1 // SPDX-License-Identifier: GPL-2.0
2 /******************************************************************************
3 *
4 * Copyright(c) 2007 - 2012 Realtek Corporation. All rights reserved.
5 *
6 ******************************************************************************/
7 #include <drv_types.h>
8 #include <linux/jiffies.h>
9 #include <rtw_recv.h>
10 #include <net/cfg80211.h>
11 #include <linux/unaligned.h>
12
13 static u8 SNAP_ETH_TYPE_IPX[2] = {0x81, 0x37};
14 static u8 SNAP_ETH_TYPE_APPLETALK_AARP[2] = {0x80, 0xf3};
15
16 static void rtw_signal_stat_timer_hdl(struct timer_list *t);
17
_rtw_init_sta_recv_priv(struct sta_recv_priv * psta_recvpriv)18 void _rtw_init_sta_recv_priv(struct sta_recv_priv *psta_recvpriv)
19 {
20 memset((u8 *)psta_recvpriv, 0, sizeof(struct sta_recv_priv));
21
22 spin_lock_init(&psta_recvpriv->lock);
23
24 /* for (i = 0; i<MAX_RX_NUMBLKS; i++) */
25 /* _rtw_init_queue(&psta_recvpriv->blk_strms[i]); */
26
27 INIT_LIST_HEAD(&psta_recvpriv->defrag_q.queue);
28 spin_lock_init(&psta_recvpriv->defrag_q.lock);
29 }
30
_rtw_init_recv_priv(struct recv_priv * precvpriv,struct adapter * padapter)31 signed int _rtw_init_recv_priv(struct recv_priv *precvpriv, struct adapter *padapter)
32 {
33 signed int i;
34 union recv_frame *precvframe;
35 signed int res = _SUCCESS;
36
37 spin_lock_init(&precvpriv->lock);
38
39 INIT_LIST_HEAD(&precvpriv->free_recv_queue.queue);
40 spin_lock_init(&precvpriv->free_recv_queue.lock);
41 INIT_LIST_HEAD(&precvpriv->recv_pending_queue.queue);
42 spin_lock_init(&precvpriv->recv_pending_queue.lock);
43 INIT_LIST_HEAD(&precvpriv->uc_swdec_pending_queue.queue);
44 spin_lock_init(&precvpriv->uc_swdec_pending_queue.lock);
45
46 precvpriv->adapter = padapter;
47
48 precvpriv->free_recvframe_cnt = NR_RECVFRAME;
49
50 precvpriv->pallocated_frame_buf = vzalloc(NR_RECVFRAME * sizeof(union recv_frame) + RXFRAME_ALIGN_SZ);
51
52 if (!precvpriv->pallocated_frame_buf) {
53 res = _FAIL;
54 goto exit;
55 }
56
57 precvpriv->precv_frame_buf = (u8 *)N_BYTE_ALIGMENT((SIZE_PTR)(precvpriv->pallocated_frame_buf), RXFRAME_ALIGN_SZ);
58 /* precvpriv->precv_frame_buf = precvpriv->pallocated_frame_buf + RXFRAME_ALIGN_SZ - */
59 /* ((SIZE_PTR) (precvpriv->pallocated_frame_buf) &(RXFRAME_ALIGN_SZ-1)); */
60
61 precvframe = (union recv_frame *) precvpriv->precv_frame_buf;
62
63
64 for (i = 0; i < NR_RECVFRAME; i++) {
65 INIT_LIST_HEAD(&(precvframe->u.list));
66
67 list_add_tail(&(precvframe->u.list), &(precvpriv->free_recv_queue.queue));
68
69 rtw_os_recv_resource_alloc(padapter, precvframe);
70
71 precvframe->u.hdr.len = 0;
72
73 precvframe->u.hdr.adapter = padapter;
74 precvframe++;
75
76 }
77
78 res = rtw_hal_init_recv_priv(padapter);
79
80 timer_setup(&precvpriv->signal_stat_timer, rtw_signal_stat_timer_hdl,
81 0);
82
83 precvpriv->signal_stat_sampling_interval = 2000; /* ms */
84
85 rtw_set_signal_stat_timer(precvpriv);
86
87 exit:
88 return res;
89 }
90
_rtw_free_recv_priv(struct recv_priv * precvpriv)91 void _rtw_free_recv_priv(struct recv_priv *precvpriv)
92 {
93 struct adapter *padapter = precvpriv->adapter;
94
95 rtw_free_uc_swdec_pending_queue(padapter);
96
97 rtw_os_recv_resource_free(precvpriv);
98
99 vfree(precvpriv->pallocated_frame_buf);
100
101 rtw_hal_free_recv_priv(padapter);
102 }
103
_rtw_alloc_recvframe(struct __queue * pfree_recv_queue)104 union recv_frame *_rtw_alloc_recvframe(struct __queue *pfree_recv_queue)
105 {
106
107 union recv_frame *precvframe;
108 struct list_head *plist, *phead;
109 struct adapter *padapter;
110 struct recv_priv *precvpriv;
111
112 if (list_empty(&pfree_recv_queue->queue))
113 precvframe = NULL;
114 else {
115 phead = get_list_head(pfree_recv_queue);
116
117 plist = get_next(phead);
118
119 precvframe = (union recv_frame *)plist;
120
121 list_del_init(&precvframe->u.hdr.list);
122 padapter = precvframe->u.hdr.adapter;
123 if (padapter) {
124 precvpriv = &padapter->recvpriv;
125 if (pfree_recv_queue == &precvpriv->free_recv_queue)
126 precvpriv->free_recvframe_cnt--;
127 }
128 }
129 return precvframe;
130 }
131
rtw_alloc_recvframe(struct __queue * pfree_recv_queue)132 union recv_frame *rtw_alloc_recvframe(struct __queue *pfree_recv_queue)
133 {
134 union recv_frame *precvframe;
135
136 spin_lock_bh(&pfree_recv_queue->lock);
137
138 precvframe = _rtw_alloc_recvframe(pfree_recv_queue);
139
140 spin_unlock_bh(&pfree_recv_queue->lock);
141
142 return precvframe;
143 }
144
rtw_free_recvframe(union recv_frame * precvframe,struct __queue * pfree_recv_queue)145 int rtw_free_recvframe(union recv_frame *precvframe, struct __queue *pfree_recv_queue)
146 {
147 struct adapter *padapter = precvframe->u.hdr.adapter;
148 struct recv_priv *precvpriv = &padapter->recvpriv;
149
150 rtw_os_free_recvframe(precvframe);
151
152
153 spin_lock_bh(&pfree_recv_queue->lock);
154
155 list_del_init(&(precvframe->u.hdr.list));
156
157 precvframe->u.hdr.len = 0;
158
159 list_add_tail(&(precvframe->u.hdr.list), get_list_head(pfree_recv_queue));
160
161 if (padapter) {
162 if (pfree_recv_queue == &precvpriv->free_recv_queue)
163 precvpriv->free_recvframe_cnt++;
164 }
165 spin_unlock_bh(&pfree_recv_queue->lock);
166 return _SUCCESS;
167 }
168
169
170
171
_rtw_enqueue_recvframe(union recv_frame * precvframe,struct __queue * queue)172 signed int _rtw_enqueue_recvframe(union recv_frame *precvframe, struct __queue *queue)
173 {
174
175 struct adapter *padapter = precvframe->u.hdr.adapter;
176 struct recv_priv *precvpriv = &padapter->recvpriv;
177
178 /* INIT_LIST_HEAD(&(precvframe->u.hdr.list)); */
179 list_del_init(&(precvframe->u.hdr.list));
180
181
182 list_add_tail(&(precvframe->u.hdr.list), get_list_head(queue));
183
184 if (padapter)
185 if (queue == &precvpriv->free_recv_queue)
186 precvpriv->free_recvframe_cnt++;
187
188 return _SUCCESS;
189 }
190
rtw_enqueue_recvframe(union recv_frame * precvframe,struct __queue * queue)191 signed int rtw_enqueue_recvframe(union recv_frame *precvframe, struct __queue *queue)
192 {
193 signed int ret;
194
195 /* _spinlock(&pfree_recv_queue->lock); */
196 spin_lock_bh(&queue->lock);
197 ret = _rtw_enqueue_recvframe(precvframe, queue);
198 /* spin_unlock(&pfree_recv_queue->lock); */
199 spin_unlock_bh(&queue->lock);
200
201 return ret;
202 }
203
204 /*
205 * caller : defrag ; recvframe_chk_defrag in recv_thread (passive)
206 * pframequeue: defrag_queue : will be accessed in recv_thread (passive)
207 *
208 * using spinlock to protect
209 *
210 */
211
rtw_free_recvframe_queue(struct __queue * pframequeue,struct __queue * pfree_recv_queue)212 void rtw_free_recvframe_queue(struct __queue *pframequeue, struct __queue *pfree_recv_queue)
213 {
214 union recv_frame *precvframe;
215 struct list_head *plist, *phead;
216
217 spin_lock(&pframequeue->lock);
218
219 phead = get_list_head(pframequeue);
220 plist = get_next(phead);
221
222 while (phead != plist) {
223 precvframe = (union recv_frame *)plist;
224
225 plist = get_next(plist);
226
227 rtw_free_recvframe(precvframe, pfree_recv_queue);
228 }
229
230 spin_unlock(&pframequeue->lock);
231 }
232
rtw_free_uc_swdec_pending_queue(struct adapter * adapter)233 u32 rtw_free_uc_swdec_pending_queue(struct adapter *adapter)
234 {
235 u32 cnt = 0;
236 union recv_frame *pending_frame;
237
238 while ((pending_frame = rtw_alloc_recvframe(&adapter->recvpriv.uc_swdec_pending_queue))) {
239 rtw_free_recvframe(pending_frame, &adapter->recvpriv.free_recv_queue);
240 cnt++;
241 }
242
243 return cnt;
244 }
245
246
rtw_enqueue_recvbuf_to_head(struct recv_buf * precvbuf,struct __queue * queue)247 signed int rtw_enqueue_recvbuf_to_head(struct recv_buf *precvbuf, struct __queue *queue)
248 {
249 spin_lock_bh(&queue->lock);
250
251 list_del_init(&precvbuf->list);
252 list_add(&precvbuf->list, get_list_head(queue));
253
254 spin_unlock_bh(&queue->lock);
255
256 return _SUCCESS;
257 }
258
rtw_enqueue_recvbuf(struct recv_buf * precvbuf,struct __queue * queue)259 signed int rtw_enqueue_recvbuf(struct recv_buf *precvbuf, struct __queue *queue)
260 {
261 spin_lock_bh(&queue->lock);
262
263 list_del_init(&precvbuf->list);
264
265 list_add_tail(&precvbuf->list, get_list_head(queue));
266 spin_unlock_bh(&queue->lock);
267 return _SUCCESS;
268
269 }
270
rtw_dequeue_recvbuf(struct __queue * queue)271 struct recv_buf *rtw_dequeue_recvbuf(struct __queue *queue)
272 {
273 struct recv_buf *precvbuf;
274 struct list_head *plist, *phead;
275
276 spin_lock_bh(&queue->lock);
277
278 if (list_empty(&queue->queue))
279 precvbuf = NULL;
280 else {
