1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* Original code based Host AP (software wireless LAN access point) driver
4	* for Intersil Prism2/2.5/3 - hostap.o module, common routines
5	*
6	* Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen
7	* <jkmaline@cc.hut.fi>
8	* Copyright (c) 2002-2003, Jouni Malinen <jkmaline@cc.hut.fi>
9	* Copyright (c) 2004, Intel Corporation
10	*
11	* Few modifications for Realtek's Wi-Fi drivers by
12	* Andrea Merello <andrea.merello@gmail.com>
13	*
14	* A special thanks goes to Realtek for their support !
15	*/
16	#include <linux/compiler.h>
17	#include <linux/errno.h>
18	#include <linux/if_arp.h>
19	#include <linux/in6.h>
20	#include <linux/in.h>
21	#include <linux/ip.h>
22	#include <linux/kernel.h>
23	#include <linux/module.h>
24	#include <linux/netdevice.h>
25	#include <linux/pci.h>
26	#include <linux/proc_fs.h>
27	#include <linux/skbuff.h>
28	#include <linux/slab.h>
29	#include <linux/tcp.h>
30	#include <linux/types.h>
31	#include <linux/wireless.h>
32	#include <linux/etherdevice.h>
33	#include <linux/uaccess.h>
34	#include <linux/ctype.h>
35
36	#include "rtllib.h"
37	#include "dot11d.h"
38
39	static void rtllib_rx_mgt(struct rtllib_device *ieee, struct sk_buff *skb,
40	struct rtllib_rx_stats *stats);
41
42	static inline void rtllib_monitor_rx(struct rtllib_device *ieee,
43	struct sk_buff *skb,
44	struct rtllib_rx_stats *rx_status,
45	size_t hdr_length)
46	{
47	skb->dev = ieee->dev;
48	skb_reset_mac_header(skb);
49	skb_pull(skb, len: hdr_length);
50	skb->pkt_type = PACKET_OTHERHOST;
51	skb->protocol = htons(ETH_P_80211_RAW);
52	memset(skb->cb, 0, sizeof(skb->cb));
53	netif_rx(skb);
54	}
55
56	/* Called only as a tasklet (software IRQ) */
57	static struct rtllib_frag_entry *
58	rtllib_frag_cache_find(struct rtllib_device *ieee, unsigned int seq,
59	unsigned int frag, u8 tid, u8 *src, u8 *dst)
60	{
61	struct rtllib_frag_entry *entry;
62	int i;
63
64	for (i = 0; i < RTLLIB_FRAG_CACHE_LEN; i++) {
65	entry = &ieee->frag_cache[tid][i];
66	if (entry->skb &&
67	time_after(jiffies, entry->first_frag_time + 2 * HZ)) {
68	netdev_dbg(ieee->dev,
69	"expiring fragment cache entry seq=%u last_frag=%u\n",
70	entry->seq, entry->last_frag);
71	dev_kfree_skb_any(skb: entry->skb);
72	entry->skb = NULL;
73	}
74
75	if (entry->skb && entry->seq == seq &&
76	(entry->last_frag + 1 == frag || frag == -1) &&
77	memcmp(p: entry->src_addr, q: src, ETH_ALEN) == 0 &&
78	memcmp(p: entry->dst_addr, q: dst, ETH_ALEN) == 0)
79	return entry;
80	}
81
82	return NULL;
83	}
84
85	/* Called only as a tasklet (software IRQ) */
86	static struct sk_buff *
87	rtllib_frag_cache_get(struct rtllib_device *ieee,
88	struct ieee80211_hdr *hdr)
89	{
90	struct sk_buff *skb = NULL;
91	u16 fc = le16_to_cpu(hdr->frame_control);
92	u16 sc = le16_to_cpu(hdr->seq_ctrl);
93	unsigned int frag = WLAN_GET_SEQ_FRAG(sc);
94	unsigned int seq = WLAN_GET_SEQ_SEQ(sc);
95	struct rtllib_frag_entry *entry;
96	struct ieee80211_qos_hdr *hdr_3addrqos;
97	struct ieee80211_qos_hdr_4addr *hdr_4addrqos;
98	u8 tid;
99
100	if (ieee80211_has_a4(fc: hdr->frame_control) &&
101	RTLLIB_QOS_HAS_SEQ(fc)) {
102	hdr_4addrqos = (struct ieee80211_qos_hdr_4addr *)hdr;
103	tid = le16_to_cpu(hdr_4addrqos->qos_ctrl) & RTLLIB_QCTL_TID;
104	tid = UP2AC(tid);
105	tid++;
106	} else if (RTLLIB_QOS_HAS_SEQ(fc)) {
107	hdr_3addrqos = (struct ieee80211_qos_hdr *)hdr;
108	tid = le16_to_cpu(hdr_3addrqos->qos_ctrl) & RTLLIB_QCTL_TID;
109	tid = UP2AC(tid);
110	tid++;
111	} else {
112	tid = 0;
113	}
114
115	if (frag == 0) {
116	/* Reserve enough space to fit maximum frame length */
117	skb = dev_alloc_skb(length: ieee->dev->mtu +
118	sizeof(struct ieee80211_hdr) +
119	8 /* LLC */ +
120	2 /* alignment */ +
121	8 /* WEP */ +
122	ETH_ALEN /* WDS */ +
123	/* QOS Control */
124	(RTLLIB_QOS_HAS_SEQ(fc) ? 2 : 0));
125	if (!skb)
126	return NULL;
127
128	entry = &ieee->frag_cache[tid][ieee->frag_next_idx[tid]];
129	ieee->frag_next_idx[tid]++;
130	if (ieee->frag_next_idx[tid] >= RTLLIB_FRAG_CACHE_LEN)
131	ieee->frag_next_idx[tid] = 0;
132
133	if (entry->skb)
134	dev_kfree_skb_any(skb: entry->skb);
135
136	entry->first_frag_time = jiffies;
137	entry->seq = seq;
138	entry->last_frag = frag;
139	entry->skb = skb;
140	ether_addr_copy(dst: entry->src_addr, src: hdr->addr2);
141	ether_addr_copy(dst: entry->dst_addr, src: hdr->addr1);
142	} else {
143	/* received a fragment of a frame for which the head fragment
144	* should have already been received
145	*/
146	entry = rtllib_frag_cache_find(ieee, seq, frag, tid, src: hdr->addr2,
147	dst: hdr->addr1);
148	if (entry) {
149	entry->last_frag = frag;
150	skb = entry->skb;
151	}
152	}
153
154	return skb;
155	}
156
157	/* Called only as a tasklet (software IRQ) */
158	static int rtllib_frag_cache_invalidate(struct rtllib_device *ieee,
159	struct ieee80211_hdr *hdr)
160	{
161	u16 fc = le16_to_cpu(hdr->frame_control);
162	u16 sc = le16_to_cpu(hdr->seq_ctrl);
163	unsigned int seq = WLAN_GET_SEQ_SEQ(sc);
164	struct rtllib_frag_entry *entry;
165	struct ieee80211_qos_hdr *hdr_3addrqos;
166	struct ieee80211_qos_hdr_4addr *hdr_4addrqos;
167	u8 tid;
168
169	if (ieee80211_has_a4(fc: hdr->frame_control) &&
170	RTLLIB_QOS_HAS_SEQ(fc)) {
171	hdr_4addrqos = (struct ieee80211_qos_hdr_4addr *)hdr;
172	tid = le16_to_cpu(hdr_4addrqos->qos_ctrl) & RTLLIB_QCTL_TID;
173	tid = UP2AC(tid);
174	tid++;
175	} else if (RTLLIB_QOS_HAS_SEQ(fc)) {
176	hdr_3addrqos = (struct ieee80211_qos_hdr *)hdr;
177	tid = le16_to_cpu(hdr_3addrqos->qos_ctrl) & RTLLIB_QCTL_TID;
178	tid = UP2AC(tid);
179	tid++;
180	} else {
181	tid = 0;
182	}
183
184	entry = rtllib_frag_cache_find(ieee, seq, frag: -1, tid, src: hdr->addr2,
185	dst: hdr->addr1);
186
187	if (!entry) {
188	netdev_dbg(ieee->dev,
189	"Couldn't invalidate fragment cache entry (seq=%u)\n",
190	seq);
191	return -1;
192	}
193
194	entry->skb = NULL;
195	return 0;
196	}
197
198	/* rtllib_rx_frame_mgtmt
199	*
200	* Responsible for handling management control frames
201	*
202	* Called by rtllib_rx
203	*/
204	static inline int
205	rtllib_rx_frame_mgmt(struct rtllib_device *ieee, struct sk_buff *skb,
206	struct rtllib_rx_stats *rx_stats, u16 type,
207	u16 stype)
208	{
209	/* On the struct stats definition there is written that
210	* this is not mandatory.... but seems that the probe
211	* response parser uses it
212	*/
213	struct ieee80211_hdr_3addr *hdr = (struct ieee80211_hdr_3addr *)skb->data;
214
215	rx_stats->len = skb->len;
216	rtllib_rx_mgt(ieee, skb, stats: rx_stats);
217	if ((memcmp(p: hdr->addr1, q: ieee->dev->dev_addr, ETH_ALEN))) {
218	dev_kfree_skb_any(skb);
219	return 0;
220	}
221	rtllib_rx_frame_softmac(ieee, skb, rx_stats, type, stype);
222
223	dev_kfree_skb_any(skb);
224
225	return 0;
226	}
227
228	/* No encapsulation header if EtherType < 0x600 (=length) */
229
230	/* Called by rtllib_rx_frame_decrypt */
231	static int rtllib_is_eapol_frame(struct rtllib_device *ieee,
232	struct sk_buff *skb, size_t hdrlen)
233	{
234	struct net_device *dev = ieee->dev;
235	u16 fc, ethertype;
236	struct ieee80211_hdr *hdr;
237	u8 *pos;
238
239	if (skb->len < 24)
240	return 0;
241
242	hdr = (struct ieee80211_hdr *)skb->data;
243	fc = le16_to_cpu(hdr->frame_control);
244
245	/* check that the frame is unicast frame to us */
246	if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
247	IEEE80211_FCTL_TODS &&
248	memcmp(p: hdr->addr1, q: dev->dev_addr, ETH_ALEN) == 0 &&
249	memcmp(p: hdr->addr3, q: dev->dev_addr, ETH_ALEN) == 0) {
250	/* ToDS frame with own addr BSSID and DA */
251	} else if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
252	IEEE80211_FCTL_FROMDS &&
253	memcmp(p: hdr->addr1, q: dev->dev_addr, ETH_ALEN) == 0) {
254	/* FromDS frame with own addr as DA */
255	} else {
256	return 0;
257	}
258
259	if (skb->len < 24 + 8)
260	return 0;
261
262	/* check for port access entity Ethernet type */
263	pos = skb->data + hdrlen;
264	ethertype = (pos[6] << 8) | pos[7];
265	if (ethertype == ETH_P_PAE)
266	return 1;
267
268	return 0;
269	}
270
271	/* Called only as a tasklet (software IRQ), by rtllib_rx */
272	static inline int
273	rtllib_rx_frame_decrypt(struct rtllib_device *ieee, struct sk_buff *skb,
274	struct lib80211_crypt_data *crypt)
275	{
276	struct ieee80211_hdr *hdr;
277	int res, hdrlen;
278
279	if (!crypt || !crypt->ops->decrypt_mpdu)
280	return 0;
281
282	if (ieee->hwsec_active) {
283	struct cb_desc *tcb_desc = (struct cb_desc *)
284	(skb->cb + MAX_DEV_ADDR_SIZE);
285
286	tcb_desc->bHwSec = 1;
287
288	if (ieee->need_sw_enc)
289	tcb_desc->bHwSec = 0;
290	}
291
292	hdr = (struct ieee80211_hdr *)skb->data;
293	hdrlen = rtllib_get_hdrlen(le16_to_cpu(hdr->frame_control));
294
295	atomic_inc(v: &crypt->refcnt);
296	res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv);
297	atomic_dec(v: &crypt->refcnt);
298	if (res < 0) {
299	netdev_dbg(ieee->dev, "decryption failed (SA= %pM) res=%d\n",
300	hdr->addr2, res);
301	if (res == -2)
302	netdev_dbg(ieee->dev,
303	"Decryption failed ICV mismatch (key %d)\n",
304	skb->data[hdrlen + 3] >> 6);
305	return -1;
306	}
307
308	return res;
309	}
310
311	/* Called only as a tasklet (software IRQ), by rtllib_rx */
312	static inline int
313	rtllib_rx_frame_decrypt_msdu(struct rtllib_device *ieee, struct sk_buff *skb,
314	int keyidx, struct lib80211_crypt_data *crypt)
315	{
316	struct ieee80211_hdr *hdr;
317	int res, hdrlen;
318
319	if (!crypt || !crypt->ops->decrypt_msdu)
320	return 0;
321	if (ieee->hwsec_active) {
322	struct cb_desc *tcb_desc = (struct cb_desc *)
323	(skb->cb + MAX_DEV_ADDR_SIZE);
324
325	tcb_desc->bHwSec = 1;
326
327	if (ieee->need_sw_enc)
328	tcb_desc->bHwSec = 0;
329	}
330
331	hdr = (struct ieee80211_hdr *)skb->data;
332	hdrlen = rtllib_get_hdrlen(le16_to_cpu(hdr->frame_control));
333
334	atomic_inc(v: &crypt->refcnt);
335	res = crypt->ops->decrypt_msdu(skb, keyidx, hdrlen, crypt->priv);
336	atomic_dec(v: &crypt->refcnt);
337	if (res < 0) {
338	netdev_dbg(ieee->dev,
339	"MSDU decryption/MIC verification failed (SA= %pM keyidx=%d)\n",
340	hdr->addr2, keyidx);
341	return -1;
342	}
343
344	return 0;
345	}
346
347	/* this function is stolen from ipw2200 driver*/
348	#define IEEE_PACKET_RETRY_TIME (5 * HZ)
349	static int is_duplicate_packet(struct rtllib_device *ieee,
350	struct ieee80211_hdr *header)
351	{
352	u16 fc = le16_to_cpu(header->frame_control);
353	u16 sc = le16_to_cpu(header->seq_ctrl);
354	u16 seq = WLAN_GET_SEQ_SEQ(sc);
355	u16 frag = WLAN_GET_SEQ_FRAG(sc);
