1 // SPDX-License-Identifier: GPL-2.0
2 /******************************************************************************
3 *
4 * Copyright(c) 2007 - 2012 Realtek Corporation. All rights reserved.
5 *
6 ******************************************************************************/
7 #include <drv_types.h>
8 #include <linux/jiffies.h>
9 #include <rtw_recv.h>
10 #include <net/cfg80211.h>
11 #include <linux/unaligned.h>
12
13 static u8 SNAP_ETH_TYPE_IPX[2] = {0x81, 0x37};
14 static u8 SNAP_ETH_TYPE_APPLETALK_AARP[2] = {0x80, 0xf3};
15
16 static void rtw_signal_stat_timer_hdl(struct timer_list *t);
17
_rtw_init_sta_recv_priv(struct sta_recv_priv * psta_recvpriv)18 void _rtw_init_sta_recv_priv(struct sta_recv_priv *psta_recvpriv)
19 {
20 memset((u8 *)psta_recvpriv, 0, sizeof(struct sta_recv_priv));
21
22 spin_lock_init(&psta_recvpriv->lock);
23
24 /* for (i = 0; i<MAX_RX_NUMBLKS; i++) */
25 /* _rtw_init_queue(&psta_recvpriv->blk_strms[i]); */
26
27 INIT_LIST_HEAD(&psta_recvpriv->defrag_q.queue);
28 spin_lock_init(&psta_recvpriv->defrag_q.lock);
29 }
30
_rtw_init_recv_priv(struct recv_priv * precvpriv,struct adapter * padapter)31 signed int _rtw_init_recv_priv(struct recv_priv *precvpriv, struct adapter *padapter)
32 {
33 signed int i;
34 union recv_frame *precvframe;
35 signed int res = _SUCCESS;
36
37 spin_lock_init(&precvpriv->lock);
38
39 INIT_LIST_HEAD(&precvpriv->free_recv_queue.queue);
40 spin_lock_init(&precvpriv->free_recv_queue.lock);
41 INIT_LIST_HEAD(&precvpriv->recv_pending_queue.queue);
42 spin_lock_init(&precvpriv->recv_pending_queue.lock);
43 INIT_LIST_HEAD(&precvpriv->uc_swdec_pending_queue.queue);
44 spin_lock_init(&precvpriv->uc_swdec_pending_queue.lock);
45
46 precvpriv->adapter = padapter;
47
48 precvpriv->free_recvframe_cnt = NR_RECVFRAME;
49
50 precvpriv->pallocated_frame_buf = vzalloc(NR_RECVFRAME * sizeof(union recv_frame) + RXFRAME_ALIGN_SZ);
51
52 if (!precvpriv->pallocated_frame_buf) {
53 res = _FAIL;
54 goto exit;
55 }
56
57 precvpriv->precv_frame_buf = (u8 *)N_BYTE_ALIGMENT((SIZE_PTR)(precvpriv->pallocated_frame_buf), RXFRAME_ALIGN_SZ);
58 /* precvpriv->precv_frame_buf = precvpriv->pallocated_frame_buf + RXFRAME_ALIGN_SZ - */
59 /* ((SIZE_PTR) (precvpriv->pallocated_frame_buf) &(RXFRAME_ALIGN_SZ-1)); */
60
61 precvframe = (union recv_frame *) precvpriv->precv_frame_buf;
62
63
64 for (i = 0; i < NR_RECVFRAME; i++) {
65 INIT_LIST_HEAD(&(precvframe->u.list));
66
67 list_add_tail(&(precvframe->u.list), &(precvpriv->free_recv_queue.queue));
68
69 precvframe->u.hdr.pkt_newalloc = NULL;
70 precvframe->u.hdr.pkt = NULL;
71
72 precvframe->u.hdr.len = 0;
73
74 precvframe->u.hdr.adapter = padapter;
75 precvframe++;
76
77 }
78
79 res = rtw_hal_init_recv_priv(padapter);
80
81 timer_setup(&precvpriv->signal_stat_timer, rtw_signal_stat_timer_hdl,
82 0);
83
84 precvpriv->signal_stat_sampling_interval = 2000; /* ms */
85
86 rtw_set_signal_stat_timer(precvpriv);
87
88 exit:
89 return res;
90 }
91
_rtw_free_recv_priv(struct recv_priv * precvpriv)92 void _rtw_free_recv_priv(struct recv_priv *precvpriv)
93 {
94 signed int i;
95 union recv_frame *precvframe;
96 struct adapter *padapter = precvpriv->adapter;
97
98 rtw_free_uc_swdec_pending_queue(padapter);
99
100 precvframe = (union recv_frame *)precvpriv->precv_frame_buf;
101
102 for (i = 0; i < NR_RECVFRAME; i++) {
103 if (precvframe->u.hdr.pkt) {
104 /* free skb by driver */
105 dev_kfree_skb_any(precvframe->u.hdr.pkt);
106 precvframe->u.hdr.pkt = NULL;
107 }
108 precvframe++;
109 }
110
111 vfree(precvpriv->pallocated_frame_buf);
112
113 rtw_hal_free_recv_priv(padapter);
114 }
115
_rtw_alloc_recvframe(struct __queue * pfree_recv_queue)116 union recv_frame *_rtw_alloc_recvframe(struct __queue *pfree_recv_queue)
117 {
118
119 union recv_frame *precvframe;
120 struct list_head *plist, *phead;
121 struct adapter *padapter;
122 struct recv_priv *precvpriv;
123
124 if (list_empty(&pfree_recv_queue->queue))
125 precvframe = NULL;
126 else {
127 phead = get_list_head(pfree_recv_queue);
128
129 plist = get_next(phead);
130
131 precvframe = (union recv_frame *)plist;
132
133 list_del_init(&precvframe->u.hdr.list);
134 padapter = precvframe->u.hdr.adapter;
135 if (padapter) {
136 precvpriv = &padapter->recvpriv;
137 if (pfree_recv_queue == &precvpriv->free_recv_queue)
138 precvpriv->free_recvframe_cnt--;
139 }
140 }
141 return precvframe;
142 }
143
rtw_alloc_recvframe(struct __queue * pfree_recv_queue)144 union recv_frame *rtw_alloc_recvframe(struct __queue *pfree_recv_queue)
145 {
146 union recv_frame *precvframe;
147
148 spin_lock_bh(&pfree_recv_queue->lock);
149
150 precvframe = _rtw_alloc_recvframe(pfree_recv_queue);
151
152 spin_unlock_bh(&pfree_recv_queue->lock);
153
154 return precvframe;
155 }
156
rtw_free_recvframe(union recv_frame * precvframe,struct __queue * pfree_recv_queue)157 int rtw_free_recvframe(union recv_frame *precvframe, struct __queue *pfree_recv_queue)
158 {
159 struct adapter *padapter = precvframe->u.hdr.adapter;
160 struct recv_priv *precvpriv = &padapter->recvpriv;
161
162 if (precvframe->u.hdr.pkt) {
163 dev_kfree_skb_any(precvframe->u.hdr.pkt);/* free skb by driver */
164 precvframe->u.hdr.pkt = NULL;
165 }
166
167 spin_lock_bh(&pfree_recv_queue->lock);
168
169 list_del_init(&(precvframe->u.hdr.list));
170
171 precvframe->u.hdr.len = 0;
172
173 list_add_tail(&(precvframe->u.hdr.list), get_list_head(pfree_recv_queue));
174
175 if (padapter) {
176 if (pfree_recv_queue == &precvpriv->free_recv_queue)
177 precvpriv->free_recvframe_cnt++;
178 }
179 spin_unlock_bh(&pfree_recv_queue->lock);
180 return _SUCCESS;
181 }
182
183
184
185
_rtw_enqueue_recvframe(union recv_frame * precvframe,struct __queue * queue)186 signed int _rtw_enqueue_recvframe(union recv_frame *precvframe, struct __queue *queue)
187 {
188
189 struct adapter *padapter = precvframe->u.hdr.adapter;
190 struct recv_priv *precvpriv = &padapter->recvpriv;
191
192 /* INIT_LIST_HEAD(&(precvframe->u.hdr.list)); */
193 list_del_init(&(precvframe->u.hdr.list));
194
195
196 list_add_tail(&(precvframe->u.hdr.list), get_list_head(queue));
197
198 if (padapter)
199 if (queue == &precvpriv->free_recv_queue)
200 precvpriv->free_recvframe_cnt++;
201
202 return _SUCCESS;
203 }
204
rtw_enqueue_recvframe(union recv_frame * precvframe,struct __queue * queue)205 signed int rtw_enqueue_recvframe(union recv_frame *precvframe, struct __queue *queue)
206 {
207 signed int ret;
208
209 /* _spinlock(&pfree_recv_queue->lock); */
210 spin_lock_bh(&queue->lock);
211 ret = _rtw_enqueue_recvframe(precvframe, queue);
212 /* spin_unlock(&pfree_recv_queue->lock); */
213 spin_unlock_bh(&queue->lock);
214
215 return ret;
216 }
217
218 /*
219 * caller : defrag ; recvframe_chk_defrag in recv_thread (passive)
220 * pframequeue: defrag_queue : will be accessed in recv_thread (passive)
221 *
222 * using spinlock to protect
223 *
224 */
225
rtw_free_recvframe_queue(struct __queue * pframequeue,struct __queue * pfree_recv_queue)226 void rtw_free_recvframe_queue(struct __queue *pframequeue, struct __queue *pfree_recv_queue)
227 {
228 union recv_frame *precvframe;
229 struct list_head *plist, *phead;
230
231 spin_lock(&pframequeue->lock);
232
233 phead = get_list_head(pframequeue);
234 plist = get_next(phead);
235
236 while (phead != plist) {
237 precvframe = (union recv_frame *)plist;
238
239 plist = get_next(plist);
240
241 rtw_free_recvframe(precvframe, pfree_recv_queue);
242 }
243
244 spin_unlock(&pframequeue->lock);
245 }
246
rtw_free_uc_swdec_pending_queue(struct adapter * adapter)247 u32 rtw_free_uc_swdec_pending_queue(struct adapter *adapter)
248 {
249 u32 cnt = 0;
250 union recv_frame *pending_frame;
251
252 while ((pending_frame = rtw_alloc_recvframe(&adapter->recvpriv.uc_swdec_pending_queue))) {
253 rtw_free_recvframe(pending_frame, &adapter->recvpriv.free_recv_queue);
254 cnt++;
255 }
256
257 return cnt;
258 }
259
260
rtw_enqueue_recvbuf_to_head(struct recv_buf * precvbuf,struct __queue * queue)261 signed int rtw_enqueue_recvbuf_to_head(struct recv_buf *precvbuf, struct __queue *queue)
262 {
263 spin_lock_bh(&queue->lock);
264
265 list_del_init(&precvbuf->list);
266 list_add(&precvbuf->list, get_list_head(queue));
267
268 spin_unlock_bh(&queue->lock);
269
270 return _SUCCESS;
271 }
272
rtw_enqueue_recvbuf(struct recv_buf * precvbuf,struct __queue * queue)273 signed int rtw_enqueue_recvbuf(struct recv_buf *precvbuf, struct __queue *queue)
274 {
275 spin_lock_bh(&queue->lock);
276
277 list_del_init(&precvbuf->list);
278
279 list_add_tail(&precvbuf->list, get_list_head(queue));
280 spin_unlock_bh(&queue->lock);
281 return _SUCCESS;
282
283 }
284
rtw_dequeue_recvbuf(struct __queue * queue)285 struct recv_buf *rtw_dequeue_recvbuf(struct __queue *queue)
286 {
287 struct recv_buf *precvbuf;
288 struct list_head *plist, *phead;
289
290 spin_lock_bh(&queue->lock);
291
292 if (list_empty(&queue->queue))
293 precvbuf = NULL;
294 else {
295 phead = get_list_head(queue);
296
297 plist = get_next(phead);
298
299 precvbuf = container_of(plist, struct recv_buf, list);
300
301 list_del_init(&precvbuf->list);
302
303 }
304
