
  34
  35        _rtw_init_queue(&psta_recvpriv->defrag_q);
  36}
  37
  38int _rtw_init_recv_priv(struct recv_priv *precvpriv, struct adapter *padapter)
  39{
  40        int i;
  41
  42        struct recv_frame *precvframe;
  43
  44        int     res = _SUCCESS;
  45
  46        _rtw_init_queue(&precvpriv->free_recv_queue);
  47        _rtw_init_queue(&precvpriv->recv_pending_queue);
  48        _rtw_init_queue(&precvpriv->uc_swdec_pending_queue);
  49
  50        precvpriv->adapter = padapter;
  51
  52        precvpriv->pallocated_frame_buf = vzalloc(NR_RECVFRAME * sizeof(struct recv_frame) + RXFRAME_ALIGN_SZ);
  53
  54        if (!precvpriv->pallocated_frame_buf)
  55                return _FAIL;
  56
  57        precvframe = PTR_ALIGN(precvpriv->pallocated_frame_buf, RXFRAME_ALIGN_SZ);
  58
  59        for (i = 0; i < NR_RECVFRAME; i++) {
  60                INIT_LIST_HEAD(&precvframe->list);
  61
  62                list_add_tail(&precvframe->list,
  63                              &precvpriv->free_recv_queue.queue);
  64
  65                precvframe->pkt = NULL;
  66
  67                precvframe->adapter = padapter;
  68                precvframe++;
  69        }
  70        res = rtw_hal_init_recv_priv(padapter);
  71
  72        timer_setup(&precvpriv->signal_stat_timer, rtw_signal_stat_timer_hdl,
  73                    0);
  74
  75        precvpriv->signal_stat_sampling_interval = 1000; /* ms */
  76
  77        rtw_set_signal_stat_timer(precvpriv);
  78
  79        return res;
  80}
  81
  82void _rtw_free_recv_priv(struct recv_priv *precvpriv)
  83{
  84        struct adapter  *padapter = precvpriv->adapter;
  85
  86        rtw_free_uc_swdec_pending_queue(padapter);
  87
  88        vfree(precvpriv->pallocated_frame_buf);
  89
  90        rtw_hal_free_recv_priv(padapter);
  91}
  92
  93struct recv_frame *_rtw_alloc_recvframe(struct __queue *pfree_recv_queue)
  94{
  95        struct recv_frame *hdr;
  96
  97        hdr = list_first_entry_or_null(&pfree_recv_queue->queue,
  98                                       struct recv_frame, list);
  99        if (hdr)
 100                list_del_init(&hdr->list);
 101
 102        return hdr;
 103}
 104
 105struct recv_frame *rtw_alloc_recvframe(struct __queue *pfree_recv_queue)
 106{
 107        struct recv_frame  *precvframe;
 108
 109        spin_lock_bh(&pfree_recv_queue->lock);
 110
 111        precvframe = _rtw_alloc_recvframe(pfree_recv_queue);
 112
 113        spin_unlock_bh(&pfree_recv_queue->lock);
 114
 115        return precvframe;
 116}
 117
 118void rtw_free_recvframe(struct recv_frame *precvframe, struct __queue *pfree_recv_queue)
 119{
 120        if (!precvframe)
 121                return;
 122
 123        if (precvframe->pkt) {
 124                dev_kfree_skb_any(precvframe->pkt);/* free skb by driver */
 125                precvframe->pkt = NULL;
 126        }
 127
 128        spin_lock_bh(&pfree_recv_queue->lock);
 129
 130        list_del_init(&precvframe->list);
 131
 132        list_add_tail(&precvframe->list, get_list_head(pfree_recv_queue));
 133
 134        spin_unlock_bh(&pfree_recv_queue->lock);
 135}
 136
 137int _rtw_enqueue_recvframe(struct recv_frame *precvframe, struct __queue *queue)
 138{
 139        list_del_init(&precvframe->list);
 140        list_add_tail(&precvframe->list, get_list_head(queue));
 141
 142        return _SUCCESS;
 143}
 144
 145int rtw_enqueue_recvframe(struct recv_frame *precvframe, struct __queue *queue)
 146{
 147        int ret;
 148
 149        spin_lock_bh(&queue->lock);
 150        ret = _rtw_enqueue_recvframe(precvframe, queue);
 151        spin_unlock_bh(&queue->lock);
 152
 153        return ret;
 154}
 155
 156/*
 157 * caller : defrag ; recvframe_chk_defrag in recv_thread  (passive)
 158 * pframequeue: defrag_queue : will be accessed in recv_thread  (passive)
 159 *
 160 * using spinlock to protect
 161 *
 162 */
 163
 164void rtw_free_recvframe_queue(struct __queue *pframequeue,  struct __queue *pfree_recv_queue)
 165{
 166        struct recv_frame *hdr;
 167        struct list_head *plist, *phead;
 168
 169        spin_lock(&pframequeue->lock);
 170
 171        phead = get_list_head(pframequeue);
 172        plist = phead->next;
 173
 174        while (phead != plist) {
 175                hdr = list_entry(plist, struct recv_frame, list);
 176
 177                plist = plist->next;
 178
 179                rtw_free_recvframe(hdr, pfree_recv_queue);
 180        }
 181
 182        spin_unlock(&pframequeue->lock);
 183}
 184
 185u32 rtw_free_uc_swdec_pending_queue(struct adapter *adapter)
 186{
 187        u32 cnt = 0;
 188        struct recv_frame *pending_frame;
 189
 190        while ((pending_frame = rtw_alloc_recvframe(&adapter->recvpriv.uc_swdec_pending_queue))) {
 191                rtw_free_recvframe(pending_frame, &adapter->recvpriv.free_recv_queue);
 192                cnt++;
 193        }
 194
 195        return cnt;
 196}
 197
 198static int recvframe_chkmic(struct adapter *adapter,
 199                            struct recv_frame *precvframe)
 200{
 201        int     i, res = _SUCCESS;
 202        u32     datalen;
 203        u8      miccode[8];
 204        u8      bmic_err = false, brpt_micerror = true;
 205        u8      *pframe, *payload, *pframemic;
 206        u8      *mickey;
 207        struct  sta_info                *stainfo;
 208        struct  rx_pkt_attrib   *prxattrib = &precvframe->attrib;
 209        struct  security_priv   *psecuritypriv = &adapter->securitypriv;
 210
 211        struct mlme_ext_priv    *pmlmeext = &adapter->mlmeextpriv;
 212        struct mlme_ext_info    *pmlmeinfo = &pmlmeext->mlmext_info;
 213
 214        stainfo = rtw_get_stainfo(&adapter->stapriv, &prxattrib->ta[0]);
 215
 216        if (prxattrib->encrypt == _TKIP_) {
 217                /* calculate mic code */
 218                if (stainfo) {
 219                        if (is_multicast_ether_addr(prxattrib->ra)) {
 220                                if (!psecuritypriv) {
 221                                        res = _FAIL;
 222                                        goto exit;
 223                                }
 224                                mickey = &psecuritypriv->dot118021XGrprxmickey[prxattrib->key_index].skey[0];
 225                        } else {
 226                                mickey = &stainfo->dot11tkiprxmickey.skey[0];
 227                        }
 228
 229                        /* icv_len included the mic code */
 230                        datalen = precvframe->pkt->len - prxattrib->hdrlen -
 231                                  prxattrib->iv_len - prxattrib->icv_len - 8;
 232                        pframe = precvframe->pkt->data;
 233                        payload = pframe + prxattrib->hdrlen + prxattrib->iv_len;
 234
 235                        rtw_seccalctkipmic(mickey, pframe, payload, datalen, &miccode[0],
 236                                           (unsigned char)prxattrib->priority); /* care the length of the data */
 237
 238                        pframemic = payload + datalen;
 239
 240                        bmic_err = false;
 241
 242                        for (i = 0; i < 8; i++) {
 243                                if (miccode[i] != *(pframemic + i))
 244                                        bmic_err = true;
 245                        }
 246
 247                        if (bmic_err) {
 248                                /*  double check key_index for some timing issue , */
 249                                /*  cannot compare with psecuritypriv->dot118021XGrpKeyid also cause timing issue */
 250                                if (is_multicast_ether_addr(prxattrib->ra) && prxattrib->key_index != pmlmeinfo->key_index)
 251                                        brpt_micerror = false;
 252
 253                                if ((prxattrib->bdecrypted) && (brpt_micerror))
 254                                        rtw_handle_tkip_mic_err(adapter, (u8)is_multicast_ether_addr(prxattrib->ra));
 255                                res = _FAIL;
 256                        } else {
 257                                /* mic checked ok */
 258                                if (!psecuritypriv->bcheck_grpkey &&
 259                                    is_multicast_ether_addr(prxattrib->ra))
 260                                        psecuritypriv->bcheck_grpkey = true;
 261                        }
 262                }
 263
 264                skb_trim(precvframe->pkt, precvframe->pkt->len - 8);
 265        }
 266
 267exit:
 268
 269        return res;
 270}
 271
 272/* decrypt and set the ivlen, icvlen of the recv_frame */
 273static struct recv_frame *decryptor(struct adapter *padapter,
 274                                    struct recv_frame *precv_frame)
 275{
 276        struct rx_pkt_attrib *prxattrib = &precv_frame->attrib;
 277        struct security_priv *psecuritypriv = &padapter->securitypriv;
 278        struct recv_frame *return_packet = precv_frame;