356	u16 *last_seq, *last_frag;
357	unsigned long *last_time;
358	struct ieee80211_qos_hdr *hdr_3addrqos;
359	struct ieee80211_qos_hdr_4addr *hdr_4addrqos;
360	u8 tid;
361
362	if (ieee80211_has_a4(fc: header->frame_control) &&
363	RTLLIB_QOS_HAS_SEQ(fc)) {
364	hdr_4addrqos = (struct ieee80211_qos_hdr_4addr *)header;
365	tid = le16_to_cpu(hdr_4addrqos->qos_ctrl) & RTLLIB_QCTL_TID;
366	tid = UP2AC(tid);
367	tid++;
368	} else if (RTLLIB_QOS_HAS_SEQ(fc)) {
369	hdr_3addrqos = (struct ieee80211_qos_hdr *)header;
370	tid = le16_to_cpu(hdr_3addrqos->qos_ctrl) & RTLLIB_QCTL_TID;
371	tid = UP2AC(tid);
372	tid++;
373	} else {
374	tid = 0;
375	}
376
377	switch (ieee->iw_mode) {
378	case IW_MODE_INFRA:
379	last_seq = &ieee->last_rxseq_num[tid];
380	last_frag = &ieee->last_rxfrag_num[tid];
381	last_time = &ieee->last_packet_time[tid];
382	break;
383	default:
384	return 0;
385	}
386
387	if ((*last_seq == seq) &&
388	time_after(*last_time + IEEE_PACKET_RETRY_TIME, jiffies)) {
389	if (*last_frag == frag)
390	goto drop;
391	if (*last_frag + 1 != frag)
392	/* out-of-order fragment */
393	goto drop;
394	} else {
395	*last_seq = seq;
396	}
397
398	*last_frag = frag;
399	*last_time = jiffies;
400	return 0;
401
402	drop:
403
404	return 1;
405	}
406
407	static bool AddReorderEntry(struct rx_ts_record *ts,
408	struct rx_reorder_entry *pReorderEntry)
409	{
410	struct list_head *pList = &ts->rx_pending_pkt_list;
411
412	while (pList->next != &ts->rx_pending_pkt_list) {
413	if (SN_LESS(pReorderEntry->SeqNum, ((struct rx_reorder_entry *)
414	list_entry(pList->next, struct rx_reorder_entry,
415	List))->SeqNum))
416	pList = pList->next;
417	else if (SN_EQUAL(pReorderEntry->SeqNum,
418	((struct rx_reorder_entry *)list_entry(pList->next,
419	struct rx_reorder_entry, List))->SeqNum))
420	return false;
421	else
422	break;
423	}
424	pReorderEntry->List.next = pList->next;
425	pReorderEntry->List.next->prev = &pReorderEntry->List;
426	pReorderEntry->List.prev = pList;
427	pList->next = &pReorderEntry->List;
428
429	return true;
430	}
431
432	void rtllib_indicate_packets(struct rtllib_device *ieee,
433	struct rtllib_rxb **prxbIndicateArray, u8 index)
434	{
435	struct net_device_stats *stats = &ieee->stats;
436	u8 i = 0, j = 0;
437	u16 ethertype;
438
439	for (j = 0; j < index; j++) {
440	struct rtllib_rxb *prxb = prxbIndicateArray[j];
441
442	for (i = 0; i < prxb->nr_subframes; i++) {
443	struct sk_buff *sub_skb = prxb->subframes[i];
444
445	/* convert hdr + possible LLC headers into Ethernet header */
446	ethertype = (sub_skb->data[6] << 8) | sub_skb->data[7];
447	if (sub_skb->len >= 8 &&
448	((memcmp(p: sub_skb->data, q: rfc1042_header,
449	SNAP_SIZE) == 0 &&
450	ethertype != ETH_P_AARP &&
451	ethertype != ETH_P_IPX) ||
452	memcmp(p: sub_skb->data, q: bridge_tunnel_header,
453	SNAP_SIZE) == 0)) {
454	/* remove RFC1042 or Bridge-Tunnel encapsulation
455	* and replace EtherType
456	*/
457	skb_pull(skb: sub_skb, SNAP_SIZE);
458	memcpy(skb_push(sub_skb, ETH_ALEN), prxb->src, ETH_ALEN);
459	memcpy(skb_push(sub_skb, ETH_ALEN), prxb->dst, ETH_ALEN);
460	} else {
461	u16 len;
462	/* Leave Ethernet header part of hdr and full payload */
463	len = sub_skb->len;
464	memcpy(skb_push(sub_skb, 2), &len, 2);
465	memcpy(skb_push(sub_skb, ETH_ALEN), prxb->src, ETH_ALEN);
466	memcpy(skb_push(sub_skb, ETH_ALEN), prxb->dst, ETH_ALEN);
467	}
468
469	/* Indicate the packets to upper layer */
470	if (sub_skb) {
471	stats->rx_packets++;
472	stats->rx_bytes += sub_skb->len;
473
474	memset(sub_skb->cb, 0, sizeof(sub_skb->cb));
475	sub_skb->protocol = eth_type_trans(skb: sub_skb,
476	dev: ieee->dev);
477	sub_skb->dev = ieee->dev;
478	sub_skb->dev->stats.rx_packets++;
479	sub_skb->dev->stats.rx_bytes += sub_skb->len;
480	/* 802.11 crc not sufficient */
481	sub_skb->ip_summed = CHECKSUM_NONE;
482	ieee->last_rx_ps_time = jiffies;
483	netif_rx(skb: sub_skb);
484	}
485	}
486	kfree(objp: prxb);
487	prxb = NULL;
488	}
489	}
490
491	void rtllib_FlushRxTsPendingPkts(struct rtllib_device *ieee,
492	struct rx_ts_record *ts)
493	{
494	struct rx_reorder_entry *pRxReorderEntry;
495	u8 RfdCnt = 0;
496
497	del_timer_sync(timer: &ts->rx_pkt_pending_timer);
498	while (!list_empty(head: &ts->rx_pending_pkt_list)) {
499	if (RfdCnt >= REORDER_WIN_SIZE) {
500	netdev_info(dev: ieee->dev,
501	format: "-------------->%s() error! RfdCnt >= REORDER_WIN_SIZE\n",
502	__func__);
503	break;
504	}
505
506	pRxReorderEntry = (struct rx_reorder_entry *)
507	list_entry(ts->rx_pending_pkt_list.prev,
508	struct rx_reorder_entry, List);
509	netdev_dbg(ieee->dev, "%s(): Indicate SeqNum %d!\n", __func__,
510	pRxReorderEntry->SeqNum);
511	list_del_init(entry: &pRxReorderEntry->List);
512
513	ieee->RfdArray[RfdCnt] = pRxReorderEntry->prxb;
514
515	RfdCnt = RfdCnt + 1;
516	list_add_tail(new: &pRxReorderEntry->List,
517	head: &ieee->RxReorder_Unused_List);
518	}
519	rtllib_indicate_packets(ieee, prxbIndicateArray: ieee->RfdArray, index: RfdCnt);
520
521	ts->rx_indicate_seq = 0xffff;
522	}
523
524	static void RxReorderIndicatePacket(struct rtllib_device *ieee,
525	struct rtllib_rxb *prxb,
526	struct rx_ts_record *ts, u16 SeqNum)
527	{
528	struct rt_hi_throughput *ht_info = ieee->ht_info;
529	struct rx_reorder_entry *pReorderEntry = NULL;
530	u8 WinSize = ht_info->rx_reorder_win_size;
531	u16 WinEnd = 0;
532	u8 index = 0;
533	bool bMatchWinStart = false, bPktInBuf = false;
534	unsigned long flags;
535
536	netdev_dbg(ieee->dev,
537	"%s(): Seq is %d, ts->rx_indicate_seq is %d, WinSize is %d\n",
538	__func__, SeqNum, ts->rx_indicate_seq, WinSize);
539
540	spin_lock_irqsave(&(ieee->reorder_spinlock), flags);
541
542	WinEnd = (ts->rx_indicate_seq + WinSize - 1) % 4096;
543	/* Rx Reorder initialize condition.*/
544	if (ts->rx_indicate_seq == 0xffff)
545	ts->rx_indicate_seq = SeqNum;
546
547	/* Drop out the packet which SeqNum is smaller than WinStart */
548	if (SN_LESS(SeqNum, ts->rx_indicate_seq)) {
549	netdev_dbg(ieee->dev,
550	"Packet Drop! IndicateSeq: %d, NewSeq: %d\n",
551	ts->rx_indicate_seq, SeqNum);
552	ht_info->rx_reorder_drop_counter++;
553	{
554	int i;
555
556	for (i = 0; i < prxb->nr_subframes; i++)
557	dev_kfree_skb(prxb->subframes[i]);
558	kfree(objp: prxb);
559	prxb = NULL;
560	}
561	spin_unlock_irqrestore(lock: &(ieee->reorder_spinlock), flags);
562	return;
563	}
564
565	/* Sliding window manipulation. Conditions includes:
566	* 1. Incoming SeqNum is equal to WinStart =>Window shift 1
567	* 2. Incoming SeqNum is larger than the WinEnd => Window shift N
568	*/
569	if (SN_EQUAL(SeqNum, ts->rx_indicate_seq)) {
570	ts->rx_indicate_seq = (ts->rx_indicate_seq + 1) % 4096;
571	bMatchWinStart = true;
572	} else if (SN_LESS(WinEnd, SeqNum)) {
573	if (SeqNum >= (WinSize - 1))
574	ts->rx_indicate_seq = SeqNum + 1 - WinSize;
575	else
576	ts->rx_indicate_seq = 4095 -
577	(WinSize - (SeqNum + 1)) + 1;
578	netdev_dbg(ieee->dev,
579	"Window Shift! IndicateSeq: %d, NewSeq: %d\n",
580	ts->rx_indicate_seq, SeqNum);
581	}
582
583	/* Indication process.
584	* After Packet dropping and Sliding Window shifting as above, we can
585	* now just indicate the packets with the SeqNum smaller than latest
586	* WinStart and struct buffer other packets.
587	*
588	* For Rx Reorder condition:
589	* 1. All packets with SeqNum smaller than WinStart => Indicate
590	* 2. All packets with SeqNum larger than or equal to
591	* WinStart => Buffer it.
592	*/
593	if (bMatchWinStart) {
594	/* Current packet is going to be indicated.*/
595	netdev_dbg(ieee->dev,
596	"Packets indication! IndicateSeq: %d, NewSeq: %d\n",
597	ts->rx_indicate_seq, SeqNum);
598	ieee->prxbIndicateArray[0] = prxb;
599	index = 1;
600	} else {
601	/* Current packet is going to be inserted into pending list.*/
602	if (!list_empty(head: &ieee->RxReorder_Unused_List)) {
603	pReorderEntry = (struct rx_reorder_entry *)
604	list_entry(ieee->RxReorder_Unused_List.next,
605	struct rx_reorder_entry, List);
606	list_del_init(entry: &pReorderEntry->List);
607
608	/* Make a reorder entry and insert
609	* into a the packet list.
610	*/
611	pReorderEntry->SeqNum = SeqNum;
612	pReorderEntry->prxb = prxb;
613
614	if (!AddReorderEntry(ts, pReorderEntry)) {
615	int i;
616
617	netdev_dbg(ieee->dev,
618	"%s(): Duplicate packet is dropped. IndicateSeq: %d, NewSeq: %d\n",
619	__func__, ts->rx_indicate_seq,
620	SeqNum);
621	list_add_tail(new: &pReorderEntry->List,
622	head: &ieee->RxReorder_Unused_List);
623
624	for (i = 0; i < prxb->nr_subframes; i++)
625	dev_kfree_skb(prxb->subframes[i]);
626	kfree(objp: prxb);
627	prxb = NULL;
628	} else {
629	netdev_dbg(ieee->dev,
630	"Pkt insert into struct buffer. IndicateSeq: %d, NewSeq: %d\n",
631	ts->rx_indicate_seq, SeqNum);
632	}
633	} else {
634	/* Packets are dropped if there are not enough reorder
635	* entries. This part should be modified!! We can just
636	* indicate all the packets in struct buffer and get
637	* reorder entries.
638	*/
639	netdev_err(dev: ieee->dev,
640	format: "%s(): There is no reorder entry! Packet is dropped!\n",
641	__func__);
642	{
643	int i;
644
645	for (i = 0; i < prxb->nr_subframes; i++)
646	dev_kfree_skb(prxb->subframes[i]);
647	kfree(objp: prxb);
648	prxb = NULL;
649	}
650	}
651	}
652
653	/* Check if there is any packet need indicate.*/
654	while (!list_empty(head: &ts->rx_pending_pkt_list)) {
655	netdev_dbg(ieee->dev, "%s(): start RREORDER indicate\n",
656	__func__);
657
658	pReorderEntry = (struct rx_reorder_entry *)
659	list_entry(ts->rx_pending_pkt_list.prev,
660	struct rx_reorder_entry,
661	List);
662	if (SN_LESS(pReorderEntry->SeqNum, ts->rx_indicate_seq) ||
663	SN_EQUAL(pReorderEntry->SeqNum, ts->rx_indicate_seq)) {
664	/* This protect struct buffer from overflow. */
665	if (index >= REORDER_WIN_SIZE) {
666	netdev_err(dev: ieee->dev,
667	format: "%s(): Buffer overflow!\n",
668	__func__);
669	bPktInBuf = true;
670	break;
671	}
672
673	list_del_init(entry: &pReorderEntry->List);
674
675	if (SN_EQUAL(pReorderEntry->SeqNum, ts->rx_indicate_seq))
676	ts->rx_indicate_seq = (ts->rx_indicate_seq + 1) %
677	4096;
678
679	ieee->prxbIndicateArray[index] = pReorderEntry->prxb;
680	netdev_dbg(ieee->dev, "%s(): Indicate SeqNum %d!\n",
681	__func__, pReorderEntry->SeqNum);
682	index++;
683
684	list_add_tail(new: &pReorderEntry->List,
685	head: &ieee->RxReorder_Unused_List);
686	} else {
687	bPktInBuf = true;
688	break;
689	}
690	}
691
692	/* Handling pending timer. Set this timer to prevent from long time
693	* Rx buffering.