305 spin_unlock_bh(&queue->lock);
306
307 return precvbuf;
308
309 }
310
rtw_handle_tkip_mic_err(struct adapter * padapter,u8 bgroup)311 static void rtw_handle_tkip_mic_err(struct adapter *padapter, u8 bgroup)
312 {
313 enum nl80211_key_type key_type = 0;
314 union iwreq_data wrqu;
315 struct iw_michaelmicfailure ev;
316 struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
317 struct security_priv *psecuritypriv = &padapter->securitypriv;
318 unsigned long cur_time = 0;
319
320 if (psecuritypriv->last_mic_err_time == 0) {
321 psecuritypriv->last_mic_err_time = jiffies;
322 } else {
323 cur_time = jiffies;
324
325 if (cur_time - psecuritypriv->last_mic_err_time < 60*HZ) {
326 psecuritypriv->btkip_countermeasure = true;
327 psecuritypriv->last_mic_err_time = 0;
328 psecuritypriv->btkip_countermeasure_time = cur_time;
329 } else {
330 psecuritypriv->last_mic_err_time = jiffies;
331 }
332 }
333
334 if (bgroup)
335 key_type |= NL80211_KEYTYPE_GROUP;
336 else
337 key_type |= NL80211_KEYTYPE_PAIRWISE;
338
339 cfg80211_michael_mic_failure(padapter->pnetdev, (u8 *)&pmlmepriv->assoc_bssid[0], key_type, -1,
340 NULL, GFP_ATOMIC);
341
342 memset(&ev, 0x00, sizeof(ev));
343 if (bgroup)
344 ev.flags |= IW_MICFAILURE_GROUP;
345 else
346 ev.flags |= IW_MICFAILURE_PAIRWISE;
347
348 ev.src_addr.sa_family = ARPHRD_ETHER;
349 memcpy(ev.src_addr.sa_data, &pmlmepriv->assoc_bssid[0], ETH_ALEN);
350
351 memset(&wrqu, 0x00, sizeof(wrqu));
352 wrqu.data.length = sizeof(ev);
353 }
354
recvframe_chkmic(struct adapter * adapter,union recv_frame * precvframe)355 static signed int recvframe_chkmic(struct adapter *adapter, union recv_frame *precvframe)
356 {
357
358 signed int i, res = _SUCCESS;
359 u32 datalen;
360 u8 miccode[8];
361 u8 bmic_err = false, brpt_micerror = true;
362 u8 *pframe, *payload, *pframemic;
363 u8 *mickey;
364 /* u8 *iv, rxdata_key_idx = 0; */
365 struct sta_info *stainfo;
366 struct rx_pkt_attrib *prxattrib = &precvframe->u.hdr.attrib;
367 struct security_priv *psecuritypriv = &adapter->securitypriv;
368
369 struct mlme_ext_priv *pmlmeext = &adapter->mlmeextpriv;
370 struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
371
372 stainfo = rtw_get_stainfo(&adapter->stapriv, &prxattrib->ta[0]);
373
374 if (prxattrib->encrypt == _TKIP_) {
375 /* calculate mic code */
376 if (stainfo) {
377 if (is_multicast_ether_addr(prxattrib->ra)) {
378 /* mickey =&psecuritypriv->dot118021XGrprxmickey.skey[0]; */
379 /* iv = precvframe->u.hdr.rx_data+prxattrib->hdrlen; */
380 /* rxdata_key_idx =(((iv[3])>>6)&0x3) ; */
381 mickey = &psecuritypriv->dot118021XGrprxmickey[prxattrib->key_index].skey[0];
382
383 /* psecuritypriv->dot118021XGrpKeyid, pmlmeinfo->key_index, rxdata_key_idx); */
384
385 if (psecuritypriv->binstallGrpkey == false) {
386 res = _FAIL;
387 goto exit;
388 }
389 } else {
390 mickey = &stainfo->dot11tkiprxmickey.skey[0];
391 }
392
393 datalen = precvframe->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len-prxattrib->icv_len-8;/* icv_len included the mic code */
394 pframe = precvframe->u.hdr.rx_data;
395 payload = pframe+prxattrib->hdrlen+prxattrib->iv_len;
396
397 rtw_seccalctkipmic(mickey, pframe, payload, datalen, &miccode[0], (unsigned char)prxattrib->priority); /* care the length of the data */
398
399 pframemic = payload+datalen;
400
401 bmic_err = false;
402
403 for (i = 0; i < 8; i++) {
404 if (miccode[i] != *(pframemic + i))
405 bmic_err = true;
406 }
407
408
409 if (bmic_err == true) {
410 /* double check key_index for some timing issue , */
411 /* cannot compare with psecuritypriv->dot118021XGrpKeyid also cause timing issue */
412 if ((is_multicast_ether_addr(prxattrib->ra) == true) && (prxattrib->key_index != pmlmeinfo->key_index))
413 brpt_micerror = false;
414
415 if (prxattrib->bdecrypted && brpt_micerror)
416 rtw_handle_tkip_mic_err(adapter, (u8)is_multicast_ether_addr(prxattrib->ra));
417
418 res = _FAIL;
419
420 } else {
421 /* mic checked ok */
422 if (!psecuritypriv->bcheck_grpkey &&
423 is_multicast_ether_addr(prxattrib->ra))
424 psecuritypriv->bcheck_grpkey = true;
425 }
426 }
427
428 recvframe_pull_tail(precvframe, 8);
429
430 }
431
432 exit:
433 return res;
434
435 }
436
437 /* decrypt and set the ivlen, icvlen of the recv_frame */
decryptor(struct adapter * padapter,union recv_frame * precv_frame)438 static union recv_frame *decryptor(struct adapter *padapter, union recv_frame *precv_frame)
439 {
440
441 struct rx_pkt_attrib *prxattrib = &precv_frame->u.hdr.attrib;
442 struct security_priv *psecuritypriv = &padapter->securitypriv;
443 union recv_frame *return_packet = precv_frame;
444 u32 res = _SUCCESS;
445
446 if (prxattrib->encrypt > 0) {
447 u8 *iv = precv_frame->u.hdr.rx_data+prxattrib->hdrlen;
448
449 prxattrib->key_index = (((iv[3])>>6)&0x3);
450
451 if (prxattrib->key_index > WEP_KEYS) {
452 switch (prxattrib->encrypt) {
453 case _WEP40_:
454 case _WEP104_:
455 prxattrib->key_index = psecuritypriv->dot11PrivacyKeyIndex;
456 break;
457 case _TKIP_:
458 case _AES_:
459 default:
460 prxattrib->key_index = psecuritypriv->dot118021XGrpKeyid;
461 break;
462 }
463 }
464 }
465
466 if ((prxattrib->encrypt > 0) && ((prxattrib->bdecrypted == 0) || (psecuritypriv->sw_decrypt == true))) {
467 psecuritypriv->hw_decrypted = false;
468
469 switch (prxattrib->encrypt) {
470 case _WEP40_:
471 case _WEP104_:
472 rtw_wep_decrypt(padapter, (u8 *)precv_frame);
473 break;
474 case _TKIP_:
475 res = rtw_tkip_decrypt(padapter, (u8 *)precv_frame);
476 break;
477 case _AES_:
478 res = rtw_aes_decrypt(padapter, (u8 *)precv_frame);
479 break;
480 default:
481 break;
482 }
483 } else if (prxattrib->bdecrypted == 1 && prxattrib->encrypt > 0 &&
484 (psecuritypriv->busetkipkey == 1 || prxattrib->encrypt != _TKIP_)
485 ) {
486 psecuritypriv->hw_decrypted = true;
487 } else {
488 }
489
490 if (res == _FAIL) {
491 rtw_free_recvframe(return_packet, &padapter->recvpriv.free_recv_queue);
492 return_packet = NULL;
493 } else
494 prxattrib->bdecrypted = true;
495
496 return return_packet;
497 }
498
499 /* set the security information in the recv_frame */
portctrl(struct adapter * adapter,union recv_frame * precv_frame)500 static union recv_frame *portctrl(struct adapter *adapter, union recv_frame *precv_frame)
501 {
502 u8 *psta_addr = NULL;
503 u8 *ptr;
504 unsigned int auth_alg;
505 struct recv_frame_hdr *pfhdr;
506 struct sta_info *psta;
507 struct sta_priv *pstapriv;
508 union recv_frame *prtnframe;
509 u16 ether_type = 0;
510 u16 eapol_type = 0x888e;/* for Funia BD's WPA issue */
511 struct rx_pkt_attrib *pattrib;
512
513 pstapriv = &adapter->stapriv;
514
515 auth_alg = adapter->securitypriv.dot11AuthAlgrthm;
516
517 ptr = precv_frame->u.hdr.rx_data;
518 pfhdr = &precv_frame->u.hdr;
519 pattrib = &pfhdr->attrib;
520 psta_addr = pattrib->ta;
521
522 prtnframe = NULL;
523
524 psta = rtw_get_stainfo(pstapriv, psta_addr);
525
526 if (auth_alg == 2) {
527 if ((psta) && (psta->ieee8021x_blocked)) {
528 __be16 be_tmp;
529
530 /* blocked */
531 /* only accept EAPOL frame */
532
533 prtnframe = precv_frame;
534
535 /* get ether_type */
536 ptr = ptr + pfhdr->attrib.hdrlen + pfhdr->attrib.iv_len + LLC_HEADER_LENGTH;
537 memcpy(&be_tmp, ptr, 2);
538 ether_type = ntohs(be_tmp);
539
540 if (ether_type == eapol_type)
541 prtnframe = precv_frame;
542 else {
543 /* free this frame */
544 rtw_free_recvframe(precv_frame, &adapter->recvpriv.free_recv_queue);
545 prtnframe = NULL;
546 }
547 } else {
548 /* allowed */
549 /* check decryption status, and decrypt the frame if needed */
550
551 prtnframe = precv_frame;
552 /* check is the EAPOL frame or not (Rekey) */
553 /* if (ether_type == eapol_type) { */
554 /* check Rekey */
555
556 /* prtnframe =precv_frame; */
557 /* */
558 /* else { */
559 /* */
560 }
561 } else
562 prtnframe = precv_frame;
563
564 return prtnframe;
565 }
566
recv_decache(union recv_frame * precv_frame,u8 bretry,struct stainfo_rxcache * prxcache)567 static signed int recv_decache(union recv_frame *precv_frame, u8 bretry, struct stainfo_rxcache *prxcache)
568 {
569 signed int tid = precv_frame->u.hdr.attrib.priority;
570
571 u16 seq_ctrl = ((precv_frame->u.hdr.attrib.seq_num&0xffff) << 4) |
572 (precv_frame->u.hdr.attrib.frag_num & 0xf);
573
574 if (tid > 15)
575 return _FAIL;
576
577 if (1) { /* if (bretry) */
578 if (seq_ctrl == prxcache->tid_rxseq[tid])
579 return _FAIL;
580 }
581
582 prxcache->tid_rxseq[tid] = seq_ctrl;
583
584 return _SUCCESS;
585
586 }
587
process_pwrbit_data(struct adapter * padapter,union recv_frame * precv_frame)588 static void process_pwrbit_data(struct adapter *padapter, union recv_frame *precv_frame)
589 {
590 unsigned char pwrbit;
591 u8 *ptr = precv_frame->u.hdr.rx_data;
592 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
593 struct sta_priv *pstapriv = &padapter->stapriv;
594 struct sta_info *psta = NULL;
595
596 psta = rtw_get_stainfo(pstapriv, pattrib->src);
597
598 pwrbit = GetPwrMgt(ptr);
599
600 if (psta) {
601 if (pwrbit) {
602 if (!(psta->state & WIFI_SLEEP_STATE)) {
603 /* psta->state |= WIFI_SLEEP_STATE; */
604 /* pstapriv->sta_dz_bitmap |= BIT(psta->aid); */
605