281 phead = get_list_head(queue);
282
283 plist = get_next(phead);
284
285 precvbuf = container_of(plist, struct recv_buf, list);
286
287 list_del_init(&precvbuf->list);
288
289 }
290
291 spin_unlock_bh(&queue->lock);
292
293 return precvbuf;
294
295 }
296
recvframe_chkmic(struct adapter * adapter,union recv_frame * precvframe)297 static signed int recvframe_chkmic(struct adapter *adapter, union recv_frame *precvframe)
298 {
299
300 signed int i, res = _SUCCESS;
301 u32 datalen;
302 u8 miccode[8];
303 u8 bmic_err = false, brpt_micerror = true;
304 u8 *pframe, *payload, *pframemic;
305 u8 *mickey;
306 /* u8 *iv, rxdata_key_idx = 0; */
307 struct sta_info *stainfo;
308 struct rx_pkt_attrib *prxattrib = &precvframe->u.hdr.attrib;
309 struct security_priv *psecuritypriv = &adapter->securitypriv;
310
311 struct mlme_ext_priv *pmlmeext = &adapter->mlmeextpriv;
312 struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
313
314 stainfo = rtw_get_stainfo(&adapter->stapriv, &prxattrib->ta[0]);
315
316 if (prxattrib->encrypt == _TKIP_) {
317 /* calculate mic code */
318 if (stainfo) {
319 if (is_multicast_ether_addr(prxattrib->ra)) {
320 /* mickey =&psecuritypriv->dot118021XGrprxmickey.skey[0]; */
321 /* iv = precvframe->u.hdr.rx_data+prxattrib->hdrlen; */
322 /* rxdata_key_idx =(((iv[3])>>6)&0x3) ; */
323 mickey = &psecuritypriv->dot118021XGrprxmickey[prxattrib->key_index].skey[0];
324
325 /* psecuritypriv->dot118021XGrpKeyid, pmlmeinfo->key_index, rxdata_key_idx); */
326
327 if (psecuritypriv->binstallGrpkey == false) {
328 res = _FAIL;
329 goto exit;
330 }
331 } else {
332 mickey = &stainfo->dot11tkiprxmickey.skey[0];
333 }
334
335 datalen = precvframe->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len-prxattrib->icv_len-8;/* icv_len included the mic code */
336 pframe = precvframe->u.hdr.rx_data;
337 payload = pframe+prxattrib->hdrlen+prxattrib->iv_len;
338
339 rtw_seccalctkipmic(mickey, pframe, payload, datalen, &miccode[0], (unsigned char)prxattrib->priority); /* care the length of the data */
340
341 pframemic = payload+datalen;
342
343 bmic_err = false;
344
345 for (i = 0; i < 8; i++) {
346 if (miccode[i] != *(pframemic + i))
347 bmic_err = true;
348 }
349
350
351 if (bmic_err == true) {
352 /* double check key_index for some timing issue , */
353 /* cannot compare with psecuritypriv->dot118021XGrpKeyid also cause timing issue */
354 if ((is_multicast_ether_addr(prxattrib->ra) == true) && (prxattrib->key_index != pmlmeinfo->key_index))
355 brpt_micerror = false;
356
357 if (prxattrib->bdecrypted && brpt_micerror)
358 rtw_handle_tkip_mic_err(adapter, (u8)is_multicast_ether_addr(prxattrib->ra));
359
360 res = _FAIL;
361
362 } else {
363 /* mic checked ok */
364 if (!psecuritypriv->bcheck_grpkey &&
365 is_multicast_ether_addr(prxattrib->ra))
366 psecuritypriv->bcheck_grpkey = true;
367 }
368 }
369
370 recvframe_pull_tail(precvframe, 8);
371
372 }
373
374 exit:
375 return res;
376
377 }
378
379 /* decrypt and set the ivlen, icvlen of the recv_frame */
decryptor(struct adapter * padapter,union recv_frame * precv_frame)380 static union recv_frame *decryptor(struct adapter *padapter, union recv_frame *precv_frame)
381 {
382
383 struct rx_pkt_attrib *prxattrib = &precv_frame->u.hdr.attrib;
384 struct security_priv *psecuritypriv = &padapter->securitypriv;
385 union recv_frame *return_packet = precv_frame;
386 u32 res = _SUCCESS;
387
388 if (prxattrib->encrypt > 0) {
389 u8 *iv = precv_frame->u.hdr.rx_data+prxattrib->hdrlen;
390
391 prxattrib->key_index = (((iv[3])>>6)&0x3);
392
393 if (prxattrib->key_index > WEP_KEYS) {
394 switch (prxattrib->encrypt) {
395 case _WEP40_:
396 case _WEP104_:
397 prxattrib->key_index = psecuritypriv->dot11PrivacyKeyIndex;
398 break;
399 case _TKIP_:
400 case _AES_:
401 default:
402 prxattrib->key_index = psecuritypriv->dot118021XGrpKeyid;
403 break;
404 }
405 }
406 }
407
408 if ((prxattrib->encrypt > 0) && ((prxattrib->bdecrypted == 0) || (psecuritypriv->sw_decrypt == true))) {
409 psecuritypriv->hw_decrypted = false;
410
411 switch (prxattrib->encrypt) {
412 case _WEP40_:
413 case _WEP104_:
414 rtw_wep_decrypt(padapter, (u8 *)precv_frame);
415 break;
416 case _TKIP_:
417 res = rtw_tkip_decrypt(padapter, (u8 *)precv_frame);
418 break;
419 case _AES_:
420 res = rtw_aes_decrypt(padapter, (u8 *)precv_frame);
421 break;
422 default:
423 break;
424 }
425 } else if (prxattrib->bdecrypted == 1 && prxattrib->encrypt > 0 &&
426 (psecuritypriv->busetkipkey == 1 || prxattrib->encrypt != _TKIP_)
427 ) {
428 psecuritypriv->hw_decrypted = true;
429 } else {
430 }
431
432 if (res == _FAIL) {
433 rtw_free_recvframe(return_packet, &padapter->recvpriv.free_recv_queue);
434 return_packet = NULL;
435 } else
436 prxattrib->bdecrypted = true;
437
438 return return_packet;
439 }
440
441 /* set the security information in the recv_frame */
portctrl(struct adapter * adapter,union recv_frame * precv_frame)442 static union recv_frame *portctrl(struct adapter *adapter, union recv_frame *precv_frame)
443 {
444 u8 *psta_addr = NULL;
445 u8 *ptr;
446 uint auth_alg;
447 struct recv_frame_hdr *pfhdr;
448 struct sta_info *psta;
449 struct sta_priv *pstapriv;
450 union recv_frame *prtnframe;
451 u16 ether_type = 0;
452 u16 eapol_type = 0x888e;/* for Funia BD's WPA issue */
453 struct rx_pkt_attrib *pattrib;
454
455 pstapriv = &adapter->stapriv;
456
457 auth_alg = adapter->securitypriv.dot11AuthAlgrthm;
458
459 ptr = precv_frame->u.hdr.rx_data;
460 pfhdr = &precv_frame->u.hdr;
461 pattrib = &pfhdr->attrib;
462 psta_addr = pattrib->ta;
463
464 prtnframe = NULL;
465
466 psta = rtw_get_stainfo(pstapriv, psta_addr);
467
468 if (auth_alg == 2) {
469 if ((psta) && (psta->ieee8021x_blocked)) {
470 __be16 be_tmp;
471
472 /* blocked */
473 /* only accept EAPOL frame */
474
475 prtnframe = precv_frame;
476
477 /* get ether_type */
478 ptr = ptr + pfhdr->attrib.hdrlen + pfhdr->attrib.iv_len + LLC_HEADER_LENGTH;
479 memcpy(&be_tmp, ptr, 2);
480 ether_type = ntohs(be_tmp);
481
482 if (ether_type == eapol_type)
483 prtnframe = precv_frame;
484 else {
485 /* free this frame */
486 rtw_free_recvframe(precv_frame, &adapter->recvpriv.free_recv_queue);
487 prtnframe = NULL;
488 }
489 } else {
490 /* allowed */
491 /* check decryption status, and decrypt the frame if needed */
492
493 prtnframe = precv_frame;
494 /* check is the EAPOL frame or not (Rekey) */
495 /* if (ether_type == eapol_type) { */
496 /* check Rekey */
497
498 /* prtnframe =precv_frame; */
499 /* */
500 /* else { */
501 /* */
502 }
503 } else
504 prtnframe = precv_frame;
505
506 return prtnframe;
507 }
508
recv_decache(union recv_frame * precv_frame,u8 bretry,struct stainfo_rxcache * prxcache)509 static signed int recv_decache(union recv_frame *precv_frame, u8 bretry, struct stainfo_rxcache *prxcache)
510 {
511 signed int tid = precv_frame->u.hdr.attrib.priority;
512
513 u16 seq_ctrl = ((precv_frame->u.hdr.attrib.seq_num&0xffff) << 4) |
514 (precv_frame->u.hdr.attrib.frag_num & 0xf);
515
516 if (tid > 15)
517 return _FAIL;
518
519 if (1) { /* if (bretry) */
520 if (seq_ctrl == prxcache->tid_rxseq[tid])
521 return _FAIL;
522 }
523
524 prxcache->tid_rxseq[tid] = seq_ctrl;
525
526 return _SUCCESS;
527
528 }
529
process_pwrbit_data(struct adapter * padapter,union recv_frame * precv_frame)530 static void process_pwrbit_data(struct adapter *padapter, union recv_frame *precv_frame)
531 {
532 unsigned char pwrbit;
533 u8 *ptr = precv_frame->u.hdr.rx_data;
534 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
535 struct sta_priv *pstapriv = &padapter->stapriv;
536 struct sta_info *psta = NULL;
537
538 psta = rtw_get_stainfo(pstapriv, pattrib->src);
539
540 pwrbit = GetPwrMgt(ptr);
541
542 if (psta) {
543 if (pwrbit) {
544 if (!(psta->state & WIFI_SLEEP_STATE)) {
545 /* psta->state |= WIFI_SLEEP_STATE; */
546 /* pstapriv->sta_dz_bitmap |= BIT(psta->aid); */
547
548 stop_sta_xmit(padapter, psta);
549
550 }
551 } else {
552 if (psta->state & WIFI_SLEEP_STATE) {
553 /* psta->state ^= WIFI_SLEEP_STATE; */
554 /* pstapriv->sta_dz_bitmap &= ~BIT(psta->aid); */
555
556 wakeup_sta_to_xmit(padapter, psta);
557 }
558 }
559
560 }
561 }
562
process_wmmps_data(struct adapter * padapter,union recv_frame * precv_frame)563 static void process_wmmps_data(struct adapter *padapter, union recv_frame *precv_frame)
564 {
565 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
566 struct sta_priv *pstapriv = &padapter->stapriv;
567 struct sta_info *psta = NULL;
568
569 psta = rtw_get_stainfo(pstapriv, pattrib->src);
