root/drivers/staging/rtl8188eu/core/rtw_recv.c

DEFINITIONS

1. _rtw_init_sta_recv_priv
2. _rtw_init_recv_priv
3. _rtw_free_recv_priv
4. _rtw_alloc_recvframe
5. rtw_alloc_recvframe
6. rtw_free_recvframe
7. _rtw_enqueue_recvframe
8. rtw_enqueue_recvframe
9. rtw_free_recvframe_queue
10. rtw_free_uc_swdec_pending_queue
11. recvframe_chkmic
12. decryptor
13. portctrl
14. recv_decache
15. process_pwrbit_data
16. process_wmmps_data
17. count_rx_stats
18. sta2sta_data_frame
19. ap2sta_data_frame
20. sta2ap_data_frame
21. validate_recv_ctrl_frame
22. validate_recv_mgnt_frame
23. validate_recv_data_frame
24. validate_recv_frame
25. wlanhdr_to_ethhdr
26. recvframe_defrag
27. recvframe_chk_defrag
28. amsdu_to_msdu
29. check_indicate_seq
30. enqueue_reorder_recvframe
31. recv_indicatepkts_in_order
32. recv_indicatepkt_reorder
33. rtw_reordering_ctrl_timeout_handler
34. process_recv_indicatepkts
35. recv_func_prehandle
36. recv_func_posthandle
37. recv_func
38. rtw_recv_entry
39. rtw_signal_stat_timer_hdl

   1 // SPDX-License-Identifier: GPL-2.0
   2 /******************************************************************************
   3  *
   4  * Copyright(c) 2007 - 2012 Realtek Corporation. All rights reserved.
   5  *
   6  ******************************************************************************/
   7 #define _RTW_RECV_C_
   8 
   9 #include <linux/ieee80211.h>
  10 
  11 #include <osdep_service.h>
  12 #include <drv_types.h>
  13 #include <recv_osdep.h>
  14 #include <mlme_osdep.h>
  15 #include <mon.h>
  16 #include <wifi.h>
  17 #include <linux/vmalloc.h>
  18 
  19 #define ETHERNET_HEADER_SIZE    14      /*  Ethernet Header Length */
  20 #define LLC_HEADER_SIZE                 6       /*  LLC Header Length */
  21 
  22 static u8 SNAP_ETH_TYPE_IPX[2] = {0x81, 0x37};
  23 static u8 SNAP_ETH_TYPE_APPLETALK_AARP[2] = {0x80, 0xf3};
  24 
  25 /* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
  26 static u8 rtw_bridge_tunnel_header[] = {
  27         0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8
  28 };
  29 
  30 static u8 rtw_rfc1042_header[] = {
  31         0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00
  32 };
  33 
  34 static void rtw_signal_stat_timer_hdl(struct timer_list *t);
  35 
  36 void _rtw_init_sta_recv_priv(struct sta_recv_priv *psta_recvpriv)
  37 {
  38         memset((u8 *)psta_recvpriv, 0, sizeof(struct sta_recv_priv));
  39 
  40         spin_lock_init(&psta_recvpriv->lock);
  41 
  42         _rtw_init_queue(&psta_recvpriv->defrag_q);
  43 }
  44 
  45 int _rtw_init_recv_priv(struct recv_priv *precvpriv, struct adapter *padapter)
  46 {
  47         int i;
  48 
  49         struct recv_frame *precvframe;
  50 
  51         int     res = _SUCCESS;
  52 
  53         _rtw_init_queue(&precvpriv->free_recv_queue);
  54         _rtw_init_queue(&precvpriv->recv_pending_queue);
  55         _rtw_init_queue(&precvpriv->uc_swdec_pending_queue);
  56 
  57         precvpriv->adapter = padapter;
  58 
  59         precvpriv->pallocated_frame_buf = vzalloc(NR_RECVFRAME * sizeof(struct recv_frame) + RXFRAME_ALIGN_SZ);
  60 
  61         if (!precvpriv->pallocated_frame_buf)
  62                 return _FAIL;
  63 
  64         precvframe = PTR_ALIGN(precvpriv->pallocated_frame_buf, RXFRAME_ALIGN_SZ);
  65 
  66         for (i = 0; i < NR_RECVFRAME; i++) {
  67                 INIT_LIST_HEAD(&precvframe->list);
  68 
  69                 list_add_tail(&precvframe->list,
  70                                      &precvpriv->free_recv_queue.queue);
  71 
  72                 precvframe->pkt = NULL;
  73 
  74                 precvframe->adapter = padapter;
  75                 precvframe++;
  76         }
  77         res = rtw_hal_init_recv_priv(padapter);
  78 
  79         timer_setup(&precvpriv->signal_stat_timer, rtw_signal_stat_timer_hdl,
  80                     0);
  81 
  82         precvpriv->signal_stat_sampling_interval = 1000; /* ms */
  83 
  84         rtw_set_signal_stat_timer(precvpriv);
  85 
  86         return res;
  87 }
  88 
  89 void _rtw_free_recv_priv(struct recv_priv *precvpriv)
  90 {
  91         struct adapter  *padapter = precvpriv->adapter;
  92 
  93         rtw_free_uc_swdec_pending_queue(padapter);
  94 
  95         vfree(precvpriv->pallocated_frame_buf);
  96 
  97         rtw_hal_free_recv_priv(padapter);
  98 }
  99 
 100 struct recv_frame *_rtw_alloc_recvframe(struct __queue *pfree_recv_queue)
 101 {
 102         struct recv_frame *hdr;
 103 
 104         hdr = list_first_entry_or_null(&pfree_recv_queue->queue,
 105                                        struct recv_frame, list);
 106         if (hdr)
 107                 list_del_init(&hdr->list);
 108 
 109         return hdr;
 110 }
 111 
 112 struct recv_frame *rtw_alloc_recvframe(struct __queue *pfree_recv_queue)
 113 {
 114         struct recv_frame  *precvframe;
 115 
 116         spin_lock_bh(&pfree_recv_queue->lock);
 117 
 118         precvframe = _rtw_alloc_recvframe(pfree_recv_queue);
 119 
 120         spin_unlock_bh(&pfree_recv_queue->lock);
 121 
 122         return precvframe;
 123 }
 124 
 125 int rtw_free_recvframe(struct recv_frame *precvframe,
 126                        struct __queue *pfree_recv_queue)
 127 {
 128         if (!precvframe)
 129                 return _FAIL;
 130         if (precvframe->pkt) {
 131                 dev_kfree_skb_any(precvframe->pkt);/* free skb by driver */
 132                 precvframe->pkt = NULL;
 133         }
 134 
 135         spin_lock_bh(&pfree_recv_queue->lock);
 136 
 137         list_del_init(&precvframe->list);
 138 
 139         list_add_tail(&precvframe->list, get_list_head(pfree_recv_queue));
 140 
 141         spin_unlock_bh(&pfree_recv_queue->lock);
 142 
 143         return _SUCCESS;
 144 }
 145 
 146 int _rtw_enqueue_recvframe(struct recv_frame *precvframe, struct __queue *queue)
 147 {
 148         list_del_init(&precvframe->list);
 149         list_add_tail(&precvframe->list, get_list_head(queue));
 150 
 151         return _SUCCESS;
 152 }
 153 
 154 int rtw_enqueue_recvframe(struct recv_frame *precvframe, struct __queue *queue)
 155 {
 156         int ret;
 157 
 158         spin_lock_bh(&queue->lock);
 159         ret = _rtw_enqueue_recvframe(precvframe, queue);
 160         spin_unlock_bh(&queue->lock);
 161 
 162         return ret;
 163 }
 164 
 165 /*
 166 caller : defrag ; recvframe_chk_defrag in recv_thread  (passive)
 167 pframequeue: defrag_queue : will be accessed in recv_thread  (passive)
 168 
 169 using spinlock to protect
 170 
 171 */
 172 
 173 void rtw_free_recvframe_queue(struct __queue *pframequeue,  struct __queue *pfree_recv_queue)
 174 {
 175         struct recv_frame *hdr;
 176         struct list_head *plist, *phead;
 177 
 178         spin_lock(&pframequeue->lock);
 179 
 180         phead = get_list_head(pframequeue);
 181         plist = phead->next;
 182 
 183         while (phead != plist) {
 184                 hdr = list_entry(plist, struct recv_frame, list);
 185 
 186                 plist = plist->next;
 187 
 188                 rtw_free_recvframe(hdr, pfree_recv_queue);
 189         }
 190 
 191         spin_unlock(&pframequeue->lock);
 192 }
 193 
 194 u32 rtw_free_uc_swdec_pending_queue(struct adapter *adapter)
 195 {
 196         u32 cnt = 0;
 197         struct recv_frame *pending_frame;
 198 
 199         while ((pending_frame = rtw_alloc_recvframe(&adapter->recvpriv.uc_swdec_pending_queue))) {
 200                 rtw_free_recvframe(pending_frame, &adapter->recvpriv.free_recv_queue);
 201                 DBG_88E("%s: dequeue uc_swdec_pending_queue\n", __func__);
 202                 cnt++;
 203         }
 204 
 205         return cnt;
 206 }
 207 
 208 static int recvframe_chkmic(struct adapter *adapter,
 209                             struct recv_frame *precvframe)
 210 {
 211         int     i, res = _SUCCESS;
 212         u32     datalen;
 213         u8      miccode[8];
 214         u8      bmic_err = false, brpt_micerror = true;
 215         u8      *pframe, *payload, *pframemic;
 216         u8      *mickey;
 217         struct  sta_info                *stainfo;
 218         struct  rx_pkt_attrib   *prxattrib = &precvframe->attrib;
 219         struct  security_priv   *psecuritypriv = &adapter->securitypriv;
 220 
 221         struct mlme_ext_priv    *pmlmeext = &adapter->mlmeextpriv;
 222         struct mlme_ext_info    *pmlmeinfo = &pmlmeext->mlmext_info;
 223 
 224         stainfo = rtw_get_stainfo(&adapter->stapriv, &prxattrib->ta[0]);
 225 
 226         if (prxattrib->encrypt == _TKIP_) {
 227                 RT_TRACE(_module_rtl871x_recv_c_, _drv_info_,
 228                          ("\n %s: prxattrib->encrypt==_TKIP_\n", __func__));
 229                 RT_TRACE(_module_rtl871x_recv_c_, _drv_info_,
 230                          ("\n %s: da=0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x\n",
 231                           __func__, prxattrib->ra[0], prxattrib->ra[1], prxattrib->ra[2],
 232                           prxattrib->ra[3], prxattrib->ra[4], prxattrib->ra[5]));
 233 
 234                 /* calculate mic code */
 235                 if (stainfo) {
 236                         if (is_multicast_ether_addr(prxattrib->ra)) {
 237                                 if (!psecuritypriv) {
 238                                         res = _FAIL;
 239                                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_,
 240                                                  ("\n %s: didn't install group key!!!!!!!!!!\n", __func__));
 241                                         DBG_88E("\n %s: didn't install group key!!!!!!!!!!\n", __func__);
 242                                         goto exit;
 243                                 }
 244                                 mickey = &psecuritypriv->dot118021XGrprxmickey[prxattrib->key_index].skey[0];
 245 
 246                                 RT_TRACE(_module_rtl871x_recv_c_, _drv_info_,
 247                                          ("\n %s: bcmc key\n", __func__));
 248                         } else {
 249                                 mickey = &stainfo->dot11tkiprxmickey.skey[0];
 250                                 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_,
 251                                          ("\n %s: unicast key\n", __func__));
 252                         }
 253 
 254                         /* icv_len included the mic code */
 255                         datalen = precvframe->pkt->len-prxattrib->hdrlen -
 256                                   prxattrib->iv_len-prxattrib->icv_len-8;
 257                         pframe = precvframe->pkt->data;
 258                         payload = pframe+prxattrib->hdrlen+prxattrib->iv_len;
 259 
 260                         RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("\n prxattrib->iv_len=%d prxattrib->icv_len=%d\n", prxattrib->iv_len, prxattrib->icv_len));
 261                         rtw_seccalctkipmic(mickey, pframe, payload, datalen, &miccode[0],
 262                                            (unsigned char)prxattrib->priority); /* care the length of the data */
 263 
 264                         pframemic = payload + datalen;
 265 
 266                         bmic_err = false;
 267 
 268                         for (i = 0; i < 8; i++) {
 269                                 if (miccode[i] != *(pframemic+i)) {
 270                                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_,
 271                                                  ("%s: miccode[%d](%02x)!=*(pframemic+%d)(%02x) ",