606 stop_sta_xmit(padapter, psta);
607
608 }
609 } else {
610 if (psta->state & WIFI_SLEEP_STATE) {
611 /* psta->state ^= WIFI_SLEEP_STATE; */
612 /* pstapriv->sta_dz_bitmap &= ~BIT(psta->aid); */
613
614 wakeup_sta_to_xmit(padapter, psta);
615 }
616 }
617
618 }
619 }
620
process_wmmps_data(struct adapter * padapter,union recv_frame * precv_frame)621 static void process_wmmps_data(struct adapter *padapter, union recv_frame *precv_frame)
622 {
623 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
624 struct sta_priv *pstapriv = &padapter->stapriv;
625 struct sta_info *psta = NULL;
626
627 psta = rtw_get_stainfo(pstapriv, pattrib->src);
628
629 if (!psta)
630 return;
631
632 if (!psta->qos_option)
633 return;
634
635 if (!(psta->qos_info&0xf))
636 return;
637
638 if (psta->state&WIFI_SLEEP_STATE) {
639 u8 wmmps_ac = 0;
640
641 switch (pattrib->priority) {
642 case 1:
643 case 2:
644 wmmps_ac = psta->uapsd_bk&BIT(1);
645 break;
646 case 4:
647 case 5:
648 wmmps_ac = psta->uapsd_vi&BIT(1);
649 break;
650 case 6:
651 case 7:
652 wmmps_ac = psta->uapsd_vo&BIT(1);
653 break;
654 case 0:
655 case 3:
656 default:
657 wmmps_ac = psta->uapsd_be&BIT(1);
658 break;
659 }
660
661 if (wmmps_ac) {
662 if (psta->sleepq_ac_len > 0)
663 /* process received triggered frame */
664 xmit_delivery_enabled_frames(padapter, psta);
665 else
666 /* issue one qos null frame with More data bit = 0 and the EOSP bit set (= 1) */
667 issue_qos_nulldata(padapter, psta->hwaddr, (u16)pattrib->priority, 0, 0);
668 }
669 }
670 }
671
count_rx_stats(struct adapter * padapter,union recv_frame * prframe,struct sta_info * sta)672 static void count_rx_stats(struct adapter *padapter, union recv_frame *prframe, struct sta_info *sta)
673 {
674 int sz;
675 struct sta_info *psta = NULL;
676 struct stainfo_stats *pstats = NULL;
677 struct rx_pkt_attrib *pattrib = &prframe->u.hdr.attrib;
678 struct recv_priv *precvpriv = &padapter->recvpriv;
679
680 sz = get_recvframe_len(prframe);
681 precvpriv->rx_bytes += sz;
682
683 padapter->mlmepriv.LinkDetectInfo.NumRxOkInPeriod++;
684
685 if ((!is_broadcast_ether_addr(pattrib->dst)) && (!is_multicast_ether_addr(pattrib->dst)))
686 padapter->mlmepriv.LinkDetectInfo.NumRxUnicastOkInPeriod++;
687
688 if (sta)
689 psta = sta;
690 else
691 psta = prframe->u.hdr.psta;
692
693 if (psta) {
694 pstats = &psta->sta_stats;
695
696 pstats->rx_data_pkts++;
697 pstats->rx_bytes += sz;
698 }
699
700 traffic_check_for_leave_lps(padapter, false, 0);
701 }
702
sta2sta_data_frame(struct adapter * adapter,union recv_frame * precv_frame,struct sta_info ** psta)703 static signed int sta2sta_data_frame(struct adapter *adapter, union recv_frame *precv_frame,
704 struct sta_info **psta)
705 {
706 u8 *ptr = precv_frame->u.hdr.rx_data;
707 signed int ret = _SUCCESS;
708 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
709 struct sta_priv *pstapriv = &adapter->stapriv;
710 struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
711 u8 *mybssid = get_bssid(pmlmepriv);
712 u8 *myhwaddr = myid(&adapter->eeprompriv);
713 u8 *sta_addr = NULL;
714 signed int bmcast = is_multicast_ether_addr(pattrib->dst);
715
716 if ((check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) == true) ||
717 (check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE) == true)) {
718
719 /* filter packets that SA is myself or multicast or broadcast */
720 if (!memcmp(myhwaddr, pattrib->src, ETH_ALEN)) {
721 ret = _FAIL;
722 goto exit;
723 }
724
725 if ((memcmp(myhwaddr, pattrib->dst, ETH_ALEN)) && (!bmcast)) {
726 ret = _FAIL;
727 goto exit;
728 }
729
730 if (is_zero_ether_addr(pattrib->bssid) ||
731 is_zero_ether_addr(mybssid) ||
732 (memcmp(pattrib->bssid, mybssid, ETH_ALEN))) {
733 ret = _FAIL;
734 goto exit;
735 }
736
737 sta_addr = pattrib->src;
738
739 } else if (check_fwstate(pmlmepriv, WIFI_STATION_STATE) == true) {
740 /* For Station mode, sa and bssid should always be BSSID, and DA is my mac-address */
741 if (memcmp(pattrib->bssid, pattrib->src, ETH_ALEN)) {
742 ret = _FAIL;
743 goto exit;
744 }
745
746 sta_addr = pattrib->bssid;
747 } else if (check_fwstate(pmlmepriv, WIFI_AP_STATE) == true) {
748 if (bmcast) {
749 /* For AP mode, if DA == MCAST, then BSSID should be also MCAST */
750 if (!is_multicast_ether_addr(pattrib->bssid)) {
751 ret = _FAIL;
752 goto exit;
753 }
754 } else { /* not mc-frame */
755 /* For AP mode, if DA is non-MCAST, then it must be BSSID, and bssid == BSSID */
756 if (memcmp(pattrib->bssid, pattrib->dst, ETH_ALEN)) {
757 ret = _FAIL;
758 goto exit;
759 }
760
761 sta_addr = pattrib->src;
762 }
763
764 } else if (check_fwstate(pmlmepriv, WIFI_MP_STATE) == true) {
765 memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
766 memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
767 memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
768 memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
769 memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
770
771 sta_addr = mybssid;
772 } else
773 ret = _FAIL;
774
775
776
777 if (bmcast)
778 *psta = rtw_get_bcmc_stainfo(adapter);
779 else
780 *psta = rtw_get_stainfo(pstapriv, sta_addr); /* get ap_info */
781
782 if (!*psta) {
783 ret = _FAIL;
784 goto exit;
785 }
786
787 exit:
788 return ret;
789 }
790
ap2sta_data_frame(struct adapter * adapter,union recv_frame * precv_frame,struct sta_info ** psta)791 static signed int ap2sta_data_frame(struct adapter *adapter, union recv_frame *precv_frame,
792 struct sta_info **psta)
793 {
794 u8 *ptr = precv_frame->u.hdr.rx_data;
795 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
796 signed int ret = _SUCCESS;
797 struct sta_priv *pstapriv = &adapter->stapriv;
798 struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
799 u8 *mybssid = get_bssid(pmlmepriv);
800 u8 *myhwaddr = myid(&adapter->eeprompriv);
801 signed int bmcast = is_multicast_ether_addr(pattrib->dst);
802
803 if ((check_fwstate(pmlmepriv, WIFI_STATION_STATE) == true) &&
804 (check_fwstate(pmlmepriv, _FW_LINKED) == true ||
805 check_fwstate(pmlmepriv, _FW_UNDER_LINKING) == true)
806 ) {
807
808 /* filter packets that SA is myself or multicast or broadcast */
809 if (!memcmp(myhwaddr, pattrib->src, ETH_ALEN)) {
810 ret = _FAIL;
811 goto exit;
812 }
813
814 /* da should be for me */
815 if ((memcmp(myhwaddr, pattrib->dst, ETH_ALEN)) && (!bmcast)) {
816 ret = _FAIL;
817 goto exit;
818 }
819
820
821 /* check BSSID */
822 if (is_zero_ether_addr(pattrib->bssid) ||
823 is_zero_ether_addr(mybssid) ||
824 (memcmp(pattrib->bssid, mybssid, ETH_ALEN))) {
825
826 if (!bmcast)
827 issue_deauth(adapter, pattrib->bssid, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
828
829 ret = _FAIL;
830 goto exit;
831 }
832
833 if (bmcast)
834 *psta = rtw_get_bcmc_stainfo(adapter);
835 else
836 *psta = rtw_get_stainfo(pstapriv, pattrib->bssid); /* get ap_info */
837
838 if (!*psta) {
839 ret = _FAIL;
840 goto exit;
841 }
842
843 if (GetFrameSubType(ptr) & BIT(6)) {
844 /* No data, will not indicate to upper layer, temporily count it here */
845 count_rx_stats(adapter, precv_frame, *psta);
846 ret = RTW_RX_HANDLED;
847 goto exit;
848 }
849
850 } else if ((check_fwstate(pmlmepriv, WIFI_MP_STATE) == true) &&
851 (check_fwstate(pmlmepriv, _FW_LINKED) == true)) {
852 memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
853 memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
854 memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
855 memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
856 memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
857
858 /* */
859 memcpy(pattrib->bssid, mybssid, ETH_ALEN);
860
861
862 *psta = rtw_get_stainfo(pstapriv, pattrib->bssid); /* get sta_info */
863 if (!*psta) {
864 ret = _FAIL;
865 goto exit;
866 }
867
868
869 } else if (check_fwstate(pmlmepriv, WIFI_AP_STATE) == true) {
870 /* Special case */
871 ret = RTW_RX_HANDLED;
872 goto exit;
873 } else {
874 if (!memcmp(myhwaddr, pattrib->dst, ETH_ALEN) && (!bmcast)) {
875 *psta = rtw_get_stainfo(pstapriv, pattrib->bssid); /* get sta_info */
876 if (!*psta) {
877
878 /* for AP multicast issue , modify by yiwei */
879 static unsigned long send_issue_deauth_time;
880
881 if (jiffies_to_msecs(jiffies - send_issue_deauth_time) > 10000 || send_issue_deauth_time == 0) {
882 send_issue_deauth_time = jiffies;
883
884 issue_deauth(adapter, pattrib->bssid, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
885 }
886 }
887 }
888
889 ret = _FAIL;
890 }
891
892 exit:
893 return ret;
894 }
895
sta2ap_data_frame(struct adapter * adapter,union recv_frame * precv_frame,struct sta_info ** psta)896 static signed int sta2ap_data_frame(struct adapter *adapter, union recv_frame *precv_frame,
897 struct sta_info **psta)
898 {
899 u8 *ptr = precv_frame->u.hdr.rx_data;
900 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
901 struct sta_priv *pstapriv = &adapter->stapriv;
902 struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
903 unsigned char *mybssid = get_bssid(pmlmepriv);
904 signed int ret = _SUCCESS;
905
906 if (check_fwstate(pmlmepriv, WIFI_AP_STATE) == true) {
