2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * Purpose: handle dpc rx functions
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
61 /*--------------------- Static Definitions -------------------------*/
63 /*--------------------- Static Classes ----------------------------*/
65 /*--------------------- Static Variables --------------------------*/
66 //static int msglevel =MSG_LEVEL_DEBUG;
67 static int msglevel =MSG_LEVEL_INFO;
69 const BYTE acbyRxRate[MAX_RATE] =
70 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
73 /*--------------------- Static Functions --------------------------*/
75 /*--------------------- Static Definitions -------------------------*/
77 /*--------------------- Static Functions --------------------------*/
79 static BYTE s_byGetRateIdx(IN BYTE byRate);
85 IN PBYTE pbyRxBufferAddr,
86 OUT PUINT pcbHeaderSize,
87 OUT PSEthernetHeader psEthHeader
92 s_vProcessRxMACHeader (
94 IN PBYTE pbyRxBufferAddr,
101 static BOOL s_bAPModeRxCtl(
109 static BOOL s_bAPModeRxData (
111 IN struct sk_buff* skb,
113 IN UINT cbHeaderOffset,
119 static BOOL s_bHandleRxEncryption(
125 OUT PSKeyItem *pKeyOut,
127 OUT PWORD pwRxTSC15_0,
128 OUT PDWORD pdwRxTSC47_16
131 static BOOL s_bHostWepRxEncryption(
141 OUT PWORD pwRxTSC15_0,
142 OUT PDWORD pdwRxTSC47_16
146 /*--------------------- Export Variables --------------------------*/
151 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
156 * dwRxBufferAddr - Address of Rcv Buffer
157 * cbPacketSize - Rcv Packet size
158 * bIsWEP - If Rcv with WEP
160 * pcbHeaderSize - 802.11 header size
167 s_vProcessRxMACHeader (
169 IN PBYTE pbyRxBufferAddr,
170 IN UINT cbPacketSize,
173 OUT PUINT pcbHeadSize
177 UINT cbHeaderSize = 0;
179 PS802_11Header pMACHeader;
183 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
185 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
189 // strip IV&ExtIV , add 8 byte
190 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
192 // strip IV , add 4 byte
193 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
197 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
200 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
201 if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
204 else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
206 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
207 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
211 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
214 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
216 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
220 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
226 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
229 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
231 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
235 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
239 cbHeaderSize -= (U_ETHER_ADDR_LEN * 2);
240 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
241 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
242 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
243 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
244 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
246 *pcbHeadSize = cbHeaderSize;
252 static BYTE s_byGetRateIdx (IN BYTE byRate)
256 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
257 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
267 IN PBYTE pbyRxBufferAddr,
268 OUT PUINT pcbHeaderSize,
269 OUT PSEthernetHeader psEthHeader
272 UINT cbHeaderSize = 0;
273 PS802_11Header pMACHeader;
276 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
278 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
279 if (pMACHeader->wFrameCtl & FC_FROMDS) {
280 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
281 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
282 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
287 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
288 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
289 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
295 if (pMACHeader->wFrameCtl & FC_FROMDS) {
296 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
297 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
298 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
303 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
304 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
305 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
309 *pcbHeaderSize = cbHeaderSize;
317 VOID MngWorkItem(PVOID Context)
319 PSRxMgmtPacket pRxMgmtPacket;
320 PSDevice pDevice = (PSDevice) Context;
321 //printk("Enter MngWorkItem,Queue packet num is %d\n",pDevice->rxManeQueue.packet_num);
322 spin_lock_irq(&pDevice->lock);
323 while(pDevice->rxManeQueue.packet_num != 0)
325 pRxMgmtPacket = DeQueue(pDevice);
326 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket);
328 spin_unlock_irq(&pDevice->lock);
337 device_receive_frame (
343 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo;
345 //printk("device_receive_frame:pCurrRD is %x,pRDInfo is %x\n",pCurrRD,pCurrRD->pRDInfo);
347 struct net_device_stats* pStats=&pDevice->stats;
349 PSMgmtObject pMgmt = pDevice->pMgmt;
350 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket);
351 PS802_11Header p802_11Header;
358 BOOL bDeFragRx = FALSE;
363 INT iSANodeIndex = -1;
364 INT iDANodeIndex = -1;
372 PSKeyItem pKey = NULL;
374 DWORD dwRxTSC47_16 = 0;
377 DWORD dwDuration = 0;
379 LONG ldBmThreshold = 0;
380 PS802_11Header pMACHeader;
381 BOOL bRxeapol_key = FALSE;
383 // DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- device_receive_frame---\n");
390 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma,
391 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE);
394 pwFrameSize = (PWORD)(skb->data + 2);
395 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount);
397 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
398 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
399 if ((FrameSize > 2364)||(FrameSize <= 32)) {
400 // Frame Size error drop this packet.