 272                                                   __func__, i, miccode[i], i, *(pframemic + i)));
 273                                         bmic_err = true;
 274                                 }
 275                         }
 276 
 277                         if (bmic_err) {
 278                                 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_,
 279                                          ("\n *(pframemic-8)-*(pframemic-1)=0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x\n",
 280                                          *(pframemic-8), *(pframemic-7), *(pframemic-6),
 281                                          *(pframemic-5), *(pframemic-4), *(pframemic-3),
 282                                          *(pframemic-2), *(pframemic-1)));
 283                                 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_,
 284                                          ("\n *(pframemic-16)-*(pframemic-9)=0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x\n",
 285                                          *(pframemic-16), *(pframemic-15), *(pframemic-14),
 286                                          *(pframemic-13), *(pframemic-12), *(pframemic-11),
 287                                          *(pframemic-10), *(pframemic-9)));
 288                                 {
 289                                         uint i;
 290 
 291                                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_,
 292                                                  ("\n ======demp packet (len=%d)======\n",
 293                                                  precvframe->pkt->len));
 294                                         for (i = 0; i < precvframe->pkt->len; i += 8) {
 295                                                 RT_TRACE(_module_rtl871x_recv_c_,
 296                                                          _drv_err_,
 297                                                          ("0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x",
 298                                                          *(precvframe->pkt->data+i),
 299                                                          *(precvframe->pkt->data+i+1),
 300                                                          *(precvframe->pkt->data+i+2),
 301                                                          *(precvframe->pkt->data+i+3),
 302                                                          *(precvframe->pkt->data+i+4),
 303                                                          *(precvframe->pkt->data+i+5),
 304                                                          *(precvframe->pkt->data+i+6),
 305                                                          *(precvframe->pkt->data+i+7)));
 306                                         }
 307                                         RT_TRACE(_module_rtl871x_recv_c_,
 308                                                  _drv_err_,
 309                                                  ("\n ====== demp packet end [len=%d]======\n",
 310                                                  precvframe->pkt->len));
 311                                         RT_TRACE(_module_rtl871x_recv_c_,
 312                                                  _drv_err_,
 313                                                  ("\n hrdlen=%d,\n",
 314                                                  prxattrib->hdrlen));
 315                                 }
 316 
 317                                 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_,
 318                                          ("ra=0x%.2x 0x%.2x 0x%.2x 0x%.2x 0x%.2x 0x%.2x psecuritypriv->binstallGrpkey=%d ",
 319                                          prxattrib->ra[0], prxattrib->ra[1], prxattrib->ra[2],
 320                                          prxattrib->ra[3], prxattrib->ra[4], prxattrib->ra[5], psecuritypriv->binstallGrpkey));
 321 
 322                                 /*  double check key_index for some timing issue , */
 323                                 /*  cannot compare with psecuritypriv->dot118021XGrpKeyid also cause timing issue */
 324                                 if (is_multicast_ether_addr(prxattrib->ra) && prxattrib->key_index != pmlmeinfo->key_index)
 325                                         brpt_micerror = false;
 326 
 327                                 if ((prxattrib->bdecrypted) && (brpt_micerror)) {
 328                                         rtw_handle_tkip_mic_err(adapter, (u8)is_multicast_ether_addr(prxattrib->ra));
 329                                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, (" mic error :prxattrib->bdecrypted=%d ", prxattrib->bdecrypted));
 330                                         DBG_88E(" mic error :prxattrib->bdecrypted=%d\n", prxattrib->bdecrypted);
 331                                 } else {
 332                                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, (" mic error :prxattrib->bdecrypted=%d ", prxattrib->bdecrypted));
 333                                         DBG_88E(" mic error :prxattrib->bdecrypted=%d\n", prxattrib->bdecrypted);
 334                                 }
 335                                 res = _FAIL;
 336                         } else {
 337                                 /* mic checked ok */
 338                                 if (!psecuritypriv->bcheck_grpkey && is_multicast_ether_addr(prxattrib->ra)) {
 339                                         psecuritypriv->bcheck_grpkey = true;
 340                                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("psecuritypriv->bcheck_grpkey = true"));
 341                                 }
 342                         }
 343                 } else {
 344                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_,
 345                                  ("%s: rtw_get_stainfo==NULL!!!\n", __func__));
 346                 }
 347 
 348                 skb_trim(precvframe->pkt, precvframe->pkt->len - 8);
 349         }
 350 
 351 exit:
 352 
 353         return res;
 354 }
 355 
 356 /* decrypt and set the ivlen, icvlen of the recv_frame */
 357 static struct recv_frame *decryptor(struct adapter *padapter,
 358                                     struct recv_frame *precv_frame)
 359 {
 360         struct rx_pkt_attrib *prxattrib = &precv_frame->attrib;
 361         struct security_priv *psecuritypriv = &padapter->securitypriv;
 362         struct recv_frame *return_packet = precv_frame;
 363         u32      res = _SUCCESS;
 364 
 365         RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("prxstat->decrypted=%x prxattrib->encrypt=0x%03x\n", prxattrib->bdecrypted, prxattrib->encrypt));
 366 
 367         if (prxattrib->encrypt > 0) {
 368                 u8 *iv = precv_frame->pkt->data + prxattrib->hdrlen;
 369 
 370                 prxattrib->key_index = (((iv[3]) >> 6) & 0x3);
 371 
 372                 if (prxattrib->key_index > WEP_KEYS) {
 373                         DBG_88E("prxattrib->key_index(%d)>WEP_KEYS\n", prxattrib->key_index);
 374 
 375                         switch (prxattrib->encrypt) {
 376                         case _WEP40_:
 377                         case _WEP104_:
 378                                 prxattrib->key_index = psecuritypriv->dot11PrivacyKeyIndex;
 379                                 break;
 380                         case _TKIP_:
 381                         case _AES_:
 382                         default:
 383                                 prxattrib->key_index = psecuritypriv->dot118021XGrpKeyid;
 384                                 break;
 385                         }
 386                 }
 387         }
 388 
 389         if ((prxattrib->encrypt > 0) && (prxattrib->bdecrypted == 0)) {
 390                 psecuritypriv->hw_decrypted = false;
 391 
 392                 switch (prxattrib->encrypt) {
 393                 case _WEP40_:
 394                 case _WEP104_:
 395                         res = rtw_wep_decrypt(padapter, (u8 *)precv_frame);
 396                         break;
 397                 case _TKIP_:
 398                         res = rtw_tkip_decrypt(padapter, (u8 *)precv_frame);
 399                         break;
 400                 case _AES_:
 401                         res = rtw_aes_decrypt(padapter, (u8 *)precv_frame);
 402                         break;
 403                 default:
 404                         break;
 405                 }
 406         } else if (prxattrib->bdecrypted == 1 && prxattrib->encrypt > 0 &&
 407                    (psecuritypriv->busetkipkey == 1 || prxattrib->encrypt != _TKIP_))
 408                         psecuritypriv->hw_decrypted = true;
 409 
 410         if (res == _FAIL) {
 411                 rtw_free_recvframe(return_packet, &padapter->recvpriv.free_recv_queue);
 412                 return_packet = NULL;
 413         }
 414 
 415         return return_packet;
 416 }
 417 
 418 /* set the security information in the recv_frame */
 419 static struct recv_frame *portctrl(struct adapter *adapter,
 420                                    struct recv_frame *precv_frame)
 421 {
 422         u8   *psta_addr, *ptr;
 423         uint  auth_alg;
 424         struct recv_frame *pfhdr;
 425         struct sta_info *psta;
 426         struct sta_priv *pstapriv;
 427         struct recv_frame *prtnframe;
 428         u16     ether_type;
 429         u16  eapol_type = 0x888e;/* for Funia BD's WPA issue */
 430         struct rx_pkt_attrib *pattrib;
 431         __be16 be_tmp;
 432 
 433         pstapriv = &adapter->stapriv;
 434 
 435         auth_alg = adapter->securitypriv.dot11AuthAlgrthm;
 436 
 437         ptr = precv_frame->pkt->data;
 438         pfhdr = precv_frame;
 439         pattrib = &pfhdr->attrib;
 440         psta_addr = pattrib->ta;
 441         psta = rtw_get_stainfo(pstapriv, psta_addr);
 442 
 443         prtnframe = NULL;
 444 
 445         RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("########%s:adapter->securitypriv.dot11AuthAlgrthm=%d\n", __func__, adapter->securitypriv.dot11AuthAlgrthm));
 446 
 447         if (auth_alg == 2) {
 448                 /* get ether_type */
 449                 ptr = ptr + pfhdr->attrib.hdrlen + LLC_HEADER_SIZE + pfhdr->attrib.iv_len;
 450                 memcpy(&be_tmp, ptr, 2);
 451                 ether_type = ntohs(be_tmp);
 452 
 453                 if (psta && (psta->ieee8021x_blocked)) {
 454                         /* blocked */
 455                         /* only accept EAPOL frame */
 456                         RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("########%s:psta->ieee8021x_blocked==1\n", __func__));
 457 
 458                         if (ether_type == eapol_type) {
 459                                 prtnframe = precv_frame;
 460                         } else {
 461                                 /* free this frame */
 462                                 rtw_free_recvframe(precv_frame, &adapter->recvpriv.free_recv_queue);
 463                                 prtnframe = NULL;
 464                         }
 465                 } else {
 466                         /* allowed */
 467                         /* check decryption status, and decrypt the frame if needed */
 468                         RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("########%s:psta->ieee8021x_blocked==0\n", __func__));
 469                         RT_TRACE(_module_rtl871x_recv_c_, _drv_info_,
 470                                  ("%s:precv_frame->hdr.attrib.privacy=%x\n",
 471                                   __func__, precv_frame->attrib.privacy));
 472 