907 /* For AP mode, RA =BSSID, TX =STA(SRC_ADDR), A3 =DST_ADDR */
908 if (memcmp(pattrib->bssid, mybssid, ETH_ALEN)) {
909 ret = _FAIL;
910 goto exit;
911 }
912
913 *psta = rtw_get_stainfo(pstapriv, pattrib->src);
914 if (!*psta) {
915 issue_deauth(adapter, pattrib->src, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
916
917 ret = RTW_RX_HANDLED;
918 goto exit;
919 }
920
921 process_pwrbit_data(adapter, precv_frame);
922
923 if ((GetFrameSubType(ptr) & WIFI_QOS_DATA_TYPE) == WIFI_QOS_DATA_TYPE)
924 process_wmmps_data(adapter, precv_frame);
925
926 if (GetFrameSubType(ptr) & BIT(6)) {
927 /* No data, will not indicate to upper layer, temporily count it here */
928 count_rx_stats(adapter, precv_frame, *psta);
929 ret = RTW_RX_HANDLED;
930 goto exit;
931 }
932 } else {
933 u8 *myhwaddr = myid(&adapter->eeprompriv);
934
935 if (memcmp(pattrib->ra, myhwaddr, ETH_ALEN)) {
936 ret = RTW_RX_HANDLED;
937 goto exit;
938 }
939 issue_deauth(adapter, pattrib->src, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
940 ret = RTW_RX_HANDLED;
941 goto exit;
942 }
943
944 exit:
945 return ret;
946 }
947
validate_recv_ctrl_frame(struct adapter * padapter,union recv_frame * precv_frame)948 static signed int validate_recv_ctrl_frame(struct adapter *padapter, union recv_frame *precv_frame)
949 {
950 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
951 struct sta_priv *pstapriv = &padapter->stapriv;
952 u8 *pframe = precv_frame->u.hdr.rx_data;
953 struct sta_info *psta = NULL;
954 /* uint len = precv_frame->u.hdr.len; */
955
956 if (GetFrameType(pframe) != WIFI_CTRL_TYPE)
957 return _FAIL;
958
959 /* receive the frames that ra(a1) is my address */
960 if (memcmp(GetAddr1Ptr(pframe), myid(&padapter->eeprompriv), ETH_ALEN))
961 return _FAIL;
962
963 psta = rtw_get_stainfo(pstapriv, GetAddr2Ptr(pframe));
964 if (!psta)
965 return _FAIL;
966
967 /* for rx pkt statistics */
968 psta->sta_stats.rx_ctrl_pkts++;
969
970 /* only handle ps-poll */
971 if (GetFrameSubType(pframe) == WIFI_PSPOLL) {
972 u16 aid;
973 u8 wmmps_ac = 0;
974
975 aid = GetAid(pframe);
976 if (psta->aid != aid)
977 return _FAIL;
978
979 switch (pattrib->priority) {
980 case 1:
981 case 2:
982 wmmps_ac = psta->uapsd_bk&BIT(0);
983 break;
984 case 4:
985 case 5:
986 wmmps_ac = psta->uapsd_vi&BIT(0);
987 break;
988 case 6:
989 case 7:
990 wmmps_ac = psta->uapsd_vo&BIT(0);
991 break;
992 case 0:
993 case 3:
994 default:
995 wmmps_ac = psta->uapsd_be&BIT(0);
996 break;
997 }
998
999 if (wmmps_ac)
1000 return _FAIL;
1001
1002 if (psta->state & WIFI_STA_ALIVE_CHK_STATE) {
1003 psta->expire_to = pstapriv->expire_to;
1004 psta->state ^= WIFI_STA_ALIVE_CHK_STATE;
1005 }
1006
1007 if ((psta->state&WIFI_SLEEP_STATE) && (pstapriv->sta_dz_bitmap&BIT(psta->aid))) {
1008 struct list_head *xmitframe_plist, *xmitframe_phead;
1009 struct xmit_frame *pxmitframe = NULL;
1010 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
1011
1012 /* spin_lock_bh(&psta->sleep_q.lock); */
1013 spin_lock_bh(&pxmitpriv->lock);
1014
1015 xmitframe_phead = get_list_head(&psta->sleep_q);
1016 xmitframe_plist = get_next(xmitframe_phead);
1017
1018 if (xmitframe_phead != xmitframe_plist) {
1019 pxmitframe = container_of(xmitframe_plist, struct xmit_frame, list);
1020
1021 xmitframe_plist = get_next(xmitframe_plist);
1022
1023 list_del_init(&pxmitframe->list);
1024
1025 psta->sleepq_len--;
1026
1027 if (psta->sleepq_len > 0)
1028 pxmitframe->attrib.mdata = 1;
1029 else
1030 pxmitframe->attrib.mdata = 0;
1031
1032 pxmitframe->attrib.triggered = 1;
1033
1034 rtw_hal_xmitframe_enqueue(padapter, pxmitframe);
1035
1036 if (psta->sleepq_len == 0) {
1037 pstapriv->tim_bitmap &= ~BIT(psta->aid);
1038
1039 /* update BCN for TIM IE */
1040 /* update_BCNTIM(padapter); */
1041 update_beacon(padapter, WLAN_EID_TIM, NULL, true);
1042 }
1043
1044 /* spin_unlock_bh(&psta->sleep_q.lock); */
1045 spin_unlock_bh(&pxmitpriv->lock);
1046
1047 } else {
1048 /* spin_unlock_bh(&psta->sleep_q.lock); */
1049 spin_unlock_bh(&pxmitpriv->lock);
1050
1051 if (pstapriv->tim_bitmap&BIT(psta->aid)) {
1052 if (psta->sleepq_len == 0) {
1053 /* issue nulldata with More data bit = 0 to indicate we have no buffered packets */
1054 issue_nulldata_in_interrupt(padapter, psta->hwaddr);
1055 } else {
1056 psta->sleepq_len = 0;
1057 }
1058
1059 pstapriv->tim_bitmap &= ~BIT(psta->aid);
1060
1061 /* update BCN for TIM IE */
1062 /* update_BCNTIM(padapter); */
1063 update_beacon(padapter, WLAN_EID_TIM, NULL, true);
1064 }
1065 }
1066 }
1067 }
1068
1069 return _FAIL;
1070
1071 }
1072
1073 /* perform defrag */
recvframe_defrag(struct adapter * adapter,struct __queue * defrag_q)1074 static union recv_frame *recvframe_defrag(struct adapter *adapter,
1075 struct __queue *defrag_q)
1076 {
1077 struct list_head *plist, *phead;
1078 u8 wlanhdr_offset;
1079 u8 curfragnum;
1080 struct recv_frame_hdr *pfhdr, *pnfhdr;
1081 union recv_frame *prframe, *pnextrframe;
1082 struct __queue *pfree_recv_queue;
1083
1084 curfragnum = 0;
1085 pfree_recv_queue = &adapter->recvpriv.free_recv_queue;
1086
1087 phead = get_list_head(defrag_q);
1088 plist = get_next(phead);
1089 prframe = (union recv_frame *)plist;
1090 pfhdr = &prframe->u.hdr;
1091 list_del_init(&(prframe->u.list));
1092
1093 if (curfragnum != pfhdr->attrib.frag_num) {
1094 /* the first fragment number must be 0 */
1095 /* free the whole queue */
1096 rtw_free_recvframe(prframe, pfree_recv_queue);
1097 rtw_free_recvframe_queue(defrag_q, pfree_recv_queue);
1098
1099 return NULL;
1100 }
1101
1102 curfragnum++;
1103
1104 plist = get_list_head(defrag_q);
1105
1106 plist = get_next(plist);
1107
1108 while (phead != plist) {
1109 pnextrframe = (union recv_frame *)plist;
1110 pnfhdr = &pnextrframe->u.hdr;
1111
1112
1113 /* check the fragment sequence (2nd ~n fragment frame) */
1114
1115 if (curfragnum != pnfhdr->attrib.frag_num) {
1116 /* the fragment number must be increasing (after decache) */
1117 /* release the defrag_q & prframe */
1118 rtw_free_recvframe(prframe, pfree_recv_queue);
1119 rtw_free_recvframe_queue(defrag_q, pfree_recv_queue);
1120 return NULL;
1121 }
1122
1123 curfragnum++;
1124
1125 /* copy the 2nd~n fragment frame's payload to the first fragment */
1126 /* get the 2nd~last fragment frame's payload */
1127
1128 wlanhdr_offset = pnfhdr->attrib.hdrlen + pnfhdr->attrib.iv_len;
1129
1130 recvframe_pull(pnextrframe, wlanhdr_offset);
1131
1132 /* append to first fragment frame's tail (if privacy frame, pull the ICV) */
1133 recvframe_pull_tail(prframe, pfhdr->attrib.icv_len);
1134
1135 /* memcpy */
1136 memcpy(pfhdr->rx_tail, pnfhdr->rx_data, pnfhdr->len);
1137
1138 recvframe_put(prframe, pnfhdr->len);
1139
1140 pfhdr->attrib.icv_len = pnfhdr->attrib.icv_len;
1141 plist = get_next(plist);
1142
1143 }
1144
1145 /* free the defrag_q queue and return the prframe */
1146 rtw_free_recvframe_queue(defrag_q, pfree_recv_queue);
1147
1148 return prframe;
1149 }
1150
1151 /* check if need to defrag, if needed queue the frame to defrag_q */
recvframe_chk_defrag(struct adapter * padapter,union recv_frame * precv_frame)1152 static union recv_frame *recvframe_chk_defrag(struct adapter *padapter, union recv_frame *precv_frame)
1153 {
1154 u8 ismfrag;
1155 u8 fragnum;
1156 u8 *psta_addr;
1157 struct recv_frame_hdr *pfhdr;
1158 struct sta_info *psta;
1159 struct sta_priv *pstapriv;
1160 struct list_head *phead;
1161 union recv_frame *prtnframe = NULL;
1162 struct __queue *pfree_recv_queue, *pdefrag_q;
1163
1164 pstapriv = &padapter->stapriv;
1165
1166 pfhdr = &precv_frame->u.hdr;
1167
1168 pfree_recv_queue = &padapter->recvpriv.free_recv_queue;
1169
1170 /* need to define struct of wlan header frame ctrl */
1171 ismfrag = pfhdr->attrib.mfrag;
1172 fragnum = pfhdr->attrib.frag_num;
1173
1174 psta_addr = pfhdr->attrib.ta;
1175 psta = rtw_get_stainfo(pstapriv, psta_addr);
1176 if (!psta) {
1177 u8 type = GetFrameType(pfhdr->rx_data);
1178
1179 if (type != WIFI_DATA_TYPE) {
1180 psta = rtw_get_bcmc_stainfo(padapter);
1181 pdefrag_q = &psta->sta_recvpriv.defrag_q;
1182 } else
1183 pdefrag_q = NULL;
1184 } else
1185 pdefrag_q = &psta->sta_recvpriv.defrag_q;
1186
1187 if ((ismfrag == 0) && (fragnum == 0))
1188 prtnframe = precv_frame;/* isn't a fragment frame */
1189
1190 if (ismfrag == 1) {
1191 /* 0~(n-1) fragment frame */
1192 /* enqueue to defraf_g */
1193 if (pdefrag_q) {
1194 if (fragnum == 0)
1195 /* the first fragment */
1196 if (!list_empty(&pdefrag_q->queue))
1197 /* free current defrag_q */
1198 rtw_free_recvframe_queue(pdefrag_q, pfree_recv_queue);
1199
1200
1201 /* Then enqueue the 0~(n-1) fragment into the defrag_q */
1202
1203 /* spin_lock(&pdefrag_q->lock); */
1204 phead = get_list_head(pdefrag_q);
1205 list_add_tail(&pfhdr->list, phead);
1206 /* spin_unlock(&pdefrag_q->lock); */
1207
1208 prtnframe = NULL;
1209
1210 } else {
1211 /* can't find this ta's defrag_queue, so free this recv_frame */
1212 rtw_free_recvframe(precv_frame, pfree_recv_queue);
1213 prtnframe = NULL;
1214 }
1215
1216 }
1217
1218 if ((ismfrag == 0) && (fragnum != 0)) {
1219 /* the last fragment frame */
1220 /* enqueue the last fragment */
1221 if (pdefrag_q) {