570
571 if (!psta)
572 return;
573
574 if (!psta->qos_option)
575 return;
576
577 if (!(psta->qos_info&0xf))
578 return;
579
580 if (psta->state&WIFI_SLEEP_STATE) {
581 u8 wmmps_ac = 0;
582
583 switch (pattrib->priority) {
584 case 1:
585 case 2:
586 wmmps_ac = psta->uapsd_bk&BIT(1);
587 break;
588 case 4:
589 case 5:
590 wmmps_ac = psta->uapsd_vi&BIT(1);
591 break;
592 case 6:
593 case 7:
594 wmmps_ac = psta->uapsd_vo&BIT(1);
595 break;
596 case 0:
597 case 3:
598 default:
599 wmmps_ac = psta->uapsd_be&BIT(1);
600 break;
601 }
602
603 if (wmmps_ac) {
604 if (psta->sleepq_ac_len > 0)
605 /* process received triggered frame */
606 xmit_delivery_enabled_frames(padapter, psta);
607 else
608 /* issue one qos null frame with More data bit = 0 and the EOSP bit set (= 1) */
609 issue_qos_nulldata(padapter, psta->hwaddr, (u16)pattrib->priority, 0, 0);
610 }
611 }
612 }
613
count_rx_stats(struct adapter * padapter,union recv_frame * prframe,struct sta_info * sta)614 static void count_rx_stats(struct adapter *padapter, union recv_frame *prframe, struct sta_info *sta)
615 {
616 int sz;
617 struct sta_info *psta = NULL;
618 struct stainfo_stats *pstats = NULL;
619 struct rx_pkt_attrib *pattrib = &prframe->u.hdr.attrib;
620 struct recv_priv *precvpriv = &padapter->recvpriv;
621
622 sz = get_recvframe_len(prframe);
623 precvpriv->rx_bytes += sz;
624
625 padapter->mlmepriv.LinkDetectInfo.NumRxOkInPeriod++;
626
627 if ((!is_broadcast_ether_addr(pattrib->dst)) && (!is_multicast_ether_addr(pattrib->dst)))
628 padapter->mlmepriv.LinkDetectInfo.NumRxUnicastOkInPeriod++;
629
630 if (sta)
631 psta = sta;
632 else
633 psta = prframe->u.hdr.psta;
634
635 if (psta) {
636 pstats = &psta->sta_stats;
637
638 pstats->rx_data_pkts++;
639 pstats->rx_bytes += sz;
640 }
641
642 traffic_check_for_leave_lps(padapter, false, 0);
643 }
644
sta2sta_data_frame(struct adapter * adapter,union recv_frame * precv_frame,struct sta_info ** psta)645 static signed int sta2sta_data_frame(struct adapter *adapter, union recv_frame *precv_frame,
646 struct sta_info **psta)
647 {
648 u8 *ptr = precv_frame->u.hdr.rx_data;
649 signed int ret = _SUCCESS;
650 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
651 struct sta_priv *pstapriv = &adapter->stapriv;
652 struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
653 u8 *mybssid = get_bssid(pmlmepriv);
654 u8 *myhwaddr = myid(&adapter->eeprompriv);
655 u8 *sta_addr = NULL;
656 signed int bmcast = is_multicast_ether_addr(pattrib->dst);
657
658 if ((check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) == true) ||
659 (check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE) == true)) {
660
661 /* filter packets that SA is myself or multicast or broadcast */
662 if (!memcmp(myhwaddr, pattrib->src, ETH_ALEN)) {
663 ret = _FAIL;
664 goto exit;
665 }
666
667 if ((memcmp(myhwaddr, pattrib->dst, ETH_ALEN)) && (!bmcast)) {
668 ret = _FAIL;
669 goto exit;
670 }
671
672 if (is_zero_ether_addr(pattrib->bssid) ||
673 is_zero_ether_addr(mybssid) ||
674 (memcmp(pattrib->bssid, mybssid, ETH_ALEN))) {
675 ret = _FAIL;
676 goto exit;
677 }
678
679 sta_addr = pattrib->src;
680
681 } else if (check_fwstate(pmlmepriv, WIFI_STATION_STATE) == true) {
682 /* For Station mode, sa and bssid should always be BSSID, and DA is my mac-address */
683 if (memcmp(pattrib->bssid, pattrib->src, ETH_ALEN)) {
684 ret = _FAIL;
685 goto exit;
686 }
687
688 sta_addr = pattrib->bssid;
689 } else if (check_fwstate(pmlmepriv, WIFI_AP_STATE) == true) {
690 if (bmcast) {
691 /* For AP mode, if DA == MCAST, then BSSID should be also MCAST */
692 if (!is_multicast_ether_addr(pattrib->bssid)) {
693 ret = _FAIL;
694 goto exit;
695 }
696 } else { /* not mc-frame */
697 /* For AP mode, if DA is non-MCAST, then it must be BSSID, and bssid == BSSID */
698 if (memcmp(pattrib->bssid, pattrib->dst, ETH_ALEN)) {
699 ret = _FAIL;
700 goto exit;
701 }
702
703 sta_addr = pattrib->src;
704 }
705
706 } else if (check_fwstate(pmlmepriv, WIFI_MP_STATE) == true) {
707 memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
708 memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
709 memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
710 memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
711 memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
712
713 sta_addr = mybssid;
714 } else
715 ret = _FAIL;
716
717
718
719 if (bmcast)
720 *psta = rtw_get_bcmc_stainfo(adapter);
721 else
722 *psta = rtw_get_stainfo(pstapriv, sta_addr); /* get ap_info */
723
724 if (!*psta) {
725 ret = _FAIL;
726 goto exit;
727 }
728
729 exit:
730 return ret;
731 }
732
ap2sta_data_frame(struct adapter * adapter,union recv_frame * precv_frame,struct sta_info ** psta)733 static signed int ap2sta_data_frame(struct adapter *adapter, union recv_frame *precv_frame,
734 struct sta_info **psta)
735 {
736 u8 *ptr = precv_frame->u.hdr.rx_data;
737 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
738 signed int ret = _SUCCESS;
739 struct sta_priv *pstapriv = &adapter->stapriv;
740 struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
741 u8 *mybssid = get_bssid(pmlmepriv);
742 u8 *myhwaddr = myid(&adapter->eeprompriv);
743 signed int bmcast = is_multicast_ether_addr(pattrib->dst);
744
745 if ((check_fwstate(pmlmepriv, WIFI_STATION_STATE) == true) &&
746 (check_fwstate(pmlmepriv, _FW_LINKED) == true ||
747 check_fwstate(pmlmepriv, _FW_UNDER_LINKING) == true)
748 ) {
749
750 /* filter packets that SA is myself or multicast or broadcast */
751 if (!memcmp(myhwaddr, pattrib->src, ETH_ALEN)) {
752 ret = _FAIL;
753 goto exit;
754 }
755
756 /* da should be for me */
757 if ((memcmp(myhwaddr, pattrib->dst, ETH_ALEN)) && (!bmcast)) {
758 ret = _FAIL;
759 goto exit;
760 }
761
762
763 /* check BSSID */
764 if (is_zero_ether_addr(pattrib->bssid) ||
765 is_zero_ether_addr(mybssid) ||
766 (memcmp(pattrib->bssid, mybssid, ETH_ALEN))) {
767
768 if (!bmcast)
769 issue_deauth(adapter, pattrib->bssid, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
770
771 ret = _FAIL;
772 goto exit;
773 }
774
775 if (bmcast)
776 *psta = rtw_get_bcmc_stainfo(adapter);
777 else
778 *psta = rtw_get_stainfo(pstapriv, pattrib->bssid); /* get ap_info */
779
780 if (!*psta) {
781 ret = _FAIL;
782 goto exit;
783 }
784
785 if (GetFrameSubType(ptr) & BIT(6)) {
786 /* No data, will not indicate to upper layer, temporily count it here */
787 count_rx_stats(adapter, precv_frame, *psta);
788 ret = RTW_RX_HANDLED;
789 goto exit;
790 }
791
792 } else if ((check_fwstate(pmlmepriv, WIFI_MP_STATE) == true) &&
793 (check_fwstate(pmlmepriv, _FW_LINKED) == true)) {
794 memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
795 memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
796 memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
797 memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
798 memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
799
800 /* */
801 memcpy(pattrib->bssid, mybssid, ETH_ALEN);
802
803
804 *psta = rtw_get_stainfo(pstapriv, pattrib->bssid); /* get sta_info */
805 if (!*psta) {
806 ret = _FAIL;
807 goto exit;
808 }
809
810
811 } else if (check_fwstate(pmlmepriv, WIFI_AP_STATE) == true) {
812 /* Special case */
813 ret = RTW_RX_HANDLED;
814 goto exit;
815 } else {
816 if (!memcmp(myhwaddr, pattrib->dst, ETH_ALEN) && (!bmcast)) {
817 *psta = rtw_get_stainfo(pstapriv, pattrib->bssid); /* get sta_info */
818 if (!*psta) {
819
820 /* for AP multicast issue , modify by yiwei */
821 static unsigned long send_issue_deauth_time;
822
823 if (jiffies_to_msecs(jiffies - send_issue_deauth_time) > 10000 || send_issue_deauth_time == 0) {
824 send_issue_deauth_time = jiffies;
825
826 issue_deauth(adapter, pattrib->bssid, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
827 }
828 }
829 }
830
831 ret = _FAIL;
832 }
833
834 exit:
835 return ret;
836 }
837
sta2ap_data_frame(struct adapter * adapter,union recv_frame * precv_frame,struct sta_info ** psta)838 static signed int sta2ap_data_frame(struct adapter *adapter, union recv_frame *precv_frame,
839 struct sta_info **psta)
840 {
841 u8 *ptr = precv_frame->u.hdr.rx_data;
842 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
843 struct sta_priv *pstapriv = &adapter->stapriv;
844 struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
845 unsigned char *mybssid = get_bssid(pmlmepriv);
846 signed int ret = _SUCCESS;
847
848 if (check_fwstate(pmlmepriv, WIFI_AP_STATE) == true) {
849 /* For AP mode, RA =BSSID, TX =STA(SRC_ADDR), A3 =DST_ADDR */