694	*/
695	if (index > 0) {
696	spin_unlock_irqrestore(lock: &ieee->reorder_spinlock, flags);
697	if (timer_pending(timer: &ts->rx_pkt_pending_timer))
698	del_timer_sync(timer: &ts->rx_pkt_pending_timer);
699	spin_lock_irqsave(&ieee->reorder_spinlock, flags);
700	ts->rx_timeout_indicate_seq = 0xffff;
701
702	if (index > REORDER_WIN_SIZE) {
703	netdev_err(dev: ieee->dev,
704	format: "%s(): Rx Reorder struct buffer full!\n",
705	__func__);
706	spin_unlock_irqrestore(lock: &(ieee->reorder_spinlock),
707	flags);
708	return;
709	}
710	rtllib_indicate_packets(ieee, prxbIndicateArray: ieee->prxbIndicateArray, index);
711	bPktInBuf = false;
712	}
713
714	if (bPktInBuf && ts->rx_timeout_indicate_seq == 0xffff) {
715	netdev_dbg(ieee->dev, "%s(): SET rx timeout timer\n", __func__);
716	ts->rx_timeout_indicate_seq = ts->rx_indicate_seq;
717	spin_unlock_irqrestore(lock: &ieee->reorder_spinlock, flags);
718	mod_timer(timer: &ts->rx_pkt_pending_timer, expires: jiffies +
719	msecs_to_jiffies(m: ht_info->rx_reorder_pending_time));
720	spin_lock_irqsave(&ieee->reorder_spinlock, flags);
721	}
722	spin_unlock_irqrestore(lock: &(ieee->reorder_spinlock), flags);
723	}
724
725	static u8 parse_subframe(struct rtllib_device *ieee, struct sk_buff *skb,
726	struct rtllib_rx_stats *rx_stats,
727	struct rtllib_rxb *rxb, u8 *src, u8 *dst)
728	{
729	struct ieee80211_hdr_3addr *hdr = (struct ieee80211_hdr_3addr *)skb->data;
730	u16 fc = le16_to_cpu(hdr->frame_control);
731
732	u16 LLCOffset = sizeof(struct ieee80211_hdr_3addr);
733	u16 ChkLength;
734	bool bIsAggregateFrame = false;
735	u16 nSubframe_Length;
736	u8 nPadding_Length = 0;
737	u16 SeqNum = 0;
738	struct sk_buff *sub_skb;
739	/* just for debug purpose */
740	SeqNum = WLAN_GET_SEQ_SEQ(le16_to_cpu(hdr->seq_ctrl));
741	if ((RTLLIB_QOS_HAS_SEQ(fc)) &&
742	(((union frameqos *)(skb->data + RTLLIB_3ADDR_LEN))->field.reserved))
743	bIsAggregateFrame = true;
744
745	if (RTLLIB_QOS_HAS_SEQ(fc))
746	LLCOffset += 2;
747	if (rx_stats->bContainHTC)
748	LLCOffset += sHTCLng;
749
750	ChkLength = LLCOffset;
751
752	if (skb->len <= ChkLength)
753	return 0;
754
755	skb_pull(skb, len: LLCOffset);
756	ieee->bIsAggregateFrame = bIsAggregateFrame;
757	if (!bIsAggregateFrame) {
758	rxb->nr_subframes = 1;
759
760	/* altered by clark 3/30/2010
761	* The struct buffer size of the skb indicated to upper layer
762	* must be less than 5000, or the defraged IP datagram
763	* in the IP layer will exceed "ipfrag_high_tresh" and be
764	* discarded. so there must not use the function
765	* "skb_copy" and "skb_clone" for "skb".
766	*/
767
768	/* Allocate new skb for releasing to upper layer */
769	sub_skb = dev_alloc_skb(RTLLIB_SKBBUFFER_SIZE);
770	if (!sub_skb)
771	return 0;
772	skb_reserve(skb: sub_skb, len: 12);
773	skb_put_data(skb: sub_skb, data: skb->data, len: skb->len);
774	sub_skb->dev = ieee->dev;
775
776	rxb->subframes[0] = sub_skb;
777
778	memcpy(rxb->src, src, ETH_ALEN);
779	memcpy(rxb->dst, dst, ETH_ALEN);
780	rxb->subframes[0]->dev = ieee->dev;
781	return 1;
782	}
783
784	rxb->nr_subframes = 0;
785	memcpy(rxb->src, src, ETH_ALEN);
786	memcpy(rxb->dst, dst, ETH_ALEN);
787	while (skb->len > ETHERNET_HEADER_SIZE) {
788	/* Offset 12 denote 2 mac address */
789	nSubframe_Length = *((u16 *)(skb->data + 12));
790	nSubframe_Length = (nSubframe_Length >> 8) +
791	(nSubframe_Length << 8);
792
793	if (skb->len < (ETHERNET_HEADER_SIZE + nSubframe_Length)) {
794	netdev_info(dev: ieee->dev,
795	format: "%s: A-MSDU parse error!! pRfd->nTotalSubframe : %d\n",
796	__func__, rxb->nr_subframes);
797	netdev_info(dev: ieee->dev,
798	format: "%s: A-MSDU parse error!! Subframe Length: %d\n",
799	__func__, nSubframe_Length);
800	netdev_info(dev: ieee->dev,
801	format: "nRemain_Length is %d and nSubframe_Length is : %d\n",
802	skb->len, nSubframe_Length);
803	netdev_info(dev: ieee->dev,
804	format: "The Packet SeqNum is %d\n",
805	SeqNum);
806	return 0;
807	}
808
809	/* move the data point to data content */
810	skb_pull(skb, ETHERNET_HEADER_SIZE);
811
812	/* altered by clark 3/30/2010
813	* The struct buffer size of the skb indicated to upper layer
814	* must be less than 5000, or the defraged IP datagram
815	* in the IP layer will exceed "ipfrag_high_tresh" and be
816	* discarded. so there must not use the function
817	* "skb_copy" and "skb_clone" for "skb".
818	*/
819
820	/* Allocate new skb for releasing to upper layer */
821	sub_skb = dev_alloc_skb(length: nSubframe_Length + 12);
822	if (!sub_skb)
823	return 0;
824	skb_reserve(skb: sub_skb, len: 12);
825	skb_put_data(skb: sub_skb, data: skb->data, len: nSubframe_Length);
826
827	sub_skb->dev = ieee->dev;
828	rxb->subframes[rxb->nr_subframes++] = sub_skb;
829	if (rxb->nr_subframes >= MAX_SUBFRAME_COUNT) {
830	netdev_dbg(ieee->dev,
831	"ParseSubframe(): Too many Subframes! Packets dropped!\n");
832	break;
833	}
834	skb_pull(skb, len: nSubframe_Length);
835
836	if (skb->len != 0) {
837	nPadding_Length = 4 - ((nSubframe_Length +
838	ETHERNET_HEADER_SIZE) % 4);
839	if (nPadding_Length == 4)
840	nPadding_Length = 0;
841
842	if (skb->len < nPadding_Length)
843	return 0;
844
845	skb_pull(skb, len: nPadding_Length);
846	}
847	}
848
849	return rxb->nr_subframes;
850	}
851
852	static size_t rtllib_rx_get_hdrlen(struct rtllib_device *ieee,
853	struct sk_buff *skb,
854	struct rtllib_rx_stats *rx_stats)
855	{
856	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
857	u16 fc = le16_to_cpu(hdr->frame_control);
858	size_t hdrlen;
859
860	hdrlen = rtllib_get_hdrlen(fc);
861	if (HTCCheck(ieee, pFrame: skb->data)) {
862	if (net_ratelimit())
863	netdev_info(dev: ieee->dev, format: "%s: find HTCControl!\n",
864	__func__);
865	hdrlen += 4;
866	rx_stats->bContainHTC = true;
867	}
868
869	if (RTLLIB_QOS_HAS_SEQ(fc))
870	rx_stats->bIsQosData = true;
871
872	return hdrlen;
873	}
874
875	static int rtllib_rx_check_duplicate(struct rtllib_device *ieee,
876	struct sk_buff *skb, u8 multicast)
877	{
878	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
879	u16 fc, sc;
880	u8 frag;
881
882	fc = le16_to_cpu(hdr->frame_control);
883	sc = le16_to_cpu(hdr->seq_ctrl);
884	frag = WLAN_GET_SEQ_FRAG(sc);
885
886	if (!ieee->ht_info->cur_rx_reorder_enable ||
887	!ieee->current_network.qos_data.active ||
888	!IsDataFrame(skb->data) ||
889	IsLegacyDataFrame(skb->data)) {
890	if (!ieee80211_is_beacon(fc: hdr->frame_control)) {
891	if (is_duplicate_packet(ieee, header: hdr))
892	return -1;
893	}
894	} else {
895	struct rx_ts_record *ts = NULL;
896
897	if (rtllib_get_ts(ieee, ppTS: (struct ts_common_info **)&ts, addr: hdr->addr2,
898	TID: (u8)Frame_QoSTID(buf: (u8 *)(skb->data)), TxRxSelect: RX_DIR, bAddNewTs: true)) {
899	if ((fc & (1 << 11)) && (frag == ts->rx_last_frag_num) &&
900	(WLAN_GET_SEQ_SEQ(sc) == ts->rx_last_seq_num))
901	return -1;
902	ts->rx_last_frag_num = frag;
903	ts->rx_last_seq_num = WLAN_GET_SEQ_SEQ(sc);
904	} else {
905	netdev_warn(dev: ieee->dev, format: "%s(): No TS! Skip the check!\n",
906	__func__);
907	return -1;
908	}
909	}
910
911	return 0;
912	}
913
914	static void rtllib_rx_extract_addr(struct rtllib_device *ieee,
915	struct ieee80211_hdr *hdr, u8 *dst,
916	u8 *src, u8 *bssid)
917	{
918	u16 fc = le16_to_cpu(hdr->frame_control);
919
920	switch (fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
921	case IEEE80211_FCTL_FROMDS:
922	ether_addr_copy(dst, src: hdr->addr1);
923	ether_addr_copy(dst: src, src: hdr->addr3);
924	ether_addr_copy(dst: bssid, src: hdr->addr2);
925	break;
926	case IEEE80211_FCTL_TODS:
927	ether_addr_copy(dst, src: hdr->addr3);
928	ether_addr_copy(dst: src, src: hdr->addr2);
929	ether_addr_copy(dst: bssid, src: hdr->addr1);
930	break;
931	case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
932	ether_addr_copy(dst, src: hdr->addr3);
933	ether_addr_copy(dst: src, src: hdr->addr4);
934	ether_addr_copy(dst: bssid, src: ieee->current_network.bssid);
935	break;
936	default:
937	ether_addr_copy(dst, src: hdr->addr1);
938	ether_addr_copy(dst: src, src: hdr->addr2);
939	ether_addr_copy(dst: bssid, src: hdr->addr3);
940	break;
941	}
942	}
943
944	static int rtllib_rx_data_filter(struct rtllib_device *ieee, struct ieee80211_hdr *hdr,
945	u8 *dst, u8 *src, u8 *bssid, u8 *addr2)
946	{
947	u8 type, stype;
948	u16 fc = le16_to_cpu(hdr->frame_control);
949	type = WLAN_FC_GET_TYPE(fc);
950	stype = WLAN_FC_GET_STYPE(fc);
951
952	/* Filter frames from different BSS */
953	if (ieee80211_has_a4(fc: hdr->frame_control) &&
954	!ether_addr_equal(addr1: ieee->current_network.bssid, addr2: bssid) &&
955	!is_zero_ether_addr(addr: ieee->current_network.bssid)) {
956	return -1;
957	}
958
959	/* Nullfunc frames may have PS-bit set, so they must be passed to
960	* hostap_handle_sta_rx() before being dropped here.
961	*/
962	if (stype != IEEE80211_STYPE_DATA &&
963	stype != IEEE80211_STYPE_DATA_CFACK &&
964	stype != IEEE80211_STYPE_DATA_CFPOLL &&
965	stype != IEEE80211_STYPE_DATA_CFACKPOLL &&
966	stype != IEEE80211_STYPE_QOS_DATA) {
967	if (stype != IEEE80211_STYPE_NULLFUNC)
968	netdev_dbg(ieee->dev,
969	"RX: dropped data frame with no data (type=0x%02x, subtype=0x%02x)\n",
970	type, stype);
971	return -1;
972	}
973
974	/* packets from our adapter are dropped (echo) */
975	if (!memcmp(p: src, q: ieee->dev->dev_addr, ETH_ALEN))
976	return -1;
977
978	/* {broad,multi}cast packets to our BSS go through */
979	if (is_multicast_ether_addr(addr: dst)) {
980	if (memcmp(p: bssid, q: ieee->current_network.bssid,
981	ETH_ALEN))
982	return -1;
983	}
984	return 0;
985	}
986
987	static int rtllib_rx_get_crypt(struct rtllib_device *ieee, struct sk_buff *skb,
988	struct lib80211_crypt_data **crypt, size_t hdrlen)
989	{
990	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
991	u16 fc = le16_to_cpu(hdr->frame_control);
992	int idx = 0;
993
994	if (skb->len >= hdrlen + 3)
995	idx = skb->data[hdrlen + 3] >> 6;
996
997	*crypt = ieee->crypt_info.crypt[idx];
998	/* allow NULL decrypt to indicate an station specific override
999	* for default encryption
1000	*/
1001	if (*crypt && (!(*crypt)->ops || !(*crypt)->ops->decrypt_mpdu))
1002	*crypt = NULL;
1003
1004	if (!*crypt && (fc & IEEE80211_FCTL_PROTECTED)) {
1005	/* This seems to be triggered by some (multicast?)
1006	* frames from other than current BSS, so just drop the
1007	* frames silently instead of filling system log with
1008	* these reports.