1222 /* spin_lock(&pdefrag_q->lock); */
1223 phead = get_list_head(pdefrag_q);
1224 list_add_tail(&pfhdr->list, phead);
1225 /* spin_unlock(&pdefrag_q->lock); */
1226
1227 /* call recvframe_defrag to defrag */
1228 precv_frame = recvframe_defrag(padapter, pdefrag_q);
1229 prtnframe = precv_frame;
1230
1231 } else {
1232 /* can't find this ta's defrag_queue, so free this recv_frame */
1233 rtw_free_recvframe(precv_frame, pfree_recv_queue);
1234 prtnframe = NULL;
1235 }
1236
1237 }
1238
1239
1240 if ((prtnframe) && (prtnframe->u.hdr.attrib.privacy)) {
1241 /* after defrag we must check tkip mic code */
1242 if (recvframe_chkmic(padapter, prtnframe) == _FAIL) {
1243 rtw_free_recvframe(prtnframe, pfree_recv_queue);
1244 prtnframe = NULL;
1245 }
1246 }
1247 return prtnframe;
1248 }
1249
validate_recv_mgnt_frame(struct adapter * padapter,union recv_frame * precv_frame)1250 static signed int validate_recv_mgnt_frame(struct adapter *padapter, union recv_frame *precv_frame)
1251 {
1252 /* struct mlme_priv *pmlmepriv = &adapter->mlmepriv; */
1253
1254 precv_frame = recvframe_chk_defrag(padapter, precv_frame);
1255 if (!precv_frame)
1256 return _SUCCESS;
1257
1258 {
1259 /* for rx pkt statistics */
1260 struct sta_info *psta = rtw_get_stainfo(&padapter->stapriv, GetAddr2Ptr(precv_frame->u.hdr.rx_data));
1261
1262 if (psta) {
1263 psta->sta_stats.rx_mgnt_pkts++;
1264 if (GetFrameSubType(precv_frame->u.hdr.rx_data) == WIFI_BEACON)
1265 psta->sta_stats.rx_beacon_pkts++;
1266 else if (GetFrameSubType(precv_frame->u.hdr.rx_data) == WIFI_PROBEREQ)
1267 psta->sta_stats.rx_probereq_pkts++;
1268 else if (GetFrameSubType(precv_frame->u.hdr.rx_data) == WIFI_PROBERSP) {
1269 if (!memcmp(padapter->eeprompriv.mac_addr, GetAddr1Ptr(precv_frame->u.hdr.rx_data), ETH_ALEN))
1270 psta->sta_stats.rx_probersp_pkts++;
1271 else if (is_broadcast_mac_addr(GetAddr1Ptr(precv_frame->u.hdr.rx_data)) ||
1272 is_multicast_mac_addr(GetAddr1Ptr(precv_frame->u.hdr.rx_data)))
1273 psta->sta_stats.rx_probersp_bm_pkts++;
1274 else
1275 psta->sta_stats.rx_probersp_uo_pkts++;
1276 }
1277 }
1278 }
1279
1280 mgt_dispatcher(padapter, precv_frame);
1281
1282 return _SUCCESS;
1283
1284 }
1285
validate_recv_data_frame(struct adapter * adapter,union recv_frame * precv_frame)1286 static signed int validate_recv_data_frame(struct adapter *adapter, union recv_frame *precv_frame)
1287 {
1288 u8 bretry;
1289 u8 *psa, *pda, *pbssid;
1290 struct sta_info *psta = NULL;
1291 u8 *ptr = precv_frame->u.hdr.rx_data;
1292 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
1293 struct security_priv *psecuritypriv = &adapter->securitypriv;
1294 signed int ret = _SUCCESS;
1295
1296 bretry = GetRetry(ptr);
1297 pda = get_da(ptr);
1298 psa = get_sa(ptr);
1299 pbssid = get_hdr_bssid(ptr);
1300
1301 if (!pbssid) {
1302 ret = _FAIL;
1303 goto exit;
1304 }
1305
1306 memcpy(pattrib->dst, pda, ETH_ALEN);
1307 memcpy(pattrib->src, psa, ETH_ALEN);
1308
1309 memcpy(pattrib->bssid, pbssid, ETH_ALEN);
1310
1311 switch (pattrib->to_fr_ds) {
1312 case 0:
1313 memcpy(pattrib->ra, pda, ETH_ALEN);
1314 memcpy(pattrib->ta, psa, ETH_ALEN);
1315 ret = sta2sta_data_frame(adapter, precv_frame, &psta);
1316 break;
1317
1318 case 1:
1319 memcpy(pattrib->ra, pda, ETH_ALEN);
1320 memcpy(pattrib->ta, pbssid, ETH_ALEN);
1321 ret = ap2sta_data_frame(adapter, precv_frame, &psta);
1322 break;
1323
1324 case 2:
1325 memcpy(pattrib->ra, pbssid, ETH_ALEN);
1326 memcpy(pattrib->ta, psa, ETH_ALEN);
1327 ret = sta2ap_data_frame(adapter, precv_frame, &psta);
1328 break;
1329
1330 case 3:
1331 memcpy(pattrib->ra, GetAddr1Ptr(ptr), ETH_ALEN);
1332 memcpy(pattrib->ta, GetAddr2Ptr(ptr), ETH_ALEN);
1333 ret = _FAIL;
1334 break;
1335
1336 default:
1337 ret = _FAIL;
1338 break;
1339
1340 }
1341
1342 if (ret == _FAIL) {
1343 goto exit;
1344 } else if (ret == RTW_RX_HANDLED) {
1345 goto exit;
1346 }
1347
1348
1349 if (!psta) {
1350 ret = _FAIL;
1351 goto exit;
1352 }
1353
1354 /* psta->rssi = prxcmd->rssi; */
1355 /* psta->signal_quality = prxcmd->sq; */
1356 precv_frame->u.hdr.psta = psta;
1357
1358
1359 pattrib->amsdu = 0;
1360 pattrib->ack_policy = 0;
1361 /* parsing QC field */
1362 if (pattrib->qos == 1) {
1363 pattrib->priority = GetPriority((ptr + 24));
1364 pattrib->ack_policy = GetAckpolicy((ptr + 24));
1365 pattrib->amsdu = GetAMsdu((ptr + 24));
1366 pattrib->hdrlen = pattrib->to_fr_ds == 3 ? 32 : 26;
1367
1368 if (pattrib->priority != 0 && pattrib->priority != 3)
1369 adapter->recvpriv.bIsAnyNonBEPkts = true;
1370
1371 } else {
1372 pattrib->priority = 0;
1373 pattrib->hdrlen = pattrib->to_fr_ds == 3 ? 30 : 24;
1374 }
1375
1376
1377 if (pattrib->order)/* HT-CTRL 11n */
1378 pattrib->hdrlen += 4;
1379
1380 precv_frame->u.hdr.preorder_ctrl = &psta->recvreorder_ctrl[pattrib->priority];
1381
1382 /* decache, drop duplicate recv packets */
1383 if (recv_decache(precv_frame, bretry, &psta->sta_recvpriv.rxcache) == _FAIL) {
1384 ret = _FAIL;
1385 goto exit;
1386 }
1387
1388 if (pattrib->privacy) {
1389 GET_ENCRY_ALGO(psecuritypriv, psta, pattrib->encrypt, is_multicast_ether_addr(pattrib->ra));
1390
1391 SET_ICE_IV_LEN(pattrib->iv_len, pattrib->icv_len, pattrib->encrypt);
1392 } else {
1393 pattrib->encrypt = 0;
1394 pattrib->iv_len = pattrib->icv_len = 0;
1395 }
1396
1397 exit:
1398 return ret;
1399 }
1400
validate_80211w_mgmt(struct adapter * adapter,union recv_frame * precv_frame)1401 static signed int validate_80211w_mgmt(struct adapter *adapter, union recv_frame *precv_frame)
1402 {
1403 struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
1404 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
1405 u8 *ptr = precv_frame->u.hdr.rx_data;
1406 u8 subtype;
1407
1408 subtype = GetFrameSubType(ptr); /* bit(7)~bit(2) */
1409
1410 /* only support station mode */
1411 if (check_fwstate(pmlmepriv, WIFI_STATION_STATE) && check_fwstate(pmlmepriv, _FW_LINKED) &&
1412 adapter->securitypriv.binstallBIPkey == true) {
1413 /* unicast management frame decrypt */
1414 if (pattrib->privacy && !(is_multicast_ether_addr(GetAddr1Ptr(ptr))) &&
1415 (subtype == WIFI_DEAUTH || subtype == WIFI_DISASSOC || subtype == WIFI_ACTION)) {
1416 u8 *mgmt_DATA;
1417 u32 data_len = 0;
1418
1419 pattrib->bdecrypted = 0;
1420 pattrib->encrypt = _AES_;
1421 pattrib->hdrlen = sizeof(struct ieee80211_hdr_3addr);
1422 /* set iv and icv length */
1423 SET_ICE_IV_LEN(pattrib->iv_len, pattrib->icv_len, pattrib->encrypt);
1424 memcpy(pattrib->ra, GetAddr1Ptr(ptr), ETH_ALEN);
1425 memcpy(pattrib->ta, GetAddr2Ptr(ptr), ETH_ALEN);
1426 /* actual management data frame body */
1427 data_len = pattrib->pkt_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
1428 mgmt_DATA = kzalloc(data_len, GFP_ATOMIC);
1429 if (!mgmt_DATA)
1430 goto validate_80211w_fail;
1431 precv_frame = decryptor(adapter, precv_frame);
1432 /* save actual management data frame body */
1433 memcpy(mgmt_DATA, ptr+pattrib->hdrlen+pattrib->iv_len, data_len);
1434 /* overwrite the iv field */
1435 memcpy(ptr+pattrib->hdrlen, mgmt_DATA, data_len);
1436 /* remove the iv and icv length */
1437 pattrib->pkt_len = pattrib->pkt_len - pattrib->iv_len - pattrib->icv_len;
1438 kfree(mgmt_DATA);
1439 if (!precv_frame)
1440 goto validate_80211w_fail;
1441 } else if (is_multicast_ether_addr(GetAddr1Ptr(ptr)) &&
1442 (subtype == WIFI_DEAUTH || subtype == WIFI_DISASSOC)) {
1443 signed int BIP_ret = _SUCCESS;
1444 /* verify BIP MME IE of broadcast/multicast de-auth/disassoc packet */
1445 BIP_ret = rtw_BIP_verify(adapter, (u8 *)precv_frame);
1446 if (BIP_ret == _FAIL) {
1447 goto validate_80211w_fail;
1448 } else if (BIP_ret == RTW_RX_HANDLED) {
1449 /* issue sa query request */
1450 issue_action_SA_Query(adapter, NULL, 0, 0);
1451 goto validate_80211w_fail;
1452 }
1453 } else { /* 802.11w protect */
1454 if (subtype == WIFI_ACTION) {
1455 /* according 802.11-2012 standard, these five types are not robust types */
1456 if (ptr[WLAN_HDR_A3_LEN] != RTW_WLAN_CATEGORY_PUBLIC &&
1457 ptr[WLAN_HDR_A3_LEN] != RTW_WLAN_CATEGORY_HT &&
1458 ptr[WLAN_HDR_A3_LEN] != RTW_WLAN_CATEGORY_UNPROTECTED_WNM &&
1459 ptr[WLAN_HDR_A3_LEN] != RTW_WLAN_CATEGORY_SELF_PROTECTED &&
1460 ptr[WLAN_HDR_A3_LEN] != RTW_WLAN_CATEGORY_P2P) {
1461 goto validate_80211w_fail;
1462 }
1463 } else if (subtype == WIFI_DEAUTH || subtype == WIFI_DISASSOC) {
1464 /* issue sa query request */
1465 issue_action_SA_Query(adapter, NULL, 0, 0);
1466 goto validate_80211w_fail;
1467 }
1468 }
1469 }
1470 return _SUCCESS;
1471
1472 validate_80211w_fail:
1473 return _FAIL;
1474
1475 }
1476
validate_recv_frame(struct adapter * adapter,union recv_frame * precv_frame)1477 static signed int validate_recv_frame(struct adapter *adapter, union recv_frame *precv_frame)
1478 {
1479 /* shall check frame subtype, to / from ds, da, bssid */
1480
1481 /* then call check if rx seq/frag. duplicated. */
1482
1483 u8 type;
1484 u8 subtype;
1485 signed int retval = _SUCCESS;
1486 u8 bDumpRxPkt;
1487
1488 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
1489
1490 u8 *ptr = precv_frame->u.hdr.rx_data;
1491 u8 ver = (unsigned char) (*ptr)&0x3;
1492
1493 /* add version chk */