 279        u32      res = _SUCCESS;
 280
 281        if (prxattrib->encrypt > 0) {
 282                u8 *iv = precv_frame->pkt->data + prxattrib->hdrlen;
 283
 284                prxattrib->key_index = (((iv[3]) >> 6) & 0x3);
 285
 286                if (prxattrib->key_index > WEP_KEYS) {
 287                        switch (prxattrib->encrypt) {
 288                        case _WEP40_:
 289                        case _WEP104_:
 290                                prxattrib->key_index = psecuritypriv->dot11PrivacyKeyIndex;
 291                                break;
 292                        case _TKIP_:
 293                        case _AES_:
 294                        default:
 295                                prxattrib->key_index = psecuritypriv->dot118021XGrpKeyid;
 296                                break;
 297                        }
 298                }
 299        }
 300
 301        if ((prxattrib->encrypt > 0) && (prxattrib->bdecrypted == 0)) {
 302                psecuritypriv->hw_decrypted = false;
 303
 304                switch (prxattrib->encrypt) {
 305                case _WEP40_:
 306                case _WEP104_:
 307                        res = rtw_wep_decrypt(padapter, precv_frame);
 308                        break;
 309                case _TKIP_:
 310                        res = rtw_tkip_decrypt(padapter, precv_frame);
 311                        break;
 312                case _AES_:
 313                        res = rtw_aes_decrypt(padapter, precv_frame);
 314                        break;
 315                default:
 316                        break;
 317                }
 318        } else if (prxattrib->bdecrypted == 1 && prxattrib->encrypt > 0 &&
 319                   (psecuritypriv->busetkipkey == 1 || prxattrib->encrypt != _TKIP_))
 320                        psecuritypriv->hw_decrypted = true;
 321
 322        if (res == _FAIL) {
 323                rtw_free_recvframe(return_packet, &padapter->recvpriv.free_recv_queue);
 324                return_packet = NULL;
 325        }
 326
 327        return return_packet;
 328}
 329
 330/* set the security information in the recv_frame */
 331static struct recv_frame *portctrl(struct adapter *adapter,
 332                                   struct recv_frame *precv_frame)
 333{
 334        u8   *psta_addr, *ptr;
 335        uint  auth_alg;
 336        struct recv_frame *pfhdr;
 337        struct sta_info *psta;
 338        struct sta_priv *pstapriv;
 339        struct recv_frame *prtnframe;
 340        u16     ether_type;
 341        u16  eapol_type = 0x888e;/* for Funia BD's WPA issue */
 342        struct rx_pkt_attrib *pattrib;
 343        __be16 be_tmp;
 344
 345        pstapriv = &adapter->stapriv;
 346
 347        auth_alg = adapter->securitypriv.dot11AuthAlgrthm;
 348
 349        ptr = precv_frame->pkt->data;
 350        pfhdr = precv_frame;
 351        pattrib = &pfhdr->attrib;
 352        psta_addr = pattrib->ta;
 353        psta = rtw_get_stainfo(pstapriv, psta_addr);
 354
 355        prtnframe = NULL;
 356
 357        if (auth_alg == 2) {
 358                /* get ether_type */
 359                ptr = ptr + pfhdr->attrib.hdrlen + LLC_HEADER_SIZE + pfhdr->attrib.iv_len;
 360                memcpy(&be_tmp, ptr, 2);
 361                ether_type = ntohs(be_tmp);
 362
 363                if (psta && (psta->ieee8021x_blocked)) {
 364                        /* blocked */
 365                        /* only accept EAPOL frame */
 366                        if (ether_type == eapol_type) {
 367                                prtnframe = precv_frame;
 368                        } else {
 369                                /* free this frame */
 370                                rtw_free_recvframe(precv_frame, &adapter->recvpriv.free_recv_queue);
 371                                prtnframe = NULL;
 372                        }
 373                } else {
 374                        /* allowed */
 375                        /* check decryption status, and decrypt the frame if needed */
 376                        prtnframe = precv_frame;
 377                        /* check is the EAPOL frame or not (Rekey) */
 378                        if (ether_type == eapol_type)
 379                                /* check Rekey */
 380                                prtnframe = precv_frame;
 381                }
 382        } else {
 383                prtnframe = precv_frame;
 384        }
 385
 386        return prtnframe;
 387}
 388
 389static int recv_decache(struct recv_frame *precv_frame, u8 bretry,
 390                        struct stainfo_rxcache *prxcache)
 391{
 392        int tid = precv_frame->attrib.priority;
 393
 394        u16 seq_ctrl = ((precv_frame->attrib.seq_num & 0xffff) << 4) |
 395                (precv_frame->attrib.frag_num & 0xf);
 396
 397        if (tid > 15)
 398                return _FAIL;
 399
 400        if (seq_ctrl == prxcache->tid_rxseq[tid])
 401                return _FAIL;
 402
 403        prxcache->tid_rxseq[tid] = seq_ctrl;
 404
 405        return _SUCCESS;
 406}
 407
 408static void process_pwrbit_data(struct adapter *padapter,
 409                                struct recv_frame *precv_frame)
 410{
 411#ifdef CONFIG_88EU_AP_MODE
 412        unsigned char pwrbit;
 413        u8 *ptr = precv_frame->pkt->data;
 414        struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
 415        struct sta_priv *pstapriv = &padapter->stapriv;
 416        struct sta_info *psta = NULL;
 417
 418        psta = rtw_get_stainfo(pstapriv, pattrib->src);
 419
 420        pwrbit = GetPwrMgt(ptr);
 421
 422        if (psta) {
 423                if (pwrbit) {
 424                        if (!(psta->state & WIFI_SLEEP_STATE))
 425                                stop_sta_xmit(padapter, psta);
 426                } else {
 427                        if (psta->state & WIFI_SLEEP_STATE)
 428                                wakeup_sta_to_xmit(padapter, psta);
 429                }
 430        }
 431
 432#endif
 433}
 434
 435static void process_wmmps_data(struct adapter *padapter,
 436                               struct recv_frame *precv_frame)
 437{
 438#ifdef CONFIG_88EU_AP_MODE
 439        struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
 440        struct sta_priv *pstapriv = &padapter->stapriv;
 441        struct sta_info *psta = NULL;
 442
 443        psta = rtw_get_stainfo(pstapriv, pattrib->src);
 444
 445        if (!psta)
 446                return;
 447
 448        if (!psta->qos_option)
 449                return;
 450
 451        if (!(psta->qos_info & 0xf))
 452                return;
 453
 454        if (psta->state & WIFI_SLEEP_STATE) {
 455                u8 wmmps_ac = 0;
 456
 457                switch (pattrib->priority) {
 458                case 1:
 459                case 2:
 460                        wmmps_ac = psta->uapsd_bk & BIT(1);
 461                        break;
 462                case 4:
 463                case 5:
 464                        wmmps_ac = psta->uapsd_vi & BIT(1);
 465                        break;
 466                case 6:
 467                case 7:
 468                        wmmps_ac = psta->uapsd_vo & BIT(1);
 469                        break;
 470                case 0:
 471                case 3:
 472                default:
 473                        wmmps_ac = psta->uapsd_be & BIT(1);
 474                        break;
 475                }
 476
 477                if (wmmps_ac) {
 478                        if (psta->sleepq_ac_len > 0) {
 479                                /* process received triggered frame */
 480                                xmit_delivery_enabled_frames(padapter, psta);
 481                        } else {
 482                                /* issue one qos null frame with More data bit = 0 and the EOSP bit set (= 1) */
 483                                issue_qos_nulldata(padapter, psta->hwaddr, (u16)pattrib->priority, 0, 0);
 484                        }
 485                }
 486        }
 487
 488#endif
 489}
 490
 491static void count_rx_stats(struct adapter *padapter,
 492                           struct recv_frame *prframe,
 493                           struct sta_info *sta)
 494{
 495        int     sz;
 496        struct sta_info         *psta = NULL;
 497        struct stainfo_stats    *pstats = NULL;
 498        struct rx_pkt_attrib    *pattrib = &prframe->attrib;
 499        struct recv_priv        *precvpriv = &padapter->recvpriv;
 500
 501        sz = prframe->pkt->len;
 502        precvpriv->rx_bytes += sz;
 503
 504        padapter->mlmepriv.LinkDetectInfo.NumRxOkInPeriod++;
 505
 506        if (!is_multicast_ether_addr(pattrib->dst))
 507                padapter->mlmepriv.LinkDetectInfo.NumRxUnicastOkInPeriod++;
 508
 509        if (sta)
 510                psta = sta;
 511        else
 512                psta = prframe->psta;
 513
 514        if (psta) {
 515                pstats = &psta->sta_stats;
 516