 473                         if (pattrib->bdecrypted == 0)
 474                                 RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("%s:prxstat->decrypted=%x\n", __func__, pattrib->bdecrypted));
 475 
 476                         prtnframe = precv_frame;
 477                         /* check is the EAPOL frame or not (Rekey) */
 478                         if (ether_type == eapol_type) {
 479                                 RT_TRACE(_module_rtl871x_recv_c_, _drv_notice_, ("########%s:ether_type==0x888e\n", __func__));
 480                                 /* check Rekey */
 481 
 482                                 prtnframe = precv_frame;
 483                         } else {
 484                                 RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("########%s:ether_type=0x%04x\n", __func__, ether_type));
 485                         }
 486                 }
 487         } else {
 488                 prtnframe = precv_frame;
 489         }
 490 
 491         return prtnframe;
 492 }
 493 
 494 static int recv_decache(struct recv_frame *precv_frame, u8 bretry,
 495                         struct stainfo_rxcache *prxcache)
 496 {
 497         int tid = precv_frame->attrib.priority;
 498 
 499         u16 seq_ctrl = ((precv_frame->attrib.seq_num&0xffff) << 4) |
 500                 (precv_frame->attrib.frag_num & 0xf);
 501 
 502         if (tid > 15) {
 503                 RT_TRACE(_module_rtl871x_recv_c_, _drv_notice_, ("%s, (tid>15)! seq_ctrl=0x%x, tid=0x%x\n", __func__, seq_ctrl, tid));
 504 
 505                 return _FAIL;
 506         }
 507 
 508         if (1) {/* if (bretry) */
 509                 if (seq_ctrl == prxcache->tid_rxseq[tid]) {
 510                         RT_TRACE(_module_rtl871x_recv_c_, _drv_notice_, ("%s, seq_ctrl=0x%x, tid=0x%x, tid_rxseq=0x%x\n", __func__, seq_ctrl, tid, prxcache->tid_rxseq[tid]));
 511 
 512                         return _FAIL;
 513                 }
 514         }
 515 
 516         prxcache->tid_rxseq[tid] = seq_ctrl;
 517 
 518         return _SUCCESS;
 519 }
 520 
 521 static void process_pwrbit_data(struct adapter *padapter,
 522                                 struct recv_frame *precv_frame)
 523 {
 524 #ifdef CONFIG_88EU_AP_MODE
 525         unsigned char pwrbit;
 526         u8 *ptr = precv_frame->pkt->data;
 527         struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
 528         struct sta_priv *pstapriv = &padapter->stapriv;
 529         struct sta_info *psta = NULL;
 530 
 531         psta = rtw_get_stainfo(pstapriv, pattrib->src);
 532 
 533         pwrbit = GetPwrMgt(ptr);
 534 
 535         if (psta) {
 536                 if (pwrbit) {
 537                         if (!(psta->state & WIFI_SLEEP_STATE))
 538                                 stop_sta_xmit(padapter, psta);
 539                 } else {
 540                         if (psta->state & WIFI_SLEEP_STATE)
 541                                 wakeup_sta_to_xmit(padapter, psta);
 542                 }
 543         }
 544 
 545 #endif
 546 }
 547 
 548 static void process_wmmps_data(struct adapter *padapter,
 549                                struct recv_frame *precv_frame)
 550 {
 551 #ifdef CONFIG_88EU_AP_MODE
 552         struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
 553         struct sta_priv *pstapriv = &padapter->stapriv;
 554         struct sta_info *psta = NULL;
 555 
 556         psta = rtw_get_stainfo(pstapriv, pattrib->src);
 557 
 558         if (!psta)
 559                 return;
 560 
 561         if (!psta->qos_option)
 562                 return;
 563 
 564         if (!(psta->qos_info&0xf))
 565                 return;
 566 
 567         if (psta->state&WIFI_SLEEP_STATE) {
 568                 u8 wmmps_ac = 0;
 569 
 570                 switch (pattrib->priority) {
 571                 case 1:
 572                 case 2:
 573                         wmmps_ac = psta->uapsd_bk&BIT(1);
 574                         break;
 575                 case 4:
 576                 case 5:
 577                         wmmps_ac = psta->uapsd_vi&BIT(1);
 578                         break;
 579                 case 6:
 580                 case 7:
 581                         wmmps_ac = psta->uapsd_vo&BIT(1);
 582                         break;
 583                 case 0:
 584                 case 3:
 585                 default:
 586                         wmmps_ac = psta->uapsd_be&BIT(1);
 587                         break;
 588                 }
 589 
 590                 if (wmmps_ac) {
 591                         if (psta->sleepq_ac_len > 0) {
 592                                 /* process received triggered frame */
 593                                 xmit_delivery_enabled_frames(padapter, psta);
 594                         } else {
 595                                 /* issue one qos null frame with More data bit = 0 and the EOSP bit set (= 1) */
 596                                 issue_qos_nulldata(padapter, psta->hwaddr, (u16)pattrib->priority, 0, 0);
 597                         }
 598                 }
 599         }
 600 
 601 #endif
 602 }
 603 
 604 static void count_rx_stats(struct adapter *padapter,
 605                            struct recv_frame *prframe,
 606                            struct sta_info *sta)
 607 {
 608         int     sz;
 609         struct sta_info         *psta = NULL;
 610         struct stainfo_stats    *pstats = NULL;
 611         struct rx_pkt_attrib    *pattrib = &prframe->attrib;
 612         struct recv_priv        *precvpriv = &padapter->recvpriv;
 613 
 614         sz = prframe->pkt->len;
 615         precvpriv->rx_bytes += sz;
 616 
 617         padapter->mlmepriv.LinkDetectInfo.NumRxOkInPeriod++;
 618 
 619         if (!is_multicast_ether_addr(pattrib->dst))
 620                 padapter->mlmepriv.LinkDetectInfo.NumRxUnicastOkInPeriod++;
 621 
 622         if (sta)
 623                 psta = sta;
 624         else
 625                 psta = prframe->psta;
 626 
 627         if (psta) {
 628                 pstats = &psta->sta_stats;
 629 
 630                 pstats->rx_data_pkts++;
 631                 pstats->rx_bytes += sz;
 632         }
 633 }
 634 
 635 static int sta2sta_data_frame(struct adapter *adapter,
 636                               struct recv_frame *precv_frame,
 637                               struct sta_info **psta)
 638 {
 639         int ret = _SUCCESS;
 640         struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
 641         struct  sta_priv *pstapriv = &adapter->stapriv;
 642         struct  mlme_priv *pmlmepriv = &adapter->mlmepriv;
 643         u8 *mybssid  = get_bssid(pmlmepriv);
 644         u8 *myhwaddr = myid(&adapter->eeprompriv);
 645         u8 *sta_addr = NULL;
 646         bool mcast = is_multicast_ether_addr(pattrib->dst);
 647 
 648         if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) ||
 649             check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) {
 650                 /*  filter packets that SA is myself or multicast or broadcast */
 651                 if (!memcmp(myhwaddr, pattrib->src, ETH_ALEN)) {
 652                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, (" SA==myself\n"));
 653                         ret = _FAIL;
 654                         goto exit;
 655                 }
 656 
 657                 if (memcmp(myhwaddr, pattrib->dst, ETH_ALEN) && !mcast) {
 658                         ret = _FAIL;
 659                         goto exit;
 660                 }
 661 
 662                 if (!memcmp(pattrib->bssid, "\x0\x0\x0\x0\x0\x0", ETH_ALEN) ||
 663                     !memcmp(mybssid, "\x0\x0\x0\x0\x0\x0", ETH_ALEN) ||
 664                     memcmp(pattrib->bssid, mybssid, ETH_ALEN)) {
 665                         ret = _FAIL;
 666                         goto exit;
 667                 }
 668 
 669                 sta_addr = pattrib->src;
 670         } else if (check_fwstate(pmlmepriv, WIFI_STATION_STATE)) {
 671                 /*  For Station mode, sa and bssid should always be BSSID, and DA is my mac-address */
 672                 if (memcmp(pattrib->bssid, pattrib->src, ETH_ALEN)) {
 673                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("bssid!=TA under STATION_MODE; drop pkt\n"));
 674                         ret = _FAIL;
 675                         goto exit;
 676                 }
 677                 sta_addr = pattrib->bssid;
 678         } else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
 679                 if (mcast) {
 680                         /*  For AP mode, if DA == MCAST, then BSSID should be also MCAST */
 681                         if (!is_multicast_ether_addr(pattrib->bssid)) {
 682                                         ret = _FAIL;
 683                                         goto exit;
 684                         }
 685                 } else { /*  not mc-frame */
 686                         /*  For AP mode, if DA is non-MCAST, then it must be BSSID, and bssid == BSSID */
 687                         if (memcmp(pattrib->bssid, pattrib->dst, ETH_ALEN)) {
 688                                 ret = _FAIL;
 689                                 goto exit;
 690                         }
 691 
 692                         sta_addr = pattrib->src;
 693                 }
 694         } else {
 695                 ret  = _FAIL;
 696         }
 697 
 698         if (mcast)
 699                 *psta = rtw_get_bcmc_stainfo(adapter);
 700         else
 701                 *psta = rtw_get_stainfo(pstapriv, sta_addr); /*  get ap_info */
 702 
 703         if (!*psta) {
 704                 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("can't get psta under %s ; drop pkt\n", __func__));
 705                 ret = _FAIL;
 706                 goto exit;
 707         }
 708 
 709 exit:
 710         return ret;
 711 }
 712 
 713 static int ap2sta_data_frame(
 714         struct adapter *adapter,
 715         struct recv_frame *precv_frame,
 716         struct sta_info **psta)
 717 {
 718         u8 *ptr = precv_frame->pkt->data;
 719         struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
 720         int ret = _SUCCESS;
 721         struct  sta_priv *pstapriv = &adapter->stapriv;
 722         struct  mlme_priv *pmlmepriv = &adapter->mlmepriv;
 723         u8 *mybssid  = get_bssid(pmlmepriv);
 724         u8 *myhwaddr = myid(&adapter->eeprompriv);
 725         bool mcast = is_multicast_ether_addr(pattrib->dst);
 726 
 727         if (check_fwstate(pmlmepriv, WIFI_STATION_STATE) &&
 728             (check_fwstate(pmlmepriv, _FW_LINKED) ||
 729              check_fwstate(pmlmepriv, _FW_UNDER_LINKING))) {
 730                 /*  filter packets that SA is myself or multicast or broadcast */
 731                 if (!memcmp(myhwaddr, pattrib->src, ETH_ALEN)) {
 732                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, (" SA==myself\n"));
 733                         ret = _FAIL;
 734                         goto exit;
 735                 }
 736 
 737                 /*  da should be for me */
 738                 if (memcmp(myhwaddr, pattrib->dst, ETH_ALEN) && !mcast) {
 739                         RT_TRACE(_module_rtl871x_recv_c_, _drv_info_,
 740                                  (" %s:  compare DA fail; DA=%pM\n", __func__, (pattrib->dst)));
 741                         ret = _FAIL;
 742                         goto exit;
 743                 }
 744 
 745                 /*  check BSSID */
 746                 if (!memcmp(pattrib->bssid, "\x0\x0\x0\x0\x0\x0", ETH_ALEN) ||
 747                     !memcmp(mybssid, "\x0\x0\x0\x0\x0\x0", ETH_ALEN) ||