1494 if (ver != 0) {
1495 retval = _FAIL;
1496 goto exit;
1497 }
1498
1499 type = GetFrameType(ptr);
1500 subtype = GetFrameSubType(ptr); /* bit(7)~bit(2) */
1501
1502 pattrib->to_fr_ds = get_tofr_ds(ptr);
1503
1504 pattrib->frag_num = GetFragNum(ptr);
1505 pattrib->seq_num = GetSequence(ptr);
1506
1507 pattrib->pw_save = GetPwrMgt(ptr);
1508 pattrib->mfrag = GetMFrag(ptr);
1509 pattrib->mdata = GetMData(ptr);
1510 pattrib->privacy = GetPrivacy(ptr);
1511 pattrib->order = GetOrder(ptr);
1512 rtw_hal_get_def_var(adapter, HAL_DEF_DBG_DUMP_RXPKT, &(bDumpRxPkt));
1513
1514 switch (type) {
1515 case WIFI_MGT_TYPE: /* mgnt */
1516 if (validate_80211w_mgmt(adapter, precv_frame) == _FAIL) {
1517 retval = _FAIL;
1518 break;
1519 }
1520
1521 retval = validate_recv_mgnt_frame(adapter, precv_frame);
1522 retval = _FAIL; /* only data frame return _SUCCESS */
1523 break;
1524 case WIFI_CTRL_TYPE: /* ctrl */
1525 retval = validate_recv_ctrl_frame(adapter, precv_frame);
1526 retval = _FAIL; /* only data frame return _SUCCESS */
1527 break;
1528 case WIFI_DATA_TYPE: /* data */
1529 pattrib->qos = (subtype & BIT(7)) ? 1:0;
1530 retval = validate_recv_data_frame(adapter, precv_frame);
1531 if (retval == _FAIL) {
1532 struct recv_priv *precvpriv = &adapter->recvpriv;
1533
1534 precvpriv->rx_drop++;
1535 } else if (retval == _SUCCESS) {
1536 #ifdef DBG_RX_DUMP_EAP
1537 u8 bDumpRxPkt;
1538 u16 eth_type;
1539
1540 /* dump eapol */
1541 rtw_hal_get_def_var(adapter, HAL_DEF_DBG_DUMP_RXPKT, &(bDumpRxPkt));
1542 /* get ether_type */
1543 memcpy(ð_type, ptr + pattrib->hdrlen + pattrib->iv_len + LLC_HEADER_LENGTH, 2);
1544 eth_type = ntohs((unsigned short) eth_type);
1545 #endif
1546 }
1547 break;
1548 default:
1549 retval = _FAIL;
1550 break;
1551 }
1552
1553 exit:
1554 return retval;
1555 }
1556
1557 /* remove the wlanhdr and add the eth_hdr */
wlanhdr_to_ethhdr(union recv_frame * precvframe)1558 static signed int wlanhdr_to_ethhdr(union recv_frame *precvframe)
1559 {
1560 signed int rmv_len;
1561 u16 eth_type, len;
1562 u8 bsnaphdr;
1563 u8 *psnap_type;
1564 struct ieee80211_snap_hdr *psnap;
1565 __be16 be_tmp;
1566 struct adapter *adapter = precvframe->u.hdr.adapter;
1567 struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
1568 u8 *ptr = precvframe->u.hdr.rx_data; /* point to frame_ctrl field */
1569 struct rx_pkt_attrib *pattrib = &precvframe->u.hdr.attrib;
1570
1571 if (pattrib->encrypt)
1572 recvframe_pull_tail(precvframe, pattrib->icv_len);
1573
1574 psnap = (struct ieee80211_snap_hdr *)(ptr+pattrib->hdrlen + pattrib->iv_len);
1575 psnap_type = ptr+pattrib->hdrlen + pattrib->iv_len+SNAP_SIZE;
1576 /* convert hdr + possible LLC headers into Ethernet header */
1577 /* eth_type = (psnap_type[0] << 8) | psnap_type[1]; */
1578 if ((!memcmp(psnap, rfc1042_header, SNAP_SIZE) &&
1579 (memcmp(psnap_type, SNAP_ETH_TYPE_IPX, 2)) &&
1580 (memcmp(psnap_type, SNAP_ETH_TYPE_APPLETALK_AARP, 2))) ||
1581 /* eth_type != ETH_P_AARP && eth_type != ETH_P_IPX) || */
1582 !memcmp(psnap, bridge_tunnel_header, SNAP_SIZE)) {
1583 /* remove RFC1042 or Bridge-Tunnel encapsulation and replace EtherType */
1584 bsnaphdr = true;
1585 } else
1586 /* Leave Ethernet header part of hdr and full payload */
1587 bsnaphdr = false;
1588
1589 rmv_len = pattrib->hdrlen + pattrib->iv_len + (bsnaphdr?SNAP_SIZE:0);
1590 len = precvframe->u.hdr.len - rmv_len;
1591
1592 memcpy(&be_tmp, ptr+rmv_len, 2);
1593 eth_type = ntohs(be_tmp); /* pattrib->ether_type */
1594 pattrib->eth_type = eth_type;
1595
1596 if ((check_fwstate(pmlmepriv, WIFI_MP_STATE) == true)) {
1597 ptr += rmv_len;
1598 *ptr = 0x87;
1599 *(ptr+1) = 0x12;
1600
1601 eth_type = 0x8712;
1602 /* append rx status for mp test packets */
1603 ptr = recvframe_pull(precvframe, (rmv_len-sizeof(struct ethhdr)+2)-24);
1604 if (!ptr)
1605 return _FAIL;
1606 memcpy(ptr, get_rxmem(precvframe), 24);
1607 ptr += 24;
1608 } else {
1609 ptr = recvframe_pull(precvframe, (rmv_len-sizeof(struct ethhdr) + (bsnaphdr?2:0)));
1610 if (!ptr)
1611 return _FAIL;
1612 }
1613
1614 memcpy(ptr, pattrib->dst, ETH_ALEN);
1615 memcpy(ptr+ETH_ALEN, pattrib->src, ETH_ALEN);
1616
1617 if (!bsnaphdr) {
1618 be_tmp = htons(len);
1619 memcpy(ptr+12, &be_tmp, 2);
1620 }
1621
1622 return _SUCCESS;
1623 }
1624
rtw_alloc_msdu_pkt(union recv_frame * prframe,u16 nSubframe_Length,u8 * pdata)1625 static struct sk_buff *rtw_alloc_msdu_pkt(union recv_frame *prframe, u16 nSubframe_Length, u8 *pdata)
1626 {
1627 u16 eth_type;
1628 struct sk_buff *sub_skb;
1629 struct rx_pkt_attrib *pattrib;
1630
1631 pattrib = &prframe->u.hdr.attrib;
1632
1633 sub_skb = __dev_alloc_skb(nSubframe_Length + 12, GFP_ATOMIC);
1634 if (!sub_skb)
1635 return NULL;
1636
1637 skb_reserve(sub_skb, 12);
1638 skb_put_data(sub_skb, (pdata + ETH_HLEN), nSubframe_Length);
1639
1640 eth_type = get_unaligned_be16(&sub_skb->data[6]);
1641
1642 if (sub_skb->len >= 8 &&
1643 ((!memcmp(sub_skb->data, rfc1042_header, SNAP_SIZE) &&
1644 eth_type != ETH_P_AARP && eth_type != ETH_P_IPX) ||
1645 !memcmp(sub_skb->data, bridge_tunnel_header, SNAP_SIZE))) {
1646 /*
1647 * remove RFC1042 or Bridge-Tunnel encapsulation and replace
1648 * EtherType
1649 */
1650 skb_pull(sub_skb, SNAP_SIZE);
1651 memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->src, ETH_ALEN);
1652 memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->dst, ETH_ALEN);
1653 } else {
1654 __be16 len;
1655 /* Leave Ethernet header part of hdr and full payload */
1656 len = htons(sub_skb->len);
1657 memcpy(skb_push(sub_skb, 2), &len, 2);
1658 memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->src, ETH_ALEN);
1659 memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->dst, ETH_ALEN);
1660 }
1661
1662 return sub_skb;
1663 }
1664
rtw_recv_indicate_pkt(struct adapter * padapter,struct sk_buff * pkt,struct rx_pkt_attrib * pattrib)1665 static void rtw_recv_indicate_pkt(struct adapter *padapter, struct sk_buff *pkt, struct rx_pkt_attrib *pattrib)
1666 {
1667 struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
1668
1669 /* Indicate the packets to upper layer */
1670 if (pkt) {
1671 if (check_fwstate(pmlmepriv, WIFI_AP_STATE) == true) {
1672 struct sk_buff *pskb2 = NULL;
1673 struct sta_info *psta = NULL;
1674 struct sta_priv *pstapriv = &padapter->stapriv;
1675 int bmcast = is_multicast_ether_addr(pattrib->dst);
1676
1677 if (memcmp(pattrib->dst, myid(&padapter->eeprompriv), ETH_ALEN)) {
1678 if (bmcast) {
1679 psta = rtw_get_bcmc_stainfo(padapter);
1680 pskb2 = skb_clone(pkt, GFP_ATOMIC);
1681 } else {
1682 psta = rtw_get_stainfo(pstapriv, pattrib->dst);
1683 }
1684
1685 if (psta) {
1686 struct net_device *pnetdev = (struct net_device *)padapter->pnetdev;
1687 /* skb->ip_summed = CHECKSUM_NONE; */
1688 pkt->dev = pnetdev;
1689 skb_set_queue_mapping(pkt, rtw_recv_select_queue(pkt));
1690
1691 _rtw_xmit_entry(pkt, pnetdev);
1692
1693 if (bmcast && pskb2)
1694 pkt = pskb2;
1695 else
1696 return;
1697 }
1698 } else {
1699 /* to APself */
1700 }
1701 }
1702
1703 pkt->protocol = eth_type_trans(pkt, padapter->pnetdev);
1704 pkt->dev = padapter->pnetdev;
1705
1706 pkt->ip_summed = CHECKSUM_NONE;
1707
1708 rtw_netif_rx(padapter->pnetdev, pkt);
1709 }
1710 }
1711
amsdu_to_msdu(struct adapter * padapter,union recv_frame * prframe)1712 static int amsdu_to_msdu(struct adapter *padapter, union recv_frame *prframe)
1713 {
1714 int a_len, padding_len;
1715 u16 nSubframe_Length;
1716 u8 nr_subframes, i;
1717 u8 *pdata;
1718 struct sk_buff *sub_pkt, *subframes[MAX_SUBFRAME_COUNT];
1719 struct recv_priv *precvpriv = &padapter->recvpriv;
1720 struct __queue *pfree_recv_queue = &(precvpriv->free_recv_queue);
1721
1722 nr_subframes = 0;
1723
1724 recvframe_pull(prframe, prframe->u.hdr.attrib.hdrlen);
1725
1726 if (prframe->u.hdr.attrib.iv_len > 0)
1727 recvframe_pull(prframe, prframe->u.hdr.attrib.iv_len);
1728
1729 a_len = prframe->u.hdr.len;
1730
1731 pdata = prframe->u.hdr.rx_data;
1732
1733 while (a_len > ETH_HLEN) {
1734
1735 /* Offset 12 denote 2 mac address */
1736 nSubframe_Length = get_unaligned_be16(pdata + 12);
1737
1738 if (a_len < ETH_HLEN + nSubframe_Length)
1739 break;
1740
1741 sub_pkt = rtw_alloc_msdu_pkt(prframe, nSubframe_Length, pdata);
1742 if (!sub_pkt)
1743 break;
1744
1745 /* move the data point to data content */
1746 pdata += ETH_HLEN;
1747 a_len -= ETH_HLEN;
1748
1749 subframes[nr_subframes++] = sub_pkt;
1750
1751 if (nr_subframes >= MAX_SUBFRAME_COUNT)
1752 break;
1753
1754 pdata += nSubframe_Length;
1755 a_len -= nSubframe_Length;
1756 if (a_len != 0) {
1757 padding_len = 4 - ((nSubframe_Length + ETH_HLEN) & (4-1));
1758 if (padding_len == 4)
1759 padding_len = 0;
1760
1761 if (a_len < padding_len)
1762 break;
1763
1764 pdata += padding_len;
1765 a_len -= padding_len;
1766 }
1767 }
1768
1769 for (i = 0; i < nr_subframes; i++) {
1770 sub_pkt = subframes[i];
1771
1772 /* Indicate the packets to upper layer */
1773 if (sub_pkt)
1774 rtw_recv_indicate_pkt(padapter, sub_pkt, &prframe->u.hdr.attrib);
1775 }
1776
1777 prframe->u.hdr.len = 0;
1778 rtw_free_recvframe(prframe, pfree_recv_queue);/* free this recv_frame */
