projects / GitHub / exynos8895 / android_kernel_samsung_universal8895.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
staging: rtl: fix possible NULL pointer dereference
[GitHub/exynos8895/android_kernel_samsung_universal8895.git] / drivers / staging / rtl8712 / rtl871x_recv.c
CommitLineData
2865d42c
LF		 1/******************************************************************************
2 * rtl871x_recv.c
3 *
4 * Copyright(c) 2007 - 2010 Realtek Corporation. All rights reserved.
5 * Linux device driver for RTL8192SU
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of version 2 of the GNU General Public License as
9 * published by the Free Software Foundation.
10 *
11 * This program is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 * more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
19 *
20 * Modifications for inclusion into the Linux staging tree are
21 * Copyright(c) 2010 Larry Finger. All rights reserved.
22 *
23 * Contact information:
24 * WLAN FAE <wlanfae@realtek.com>
25 * Larry Finger <Larry.Finger@lwfinger.net>
26 *
27 ******************************************************************************/
28
29#define _RTL871X_RECV_C_
30
20467825 31#include <linux/ip.h>
5d3da4a2 32#include <linux/slab.h>
be9a1204 33#include <linux/if_ether.h>
5d3da4a2 34#include <linux/kmemleak.h>
1e9ee6f7 35#include <linux/etherdevice.h>
5d3da4a2 36
2865d42c
LF		 37#include "osdep_service.h"
38#include "drv_types.h"
39#include "recv_osdep.h"
40#include "mlme_osdep.h"
2865d42c
LF		 41#include "ethernet.h"
42#include "usb_ops.h"
43#include "wifi.h"
44
45static const u8 SNAP_ETH_TYPE_IPX[2] = {0x81, 0x37};
46
47/* Datagram Delivery Protocol */
48static const u8 SNAP_ETH_TYPE_APPLETALK_AARP[2] = {0x80, 0xf3};
49
50/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
51static const u8 bridge_tunnel_header[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8};
52
53/* Ethernet-II snap header (RFC1042 for most EtherTypes) */
54static const u8 rfc1042_header[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
55
56void _r8712_init_sta_recv_priv(struct sta_recv_priv *psta_recvpriv)
57{
58 memset((u8 *)psta_recvpriv, 0, sizeof(struct sta_recv_priv));
59 spin_lock_init(&psta_recvpriv->lock);
60 _init_queue(&psta_recvpriv->defrag_q);
61}
62
63sint _r8712_init_recv_priv(struct recv_priv *precvpriv,
64 struct _adapter *padapter)
65{
66 sint i;
67 union recv_frame *precvframe;
68
69 memset((unsigned char *)precvpriv, 0, sizeof(struct recv_priv));
70 spin_lock_init(&precvpriv->lock);
71 _init_queue(&precvpriv->free_recv_queue);
72 _init_queue(&precvpriv->recv_pending_queue);
73 precvpriv->adapter = padapter;
74 precvpriv->free_recvframe_cnt = NR_RECVFRAME;
91d435fe 75 precvpriv->pallocated_frame_buf = kmalloc(NR_RECVFRAME *
57b6686e
TP		 76 sizeof(union recv_frame) + RXFRAME_ALIGN_SZ,
77 GFP_ATOMIC);
2865d42c
LF		 78 if (precvpriv->pallocated_frame_buf == NULL)
79 return _FAIL;