 517                pstats->rx_data_pkts++;
 518                pstats->rx_bytes += sz;
 519        }
 520}
 521
 522static int sta2sta_data_frame(struct adapter *adapter,
 523                              struct recv_frame *precv_frame,
 524                              struct sta_info **psta)
 525{
 526        int ret = _SUCCESS;
 527        struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
 528        struct  sta_priv *pstapriv = &adapter->stapriv;
 529        struct  mlme_priv *pmlmepriv = &adapter->mlmepriv;
 530        u8 *mybssid  = get_bssid(pmlmepriv);
 531        u8 *myhwaddr = myid(&adapter->eeprompriv);
 532        u8 *sta_addr = NULL;
 533        bool mcast = is_multicast_ether_addr(pattrib->dst);
 534
 535        if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) ||
 536            check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) {
 537                /*  filter packets that SA is myself or multicast or broadcast */
 538                if (!memcmp(myhwaddr, pattrib->src, ETH_ALEN)) {
 539                        ret = _FAIL;
 540                        goto exit;
 541                }
 542
 543                if (memcmp(myhwaddr, pattrib->dst, ETH_ALEN) && !mcast) {
 544                        ret = _FAIL;
 545                        goto exit;
 546                }
 547
 548                if (is_zero_ether_addr(pattrib->bssid) ||
 549                    is_zero_ether_addr(mybssid) ||
 550                    memcmp(pattrib->bssid, mybssid, ETH_ALEN)) {
 551                        ret = _FAIL;
 552                        goto exit;
 553                }
 554
 555                sta_addr = pattrib->src;
 556        } else if (check_fwstate(pmlmepriv, WIFI_STATION_STATE)) {
 557                /*  For Station mode, sa and bssid should always be BSSID, and DA is my mac-address */
 558                if (memcmp(pattrib->bssid, pattrib->src, ETH_ALEN)) {
 559                        ret = _FAIL;
 560                        goto exit;
 561                }
 562                sta_addr = pattrib->bssid;
 563        } else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
 564                if (mcast) {
 565                        /*  For AP mode, if DA == MCAST, then BSSID should be also MCAST */
 566                        if (!is_multicast_ether_addr(pattrib->bssid)) {
 567                                ret = _FAIL;
 568                                goto exit;
 569                        }
 570                } else { /*  not mc-frame */
 571                        /*  For AP mode, if DA is non-MCAST, then it must be BSSID, and bssid == BSSID */
 572                        if (memcmp(pattrib->bssid, pattrib->dst, ETH_ALEN)) {
 573                                ret = _FAIL;
 574                                goto exit;
 575                        }
 576
 577                        sta_addr = pattrib->src;
 578                }
 579        } else {
 580                ret  = _FAIL;
 581        }
 582
 583        if (mcast)
 584                *psta = rtw_get_bcmc_stainfo(adapter);
 585        else
 586                *psta = rtw_get_stainfo(pstapriv, sta_addr); /*  get ap_info */
 587
 588        if (!*psta) {
 589                ret = _FAIL;
 590                goto exit;
 591        }
 592
 593exit:
 594        return ret;
 595}
 596
 597static int ap2sta_data_frame(struct adapter *adapter,
 598                             struct recv_frame *precv_frame,
 599                             struct sta_info **psta)
 600{
 601        u8 *ptr = precv_frame->pkt->data;
 602        struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
 603        int ret = _SUCCESS;
 604        struct  sta_priv *pstapriv = &adapter->stapriv;
 605        struct  mlme_priv *pmlmepriv = &adapter->mlmepriv;
 606        u8 *mybssid  = get_bssid(pmlmepriv);
 607        u8 *myhwaddr = myid(&adapter->eeprompriv);
 608        bool mcast = is_multicast_ether_addr(pattrib->dst);
 609
 610        if (check_fwstate(pmlmepriv, WIFI_STATION_STATE) &&
 611            (check_fwstate(pmlmepriv, _FW_LINKED) ||
 612             check_fwstate(pmlmepriv, _FW_UNDER_LINKING))) {
 613                /*  filter packets that SA is myself or multicast or broadcast */
 614                if (!memcmp(myhwaddr, pattrib->src, ETH_ALEN)) {
 615                        ret = _FAIL;
 616                        goto exit;
 617                }
 618
 619                /*  da should be for me */
 620                if (memcmp(myhwaddr, pattrib->dst, ETH_ALEN) && !mcast) {
 621                        ret = _FAIL;
 622                        goto exit;
 623                }
 624
 625                /*  check BSSID */
 626                if (is_zero_ether_addr(pattrib->bssid) ||
 627                    is_zero_ether_addr(mybssid) ||
 628                    (memcmp(pattrib->bssid, mybssid, ETH_ALEN))) {
 629                        if (!mcast)
 630                                issue_deauth(adapter, pattrib->bssid, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
 631
 632                        ret = _FAIL;
 633                        goto exit;
 634                }
 635
 636                if (mcast)
 637                        *psta = rtw_get_bcmc_stainfo(adapter);
 638                else
 639                        *psta = rtw_get_stainfo(pstapriv, pattrib->bssid); /*  get ap_info */
 640
 641                if (!*psta) {
 642                        ret = _FAIL;
 643                        goto exit;
 644                }
 645
 646                /* if ((GetFrameSubType(ptr) & WIFI_QOS_DATA_TYPE) == WIFI_QOS_DATA_TYPE) { */
 647                /*  */
 648
 649                if (GetFrameSubType(ptr) & BIT(6)) {
 650                        /* No data, will not indicate to upper layer, temporily count it here */
 651                        count_rx_stats(adapter, precv_frame, *psta);
 652                        ret = RTW_RX_HANDLED;
 653                        goto exit;
 654                }
 655        } else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
 656                /* Special case */
 657                ret = RTW_RX_HANDLED;
 658                goto exit;
 659        } else {
 660                if (!memcmp(myhwaddr, pattrib->dst, ETH_ALEN) && !mcast) {
 661                        *psta = rtw_get_stainfo(pstapriv, pattrib->bssid); /*  get sta_info */
 662                        if (!*psta)
 663                                issue_deauth(adapter, pattrib->bssid, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
 664                }
 665
 666                ret = _FAIL;
 667        }
 668
 669exit:
 670
 671        return ret;
 672}
 673
 674static int sta2ap_data_frame(struct adapter *adapter,
 675                             struct recv_frame *precv_frame,
 676                             struct sta_info **psta)
 677{
 678        struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
 679        struct  sta_priv *pstapriv = &adapter->stapriv;
 680        struct  mlme_priv *pmlmepriv = &adapter->mlmepriv;
 681        u8 *ptr = precv_frame->pkt->data;
 682        unsigned char *mybssid  = get_bssid(pmlmepriv);
 683        int ret = _SUCCESS;
 684
 685        if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
 686                /* For AP mode, RA = BSSID, TX = STA(SRC_ADDR), A3 = DST_ADDR */
 687                if (memcmp(pattrib->bssid, mybssid, ETH_ALEN)) {
 688                        ret = _FAIL;
 689                        goto exit;
 690                }
 691
 692                *psta = rtw_get_stainfo(pstapriv, pattrib->src);
 693                if (!*psta) {
 694                        issue_deauth(adapter, pattrib->src, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
 695
 696                        ret = RTW_RX_HANDLED;
 697                        goto exit;
 698                }
 699
 700                process_pwrbit_data(adapter, precv_frame);
 701
 702                if ((GetFrameSubType(ptr) & WIFI_QOS_DATA_TYPE) == WIFI_QOS_DATA_TYPE)
 703                        process_wmmps_data(adapter, precv_frame);
 704
 705                if (GetFrameSubType(ptr) & BIT(6)) {
 706                        /* No data, will not indicate to upper layer, temporily count it here */
 707                        count_rx_stats(adapter, precv_frame, *psta);
 708                        ret = RTW_RX_HANDLED;
 709                        goto exit;
 710                }
 711        } else {
 712                u8 *myhwaddr = myid(&adapter->eeprompriv);
 713
 714                if (memcmp(pattrib->ra, myhwaddr, ETH_ALEN)) {
 715                        ret = RTW_RX_HANDLED;
 716                        goto exit;
 717                }
 718                issue_deauth(adapter, pattrib->src, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
 719                ret = RTW_RX_HANDLED;
 720                goto exit;
 721        }
 722
 723exit:
 724
 725        return ret;
 726}
 727
 728static int validate_recv_ctrl_frame(struct adapter *padapter,