 748                      (memcmp(pattrib->bssid, mybssid, ETH_ALEN))) {
 749                         RT_TRACE(_module_rtl871x_recv_c_, _drv_info_,
 750                                  (" %s:  compare BSSID fail ; BSSID=%pM\n", __func__, (pattrib->bssid)));
 751                         RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("mybssid=%pM\n", (mybssid)));
 752 
 753                         if (!mcast) {
 754                                 DBG_88E("issue_deauth to the nonassociated ap=%pM for the reason(7)\n", (pattrib->bssid));
 755                                 issue_deauth(adapter, pattrib->bssid, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
 756                         }
 757 
 758                         ret = _FAIL;
 759                         goto exit;
 760                 }
 761 
 762                 if (mcast)
 763                         *psta = rtw_get_bcmc_stainfo(adapter);
 764                 else
 765                         *psta = rtw_get_stainfo(pstapriv, pattrib->bssid); /*  get ap_info */
 766 
 767                 if (!*psta) {
 768                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("ap2sta: can't get psta under STATION_MODE ; drop pkt\n"));
 769                         ret = _FAIL;
 770                         goto exit;
 771                 }
 772 
 773                 /* if ((GetFrameSubType(ptr) & WIFI_QOS_DATA_TYPE) == WIFI_QOS_DATA_TYPE) { */
 774                 /*  */
 775 
 776                 if (GetFrameSubType(ptr) & BIT(6)) {
 777                         /* No data, will not indicate to upper layer, temporily count it here */
 778                         count_rx_stats(adapter, precv_frame, *psta);
 779                         ret = RTW_RX_HANDLED;
 780                         goto exit;
 781                 }
 782         } else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
 783                 /* Special case */
 784                 ret = RTW_RX_HANDLED;
 785                 goto exit;
 786         } else {
 787                 if (!memcmp(myhwaddr, pattrib->dst, ETH_ALEN) && !mcast) {
 788                         *psta = rtw_get_stainfo(pstapriv, pattrib->bssid); /*  get sta_info */
 789                         if (!*psta) {
 790                                 DBG_88E("issue_deauth to the ap =%pM for the reason(7)\n", (pattrib->bssid));
 791 
 792                                 issue_deauth(adapter, pattrib->bssid, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
 793                         }
 794                 }
 795 
 796                 ret = _FAIL;
 797         }
 798 
 799 exit:
 800 
 801         return ret;
 802 }
 803 
 804 static int sta2ap_data_frame(struct adapter *adapter,
 805                              struct recv_frame *precv_frame,
 806                              struct sta_info **psta)
 807 {
 808         struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
 809         struct  sta_priv *pstapriv = &adapter->stapriv;
 810         struct  mlme_priv *pmlmepriv = &adapter->mlmepriv;
 811         u8 *ptr = precv_frame->pkt->data;
 812         unsigned char *mybssid  = get_bssid(pmlmepriv);
 813         int ret = _SUCCESS;
 814 
 815         if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
 816                 /* For AP mode, RA = BSSID, TX = STA(SRC_ADDR), A3 = DST_ADDR */
 817                 if (memcmp(pattrib->bssid, mybssid, ETH_ALEN)) {
 818                         ret = _FAIL;
 819                         goto exit;
 820                 }
 821 
 822                 *psta = rtw_get_stainfo(pstapriv, pattrib->src);
 823                 if (!*psta) {
 824                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("can't get psta under AP_MODE; drop pkt\n"));
 825                         DBG_88E("issue_deauth to sta=%pM for the reason(7)\n", (pattrib->src));
 826 
 827                         issue_deauth(adapter, pattrib->src, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
 828 
 829                         ret = RTW_RX_HANDLED;
 830                         goto exit;
 831                 }
 832 
 833                 process_pwrbit_data(adapter, precv_frame);
 834 
 835                 if ((GetFrameSubType(ptr) & WIFI_QOS_DATA_TYPE) == WIFI_QOS_DATA_TYPE)
 836                         process_wmmps_data(adapter, precv_frame);
 837 
 838                 if (GetFrameSubType(ptr) & BIT(6)) {
 839                         /* No data, will not indicate to upper layer, temporily count it here */
 840                         count_rx_stats(adapter, precv_frame, *psta);
 841                         ret = RTW_RX_HANDLED;
 842                         goto exit;
 843                 }
 844         } else {
 845                 u8 *myhwaddr = myid(&adapter->eeprompriv);
 846 
 847                 if (memcmp(pattrib->ra, myhwaddr, ETH_ALEN)) {
 848                         ret = RTW_RX_HANDLED;
 849                         goto exit;
 850                 }
 851                 DBG_88E("issue_deauth to sta=%pM for the reason(7)\n", (pattrib->src));
 852                 issue_deauth(adapter, pattrib->src, WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
 853                 ret = RTW_RX_HANDLED;
 854                 goto exit;
 855         }
 856 
 857 exit:
 858 
 859         return ret;
 860 }
 861 
 862 static int validate_recv_ctrl_frame(struct adapter *padapter,
 863                                     struct recv_frame *precv_frame)
 864 {
 865 #ifdef CONFIG_88EU_AP_MODE
 866         struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
 867         struct sta_priv *pstapriv = &padapter->stapriv;
 868         u8 *pframe = precv_frame->pkt->data;
 869 
 870         if (GetFrameType(pframe) != WIFI_CTRL_TYPE)
 871                 return _FAIL;
 872 
 873         /* receive the frames that ra(a1) is my address */
 874         if (memcmp(GetAddr1Ptr(pframe), myid(&padapter->eeprompriv), ETH_ALEN))
 875                 return _FAIL;
 876 
 877         /* only handle ps-poll */
 878         if (GetFrameSubType(pframe) == WIFI_PSPOLL) {
 879                 u16 aid;
 880                 u8 wmmps_ac = 0;
 881                 struct sta_info *psta = NULL;
 882 
 883                 aid = GetAid(pframe);
 884                 psta = rtw_get_stainfo(pstapriv, GetAddr2Ptr(pframe));
 885 
 886                 if ((!psta) || (psta->aid != aid))
 887                         return _FAIL;
 888 
 889                 /* for rx pkt statistics */
 890                 psta->sta_stats.rx_ctrl_pkts++;
 891 
 892                 switch (pattrib->priority) {
 893                 case 1:
 894                 case 2:
 895                         wmmps_ac = psta->uapsd_bk&BIT(0);
 896                         break;
 897                 case 4:
 898                 case 5:
 899                         wmmps_ac = psta->uapsd_vi&BIT(0);
 900                         break;
 901                 case 6:
 902                 case 7:
 903                         wmmps_ac = psta->uapsd_vo&BIT(0);
 904                         break;
 905                 case 0:
 906                 case 3:
 907                 default:
 908                         wmmps_ac = psta->uapsd_be&BIT(0);
 909                         break;
 910                 }
 911 
 912                 if (wmmps_ac)
 913                         return _FAIL;
 914 
 915                 if (psta->state & WIFI_STA_ALIVE_CHK_STATE) {
 916                         DBG_88E("%s alive check-rx ps-poll\n", __func__);
 917                         psta->expire_to = pstapriv->expire_to;
 918                         psta->state ^= WIFI_STA_ALIVE_CHK_STATE;
 919                 }
 920 
 921                 if ((psta->state&WIFI_SLEEP_STATE) && (pstapriv->sta_dz_bitmap&BIT(psta->aid))) {
 922                         struct list_head *xmitframe_plist, *xmitframe_phead;
 923                         struct xmit_frame *pxmitframe = NULL;
 924 
 925                         spin_lock_bh(&psta->sleep_q.lock);
 926 
 927                         xmitframe_phead = get_list_head(&psta->sleep_q);
 928                         xmitframe_plist = xmitframe_phead->next;
 929 
 930                         if (xmitframe_phead != xmitframe_plist) {
 931                                 pxmitframe = list_entry(xmitframe_plist, struct xmit_frame, list);
 932 
 933                                 xmitframe_plist = xmitframe_plist->next;
 934 
 935                                 list_del_init(&pxmitframe->list);
 936 
 937                                 psta->sleepq_len--;
 938 
 939                                 if (psta->sleepq_len > 0)
 940                                         pxmitframe->attrib.mdata = 1;
 941                                 else
 942                                         pxmitframe->attrib.mdata = 0;
 943 
 944                                 pxmitframe->attrib.triggered = 1;
 945 
 946                                 spin_unlock_bh(&psta->sleep_q.lock);
 947                                 if (rtw_hal_xmit(padapter, pxmitframe))
 948                                         rtw_os_xmit_complete(padapter, pxmitframe);
 949                                 spin_lock_bh(&psta->sleep_q.lock);
 950 
 951                                 if (psta->sleepq_len == 0) {
 952                                         pstapriv->tim_bitmap &= ~BIT(psta->aid);
 953 
 954                                         /* update BCN for TIM IE */
 955                                         /* update_BCNTIM(padapter); */
 956                                         update_beacon(padapter, _TIM_IE_, NULL, false);
 957                                 }
 958                         } else {
 959                                 if (pstapriv->tim_bitmap&BIT(psta->aid)) {
 960                                         if (psta->sleepq_len == 0) {
 961                                                 DBG_88E("no buffered packets to xmit\n");
 962 
 963                                                 /* issue nulldata with More data bit = 0 to indicate we have no buffered packets */
 964                                                 issue_nulldata(padapter, psta->hwaddr, 0, 0, 0);
 965                                         } else {
 966                                                 DBG_88E("error!psta->sleepq_len=%d\n", psta->sleepq_len);
 967                                                 psta->sleepq_len = 0;
 968                                         }
 969 
 970                                         pstapriv->tim_bitmap &= ~BIT(psta->aid);
 971 
 972                                         /* update BCN for TIM IE */
 973                                         /* update_BCNTIM(padapter); */
 974                                         update_beacon(padapter, _TIM_IE_, NULL, false);
 975                                 }
 976                         }
 977 
 978                         spin_unlock_bh(&psta->sleep_q.lock);
 979                 }
 980         }
 981 
 982 #endif
 983 
 984         return _FAIL;
 985 }
 986 
 987 struct recv_frame *recvframe_chk_defrag(struct adapter *padapter,
 988                                         struct recv_frame *precv_frame);
 989 
 990 static int validate_recv_mgnt_frame(struct adapter *padapter,
 991                                     struct recv_frame *precv_frame)
 992 {
 993         struct sta_info *psta;
 994 
 995         RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("+%s\n", __func__));
 996 
 997         precv_frame = recvframe_chk_defrag(padapter, precv_frame);
 998         if (!precv_frame) {