5d3da4a2 80 kmemleak_not_leak(precvpriv->pallocated_frame_buf);
2865d42c
LF		 81 memset(precvpriv->pallocated_frame_buf, 0, NR_RECVFRAME *
82 sizeof(union recv_frame) + RXFRAME_ALIGN_SZ);
83 precvpriv->precv_frame_buf = precvpriv->pallocated_frame_buf +
84 RXFRAME_ALIGN_SZ -
85 ((addr_t)(precvpriv->pallocated_frame_buf) &
4ef2de5a 86 (RXFRAME_ALIGN_SZ - 1));
2865d42c
LF		 87 precvframe = (union recv_frame *)precvpriv->precv_frame_buf;
88 for (i = 0; i < NR_RECVFRAME; i++) {
534c4acd 89 INIT_LIST_HEAD(&(precvframe->u.list));
fdfbf789 90 list_add_tail(&(precvframe->u.list),
2865d42c
LF		 91 &(precvpriv->free_recv_queue.queue));
92 r8712_os_recv_resource_alloc(padapter, precvframe);
93 precvframe->u.hdr.adapter = padapter;
94 precvframe++;
95 }
96 precvpriv->rx_pending_cnt = 1;
2865d42c
LF		 97 return r8712_init_recv_priv(precvpriv, padapter);
98}
99
100void _r8712_free_recv_priv(struct recv_priv *precvpriv)
101{
102 kfree(precvpriv->pallocated_frame_buf);
103 r8712_free_recv_priv(precvpriv);
104}
105
106union recv_frame *r8712_alloc_recvframe(struct __queue *pfree_recv_queue)
107{
108 unsigned long irqL;
109 union recv_frame *precvframe;
110 struct list_head *plist, *phead;
111 struct _adapter *padapter;
112 struct recv_priv *precvpriv;
113
114 spin_lock_irqsave(&pfree_recv_queue->lock, irqL);
168a2c10 115 if (list_empty(&pfree_recv_queue->queue)) {
2865d42c 116 precvframe = NULL;
168a2c10 117 } else {
e99a428a 118 phead = &pfree_recv_queue->queue;
849fb0a8 119 plist = phead->next;
2865d42c 120 precvframe = LIST_CONTAINOR(plist, union recv_frame, u);
29197b7c 121 list_del_init(&precvframe->u.hdr.list);
2865d42c
LF		 122 padapter = precvframe->u.hdr.adapter;
123 if (padapter != NULL) {
124 precvpriv = &padapter->recvpriv;
125 if (pfree_recv_queue == &precvpriv->free_recv_queue)
126 precvpriv->free_recvframe_cnt--;
127 }
128 }
129 spin_unlock_irqrestore(&pfree_recv_queue->lock, irqL);
130 return precvframe;
131}
132
2865d42c
LF		 133/*
134caller : defrag; recvframe_chk_defrag in recv_thread (passive)
135pframequeue: defrag_queue : will be accessed in recv_thread (passive)
136
137using spin_lock to protect
138
139*/
140
141void r8712_free_recvframe_queue(struct __queue *pframequeue,
142 struct __queue *pfree_recv_queue)
143{
144 union recv_frame *precvframe;
145 struct list_head *plist, *phead;
146
147 spin_lock(&pframequeue->lock);
e99a428a 148 phead = &pframequeue->queue;
849fb0a8 149 plist = phead->next;
1ca96884 150 while (!end_of_queue_search(phead, plist)) {
2865d42c 151 precvframe = LIST_CONTAINOR(plist, union recv_frame, u);
849fb0a8 152 plist = plist->next;
2865d42c
LF		 153 r8712_free_recvframe(precvframe, pfree_recv_queue);
154 }
155 spin_unlock(&pframequeue->lock);
156}
157
158sint r8712_recvframe_chkmic(struct _adapter *adapter,
159 union recv_frame *precvframe)
160{
161 sint i, res = _SUCCESS;
162 u32 datalen;
163 u8 miccode[8];
164 u8 bmic_err = false;
165 u8 *pframe, *payload, *pframemic;
166 u8 *mickey, idx, *iv;