 729                                    struct recv_frame *precv_frame)
 730{
 731#ifdef CONFIG_88EU_AP_MODE
 732        struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
 733        struct sta_priv *pstapriv = &padapter->stapriv;
 734        u8 *pframe = precv_frame->pkt->data;
 735
 736        if (GetFrameType(pframe) != WIFI_CTRL_TYPE)
 737                return _FAIL;
 738
 739        /* receive the frames that ra(a1) is my address */
 740        if (memcmp(GetAddr1Ptr(pframe), myid(&padapter->eeprompriv), ETH_ALEN))
 741                return _FAIL;
 742
 743        /* only handle ps-poll */
 744        if (GetFrameSubType(pframe) == (IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL)) {
 745                u16 aid;
 746                u8 wmmps_ac = 0;
 747                struct sta_info *psta = NULL;
 748
 749                aid = GetAid(pframe);
 750                psta = rtw_get_stainfo(pstapriv, GetAddr2Ptr(pframe));
 751
 752                if ((!psta) || (psta->aid != aid))
 753                        return _FAIL;
 754
 755                /* for rx pkt statistics */
 756                psta->sta_stats.rx_ctrl_pkts++;
 757
 758                switch (pattrib->priority) {
 759                case 1:
 760                case 2:
 761                        wmmps_ac = psta->uapsd_bk & BIT(0);
 762                        break;
 763                case 4:
 764                case 5:
 765                        wmmps_ac = psta->uapsd_vi & BIT(0);
 766                        break;
 767                case 6:
 768                case 7:
 769                        wmmps_ac = psta->uapsd_vo & BIT(0);
 770                        break;
 771                case 0:
 772                case 3:
 773                default:
 774                        wmmps_ac = psta->uapsd_be & BIT(0);
 775                        break;
 776                }
 777
 778                if (wmmps_ac)
 779                        return _FAIL;
 780
 781                if (psta->state & WIFI_STA_ALIVE_CHK_STATE) {
 782                        psta->expire_to = pstapriv->expire_to;
 783                        psta->state ^= WIFI_STA_ALIVE_CHK_STATE;
 784                }
 785
 786                if ((psta->state & WIFI_SLEEP_STATE) && (pstapriv->sta_dz_bitmap & BIT(psta->aid))) {
 787                        struct list_head *xmitframe_plist, *xmitframe_phead;
 788                        struct xmit_frame *pxmitframe = NULL;
 789
 790                        spin_lock_bh(&psta->sleep_q.lock);
 791
 792                        xmitframe_phead = get_list_head(&psta->sleep_q);
 793                        xmitframe_plist = xmitframe_phead->next;
 794
 795                        if (xmitframe_phead != xmitframe_plist) {
 796                                pxmitframe = list_entry(xmitframe_plist, struct xmit_frame, list);
 797
 798                                xmitframe_plist = xmitframe_plist->next;
 799
 800                                list_del_init(&pxmitframe->list);
 801
 802                                psta->sleepq_len--;
 803
 804                                if (psta->sleepq_len > 0)
 805                                        pxmitframe->attrib.mdata = 1;
 806                                else
 807                                        pxmitframe->attrib.mdata = 0;
 808
 809                                pxmitframe->attrib.triggered = 1;
 810
 811                                spin_unlock_bh(&psta->sleep_q.lock);
 812                                if (rtw_hal_xmit(padapter, pxmitframe))
 813                                        rtw_os_xmit_complete(padapter, pxmitframe);
 814                                spin_lock_bh(&psta->sleep_q.lock);
 815
 816                                if (psta->sleepq_len == 0) {
 817                                        pstapriv->tim_bitmap &= ~BIT(psta->aid);
 818
 819                                        /* update BCN for TIM IE */
 820                                        /* update_BCNTIM(padapter); */
 821                                        update_beacon(padapter, WLAN_EID_TIM, NULL, false);
 822                                }
 823                        } else {
 824                                if (pstapriv->tim_bitmap & BIT(psta->aid)) {
 825                                        if (psta->sleepq_len == 0)
 826                                                /* issue nulldata with More data bit = 0 to indicate we have no buffered packets */
 827                                                issue_nulldata(padapter, psta->hwaddr, 0, 0, 0);
 828                                        else
 829                                                psta->sleepq_len = 0;
 830
 831                                        pstapriv->tim_bitmap &= ~BIT(psta->aid);
 832
 833                                        /* update BCN for TIM IE */
 834                                        /* update_BCNTIM(padapter); */
 835                                        update_beacon(padapter, WLAN_EID_TIM, NULL, false);
 836                                }
 837                        }
 838
 839                        spin_unlock_bh(&psta->sleep_q.lock);
 840                }
 841        }
 842
 843#endif
 844
 845        return _FAIL;
 846}
 847
 848struct recv_frame *recvframe_chk_defrag(struct adapter *padapter,
 849                                        struct recv_frame *precv_frame);
 850
 851static int validate_recv_mgnt_frame(struct adapter *padapter,
 852                                    struct recv_frame *precv_frame)
 853{
 854        struct sta_info *psta;
 855
 856        precv_frame = recvframe_chk_defrag(padapter, precv_frame);
 857        if (!precv_frame)
 858                return _SUCCESS;
 859
 860        /* for rx pkt statistics */
 861        psta = rtw_get_stainfo(&padapter->stapriv,
 862                               GetAddr2Ptr(precv_frame->pkt->data));
 863        if (psta) {
 864                psta->sta_stats.rx_mgnt_pkts++;
 865                if (GetFrameSubType(precv_frame->pkt->data) == IEEE80211_STYPE_BEACON) {
 866                        psta->sta_stats.rx_beacon_pkts++;
 867                } else if (GetFrameSubType(precv_frame->pkt->data) == IEEE80211_STYPE_PROBE_REQ) {
 868                        psta->sta_stats.rx_probereq_pkts++;
 869                } else if (GetFrameSubType(precv_frame->pkt->data) == IEEE80211_STYPE_PROBE_RESP) {
 870                        if (!memcmp(padapter->eeprompriv.mac_addr,
 871                                    GetAddr1Ptr(precv_frame->pkt->data), ETH_ALEN))
 872                                psta->sta_stats.rx_probersp_pkts++;
 873                        else if (is_multicast_ether_addr(GetAddr1Ptr(precv_frame->pkt->data)))
 874                                psta->sta_stats.rx_probersp_bm_pkts++;
 875                        else
 876                                psta->sta_stats.rx_probersp_uo_pkts++;
 877                }
 878        }
 879
 880        mgt_dispatcher(padapter, precv_frame);
 881
 882        return _SUCCESS;
 883}
 884
 885static int validate_recv_data_frame(struct adapter *adapter,
 886                                    struct recv_frame *precv_frame)
 887{
 888        u8 bretry;
 889        u8 *psa, *pda, *pbssid;
 890        struct sta_info *psta = NULL;
 891        u8 *ptr = precv_frame->pkt->data;
 892        struct rx_pkt_attrib    *pattrib = &precv_frame->attrib;
 893        struct security_priv    *psecuritypriv = &adapter->securitypriv;
 894        int ret = _SUCCESS;
 895
 896        bretry = GetRetry(ptr);
 897        pda = ieee80211_get_DA((struct ieee80211_hdr *)ptr);
 898        psa = ieee80211_get_SA((struct ieee80211_hdr *)ptr);
 899        pbssid = get_hdr_bssid(ptr);
 900
 901        if (!pbssid) {
 902                ret = _FAIL;
 903                goto exit;
 904        }
 905
 906        memcpy(pattrib->dst, pda, ETH_ALEN);
 907        memcpy(pattrib->src, psa, ETH_ALEN);
 908
 909        memcpy(pattrib->bssid, pbssid, ETH_ALEN);
 910
 911        switch (pattrib->to_fr_ds) {
 912        case 0:
 913                memcpy(pattrib->ra, pda, ETH_ALEN);
 914                memcpy(pattrib->ta, psa, ETH_ALEN);
 915                ret = sta2sta_data_frame(adapter, precv_frame, &psta);
 916                break;
 917        case 1:
 918                memcpy(pattrib->ra, pda, ETH_ALEN);
 919                memcpy(pattrib->ta, pbssid, ETH_ALEN);
 920                ret = ap2sta_data_frame(adapter, precv_frame, &psta);
 921                break;
 922        case 2:
 923                memcpy(pattrib->ra, pbssid, ETH_ALEN);
 924                memcpy(pattrib->ta, psa, ETH_ALEN);
 925                ret = sta2ap_data_frame(adapter, precv_frame, &psta);
 926                break;
 927        case 3:
 928                memcpy(pattrib->ra, GetAddr1Ptr(ptr), ETH_ALEN);
 929                memcpy(pattrib->ta, GetAddr2Ptr(ptr), ETH_ALEN);
 930                ret = _FAIL;
 931                break;
 932        default:
 933                ret = _FAIL;
 934                break;
 935        }
 936
 937        if (ret == _FAIL)
 938                goto exit;
 939        else if (ret == RTW_RX_HANDLED)
 940                goto exit;
 941
 942        if (!psta) {
 943                ret = _FAIL;
 944                goto exit;
 945        }
 946
 947        /* psta->rssi = prxcmd->rssi; */
 948        /* psta->signal_quality = prxcmd->sq; */
 949        precv_frame->psta = psta;
 950
 951        pattrib->amsdu = 0;
 952        pattrib->ack_policy = 0;
 953        /* parsing QC field */
 954        if (pattrib->qos == 1) {
 955                pattrib->priority = GetPriority((ptr + 24));
 956                pattrib->ack_policy = GetAckpolicy((ptr + 24));
 957                pattrib->amsdu = GetAMsdu((ptr + 24));
 958                pattrib->hdrlen = pattrib->to_fr_ds == 3 ? 32 : 26;
 959
 960                if (pattrib->priority != 0 && pattrib->priority != 3)
 961                        adapter->recvpriv.bIsAnyNonBEPkts = true;
 962        } else {
 963                pattrib->priority = 0;
 964                pattrib->hdrlen = pattrib->to_fr_ds == 3 ? 30 : 24;
 965        }
 966
 967        if (pattrib->order)/* HT-CTRL 11n */
 968                pattrib->hdrlen += 4;
 969
 970        precv_frame->preorder_ctrl = &psta->recvreorder_ctrl[pattrib->priority];
 971
 972        /*  decache, drop duplicate recv packets */
 973        if (recv_decache(precv_frame, bretry, &psta->sta_recvpriv.rxcache) == _FAIL) {
 974                ret = _FAIL;
 975                goto exit;
 976        }
 977
 978        if (pattrib->privacy) {
 979                GET_ENCRY_ALGO(psecuritypriv, psta, pattrib->encrypt, is_multicast_ether_addr(pattrib->ra));
 980                SET_ICE_IV_LEN(pattrib->iv_len, pattrib->icv_len, pattrib->encrypt);
 981        } else {
 982                pattrib->encrypt = 0;
 983                pattrib->iv_len = 0;
 984                pattrib->icv_len = 0;
 985        }
 986
 987exit:
 988
 989        return ret;
 990}
 991
 992static int validate_recv_frame(struct adapter *adapter,
 993                               struct recv_frame *precv_frame)
 994{
 995        /* shall check frame subtype, to / from ds, da, bssid */
 996
 997        /* then call check if rx seq/frag. duplicated. */
 998
 999        u8 type;
1000        u8 subtype;

1001        int retval = _SUCCESS;
1002        u8 bDumpRxPkt;
1003        struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
1004        u8 *ptr = precv_frame->pkt->data;
1005        u8  ver = (unsigned char)(*ptr) & 0x3;
1006        struct mlme_ext_priv *pmlmeext = &adapter->mlmeextpriv;
1007
1008        if (pmlmeext->sitesurvey_res.state == SCAN_PROCESS) {
1009                int ch_set_idx = rtw_ch_set_search_ch(pmlmeext->channel_set, rtw_get_oper_ch(adapter));
1010
1011                if (ch_set_idx >= 0)
1012                        pmlmeext->channel_set[ch_set_idx].rx_count++;
1013        }
1014
1015        /* add version chk */
1016        if (ver != 0) {
1017                retval = _FAIL;
1018                goto exit;
1019        }
1020
1021        type =  GetFrameType(ptr);
1022        subtype = GetFrameSubType(ptr); /* bit(7)~bit(2) */
1023
1024        pattrib->to_fr_ds = get_tofr_ds(ptr);
1025
1026        pattrib->frag_num = GetFragNum(ptr);
1027        pattrib->seq_num = GetSequence(ptr);
1028
1029        pattrib->pw_save = GetPwrMgt(ptr);
1030        pattrib->mfrag = GetMFrag(ptr);
1031        pattrib->mdata = GetMData(ptr);
1032        pattrib->privacy = GetPrivacy(ptr);
1033        pattrib->order = GetOrder(ptr);
1034
1035        rtw_hal_get_def_var(adapter, HAL_DEF_DBG_DUMP_RXPKT, &(bDumpRxPkt));
1036        switch (type) {
1037        case WIFI_MGT_TYPE: /* mgnt */
1038                retval = validate_recv_mgnt_frame(adapter, precv_frame);
1039                retval = _FAIL; /*  only data frame return _SUCCESS */
1040                break;
1041        case WIFI_CTRL_TYPE: /* ctrl */
1042                retval = validate_recv_ctrl_frame(adapter, precv_frame);
1043                retval = _FAIL; /*  only data frame return _SUCCESS */
1044                break;
1045        case WIFI_DATA_TYPE: /* data */
1046                led_control_8188eu(adapter, LED_CTL_RX);
1047                pattrib->qos = (subtype & BIT(7)) ? 1 : 0;
1048                retval = validate_recv_data_frame(adapter, precv_frame);
1049                if (retval == _FAIL) {
1050                        struct recv_priv *precvpriv = &adapter->recvpriv;
1051
1052                        precvpriv->rx_drop++;
1053                }
1054                break;
1055        default:
1056                retval = _FAIL;
1057                break;
1058        }
1059
1060        /*
1061         * This is the last moment before management and control frames get
1062         * discarded. So we need to forward them to the monitor now or never.
1063         *
1064         * At the same time data frames can still be encrypted if software
1065         * decryption is in use. However, decryption can occur not until later
1066         * (see recv_func()).
1067         *
1068         * Hence forward the frame to the monitor anyway to preserve the order
1069         * in which frames were received.
1070         */
1071        rtl88eu_mon_recv_hook(adapter->pmondev, precv_frame);
1072
1073exit:
1074
1075        return retval;
1076}
1077
1078/* remove the wlanhdr and add the eth_hdr */
1079
1080static int wlanhdr_to_ethhdr(struct recv_frame *precvframe)
1081{
1082        int     rmv_len;
1083        u16     eth_type, len;
1084        __be16 be_tmp;
1085        u8      bsnaphdr;
1086        u8      *psnap_type;
1087        struct ieee80211_snap_hdr       *psnap;
1088
1089        u8 *ptr = precvframe->pkt->data;
1090        struct rx_pkt_attrib *pattrib = &precvframe->attrib;
1091
1092        if (pattrib->encrypt)
1093                skb_trim(precvframe->pkt, precvframe->pkt->len - pattrib->icv_len);
1094
1095        psnap = (struct ieee80211_snap_hdr *)(ptr + pattrib->hdrlen + pattrib->iv_len);
1096        psnap_type = ptr + pattrib->hdrlen + pattrib->iv_len + SNAP_SIZE;
1097        /* convert hdr + possible LLC headers into Ethernet header */
1098        if ((!memcmp(psnap, rfc1042_header, SNAP_SIZE) &&
1099             memcmp(psnap_type, SNAP_ETH_TYPE_IPX, 2) &&
1100             memcmp(psnap_type, SNAP_ETH_TYPE_APPLETALK_AARP, 2)) ||
1101             !memcmp(psnap, bridge_tunnel_header, SNAP_SIZE)) {
1102                /* remove RFC1042 or Bridge-Tunnel encapsulation and replace EtherType */
1103                bsnaphdr = true;
1104        } else {
1105                /* Leave Ethernet header part of hdr and full payload */
1106                bsnaphdr = false;
1107        }
1108
1109        rmv_len = pattrib->hdrlen + pattrib->iv_len + (bsnaphdr ? SNAP_SIZE : 0);
1110        len = precvframe->pkt->len - rmv_len;
1111
1112        memcpy(&be_tmp, ptr + rmv_len, 2);
1113        eth_type = ntohs(be_tmp); /* pattrib->ether_type */
1114        pattrib->eth_type = eth_type;
1115
1116        ptr = skb_pull(precvframe->pkt, rmv_len - sizeof(struct ethhdr) + (bsnaphdr ? 2 : 0));
1117        if (!ptr)
1118                return _FAIL;
1119
1120        memcpy(ptr, pattrib->dst, ETH_ALEN);
1121        memcpy(ptr + ETH_ALEN, pattrib->src, ETH_ALEN);
1122
1123        if (!bsnaphdr) {
1124                be_tmp = htons(len);
1125                memcpy(ptr + 12, &be_tmp, 2);
1126        }
1127
1128        return _SUCCESS;
1129}
1130
1131/* perform defrag */
1132static struct recv_frame *recvframe_defrag(struct adapter *adapter,
1133                                           struct __queue *defrag_q)
1134{
1135        struct list_head *plist, *phead;
1136        u8 wlanhdr_offset;
1137        u8      curfragnum;
1138        struct recv_frame *pnfhdr;
1139        struct recv_frame *prframe, *pnextrframe;
1140        struct __queue *pfree_recv_queue;
1141
1142        curfragnum = 0;
1143        pfree_recv_queue = &adapter->recvpriv.free_recv_queue;
1144
1145        phead = get_list_head(defrag_q);
1146        plist = phead->next;
1147        prframe = list_entry(plist, struct recv_frame, list);
1148        list_del_init(&prframe->list);
1149
1150        if (curfragnum != prframe->attrib.frag_num) {
1151                /* the first fragment number must be 0 */
1152                /* free the whole queue */
1153                rtw_free_recvframe(prframe, pfree_recv_queue);
1154                rtw_free_recvframe_queue(defrag_q, pfree_recv_queue);
1155
1156                return NULL;
1157        }
1158
1159        curfragnum++;
1160
1161        plist = get_list_head(defrag_q);
1162
1163        plist = plist->next;
1164
1165        while (phead != plist) {
1166                pnfhdr = list_entry(plist, struct recv_frame, list);
1167                pnextrframe = pnfhdr;
1168
1169                /* check the fragment sequence  (2nd ~n fragment frame) */
1170
1171                if (curfragnum != pnfhdr->attrib.frag_num) {