 999                 RT_TRACE(_module_rtl871x_recv_c_, _drv_notice_,
1000                          ("%s: fragment packet\n", __func__));
1001                 return _SUCCESS;
1002         }
1003 
1004         /* for rx pkt statistics */
1005         psta = rtw_get_stainfo(&padapter->stapriv,
1006                                GetAddr2Ptr(precv_frame->pkt->data));
1007         if (psta) {
1008                 psta->sta_stats.rx_mgnt_pkts++;
1009                 if (GetFrameSubType(precv_frame->pkt->data) == WIFI_BEACON) {
1010                         psta->sta_stats.rx_beacon_pkts++;
1011                 } else if (GetFrameSubType(precv_frame->pkt->data) == WIFI_PROBEREQ) {
1012                         psta->sta_stats.rx_probereq_pkts++;
1013                 } else if (GetFrameSubType(precv_frame->pkt->data) == WIFI_PROBERSP) {
1014                         if (!memcmp(padapter->eeprompriv.mac_addr,
1015                                     GetAddr1Ptr(precv_frame->pkt->data), ETH_ALEN))
1016                                 psta->sta_stats.rx_probersp_pkts++;
1017                         else if (is_multicast_ether_addr(GetAddr1Ptr(precv_frame->pkt->data)))
1018                                 psta->sta_stats.rx_probersp_bm_pkts++;
1019                         else
1020                                 psta->sta_stats.rx_probersp_uo_pkts++;
1021                 }
1022         }
1023 
1024         mgt_dispatcher(padapter, precv_frame);
1025 
1026         return _SUCCESS;
1027 }
1028 
1029 static int validate_recv_data_frame(struct adapter *adapter,
1030                                     struct recv_frame *precv_frame)
1031 {
1032         u8 bretry;
1033         u8 *psa, *pda, *pbssid;
1034         struct sta_info *psta = NULL;
1035         u8 *ptr = precv_frame->pkt->data;
1036         struct rx_pkt_attrib    *pattrib = &precv_frame->attrib;
1037         struct security_priv    *psecuritypriv = &adapter->securitypriv;
1038         int ret = _SUCCESS;
1039 
1040         bretry = GetRetry(ptr);
1041         pda = get_da(ptr);
1042         psa = get_sa(ptr);
1043         pbssid = get_hdr_bssid(ptr);
1044 
1045         if (!pbssid) {
1046                 ret = _FAIL;
1047                 goto exit;
1048         }
1049 
1050         memcpy(pattrib->dst, pda, ETH_ALEN);
1051         memcpy(pattrib->src, psa, ETH_ALEN);
1052 
1053         memcpy(pattrib->bssid, pbssid, ETH_ALEN);
1054 
1055         switch (pattrib->to_fr_ds) {
1056         case 0:
1057                 memcpy(pattrib->ra, pda, ETH_ALEN);
1058                 memcpy(pattrib->ta, psa, ETH_ALEN);
1059                 ret = sta2sta_data_frame(adapter, precv_frame, &psta);
1060                 break;
1061         case 1:
1062                 memcpy(pattrib->ra, pda, ETH_ALEN);
1063                 memcpy(pattrib->ta, pbssid, ETH_ALEN);
1064                 ret = ap2sta_data_frame(adapter, precv_frame, &psta);
1065                 break;
1066         case 2:
1067                 memcpy(pattrib->ra, pbssid, ETH_ALEN);
1068                 memcpy(pattrib->ta, psa, ETH_ALEN);
1069                 ret = sta2ap_data_frame(adapter, precv_frame, &psta);
1070                 break;
1071         case 3:
1072                 memcpy(pattrib->ra, GetAddr1Ptr(ptr), ETH_ALEN);
1073                 memcpy(pattrib->ta, GetAddr2Ptr(ptr), ETH_ALEN);
1074                 ret = _FAIL;
1075                 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, (" case 3\n"));
1076                 break;
1077         default:
1078                 ret = _FAIL;
1079                 break;
1080         }
1081 
1082         if (ret == _FAIL)
1083                 goto exit;
1084         else if (ret == RTW_RX_HANDLED)
1085                 goto exit;
1086 
1087         if (!psta) {
1088                 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, (" after to_fr_ds_chk; psta==NULL\n"));
1089                 ret = _FAIL;
1090                 goto exit;
1091         }
1092 
1093         /* psta->rssi = prxcmd->rssi; */
1094         /* psta->signal_quality = prxcmd->sq; */
1095         precv_frame->psta = psta;
1096 
1097         pattrib->amsdu = 0;
1098         pattrib->ack_policy = 0;
1099         /* parsing QC field */
1100         if (pattrib->qos == 1) {
1101                 pattrib->priority = GetPriority((ptr + 24));
1102                 pattrib->ack_policy = GetAckpolicy((ptr + 24));
1103                 pattrib->amsdu = GetAMsdu((ptr + 24));
1104                 pattrib->hdrlen = pattrib->to_fr_ds == 3 ? 32 : 26;
1105 
1106                 if (pattrib->priority != 0 && pattrib->priority != 3)
1107                         adapter->recvpriv.bIsAnyNonBEPkts = true;
1108         } else {
1109                 pattrib->priority = 0;
1110                 pattrib->hdrlen = pattrib->to_fr_ds == 3 ? 30 : 24;
1111         }
1112 
1113         if (pattrib->order)/* HT-CTRL 11n */
1114                 pattrib->hdrlen += 4;
1115 
1116         precv_frame->preorder_ctrl = &psta->recvreorder_ctrl[pattrib->priority];
1117 
1118         /*  decache, drop duplicate recv packets */
1119         if (recv_decache(precv_frame, bretry, &psta->sta_recvpriv.rxcache) == _FAIL) {
1120                 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("decache : drop pkt\n"));
1121                 ret = _FAIL;
1122                 goto exit;
1123         }
1124 
1125         if (pattrib->privacy) {
1126                 RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("%s:pattrib->privacy=%x\n", __func__, pattrib->privacy));
1127                 RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("\n ^^^^^^^^^^^is_multicast_ether_addr(pattrib->ra(0x%02x))=%d^^^^^^^^^^^^^^^6\n", pattrib->ra[0], is_multicast_ether_addr(pattrib->ra)));
1128 
1129                 GET_ENCRY_ALGO(psecuritypriv, psta, pattrib->encrypt, is_multicast_ether_addr(pattrib->ra));
1130 
1131                 RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("\n pattrib->encrypt=%d\n", pattrib->encrypt));
1132 
1133                 SET_ICE_IV_LEN(pattrib->iv_len, pattrib->icv_len, pattrib->encrypt);
1134         } else {
1135                 pattrib->encrypt = 0;
1136                 pattrib->iv_len = 0;
1137                 pattrib->icv_len = 0;
1138         }
1139 
1140 exit:
1141 
1142         return ret;
1143 }
1144 
1145 static int validate_recv_frame(struct adapter *adapter,
1146                                struct recv_frame *precv_frame)
1147 {
1148         /* shall check frame subtype, to / from ds, da, bssid */
1149 
1150         /* then call check if rx seq/frag. duplicated. */
1151 
1152         u8 type;
1153         u8 subtype;
1154         int retval = _SUCCESS;
1155         u8 bDumpRxPkt;
1156         struct rx_pkt_attrib *pattrib = &precv_frame->attrib;
1157         u8 *ptr = precv_frame->pkt->data;
1158         u8  ver = (unsigned char)(*ptr) & 0x3;
1159         struct mlme_ext_priv *pmlmeext = &adapter->mlmeextpriv;
1160 
1161         if (pmlmeext->sitesurvey_res.state == SCAN_PROCESS) {
1162                 int ch_set_idx = rtw_ch_set_search_ch(pmlmeext->channel_set, rtw_get_oper_ch(adapter));
1163 
1164                 if (ch_set_idx >= 0)
1165                         pmlmeext->channel_set[ch_set_idx].rx_count++;
1166         }
1167 
1168         /* add version chk */
1169         if (ver != 0) {
1170                 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("validate_recv_data_frame fail! (ver!=0)\n"));
1171                 retval = _FAIL;
1172                 goto exit;
1173         }
1174 
1175         type =  GetFrameType(ptr);
1176         subtype = GetFrameSubType(ptr); /* bit(7)~bit(2) */
1177 
1178         pattrib->to_fr_ds = get_tofr_ds(ptr);
1179 
1180         pattrib->frag_num = GetFragNum(ptr);
1181         pattrib->seq_num = GetSequence(ptr);
1182 
1183         pattrib->pw_save = GetPwrMgt(ptr);
1184         pattrib->mfrag = GetMFrag(ptr);
1185         pattrib->mdata = GetMData(ptr);
1186         pattrib->privacy = GetPrivacy(ptr);
1187         pattrib->order = GetOrder(ptr);
1188 
1189         /* Dump rx packets */
1190         rtw_hal_get_def_var(adapter, HAL_DEF_DBG_DUMP_RXPKT, &(bDumpRxPkt));
1191         if (bDumpRxPkt == 1) {/* dump all rx packets */
1192                 if (_drv_err_ <= GlobalDebugLevel) {
1193                         pr_info(DRIVER_PREFIX "#############################\n");
1194                         print_hex_dump(KERN_INFO, DRIVER_PREFIX, DUMP_PREFIX_NONE,
1195                                         16, 1, ptr, 64, false);
1196                         pr_info(DRIVER_PREFIX "#############################\n");
1197                 }
1198         } else if (bDumpRxPkt == 2) {
1199                 if ((_drv_err_ <= GlobalDebugLevel) && (type == WIFI_MGT_TYPE)) {
1200                         pr_info(DRIVER_PREFIX "#############################\n");
1201                         print_hex_dump(KERN_INFO, DRIVER_PREFIX, DUMP_PREFIX_NONE,
1202                                         16, 1, ptr, 64, false);
1203                         pr_info(DRIVER_PREFIX "#############################\n");
1204                 }
1205         } else if (bDumpRxPkt == 3) {
1206                 if ((_drv_err_ <= GlobalDebugLevel) && (type == WIFI_DATA_TYPE)) {
1207                         pr_info(DRIVER_PREFIX "#############################\n");
1208                         print_hex_dump(KERN_INFO, DRIVER_PREFIX, DUMP_PREFIX_NONE,
1209                                         16, 1, ptr, 64, false);
1210                         pr_info(DRIVER_PREFIX "#############################\n");
1211                 }
1212         }
1213         switch (type) {
1214         case WIFI_MGT_TYPE: /* mgnt */
1215                 retval = validate_recv_mgnt_frame(adapter, precv_frame);
1216                 if (retval == _FAIL)
1217                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("validate_recv_mgnt_frame fail\n"));
1218                 retval = _FAIL; /*  only data frame return _SUCCESS */
1219                 break;
1220         case WIFI_CTRL_TYPE: /* ctrl */
1221                 retval = validate_recv_ctrl_frame(adapter, precv_frame);
1222                 if (retval == _FAIL)
1223                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("validate_recv_ctrl_frame fail\n"));
1224                 retval = _FAIL; /*  only data frame return _SUCCESS */
1225                 break;
1226         case WIFI_DATA_TYPE: /* data */
1227                 led_control_8188eu(adapter, LED_CTL_RX);
1228                 pattrib->qos = (subtype & BIT(7)) ? 1 : 0;
1229                 retval = validate_recv_data_frame(adapter, precv_frame);
1230                 if (retval == _FAIL) {
1231                         struct recv_priv *precvpriv = &adapter->recvpriv;
1232 
1233                         precvpriv->rx_drop++;
1234                 }
1235                 break;
1236         default:
1237                 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("validate_recv_data_frame fail! type= 0x%x\n", type));
1238                 retval = _FAIL;
1239                 break;
1240         }
1241 
1242         /*
1243          * This is the last moment before management and control frames get
1244          * discarded. So we need to forward them to the monitor now or never.
1245          *
1246          * At the same time data frames can still be encrypted if software
1247          * decryption is in use. However, decryption can occur not until later
1248          * (see recv_func()).
1249          *
1250          * Hence forward the frame to the monitor anyway to preserve the order
1251          * in which frames were received.