850 if (memcmp(pattrib->bssid, mybssid, ETH_ALEN)) {
851 ret = _FAIL;
852 goto exit;
853 }
854
855 *psta = rtw_get_stainfo(pstapriv, pattrib->src);
856 if (!*psta) {
857 issue_deauth(adapter, pattrib->src, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
858
859 ret = RTW_RX_HANDLED;
860 goto exit;
861 }
862
863 process_pwrbit_data(adapter, precv_frame);
864
865 if ((GetFrameSubType(ptr) & WIFI_QOS_DATA_TYPE) == WIFI_QOS_DATA_TYPE)
866 process_wmmps_data(adapter, precv_frame);
867
868 if (GetFrameSubType(ptr) & BIT(6)) {
869 /* No data, will not indicate to upper layer, temporily count it here */
870 count_rx_stats(adapter, precv_frame, *psta);
871 ret = RTW_RX_HANDLED;
872 goto exit;
873 }
874 } else {
875 u8 *myhwaddr = myid(&adapter->eeprompriv);
876
877 if (memcmp(pattrib->ra, myhwaddr, ETH_ALEN)) {
878 ret = RTW_RX_HANDLED;
879 goto exit;
880 }
881 issue_deauth(adapter, pattrib->src, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
882 ret = RTW_RX_HANDLED;
883 goto exit;
884 }
885
886 exit:
887 return ret;
888 }
889
validate_recv_ctrl_frame(struct adapter * padapter,union recv_frame * precv_frame)890 static signed int validate_recv_ctrl_frame(struct adapter *padapter, union recv_frame *precv_frame)
891 {
892 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
893 struct sta_priv *pstapriv = &padapter->stapriv;
894 u8 *pframe = precv_frame->u.hdr.rx_data;
895 struct sta_info *psta = NULL;
896 /* uint len = precv_frame->u.hdr.len; */
897
898 if (GetFrameType(pframe) != WIFI_CTRL_TYPE)
899 return _FAIL;
900
901 /* receive the frames that ra(a1) is my address */
902 if (memcmp(GetAddr1Ptr(pframe), myid(&padapter->eeprompriv), ETH_ALEN))
903 return _FAIL;
904
905 psta = rtw_get_stainfo(pstapriv, GetAddr2Ptr(pframe));
906 if (!psta)
907 return _FAIL;
908
909 /* for rx pkt statistics */
910 psta->sta_stats.rx_ctrl_pkts++;
911
912 /* only handle ps-poll */
913 if (GetFrameSubType(pframe) == WIFI_PSPOLL) {
914 u16 aid;
915 u8 wmmps_ac = 0;
916
917 aid = GetAid(pframe);
918 if (psta->aid != aid)
919 return _FAIL;
920
921 switch (pattrib->priority) {
922 case 1:
923 case 2:
924 wmmps_ac = psta->uapsd_bk&BIT(0);
925 break;
926 case 4:
927 case 5:
928 wmmps_ac = psta->uapsd_vi&BIT(0);
929 break;
930 case 6:
931 case 7:
932 wmmps_ac = psta->uapsd_vo&BIT(0);
933 break;
934 case 0:
935 case 3:
936 default:
937 wmmps_ac = psta->uapsd_be&BIT(0);
938 break;
939 }
940
941 if (wmmps_ac)
942 return _FAIL;
943
944 if (psta->state & WIFI_STA_ALIVE_CHK_STATE) {
945 psta->expire_to = pstapriv->expire_to;
946 psta->state ^= WIFI_STA_ALIVE_CHK_STATE;
947 }
948
949 if ((psta->state&WIFI_SLEEP_STATE) && (pstapriv->sta_dz_bitmap&BIT(psta->aid))) {
950 struct list_head *xmitframe_plist, *xmitframe_phead;
951 struct xmit_frame *pxmitframe = NULL;
952 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
953
954 /* spin_lock_bh(&psta->sleep_q.lock); */
955 spin_lock_bh(&pxmitpriv->lock);
956
957 xmitframe_phead = get_list_head(&psta->sleep_q);
958 xmitframe_plist = get_next(xmitframe_phead);
959
960 if (xmitframe_phead != xmitframe_plist) {
961 pxmitframe = container_of(xmitframe_plist, struct xmit_frame, list);
962
963 xmitframe_plist = get_next(xmitframe_plist);
964
965 list_del_init(&pxmitframe->list);
966
967 psta->sleepq_len--;
968
969 if (psta->sleepq_len > 0)
970 pxmitframe->attrib.mdata = 1;
971 else
972 pxmitframe->attrib.mdata = 0;
973
974 pxmitframe->attrib.triggered = 1;
975
976 rtw_hal_xmitframe_enqueue(padapter, pxmitframe);
977
978 if (psta->sleepq_len == 0) {
979 pstapriv->tim_bitmap &= ~BIT(psta->aid);
980
981 /* update BCN for TIM IE */
982 /* update_BCNTIM(padapter); */
983 update_beacon(padapter, WLAN_EID_TIM, NULL, true);
984 }
985
986 /* spin_unlock_bh(&psta->sleep_q.lock); */
987 spin_unlock_bh(&pxmitpriv->lock);
988
989 } else {
990 /* spin_unlock_bh(&psta->sleep_q.lock); */
991 spin_unlock_bh(&pxmitpriv->lock);
992
993 if (pstapriv->tim_bitmap&BIT(psta->aid)) {
994 if (psta->sleepq_len == 0) {
995 /* issue nulldata with More data bit = 0 to indicate we have no buffered packets */
996 issue_nulldata_in_interrupt(padapter, psta->hwaddr);
997 } else {
998 psta->sleepq_len = 0;
999 }
1000
1001 pstapriv->tim_bitmap &= ~BIT(psta->aid);
1002
1003 /* update BCN for TIM IE */
1004 /* update_BCNTIM(padapter); */
1005 update_beacon(padapter, WLAN_EID_TIM, NULL, true);
1006 }
1007 }
1008 }
1009 }
1010
1011 return _FAIL;
1012
1013 }
1014
1015 /* perform defrag */
recvframe_defrag(struct adapter * adapter,struct __queue * defrag_q)1016 static union recv_frame *recvframe_defrag(struct adapter *adapter,
1017 struct __queue *defrag_q)
1018 {
1019 struct list_head *plist, *phead;
1020 u8 wlanhdr_offset;
1021 u8 curfragnum;
1022 struct recv_frame_hdr *pfhdr, *pnfhdr;
1023 union recv_frame *prframe, *pnextrframe;
1024 struct __queue *pfree_recv_queue;
1025
1026 curfragnum = 0;
1027 pfree_recv_queue = &adapter->recvpriv.free_recv_queue;
1028
1029 phead = get_list_head(defrag_q);
1030 plist = get_next(phead);
1031 prframe = (union recv_frame *)plist;
1032 pfhdr = &prframe->u.hdr;
1033 list_del_init(&(prframe->u.list));
1034
1035 if (curfragnum != pfhdr->attrib.frag_num) {
1036 /* the first fragment number must be 0 */
1037 /* free the whole queue */
1038 rtw_free_recvframe(prframe, pfree_recv_queue);
1039 rtw_free_recvframe_queue(defrag_q, pfree_recv_queue);
1040
1041 return NULL;
1042 }
1043
1044 curfragnum++;
1045
1046 plist = get_list_head(defrag_q);
1047
1048 plist = get_next(plist);
1049
1050 while (phead != plist) {
1051 pnextrframe = (union recv_frame *)plist;
1052 pnfhdr = &pnextrframe->u.hdr;
1053
1054
1055 /* check the fragment sequence (2nd ~n fragment frame) */
1056
1057 if (curfragnum != pnfhdr->attrib.frag_num) {
1058 /* the fragment number must be increasing (after decache) */
1059 /* release the defrag_q & prframe */
1060 rtw_free_recvframe(prframe, pfree_recv_queue);
1061 rtw_free_recvframe_queue(defrag_q, pfree_recv_queue);
1062 return NULL;
1063 }
1064
1065 curfragnum++;
1066
1067 /* copy the 2nd~n fragment frame's payload to the first fragment */
1068 /* get the 2nd~last fragment frame's payload */
1069
1070 wlanhdr_offset = pnfhdr->attrib.hdrlen + pnfhdr->attrib.iv_len;
1071
1072 recvframe_pull(pnextrframe, wlanhdr_offset);
1073
1074 /* append to first fragment frame's tail (if privacy frame, pull the ICV) */
1075 recvframe_pull_tail(prframe, pfhdr->attrib.icv_len);
1076
1077 /* memcpy */
1078 memcpy(pfhdr->rx_tail, pnfhdr->rx_data, pnfhdr->len);
1079
1080 recvframe_put(prframe, pnfhdr->len);
1081
1082 pfhdr->attrib.icv_len = pnfhdr->attrib.icv_len;
1083 plist = get_next(plist);
1084
1085 }
1086
1087 /* free the defrag_q queue and return the prframe */
1088 rtw_free_recvframe_queue(defrag_q, pfree_recv_queue);
1089
1090 return prframe;
1091 }
1092
1093 /* check if need to defrag, if needed queue the frame to defrag_q */
recvframe_chk_defrag(struct adapter * padapter,union recv_frame * precv_frame)1094 static union recv_frame *recvframe_chk_defrag(struct adapter *padapter, union recv_frame *precv_frame)
1095 {
1096 u8 ismfrag;
1097 u8 fragnum;
1098 u8 *psta_addr;
1099 struct recv_frame_hdr *pfhdr;
1100 struct sta_info *psta;
1101 struct sta_priv *pstapriv;
1102 struct list_head *phead;
1103 union recv_frame *prtnframe = NULL;
1104 struct __queue *pfree_recv_queue, *pdefrag_q;
1105
1106 pstapriv = &padapter->stapriv;
1107
1108 pfhdr = &precv_frame->u.hdr;
1109
1110 pfree_recv_queue = &padapter->recvpriv.free_recv_queue;
1111
1112 /* need to define struct of wlan header frame ctrl */
1113 ismfrag = pfhdr->attrib.mfrag;
1114 fragnum = pfhdr->attrib.frag_num;
1115
1116 psta_addr = pfhdr->attrib.ta;
1117 psta = rtw_get_stainfo(pstapriv, psta_addr);
1118 if (!psta) {
1119 u8 type = GetFrameType(pfhdr->rx_data);
1120
1121 if (type != WIFI_DATA_TYPE) {
1122 psta = rtw_get_bcmc_stainfo(padapter);
1123 pdefrag_q = &psta->sta_recvpriv.defrag_q;
1124 } else
1125 pdefrag_q = NULL;
1126 } else
1127 pdefrag_q = &psta->sta_recvpriv.defrag_q;
1128
1129 if ((ismfrag == 0) && (fragnum == 0))
1130 prtnframe = precv_frame;/* isn't a fragment frame */
1131
1132 if (ismfrag == 1) {
1133 /* 0~(n-1) fragment frame */
1134 /* enqueue to defraf_g */
1135 if (pdefrag_q) {
1136 if (fragnum == 0)
1137 /* the first fragment */
1138 if (!list_empty(&pdefrag_q->queue))
1139 /* free current defrag_q */
1140 rtw_free_recvframe_queue(pdefrag_q, pfree_recv_queue);
1141
1142
1143 /* Then enqueue the 0~(n-1) fragment into the defrag_q */