1172                        /* the fragment number must be increasing  (after decache) */
1173                        /* release the defrag_q & prframe */
1174                        rtw_free_recvframe(prframe, pfree_recv_queue);
1175                        rtw_free_recvframe_queue(defrag_q, pfree_recv_queue);
1176                        return NULL;
1177                }
1178
1179                curfragnum++;
1180
1181                /* copy the 2nd~n fragment frame's payload to the first fragment */
1182                /* get the 2nd~last fragment frame's payload */
1183
1184                wlanhdr_offset = pnfhdr->attrib.hdrlen + pnfhdr->attrib.iv_len;
1185
1186                skb_pull(pnextrframe->pkt, wlanhdr_offset);
1187
1188                /* append  to first fragment frame's tail (if privacy frame, pull the ICV) */
1189                skb_trim(prframe->pkt, prframe->pkt->len - prframe->attrib.icv_len);
1190
1191                skb_put_data(prframe->pkt, pnfhdr->pkt->data, pnfhdr->pkt->len);
1192
1193                prframe->attrib.icv_len = pnfhdr->attrib.icv_len;
1194                plist = plist->next;
1195        }
1196
1197        /* free the defrag_q queue and return the prframe */
1198        rtw_free_recvframe_queue(defrag_q, pfree_recv_queue);
1199
1200        return prframe;
1201}
1202
1203/* check if need to defrag, if needed queue the frame to defrag_q */
1204struct recv_frame *recvframe_chk_defrag(struct adapter *padapter,
1205                                        struct recv_frame *precv_frame)
1206{
1207        u8      ismfrag;
1208        u8      fragnum;
1209        u8      *psta_addr;
1210        struct recv_frame *pfhdr;
1211        struct sta_info *psta;
1212        struct sta_priv *pstapriv;
1213        struct list_head *phead;
1214        struct recv_frame *prtnframe = NULL;
1215        struct __queue *pfree_recv_queue, *pdefrag_q;
1216
1217        pstapriv = &padapter->stapriv;
1218
1219        pfhdr = precv_frame;
1220
1221        pfree_recv_queue = &padapter->recvpriv.free_recv_queue;
1222
1223        /* need to define struct of wlan header frame ctrl */
1224        ismfrag = pfhdr->attrib.mfrag;
1225        fragnum = pfhdr->attrib.frag_num;
1226
1227        psta_addr = pfhdr->attrib.ta;
1228        psta = rtw_get_stainfo(pstapriv, psta_addr);
1229        if (!psta) {
1230                u8 type = GetFrameType(pfhdr->pkt->data);
1231
1232                if (type != WIFI_DATA_TYPE) {
1233                        psta = rtw_get_bcmc_stainfo(padapter);
1234                        pdefrag_q = &psta->sta_recvpriv.defrag_q;
1235                } else {
1236                        pdefrag_q = NULL;
1237                }
1238        } else {
1239                pdefrag_q = &psta->sta_recvpriv.defrag_q;
1240        }
1241
1242        if ((ismfrag == 0) && (fragnum == 0))
1243                prtnframe = precv_frame;/* isn't a fragment frame */
1244
1245        if (ismfrag == 1) {
1246                /* 0~(n-1) fragment frame */
1247                /* enqueue to defraf_g */
1248                if (pdefrag_q) {
1249                        if (fragnum == 0) {
1250                                /* the first fragment */
1251                                if (!list_empty(&pdefrag_q->queue))
1252                                        /* free current defrag_q */
1253                                        rtw_free_recvframe_queue(pdefrag_q, pfree_recv_queue);
1254                        }
1255
1256                        /* Then enqueue the 0~(n-1) fragment into the defrag_q */
1257
1258                        phead = get_list_head(pdefrag_q);
1259                        list_add_tail(&pfhdr->list, phead);
1260
1261                        prtnframe = NULL;
1262                } else {
1263                        /* can't find this ta's defrag_queue, so free this recv_frame */
1264                        rtw_free_recvframe(precv_frame, pfree_recv_queue);
1265                        prtnframe = NULL;
1266                }
1267        }
1268
1269        if ((ismfrag == 0) && (fragnum != 0)) {
1270                /* the last fragment frame */
1271                /* enqueue the last fragment */
1272                if (pdefrag_q) {
1273                        phead = get_list_head(pdefrag_q);
1274                        list_add_tail(&pfhdr->list, phead);
1275
1276                        /* call recvframe_defrag to defrag */
1277                        precv_frame = recvframe_defrag(padapter, pdefrag_q);
1278                        prtnframe = precv_frame;
1279                } else {
1280                        /* can't find this ta's defrag_queue, so free this recv_frame */
1281                        rtw_free_recvframe(precv_frame, pfree_recv_queue);
1282                        prtnframe = NULL;
1283                }
1284        }
1285
1286        if (prtnframe && (prtnframe->attrib.privacy)) {
1287                /* after defrag we must check tkip mic code */
1288                if (recvframe_chkmic(padapter,  prtnframe) == _FAIL) {
1289                        rtw_free_recvframe(prtnframe, pfree_recv_queue);
1290                        prtnframe = NULL;
1291                }
1292        }
1293
1294        return prtnframe;
1295}
1296
1297static int amsdu_to_msdu(struct adapter *padapter, struct recv_frame *prframe)
1298{
1299        int     a_len, padding_len;
1300        u16     eth_type, nSubframe_Length;
1301        u8      nr_subframes, i;
1302        unsigned char *pdata;
1303        struct rx_pkt_attrib *pattrib;
1304        struct sk_buff *sub_skb, *subframes[MAX_SUBFRAME_COUNT];
1305        struct recv_priv *precvpriv = &padapter->recvpriv;
1306        struct __queue *pfree_recv_queue = &precvpriv->free_recv_queue;
1307
1308        nr_subframes = 0;
1309        pattrib = &prframe->attrib;
1310
1311        skb_pull(prframe->pkt, prframe->attrib.hdrlen);
1312
1313        if (prframe->attrib.iv_len > 0)
1314                skb_pull(prframe->pkt, prframe->attrib.iv_len);
1315
1316        a_len = prframe->pkt->len;
1317
1318        pdata = prframe->pkt->data;
1319
1320        while (a_len > ETH_HLEN) {
1321                /* Offset 12 denote 2 mac address */
1322                nSubframe_Length = get_unaligned_be16(pdata + 12);
1323
1324                if (a_len < (ETH_HLEN + nSubframe_Length))
1325                        goto exit;
1326
1327                /* move the data point to data content */
1328                pdata += ETH_HLEN;
1329                a_len -= ETH_HLEN;
1330
1331                /* Allocate new skb for releasing to upper layer */
1332                sub_skb = dev_alloc_skb(nSubframe_Length + 12);
1333                if (!sub_skb)
1334                        break;
1335
1336                skb_reserve(sub_skb, 12);
1337                skb_put_data(sub_skb, pdata, nSubframe_Length);
1338
1339                subframes[nr_subframes++] = sub_skb;
1340
1341                if (nr_subframes >= MAX_SUBFRAME_COUNT)
1342                        break;
1343
1344                pdata += nSubframe_Length;
1345                a_len -= nSubframe_Length;
1346                if (a_len != 0) {
1347                        padding_len = 4 - ((nSubframe_Length + ETH_HLEN) & (4 - 1));
1348                        if (padding_len == 4)
1349                                padding_len = 0;
1350
1351                        if (a_len < padding_len)
1352                                goto exit;
1353
1354                        pdata += padding_len;
1355                        a_len -= padding_len;
1356                }
1357        }
1358
1359        for (i = 0; i < nr_subframes; i++) {
1360                sub_skb = subframes[i];
1361                /* convert hdr + possible LLC headers into Ethernet header */
1362                eth_type = get_unaligned_be16(&sub_skb->data[6]);
1363                if (sub_skb->len >= 8 &&
1364                    ((!memcmp(sub_skb->data, rfc1042_header, SNAP_SIZE) &&
1365                          eth_type != ETH_P_AARP && eth_type != ETH_P_IPX) ||
1366                         !memcmp(sub_skb->data, bridge_tunnel_header, SNAP_SIZE))) {
1367                        /* remove RFC1042 or Bridge-Tunnel encapsulation and replace EtherType */
1368                        skb_pull(sub_skb, SNAP_SIZE);
1369                        memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->src, ETH_ALEN);
1370                        memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->dst, ETH_ALEN);
1371                } else {
1372                        __be16 len;
1373                        /* Leave Ethernet header part of hdr and full payload */
1374                        len = htons(sub_skb->len);
1375                        memcpy(skb_push(sub_skb, 2), &len, 2);
1376                        memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->src, ETH_ALEN);
1377                        memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->dst, ETH_ALEN);
1378                }