1252          */
1253         rtl88eu_mon_recv_hook(adapter->pmondev, precv_frame);
1254 
1255 exit:
1256 
1257         return retval;
1258 }
1259 
1260 /* remove the wlanhdr and add the eth_hdr */
1261 
1262 static int wlanhdr_to_ethhdr(struct recv_frame *precvframe)
1263 {
1264         int     rmv_len;
1265         u16     eth_type, len;
1266         __be16 be_tmp;
1267         u8      bsnaphdr;
1268         u8      *psnap_type;
1269         struct ieee80211_snap_hdr       *psnap;
1270 
1271         u8 *ptr = precvframe->pkt->data;
1272         struct rx_pkt_attrib *pattrib = &precvframe->attrib;
1273 
1274         if (pattrib->encrypt)
1275                 skb_trim(precvframe->pkt, precvframe->pkt->len - pattrib->icv_len);
1276 
1277         psnap = (struct ieee80211_snap_hdr *)(ptr+pattrib->hdrlen + pattrib->iv_len);
1278         psnap_type = ptr+pattrib->hdrlen + pattrib->iv_len+SNAP_SIZE;
1279         /* convert hdr + possible LLC headers into Ethernet header */
1280         if ((!memcmp(psnap, rtw_rfc1042_header, SNAP_SIZE) &&
1281              memcmp(psnap_type, SNAP_ETH_TYPE_IPX, 2) &&
1282              memcmp(psnap_type, SNAP_ETH_TYPE_APPLETALK_AARP, 2)) ||
1283              !memcmp(psnap, rtw_bridge_tunnel_header, SNAP_SIZE)) {
1284                 /* remove RFC1042 or Bridge-Tunnel encapsulation and replace EtherType */
1285                 bsnaphdr = true;
1286         } else {
1287                 /* Leave Ethernet header part of hdr and full payload */
1288                 bsnaphdr = false;
1289         }
1290 
1291         rmv_len = pattrib->hdrlen + pattrib->iv_len + (bsnaphdr ? SNAP_SIZE : 0);
1292         len = precvframe->pkt->len - rmv_len;
1293 
1294         RT_TRACE(_module_rtl871x_recv_c_, _drv_info_,
1295                  ("\n===pattrib->hdrlen: %x,  pattrib->iv_len:%x===\n\n", pattrib->hdrlen,  pattrib->iv_len));
1296 
1297         memcpy(&be_tmp, ptr+rmv_len, 2);
1298         eth_type = ntohs(be_tmp); /* pattrib->ether_type */
1299         pattrib->eth_type = eth_type;
1300 
1301         ptr = skb_pull(precvframe->pkt, rmv_len - sizeof(struct ethhdr) + (bsnaphdr ? 2 : 0));
1302         if (!ptr)
1303                 return _FAIL;
1304 
1305         memcpy(ptr, pattrib->dst, ETH_ALEN);
1306         memcpy(ptr + ETH_ALEN, pattrib->src, ETH_ALEN);
1307 
1308         if (!bsnaphdr) {
1309                 be_tmp = htons(len);
1310                 memcpy(ptr + 12, &be_tmp, 2);
1311         }
1312 
1313         return _SUCCESS;
1314 }
1315 
1316 /* perform defrag */
1317 static struct recv_frame *recvframe_defrag(struct adapter *adapter,
1318                                            struct __queue *defrag_q)
1319 {
1320         struct list_head *plist, *phead;
1321         u8 wlanhdr_offset;
1322         u8      curfragnum;
1323         struct recv_frame *pnfhdr;
1324         struct recv_frame *prframe, *pnextrframe;
1325         struct __queue *pfree_recv_queue;
1326 
1327         curfragnum = 0;
1328         pfree_recv_queue = &adapter->recvpriv.free_recv_queue;
1329 
1330         phead = get_list_head(defrag_q);
1331         plist = phead->next;
1332         prframe = list_entry(plist, struct recv_frame, list);
1333         list_del_init(&prframe->list);
1334 
1335         if (curfragnum != prframe->attrib.frag_num) {
1336                 /* the first fragment number must be 0 */
1337                 /* free the whole queue */
1338                 rtw_free_recvframe(prframe, pfree_recv_queue);
1339                 rtw_free_recvframe_queue(defrag_q, pfree_recv_queue);
1340 
1341                 return NULL;
1342         }
1343 
1344         curfragnum++;
1345 
1346         plist = get_list_head(defrag_q);
1347 
1348         plist = plist->next;
1349 
1350         while (phead != plist) {
1351                 pnfhdr = list_entry(plist, struct recv_frame, list);
1352                 pnextrframe = pnfhdr;
1353 
1354                 /* check the fragment sequence  (2nd ~n fragment frame) */
1355 
1356                 if (curfragnum != pnfhdr->attrib.frag_num) {
1357                         /* the fragment number must be increasing  (after decache) */
1358                         /* release the defrag_q & prframe */
1359                         rtw_free_recvframe(prframe, pfree_recv_queue);
1360                         rtw_free_recvframe_queue(defrag_q, pfree_recv_queue);
1361                         return NULL;
1362                 }
1363 
1364                 curfragnum++;
1365 
1366                 /* copy the 2nd~n fragment frame's payload to the first fragment */
1367                 /* get the 2nd~last fragment frame's payload */
1368 
1369                 wlanhdr_offset = pnfhdr->attrib.hdrlen + pnfhdr->attrib.iv_len;
1370 
1371                 skb_pull(pnextrframe->pkt, wlanhdr_offset);
1372 
1373                 /* append  to first fragment frame's tail (if privacy frame, pull the ICV) */
1374                 skb_trim(prframe->pkt, prframe->pkt->len - prframe->attrib.icv_len);
1375 
1376                 skb_put_data(prframe->pkt, pnfhdr->pkt->data, pnfhdr->pkt->len);
1377 
1378                 prframe->attrib.icv_len = pnfhdr->attrib.icv_len;
1379                 plist = plist->next;
1380         }
1381 
1382         /* free the defrag_q queue and return the prframe */
1383         rtw_free_recvframe_queue(defrag_q, pfree_recv_queue);
1384 
1385         RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("Performance defrag!!!!!\n"));
1386 
1387         return prframe;
1388 }
1389 
1390 /* check if need to defrag, if needed queue the frame to defrag_q */
1391 struct recv_frame *recvframe_chk_defrag(struct adapter *padapter,
1392                                         struct recv_frame *precv_frame)
1393 {
1394         u8      ismfrag;
1395         u8      fragnum;
1396         u8      *psta_addr;
1397         struct recv_frame *pfhdr;
1398         struct sta_info *psta;
1399         struct sta_priv *pstapriv;
1400         struct list_head *phead;
1401         struct recv_frame *prtnframe = NULL;
1402         struct __queue *pfree_recv_queue, *pdefrag_q;
1403 
1404         pstapriv = &padapter->stapriv;
1405 
1406         pfhdr = precv_frame;
1407 
1408         pfree_recv_queue = &padapter->recvpriv.free_recv_queue;
1409 
1410         /* need to define struct of wlan header frame ctrl */
1411         ismfrag = pfhdr->attrib.mfrag;
1412         fragnum = pfhdr->attrib.frag_num;
1413 
1414         psta_addr = pfhdr->attrib.ta;
1415         psta = rtw_get_stainfo(pstapriv, psta_addr);
1416         if (!psta) {
1417                 u8 type = GetFrameType(pfhdr->pkt->data);
1418 
1419                 if (type != WIFI_DATA_TYPE) {
1420                         psta = rtw_get_bcmc_stainfo(padapter);
1421                         pdefrag_q = &psta->sta_recvpriv.defrag_q;
1422                 } else {
1423                         pdefrag_q = NULL;
1424                 }
1425         } else {
1426                 pdefrag_q = &psta->sta_recvpriv.defrag_q;
1427         }
1428 
1429         if ((ismfrag == 0) && (fragnum == 0))
1430                 prtnframe = precv_frame;/* isn't a fragment frame */
1431 
1432         if (ismfrag == 1) {
1433                 /* 0~(n-1) fragment frame */
1434                 /* enqueue to defraf_g */
1435                 if (pdefrag_q) {
1436                         if (fragnum == 0) {
1437                                 /* the first fragment */
1438                                 if (!list_empty(&pdefrag_q->queue))
1439                                         /* free current defrag_q */
1440                                         rtw_free_recvframe_queue(pdefrag_q, pfree_recv_queue);
1441                         }
1442 
1443                         /* Then enqueue the 0~(n-1) fragment into the defrag_q */
1444 
1445                         phead = get_list_head(pdefrag_q);
1446                         list_add_tail(&pfhdr->list, phead);
1447 
1448                         RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("Enqueuq: ismfrag=%d, fragnum=%d\n", ismfrag, fragnum));
1449 
1450                         prtnframe = NULL;
1451                 } else {
1452                         /* can't find this ta's defrag_queue, so free this recv_frame */
1453                         rtw_free_recvframe(precv_frame, pfree_recv_queue);
1454                         prtnframe = NULL;
1455                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("Free because pdefrag_q==NULL: ismfrag=%d, fragnum=%d\n", ismfrag, fragnum));
1456                 }
1457         }
1458 
1459         if ((ismfrag == 0) && (fragnum != 0)) {
1460                 /* the last fragment frame */
1461                 /* enqueue the last fragment */
1462                 if (pdefrag_q) {
1463                         phead = get_list_head(pdefrag_q);
1464                         list_add_tail(&pfhdr->list, phead);
1465 
1466                         /* call recvframe_defrag to defrag */
1467                         RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("defrag: ismfrag=%d, fragnum=%d\n", ismfrag, fragnum));
1468                         precv_frame = recvframe_defrag(padapter, pdefrag_q);
1469                         prtnframe = precv_frame;
1470                 } else {
1471                         /* can't find this ta's defrag_queue, so free this recv_frame */
1472                         rtw_free_recvframe(precv_frame, pfree_recv_queue);
1473                         prtnframe = NULL;
1474                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("Free because pdefrag_q==NULL: ismfrag=%d, fragnum=%d\n", ismfrag, fragnum));
1475                 }
1476         }
1477 
1478         if (prtnframe && (prtnframe->attrib.privacy)) {
1479                 /* after defrag we must check tkip mic code */
1480                 if (recvframe_chkmic(padapter,  prtnframe) == _FAIL) {
1481                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("recvframe_chkmic(padapter,  prtnframe)==_FAIL\n"));
1482                         rtw_free_recvframe(prtnframe, pfree_recv_queue);
1483                         prtnframe = NULL;
1484                 }
1485         }
1486 
1487         return prtnframe;
1488 }
1489 
1490 static int amsdu_to_msdu(struct adapter *padapter, struct recv_frame *prframe)
1491 {
1492         int     a_len, padding_len;
1493         u16     eth_type, nSubframe_Length;
1494         u8      nr_subframes, i;
1495         unsigned char *pdata;
1496         struct rx_pkt_attrib *pattrib;
1497         struct sk_buff *sub_skb, *subframes[MAX_SUBFRAME_COUNT];
1498         struct recv_priv *precvpriv = &padapter->recvpriv;
1499         struct __queue *pfree_recv_queue = &precvpriv->free_recv_queue;
1500 
1501         nr_subframes = 0;
1502         pattrib = &prframe->attrib;
1503 
1504         skb_pull(prframe->pkt, prframe->attrib.hdrlen);
1505 
1506         if (prframe->attrib.iv_len > 0)
1507                 skb_pull(prframe->pkt, prframe->attrib.iv_len);
1508 
1509         a_len = prframe->pkt->len;
1510 
1511         pdata = prframe->pkt->data;
1512 
1513         while (a_len > ETH_HLEN) {
1514                 /* Offset 12 denote 2 mac address */
1515                 nSubframe_Length = get_unaligned_be16(pdata + 12);
1516 
1517                 if (a_len < (ETHERNET_HEADER_SIZE + nSubframe_Length)) {
1518                         DBG_88E("nRemain_Length is %d and nSubframe_Length is : %d\n", a_len, nSubframe_Length);
1519                         goto exit;
1520                 }
1521 
1522                 /* move the data point to data content */
1523                 pdata += ETH_HLEN;
1524                 a_len -= ETH_HLEN;
1525 
1526                 /* Allocate new skb for releasing to upper layer */
1527                 sub_skb = dev_alloc_skb(nSubframe_Length + 12);
1528                 if (sub_skb) {
1529                         skb_reserve(sub_skb, 12);