167 struct sta_info *stainfo;
168 struct rx_pkt_attrib *prxattrib = &precvframe->u.hdr.attrib;
169 struct security_priv *psecuritypriv = &adapter->securitypriv;
170
171 stainfo = r8712_get_stainfo(&adapter->stapriv, &prxattrib->ta[0]);
172 if (prxattrib->encrypt == _TKIP_) {
173 /* calculate mic code */
174 if (stainfo != NULL) {
175 if (IS_MCAST(prxattrib->ra)) {
176 iv = precvframe->u.hdr.rx_data +
177 prxattrib->hdrlen;
178 idx = iv[3];
179 mickey = &psecuritypriv->XGrprxmickey[(((idx >>
180 6) & 0x3)) - 1].skey[0];
1ca96884 181 if (!psecuritypriv->binstallGrpkey)
2865d42c 182 return _FAIL;
168a2c10 183 } else {
2865d42c 184 mickey = &stainfo->tkiprxmickey.skey[0];
168a2c10 185 }
2865d42c
LF		 186 /*icv_len included the mic code*/
187 datalen = precvframe->u.hdr.len - prxattrib->hdrlen -
188 prxattrib->iv_len - prxattrib->icv_len - 8;
189 pframe = precvframe->u.hdr.rx_data;
190 payload = pframe + prxattrib->hdrlen +
191 prxattrib->iv_len;
192 seccalctkipmic(mickey, pframe, payload, datalen,
193 &miccode[0],
194 (unsigned char)prxattrib->priority);
195 pframemic = payload + datalen;
196 bmic_err = false;
197 for (i = 0; i < 8; i++) {
198 if (miccode[i] != *(pframemic + i))
199 bmic_err = true;
200 }
1ca96884
LB		 201 if (bmic_err) {
202 if (prxattrib->bdecrypted)
2865d42c
LF		 203 r8712_handle_tkip_mic_err(adapter,
204 (u8)IS_MCAST(prxattrib->ra));
205 res = _FAIL;
206 } else {
207 /* mic checked ok */
1ca96884
LB		 208 if (!psecuritypriv->bcheck_grpkey &&
209 IS_MCAST(prxattrib->ra))
2865d42c
LF		 210 psecuritypriv->bcheck_grpkey = true;
211 }
212 recvframe_pull_tail(precvframe, 8);
213 }
214 }
215 return res;
216}
217
218/* decrypt and set the ivlen,icvlen of the recv_frame */
219union recv_frame *r8712_decryptor(struct _adapter *padapter,
220 union recv_frame *precv_frame)
221{
222 struct rx_pkt_attrib *prxattrib = &precv_frame->u.hdr.attrib;
223 struct security_priv *psecuritypriv = &padapter->securitypriv;
224 union recv_frame *return_packet = precv_frame;
225
226 if ((prxattrib->encrypt > 0) && ((prxattrib->bdecrypted == 0) ||
1ca96884 227 psecuritypriv->sw_decrypt)) {
2865d42c
LF		 228 psecuritypriv->hw_decrypted = false;
229 switch (prxattrib->encrypt) {
230 case _WEP40_:
231 case _WEP104_:
232 r8712_wep_decrypt(padapter, (u8 *)precv_frame);
233 break;
234 case _TKIP_:
235 r8712_tkip_decrypt(padapter, (u8 *)precv_frame);
236 break;
237 case _AES_:
238 r8712_aes_decrypt(padapter, (u8 *)precv_frame);
239 break;
240 default:
241 break;
242 }
168a2c10 243 } else if (prxattrib->bdecrypted == 1) {
2865d42c 244 psecuritypriv->hw_decrypted = true;
168a2c10 245 }
2865d42c
LF		 246 return return_packet;
247}
248/*###set the security information in the recv_frame */
249union recv_frame *r8712_portctrl(struct _adapter *adapter,
250 union recv_frame *precv_frame)
251{
252 u8 *psta_addr, *ptr;
253 uint auth_alg;
254 struct recv_frame_hdr *pfhdr;
255 struct sta_info *psta;
256 struct sta_priv *pstapriv;