1379
1380                /* Indicate the packets to upper layer */
1381                /*  Insert NAT2.5 RX here! */
1382                sub_skb->protocol = eth_type_trans(sub_skb, padapter->pnetdev);
1383                sub_skb->dev = padapter->pnetdev;
1384
1385                sub_skb->ip_summed = CHECKSUM_NONE;
1386
1387                netif_rx(sub_skb);
1388        }
1389
1390exit:
1391        rtw_free_recvframe(prframe, pfree_recv_queue);/* free this recv_frame */
1392
1393        return _SUCCESS;
1394}
1395
1396static int check_indicate_seq(struct recv_reorder_ctrl *preorder_ctrl, u16 seq_num)
1397{
1398        u8      wsize = preorder_ctrl->wsize_b;
1399        u16     wend = (preorder_ctrl->indicate_seq + wsize - 1) & 0xFFF;/*  4096; */
1400
1401        /*  Rx Reorder initialize condition. */
1402        if (preorder_ctrl->indicate_seq == 0xFFFF)
1403                preorder_ctrl->indicate_seq = seq_num;
1404
1405        /*  Drop out the packet which SeqNum is smaller than WinStart */
1406        if (SN_LESS(seq_num, preorder_ctrl->indicate_seq))
1407                return false;
1408
1409        /*  */
1410        /*  Sliding window manipulation. Conditions includes: */
1411        /*  1. Incoming SeqNum is equal to WinStart =>Window shift 1 */
1412        /*  2. Incoming SeqNum is larger than the WinEnd => Window shift N */
1413        /*  */
1414        if (SN_EQUAL(seq_num, preorder_ctrl->indicate_seq)) {
1415                preorder_ctrl->indicate_seq = (preorder_ctrl->indicate_seq + 1) & 0xFFF;
1416        } else if (SN_LESS(wend, seq_num)) {
1417                if (seq_num >= (wsize - 1))
1418                        preorder_ctrl->indicate_seq = seq_num + 1 - wsize;
1419                else
1420                        preorder_ctrl->indicate_seq = 0xFFF - (wsize - (seq_num + 1)) + 1;
1421        }
1422
1423        return true;
1424}
1425
1426static int enqueue_reorder_recvframe(struct recv_reorder_ctrl *preorder_ctrl,
1427                                     struct recv_frame *prframe)
1428{
1429        struct rx_pkt_attrib *pattrib = &prframe->attrib;
1430        struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1431        struct list_head *phead, *plist;
1432        struct recv_frame *hdr;
1433        struct rx_pkt_attrib *pnextattrib;
1434
1435        phead = get_list_head(ppending_recvframe_queue);
1436        plist = phead->next;
1437
1438        while (phead != plist) {
1439                hdr = list_entry(plist, struct recv_frame, list);
1440                pnextattrib = &hdr->attrib;
1441
1442                if (SN_LESS(pnextattrib->seq_num, pattrib->seq_num))
1443                        plist = plist->next;
1444                else if (SN_EQUAL(pnextattrib->seq_num, pattrib->seq_num))
1445                        return false;
1446                else
1447                        break;
1448        }
1449
1450        list_del_init(&prframe->list);
1451
1452        list_add_tail(&prframe->list, plist);
1453        return true;
1454}
1455
1456static int recv_indicatepkts_in_order(struct adapter *padapter, struct recv_reorder_ctrl *preorder_ctrl, int bforced)
1457{
1458        struct list_head *phead, *plist;
1459        struct recv_frame *prframe;
1460        struct recv_frame *prhdr;
1461        struct rx_pkt_attrib *pattrib;
1462        int bPktInBuf = false;
1463        struct recv_priv *precvpriv = &padapter->recvpriv;
1464        struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1465
1466        phead =         get_list_head(ppending_recvframe_queue);
1467        plist = phead->next;
1468
1469        /*  Handling some condition for forced indicate case. */
1470        if (bforced) {
1471                if (list_empty(phead))
1472                        return true;
1473
1474                prhdr = list_entry(plist, struct recv_frame, list);
1475                pattrib = &prhdr->attrib;
1476                preorder_ctrl->indicate_seq = pattrib->seq_num;
1477        }
1478
1479        /*  Prepare indication list and indication. */
1480        /*  Check if there is any packet need indicate. */
1481        while (!list_empty(phead)) {
1482                prhdr = list_entry(plist, struct recv_frame, list);
1483                prframe = prhdr;
1484                pattrib = &prframe->attrib;
1485
1486                if (!SN_LESS(preorder_ctrl->indicate_seq, pattrib->seq_num)) {
1487                        plist = plist->next;
1488                        list_del_init(&prframe->list);
1489
1490                        if (SN_EQUAL(preorder_ctrl->indicate_seq, pattrib->seq_num))
1491                                preorder_ctrl->indicate_seq = (preorder_ctrl->indicate_seq + 1) & 0xFFF;
1492
1493                        /* Set this as a lock to make sure that only one thread is indicating packet. */
1494
1495                        /* indicate this recv_frame */
1496                        if (!pattrib->amsdu) {
1497                                if ((!padapter->bDriverStopped) &&
1498                                    (!padapter->bSurpriseRemoved))
1499                                        rtw_recv_indicatepkt(padapter, prframe);/* indicate this recv_frame */
1500                        } else if (pattrib->amsdu == 1) {
1501                                if (amsdu_to_msdu(padapter, prframe) != _SUCCESS)
1502                                        rtw_free_recvframe(prframe, &precvpriv->free_recv_queue);
1503                        } else {
1504                                /* error condition; */
1505                        }
1506
1507                        /* Update local variables. */
1508                        bPktInBuf = false;
1509                } else {
1510                        bPktInBuf = true;
1511                        break;
1512                }
1513        }
1514        return bPktInBuf;
1515}
1516
1517static int recv_indicatepkt_reorder(struct adapter *padapter,
1518                                    struct recv_frame *prframe)
1519{
1520        int retval = _SUCCESS;
1521        struct rx_pkt_attrib *pattrib = &prframe->attrib;
1522        struct recv_reorder_ctrl *preorder_ctrl = prframe->preorder_ctrl;
1523        struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1524
1525        if (!pattrib->amsdu) {
1526                /* s1. */
1527                wlanhdr_to_ethhdr(prframe);
1528
1529                if ((pattrib->qos != 1) || (pattrib->eth_type == 0x0806) ||
1530                    (pattrib->ack_policy != 0)) {
1531                        if ((!padapter->bDriverStopped) &&
1532                            (!padapter->bSurpriseRemoved)) {
1533                                rtw_recv_indicatepkt(padapter, prframe);
1534                                return _SUCCESS;
1535                        }
1536
1537                        return _FAIL;
1538                }
1539
1540                if (!preorder_ctrl->enable) {
1541                        /* indicate this recv_frame */
1542                        preorder_ctrl->indicate_seq = pattrib->seq_num;
1543                        rtw_recv_indicatepkt(padapter, prframe);
1544
1545                        preorder_ctrl->indicate_seq =
1546                                (preorder_ctrl->indicate_seq + 1) % 4096;
1547                        return _SUCCESS;
1548                }
1549        } else if (pattrib->amsdu == 1) { /* temp filter -> means didn't support A-MSDUs in a A-MPDU */
1550                if (!preorder_ctrl->enable) {
1551                        preorder_ctrl->indicate_seq = pattrib->seq_num;
1552                        retval = amsdu_to_msdu(padapter, prframe);
1553
1554                        preorder_ctrl->indicate_seq =
1555                                (preorder_ctrl->indicate_seq + 1) % 4096;
1556                        return retval;
1557                }
1558        }
1559
1560        spin_lock_bh(&ppending_recvframe_queue->lock);
1561
1562        /* s2. check if winstart_b(indicate_seq) needs to been updated */
1563        if (!check_indicate_seq(preorder_ctrl, pattrib->seq_num)) {
1564                rtw_recv_indicatepkt(padapter, prframe);
1565
1566                spin_unlock_bh(&ppending_recvframe_queue->lock);
1567
1568                goto _success_exit;
1569        }
1570
1571        /* s3. Insert all packet into Reorder Queue to maintain its ordering. */
1572        if (!enqueue_reorder_recvframe(preorder_ctrl, prframe))
1573                goto _err_exit;
1574
1575        /* s4. */
1576        /*  Indication process. */
1577        /*  After Packet dropping and Sliding Window shifting as above, we can now just indicate the packets */
1578        /*  with the SeqNum smaller than latest WinStart and buffer other packets. */
1579        /*  */
1580        /*  For Rx Reorder condition: */
1581        /*  1. All packets with SeqNum smaller than WinStart => Indicate */
1582        /*  2. All packets with SeqNum larger than or equal to WinStart => Buffer it. */
1583        /*  */
1584