1009	*/
1010	netdev_dbg(ieee->dev,
1011	"Decryption failed (not set) (SA= %pM)\n",
1012	hdr->addr2);
1013	return -1;
1014	}
1015
1016	return 0;
1017	}
1018
1019	static int rtllib_rx_decrypt(struct rtllib_device *ieee, struct sk_buff *skb,
1020	struct rtllib_rx_stats *rx_stats,
1021	struct lib80211_crypt_data *crypt, size_t hdrlen)
1022	{
1023	struct ieee80211_hdr *hdr;
1024	int keyidx = 0;
1025	u16 fc, sc;
1026	u8 frag;
1027
1028	hdr = (struct ieee80211_hdr *)skb->data;
1029	fc = le16_to_cpu(hdr->frame_control);
1030	sc = le16_to_cpu(hdr->seq_ctrl);
1031	frag = WLAN_GET_SEQ_FRAG(sc);
1032
1033	if ((!rx_stats->Decrypted))
1034	ieee->need_sw_enc = 1;
1035	else
1036	ieee->need_sw_enc = 0;
1037
1038	keyidx = rtllib_rx_frame_decrypt(ieee, skb, crypt);
1039	if ((fc & IEEE80211_FCTL_PROTECTED) && (keyidx < 0)) {
1040	netdev_info(dev: ieee->dev, format: "%s: decrypt frame error\n", __func__);
1041	return -1;
1042	}
1043
1044	hdr = (struct ieee80211_hdr *)skb->data;
1045	if ((frag != 0 || (fc & IEEE80211_FCTL_MOREFRAGS))) {
1046	int flen;
1047	struct sk_buff *frag_skb = rtllib_frag_cache_get(ieee, hdr);
1048
1049	netdev_dbg(ieee->dev, "Rx Fragment received (%u)\n", frag);
1050
1051	if (!frag_skb) {
1052	netdev_dbg(ieee->dev,
1053	"Rx cannot get skb from fragment cache (morefrag=%d seq=%u frag=%u)\n",
1054	(fc & IEEE80211_FCTL_MOREFRAGS) != 0,
1055	WLAN_GET_SEQ_SEQ(sc), frag);
1056	return -1;
1057	}
1058	flen = skb->len;
1059	if (frag != 0)
1060	flen -= hdrlen;
1061
1062	if (frag_skb->tail + flen > frag_skb->end) {
1063	netdev_warn(dev: ieee->dev,
1064	format: "%s: host decrypted and reassembled frame did not fit skb\n",
1065	__func__);
1066	rtllib_frag_cache_invalidate(ieee, hdr);
1067	return -1;
1068	}
1069
1070	if (frag == 0) {
1071	/* copy first fragment (including full headers) into
1072	* beginning of the fragment cache skb
1073	*/
1074	skb_put_data(skb: frag_skb, data: skb->data, len: flen);
1075	} else {
1076	/* append frame payload to the end of the fragment
1077	* cache skb
1078	*/
1079	skb_put_data(skb: frag_skb, data: skb->data + hdrlen, len: flen);
1080	}
1081	dev_kfree_skb_any(skb);
1082	skb = NULL;
1083
1084	if (fc & IEEE80211_FCTL_MOREFRAGS) {
1085	/* more fragments expected - leave the skb in fragment
1086	* cache for now; it will be delivered to upper layers
1087	* after all fragments have been received
1088	*/
1089	return -2;
1090	}
1091
1092	/* this was the last fragment and the frame will be
1093	* delivered, so remove skb from fragment cache
1094	*/
1095	skb = frag_skb;
1096	hdr = (struct ieee80211_hdr *)skb->data;
1097	rtllib_frag_cache_invalidate(ieee, hdr);
1098	}
1099
1100	/* skb: hdr + (possible reassembled) full MSDU payload; possibly still
1101	* encrypted/authenticated
1102	*/
1103	if ((fc & IEEE80211_FCTL_PROTECTED) &&
1104	rtllib_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt)) {
1105	netdev_info(dev: ieee->dev, format: "%s: ==>decrypt msdu error\n", __func__);
1106	return -1;
1107	}
1108
1109	hdr = (struct ieee80211_hdr *)skb->data;
1110	if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep) {
1111	if (/*ieee->ieee802_1x &&*/
1112	rtllib_is_eapol_frame(ieee, skb, hdrlen)) {
1113	/* pass unencrypted EAPOL frames even if encryption is
1114	* configured
1115	*/
1116	struct eapol *eap = (struct eapol *)(skb->data +
1117	24);
1118	netdev_dbg(ieee->dev,
1119	"RX: IEEE 802.1X EAPOL frame: %s\n",
1120	eap_get_type(eap->type));
1121	} else {
1122	netdev_dbg(ieee->dev,
1123	"encryption configured, but RX frame not encrypted (SA= %pM)\n",
1124	hdr->addr2);
1125	return -1;
1126	}
1127	}
1128
1129	if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) &&
1130	rtllib_is_eapol_frame(ieee, skb, hdrlen)) {
1131	struct eapol *eap = (struct eapol *)(skb->data + 24);
1132
1133	netdev_dbg(ieee->dev, "RX: IEEE 802.1X EAPOL frame: %s\n",
1134	eap_get_type(eap->type));
1135	}
1136
1137	if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep &&
1138	!rtllib_is_eapol_frame(ieee, skb, hdrlen)) {
1139	netdev_dbg(ieee->dev,
1140	"dropped unencrypted RX data frame from %pM (drop_unencrypted=1)\n",
1141	hdr->addr2);
1142	return -1;
1143	}
1144
1145	return 0;
1146	}
1147
1148	static void rtllib_rx_check_leave_lps(struct rtllib_device *ieee, u8 unicast,
1149	u8 nr_subframes)
1150	{
1151	if (unicast) {
1152	if (ieee->link_state == MAC80211_LINKED) {
1153	if (((ieee->link_detect_info.NumRxUnicastOkInPeriod +
1154	ieee->link_detect_info.NumTxOkInPeriod) > 8) ||
1155	(ieee->link_detect_info.NumRxUnicastOkInPeriod > 2)) {
1156	ieee->leisure_ps_leave(ieee->dev);
1157	}
1158	}
1159	}
1160	ieee->last_rx_ps_time = jiffies;
1161	}
1162
1163	static void rtllib_rx_indicate_pkt_legacy(struct rtllib_device *ieee,
1164	struct rtllib_rx_stats *rx_stats,
1165	struct rtllib_rxb *rxb,
1166	u8 *dst,
1167	u8 *src)
1168	{
1169	struct net_device *dev = ieee->dev;
1170	u16 ethertype;
1171	int i = 0;
1172
1173	if (!rxb) {
1174	netdev_info(dev, format: "%s: rxb is NULL!!\n", __func__);
1175	return;
1176	}
1177
1178	for (i = 0; i < rxb->nr_subframes; i++) {
1179	struct sk_buff *sub_skb = rxb->subframes[i];
1180
1181	if (sub_skb) {
1182	/* convert hdr + possible LLC headers
1183	* into Ethernet header
1184	*/
1185	ethertype = (sub_skb->data[6] << 8) | sub_skb->data[7];
1186	if (sub_skb->len >= 8 &&
1187	((memcmp(p: sub_skb->data, q: rfc1042_header, SNAP_SIZE) == 0 &&
1188	ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
1189	memcmp(p: sub_skb->data, q: bridge_tunnel_header, SNAP_SIZE) == 0)) {
1190	/* remove RFC1042 or Bridge-Tunnel encapsulation
1191	* and replace EtherType
1192	*/
1193	skb_pull(skb: sub_skb, SNAP_SIZE);
1194	ether_addr_copy(dst: skb_push(skb: sub_skb, ETH_ALEN),
1195	src);
1196	ether_addr_copy(dst: skb_push(skb: sub_skb, ETH_ALEN),
1197	src: dst);
1198	} else {
1199	u16 len;
1200	/* Leave Ethernet header part of hdr
1201	* and full payload
1202	*/
1203	len = sub_skb->len;
1204	memcpy(skb_push(sub_skb, 2), &len, 2);
1205	ether_addr_copy(dst: skb_push(skb: sub_skb, ETH_ALEN),
1206	src);
1207	ether_addr_copy(dst: skb_push(skb: sub_skb, ETH_ALEN),
1208	src: dst);
1209	}
1210
1211	ieee->stats.rx_packets++;
1212	ieee->stats.rx_bytes += sub_skb->len;
1213
1214	if (is_multicast_ether_addr(addr: dst))
1215	ieee->stats.multicast++;
1216
1217	/* Indicate the packets to upper layer */
1218	memset(sub_skb->cb, 0, sizeof(sub_skb->cb));
1219	sub_skb->protocol = eth_type_trans(skb: sub_skb, dev);
1220	sub_skb->dev = dev;
1221	sub_skb->dev->stats.rx_packets++;
1222	sub_skb->dev->stats.rx_bytes += sub_skb->len;
1223	/* 802.11 crc not sufficient */
1224	sub_skb->ip_summed = CHECKSUM_NONE;
1225	netif_rx(skb: sub_skb);
1226	}
1227	}
1228	kfree(objp: rxb);
1229	}
1230
1231	static int rtllib_rx_InfraAdhoc(struct rtllib_device *ieee, struct sk_buff *skb,
1232	struct rtllib_rx_stats *rx_stats)
1233	{
1234	struct net_device *dev = ieee->dev;
1235	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1236	struct lib80211_crypt_data *crypt = NULL;
1237	struct rtllib_rxb *rxb = NULL;
1238	struct rx_ts_record *ts = NULL;
1239	u16 fc, sc, SeqNum = 0;
1240	u8 type, stype, multicast = 0, unicast = 0, nr_subframes = 0, TID = 0;
1241	u8 dst[ETH_ALEN];
1242	u8 src[ETH_ALEN];
1243	u8 bssid[ETH_ALEN] = {0};
1244
1245	size_t hdrlen = 0;
1246	int ret = 0, i = 0;
1247
1248	fc = le16_to_cpu(hdr->frame_control);
1249	type = WLAN_FC_GET_TYPE(fc);
1250	stype = WLAN_FC_GET_STYPE(fc);
1251	sc = le16_to_cpu(hdr->seq_ctrl);
1252
1253	/*Filter pkt not to me*/
1254	multicast = is_multicast_ether_addr(addr: hdr->addr1);
1255	unicast = !multicast;
1256	if (unicast && !ether_addr_equal(addr1: dev->dev_addr, addr2: hdr->addr1))
1257	goto rx_dropped;
1258
1259	/*Filter pkt has too small length */
1260	hdrlen = rtllib_rx_get_hdrlen(ieee, skb, rx_stats);
1261	if (skb->len < hdrlen) {
1262	netdev_info(dev,
1263	format: "%s():ERR!!! skb->len is smaller than hdrlen\n",
1264	__func__);
1265	goto rx_dropped;
1266	}
1267
1268	/* Filter Duplicate pkt */
1269	ret = rtllib_rx_check_duplicate(ieee, skb, multicast);
1270	if (ret < 0)
1271	goto rx_dropped;
1272
1273	/* Filter CTRL Frame */
1274	if (type == RTLLIB_FTYPE_CTL)
1275	goto rx_dropped;
1276
1277	/* Filter MGNT Frame */
1278	if (type == RTLLIB_FTYPE_MGMT) {
1279	if (rtllib_rx_frame_mgmt(ieee, skb, rx_stats, type, stype))
1280	goto rx_dropped;
1281	else
1282	goto rx_exit;
1283	}
1284
1285	/* Filter WAPI DATA Frame */
1286
1287	/* Update statstics for AP roaming */
1288	ieee->link_detect_info.NumRecvDataInPeriod++;
1289	ieee->link_detect_info.NumRxOkInPeriod++;
1290
1291	/* Data frame - extract src/dst addresses */
1292	rtllib_rx_extract_addr(ieee, hdr, dst, src, bssid);
1293
1294	/* Filter Data frames */
1295	ret = rtllib_rx_data_filter(ieee, hdr, dst, src, bssid, addr2: hdr->addr2);
1296	if (ret < 0)
1297	goto rx_dropped;
1298
1299	if (skb->len == hdrlen)
1300	goto rx_dropped;
1301
1302	/* Send pspoll based on moredata */
1303	if ((ieee->iw_mode == IW_MODE_INFRA) &&
1304	(ieee->sta_sleep == LPS_IS_SLEEP) &&
1305	(ieee->polling)) {
1306	if (WLAN_FC_MORE_DATA(fc)) {
1307	/* more data bit is set, let's request a new frame
1308	* from the AP
1309	*/
1310	rtllib_sta_ps_send_pspoll_frame(ieee);
1311	} else {
1312	ieee->polling = false;
1313	}
1314	}
1315
1316	/* Get crypt if encrypted */
1317	ret = rtllib_rx_get_crypt(ieee, skb, crypt: &crypt, hdrlen);
1318	if (ret == -1)
1319	goto rx_dropped;
1320
1321	/* Decrypt data frame (including reassemble) */
1322	ret = rtllib_rx_decrypt(ieee, skb, rx_stats, crypt, hdrlen);
1323	if (ret == -1)
1324	goto rx_dropped;
1325	else if (ret == -2)
1326	goto rx_exit;
1327
1328	/* Get TS for Rx Reorder */
1329	hdr = (struct ieee80211_hdr *)skb->data;
1330	if (ieee->current_network.qos_data.active && IsQoSDataFrame(skb->data)
1331	&& !is_multicast_ether_addr(addr: hdr->addr1)) {
1332	TID = Frame_QoSTID(buf: skb->data);
1333	SeqNum = WLAN_GET_SEQ_SEQ(sc);
1334	rtllib_get_ts(ieee, ppTS: (struct ts_common_info **)&ts, addr: hdr->addr2, TID,
1335	TxRxSelect: RX_DIR, bAddNewTs: true);
1336	if (TID != 0 && TID != 3)
1337	ieee->bis_any_nonbepkts = true;
1338	}
1339
1340	/* Parse rx data frame (For AMSDU) */
1341	/* skb: hdr + (possible reassembled) full plaintext payload */
1342	rxb = kmalloc(size: sizeof(struct rtllib_rxb), GFP_ATOMIC);
1343	if (!rxb)
1344	goto rx_dropped;
1345
1346	/* to parse amsdu packets */
1347	/* qos data packets & reserved bit is 1 */
1348	if (parse_subframe(ieee, skb, rx_stats, rxb, src, dst) == 0) {
1349	/* only to free rxb, and not submit the packets
1350	* to upper layer
1351	*/
1352	for (i = 0; i < rxb->nr_subframes; i++)
1353	dev_kfree_skb(rxb->subframes[i]);
1354	kfree(objp: rxb);
1355	rxb = NULL;
1356	goto rx_dropped;
1357	}
1358
1359	/* Update WAPI PN */
1360
1361	/* Check if leave LPS */
1362	if (ieee->bIsAggregateFrame)
1363	nr_subframes = rxb->nr_subframes;
1364	else
1365	nr_subframes = 1;
1366	if (unicast)
1367	ieee->link_detect_info.NumRxUnicastOkInPeriod += nr_subframes;
1368	rtllib_rx_check_leave_lps(ieee, unicast, nr_subframes);
1369
1370	/* Indicate packets to upper layer or Rx Reorder */
1371	if (!ieee->ht_info->cur_rx_reorder_enable || !ts)
1372	rtllib_rx_indicate_pkt_legacy(ieee, rx_stats, rxb, dst, src);
1373	else
1374	RxReorderIndicatePacket(ieee, prxb: rxb, ts, SeqNum);
1375
1376	dev_kfree_skb(skb);
1377
1378	rx_exit:
1379	return 1;
1380
1381	rx_dropped:
1382	ieee->stats.rx_dropped++;
1383
1384	/* Returning 0 indicates to caller that we have not handled the SKB--
1385	* so it is still allocated and can be used again by underlying
1386	* hardware as a DMA target
1387	*/
1388	return 0;
1389	}
1390
1391	static int rtllib_rx_Monitor(struct rtllib_device *ieee, struct sk_buff *skb,
1392	struct rtllib_rx_stats *rx_stats)
1393	{
1394	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1395	u16 fc = le16_to_cpu(hdr->frame_control);
1396	size_t hdrlen = rtllib_get_hdrlen(fc);
1397
1398	if (skb->len < hdrlen) {
1399	netdev_info(dev: ieee->dev,
1400	format: "%s():ERR!!! skb->len is smaller than hdrlen\n",
1401	__func__);
1402	return 0;
1403	}
1404
1405	if (HTCCheck(ieee, pFrame: skb->data)) {
1406	if (net_ratelimit())
1407	netdev_info(dev: ieee->dev, format: "%s: Find HTCControl!\n",
1408	__func__);
1409	hdrlen += 4;
1410	}
1411
1412	ieee->stats.rx_packets++;
1413	ieee->stats.rx_bytes += skb->len;
1414	rtllib_monitor_rx(ieee, skb, rx_status: rx_stats, hdr_length: hdrlen);
1415
1416	return 1;
1417	}
1418
1419	/* All received frames are sent to this function. @skb contains the frame in
1420	* IEEE 802.11 format, i.e., in the format it was sent over air.