257 union recv_frame *prtnframe;
f764cd68 258 u16 ether_type;
2865d42c
LF		 259
260 pstapriv = &adapter->stapriv;
261 ptr = get_recvframe_data(precv_frame);
262 pfhdr = &precv_frame->u.hdr;
263 psta_addr = pfhdr->attrib.ta;
264 psta = r8712_get_stainfo(pstapriv, psta_addr);
265 auth_alg = adapter->securitypriv.AuthAlgrthm;
266 if (auth_alg == 2) {
f764cd68
LF		 267 /* get ether_type */
268 ptr = ptr + pfhdr->attrib.hdrlen + LLC_HEADER_SIZE;
269 memcpy(&ether_type, ptr, 2);
270 ether_type = ntohs((unsigned short)ether_type);
271
2865d42c
LF		 272 if ((psta != NULL) && (psta->ieee8021x_blocked)) {
273 /* blocked
274 * only accept EAPOL frame */
168a2c10 275 if (ether_type == 0x888e) {
2865d42c 276 prtnframe = precv_frame;
168a2c10 277 } else {
2865d42c
LF		 278 /*free this frame*/
279 r8712_free_recvframe(precv_frame,
280 &adapter->recvpriv.free_recv_queue);
281 prtnframe = NULL;
282 }
283 } else {
284 /* allowed
285 * check decryption status, and decrypt the
286 * frame if needed */
287 prtnframe = precv_frame;
288 /* check is the EAPOL frame or not (Rekey) */
289 if (ether_type == 0x888e) {
290 /* check Rekey */
291 prtnframe = precv_frame;
292 }
293 }
168a2c10 294 } else {
2865d42c 295 prtnframe = precv_frame;
168a2c10 296 }
2865d42c
LF		 297 return prtnframe;
298}
299
16e53729 300static sint recv_decache(union recv_frame *precv_frame, u8 bretry,
2865d42c
LF		 301 struct stainfo_rxcache *prxcache)
302{
303 sint tid = precv_frame->u.hdr.attrib.priority;
4ef2de5a 304 u16 seq_ctrl = ((precv_frame->u.hdr.attrib.seq_num & 0xffff) << 4) |
2865d42c
LF		 305 (precv_frame->u.hdr.attrib.frag_num & 0xf);
306
307 if (tid > 15)
308 return _FAIL;
309 if (seq_ctrl == prxcache->tid_rxseq[tid])
310 return _FAIL;
311 prxcache->tid_rxseq[tid] = seq_ctrl;
312 return _SUCCESS;
313}
314
2657c30e
JM		 315static sint sta2sta_data_frame(struct _adapter *adapter,
316 union recv_frame *precv_frame,
317 struct sta_info **psta)
2865d42c
LF		 318{
319 u8 *ptr = precv_frame->u.hdr.rx_data;
320 sint ret = _SUCCESS;
321 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
322 struct sta_priv *pstapriv = &adapter->stapriv;
323 struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
324 u8 *mybssid = get_bssid(pmlmepriv);
325 u8 *myhwaddr = myid(&adapter->eeprompriv);
326 u8 *sta_addr = NULL;
327 sint bmcast = IS_MCAST(pattrib->dst);
328
1ca96884
LB		 329 if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) ||
330 check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) {
2865d42c
LF		 331 /* filter packets that SA is myself or multicast or broadcast */
332 if (!memcmp(myhwaddr, pattrib->src, ETH_ALEN))
333 return _FAIL;
334 if ((memcmp(myhwaddr, pattrib->dst, ETH_ALEN)) && (!bmcast))
335 return _FAIL;
1e9ee6f7
WY		 336 if (is_zero_ether_addr(pattrib->bssid) ||
337 is_zero_ether_addr(mybssid) ||
2865d42c
LF		 338 (memcmp(pattrib->bssid, mybssid, ETH_ALEN)))
339 return _FAIL;
340 sta_addr = pattrib->src;