1144
1145 /* spin_lock(&pdefrag_q->lock); */
1146 phead = get_list_head(pdefrag_q);
1147 list_add_tail(&pfhdr->list, phead);
1148 /* spin_unlock(&pdefrag_q->lock); */
1149
1150 prtnframe = NULL;
1151
1152 } else {
1153 /* can't find this ta's defrag_queue, so free this recv_frame */
1154 rtw_free_recvframe(precv_frame, pfree_recv_queue);
1155 prtnframe = NULL;
1156 }
1157
1158 }
1159
1160 if ((ismfrag == 0) && (fragnum != 0)) {
1161 /* the last fragment frame */
1162 /* enqueue the last fragment */
1163 if (pdefrag_q) {
1164 /* spin_lock(&pdefrag_q->lock); */
1165 phead = get_list_head(pdefrag_q);
1166 list_add_tail(&pfhdr->list, phead);
1167 /* spin_unlock(&pdefrag_q->lock); */
1168
1169 /* call recvframe_defrag to defrag */
1170 precv_frame = recvframe_defrag(padapter, pdefrag_q);
1171 prtnframe = precv_frame;
1172
1173 } else {
1174 /* can't find this ta's defrag_queue, so free this recv_frame */
1175 rtw_free_recvframe(precv_frame, pfree_recv_queue);
1176 prtnframe = NULL;
1177 }
1178
1179 }
1180
1181
1182 if ((prtnframe) && (prtnframe->u.hdr.attrib.privacy)) {
1183 /* after defrag we must check tkip mic code */
1184 if (recvframe_chkmic(padapter, prtnframe) == _FAIL) {
1185 rtw_free_recvframe(prtnframe, pfree_recv_queue);
1186 prtnframe = NULL;
1187 }
1188 }
1189 return prtnframe;
1190 }
1191
validate_recv_mgnt_frame(struct adapter * padapter,union recv_frame * precv_frame)1192 static signed int validate_recv_mgnt_frame(struct adapter *padapter, union recv_frame *precv_frame)
1193 {
1194 /* struct mlme_priv *pmlmepriv = &adapter->mlmepriv; */
1195
1196 precv_frame = recvframe_chk_defrag(padapter, precv_frame);
1197 if (!precv_frame)
1198 return _SUCCESS;
1199
1200 {
1201 /* for rx pkt statistics */
1202 struct sta_info *psta = rtw_get_stainfo(&padapter->stapriv, GetAddr2Ptr(precv_frame->u.hdr.rx_data));
1203
1204 if (psta) {
1205 psta->sta_stats.rx_mgnt_pkts++;
1206 if (GetFrameSubType(precv_frame->u.hdr.rx_data) == WIFI_BEACON)
1207 psta->sta_stats.rx_beacon_pkts++;
1208 else if (GetFrameSubType(precv_frame->u.hdr.rx_data) == WIFI_PROBEREQ)
1209 psta->sta_stats.rx_probereq_pkts++;
1210 else if (GetFrameSubType(precv_frame->u.hdr.rx_data) == WIFI_PROBERSP) {
1211 if (!memcmp(padapter->eeprompriv.mac_addr, GetAddr1Ptr(precv_frame->u.hdr.rx_data), ETH_ALEN))
1212 psta->sta_stats.rx_probersp_pkts++;
1213 else if (is_broadcast_mac_addr(GetAddr1Ptr(precv_frame->u.hdr.rx_data)) ||
1214 is_multicast_mac_addr(GetAddr1Ptr(precv_frame->u.hdr.rx_data)))
1215 psta->sta_stats.rx_probersp_bm_pkts++;
1216 else
1217 psta->sta_stats.rx_probersp_uo_pkts++;
1218 }
1219 }
1220 }
1221
1222 mgt_dispatcher(padapter, precv_frame);
1223
1224 return _SUCCESS;
1225
1226 }
1227
validate_recv_data_frame(struct adapter * adapter,union recv_frame * precv_frame)1228 static signed int validate_recv_data_frame(struct adapter *adapter, union recv_frame *precv_frame)
1229 {
1230 u8 bretry;
1231 u8 *psa, *pda, *pbssid;
1232 struct sta_info *psta = NULL;
1233 u8 *ptr = precv_frame->u.hdr.rx_data;
1234 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
1235 struct security_priv *psecuritypriv = &adapter->securitypriv;
1236 signed int ret = _SUCCESS;
1237
1238 bretry = GetRetry(ptr);
1239 pda = get_da(ptr);
1240 psa = get_sa(ptr);
1241 pbssid = get_hdr_bssid(ptr);
1242
1243 if (!pbssid) {
1244 ret = _FAIL;
1245 goto exit;
1246 }
1247
1248 memcpy(pattrib->dst, pda, ETH_ALEN);
1249 memcpy(pattrib->src, psa, ETH_ALEN);
1250
1251 memcpy(pattrib->bssid, pbssid, ETH_ALEN);
1252
1253 switch (pattrib->to_fr_ds) {
1254 case 0:
1255 memcpy(pattrib->ra, pda, ETH_ALEN);
1256 memcpy(pattrib->ta, psa, ETH_ALEN);
1257 ret = sta2sta_data_frame(adapter, precv_frame, &psta);
1258 break;
1259
1260 case 1:
1261 memcpy(pattrib->ra, pda, ETH_ALEN);
1262 memcpy(pattrib->ta, pbssid, ETH_ALEN);
1263 ret = ap2sta_data_frame(adapter, precv_frame, &psta);
1264 break;
1265
1266 case 2:
1267 memcpy(pattrib->ra, pbssid, ETH_ALEN);
1268 memcpy(pattrib->ta, psa, ETH_ALEN);
1269 ret = sta2ap_data_frame(adapter, precv_frame, &psta);
1270 break;
1271
1272 case 3:
1273 memcpy(pattrib->ra, GetAddr1Ptr(ptr), ETH_ALEN);
1274 memcpy(pattrib->ta, GetAddr2Ptr(ptr), ETH_ALEN);
1275 ret = _FAIL;
1276 break;
1277
1278 default:
1279 ret = _FAIL;
1280 break;
1281
1282 }
1283
1284 if (ret == _FAIL) {
1285 goto exit;
1286 } else if (ret == RTW_RX_HANDLED) {
1287 goto exit;
1288 }
1289
1290
1291 if (!psta) {
1292 ret = _FAIL;
1293 goto exit;
1294 }
1295
1296 /* psta->rssi = prxcmd->rssi; */
1297 /* psta->signal_quality = prxcmd->sq; */
1298 precv_frame->u.hdr.psta = psta;
1299
1300
1301 pattrib->amsdu = 0;
1302 pattrib->ack_policy = 0;
1303 /* parsing QC field */
1304 if (pattrib->qos == 1) {
1305 pattrib->priority = GetPriority((ptr + 24));
1306 pattrib->ack_policy = GetAckpolicy((ptr + 24));
1307 pattrib->amsdu = GetAMsdu((ptr + 24));
1308 pattrib->hdrlen = pattrib->to_fr_ds == 3 ? 32 : 26;
1309
1310 if (pattrib->priority != 0 && pattrib->priority != 3)
1311 adapter->recvpriv.bIsAnyNonBEPkts = true;
1312
1313 } else {
1314 pattrib->priority = 0;
1315 pattrib->hdrlen = pattrib->to_fr_ds == 3 ? 30 : 24;
1316 }
1317
1318
1319 if (pattrib->order)/* HT-CTRL 11n */
1320 pattrib->hdrlen += 4;
1321
1322 precv_frame->u.hdr.preorder_ctrl = &psta->recvreorder_ctrl[pattrib->priority];
1323
1324 /* decache, drop duplicate recv packets */
1325 if (recv_decache(precv_frame, bretry, &psta->sta_recvpriv.rxcache) == _FAIL) {
1326 ret = _FAIL;
1327 goto exit;
1328 }
1329
1330 if (pattrib->privacy) {
1331 GET_ENCRY_ALGO(psecuritypriv, psta, pattrib->encrypt, is_multicast_ether_addr(pattrib->ra));
1332
1333 SET_ICE_IV_LEN(pattrib->iv_len, pattrib->icv_len, pattrib->encrypt);
1334 } else {
1335 pattrib->encrypt = 0;
1336 pattrib->iv_len = pattrib->icv_len = 0;
1337 }
1338
1339 exit:
1340 return ret;
1341 }
1342
validate_80211w_mgmt(struct adapter * adapter,union recv_frame * precv_frame)1343 static signed int validate_80211w_mgmt(struct adapter *adapter, union recv_frame *precv_frame)
1344 {
1345 struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
1346 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
1347 u8 *ptr = precv_frame->u.hdr.rx_data;
1348 u8 subtype;
1349
1350 subtype = GetFrameSubType(ptr); /* bit(7)~bit(2) */
1351
1352 /* only support station mode */
1353 if (check_fwstate(pmlmepriv, WIFI_STATION_STATE) && check_fwstate(pmlmepriv, _FW_LINKED) &&
1354 adapter->securitypriv.binstallBIPkey == true) {
1355 /* unicast management frame decrypt */
1356 if (pattrib->privacy && !(is_multicast_ether_addr(GetAddr1Ptr(ptr))) &&
1357 (subtype == WIFI_DEAUTH || subtype == WIFI_DISASSOC || subtype == WIFI_ACTION)) {
1358 u8 *mgmt_DATA;
1359 u32 data_len = 0;
1360
1361 pattrib->bdecrypted = 0;
1362 pattrib->encrypt = _AES_;
1363 pattrib->hdrlen = sizeof(struct ieee80211_hdr_3addr);
1364 /* set iv and icv length */
1365 SET_ICE_IV_LEN(pattrib->iv_len, pattrib->icv_len, pattrib->encrypt);
1366 memcpy(pattrib->ra, GetAddr1Ptr(ptr), ETH_ALEN);
1367 memcpy(pattrib->ta, GetAddr2Ptr(ptr), ETH_ALEN);
1368 /* actual management data frame body */
1369 data_len = pattrib->pkt_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
1370 mgmt_DATA = rtw_zmalloc(data_len);
1371 if (!mgmt_DATA)
1372 goto validate_80211w_fail;
1373 precv_frame = decryptor(adapter, precv_frame);
1374 /* save actual management data frame body */
1375 memcpy(mgmt_DATA, ptr+pattrib->hdrlen+pattrib->iv_len, data_len);
1376 /* overwrite the iv field */
1377 memcpy(ptr+pattrib->hdrlen, mgmt_DATA, data_len);
1378 /* remove the iv and icv length */
1379 pattrib->pkt_len = pattrib->pkt_len - pattrib->iv_len - pattrib->icv_len;
1380 kfree(mgmt_DATA);
1381 if (!precv_frame)
1382 goto validate_80211w_fail;
1383 } else if (is_multicast_ether_addr(GetAddr1Ptr(ptr)) &&
1384 (subtype == WIFI_DEAUTH || subtype == WIFI_DISASSOC)) {
1385 signed int BIP_ret = _SUCCESS;
1386 /* verify BIP MME IE of broadcast/multicast de-auth/disassoc packet */
1387 BIP_ret = rtw_BIP_verify(adapter, (u8 *)precv_frame);
1388 if (BIP_ret == _FAIL) {
1389 goto validate_80211w_fail;
1390 } else if (BIP_ret == RTW_RX_HANDLED) {
1391 /* issue sa query request */
1392 issue_action_SA_Query(adapter, NULL, 0, 0);
1393 goto validate_80211w_fail;
1394 }
1395 } else { /* 802.11w protect */
1396 if (subtype == WIFI_ACTION) {
1397 /* according 802.11-2012 standard, these five types are not robust types */
1398 if (ptr[WLAN_HDR_A3_LEN] != RTW_WLAN_CATEGORY_PUBLIC &&