1421	* This function is called only as a tasklet (software IRQ).
1422	*/
1423	int rtllib_rx(struct rtllib_device *ieee, struct sk_buff *skb,
1424	struct rtllib_rx_stats *rx_stats)
1425	{
1426	int ret = 0;
1427
1428	if (!ieee || !skb || !rx_stats) {
1429	pr_info("%s: Input parameters NULL!\n", __func__);
1430	goto rx_dropped;
1431	}
1432	if (skb->len < 10) {
1433	netdev_info(dev: ieee->dev, format: "%s: SKB length < 10\n", __func__);
1434	goto rx_dropped;
1435	}
1436
1437	switch (ieee->iw_mode) {
1438	case IW_MODE_INFRA:
1439	ret = rtllib_rx_InfraAdhoc(ieee, skb, rx_stats);
1440	break;
1441	case IW_MODE_MONITOR:
1442	ret = rtllib_rx_Monitor(ieee, skb, rx_stats);
1443	break;
1444	default:
1445	netdev_info(dev: ieee->dev, format: "%s: ERR iw mode!!!\n", __func__);
1446	break;
1447	}
1448
1449	return ret;
1450
1451	rx_dropped:
1452	if (ieee)
1453	ieee->stats.rx_dropped++;
1454	return 0;
1455	}
1456	EXPORT_SYMBOL(rtllib_rx);
1457
1458	static u8 qos_oui[QOS_OUI_LEN] = { 0x00, 0x50, 0xF2 };
1459
1460	/* Make ther structure we read from the beacon packet has the right values */
1461	static int rtllib_verify_qos_info(struct rtllib_qos_information_element
1462	*info_element, int sub_type)
1463	{
1464	if (info_element->elementID != QOS_ELEMENT_ID)
1465	return -1;
1466	if (info_element->qui_subtype != sub_type)
1467	return -1;
1468	if (memcmp(p: info_element->qui, q: qos_oui, QOS_OUI_LEN))
1469	return -1;
1470	if (info_element->qui_type != QOS_OUI_TYPE)
1471	return -1;
1472	if (info_element->version != QOS_VERSION_1)
1473	return -1;
1474
1475	return 0;
1476	}
1477
1478	/* Parse a QoS parameter element */
1479	static int rtllib_read_qos_param_element(
1480	struct rtllib_qos_parameter_info *element_param,
1481	struct rtllib_info_element *info_element)
1482	{
1483	size_t size = sizeof(*element_param);
1484
1485	if (!element_param || !info_element || info_element->len != size - 2)
1486	return -1;
1487
1488	memcpy(element_param, info_element, size);
1489	return rtllib_verify_qos_info(info_element: &element_param->info_element,
1490	QOS_OUI_PARAM_SUB_TYPE);
1491	}
1492
1493	/* Parse a QoS information element */
1494	static int rtllib_read_qos_info_element(
1495	struct rtllib_qos_information_element *element_info,
1496	struct rtllib_info_element *info_element)
1497	{
1498	size_t size = sizeof(*element_info);
1499
1500	if (!element_info || !info_element || info_element->len != size - 2)
1501	return -1;
1502
1503	memcpy(element_info, info_element, size);
1504	return rtllib_verify_qos_info(info_element: element_info, QOS_OUI_INFO_SUB_TYPE);
1505	}
1506
1507	/* Write QoS parameters from the ac parameters. */
1508	static int rtllib_qos_convert_ac_to_parameters(struct rtllib_qos_parameter_info *param_elm,
1509	struct rtllib_qos_data *qos_data)
1510	{
1511	struct rtllib_qos_ac_parameter *ac_params;
1512	struct rtllib_qos_parameters *qos_param = &(qos_data->parameters);
1513	int i;
1514	u8 aci;
1515	u8 acm;
1516
1517	qos_data->wmm_acm = 0;
1518	for (i = 0; i < QOS_QUEUE_NUM; i++) {
1519	ac_params = &(param_elm->ac_params_record[i]);
1520
1521	aci = (ac_params->aci_aifsn & 0x60) >> 5;
1522	acm = (ac_params->aci_aifsn & 0x10) >> 4;
1523
1524	if (aci >= QOS_QUEUE_NUM)
1525	continue;
1526	switch (aci) {
1527	case 1:
1528	/* BIT(0) | BIT(3) */
1529	if (acm)
1530	qos_data->wmm_acm |= (0x01 << 0) | (0x01 << 3);
1531	break;
1532	case 2:
1533	/* BIT(4) | BIT(5) */
1534	if (acm)
1535	qos_data->wmm_acm |= (0x01 << 4) | (0x01 << 5);
1536	break;
1537	case 3:
1538	/* BIT(6) | BIT(7) */
1539	if (acm)
1540	qos_data->wmm_acm |= (0x01 << 6) | (0x01 << 7);
1541	break;
1542	case 0:
1543	default:
1544	/* BIT(1) | BIT(2) */
1545	if (acm)
1546	qos_data->wmm_acm |= (0x01 << 1) | (0x01 << 2);
1547	break;
1548	}
1549
1550	qos_param->aifs[aci] = (ac_params->aci_aifsn) & 0x0f;
1551
1552	/* WMM spec P.11: The minimum value for AIFSN shall be 2 */
1553	qos_param->aifs[aci] = max_t(u8, qos_param->aifs[aci], 2);
1554
1555	qos_param->cw_min[aci] = cpu_to_le16(ac_params->ecw_min_max &
1556	0x0F);
1557
1558	qos_param->cw_max[aci] = cpu_to_le16((ac_params->ecw_min_max &
1559	0xF0) >> 4);
1560
1561	qos_param->flag[aci] =
1562	(ac_params->aci_aifsn & 0x10) ? 0x01 : 0x00;
1563	qos_param->tx_op_limit[aci] = ac_params->tx_op_limit;
1564	}
1565	return 0;
1566	}
1567
1568	/* we have a generic data element which it may contain QoS information or
1569	* parameters element. check the information element length to decide
1570	* which type to read
1571	*/
1572	static int rtllib_parse_qos_info_param_IE(struct rtllib_device *ieee,
1573	struct rtllib_info_element
1574	*info_element,
1575	struct rtllib_network *network)
1576	{
1577	int rc = 0;
1578	struct rtllib_qos_information_element qos_info_element;
1579
1580	rc = rtllib_read_qos_info_element(element_info: &qos_info_element, info_element);
1581
1582	if (rc == 0) {
1583	network->qos_data.param_count = qos_info_element.ac_info & 0x0F;
1584	network->flags |= NETWORK_HAS_QOS_INFORMATION;
1585	} else {
1586	struct rtllib_qos_parameter_info param_element;
1587
1588	rc = rtllib_read_qos_param_element(element_param: &param_element,
1589	info_element);
1590	if (rc == 0) {
1591	rtllib_qos_convert_ac_to_parameters(param_elm: &param_element,
1592	qos_data: &(network->qos_data));
1593	network->flags |= NETWORK_HAS_QOS_PARAMETERS;
1594	network->qos_data.param_count =
1595	param_element.info_element.ac_info & 0x0F;
1596	}
1597	}
1598
1599	if (rc == 0) {
1600	netdev_dbg(ieee->dev, "QoS is supported\n");
1601	network->qos_data.supported = 1;
1602	}
1603	return rc;
1604	}
1605
1606	static const char *get_info_element_string(u16 id)
1607	{
1608	switch (id) {
1609	case MFIE_TYPE_SSID:
1610	return "SSID";
1611	case MFIE_TYPE_RATES:
1612	return "RATES";
1613	case MFIE_TYPE_FH_SET:
1614	return "FH_SET";
1615	case MFIE_TYPE_DS_SET:
1616	return "DS_SET";
1617	case MFIE_TYPE_CF_SET:
1618	return "CF_SET";
1619	case MFIE_TYPE_TIM:
1620	return "TIM";
1621	case MFIE_TYPE_IBSS_SET:
1622	return "IBSS_SET";
1623	case MFIE_TYPE_COUNTRY:
1624	return "COUNTRY";
1625	case MFIE_TYPE_HOP_PARAMS:
1626	return "HOP_PARAMS";
1627	case MFIE_TYPE_HOP_TABLE:
1628	return "HOP_TABLE";
1629	case MFIE_TYPE_REQUEST:
1630	return "REQUEST";
1631	case MFIE_TYPE_CHALLENGE:
1632	return "CHALLENGE";
1633	case MFIE_TYPE_POWER_CONSTRAINT:
1634	return "POWER_CONSTRAINT";
1635	case MFIE_TYPE_POWER_CAPABILITY:
1636	return "POWER_CAPABILITY";
1637	case MFIE_TYPE_TPC_REQUEST:
1638	return "TPC_REQUEST";
1639	case MFIE_TYPE_TPC_REPORT:
1640	return "TPC_REPORT";
1641	case MFIE_TYPE_SUPP_CHANNELS:
1642	return "SUPP_CHANNELS";
1643	case MFIE_TYPE_CSA:
1644	return "CSA";
1645	case MFIE_TYPE_MEASURE_REQUEST:
1646	return "MEASURE_REQUEST";
1647	case MFIE_TYPE_MEASURE_REPORT:
1648	return "MEASURE_REPORT";
1649	case MFIE_TYPE_QUIET:
1650	return "QUIET";
1651	case MFIE_TYPE_IBSS_DFS:
1652	return "IBSS_DFS";
1653	case MFIE_TYPE_RSN:
1654	return "RSN";
1655	case MFIE_TYPE_RATES_EX:
1656	return "RATES_EX";
1657	case MFIE_TYPE_GENERIC:
1658	return "GENERIC";
1659	case MFIE_TYPE_QOS_PARAMETER:
1660	return "QOS_PARAMETER";
1661	default:
1662	return "UNKNOWN";
1663	}
1664	}
1665
1666	static inline void rtllib_extract_country_ie(
1667	struct rtllib_device *ieee,
1668	struct rtllib_info_element *info_element,
1669	struct rtllib_network *network,
1670	u8 *addr2)
1671	{
1672	if (IS_DOT11D_ENABLE(ieee)) {
1673	if (info_element->len != 0) {
1674	memcpy(network->CountryIeBuf, info_element->data,
1675	info_element->len);
1676	network->CountryIeLen = info_element->len;
1677
1678	if (!IS_COUNTRY_IE_VALID(ieee)) {
1679	if (rtllib_act_scanning(ieee, sync_scan: false) &&
1680	ieee->FirstIe_InScan)
1681	netdev_info(dev: ieee->dev,
1682	format: "Received beacon CountryIE, SSID: <%s>\n",
1683	network->ssid);
1684	dot11d_update_country(dev: ieee, address: addr2,
1685	country_len: info_element->len,
1686	country: info_element->data);
1687	}
1688	}
1689
1690	if (IS_EQUAL_CIE_SRC(ieee, addr2))
1691	UPDATE_CIE_WATCHDOG(ieee);
1692	}
1693	}
1694
1695	static void rtllib_parse_mife_generic(struct rtllib_device *ieee,
1696	struct rtllib_info_element *info_element,
1697	struct rtllib_network *network,
1698	u16 *tmp_htcap_len,
1699	u16 *tmp_htinfo_len)
1700	{