1ca96884 341 } else if (check_fwstate(pmlmepriv, WIFI_STATION_STATE)) {
2865d42c
LF		 342 /* For Station mode, sa and bssid should always be BSSID,
343 * and DA is my mac-address */
344 if (memcmp(pattrib->bssid, pattrib->src, ETH_ALEN))
345 return _FAIL;
346 sta_addr = pattrib->bssid;
168a2c10 347 } else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
2865d42c
LF		 348 if (bmcast) {
349 /* For AP mode, if DA == MCAST, then BSSID should
350 * be also MCAST */
351 if (!IS_MCAST(pattrib->bssid))
352 return _FAIL;
353 } else { /* not mc-frame */
354 /* For AP mode, if DA is non-MCAST, then it must be
355 * BSSID, and bssid == BSSID */
356 if (memcmp(pattrib->bssid, pattrib->dst, ETH_ALEN))
357 return _FAIL;
358 sta_addr = pattrib->src;
359 }
168a2c10 360 } else if (check_fwstate(pmlmepriv, WIFI_MP_STATE)) {
2865d42c
LF		 361 memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
362 memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
363 memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
364 memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
365 memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
366 sta_addr = mybssid;
168a2c10 367 } else {
2865d42c 368 ret = _FAIL;
168a2c10 369 }
2865d42c
LF		 370 if (bmcast)
371 *psta = r8712_get_bcmc_stainfo(adapter);
372 else
373 *psta = r8712_get_stainfo(pstapriv, sta_addr); /* get ap_info */
374 if (*psta == NULL) {
1ca96884 375 if (check_fwstate(pmlmepriv, WIFI_MP_STATE))
2865d42c
LF		 376 adapter->mppriv.rx_pktloss++;
377 return _FAIL;
378 }
379 return ret;
380}
381
2657c30e
JM		 382static sint ap2sta_data_frame(struct _adapter *adapter,
383 union recv_frame *precv_frame,
384 struct sta_info **psta)
2865d42c
LF		 385{
386 u8 *ptr = precv_frame->u.hdr.rx_data;
387 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
388 struct sta_priv *pstapriv = &adapter->stapriv;
389 struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
390 u8 *mybssid = get_bssid(pmlmepriv);
391 u8 *myhwaddr = myid(&adapter->eeprompriv);
392 sint bmcast = IS_MCAST(pattrib->dst);
393
1ca96884
LB		 394 if (check_fwstate(pmlmepriv, WIFI_STATION_STATE) &&
395 check_fwstate(pmlmepriv, _FW_LINKED)) {
2865d42c
LF		 396 /* if NULL-frame, drop packet */
397 if ((GetFrameSubType(ptr)) == WIFI_DATA_NULL)
398 return _FAIL;
399 /* drop QoS-SubType Data, including QoS NULL,
400 * excluding QoS-Data */
401 if ((GetFrameSubType(ptr) & WIFI_QOS_DATA_TYPE) ==
402 WIFI_QOS_DATA_TYPE) {
403 if (GetFrameSubType(ptr) & (BIT(4) | BIT(5) | BIT(6)))
404 return _FAIL;
405 }
406
407 /* filter packets that SA is myself or multicast or broadcast */
408 if (!memcmp(myhwaddr, pattrib->src, ETH_ALEN))
409 return _FAIL;
410
411 /* da should be for me */
412 if ((memcmp(myhwaddr, pattrib->dst, ETH_ALEN)) && (!bmcast))
413 return _FAIL;
414 /* check BSSID */
1e9ee6f7
WY		 415 if (is_zero_ether_addr(pattrib->bssid) ||
416 is_zero_ether_addr(mybssid) ||
2865d42c
LF		 417 (memcmp(pattrib->bssid, mybssid, ETH_ALEN)))