1779
1780 return _SUCCESS;
1781 }
1782
check_indicate_seq(struct recv_reorder_ctrl * preorder_ctrl,u16 seq_num)1783 static int check_indicate_seq(struct recv_reorder_ctrl *preorder_ctrl, u16 seq_num)
1784 {
1785 u8 wsize = preorder_ctrl->wsize_b;
1786 u16 wend = (preorder_ctrl->indicate_seq + wsize - 1) % 4096u;
1787
1788 /* Rx Reorder initialize condition. */
1789 if (preorder_ctrl->indicate_seq == 0xFFFF)
1790 preorder_ctrl->indicate_seq = seq_num;
1791
1792 /* Drop out the packet which SeqNum is smaller than WinStart */
1793 if (SN_LESS(seq_num, preorder_ctrl->indicate_seq))
1794 return false;
1795
1796 /* */
1797 /* Sliding window manipulation. Conditions includes: */
1798 /* 1. Incoming SeqNum is equal to WinStart =>Window shift 1 */
1799 /* 2. Incoming SeqNum is larger than the WinEnd => Window shift N */
1800 /* */
1801 if (SN_EQUAL(seq_num, preorder_ctrl->indicate_seq)) {
1802 preorder_ctrl->indicate_seq = (preorder_ctrl->indicate_seq + 1) % 4096u;
1803
1804 } else if (SN_LESS(wend, seq_num)) {
1805 /* boundary situation, when seq_num cross 0xFFF */
1806 if (seq_num >= (wsize - 1))
1807 preorder_ctrl->indicate_seq = seq_num + 1 - wsize;
1808 else
1809 preorder_ctrl->indicate_seq = 0xFFF - (wsize - (seq_num + 1)) + 1;
1810 }
1811
1812 return true;
1813 }
1814
enqueue_reorder_recvframe(struct recv_reorder_ctrl * preorder_ctrl,union recv_frame * prframe)1815 static int enqueue_reorder_recvframe(struct recv_reorder_ctrl *preorder_ctrl, union recv_frame *prframe)
1816 {
1817 struct rx_pkt_attrib *pattrib = &prframe->u.hdr.attrib;
1818 struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1819 struct list_head *phead, *plist;
1820 union recv_frame *pnextrframe;
1821 struct rx_pkt_attrib *pnextattrib;
1822
1823 /* spin_lock_irqsave(&ppending_recvframe_queue->lock, irql); */
1824 /* spin_lock(&ppending_recvframe_queue->lock); */
1825
1826
1827 phead = get_list_head(ppending_recvframe_queue);
1828 plist = get_next(phead);
1829
1830 while (phead != plist) {
1831 pnextrframe = (union recv_frame *)plist;
1832 pnextattrib = &pnextrframe->u.hdr.attrib;
1833
1834 if (SN_LESS(pnextattrib->seq_num, pattrib->seq_num))
1835 plist = get_next(plist);
1836 else if (SN_EQUAL(pnextattrib->seq_num, pattrib->seq_num))
1837 /* Duplicate entry is found!! Do not insert current entry. */
1838 /* spin_unlock_irqrestore(&ppending_recvframe_queue->lock, irql); */
1839 return false;
1840 else
1841 break;
1842
1843 }
1844
1845
1846 /* spin_lock_irqsave(&ppending_recvframe_queue->lock, irql); */
1847 /* spin_lock(&ppending_recvframe_queue->lock); */
1848
1849 list_del_init(&(prframe->u.hdr.list));
1850
1851 list_add_tail(&(prframe->u.hdr.list), plist);
1852
1853 /* spin_unlock(&ppending_recvframe_queue->lock); */
1854 /* spin_unlock_irqrestore(&ppending_recvframe_queue->lock, irql); */
1855
1856 return true;
1857
1858 }
1859
rtw_recv_indicatepkt(struct adapter * padapter,union recv_frame * precv_frame)1860 static int rtw_recv_indicatepkt(struct adapter *padapter, union recv_frame *precv_frame)
1861 {
1862 struct recv_priv *precvpriv;
1863 struct __queue *pfree_recv_queue;
1864 struct sk_buff *skb;
1865 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
1866
1867 precvpriv = &(padapter->recvpriv);
1868 pfree_recv_queue = &(precvpriv->free_recv_queue);
1869
1870 skb = precv_frame->u.hdr.pkt;
1871 if (!skb)
1872 goto _recv_indicatepkt_drop;
1873
1874 skb->data = precv_frame->u.hdr.rx_data;
1875
1876 skb_set_tail_pointer(skb, precv_frame->u.hdr.len);
1877
1878 skb->len = precv_frame->u.hdr.len;
1879
1880 rtw_recv_indicate_pkt(padapter, skb, pattrib);
1881
1882 /* pointers to NULL before rtw_free_recvframe() */
1883 precv_frame->u.hdr.pkt = NULL;
1884
1885 rtw_free_recvframe(precv_frame, pfree_recv_queue);
1886
1887 return _SUCCESS;
1888
1889 _recv_indicatepkt_drop:
1890
1891 /* enqueue back to free_recv_queue */
1892 rtw_free_recvframe(precv_frame, pfree_recv_queue);
1893
1894 return _FAIL;
1895 }
1896
recv_indicatepkts_in_order(struct adapter * padapter,struct recv_reorder_ctrl * preorder_ctrl,int bforced)1897 static int recv_indicatepkts_in_order(struct adapter *padapter, struct recv_reorder_ctrl *preorder_ctrl, int bforced)
1898 {
1899 struct list_head *phead, *plist;
1900 union recv_frame *prframe;
1901 struct rx_pkt_attrib *pattrib;
1902 /* u8 index = 0; */
1903 int bPktInBuf = false;
1904 struct recv_priv *precvpriv = &padapter->recvpriv;
1905 struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1906
1907 /* spin_lock_irqsave(&ppending_recvframe_queue->lock, irql); */
1908 /* spin_lock(&ppending_recvframe_queue->lock); */
1909
1910 phead = get_list_head(ppending_recvframe_queue);
1911 plist = get_next(phead);
1912
1913 /* Handling some condition for forced indicate case. */
1914 if (bforced == true) {
1915 if (list_empty(phead)) {
1916 /* spin_unlock_irqrestore(&ppending_recvframe_queue->lock, irql); */
1917 /* spin_unlock(&ppending_recvframe_queue->lock); */
1918 return true;
1919 }
1920
1921 prframe = (union recv_frame *)plist;
1922 pattrib = &prframe->u.hdr.attrib;
1923
1924 preorder_ctrl->indicate_seq = pattrib->seq_num;
1925
1926 }
1927
1928 /* Prepare indication list and indication. */
1929 /* Check if there is any packet need indicate. */
1930 while (!list_empty(phead)) {
1931
1932 prframe = (union recv_frame *)plist;
1933 pattrib = &prframe->u.hdr.attrib;
1934
1935 if (!SN_LESS(preorder_ctrl->indicate_seq, pattrib->seq_num)) {
1936 plist = get_next(plist);
1937 list_del_init(&(prframe->u.hdr.list));
1938
1939 if (SN_EQUAL(preorder_ctrl->indicate_seq, pattrib->seq_num))
1940 preorder_ctrl->indicate_seq = (preorder_ctrl->indicate_seq + 1) % 4096u;
1941
1942 /* Set this as a lock to make sure that only one thread is indicating packet. */
1943 /* pTS->RxIndicateState = RXTS_INDICATE_PROCESSING; */
1944
1945 /* Indicate packets */
1946
1947 /* indicate this recv_frame */
1948 if (!pattrib->amsdu) {
1949 if ((padapter->bDriverStopped == false) &&
1950 (padapter->bSurpriseRemoved == false))
1951 rtw_recv_indicatepkt(padapter, prframe);/* indicate this recv_frame */
1952
1953 } else if (pattrib->amsdu == 1) {
1954 if (amsdu_to_msdu(padapter, prframe) != _SUCCESS)
1955 rtw_free_recvframe(prframe, &precvpriv->free_recv_queue);
1956
1957 } else {
1958 /* error condition; */
1959 }
1960
1961
1962 /* Update local variables. */
1963 bPktInBuf = false;
1964
1965 } else {
1966 bPktInBuf = true;
1967 break;
1968 }
1969
1970 }
1971
1972 /* spin_unlock(&ppending_recvframe_queue->lock); */
1973 /* spin_unlock_irqrestore(&ppending_recvframe_queue->lock, irql); */
1974
1975 return bPktInBuf;
1976 }
1977
recv_indicatepkt_reorder(struct adapter * padapter,union recv_frame * prframe)1978 static int recv_indicatepkt_reorder(struct adapter *padapter, union recv_frame *prframe)
1979 {
1980 int retval = _SUCCESS;
1981 struct rx_pkt_attrib *pattrib = &prframe->u.hdr.attrib;
1982 struct recv_reorder_ctrl *preorder_ctrl = prframe->u.hdr.preorder_ctrl;
1983 struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1984
1985 if (!pattrib->amsdu) {
1986 /* s1. */
1987 wlanhdr_to_ethhdr(prframe);
1988
1989 if (pattrib->qos != 1) {
1990 if ((padapter->bDriverStopped == false) &&
1991 (padapter->bSurpriseRemoved == false)) {
1992 rtw_recv_indicatepkt(padapter, prframe);
1993 return _SUCCESS;
1994
1995 }
1996
1997 return _FAIL;
1998
1999 }
2000
2001 if (preorder_ctrl->enable == false) {
2002 /* indicate this recv_frame */
2003 preorder_ctrl->indicate_seq = pattrib->seq_num;
2004
2005 rtw_recv_indicatepkt(padapter, prframe);
2006
2007 preorder_ctrl->indicate_seq = (preorder_ctrl->indicate_seq + 1)%4096;
2008
2009 return _SUCCESS;
2010 }
2011 } else if (pattrib->amsdu == 1) { /* temp filter -> means didn't support A-MSDUs in a A-MPDU */
2012 if (preorder_ctrl->enable == false) {
2013 preorder_ctrl->indicate_seq = pattrib->seq_num;
2014
2015 retval = amsdu_to_msdu(padapter, prframe);
2016
2017 preorder_ctrl->indicate_seq = (preorder_ctrl->indicate_seq + 1)%4096;
2018
2019 return retval;
2020 }
2021 }
2022
2023 spin_lock_bh(&ppending_recvframe_queue->lock);
2024
2025 /* s2. check if winstart_b(indicate_seq) needs to been updated */
2026 if (!check_indicate_seq(preorder_ctrl, pattrib->seq_num))
2027 goto _err_exit;
2028
2029 /* s3. Insert all packet into Reorder Queue to maintain its ordering. */
2030 if (!enqueue_reorder_recvframe(preorder_ctrl, prframe)) {
2031 /* spin_unlock_irqrestore(&ppending_recvframe_queue->lock, irql); */
2032 /* return _FAIL; */
2033 goto _err_exit;
2034 }
2035
2036
2037 /* s4. */
2038 /* Indication process. */
2039 /* After Packet dropping and Sliding Window shifting as above, we can now just indicate the packets */
2040 /* with the SeqNum smaller than latest WinStart and buffer other packets. */
2041 /* */
2042 /* For Rx Reorder condition: */
2043 /* 1. All packets with SeqNum smaller than WinStart => Indicate */
2044 /* 2. All packets with SeqNum larger than or equal to WinStart => Buffer it. */
2045 /* */
2046
2047 /* recv_indicatepkts_in_order(padapter, preorder_ctrl, true); */
2048 if (recv_indicatepkts_in_order(padapter, preorder_ctrl, false) == true) {