1399 ptr[WLAN_HDR_A3_LEN] != RTW_WLAN_CATEGORY_HT &&
1400 ptr[WLAN_HDR_A3_LEN] != RTW_WLAN_CATEGORY_UNPROTECTED_WNM &&
1401 ptr[WLAN_HDR_A3_LEN] != RTW_WLAN_CATEGORY_SELF_PROTECTED &&
1402 ptr[WLAN_HDR_A3_LEN] != RTW_WLAN_CATEGORY_P2P) {
1403 goto validate_80211w_fail;
1404 }
1405 } else if (subtype == WIFI_DEAUTH || subtype == WIFI_DISASSOC) {
1406 /* issue sa query request */
1407 issue_action_SA_Query(adapter, NULL, 0, 0);
1408 goto validate_80211w_fail;
1409 }
1410 }
1411 }
1412 return _SUCCESS;
1413
1414 validate_80211w_fail:
1415 return _FAIL;
1416
1417 }
1418
validate_recv_frame(struct adapter * adapter,union recv_frame * precv_frame)1419 static signed int validate_recv_frame(struct adapter *adapter, union recv_frame *precv_frame)
1420 {
1421 /* shall check frame subtype, to / from ds, da, bssid */
1422
1423 /* then call check if rx seq/frag. duplicated. */
1424
1425 u8 type;
1426 u8 subtype;
1427 signed int retval = _SUCCESS;
1428 u8 bDumpRxPkt;
1429
1430 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
1431
1432 u8 *ptr = precv_frame->u.hdr.rx_data;
1433 u8 ver = (unsigned char) (*ptr)&0x3;
1434
1435 /* add version chk */
1436 if (ver != 0) {
1437 retval = _FAIL;
1438 goto exit;
1439 }
1440
1441 type = GetFrameType(ptr);
1442 subtype = GetFrameSubType(ptr); /* bit(7)~bit(2) */
1443
1444 pattrib->to_fr_ds = get_tofr_ds(ptr);
1445
1446 pattrib->frag_num = GetFragNum(ptr);
1447 pattrib->seq_num = GetSequence(ptr);
1448
1449 pattrib->pw_save = GetPwrMgt(ptr);
1450 pattrib->mfrag = GetMFrag(ptr);
1451 pattrib->mdata = GetMData(ptr);
1452 pattrib->privacy = GetPrivacy(ptr);
1453 pattrib->order = GetOrder(ptr);
1454 rtw_hal_get_def_var(adapter, HAL_DEF_DBG_DUMP_RXPKT, &(bDumpRxPkt));
1455
1456 switch (type) {
1457 case WIFI_MGT_TYPE: /* mgnt */
1458 if (validate_80211w_mgmt(adapter, precv_frame) == _FAIL) {
1459 retval = _FAIL;
1460 break;
1461 }
1462
1463 retval = validate_recv_mgnt_frame(adapter, precv_frame);
1464 retval = _FAIL; /* only data frame return _SUCCESS */
1465 break;
1466 case WIFI_CTRL_TYPE: /* ctrl */
1467 retval = validate_recv_ctrl_frame(adapter, precv_frame);
1468 retval = _FAIL; /* only data frame return _SUCCESS */
1469 break;
1470 case WIFI_DATA_TYPE: /* data */
1471 pattrib->qos = (subtype & BIT(7)) ? 1:0;
1472 retval = validate_recv_data_frame(adapter, precv_frame);
1473 if (retval == _FAIL) {
1474 struct recv_priv *precvpriv = &adapter->recvpriv;
1475
1476 precvpriv->rx_drop++;
1477 } else if (retval == _SUCCESS) {
1478 #ifdef DBG_RX_DUMP_EAP
1479 u8 bDumpRxPkt;
1480 u16 eth_type;
1481
1482 /* dump eapol */
1483 rtw_hal_get_def_var(adapter, HAL_DEF_DBG_DUMP_RXPKT, &(bDumpRxPkt));
1484 /* get ether_type */
1485 memcpy(ð_type, ptr + pattrib->hdrlen + pattrib->iv_len + LLC_HEADER_LENGTH, 2);
1486 eth_type = ntohs((unsigned short) eth_type);
1487 #endif
1488 }
1489 break;
1490 default:
1491 retval = _FAIL;
1492 break;
1493 }
1494
1495 exit:
1496 return retval;
1497 }
1498
1499 /* remove the wlanhdr and add the eth_hdr */
wlanhdr_to_ethhdr(union recv_frame * precvframe)1500 static signed int wlanhdr_to_ethhdr(union recv_frame *precvframe)
1501 {
1502 signed int rmv_len;
1503 u16 eth_type, len;
1504 u8 bsnaphdr;
1505 u8 *psnap_type;
1506 struct ieee80211_snap_hdr *psnap;
1507 __be16 be_tmp;
1508 struct adapter *adapter = precvframe->u.hdr.adapter;
1509 struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
1510 u8 *ptr = precvframe->u.hdr.rx_data; /* point to frame_ctrl field */
1511 struct rx_pkt_attrib *pattrib = &precvframe->u.hdr.attrib;
1512
1513 if (pattrib->encrypt)
1514 recvframe_pull_tail(precvframe, pattrib->icv_len);
1515
1516 psnap = (struct ieee80211_snap_hdr *)(ptr+pattrib->hdrlen + pattrib->iv_len);
1517 psnap_type = ptr+pattrib->hdrlen + pattrib->iv_len+SNAP_SIZE;
1518 /* convert hdr + possible LLC headers into Ethernet header */
1519 /* eth_type = (psnap_type[0] << 8) | psnap_type[1]; */
1520 if ((!memcmp(psnap, rfc1042_header, SNAP_SIZE) &&
1521 (memcmp(psnap_type, SNAP_ETH_TYPE_IPX, 2)) &&
1522 (memcmp(psnap_type, SNAP_ETH_TYPE_APPLETALK_AARP, 2))) ||
1523 /* eth_type != ETH_P_AARP && eth_type != ETH_P_IPX) || */
1524 !memcmp(psnap, bridge_tunnel_header, SNAP_SIZE)) {
1525 /* remove RFC1042 or Bridge-Tunnel encapsulation and replace EtherType */
1526 bsnaphdr = true;
1527 } else
1528 /* Leave Ethernet header part of hdr and full payload */
1529 bsnaphdr = false;
1530
1531 rmv_len = pattrib->hdrlen + pattrib->iv_len + (bsnaphdr?SNAP_SIZE:0);
1532 len = precvframe->u.hdr.len - rmv_len;
1533
1534 memcpy(&be_tmp, ptr+rmv_len, 2);
1535 eth_type = ntohs(be_tmp); /* pattrib->ether_type */
1536 pattrib->eth_type = eth_type;
1537
1538 if ((check_fwstate(pmlmepriv, WIFI_MP_STATE) == true)) {
1539 ptr += rmv_len;
1540 *ptr = 0x87;
1541 *(ptr+1) = 0x12;
1542
1543 eth_type = 0x8712;
1544 /* append rx status for mp test packets */
1545 ptr = recvframe_pull(precvframe, (rmv_len-sizeof(struct ethhdr)+2)-24);
1546 if (!ptr)
1547 return _FAIL;
1548 memcpy(ptr, get_rxmem(precvframe), 24);
1549 ptr += 24;
1550 } else {
1551 ptr = recvframe_pull(precvframe, (rmv_len-sizeof(struct ethhdr) + (bsnaphdr?2:0)));
1552 if (!ptr)
1553 return _FAIL;
1554 }
1555
1556 memcpy(ptr, pattrib->dst, ETH_ALEN);
1557 memcpy(ptr+ETH_ALEN, pattrib->src, ETH_ALEN);
1558
1559 if (!bsnaphdr) {
1560 be_tmp = htons(len);
1561 memcpy(ptr+12, &be_tmp, 2);
1562 }
1563
1564 return _SUCCESS;
1565 }
1566
amsdu_to_msdu(struct adapter * padapter,union recv_frame * prframe)1567 static int amsdu_to_msdu(struct adapter *padapter, union recv_frame *prframe)
1568 {
1569 int a_len, padding_len;
1570 u16 nSubframe_Length;
1571 u8 nr_subframes, i;
1572 u8 *pdata;
1573 struct sk_buff *sub_pkt, *subframes[MAX_SUBFRAME_COUNT];
1574 struct recv_priv *precvpriv = &padapter->recvpriv;
1575 struct __queue *pfree_recv_queue = &(precvpriv->free_recv_queue);
1576
1577 nr_subframes = 0;
1578
1579 recvframe_pull(prframe, prframe->u.hdr.attrib.hdrlen);
1580
1581 if (prframe->u.hdr.attrib.iv_len > 0)
1582 recvframe_pull(prframe, prframe->u.hdr.attrib.iv_len);
1583
1584 a_len = prframe->u.hdr.len;
1585
1586 pdata = prframe->u.hdr.rx_data;
1587
1588 while (a_len > ETH_HLEN) {
1589
1590 /* Offset 12 denote 2 mac address */
1591 nSubframe_Length = get_unaligned_be16(pdata + 12);
1592
1593 if (a_len < ETH_HLEN + nSubframe_Length)
1594 break;
1595
1596 sub_pkt = rtw_os_alloc_msdu_pkt(prframe, nSubframe_Length, pdata);
1597 if (!sub_pkt)
1598 break;
1599
1600 /* move the data point to data content */
1601 pdata += ETH_HLEN;
1602 a_len -= ETH_HLEN;
1603
1604 subframes[nr_subframes++] = sub_pkt;
1605
1606 if (nr_subframes >= MAX_SUBFRAME_COUNT)
1607 break;
1608
1609 pdata += nSubframe_Length;
1610 a_len -= nSubframe_Length;
1611 if (a_len != 0) {
1612 padding_len = 4 - ((nSubframe_Length + ETH_HLEN) & (4-1));
1613 if (padding_len == 4)
1614 padding_len = 0;
1615
1616 if (a_len < padding_len)
1617 break;
1618
1619 pdata += padding_len;
1620 a_len -= padding_len;
1621 }
1622 }
1623
1624 for (i = 0; i < nr_subframes; i++) {
1625 sub_pkt = subframes[i];
1626
1627 /* Indicate the packets to upper layer */
1628 if (sub_pkt)
1629 rtw_os_recv_indicate_pkt(padapter, sub_pkt, &prframe->u.hdr.attrib);
1630 }
1631
1632 prframe->u.hdr.len = 0;
1633 rtw_free_recvframe(prframe, pfree_recv_queue);/* free this recv_frame */
1634
1635 return _SUCCESS;
1636 }
1637
check_indicate_seq(struct recv_reorder_ctrl * preorder_ctrl,u16 seq_num)1638 static int check_indicate_seq(struct recv_reorder_ctrl *preorder_ctrl, u16 seq_num)
1639 {
1640 struct adapter *padapter = preorder_ctrl->padapter;
1641 struct dvobj_priv *psdpriv = padapter->dvobj;
1642 struct debug_priv *pdbgpriv = &psdpriv->drv_dbg;
1643 u8 wsize = preorder_ctrl->wsize_b;
1644 u16 wend = (preorder_ctrl->indicate_seq + wsize - 1) & 0xFFF;/* 4096; */
1645
1646 /* Rx Reorder initialize condition. */
1647 if (preorder_ctrl->indicate_seq == 0xFFFF)
1648 preorder_ctrl->indicate_seq = seq_num;
1649
1650 /* Drop out the packet which SeqNum is smaller than WinStart */
1651 if (SN_LESS(seq_num, preorder_ctrl->indicate_seq))
1652 return false;
1653
1654 /* */
1655 /* Sliding window manipulation. Conditions includes: */
1656 /* 1. Incoming SeqNum is equal to WinStart =>Window shift 1 */
1657 /* 2. Incoming SeqNum is larger than the WinEnd => Window shift N */
1658 /* */
1659 if (SN_EQUAL(seq_num, preorder_ctrl->indicate_seq)) {
1660 preorder_ctrl->indicate_seq = (preorder_ctrl->indicate_seq + 1) & 0xFFF;
1661
1662 } else if (SN_LESS(wend, seq_num)) {