1585        /* recv_indicatepkts_in_order(padapter, preorder_ctrl, true); */
1586        if (recv_indicatepkts_in_order(padapter, preorder_ctrl, false)) {
1587                mod_timer(&preorder_ctrl->reordering_ctrl_timer,
1588                          jiffies + msecs_to_jiffies(REORDER_WAIT_TIME));
1589                spin_unlock_bh(&ppending_recvframe_queue->lock);
1590        } else {
1591                spin_unlock_bh(&ppending_recvframe_queue->lock);
1592                del_timer_sync(&preorder_ctrl->reordering_ctrl_timer);
1593        }
1594
1595_success_exit:
1596
1597        return _SUCCESS;
1598
1599_err_exit:
1600
1601        spin_unlock_bh(&ppending_recvframe_queue->lock);
1602
1603        return _FAIL;
1604}
1605
1606void rtw_reordering_ctrl_timeout_handler(struct timer_list *t)
1607{
1608        struct recv_reorder_ctrl *preorder_ctrl = from_timer(preorder_ctrl, t,
1609                                                           reordering_ctrl_timer);
1610        struct adapter *padapter = preorder_ctrl->padapter;
1611        struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1612
1613        if (padapter->bDriverStopped || padapter->bSurpriseRemoved)
1614                return;
1615
1616        spin_lock_bh(&ppending_recvframe_queue->lock);
1617
1618        if (recv_indicatepkts_in_order(padapter, preorder_ctrl, true))
1619                mod_timer(&preorder_ctrl->reordering_ctrl_timer,
1620                          jiffies + msecs_to_jiffies(REORDER_WAIT_TIME));
1621
1622        spin_unlock_bh(&ppending_recvframe_queue->lock);
1623}
1624
1625static int process_recv_indicatepkts(struct adapter *padapter,
1626                                     struct recv_frame *prframe)
1627{
1628        int retval = _SUCCESS;
1629        struct mlme_priv        *pmlmepriv = &padapter->mlmepriv;
1630        struct ht_priv  *phtpriv = &pmlmepriv->htpriv;
1631
1632        if (phtpriv->ht_option) {  /* B/G/N Mode */
1633                if (recv_indicatepkt_reorder(padapter, prframe) != _SUCCESS) {
1634                        /*  including perform A-MPDU Rx Ordering Buffer Control */
1635                        if ((!padapter->bDriverStopped) &&
1636                            (!padapter->bSurpriseRemoved)) {
1637                                return _FAIL;
1638                        }
1639                }
1640        } else { /* B/G mode */
1641                retval = wlanhdr_to_ethhdr(prframe);
1642                if (retval != _SUCCESS)
1643                        return retval;
1644
1645                if ((!padapter->bDriverStopped) &&
1646                    (!padapter->bSurpriseRemoved))
1647                        /* indicate this recv_frame */
1648                        rtw_recv_indicatepkt(padapter, prframe);
1649                else
1650                        return _FAIL;
1651        }
1652
1653        return retval;
1654}
1655
1656static int recv_func_prehandle(struct adapter *padapter,
1657                               struct recv_frame *rframe)
1658{
1659        int ret = _SUCCESS;
1660        struct __queue *pfree_recv_queue = &padapter->recvpriv.free_recv_queue;
1661
1662        /* check the frame crtl field and decache */
1663        ret = validate_recv_frame(padapter, rframe);
1664        if (ret != _SUCCESS) {
1665                rtw_free_recvframe(rframe, pfree_recv_queue);/* free this recv_frame */
1666                goto exit;
1667        }
1668
1669exit:
1670        return ret;
1671}
1672
1673static int recv_func_posthandle(struct adapter *padapter,
1674                                struct recv_frame *prframe)
1675{
1676        int ret = _SUCCESS;
1677        struct recv_frame *orig_prframe = prframe;
1678        struct recv_priv *precvpriv = &padapter->recvpriv;
1679        struct __queue *pfree_recv_queue = &padapter->recvpriv.free_recv_queue;
1680
1681        /*  DATA FRAME */
1682        led_control_8188eu(padapter, LED_CTL_RX);
1683
1684        prframe = decryptor(padapter, prframe);
1685        if (!prframe) {
1686                ret = _FAIL;
1687                goto _recv_data_drop;
1688        }
1689
1690        prframe = recvframe_chk_defrag(padapter, prframe);
1691        if (!prframe)
1692                goto _recv_data_drop;
1693
1694        prframe = portctrl(padapter, prframe);
1695        if (!prframe) {
1696                ret = _FAIL;
1697                goto _recv_data_drop;
1698        }
1699
1700        count_rx_stats(padapter, prframe, NULL);
1701
1702        ret = process_recv_indicatepkts(padapter, prframe);
1703        if (ret != _SUCCESS) {
1704                rtw_free_recvframe(orig_prframe, pfree_recv_queue);/* free this recv_frame */
1705                goto _recv_data_drop;
1706        }
1707        return ret;
1708
1709_recv_data_drop:
1710        precvpriv->rx_drop++;
1711        return ret;
1712}
1713
1714static int recv_func(struct adapter *padapter, struct recv_frame *rframe)
1715{
1716        int ret;
1717        struct rx_pkt_attrib *prxattrib = &rframe->attrib;
1718        struct security_priv *psecuritypriv = &padapter->securitypriv;
1719        struct mlme_priv *mlmepriv = &padapter->mlmepriv;
1720
1721        /* check if need to handle uc_swdec_pending_queue*/
1722        if (check_fwstate(mlmepriv, WIFI_STATION_STATE) && psecuritypriv->busetkipkey) {
1723                struct recv_frame *pending_frame;
1724
1725                while ((pending_frame = rtw_alloc_recvframe(&padapter->recvpriv.uc_swdec_pending_queue)))
1726                        recv_func_posthandle(padapter, pending_frame);
1727        }
1728
1729        ret = recv_func_prehandle(padapter, rframe);
1730
1731        if (ret == _SUCCESS) {
1732                /* check if need to enqueue into uc_swdec_pending_queue*/
1733                if (check_fwstate(mlmepriv, WIFI_STATION_STATE) &&
1734                    !is_multicast_ether_addr(prxattrib->ra) &&
1735                    prxattrib->encrypt > 0 &&
1736                    prxattrib->bdecrypted == 0 &&
1737                    !is_wep_enc(psecuritypriv->dot11PrivacyAlgrthm) &&
1738                    !psecuritypriv->busetkipkey) {
1739                        rtw_enqueue_recvframe(rframe, &padapter->recvpriv.uc_swdec_pending_queue);
1740                        goto exit;
1741                }
1742
1743                ret = recv_func_posthandle(padapter, rframe);
1744        }
1745
1746exit:
1747        return ret;
1748}
1749
1750int rtw_recv_entry(struct recv_frame *precvframe)
1751{
1752        struct adapter *padapter = precvframe->adapter;
1753        struct recv_priv *precvpriv = &padapter->recvpriv;
1754        int ret;
1755
1756        ret = recv_func(padapter, precvframe);
1757        if (ret == _SUCCESS)
1758                precvpriv->rx_pkts++;
1759
1760        return ret;
1761}
1762
1763static void rtw_signal_stat_timer_hdl(struct timer_list *t)
1764{
1765        struct adapter *adapter =
1766                from_timer(adapter, t, recvpriv.signal_stat_timer);
1767        struct recv_priv *recvpriv = &adapter->recvpriv;
1768
1769        u32 tmp_s, tmp_q;
1770        u8 avg_signal_strength = 0;
1771        u8 avg_signal_qual = 0;
1772        u8 _alpha = 3; /*  this value is based on converging_constant = 5000 and sampling_interval = 1000 */
1773
1774        if (recvpriv->signal_strength_data.update_req == 0) {
1775                /* update_req is clear, means we got rx */
1776                avg_signal_strength = recvpriv->signal_strength_data.avg_val;
1777                /* after avg_vals are acquired, we can re-stat the signal
1778                 * values
1779                 */
1780                recvpriv->signal_strength_data.update_req = 1;
1781        }
1782
1783        if (recvpriv->signal_qual_data.update_req == 0) {
1784                /* update_req is clear, means we got rx */
1785                avg_signal_qual = recvpriv->signal_qual_data.avg_val;
1786                /* after avg_vals are acquired, we can re-stat the signal
1787                 * values
1788                 */
1789                recvpriv->signal_qual_data.update_req = 1;
1790        }
1791
1792        /* update value of signal_strength, rssi, signal_qual */
1793        if (!check_fwstate(&adapter->mlmepriv, _FW_UNDER_SURVEY)) {
1794                tmp_s = avg_signal_strength +
1795                        (_alpha - 1) * recvpriv->signal_strength;
1796                tmp_s = DIV_ROUND_UP(tmp_s, _alpha);
1797                if (tmp_s > 100)
1798                        tmp_s = 100;
1799
1800                tmp_q = avg_signal_qual +
1801                        (_alpha - 1) * recvpriv->signal_qual;
1802                tmp_q = DIV_ROUND_UP(tmp_q, _alpha);
1803                if (tmp_q > 100)
1804                        tmp_q = 100;
1805
1806                recvpriv->signal_strength = tmp_s;
1807                recvpriv->rssi = (s8)translate_percentage_to_dbm(tmp_s);
1808                recvpriv->signal_qual = tmp_q;
1809        }
1810
1811        rtw_set_signal_stat_timer(recvpriv);
1812}
1813