418 return _FAIL;
419 if (bmcast)
420 *psta = r8712_get_bcmc_stainfo(adapter);
421 else
422 *psta = r8712_get_stainfo(pstapriv, pattrib->bssid);
423 if (*psta == NULL)
424 return _FAIL;
1ca96884
LB		 425 } else if (check_fwstate(pmlmepriv, WIFI_MP_STATE) &&
426 check_fwstate(pmlmepriv, _FW_LINKED)) {
2865d42c
LF		 427 memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
428 memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
429 memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
430 memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
431 memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
432 memcpy(pattrib->bssid, mybssid, ETH_ALEN);
433 *psta = r8712_get_stainfo(pstapriv, pattrib->bssid);
434 if (*psta == NULL)
435 return _FAIL;
168a2c10 436 } else {
2865d42c 437 return _FAIL;
168a2c10 438 }
2865d42c
LF		 439 return _SUCCESS;
440}
441
2657c30e
JM		 442static sint sta2ap_data_frame(struct _adapter *adapter,
443 union recv_frame *precv_frame,
444 struct sta_info **psta)
2865d42c
LF		 445{
446 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
447 struct sta_priv *pstapriv = &adapter->stapriv;
448 struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
449 unsigned char *mybssid = get_bssid(pmlmepriv);
450
1ca96884 451 if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
2865d42c
LF		 452 /* For AP mode, if DA is non-MCAST, then it must be BSSID,
453 * and bssid == BSSID
454 * For AP mode, RA=BSSID, TX=STA(SRC_ADDR), A3=DST_ADDR */
455 if (memcmp(pattrib->bssid, mybssid, ETH_ALEN))
456 return _FAIL;
457 *psta = r8712_get_stainfo(pstapriv, pattrib->src);
458 if (*psta == NULL)
459 return _FAIL;
460 }
461 return _SUCCESS;
462}
463
16e53729 464static sint validate_recv_ctrl_frame(struct _adapter *adapter,
2865d42c
LF		 465 union recv_frame *precv_frame)
466{
467 return _FAIL;
468}
469
16e53729 470static sint validate_recv_mgnt_frame(struct _adapter *adapter,
2865d42c
LF		 471 union recv_frame *precv_frame)
472{
473 return _FAIL;
474}
475
476
16e53729 477static sint validate_recv_data_frame(struct _adapter *adapter,
2865d42c
LF		 478 union recv_frame *precv_frame)
479{
480 int res;
481 u8 bretry;
482 u8 *psa, *pda, *pbssid;
483 struct sta_info *psta = NULL;
484 u8 *ptr = precv_frame->u.hdr.rx_data;
485 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
486 struct security_priv *psecuritypriv = &adapter->securitypriv;
487
488 bretry = GetRetry(ptr);
489 pda = get_da(ptr);
490 psa = get_sa(ptr);
491 pbssid = get_hdr_bssid(ptr);
492 if (pbssid == NULL)
493 return _FAIL;
494 memcpy(pattrib->dst, pda, ETH_ALEN);
495 memcpy(pattrib->src, psa, ETH_ALEN);
496 memcpy(pattrib->bssid, pbssid, ETH_ALEN);
497 switch (pattrib->to_fr_ds) {
498 case 0:
499 memcpy(pattrib->ra, pda, ETH_ALEN);
500 memcpy(pattrib->ta, psa, ETH_ALEN);
501 res = sta2sta_data_frame(adapter, precv_frame, &psta);
502 break;
503 case 1:
504 memcpy(pattrib->ra, pda, ETH_ALEN);