1663 /* boundary situation, when seq_num cross 0xFFF */
1664 if (seq_num >= (wsize - 1))
1665 preorder_ctrl->indicate_seq = seq_num + 1 - wsize;
1666 else
1667 preorder_ctrl->indicate_seq = 0xFFF - (wsize - (seq_num + 1)) + 1;
1668 pdbgpriv->dbg_rx_ampdu_window_shift_cnt++;
1669 }
1670
1671 return true;
1672 }
1673
enqueue_reorder_recvframe(struct recv_reorder_ctrl * preorder_ctrl,union recv_frame * prframe)1674 static int enqueue_reorder_recvframe(struct recv_reorder_ctrl *preorder_ctrl, union recv_frame *prframe)
1675 {
1676 struct rx_pkt_attrib *pattrib = &prframe->u.hdr.attrib;
1677 struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1678 struct list_head *phead, *plist;
1679 union recv_frame *pnextrframe;
1680 struct rx_pkt_attrib *pnextattrib;
1681
1682 /* spin_lock_irqsave(&ppending_recvframe_queue->lock, irql); */
1683 /* spin_lock(&ppending_recvframe_queue->lock); */
1684
1685
1686 phead = get_list_head(ppending_recvframe_queue);
1687 plist = get_next(phead);
1688
1689 while (phead != plist) {
1690 pnextrframe = (union recv_frame *)plist;
1691 pnextattrib = &pnextrframe->u.hdr.attrib;
1692
1693 if (SN_LESS(pnextattrib->seq_num, pattrib->seq_num))
1694 plist = get_next(plist);
1695 else if (SN_EQUAL(pnextattrib->seq_num, pattrib->seq_num))
1696 /* Duplicate entry is found!! Do not insert current entry. */
1697 /* spin_unlock_irqrestore(&ppending_recvframe_queue->lock, irql); */
1698 return false;
1699 else
1700 break;
1701
1702 }
1703
1704
1705 /* spin_lock_irqsave(&ppending_recvframe_queue->lock, irql); */
1706 /* spin_lock(&ppending_recvframe_queue->lock); */
1707
1708 list_del_init(&(prframe->u.hdr.list));
1709
1710 list_add_tail(&(prframe->u.hdr.list), plist);
1711
1712 /* spin_unlock(&ppending_recvframe_queue->lock); */
1713 /* spin_unlock_irqrestore(&ppending_recvframe_queue->lock, irql); */
1714
1715 return true;
1716
1717 }
1718
recv_indicatepkts_pkt_loss_cnt(struct debug_priv * pdbgpriv,u64 prev_seq,u64 current_seq)1719 static void recv_indicatepkts_pkt_loss_cnt(struct debug_priv *pdbgpriv, u64 prev_seq, u64 current_seq)
1720 {
1721 if (current_seq < prev_seq)
1722 pdbgpriv->dbg_rx_ampdu_loss_count += (4096 + current_seq - prev_seq);
1723 else
1724 pdbgpriv->dbg_rx_ampdu_loss_count += (current_seq - prev_seq);
1725
1726 }
1727
recv_indicatepkts_in_order(struct adapter * padapter,struct recv_reorder_ctrl * preorder_ctrl,int bforced)1728 static int recv_indicatepkts_in_order(struct adapter *padapter, struct recv_reorder_ctrl *preorder_ctrl, int bforced)
1729 {
1730 struct list_head *phead, *plist;
1731 union recv_frame *prframe;
1732 struct rx_pkt_attrib *pattrib;
1733 /* u8 index = 0; */
1734 int bPktInBuf = false;
1735 struct recv_priv *precvpriv = &padapter->recvpriv;
1736 struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1737 struct dvobj_priv *psdpriv = padapter->dvobj;
1738 struct debug_priv *pdbgpriv = &psdpriv->drv_dbg;
1739
1740 /* spin_lock_irqsave(&ppending_recvframe_queue->lock, irql); */
1741 /* spin_lock(&ppending_recvframe_queue->lock); */
1742
1743 phead = get_list_head(ppending_recvframe_queue);
1744 plist = get_next(phead);
1745
1746 /* Handling some condition for forced indicate case. */
1747 if (bforced == true) {
1748 pdbgpriv->dbg_rx_ampdu_forced_indicate_count++;
1749 if (list_empty(phead)) {
1750 /* spin_unlock_irqrestore(&ppending_recvframe_queue->lock, irql); */
1751 /* spin_unlock(&ppending_recvframe_queue->lock); */
1752 return true;
1753 }
1754
1755 prframe = (union recv_frame *)plist;
1756 pattrib = &prframe->u.hdr.attrib;
1757
1758 recv_indicatepkts_pkt_loss_cnt(pdbgpriv, preorder_ctrl->indicate_seq, pattrib->seq_num);
1759 preorder_ctrl->indicate_seq = pattrib->seq_num;
1760
1761 }
1762
1763 /* Prepare indication list and indication. */
1764 /* Check if there is any packet need indicate. */
1765 while (!list_empty(phead)) {
1766
1767 prframe = (union recv_frame *)plist;
1768 pattrib = &prframe->u.hdr.attrib;
1769
1770 if (!SN_LESS(preorder_ctrl->indicate_seq, pattrib->seq_num)) {
1771 plist = get_next(plist);
1772 list_del_init(&(prframe->u.hdr.list));
1773
1774 if (SN_EQUAL(preorder_ctrl->indicate_seq, pattrib->seq_num))
1775 preorder_ctrl->indicate_seq = (preorder_ctrl->indicate_seq + 1) & 0xFFF;
1776
1777 /* Set this as a lock to make sure that only one thread is indicating packet. */
1778 /* pTS->RxIndicateState = RXTS_INDICATE_PROCESSING; */
1779
1780 /* Indicate packets */
1781
1782 /* indicate this recv_frame */
1783 if (!pattrib->amsdu) {
1784 if ((padapter->bDriverStopped == false) &&
1785 (padapter->bSurpriseRemoved == false))
1786 rtw_recv_indicatepkt(padapter, prframe);/* indicate this recv_frame */
1787
1788 } else if (pattrib->amsdu == 1) {
1789 if (amsdu_to_msdu(padapter, prframe) != _SUCCESS)
1790 rtw_free_recvframe(prframe, &precvpriv->free_recv_queue);
1791
1792 } else {
1793 /* error condition; */
1794 }
1795
1796
1797 /* Update local variables. */
1798 bPktInBuf = false;
1799
1800 } else {
1801 bPktInBuf = true;
1802 break;
1803 }
1804
1805 }
1806
1807 /* spin_unlock(&ppending_recvframe_queue->lock); */
1808 /* spin_unlock_irqrestore(&ppending_recvframe_queue->lock, irql); */
1809
1810 return bPktInBuf;
1811 }
1812
recv_indicatepkt_reorder(struct adapter * padapter,union recv_frame * prframe)1813 static int recv_indicatepkt_reorder(struct adapter *padapter, union recv_frame *prframe)
1814 {
1815 int retval = _SUCCESS;
1816 struct rx_pkt_attrib *pattrib = &prframe->u.hdr.attrib;
1817 struct recv_reorder_ctrl *preorder_ctrl = prframe->u.hdr.preorder_ctrl;
1818 struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1819 struct dvobj_priv *psdpriv = padapter->dvobj;
1820 struct debug_priv *pdbgpriv = &psdpriv->drv_dbg;
1821
1822 if (!pattrib->amsdu) {
1823 /* s1. */
1824 wlanhdr_to_ethhdr(prframe);
1825
1826 if (pattrib->qos != 1) {
1827 if ((padapter->bDriverStopped == false) &&
1828 (padapter->bSurpriseRemoved == false)) {
1829 rtw_recv_indicatepkt(padapter, prframe);
1830 return _SUCCESS;
1831
1832 }
1833
1834 return _FAIL;
1835
1836 }
1837
1838 if (preorder_ctrl->enable == false) {
1839 /* indicate this recv_frame */
1840 preorder_ctrl->indicate_seq = pattrib->seq_num;
1841
1842 rtw_recv_indicatepkt(padapter, prframe);
1843
1844 preorder_ctrl->indicate_seq = (preorder_ctrl->indicate_seq + 1)%4096;
1845
1846 return _SUCCESS;
1847 }
1848 } else if (pattrib->amsdu == 1) { /* temp filter -> means didn't support A-MSDUs in a A-MPDU */
1849 if (preorder_ctrl->enable == false) {
1850 preorder_ctrl->indicate_seq = pattrib->seq_num;
1851
1852 retval = amsdu_to_msdu(padapter, prframe);
1853
1854 preorder_ctrl->indicate_seq = (preorder_ctrl->indicate_seq + 1)%4096;
1855
1856 if (retval != _SUCCESS) {
1857 }
1858
1859 return retval;
1860 }
1861 }
1862
1863 spin_lock_bh(&ppending_recvframe_queue->lock);
1864
1865 /* s2. check if winstart_b(indicate_seq) needs to been updated */
1866 if (!check_indicate_seq(preorder_ctrl, pattrib->seq_num)) {
1867 pdbgpriv->dbg_rx_ampdu_drop_count++;
1868 goto _err_exit;
1869 }
1870
1871
1872 /* s3. Insert all packet into Reorder Queue to maintain its ordering. */
1873 if (!enqueue_reorder_recvframe(preorder_ctrl, prframe)) {
1874 /* spin_unlock_irqrestore(&ppending_recvframe_queue->lock, irql); */
1875 /* return _FAIL; */
1876 goto _err_exit;
1877 }
1878
1879
1880 /* s4. */
1881 /* Indication process. */
1882 /* After Packet dropping and Sliding Window shifting as above, we can now just indicate the packets */
1883 /* with the SeqNum smaller than latest WinStart and buffer other packets. */
1884 /* */
1885 /* For Rx Reorder condition: */
1886 /* 1. All packets with SeqNum smaller than WinStart => Indicate */
1887 /* 2. All packets with SeqNum larger than or equal to WinStart => Buffer it. */
1888 /* */
1889
1890 /* recv_indicatepkts_in_order(padapter, preorder_ctrl, true); */
1891 if (recv_indicatepkts_in_order(padapter, preorder_ctrl, false) == true) {
1892 _set_timer(&preorder_ctrl->reordering_ctrl_timer, REORDER_WAIT_TIME);
1893 spin_unlock_bh(&ppending_recvframe_queue->lock);
1894 } else {
1895 spin_unlock_bh(&ppending_recvframe_queue->lock);
1896 del_timer_sync(&preorder_ctrl->reordering_ctrl_timer);
1897 }
1898
1899 return _SUCCESS;
1900
1901 _err_exit:
1902 spin_unlock_bh(&ppending_recvframe_queue->lock);
1903
1904 return _FAIL;
1905 }
1906
1907
rtw_reordering_ctrl_timeout_handler(struct timer_list * t)1908 void rtw_reordering_ctrl_timeout_handler(struct timer_list *t)
1909 {