1530                         skb_put_data(sub_skb, pdata, nSubframe_Length);
1531                 } else {
1532                         sub_skb = skb_clone(prframe->pkt, GFP_ATOMIC);
1533                         if (sub_skb) {
1534                                 sub_skb->data = pdata;
1535                                 sub_skb->len = nSubframe_Length;
1536                                 skb_set_tail_pointer(sub_skb, nSubframe_Length);
1537                         } else {
1538                                 DBG_88E("skb_clone() Fail!!! , nr_subframes=%d\n", nr_subframes);
1539                                 break;
1540                         }
1541                 }
1542 
1543                 subframes[nr_subframes++] = sub_skb;
1544 
1545                 if (nr_subframes >= MAX_SUBFRAME_COUNT) {
1546                         DBG_88E("ParseSubframe(): Too many Subframes! Packets dropped!\n");
1547                         break;
1548                 }
1549 
1550                 pdata += nSubframe_Length;
1551                 a_len -= nSubframe_Length;
1552                 if (a_len != 0) {
1553                         padding_len = 4 - ((nSubframe_Length + ETH_HLEN) & (4-1));
1554                         if (padding_len == 4)
1555                                 padding_len = 0;
1556 
1557                         if (a_len < padding_len)
1558                                 goto exit;
1559 
1560                         pdata += padding_len;
1561                         a_len -= padding_len;
1562                 }
1563         }
1564 
1565         for (i = 0; i < nr_subframes; i++) {
1566                 sub_skb = subframes[i];
1567                 /* convert hdr + possible LLC headers into Ethernet header */
1568                 eth_type = get_unaligned_be16(&sub_skb->data[6]);
1569                 if (sub_skb->len >= 8 &&
1570                     ((!memcmp(sub_skb->data, rtw_rfc1042_header, SNAP_SIZE) &&
1571                           eth_type != ETH_P_AARP && eth_type != ETH_P_IPX) ||
1572                          !memcmp(sub_skb->data, rtw_bridge_tunnel_header, SNAP_SIZE))) {
1573                         /* remove RFC1042 or Bridge-Tunnel encapsulation and replace EtherType */
1574                         skb_pull(sub_skb, SNAP_SIZE);
1575                         memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->src, ETH_ALEN);
1576                         memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->dst, ETH_ALEN);
1577                 } else {
1578                         __be16 len;
1579                         /* Leave Ethernet header part of hdr and full payload */
1580                         len = htons(sub_skb->len);
1581                         memcpy(skb_push(sub_skb, 2), &len, 2);
1582                         memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->src, ETH_ALEN);
1583                         memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->dst, ETH_ALEN);
1584                 }
1585 
1586                 /* Indicate the packets to upper layer */
1587                 /*  Insert NAT2.5 RX here! */
1588                 sub_skb->protocol = eth_type_trans(sub_skb, padapter->pnetdev);
1589                 sub_skb->dev = padapter->pnetdev;
1590 
1591                 sub_skb->ip_summed = CHECKSUM_NONE;
1592 
1593                 netif_rx(sub_skb);
1594         }
1595 
1596 exit:
1597         rtw_free_recvframe(prframe, pfree_recv_queue);/* free this recv_frame */
1598 
1599         return _SUCCESS;
1600 }
1601 
1602 static int check_indicate_seq(struct recv_reorder_ctrl *preorder_ctrl, u16 seq_num)
1603 {
1604         u8      wsize = preorder_ctrl->wsize_b;
1605         u16     wend = (preorder_ctrl->indicate_seq + wsize - 1) & 0xFFF;/*  4096; */
1606 
1607         /*  Rx Reorder initialize condition. */
1608         if (preorder_ctrl->indicate_seq == 0xFFFF)
1609                 preorder_ctrl->indicate_seq = seq_num;
1610 
1611         /*  Drop out the packet which SeqNum is smaller than WinStart */
1612         if (SN_LESS(seq_num, preorder_ctrl->indicate_seq))
1613                 return false;
1614 
1615         /*  */
1616         /*  Sliding window manipulation. Conditions includes: */
1617         /*  1. Incoming SeqNum is equal to WinStart =>Window shift 1 */
1618         /*  2. Incoming SeqNum is larger than the WinEnd => Window shift N */
1619         /*  */
1620         if (SN_EQUAL(seq_num, preorder_ctrl->indicate_seq)) {
1621                 preorder_ctrl->indicate_seq = (preorder_ctrl->indicate_seq + 1) & 0xFFF;
1622         } else if (SN_LESS(wend, seq_num)) {
1623                 if (seq_num >= (wsize - 1))
1624                         preorder_ctrl->indicate_seq = seq_num + 1 - wsize;
1625                 else
1626                         preorder_ctrl->indicate_seq = 0xFFF - (wsize - (seq_num + 1)) + 1;
1627         }
1628 
1629         return true;
1630 }
1631 
1632 static int enqueue_reorder_recvframe(struct recv_reorder_ctrl *preorder_ctrl,
1633                                      struct recv_frame *prframe)
1634 {
1635         struct rx_pkt_attrib *pattrib = &prframe->attrib;
1636         struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1637         struct list_head *phead, *plist;
1638         struct recv_frame *hdr;
1639         struct rx_pkt_attrib *pnextattrib;
1640 
1641         phead = get_list_head(ppending_recvframe_queue);
1642         plist = phead->next;
1643 
1644         while (phead != plist) {
1645                 hdr = list_entry(plist, struct recv_frame, list);
1646                 pnextattrib = &hdr->attrib;
1647 
1648                 if (SN_LESS(pnextattrib->seq_num, pattrib->seq_num))
1649                         plist = plist->next;
1650                 else if (SN_EQUAL(pnextattrib->seq_num, pattrib->seq_num))
1651                         return false;
1652                 else
1653                         break;
1654         }
1655 
1656         list_del_init(&prframe->list);
1657 
1658         list_add_tail(&prframe->list, plist);
1659         return true;
1660 }
1661 
1662 static int recv_indicatepkts_in_order(struct adapter *padapter, struct recv_reorder_ctrl *preorder_ctrl, int bforced)
1663 {
1664         struct list_head *phead, *plist;
1665         struct recv_frame *prframe;
1666         struct recv_frame *prhdr;
1667         struct rx_pkt_attrib *pattrib;
1668         int bPktInBuf = false;
1669         struct recv_priv *precvpriv = &padapter->recvpriv;
1670         struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1671 
1672         phead =         get_list_head(ppending_recvframe_queue);
1673         plist = phead->next;
1674 
1675         /*  Handling some condition for forced indicate case. */
1676         if (bforced) {
1677                 if (list_empty(phead))
1678                         return true;
1679 
1680                 prhdr = list_entry(plist, struct recv_frame, list);
1681                 pattrib = &prhdr->attrib;
1682                 preorder_ctrl->indicate_seq = pattrib->seq_num;
1683         }
1684 
1685         /*  Prepare indication list and indication. */
1686         /*  Check if there is any packet need indicate. */
1687         while (!list_empty(phead)) {
1688                 prhdr = list_entry(plist, struct recv_frame, list);
1689                 prframe = prhdr;
1690                 pattrib = &prframe->attrib;
1691 
1692                 if (!SN_LESS(preorder_ctrl->indicate_seq, pattrib->seq_num)) {
1693                         RT_TRACE(_module_rtl871x_recv_c_, _drv_notice_,
1694                                  ("%s: indicate=%d seq=%d amsdu=%d\n",
1695                                   __func__, preorder_ctrl->indicate_seq, pattrib->seq_num, pattrib->amsdu));
1696                         plist = plist->next;
1697                         list_del_init(&prframe->list);
1698 
1699                         if (SN_EQUAL(preorder_ctrl->indicate_seq, pattrib->seq_num))
1700                                 preorder_ctrl->indicate_seq = (preorder_ctrl->indicate_seq + 1) & 0xFFF;
1701 
1702                         /* Set this as a lock to make sure that only one thread is indicating packet. */
1703 
1704                         /* indicate this recv_frame */
1705                         if (!pattrib->amsdu) {
1706                                 if ((!padapter->bDriverStopped) &&
1707                                     (!padapter->bSurpriseRemoved))
1708                                         rtw_recv_indicatepkt(padapter, prframe);/* indicate this recv_frame */
1709                         } else if (pattrib->amsdu == 1) {
1710                                 if (amsdu_to_msdu(padapter, prframe) != _SUCCESS)
1711                                         rtw_free_recvframe(prframe, &precvpriv->free_recv_queue);
1712                         } else {
1713                                 /* error condition; */
1714                         }
1715 
1716                         /* Update local variables. */
1717                         bPktInBuf = false;
1718                 } else {
1719                         bPktInBuf = true;
1720                         break;
1721                 }
1722         }
1723         return bPktInBuf;
1724 }
1725 
1726 static int recv_indicatepkt_reorder(struct adapter *padapter,
1727                                     struct recv_frame *prframe)
1728 {
1729         int retval = _SUCCESS;
1730         struct rx_pkt_attrib *pattrib = &prframe->attrib;
1731         struct recv_reorder_ctrl *preorder_ctrl = prframe->preorder_ctrl;
1732         struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1733 
1734         if (!pattrib->amsdu) {
1735                 /* s1. */
1736                 wlanhdr_to_ethhdr(prframe);
1737 
1738                 if ((pattrib->qos != 1) || (pattrib->eth_type == 0x0806) ||
1739                     (pattrib->ack_policy != 0)) {
1740                         if ((!padapter->bDriverStopped) &&
1741                             (!padapter->bSurpriseRemoved)) {
1742                                 RT_TRACE(_module_rtl871x_recv_c_, _drv_notice_, ("@@@@  %s -recv_func recv_indicatepkt\n", __func__));
1743 
1744                                 rtw_recv_indicatepkt(padapter, prframe);
1745                                 return _SUCCESS;
1746                         }
1747 
1748                         return _FAIL;
1749                 }
1750 
1751                 if (!preorder_ctrl->enable) {
1752                         /* indicate this recv_frame */
1753                         preorder_ctrl->indicate_seq = pattrib->seq_num;
1754                         rtw_recv_indicatepkt(padapter, prframe);
1755 
1756                         preorder_ctrl->indicate_seq =
1757                                 (preorder_ctrl->indicate_seq + 1) % 4096;
1758                         return _SUCCESS;
1759                 }
1760         } else if (pattrib->amsdu == 1) { /* temp filter -> means didn't support A-MSDUs in a A-MPDU */
1761                 if (!preorder_ctrl->enable) {
1762                         preorder_ctrl->indicate_seq = pattrib->seq_num;
1763                         retval = amsdu_to_msdu(padapter, prframe);
1764 
1765                         preorder_ctrl->indicate_seq =
1766                                 (preorder_ctrl->indicate_seq + 1) % 4096;
1767                         return retval;
1768                 }
1769         }
1770 
1771         spin_lock_bh(&ppending_recvframe_queue->lock);
1772 
1773         RT_TRACE(_module_rtl871x_recv_c_, _drv_notice_,
1774                  ("%s: indicate=%d seq=%d\n", __func__,
1775                   preorder_ctrl->indicate_seq, pattrib->seq_num));
1776 
1777         /* s2. check if winstart_b(indicate_seq) needs to been updated */
1778         if (!check_indicate_seq(preorder_ctrl, pattrib->seq_num)) {
1779                 rtw_recv_indicatepkt(padapter, prframe);