505 memcpy(pattrib->ta, pbssid, ETH_ALEN);
506 res = ap2sta_data_frame(adapter, precv_frame, &psta);
507 break;
508 case 2:
509 memcpy(pattrib->ra, pbssid, ETH_ALEN);
510 memcpy(pattrib->ta, psa, ETH_ALEN);
511 res = sta2ap_data_frame(adapter, precv_frame, &psta);
512 break;
513 case 3:
514 memcpy(pattrib->ra, GetAddr1Ptr(ptr), ETH_ALEN);
515 memcpy(pattrib->ta, GetAddr2Ptr(ptr), ETH_ALEN);
516 return _FAIL;
517 default:
518 return _FAIL;
519 }
520 if (res == _FAIL)
521 return _FAIL;
522 if (psta == NULL)
523 return _FAIL;
da077689 524 precv_frame->u.hdr.psta = psta;
2865d42c
LF		 525 pattrib->amsdu = 0;
526 /* parsing QC field */
527 if (pattrib->qos == 1) {
528 pattrib->priority = GetPriority((ptr + 24));
529 pattrib->ack_policy = GetAckpolicy((ptr + 24));
530 pattrib->amsdu = GetAMsdu((ptr + 24));
531 pattrib->hdrlen = pattrib->to_fr_ds == 3 ? 32 : 26;
532 } else {
533 pattrib->priority = 0;
534 pattrib->hdrlen = (pattrib->to_fr_ds == 3) ? 30 : 24;
535 }
536
537 if (pattrib->order)/*HT-CTRL 11n*/
538 pattrib->hdrlen += 4;
539 precv_frame->u.hdr.preorder_ctrl =
540 &psta->recvreorder_ctrl[pattrib->priority];
541
542 /* decache, drop duplicate recv packets */
543 if (recv_decache(precv_frame, bretry, &psta->sta_recvpriv.rxcache) ==
544 _FAIL)
545 return _FAIL;
546
547 if (pattrib->privacy) {
548 GET_ENCRY_ALGO(psecuritypriv, psta, pattrib->encrypt,
549 IS_MCAST(pattrib->ra));
550 SET_ICE_IV_LEN(pattrib->iv_len, pattrib->icv_len,
551 pattrib->encrypt);
552 } else {
553 pattrib->encrypt = 0;
554 pattrib->iv_len = pattrib->icv_len = 0;
555 }
556 return _SUCCESS;
557}
558
559sint r8712_validate_recv_frame(struct _adapter *adapter,
560 union recv_frame *precv_frame)
561{
562 /*shall check frame subtype, to / from ds, da, bssid */
563 /*then call check if rx seq/frag. duplicated.*/
564
565 u8 type;
566 u8 subtype;
567 sint retval = _SUCCESS;
568 struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
569
570 u8 *ptr = precv_frame->u.hdr.rx_data;
571 u8 ver = (unsigned char)(*ptr) & 0x3;
572
573 /*add version chk*/
574 if (ver != 0)
575 return _FAIL;
576 type = GetFrameType(ptr);
577 subtype = GetFrameSubType(ptr); /*bit(7)~bit(2)*/
578 pattrib->to_fr_ds = get_tofr_ds(ptr);
579 pattrib->frag_num = GetFragNum(ptr);
580 pattrib->seq_num = GetSequence(ptr);
581 pattrib->pw_save = GetPwrMgt(ptr);
582 pattrib->mfrag = GetMFrag(ptr);
583 pattrib->mdata = GetMData(ptr);
584 pattrib->privacy = GetPrivacy(ptr);
585 pattrib->order = GetOrder(ptr);
586 switch (type) {
587 case WIFI_MGT_TYPE: /*mgnt*/
588 retval = validate_recv_mgnt_frame(adapter, precv_frame);
589 break;
590 case WIFI_CTRL_TYPE:/*ctrl*/
591 retval = validate_recv_ctrl_frame(adapter, precv_frame);
592 break;
593 case WIFI_DATA_TYPE: /*data*/
594 pattrib->qos = (subtype & BIT(7)) ? 1 : 0;
595 retval = validate_recv_data_frame(adapter, precv_frame);
596 break;
597 default:
598 return _FAIL;
599 }
600 return retval;
601}
602
603sint r8712_wlanhdr_to_ethhdr(union recv_frame *precvframe)