1910 struct recv_reorder_ctrl *preorder_ctrl =
1911 from_timer(preorder_ctrl, t, reordering_ctrl_timer);
1912 struct adapter *padapter = preorder_ctrl->padapter;
1913 struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1914
1915
1916 if (padapter->bDriverStopped || padapter->bSurpriseRemoved)
1917 return;
1918
1919 spin_lock_bh(&ppending_recvframe_queue->lock);
1920
1921 if (recv_indicatepkts_in_order(padapter, preorder_ctrl, true) == true)
1922 _set_timer(&preorder_ctrl->reordering_ctrl_timer, REORDER_WAIT_TIME);
1923
1924 spin_unlock_bh(&ppending_recvframe_queue->lock);
1925
1926 }
1927
process_recv_indicatepkts(struct adapter * padapter,union recv_frame * prframe)1928 static int process_recv_indicatepkts(struct adapter *padapter, union recv_frame *prframe)
1929 {
1930 int retval = _SUCCESS;
1931 /* struct recv_priv *precvpriv = &padapter->recvpriv; */
1932 /* struct rx_pkt_attrib *pattrib = &prframe->u.hdr.attrib; */
1933 struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
1934 struct ht_priv *phtpriv = &pmlmepriv->htpriv;
1935
1936 if (phtpriv->ht_option == true) { /* B/G/N Mode */
1937 /* prframe->u.hdr.preorder_ctrl = &precvpriv->recvreorder_ctrl[pattrib->priority]; */
1938
1939 if (recv_indicatepkt_reorder(padapter, prframe) != _SUCCESS) { /* including perform A-MPDU Rx Ordering Buffer Control */
1940
1941 if ((padapter->bDriverStopped == false) &&
1942 (padapter->bSurpriseRemoved == false)) {
1943 retval = _FAIL;
1944 return retval;
1945 }
1946 }
1947 } else { /* B/G mode */
1948 retval = wlanhdr_to_ethhdr(prframe);
1949 if (retval != _SUCCESS)
1950 return retval;
1951
1952 if ((padapter->bDriverStopped == false) && (padapter->bSurpriseRemoved == false)) {
1953 /* indicate this recv_frame */
1954 rtw_recv_indicatepkt(padapter, prframe);
1955 } else {
1956 retval = _FAIL;
1957 return retval;
1958 }
1959
1960 }
1961
1962 return retval;
1963
1964 }
1965
recv_func_prehandle(struct adapter * padapter,union recv_frame * rframe)1966 static int recv_func_prehandle(struct adapter *padapter, union recv_frame *rframe)
1967 {
1968 int ret = _SUCCESS;
1969 struct __queue *pfree_recv_queue = &padapter->recvpriv.free_recv_queue;
1970
1971 /* check the frame crtl field and decache */
1972 ret = validate_recv_frame(padapter, rframe);
1973 if (ret != _SUCCESS) {
1974 rtw_free_recvframe(rframe, pfree_recv_queue);/* free this recv_frame */
1975 goto exit;
1976 }
1977
1978 exit:
1979 return ret;
1980 }
1981
recv_func_posthandle(struct adapter * padapter,union recv_frame * prframe)1982 static int recv_func_posthandle(struct adapter *padapter, union recv_frame *prframe)
1983 {
1984 int ret = _SUCCESS;
1985 union recv_frame *orig_prframe = prframe;
1986 struct recv_priv *precvpriv = &padapter->recvpriv;
1987 struct __queue *pfree_recv_queue = &padapter->recvpriv.free_recv_queue;
1988
1989 prframe = decryptor(padapter, prframe);
1990 if (!prframe) {
1991 ret = _FAIL;
1992 goto _recv_data_drop;
1993 }
1994
1995 prframe = recvframe_chk_defrag(padapter, prframe);
1996 if (!prframe)
1997 goto _recv_data_drop;
1998
1999 prframe = portctrl(padapter, prframe);
2000 if (!prframe) {
2001 ret = _FAIL;
2002 goto _recv_data_drop;
2003 }
2004
2005 count_rx_stats(padapter, prframe, NULL);
2006
2007 ret = process_recv_indicatepkts(padapter, prframe);
2008 if (ret != _SUCCESS) {
2009 rtw_free_recvframe(orig_prframe, pfree_recv_queue);/* free this recv_frame */
2010 goto _recv_data_drop;
2011 }
2012
2013 _recv_data_drop:
2014 precvpriv->rx_drop++;
2015 return ret;
2016 }
2017
recv_func(struct adapter * padapter,union recv_frame * rframe)2018 static int recv_func(struct adapter *padapter, union recv_frame *rframe)
2019 {
2020 int ret;
2021 struct rx_pkt_attrib *prxattrib = &rframe->u.hdr.attrib;
2022 struct recv_priv *recvpriv = &padapter->recvpriv;
2023 struct security_priv *psecuritypriv = &padapter->securitypriv;
2024 struct mlme_priv *mlmepriv = &padapter->mlmepriv;
2025
2026 /* check if need to handle uc_swdec_pending_queue*/
2027 if (check_fwstate(mlmepriv, WIFI_STATION_STATE) && psecuritypriv->busetkipkey) {
2028 union recv_frame *pending_frame;
2029
2030 while ((pending_frame = rtw_alloc_recvframe(&padapter->recvpriv.uc_swdec_pending_queue)))
2031 recv_func_posthandle(padapter, pending_frame);
2032 }
2033
2034 ret = recv_func_prehandle(padapter, rframe);
2035
2036 if (ret == _SUCCESS) {
2037
2038 /* check if need to enqueue into uc_swdec_pending_queue*/
2039 if (check_fwstate(mlmepriv, WIFI_STATION_STATE) &&
2040 !is_multicast_ether_addr(prxattrib->ra) && prxattrib->encrypt > 0 &&
2041 (prxattrib->bdecrypted == 0 || psecuritypriv->sw_decrypt == true) &&
2042 psecuritypriv->ndisauthtype == Ndis802_11AuthModeWPAPSK &&
2043 !psecuritypriv->busetkipkey) {
2044 rtw_enqueue_recvframe(rframe, &padapter->recvpriv.uc_swdec_pending_queue);
2045
2046 if (recvpriv->free_recvframe_cnt < NR_RECVFRAME/4) {
2047 /* to prevent from recvframe starvation, get recvframe from uc_swdec_pending_queue to free_recvframe_cnt */
2048 rframe = rtw_alloc_recvframe(&padapter->recvpriv.uc_swdec_pending_queue);
2049 if (rframe)
2050 goto do_posthandle;
2051 }
2052 goto exit;
2053 }
2054
2055 do_posthandle:
2056 ret = recv_func_posthandle(padapter, rframe);
2057 }
2058
2059 exit:
2060 return ret;
2061 }
2062
2063
rtw_recv_entry(union recv_frame * precvframe)2064 s32 rtw_recv_entry(union recv_frame *precvframe)
2065 {
2066 struct adapter *padapter;
2067 struct recv_priv *precvpriv;
2068 s32 ret = _SUCCESS;
2069
2070 padapter = precvframe->u.hdr.adapter;
2071
2072 precvpriv = &padapter->recvpriv;
2073
2074 ret = recv_func(padapter, precvframe);
2075 if (ret == _FAIL)
2076 goto _recv_entry_drop;
2077
2078 precvpriv->rx_pkts++;
2079
2080 return ret;
2081
2082 _recv_entry_drop:
2083
2084 return ret;
2085 }
2086
rtw_signal_stat_timer_hdl(struct timer_list * t)2087 static void rtw_signal_stat_timer_hdl(struct timer_list *t)
2088 {
2089 struct adapter *adapter =
2090 from_timer(adapter, t, recvpriv.signal_stat_timer);
2091 struct recv_priv *recvpriv = &adapter->recvpriv;
2092
2093 u32 tmp_s, tmp_q;
2094 u8 avg_signal_strength = 0;
2095 u8 avg_signal_qual = 0;
2096 u32 num_signal_strength = 0;
2097 u32 __maybe_unused num_signal_qual = 0;
2098 u8 _alpha = 5; /* this value is based on converging_constant = 5000 and sampling_interval = 1000 */
2099
2100 if (adapter->recvpriv.is_signal_dbg) {
2101 /* update the user specific value, signal_strength_dbg, to signal_strength, rssi */
2102 adapter->recvpriv.signal_strength = adapter->recvpriv.signal_strength_dbg;
2103 adapter->recvpriv.rssi = (s8)translate_percentage_to_dbm((u8)adapter->recvpriv.signal_strength_dbg);
2104 } else {
2105
2106 if (recvpriv->signal_strength_data.update_req == 0) {/* update_req is clear, means we got rx */
2107 avg_signal_strength = recvpriv->signal_strength_data.avg_val;
2108 num_signal_strength = recvpriv->signal_strength_data.total_num;
2109 /* after avg_vals are acquired, we can re-stat the signal values */
2110 recvpriv->signal_strength_data.update_req = 1;
2111 }
2112
2113 if (recvpriv->signal_qual_data.update_req == 0) {/* update_req is clear, means we got rx */
2114 avg_signal_qual = recvpriv->signal_qual_data.avg_val;
2115 num_signal_qual = recvpriv->signal_qual_data.total_num;
2116 /* after avg_vals are acquired, we can re-stat the signal values */
2117 recvpriv->signal_qual_data.update_req = 1;
2118 }
2119
2120 if (num_signal_strength == 0) {
2121 if (rtw_get_on_cur_ch_time(adapter) == 0 ||
2122 jiffies_to_msecs(jiffies - rtw_get_on_cur_ch_time(adapter)) < 2 * adapter->mlmeextpriv.mlmext_info.bcn_interval
2123 ) {
2124 goto set_timer;
2125 }
2126 }
2127
2128 if (check_fwstate(&adapter->mlmepriv, _FW_UNDER_SURVEY) == true ||
2129 check_fwstate(&adapter->mlmepriv, _FW_LINKED) == false
2130 ) {
2131 goto set_timer;
2132 }
2133
2134 /* update value of signal_strength, rssi, signal_qual */
2135 tmp_s = (avg_signal_strength+(_alpha-1)*recvpriv->signal_strength);
2136 if (tmp_s % _alpha)
2137 tmp_s = tmp_s/_alpha + 1;
2138 else
2139 tmp_s = tmp_s/_alpha;
2140 if (tmp_s > 100)
2141 tmp_s = 100;
2142
2143 tmp_q = (avg_signal_qual+(_alpha-1)*recvpriv->signal_qual);
2144 if (tmp_q % _alpha)
2145 tmp_q = tmp_q/_alpha + 1;
2146 else
2147 tmp_q = tmp_q/_alpha;
2148 if (tmp_q > 100)
2149 tmp_q = 100;
2150
2151 recvpriv->signal_strength = tmp_s;
2152 recvpriv->rssi = (s8)translate_percentage_to_dbm(tmp_s);
2153 recvpriv->signal_qual = tmp_q;
2154 }
2155
2156 set_timer:
2157 rtw_set_signal_stat_timer(recvpriv);
2158
2159 }
2160