2049 _set_timer(&preorder_ctrl->reordering_ctrl_timer, REORDER_WAIT_TIME);
2050 spin_unlock_bh(&ppending_recvframe_queue->lock);
2051 } else {
2052 spin_unlock_bh(&ppending_recvframe_queue->lock);
2053 timer_delete_sync(&preorder_ctrl->reordering_ctrl_timer);
2054 }
2055
2056 return _SUCCESS;
2057
2058 _err_exit:
2059 spin_unlock_bh(&ppending_recvframe_queue->lock);
2060
2061 return _FAIL;
2062 }
2063
2064
rtw_reordering_ctrl_timeout_handler(struct timer_list * t)2065 void rtw_reordering_ctrl_timeout_handler(struct timer_list *t)
2066 {
2067 struct recv_reorder_ctrl *preorder_ctrl =
2068 timer_container_of(preorder_ctrl, t, reordering_ctrl_timer);
2069 struct adapter *padapter = preorder_ctrl->padapter;
2070 struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
2071
2072
2073 if (padapter->bDriverStopped || padapter->bSurpriseRemoved)
2074 return;
2075
2076 spin_lock_bh(&ppending_recvframe_queue->lock);
2077
2078 if (recv_indicatepkts_in_order(padapter, preorder_ctrl, true) == true)
2079 _set_timer(&preorder_ctrl->reordering_ctrl_timer, REORDER_WAIT_TIME);
2080
2081 spin_unlock_bh(&ppending_recvframe_queue->lock);
2082
2083 }
2084
process_recv_indicatepkts(struct adapter * padapter,union recv_frame * prframe)2085 static int process_recv_indicatepkts(struct adapter *padapter, union recv_frame *prframe)
2086 {
2087 int retval = _SUCCESS;
2088 /* struct recv_priv *precvpriv = &padapter->recvpriv; */
2089 /* struct rx_pkt_attrib *pattrib = &prframe->u.hdr.attrib; */
2090 struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
2091 struct ht_priv *phtpriv = &pmlmepriv->htpriv;
2092
2093 if (phtpriv->ht_option == true) { /* B/G/N Mode */
2094 /* prframe->u.hdr.preorder_ctrl = &precvpriv->recvreorder_ctrl[pattrib->priority]; */
2095
2096 if (recv_indicatepkt_reorder(padapter, prframe) != _SUCCESS) { /* including perform A-MPDU Rx Ordering Buffer Control */
2097
2098 if ((padapter->bDriverStopped == false) &&
2099 (padapter->bSurpriseRemoved == false)) {
2100 retval = _FAIL;
2101 return retval;
2102 }
2103 }
2104 } else { /* B/G mode */
2105 retval = wlanhdr_to_ethhdr(prframe);
2106 if (retval != _SUCCESS)
2107 return retval;
2108
2109 if ((padapter->bDriverStopped == false) && (padapter->bSurpriseRemoved == false)) {
2110 /* indicate this recv_frame */
2111 rtw_recv_indicatepkt(padapter, prframe);
2112 } else {
2113 retval = _FAIL;
2114 return retval;
2115 }
2116
2117 }
2118
2119 return retval;
2120
2121 }
2122
recv_func_prehandle(struct adapter * padapter,union recv_frame * rframe)2123 static int recv_func_prehandle(struct adapter *padapter, union recv_frame *rframe)
2124 {
2125 int ret = _SUCCESS;
2126 struct __queue *pfree_recv_queue = &padapter->recvpriv.free_recv_queue;
2127
2128 /* check the frame crtl field and decache */
2129 ret = validate_recv_frame(padapter, rframe);
2130 if (ret != _SUCCESS) {
2131 rtw_free_recvframe(rframe, pfree_recv_queue);/* free this recv_frame */
2132 goto exit;
2133 }
2134
2135 exit:
2136 return ret;
2137 }
2138
recv_func_posthandle(struct adapter * padapter,union recv_frame * prframe)2139 static int recv_func_posthandle(struct adapter *padapter, union recv_frame *prframe)
2140 {
2141 int ret = _SUCCESS;
2142 union recv_frame *orig_prframe = prframe;
2143 struct recv_priv *precvpriv = &padapter->recvpriv;
2144 struct __queue *pfree_recv_queue = &padapter->recvpriv.free_recv_queue;
2145
2146 prframe = decryptor(padapter, prframe);
2147 if (!prframe) {
2148 ret = _FAIL;
2149 goto _recv_data_drop;
2150 }
2151
2152 prframe = recvframe_chk_defrag(padapter, prframe);
2153 if (!prframe)
2154 goto _recv_data_drop;
2155
2156 prframe = portctrl(padapter, prframe);
2157 if (!prframe) {
2158 ret = _FAIL;
2159 goto _recv_data_drop;
2160 }
2161
2162 count_rx_stats(padapter, prframe, NULL);
2163
2164 ret = process_recv_indicatepkts(padapter, prframe);
2165 if (ret != _SUCCESS) {
2166 rtw_free_recvframe(orig_prframe, pfree_recv_queue);/* free this recv_frame */
2167 goto _recv_data_drop;
2168 }
2169
2170 _recv_data_drop:
2171 precvpriv->rx_drop++;
2172 return ret;
2173 }
2174
recv_func(struct adapter * padapter,union recv_frame * rframe)2175 static int recv_func(struct adapter *padapter, union recv_frame *rframe)
2176 {
2177 int ret;
2178 struct rx_pkt_attrib *prxattrib = &rframe->u.hdr.attrib;
2179 struct recv_priv *recvpriv = &padapter->recvpriv;
2180 struct security_priv *psecuritypriv = &padapter->securitypriv;
2181 struct mlme_priv *mlmepriv = &padapter->mlmepriv;
2182
2183 /* check if need to handle uc_swdec_pending_queue*/
2184 if (check_fwstate(mlmepriv, WIFI_STATION_STATE) && psecuritypriv->busetkipkey) {
2185 union recv_frame *pending_frame;
2186
2187 while ((pending_frame = rtw_alloc_recvframe(&padapter->recvpriv.uc_swdec_pending_queue)))
2188 recv_func_posthandle(padapter, pending_frame);
2189 }
2190
2191 ret = recv_func_prehandle(padapter, rframe);
2192
2193 if (ret == _SUCCESS) {
2194
2195 /* check if need to enqueue into uc_swdec_pending_queue*/
2196 if (check_fwstate(mlmepriv, WIFI_STATION_STATE) &&
2197 !is_multicast_ether_addr(prxattrib->ra) && prxattrib->encrypt > 0 &&
2198 (prxattrib->bdecrypted == 0 || psecuritypriv->sw_decrypt == true) &&
2199 psecuritypriv->ndisauthtype == Ndis802_11AuthModeWPAPSK &&
2200 !psecuritypriv->busetkipkey) {
2201 rtw_enqueue_recvframe(rframe, &padapter->recvpriv.uc_swdec_pending_queue);
2202
2203 if (recvpriv->free_recvframe_cnt < NR_RECVFRAME/4) {
2204 /* to prevent from recvframe starvation, get recvframe from uc_swdec_pending_queue to free_recvframe_cnt */
2205 rframe = rtw_alloc_recvframe(&padapter->recvpriv.uc_swdec_pending_queue);
2206 if (rframe)
2207 goto do_posthandle;
2208 }
2209 goto exit;
2210 }
2211
2212 do_posthandle:
2213 ret = recv_func_posthandle(padapter, rframe);
2214 }
2215
2216 exit:
2217 return ret;
2218 }
2219
2220
rtw_recv_entry(union recv_frame * precvframe)2221 s32 rtw_recv_entry(union recv_frame *precvframe)
2222 {
2223 struct adapter *padapter;
2224 struct recv_priv *precvpriv;
2225 s32 ret = _SUCCESS;
2226
2227 padapter = precvframe->u.hdr.adapter;
2228
2229 precvpriv = &padapter->recvpriv;
2230
2231 ret = recv_func(padapter, precvframe);
2232 if (ret == _FAIL)
2233 goto _recv_entry_drop;
2234
2235 precvpriv->rx_pkts++;
2236
2237 return ret;
2238
2239 _recv_entry_drop:
2240
2241 return ret;
2242 }
2243
rtw_signal_stat_timer_hdl(struct timer_list * t)2244 static void rtw_signal_stat_timer_hdl(struct timer_list *t)
2245 {
2246 struct adapter *adapter =
2247 timer_container_of(adapter, t, recvpriv.signal_stat_timer);
2248 struct recv_priv *recvpriv = &adapter->recvpriv;
2249
2250 u32 tmp_s, tmp_q;
2251 u8 avg_signal_strength = 0;
2252 u8 avg_signal_qual = 0;
2253 u32 num_signal_strength = 0;
2254 u32 __maybe_unused num_signal_qual = 0;
2255 u8 _alpha = 5; /* this value is based on converging_constant = 5000 and sampling_interval = 1000 */
2256
2257 if (adapter->recvpriv.is_signal_dbg) {
2258 /* update the user specific value, signal_strength_dbg, to signal_strength, rssi */
2259 adapter->recvpriv.signal_strength = adapter->recvpriv.signal_strength_dbg;
2260 adapter->recvpriv.rssi = (s8)translate_percentage_to_dbm((u8)adapter->recvpriv.signal_strength_dbg);
2261 } else {
2262
2263 if (recvpriv->signal_strength_data.update_req == 0) {/* update_req is clear, means we got rx */
2264 avg_signal_strength = recvpriv->signal_strength_data.avg_val;
2265 num_signal_strength = recvpriv->signal_strength_data.total_num;
2266 /* after avg_vals are acquired, we can re-stat the signal values */
2267 recvpriv->signal_strength_data.update_req = 1;
2268 }
2269
2270 if (recvpriv->signal_qual_data.update_req == 0) {/* update_req is clear, means we got rx */
2271 avg_signal_qual = recvpriv->signal_qual_data.avg_val;
2272 num_signal_qual = recvpriv->signal_qual_data.total_num;
2273 /* after avg_vals are acquired, we can re-stat the signal values */
2274 recvpriv->signal_qual_data.update_req = 1;
2275 }
2276
2277 if (num_signal_strength == 0) {
2278 if (rtw_get_on_cur_ch_time(adapter) == 0 ||
2279 jiffies_to_msecs(jiffies - rtw_get_on_cur_ch_time(adapter)) < 2 * adapter->mlmeextpriv.mlmext_info.bcn_interval
2280 ) {
2281 goto set_timer;
2282 }
2283 }
2284
2285 if (check_fwstate(&adapter->mlmepriv, _FW_UNDER_SURVEY) == true ||
2286 check_fwstate(&adapter->mlmepriv, _FW_LINKED) == false
2287 ) {
2288 goto set_timer;
2289 }
2290
2291 /* update value of signal_strength, rssi, signal_qual */
2292 tmp_s = (avg_signal_strength+(_alpha-1)*recvpriv->signal_strength);
2293 if (tmp_s % _alpha)
2294 tmp_s = tmp_s/_alpha + 1;
2295 else
2296 tmp_s = tmp_s/_alpha;
2297 if (tmp_s > 100)
2298 tmp_s = 100;
2299
2300 tmp_q = (avg_signal_qual+(_alpha-1)*recvpriv->signal_qual);
2301 if (tmp_q % _alpha)
2302 tmp_q = tmp_q/_alpha + 1;
2303 else
2304 tmp_q = tmp_q/_alpha;
2305 if (tmp_q > 100)
2306 tmp_q = 100;
2307
2308 recvpriv->signal_strength = tmp_s;
2309 recvpriv->rssi = (s8)translate_percentage_to_dbm(tmp_s);
2310 recvpriv->signal_qual = tmp_q;
2311 }
2312
2313 set_timer:
2314 rtw_set_signal_stat_timer(recvpriv);
2315
2316 }
2317