604{
605 /*remove the wlanhdr and add the eth_hdr*/
606 sint rmv_len;
e29d3ebc 607 u16 len;
2865d42c
LF		 608 u8 bsnaphdr;
609 u8 *psnap_type;
610 struct ieee80211_snap_hdr *psnap;
2865d42c
LF		 611 struct _adapter *adapter = precvframe->u.hdr.adapter;
612 struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
613
614 u8 *ptr = get_recvframe_data(precvframe); /*point to frame_ctrl field*/
615 struct rx_pkt_attrib *pattrib = &precvframe->u.hdr.attrib;
616
617 if (pattrib->encrypt)
618 recvframe_pull_tail(precvframe, pattrib->icv_len);
619 psnap = (struct ieee80211_snap_hdr *)(ptr + pattrib->hdrlen +
620 pattrib->iv_len);
621 psnap_type = ptr + pattrib->hdrlen + pattrib->iv_len + SNAP_SIZE;
622 /* convert hdr + possible LLC headers into Ethernet header */
623 if ((!memcmp(psnap, (void *)rfc1042_header, SNAP_SIZE) &&
624 (memcmp(psnap_type, (void *)SNAP_ETH_TYPE_IPX, 2)) &&
625 (memcmp(psnap_type, (void *)SNAP_ETH_TYPE_APPLETALK_AARP, 2))) ||
626 !memcmp(psnap, (void *)bridge_tunnel_header, SNAP_SIZE)) {
627 /* remove RFC1042 or Bridge-Tunnel encapsulation and
628 * replace EtherType */
629 bsnaphdr = true;
630 } else {
631 /* Leave Ethernet header part of hdr and full payload */
632 bsnaphdr = false;
633 }
634 rmv_len = pattrib->hdrlen + pattrib->iv_len +
635 (bsnaphdr ? SNAP_SIZE : 0);
636 len = precvframe->u.hdr.len - rmv_len;
1ca96884 637 if (check_fwstate(pmlmepriv, WIFI_MP_STATE)) {
2865d42c
LF		 638 ptr += rmv_len;
639 *ptr = 0x87;
4ef2de5a 640 *(ptr + 1) = 0x12;
2865d42c
LF		 641 /* append rx status for mp test packets */
642 ptr = recvframe_pull(precvframe, (rmv_len -
643 sizeof(struct ethhdr) + 2) - 24);
272d60bf
AB		 644 if (!ptr)
645 return _FAIL;
2865d42c
LF		 646 memcpy(ptr, get_rxmem(precvframe), 24);
647 ptr += 24;
272d60bf 648 } else {
2865d42c
LF		 649 ptr = recvframe_pull(precvframe, (rmv_len -
650 sizeof(struct ethhdr) + (bsnaphdr ? 2 : 0)));
272d60bf
AB		 651 if (!ptr)
652 return _FAIL;
653 }
2865d42c
LF		 654
655 memcpy(ptr, pattrib->dst, ETH_ALEN);
4ef2de5a 656 memcpy(ptr + ETH_ALEN, pattrib->src, ETH_ALEN);
2865d42c
LF		 657 if (!bsnaphdr) {
658 len = htons(len);
659 memcpy(ptr + 12, &len, 2);
660 }
8ffca9ea 661 return _SUCCESS;
2865d42c
LF		 662}
663
664s32 r8712_recv_entry(union recv_frame *precvframe)
665{
666 struct _adapter *padapter;
667 struct recv_priv *precvpriv;
2865d42c 668
2865d42c 669 s32 ret = _SUCCESS;
2865d42c
LF		 670
671 padapter = precvframe->u.hdr.adapter;
2865d42c 672 precvpriv = &(padapter->recvpriv);
2865d42c
LF		 673
674 padapter->ledpriv.LedControlHandler(padapter, LED_CTL_RX);
675
676 ret = recv_func(padapter, precvframe);
677 if (ret == _FAIL)
678 goto _recv_entry_drop;
679 precvpriv->rx_pkts++;
680 precvpriv->rx_bytes += (uint)(precvframe->u.hdr.rx_tail -
681 precvframe->u.hdr.rx_data);
682 return ret;
683_recv_entry_drop:
684 precvpriv->rx_drop++;
685 padapter->mppriv.rx_pktloss = precvpriv->rx_drop;
686 return ret;
687}