1780 
1781                 spin_unlock_bh(&ppending_recvframe_queue->lock);
1782 
1783                 goto _success_exit;
1784         }
1785 
1786         /* s3. Insert all packet into Reorder Queue to maintain its ordering. */
1787         if (!enqueue_reorder_recvframe(preorder_ctrl, prframe))
1788                 goto _err_exit;
1789 
1790         /* s4. */
1791         /*  Indication process. */
1792         /*  After Packet dropping and Sliding Window shifting as above, we can now just indicate the packets */
1793         /*  with the SeqNum smaller than latest WinStart and buffer other packets. */
1794         /*  */
1795         /*  For Rx Reorder condition: */
1796         /*  1. All packets with SeqNum smaller than WinStart => Indicate */
1797         /*  2. All packets with SeqNum larger than or equal to WinStart => Buffer it. */
1798         /*  */
1799 
1800         /* recv_indicatepkts_in_order(padapter, preorder_ctrl, true); */
1801         if (recv_indicatepkts_in_order(padapter, preorder_ctrl, false)) {
1802                 mod_timer(&preorder_ctrl->reordering_ctrl_timer,
1803                           jiffies + msecs_to_jiffies(REORDER_WAIT_TIME));
1804                 spin_unlock_bh(&ppending_recvframe_queue->lock);
1805         } else {
1806                 spin_unlock_bh(&ppending_recvframe_queue->lock);
1807                 del_timer_sync(&preorder_ctrl->reordering_ctrl_timer);
1808         }
1809 
1810 _success_exit:
1811 
1812         return _SUCCESS;
1813 
1814 _err_exit:
1815 
1816         spin_unlock_bh(&ppending_recvframe_queue->lock);
1817 
1818         return _FAIL;
1819 }
1820 
1821 void rtw_reordering_ctrl_timeout_handler(struct timer_list *t)
1822 {
1823         struct recv_reorder_ctrl *preorder_ctrl = from_timer(preorder_ctrl, t,
1824                                                            reordering_ctrl_timer);
1825         struct adapter *padapter = preorder_ctrl->padapter;
1826         struct __queue *ppending_recvframe_queue = &preorder_ctrl->pending_recvframe_queue;
1827 
1828         if (padapter->bDriverStopped || padapter->bSurpriseRemoved)
1829                 return;
1830 
1831         spin_lock_bh(&ppending_recvframe_queue->lock);
1832 
1833         if (recv_indicatepkts_in_order(padapter, preorder_ctrl, true))
1834                 mod_timer(&preorder_ctrl->reordering_ctrl_timer,
1835                           jiffies + msecs_to_jiffies(REORDER_WAIT_TIME));
1836 
1837         spin_unlock_bh(&ppending_recvframe_queue->lock);
1838 }
1839 
1840 static int process_recv_indicatepkts(struct adapter *padapter,
1841                                      struct recv_frame *prframe)
1842 {
1843         int retval = _SUCCESS;
1844         struct mlme_priv        *pmlmepriv = &padapter->mlmepriv;
1845         struct ht_priv  *phtpriv = &pmlmepriv->htpriv;
1846 
1847         if (phtpriv->ht_option) {  /* B/G/N Mode */
1848                 if (recv_indicatepkt_reorder(padapter, prframe) != _SUCCESS) {
1849                         /*  including perform A-MPDU Rx Ordering Buffer Control */
1850                         if ((!padapter->bDriverStopped) &&
1851                             (!padapter->bSurpriseRemoved)) {
1852                                 return _FAIL;
1853                         }
1854                 }
1855         } else { /* B/G mode */
1856                 retval = wlanhdr_to_ethhdr(prframe);
1857                 if (retval != _SUCCESS) {
1858                         RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("wlanhdr_to_ethhdr: drop pkt\n"));
1859                         return retval;
1860                 }
1861 
1862                 if ((!padapter->bDriverStopped) &&
1863                     (!padapter->bSurpriseRemoved)) {
1864                         /* indicate this recv_frame */
1865                         RT_TRACE(_module_rtl871x_recv_c_, _drv_notice_, ("@@@@ %s- recv_func recv_indicatepkt\n", __func__));
1866                         rtw_recv_indicatepkt(padapter, prframe);
1867                 } else {
1868                         RT_TRACE(_module_rtl871x_recv_c_, _drv_notice_, ("@@@@ %s- recv_func free_indicatepkt\n", __func__));
1869 
1870                         RT_TRACE(_module_rtl871x_recv_c_, _drv_notice_, ("recv_func:bDriverStopped(%d) OR bSurpriseRemoved(%d)", padapter->bDriverStopped, padapter->bSurpriseRemoved));
1871                         return _FAIL;
1872                 }
1873         }
1874 
1875         return retval;
1876 }
1877 
1878 static int recv_func_prehandle(struct adapter *padapter,
1879                                struct recv_frame *rframe)
1880 {
1881         int ret = _SUCCESS;
1882         struct __queue *pfree_recv_queue = &padapter->recvpriv.free_recv_queue;
1883 
1884         /* check the frame crtl field and decache */
1885         ret = validate_recv_frame(padapter, rframe);
1886         if (ret != _SUCCESS) {
1887                 RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("recv_func: validate_recv_frame fail! drop pkt\n"));
1888                 rtw_free_recvframe(rframe, pfree_recv_queue);/* free this recv_frame */
1889                 goto exit;
1890         }
1891 
1892 exit:
1893         return ret;
1894 }
1895 
1896 static int recv_func_posthandle(struct adapter *padapter,
1897                                 struct recv_frame *prframe)
1898 {
1899         int ret = _SUCCESS;
1900         struct recv_frame *orig_prframe = prframe;
1901         struct recv_priv *precvpriv = &padapter->recvpriv;
1902         struct __queue *pfree_recv_queue = &padapter->recvpriv.free_recv_queue;
1903 
1904         /*  DATA FRAME */
1905         led_control_8188eu(padapter, LED_CTL_RX);
1906 
1907         prframe = decryptor(padapter, prframe);
1908         if (!prframe) {
1909                 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("decryptor: drop pkt\n"));
1910                 ret = _FAIL;
1911                 goto _recv_data_drop;
1912         }
1913 
1914         prframe = recvframe_chk_defrag(padapter, prframe);
1915         if (!prframe) {
1916                 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("recvframe_chk_defrag: drop pkt\n"));
1917                 goto _recv_data_drop;
1918         }
1919 
1920         prframe = portctrl(padapter, prframe);
1921         if (!prframe) {
1922                 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("portctrl: drop pkt\n"));
1923                 ret = _FAIL;
1924                 goto _recv_data_drop;
1925         }
1926 
1927         count_rx_stats(padapter, prframe, NULL);
1928 
1929         ret = process_recv_indicatepkts(padapter, prframe);
1930         if (ret != _SUCCESS) {
1931                 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("recv_func: process_recv_indicatepkts fail!\n"));
1932                 rtw_free_recvframe(orig_prframe, pfree_recv_queue);/* free this recv_frame */
1933                 goto _recv_data_drop;
1934         }
1935         return ret;
1936 
1937 _recv_data_drop:
1938         precvpriv->rx_drop++;
1939         return ret;
1940 }
1941 
1942 static int recv_func(struct adapter *padapter, struct recv_frame *rframe)
1943 {
1944         int ret;
1945         struct rx_pkt_attrib *prxattrib = &rframe->attrib;
1946         struct security_priv *psecuritypriv = &padapter->securitypriv;
1947         struct mlme_priv *mlmepriv = &padapter->mlmepriv;
1948 
1949         /* check if need to handle uc_swdec_pending_queue*/
1950         if (check_fwstate(mlmepriv, WIFI_STATION_STATE) && psecuritypriv->busetkipkey) {
1951                 struct recv_frame *pending_frame;
1952 
1953                 while ((pending_frame = rtw_alloc_recvframe(&padapter->recvpriv.uc_swdec_pending_queue))) {
1954                         if (recv_func_posthandle(padapter, pending_frame) == _SUCCESS)
1955                                 DBG_88E("%s: dequeue uc_swdec_pending_queue\n", __func__);
1956                 }
1957         }
1958 
1959         ret = recv_func_prehandle(padapter, rframe);
1960 
1961         if (ret == _SUCCESS) {
1962                 /* check if need to enqueue into uc_swdec_pending_queue*/
1963                 if (check_fwstate(mlmepriv, WIFI_STATION_STATE) &&
1964                     !is_multicast_ether_addr(prxattrib->ra) &&
1965                     prxattrib->encrypt > 0 &&
1966                     prxattrib->bdecrypted == 0 &&
1967                     !is_wep_enc(psecuritypriv->dot11PrivacyAlgrthm) &&
1968                     !psecuritypriv->busetkipkey) {
1969                         rtw_enqueue_recvframe(rframe, &padapter->recvpriv.uc_swdec_pending_queue);
1970                         DBG_88E("%s: no key, enqueue uc_swdec_pending_queue\n", __func__);
1971                         goto exit;
1972                 }
1973 
1974                 ret = recv_func_posthandle(padapter, rframe);
1975         }
1976 
1977 exit:
1978         return ret;
1979 }
1980 
1981 s32 rtw_recv_entry(struct recv_frame *precvframe)
1982 {
1983         struct adapter *padapter;
1984         struct recv_priv *precvpriv;
1985         s32 ret = _SUCCESS;
1986 
1987         padapter = precvframe->adapter;
1988 
1989         precvpriv = &padapter->recvpriv;
1990 
1991         ret = recv_func(padapter, precvframe);
1992         if (ret == _FAIL) {
1993                 RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("%s: recv_func return fail!!!\n", __func__));
1994                 goto _recv_entry_drop;
1995         }
1996 
1997         precvpriv->rx_pkts++;
1998 
1999         return ret;
2000 
2001 _recv_entry_drop:
2002         return ret;
2003 }
2004 
2005 static void rtw_signal_stat_timer_hdl(struct timer_list *t)
2006 {
2007         struct adapter *adapter =
2008                 from_timer(adapter, t, recvpriv.signal_stat_timer);
2009         struct recv_priv *recvpriv = &adapter->recvpriv;
2010 
2011         u32 tmp_s, tmp_q;
2012         u8 avg_signal_strength = 0;
2013         u8 avg_signal_qual = 0;
2014         u8 _alpha = 3; /*  this value is based on converging_constant = 5000 and sampling_interval = 1000 */
2015 
2016         if (recvpriv->signal_strength_data.update_req == 0) {
2017                 /* update_req is clear, means we got rx */
2018                 avg_signal_strength = recvpriv->signal_strength_data.avg_val;
2019                 /* after avg_vals are acquired, we can re-stat the signal
2020                  * values
2021                  */
2022                 recvpriv->signal_strength_data.update_req = 1;
2023         }
2024 
2025         if (recvpriv->signal_qual_data.update_req == 0) {
2026                 /* update_req is clear, means we got rx */
2027                 avg_signal_qual = recvpriv->signal_qual_data.avg_val;
2028                 /* after avg_vals are acquired, we can re-stat the signal
2029                  * values
2030                  */
2031                 recvpriv->signal_qual_data.update_req = 1;
2032         }
2033 
2034         /* update value of signal_strength, rssi, signal_qual */
2035         if (!check_fwstate(&adapter->mlmepriv, _FW_UNDER_SURVEY)) {
2036                 tmp_s = avg_signal_strength +
2037                         (_alpha - 1) * recvpriv->signal_strength;
2038                 tmp_s = DIV_ROUND_UP(tmp_s, _alpha);
2039                 if (tmp_s > 100)
2040                         tmp_s = 100;
2041 
2042                 tmp_q = avg_signal_qual +
2043                         (_alpha - 1) * recvpriv->signal_qual;
2044                 tmp_q = DIV_ROUND_UP(tmp_q, _alpha);
2045                 if (tmp_q > 100)
2046                         tmp_q = 100;
2047 
2048                 recvpriv->signal_strength = tmp_s;
2049                 recvpriv->rssi = (s8)translate_percentage_to_dbm(tmp_s);
2050                 recvpriv->signal_qual = tmp_q;
2051         }
2052 
2053         rtw_set_signal_stat_timer(recvpriv);
2054 }