1701	u16 ht_realtek_agg_len = 0;
1702	u8 ht_realtek_agg_buf[MAX_IE_LEN];
1703
1704	if (!rtllib_parse_qos_info_param_IE(ieee, info_element, network))
1705	return;
1706	if (info_element->len >= 4 &&
1707	info_element->data[0] == 0x00 &&
1708	info_element->data[1] == 0x50 &&
1709	info_element->data[2] == 0xf2 &&
1710	info_element->data[3] == 0x01) {
1711	network->wpa_ie_len = min(info_element->len + 2,
1712	MAX_WPA_IE_LEN);
1713	memcpy(network->wpa_ie, info_element, network->wpa_ie_len);
1714	return;
1715	}
1716	if (info_element->len == 7 &&
1717	info_element->data[0] == 0x00 &&
1718	info_element->data[1] == 0xe0 &&
1719	info_element->data[2] == 0x4c &&
1720	info_element->data[3] == 0x01 &&
1721	info_element->data[4] == 0x02)
1722	network->Turbo_Enable = 1;
1723
1724	if (*tmp_htcap_len == 0) {
1725	if (info_element->len >= 4 &&
1726	info_element->data[0] == 0x00 &&
1727	info_element->data[1] == 0x90 &&
1728	info_element->data[2] == 0x4c &&
1729	info_element->data[3] == 0x033) {
1730	*tmp_htcap_len = min_t(u8, info_element->len,
1731	MAX_IE_LEN);
1732	if (*tmp_htcap_len != 0) {
1733	network->bssht.bd_ht_spec_ver = HT_SPEC_VER_EWC;
1734	network->bssht.bd_ht_cap_len = min_t(u16, *tmp_htcap_len,
1735	sizeof(network->bssht.bd_ht_cap_buf));
1736	memcpy(network->bssht.bd_ht_cap_buf,
1737	info_element->data,
1738	network->bssht.bd_ht_cap_len);
1739	}
1740	}
1741	if (*tmp_htcap_len != 0) {
1742	network->bssht.bd_support_ht = true;
1743	network->bssht.bd_ht_1r = ((((struct ht_capab_ele *)(network->bssht.bd_ht_cap_buf))->MCS[1]) == 0);
1744	} else {
1745	network->bssht.bd_support_ht = false;
1746	network->bssht.bd_ht_1r = false;
1747	}
1748	}
1749
1750	if (*tmp_htinfo_len == 0) {
1751	if (info_element->len >= 4 &&
1752	info_element->data[0] == 0x00 &&
1753	info_element->data[1] == 0x90 &&
1754	info_element->data[2] == 0x4c &&
1755	info_element->data[3] == 0x034) {
1756	*tmp_htinfo_len = min_t(u8, info_element->len,
1757	MAX_IE_LEN);
1758	if (*tmp_htinfo_len != 0) {
1759	network->bssht.bd_ht_spec_ver = HT_SPEC_VER_EWC;
1760	network->bssht.bd_ht_info_len = min_t(u16, *tmp_htinfo_len,
1761	sizeof(network->bssht.bd_ht_info_buf));
1762	memcpy(network->bssht.bd_ht_info_buf,
1763	info_element->data,
1764	network->bssht.bd_ht_info_len);
1765	}
1766	}
1767	}
1768
1769	if (network->bssht.bd_support_ht) {
1770	if (info_element->len >= 4 &&
1771	info_element->data[0] == 0x00 &&
1772	info_element->data[1] == 0xe0 &&
1773	info_element->data[2] == 0x4c &&
1774	info_element->data[3] == 0x02) {
1775	ht_realtek_agg_len = min_t(u8, info_element->len,
1776	MAX_IE_LEN);
1777	memcpy(ht_realtek_agg_buf, info_element->data,
1778	info_element->len);
1779	}
1780	if (ht_realtek_agg_len >= 5) {
1781	network->realtek_cap_exit = true;
1782	network->bssht.bd_rt2rt_aggregation = true;
1783
1784	if ((ht_realtek_agg_buf[4] == 1) &&
1785	(ht_realtek_agg_buf[5] & 0x02))
1786	network->bssht.bd_rt2rt_long_slot_time = true;
1787
1788	if ((ht_realtek_agg_buf[4] == 1) &&
1789	(ht_realtek_agg_buf[5] & RT_HT_CAP_USE_92SE))
1790	network->bssht.rt2rt_ht_mode |= RT_HT_CAP_USE_92SE;
1791	}
1792	}
1793	if (ht_realtek_agg_len >= 5) {
1794	if ((ht_realtek_agg_buf[5] & RT_HT_CAP_USE_SOFTAP))
1795	network->bssht.rt2rt_ht_mode |= RT_HT_CAP_USE_SOFTAP;
1796	}
1797
1798	if ((info_element->len >= 3 &&
1799	info_element->data[0] == 0x00 &&
1800	info_element->data[1] == 0x05 &&
1801	info_element->data[2] == 0xb5) ||
1802	(info_element->len >= 3 &&
1803	info_element->data[0] == 0x00 &&
1804	info_element->data[1] == 0x0a &&
1805	info_element->data[2] == 0xf7) ||
1806	(info_element->len >= 3 &&
1807	info_element->data[0] == 0x00 &&
1808	info_element->data[1] == 0x10 &&
1809	info_element->data[2] == 0x18)) {
1810	network->broadcom_cap_exist = true;
1811	}
1812	if (info_element->len >= 3 &&
1813	info_element->data[0] == 0x00 &&
1814	info_element->data[1] == 0x0c &&
1815	info_element->data[2] == 0x43)
1816	network->ralink_cap_exist = true;
1817	if ((info_element->len >= 3 &&
1818	info_element->data[0] == 0x00 &&
1819	info_element->data[1] == 0x03 &&
1820	info_element->data[2] == 0x7f) ||
1821	(info_element->len >= 3 &&
1822	info_element->data[0] == 0x00 &&
1823	info_element->data[1] == 0x13 &&
1824	info_element->data[2] == 0x74))
1825	network->atheros_cap_exist = true;
1826
1827	if ((info_element->len >= 3 &&
1828	info_element->data[0] == 0x00 &&
1829	info_element->data[1] == 0x50 &&
1830	info_element->data[2] == 0x43))
1831	network->marvell_cap_exist = true;
1832	if (info_element->len >= 3 &&
1833	info_element->data[0] == 0x00 &&
1834	info_element->data[1] == 0x40 &&
1835	info_element->data[2] == 0x96)
1836	network->cisco_cap_exist = true;
1837
1838	if (info_element->len >= 3 &&
1839	info_element->data[0] == 0x00 &&
1840	info_element->data[1] == 0x0a &&
1841	info_element->data[2] == 0xf5)
1842	network->airgo_cap_exist = true;
1843
1844	if (info_element->len > 4 &&
1845	info_element->data[0] == 0x00 &&
1846	info_element->data[1] == 0x40 &&
1847	info_element->data[2] == 0x96 &&
1848	info_element->data[3] == 0x01) {
1849	if (info_element->len == 6) {
1850	memcpy(network->CcxRmState, &info_element->data[4], 2);
1851	if (network->CcxRmState[0] != 0)
1852	network->bCcxRmEnable = true;
1853	else
1854	network->bCcxRmEnable = false;
1855	network->MBssidMask = network->CcxRmState[1] & 0x07;
1856	if (network->MBssidMask != 0) {
1857	network->bMBssidValid = true;
1858	network->MBssidMask = 0xff <<
1859	(network->MBssidMask);
1860	ether_addr_copy(dst: network->MBssid,
1861	src: network->bssid);
1862	network->MBssid[5] &= network->MBssidMask;
1863	} else {
1864	network->bMBssidValid = false;
1865	}
1866	} else {
1867	network->bCcxRmEnable = false;
1868	}
1869	}
1870	if (info_element->len > 4 &&
1871	info_element->data[0] == 0x00 &&
1872	info_element->data[1] == 0x40 &&
1873	info_element->data[2] == 0x96 &&
1874	info_element->data[3] == 0x03) {
1875	if (info_element->len == 5) {
1876	network->bWithCcxVerNum = true;
1877	network->BssCcxVerNumber = info_element->data[4];
1878	} else {
1879	network->bWithCcxVerNum = false;
1880	network->BssCcxVerNumber = 0;
1881	}
1882	}
1883	if (info_element->len > 4 &&
1884	info_element->data[0] == 0x00 &&
1885	info_element->data[1] == 0x50 &&
1886	info_element->data[2] == 0xf2 &&
1887	info_element->data[3] == 0x04) {
1888	netdev_dbg(ieee->dev, "MFIE_TYPE_WZC: %d bytes\n",
1889	info_element->len);
1890	network->wzc_ie_len = min(info_element->len + 2, MAX_WZC_IE_LEN);
1891	memcpy(network->wzc_ie, info_element, network->wzc_ie_len);
1892	}
1893	}
1894
1895	static void rtllib_parse_mfie_ht_cap(struct rtllib_info_element *info_element,
1896	struct rtllib_network *network,
1897	u16 *tmp_htcap_len)
1898	{
1899	struct bss_ht *ht = &network->bssht;
1900
1901	*tmp_htcap_len = min_t(u8, info_element->len, MAX_IE_LEN);
1902	if (*tmp_htcap_len != 0) {
1903	ht->bd_ht_spec_ver = HT_SPEC_VER_EWC;
1904	ht->bd_ht_cap_len = min_t(u16, *tmp_htcap_len,
1905	sizeof(ht->bd_ht_cap_buf));
1906	memcpy(ht->bd_ht_cap_buf, info_element->data, ht->bd_ht_cap_len);
1907
1908	ht->bd_support_ht = true;
1909	ht->bd_ht_1r = ((((struct ht_capab_ele *)
1910	ht->bd_ht_cap_buf))->MCS[1]) == 0;
1911
1912	ht->bd_bandwidth = (enum ht_channel_width)
1913	(((struct ht_capab_ele *)
1914	(ht->bd_ht_cap_buf))->ChlWidth);
1915	} else {
1916	ht->bd_support_ht = false;
1917	ht->bd_ht_1r = false;
1918	ht->bd_bandwidth = HT_CHANNEL_WIDTH_20;
1919	}
1920	}
1921
1922	int rtllib_parse_info_param(struct rtllib_device *ieee,
1923	struct rtllib_info_element *info_element,
1924	u16 length,
1925	struct rtllib_network *network,
1926	struct rtllib_rx_stats *stats)
1927	{
1928	u8 i;
1929	short offset;
1930	u16 tmp_htcap_len = 0;
1931	u16 tmp_htinfo_len = 0;
1932	char rates_str[64];
1933	char *p;
1934
1935	while (length >= sizeof(*info_element)) {
1936	if (sizeof(*info_element) + info_element->len > length) {
1937	netdev_dbg(ieee->dev,
1938	"Info elem: parse failed: info_element->len + 2 > left : info_element->len+2=%zd left=%d, id=%d.\n",
1939	info_element->len + sizeof(*info_element),
1940	length, info_element->id);
1941	/* We stop processing but don't return an error here
1942	* because some misbehaviour APs break this rule. ie.
1943	* Orinoco AP1000.
1944	*/
1945	break;
1946	}
1947
1948	switch (info_element->id) {
1949	case MFIE_TYPE_SSID:
1950	if (rtllib_is_empty_essid(essid: info_element->data,
1951	essid_len: info_element->len)) {
1952	network->flags |= NETWORK_EMPTY_ESSID;
1953	break;
1954	}
1955
1956	network->ssid_len = min(info_element->len,
1957	(u8)IW_ESSID_MAX_SIZE);
1958	memcpy(network->ssid, info_element->data,
1959	network->ssid_len);
1960	if (network->ssid_len < IW_ESSID_MAX_SIZE)
1961	memset(network->ssid + network->ssid_len, 0,
1962	IW_ESSID_MAX_SIZE - network->ssid_len);
1963
1964	netdev_dbg(ieee->dev, "MFIE_TYPE_SSID: '%s' len=%d.\n",
1965	network->ssid, network->ssid_len);
1966	break;
1967
1968	case MFIE_TYPE_RATES:
1969	p = rates_str;
1970	network->rates_len = min(info_element->len,
1971	MAX_RATES_LENGTH);
1972	for (i = 0; i < network->rates_len; i++) {
1973	network->rates[i] = info_element->data[i];
1974	p += scnprintf(buf: p, size: sizeof(rates_str) -
1975	(p - rates_str), fmt: "%02X ",
1976	network->rates[i]);
1977	if (rtllib_is_ofdm_rate
1978	(rate: info_element->data[i])) {
1979	network->flags |= NETWORK_HAS_OFDM;
1980	if (info_element->data[i] &
1981	RTLLIB_BASIC_RATE_MASK)
1982	network->flags &=
1983	~NETWORK_HAS_CCK;
1984	}
1985
1986	if (rtllib_is_cck_rate
1987	(rate: info_element->data[i])) {
1988	network->flags |= NETWORK_HAS_CCK;
1989	}
1990	}
1991
1992	netdev_dbg(ieee->dev, "MFIE_TYPE_RATES: '%s' (%d)\n",
1993	rates_str, network->rates_len);
1994	break;
1995
1996	case MFIE_TYPE_RATES_EX:
1997	p = rates_str;
1998	network->rates_ex_len = min(info_element->len,
1999	MAX_RATES_EX_LENGTH);
2000	for (i = 0; i < network->rates_ex_len; i++) {
2001	network->rates_ex[i] = info_element->data[i];
2002	p += scnprintf(buf: p, size: sizeof(rates_str) -
2003	(p - rates_str), fmt: "%02X ",
2004	network->rates_ex[i]);
2005	if (rtllib_is_ofdm_rate
2006	(rate: info_element->data[i])) {
2007	network->flags |= NETWORK_HAS_OFDM;
2008	if (info_element->data[i] &
2009	RTLLIB_BASIC_RATE_MASK)
2010	network->flags &=
2011	~NETWORK_HAS_CCK;
2012	}
2013	}
2014
2015	netdev_dbg(ieee->dev, "MFIE_TYPE_RATES_EX: '%s' (%d)\n",
2016	rates_str, network->rates_ex_len);
2017	break;
2018
2019	case MFIE_TYPE_DS_SET:
2020	netdev_dbg(ieee->dev, "MFIE_TYPE_DS_SET: %d\n",
2021	info_element->data[0]);
2022	network->channel = info_element->data[0];
2023	break;
2024
2025	case MFIE_TYPE_FH_SET:
2026	netdev_dbg(ieee->dev, "MFIE_TYPE_FH_SET: ignored\n");
2027	break;
2028
2029	case MFIE_TYPE_CF_SET:
2030	netdev_dbg(ieee->dev, "MFIE_TYPE_CF_SET: ignored\n");
2031	break;
2032
2033	case MFIE_TYPE_TIM:
2034	if (info_element->len < 4)
2035	break;
2036
2037	network->tim.tim_count = info_element->data[0];
2038	network->tim.tim_period = info_element->data[1];
2039
2040	network->dtim_period = info_element->data[1];
2041	if (ieee->link_state != MAC80211_LINKED)
2042	break;
2043	network->last_dtim_sta_time = jiffies;
2044
2045	network->dtim_data = RTLLIB_DTIM_VALID;
2046
2047	if (info_element->data[2] & 1)
2048	network->dtim_data |= RTLLIB_DTIM_MBCAST;
2049
2050	offset = (info_element->data[2] >> 1) * 2;
2051
2052	if (ieee->assoc_id < 8 * offset ||
2053	ieee->assoc_id > 8 * (offset + info_element->len - 3))
2054	break;
2055
2056	offset = (ieee->assoc_id / 8) - offset;
2057	if (info_element->data[3 + offset] &
2058	(1 << (ieee->assoc_id % 8)))
2059	network->dtim_data |= RTLLIB_DTIM_UCAST;
2060
2061	network->listen_interval = network->dtim_period;
2062	break;
2063
2064	case MFIE_TYPE_ERP:
2065	network->erp_value = info_element->data[0];
2066	network->flags |= NETWORK_HAS_ERP_VALUE;
2067	netdev_dbg(ieee->dev, "MFIE_TYPE_ERP_SET: %d\n",
2068	network->erp_value);
2069	break;
2070	case MFIE_TYPE_IBSS_SET:
2071	network->atim_window = info_element->data[0];
2072	netdev_dbg(ieee->dev, "MFIE_TYPE_IBSS_SET: %d\n",
2073	network->atim_window);
2074	break;
2075
2076	case MFIE_TYPE_CHALLENGE:
2077	netdev_dbg(ieee->dev, "MFIE_TYPE_CHALLENGE: ignored\n");
2078	break;
2079
2080	case MFIE_TYPE_GENERIC:
2081	netdev_dbg(ieee->dev, "MFIE_TYPE_GENERIC: %d bytes\n",
2082	info_element->len);
2083
2084	rtllib_parse_mife_generic(ieee, info_element, network,
2085	tmp_htcap_len: &tmp_htcap_len,
2086	tmp_htinfo_len: &tmp_htinfo_len);
2087	break;
2088
2089	case MFIE_TYPE_RSN:
2090	netdev_dbg(ieee->dev, "MFIE_TYPE_RSN: %d bytes\n",
2091	info_element->len);
2092	network->rsn_ie_len = min(info_element->len + 2,
2093	MAX_WPA_IE_LEN);
2094	memcpy(network->rsn_ie, info_element,
2095	network->rsn_ie_len);
2096	break;
2097
2098	case MFIE_TYPE_HT_CAP:
2099	netdev_dbg(ieee->dev, "MFIE_TYPE_HT_CAP: %d bytes\n",
2100	info_element->len);
2101
2102	rtllib_parse_mfie_ht_cap(info_element, network,
2103	tmp_htcap_len: &tmp_htcap_len);
2104	break;
2105
2106	case MFIE_TYPE_HT_INFO:
2107	netdev_dbg(ieee->dev, "MFIE_TYPE_HT_INFO: %d bytes\n",
2108	info_element->len);
2109	tmp_htinfo_len = min_t(u8, info_element->len,
2110	MAX_IE_LEN);
2111	if (tmp_htinfo_len) {
2112	network->bssht.bd_ht_spec_ver = HT_SPEC_VER_IEEE;
2113	network->bssht.bd_ht_info_len = tmp_htinfo_len >
2114	sizeof(network->bssht.bd_ht_info_buf) ?
2115	sizeof(network->bssht.bd_ht_info_buf) :
2116	tmp_htinfo_len;
2117	memcpy(network->bssht.bd_ht_info_buf,
2118	info_element->data,
2119	network->bssht.bd_ht_info_len);
2120	}
2121	break;
2122
2123	case MFIE_TYPE_AIRONET:
2124	netdev_dbg(ieee->dev, "MFIE_TYPE_AIRONET: %d bytes\n",
2125	info_element->len);
2126	if (info_element->len > IE_CISCO_FLAG_POSITION) {
2127	network->bWithAironetIE = true;
2128
2129	if ((info_element->data[IE_CISCO_FLAG_POSITION]
2130	& SUPPORT_CKIP_MIC) ||
2131	(info_element->data[IE_CISCO_FLAG_POSITION]
2132	& SUPPORT_CKIP_PK))
2133	network->bCkipSupported = true;
2134	else
2135	network->bCkipSupported = false;
2136	} else {
2137	network->bWithAironetIE = false;
2138	network->bCkipSupported = false;
2139	}
2140	break;
2141	case MFIE_TYPE_QOS_PARAMETER:
2142	netdev_err(dev: ieee->dev,
2143	format: "QoS Error need to parse QOS_PARAMETER IE\n");
2144	break;
2145
2146	case MFIE_TYPE_COUNTRY:
2147	netdev_dbg(ieee->dev, "MFIE_TYPE_COUNTRY: %d bytes\n",
2148	info_element->len);
2149	rtllib_extract_country_ie(ieee, info_element, network,
2150	addr2: network->bssid);
2151	break;
2152	/* TODO */
2153	default:
2154	netdev_dbg(ieee->dev,
2155	"Unsupported info element: %s (%d)\n",
2156	get_info_element_string(info_element->id),
2157	info_element->id);
2158	break;
2159	}
2160
2161	length -= sizeof(*info_element) + info_element->len;
2162	info_element =
2163	(struct rtllib_info_element *)&info_element->data[info_element->len];
2164	}
2165
2166	if (!network->atheros_cap_exist && !network->broadcom_cap_exist &&
2167	!network->cisco_cap_exist && !network->ralink_cap_exist &&
2168	!network->bssht.bd_rt2rt_aggregation)
2169	network->unknown_cap_exist = true;
2170	else
2171	network->unknown_cap_exist = false;
2172	return 0;
2173	}
2174
2175	static long rtllib_translate_todbm(u8 signal_strength_index)
2176	{
2177	long signal_power;
2178
2179	signal_power = (long)((signal_strength_index + 1) >> 1);
2180	signal_power -= 95;
2181
2182	return signal_power;
2183	}
2184
2185	static inline int rtllib_network_init(
2186	struct rtllib_device *ieee,
2187	struct rtllib_probe_response *beacon,
2188	struct rtllib_network *network,
2189	struct rtllib_rx_stats *stats)
2190	{
2191	memset(&network->qos_data, 0, sizeof(struct rtllib_qos_data));
2192
2193	/* Pull out fixed field data */
2194	ether_addr_copy(dst: network->bssid, src: beacon->header.addr3);
2195	network->capability = le16_to_cpu(beacon->capability);
2196	network->last_scanned = jiffies;
2197	network->time_stamp[0] = beacon->time_stamp[0];
2198	network->time_stamp[1] = beacon->time_stamp[1];
2199	network->beacon_interval = le16_to_cpu(beacon->beacon_interval);
2200	/* Where to pull this? beacon->listen_interval;*/
2201	network->listen_interval = 0x0A;
2202	network->rates_len = network->rates_ex_len = 0;
2203	network->ssid_len = 0;
2204	network->hidden_ssid_len = 0;
2205	memset(network->hidden_ssid, 0, sizeof(network->hidden_ssid));
2206	network->flags = 0;
2207	network->atim_window = 0;
2208	network->erp_value = (network->capability & WLAN_CAPABILITY_IBSS) ?
2209	0x3 : 0x0;
2210	network->berp_info_valid = false;
2211	network->broadcom_cap_exist = false;
2212	network->ralink_cap_exist = false;
2213	network->atheros_cap_exist = false;
2214	network->cisco_cap_exist = false;
2215	network->unknown_cap_exist = false;
2216	network->realtek_cap_exit = false;
2217	network->marvell_cap_exist = false;
2218	network->airgo_cap_exist = false;
2219	network->Turbo_Enable = 0;
2220	network->SignalStrength = stats->SignalStrength;
2221	network->RSSI = stats->SignalStrength;
2222	network->CountryIeLen = 0;
2223	memset(network->CountryIeBuf, 0, MAX_IE_LEN);
2224	HTInitializeBssDesc(pBssHT: &network->bssht);
2225	network->flags |= NETWORK_HAS_CCK;
2226
2227	network->wpa_ie_len = 0;
2228	network->rsn_ie_len = 0;
2229	network->wzc_ie_len = 0;
2230
2231	if (rtllib_parse_info_param(ieee,
2232	info_element: beacon->info_element,
2233	length: (stats->len - sizeof(*beacon)),
2234	network,
2235	stats))
2236	return 1;
2237
2238	network->mode = 0;
2239
2240	if (network->flags & NETWORK_HAS_OFDM)
2241	network->mode |= WIRELESS_MODE_G;
2242	if (network->flags & NETWORK_HAS_CCK)
2243	network->mode |= WIRELESS_MODE_B;
2244
2245	if (network->mode == 0) {
2246	netdev_dbg(ieee->dev, "Filtered out '%s (%pM)' network.\n",
2247	escape_essid(network->ssid, network->ssid_len),
2248	network->bssid);
2249	return 1;
2250	}
2251
2252	if (network->bssht.bd_support_ht) {
2253	if (network->mode & (WIRELESS_MODE_G | WIRELESS_MODE_B))
2254	network->mode = WIRELESS_MODE_N_24G;
2255	}
2256	if (rtllib_is_empty_essid(essid: network->ssid, essid_len: network->ssid_len))
2257	network->flags |= NETWORK_EMPTY_ESSID;
2258	stats->signal = 30 + (stats->SignalStrength * 70) / 100;
2259	stats->noise = rtllib_translate_todbm(signal_strength_index: (u8)(100 - stats->signal)) - 25;
2260
2261	memcpy(&network->stats, stats, sizeof(network->stats));
2262
2263	return 0;
2264	}
2265
2266	static inline int is_same_network(struct rtllib_network *src,
2267	struct rtllib_network *dst, u8 ssidbroad)
2268	{
2269	/* A network is only a duplicate if the channel, BSSID, ESSID
2270	* and the capability field (in particular IBSS and BSS) all match.
2271	* We treat all <hidden> with the same BSSID and channel
2272	* as one network
2273	*/
2274	return (((src->ssid_len == dst->ssid_len) || (!ssidbroad)) &&
2275	(src->channel == dst->channel) &&
2276	!memcmp(p: src->bssid, q: dst->bssid, ETH_ALEN) &&
2277	(!memcmp(p: src->ssid, q: dst->ssid, size: src->ssid_len) ||
2278	(!ssidbroad)) &&
2279	((src->capability & WLAN_CAPABILITY_IBSS) ==
2280	(dst->capability & WLAN_CAPABILITY_IBSS)) &&
2281	((src->capability & WLAN_CAPABILITY_ESS) ==
2282	(dst->capability & WLAN_CAPABILITY_ESS)));
2283	}
2284
2285	static inline void update_network(struct rtllib_device *ieee,
2286	struct rtllib_network *dst,
2287	struct rtllib_network *src)
2288	{
2289	int qos_active;
2290	u8 old_param;
2291
2292	memcpy(&dst->stats, &src->stats, sizeof(struct rtllib_rx_stats));
2293	dst->capability = src->capability;
2294	memcpy(dst->rates, src->rates, src->rates_len);
2295	dst->rates_len = src->rates_len;
2296	memcpy(dst->rates_ex, src->rates_ex, src->rates_ex_len);
2297	dst->rates_ex_len = src->rates_ex_len;
2298	if (src->ssid_len > 0) {
2299	if (dst->ssid_len == 0) {
2300	memset(dst->hidden_ssid, 0, sizeof(dst->hidden_ssid));
2301	dst->hidden_ssid_len = src->ssid_len;
2302	memcpy(dst->hidden_ssid, src->ssid, src->ssid_len);
2303	} else {
2304	memset(dst->ssid, 0, dst->ssid_len);
2305	dst->ssid_len = src->ssid_len;
2306	memcpy(dst->ssid, src->ssid, src->ssid_len);
2307	}
2308	}
2309	dst->mode = src->mode;
2310	dst->flags = src->flags;
2311	dst->time_stamp[0] = src->time_stamp[0];
2312	dst->time_stamp[1] = src->time_stamp[1];
2313	if (src->flags & NETWORK_HAS_ERP_VALUE) {
2314	dst->erp_value = src->erp_value;
2315	dst->berp_info_valid = src->berp_info_valid = true;
2316	}
2317	dst->beacon_interval = src->beacon_interval;
2318	dst->listen_interval = src->listen_interval;
2319	dst->atim_window = src->atim_window;
2320	dst->dtim_period = src->dtim_period;
2321	dst->dtim_data = src->dtim_data;
2322	dst->last_dtim_sta_time = src->last_dtim_sta_time;
2323	memcpy(&dst->tim, &src->tim, sizeof(struct rtllib_tim_parameters));
2324
2325	dst->bssht.bd_support_ht = src->bssht.bd_support_ht;
2326	dst->bssht.bd_rt2rt_aggregation = src->bssht.bd_rt2rt_aggregation;
2327	dst->bssht.bd_ht_cap_len = src->bssht.bd_ht_cap_len;
2328	memcpy(dst->bssht.bd_ht_cap_buf, src->bssht.bd_ht_cap_buf,
2329	src->bssht.bd_ht_cap_len);
2330	dst->bssht.bd_ht_info_len = src->bssht.bd_ht_info_len;
2331	memcpy(dst->bssht.bd_ht_info_buf, src->bssht.bd_ht_info_buf,
2332	src->bssht.bd_ht_info_len);
2333	dst->bssht.bd_ht_spec_ver = src->bssht.bd_ht_spec_ver;
2334	dst->bssht.bd_rt2rt_long_slot_time = src->bssht.bd_rt2rt_long_slot_time;
2335	dst->broadcom_cap_exist = src->broadcom_cap_exist;
2336	dst->ralink_cap_exist = src->ralink_cap_exist;
2337	dst->atheros_cap_exist = src->atheros_cap_exist;
2338	dst->realtek_cap_exit = src->realtek_cap_exit;
2339	dst->marvell_cap_exist = src->marvell_cap_exist;
2340	dst->cisco_cap_exist = src->cisco_cap_exist;
2341	dst->airgo_cap_exist = src->airgo_cap_exist;
2342	dst->unknown_cap_exist = src->unknown_cap_exist;
2343	memcpy(dst->wpa_ie, src->wpa_ie, src->wpa_ie_len);
2344	dst->wpa_ie_len = src->wpa_ie_len;
2345	memcpy(dst->rsn_ie, src->rsn_ie, src->rsn_ie_len);
2346	dst->rsn_ie_len = src->rsn_ie_len;
2347	memcpy(dst->wzc_ie, src->wzc_ie, src->wzc_ie_len);
2348	dst->wzc_ie_len = src->wzc_ie_len;
2349
2350	dst->last_scanned = jiffies;
2351	/* qos related parameters */
2352	qos_active = dst->qos_data.active;
2353	old_param = dst->qos_data.param_count;
2354	dst->qos_data.supported = src->qos_data.supported;
2355	if (dst->flags & NETWORK_HAS_QOS_PARAMETERS)
2356	memcpy(&dst->qos_data, &src->qos_data,
2357	sizeof(struct rtllib_qos_data));
2358	if (dst->qos_data.supported == 1) {
2359	if (dst->ssid_len)
2360	netdev_dbg(ieee->dev,
2361	"QoS the network %s is QoS supported\n",
2362	dst->ssid);
2363	else
2364	netdev_dbg(ieee->dev,
2365	"QoS the network is QoS supported\n");
2366	}
2367	dst->qos_data.active = qos_active;
2368	dst->qos_data.old_param_count = old_param;
2369
2370	dst->wmm_info = src->wmm_info;
2371	if (src->wmm_param[0].ac_aci_acm_aifsn ||
2372	src->wmm_param[1].ac_aci_acm_aifsn ||
2373	src->wmm_param[2].ac_aci_acm_aifsn ||
2374	src->wmm_param[3].ac_aci_acm_aifsn)
2375	memcpy(dst->wmm_param, src->wmm_param, WME_AC_PRAM_LEN);
2376
2377	dst->SignalStrength = src->SignalStrength;
2378	dst->RSSI = src->RSSI;
2379	dst->Turbo_Enable = src->Turbo_Enable;
2380
2381	dst->CountryIeLen = src->CountryIeLen;
2382	memcpy(dst->CountryIeBuf, src->CountryIeBuf, src->CountryIeLen);
2383
2384	dst->bWithAironetIE = src->bWithAironetIE;
2385	dst->bCkipSupported = src->bCkipSupported;
2386	memcpy(dst->CcxRmState, src->CcxRmState, 2);
2387	dst->bCcxRmEnable = src->bCcxRmEnable;
2388	dst->MBssidMask = src->MBssidMask;
2389	dst->bMBssidValid = src->bMBssidValid;
2390	memcpy(dst->MBssid, src->MBssid, 6);
2391	dst->bWithCcxVerNum = src->bWithCcxVerNum;
2392	dst->BssCcxVerNumber = src->BssCcxVerNumber;
2393	}
2394
2395	static int IsPassiveChannel(struct rtllib_device *rtllib, u8 channel)
2396	{
2397	if (channel > MAX_CHANNEL_NUMBER) {
2398	netdev_info(dev: rtllib->dev, format: "%s(): Invalid Channel\n", __func__);
2399	return 0;
2400	}
2401
2402	if (rtllib->active_channel_map[channel] == 2)
2403	return 1;
2404
2405	return 0;
2406	}
2407
2408	int rtllib_legal_channel(struct rtllib_device *rtllib, u8 channel)
2409	{
2410	if (channel > MAX_CHANNEL_NUMBER) {
2411	netdev_info(dev: rtllib->dev, format: "%s(): Invalid Channel\n", __func__);
2412	return 0;
2413	}
2414	if (rtllib->active_channel_map[channel] > 0)
2415	return 1;
2416
2417	return 0;
2418	}
2419	EXPORT_SYMBOL(rtllib_legal_channel);
2420
2421	static inline void rtllib_process_probe_response(
2422	struct rtllib_device *ieee,
2423	struct rtllib_probe_response *beacon,
2424	struct rtllib_rx_stats *stats)
2425	{
2426	struct rtllib_network *target;
2427	struct rtllib_network *oldest = NULL;
2428	struct rtllib_info_element *info_element = &beacon->info_element[0];
2429	unsigned long flags;
2430	short renew;
2431	struct rtllib_network *network = kzalloc(size: sizeof(struct rtllib_network),
2432	GFP_ATOMIC);
2433	__le16 frame_ctl = beacon->header.frame_control;
2434
2435	if (!network)
2436	return;
2437
2438	netdev_dbg(ieee->dev,
2439	"'%s' ( %pM ): %c%c%c%c %c%c%c%c-%c%c%c%c %c%c%c%c\n",
2440	escape_essid(info_element->data, info_element->len),
2441	beacon->header.addr3,
2442	(le16_to_cpu(beacon->capability) & (1 << 0xf)) ? '1' : '0',
2443	(le16_to_cpu(beacon->capability) & (1 << 0xe)) ? '1' : '0',
2444	(le16_to_cpu(beacon->capability) & (1 << 0xd)) ? '1' : '0',
2445	(le16_to_cpu(beacon->capability) & (1 << 0xc)) ? '1' : '0',
2446	(le16_to_cpu(beacon->capability) & (1 << 0xb)) ? '1' : '0',
2447	(le16_to_cpu(beacon->capability) & (1 << 0xa)) ? '1' : '0',
2448	(le16_to_cpu(beacon->capability) & (1 << 0x9)) ? '1' : '0',
2449	(le16_to_cpu(beacon->capability) & (1 << 0x8)) ? '1' : '0',
2450	(le16_to_cpu(beacon->capability) & (1 << 0x7)) ? '1' : '0',
2451	(le16_to_cpu(beacon->capability) & (1 << 0x6)) ? '1' : '0',
2452	(le16_to_cpu(beacon->capability) & (1 << 0x5)) ? '1' : '0',
2453	(le16_to_cpu(beacon->capability) & (1 << 0x4)) ? '1' : '0',
2454	(le16_to_cpu(beacon->capability) & (1 << 0x3)) ? '1' : '0',
2455	(le16_to_cpu(beacon->capability) & (1 << 0x2)) ? '1' : '0',
2456	(le16_to_cpu(beacon->capability) & (1 << 0x1)) ? '1' : '0',
2457	(le16_to_cpu(beacon->capability) & (1 << 0x0)) ? '1' : '0');
2458
2459	if (rtllib_network_init(ieee, beacon, network, stats)) {
2460	netdev_dbg(ieee->dev, "Dropped '%s' ( %pM) via %s.\n",
2461	escape_essid(info_element->data, info_element->len),
2462	beacon->header.addr3,
2463	ieee80211_is_beacon(frame_ctl) ? "BEACON" : "PROBE RESPONSE");
2464	goto free_network;
2465	}
2466
2467	if (!rtllib_legal_channel(ieee, network->channel))
2468	goto free_network;
2469
2470	if (ieee80211_is_probe_resp(fc: frame_ctl)) {
2471	if (IsPassiveChannel(rtllib: ieee, channel: network->channel)) {
2472	netdev_info(dev: ieee->dev,
2473	format: "GetScanInfo(): For Global Domain, filter probe response at channel(%d).\n",
2474	network->channel);
2475	goto free_network;
2476	}
2477	}
2478
2479	/* The network parsed correctly -- so now we scan our known networks
2480	* to see if we can find it in our list.
2481	*
2482	* NOTE: This search is definitely not optimized. Once its doing
2483	* the "right thing" we'll optimize it for efficiency if
2484	* necessary
2485	*/
2486
2487	/* Search for this entry in the list and update it if it is
2488	* already there.
2489	*/
2490
2491	spin_lock_irqsave(&ieee->lock, flags);
2492	if (is_same_network(src: &ieee->current_network, dst: network,
2493	ssidbroad: (network->ssid_len ? 1 : 0))) {
2494	update_network(ieee, dst: &ieee->current_network, src: network);
2495	if ((ieee->current_network.mode == WIRELESS_MODE_N_24G ||
2496	ieee->current_network.mode == WIRELESS_MODE_G) &&
2497	ieee->current_network.berp_info_valid) {
2498	if (ieee->current_network.erp_value & ERP_UseProtection)
2499	ieee->current_network.buseprotection = true;
2500	else
2501	ieee->current_network.buseprotection = false;
2502	}
2503	if (ieee80211_is_beacon(fc: frame_ctl)) {
2504	if (ieee->link_state >= MAC80211_LINKED)
2505	ieee->link_detect_info.NumRecvBcnInPeriod++;
2506	}
2507	}
2508	list_for_each_entry(target, &ieee->network_list, list) {
2509	if (is_same_network(src: target, dst: network,
2510	ssidbroad: (target->ssid_len ? 1 : 0)))
2511	break;
2512	if (!oldest || (target->last_scanned < oldest->last_scanned))
2513	oldest = target;
2514	}
2515
2516	/* If we didn't find a match, then get a new network slot to initialize
2517	* with this beacon's information
2518	*/
2519	if (&target->list == &ieee->network_list) {
2520	if (list_empty(head: &ieee->network_free_list)) {
2521	/* If there are no more slots, expire the oldest */
2522	list_del(entry: &oldest->list);
2523	target = oldest;
2524	netdev_dbg(ieee->dev,
2525	"Expired '%s' ( %pM) from network list.\n",
2526	escape_essid(target->ssid, target->ssid_len),
2527	target->bssid);
2528	} else {
2529	/* Otherwise just pull from the free list */
2530	target = list_entry(ieee->network_free_list.next,
2531	struct rtllib_network, list);
2532	list_del(entry: ieee->network_free_list.next);
2533	}
2534
2535	netdev_dbg(ieee->dev, "Adding '%s' ( %pM) via %s.\n",
2536	escape_essid(network->ssid, network->ssid_len),
2537	network->bssid,
2538	ieee80211_is_beacon(frame_ctl) ? "BEACON" : "PROBE RESPONSE");
2539
2540	memcpy(target, network, sizeof(*target));
2541	list_add_tail(new: &target->list, head: &ieee->network_list);
2542	if (ieee->softmac_features & IEEE_SOFTMAC_ASSOCIATE)
2543	rtllib_softmac_new_net(ieee, net: network);
2544	} else {
2545	netdev_dbg(ieee->dev, "Updating '%s' ( %pM) via %s.\n",
2546	escape_essid(target->ssid, target->ssid_len),
2547	target->bssid,
2548	ieee80211_is_beacon(frame_ctl) ? "BEACON" : "PROBE RESPONSE");
2549
2550	/* we have an entry and we are going to update it. But this
2551	* entry may be already expired. In this case we do the same
2552	* as we found a new net and call the new_net handler
2553	*/
2554	renew = !time_after(target->last_scanned + ieee->scan_age,
2555	jiffies);
2556	if ((!target->ssid_len) &&
2557	(((network->ssid_len > 0) && (target->hidden_ssid_len == 0))
2558	|| ((ieee->current_network.ssid_len == network->ssid_len) &&
2559	(strncmp(ieee->current_network.ssid, network->ssid,
2560	network->ssid_len) == 0) &&
2561	(ieee->link_state == MAC80211_NOLINK))))
2562	renew = 1;
2563	update_network(ieee, dst: target, src: network);
2564	if (renew && (ieee->softmac_features & IEEE_SOFTMAC_ASSOCIATE))
2565	rtllib_softmac_new_net(ieee, net: network);
2566	}
2567
2568	spin_unlock_irqrestore(lock: &ieee->lock, flags);
2569	if (ieee80211_is_beacon(fc: frame_ctl) &&
2570	is_same_network(src: &ieee->current_network, dst: network,
2571	ssidbroad: (network->ssid_len ? 1 : 0)) &&
2572	(ieee->link_state == MAC80211_LINKED)) {
2573	ieee->handle_beacon(ieee->dev, beacon, &ieee->current_network);
2574	}
2575	free_network:
2576	kfree(objp: network);
2577	}
2578
2579	static void rtllib_rx_mgt(struct rtllib_device *ieee,
2580	struct sk_buff *skb,
2581	struct rtllib_rx_stats *stats)
2582	{
2583	struct ieee80211_hdr *header = (struct ieee80211_hdr *)skb->data;
2584
2585	if (!ieee80211_is_probe_resp(fc: header->frame_control) &&
2586	(!ieee80211_is_beacon(fc: header->frame_control)))
2587	ieee->last_rx_ps_time = jiffies;
2588
2589	if (ieee80211_is_beacon(fc: header->frame_control)) {
2590	netdev_dbg(ieee->dev, "received BEACON\n");
2591	rtllib_process_probe_response(
2592	ieee, beacon: (struct rtllib_probe_response *)header,
2593	stats);
2594
2595	if (ieee->sta_sleep || (ieee->ps != RTLLIB_PS_DISABLED &&
2596	ieee->iw_mode == IW_MODE_INFRA &&
2597	ieee->link_state == MAC80211_LINKED))
2598	schedule_work(work: &ieee->ps_task);
2599	} else if (ieee80211_is_probe_resp(fc: header->frame_control)) {
2600	netdev_dbg(ieee->dev, "received PROBE RESPONSE\n");
2601	rtllib_process_probe_response(ieee,
2602	beacon: (struct rtllib_probe_response *)header, stats);
2603	}
2604	}
2605