401 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
405 pbyRxSts = (PBYTE) (skb->data);
406 pbyRxRate = (PBYTE) (skb->data + 1);
407 pbyRsr = (PBYTE) (skb->data + FrameSize - 1);
408 pbyRSSI = (PBYTE) (skb->data + FrameSize - 2);
409 pbyNewRsr = (PBYTE) (skb->data + FrameSize - 3);
410 pbySQ = (PBYTE) (skb->data + FrameSize - 4);
411 pqwTSFTime = (PQWORD) (skb->data + FrameSize - 12);
412 pbyFrame = (PBYTE)(skb->data + 4);
415 FrameSize = cpu_to_le16(*pwFrameSize);
417 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC
419 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n");
424 // update receive statistic counter
425 STAvUpdateRDStatCounter(&pDevice->scStatistic,
434 pMACHeader=(PS802_11Header)((PBYTE) (skb->data)+8);
436 if (pDevice->bMeasureInProgress == TRUE) {
437 if ((*pbyRsr & RSR_CRCOK) != 0) {
438 pDevice->byBasicMap |= 0x01;
440 dwDuration = (FrameSize << 4);
441 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE];
442 if (*pbyRxRate <= RATE_11M) {
443 if (*pbyRxSts & 0x01) {
453 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
455 for (ii = 7; ii > 0;) {
456 if (ldBm > ldBmThreshold) {
462 pDevice->dwRPIs[ii] += dwDuration;
466 if (!IS_MULTICAST_ADDRESS(pbyFrame) && !IS_BROADCAST_ADDRESS(pbyFrame)) {
467 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) (skb->data + 4))) {
468 pDevice->s802_11Counter.FrameDuplicateCount++;
475 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader);
477 // filter packet send from myself
478 if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr))
481 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
482 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
483 p802_11Header = (PS802_11Header) (pbyFrame);
485 if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
486 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
487 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
492 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
493 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
499 if (IS_FC_WEP(pbyFrame)) {
500 BOOL bRxDecryOK = FALSE;
502 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
504 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
506 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
507 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
508 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
509 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
510 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
512 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
516 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
520 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
527 bRxDecryOK = s_bHandleRxEncryption(pDevice,
539 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
540 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
541 if ( (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
542 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
543 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
544 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
545 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
547 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
548 pDevice->s802_11Counter.TKIPICVErrors++;
549 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
550 pDevice->s802_11Counter.CCMPDecryptErrors++;
551 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
552 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
558 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
561 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
562 FrameSize -= 8; // Message Integrity Code
564 FrameSize -= 4; // 4 is ICV
571 //remove the CRC length
572 FrameSize -= U_CRC_LEN;
574 if (( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address
575 (IS_FRAGMENT_PKT((skb->data+4)))
578 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (skb->data+4), FrameSize, bIsWEP, bExtIV);
579 pDevice->s802_11Counter.ReceivedFragmentCount++;
582 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
583 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
592 // Management & Control frame Handle
593 if ((IS_TYPE_DATA((skb->data+4))) == FALSE) {
594 // Handle Control & Manage Frame
596 if (IS_TYPE_MGMT((skb->data+4))) {
600 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4);
601 pRxPacket->cbMPDULen = FrameSize;
602 pRxPacket->uRSSI = *pbyRSSI;
603 pRxPacket->bySQ = *pbySQ;
604 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
605 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
608 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4);
609 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4;
610 for (ii = 0; ii < (FrameSize - 4); ii++) {
611 *pbyData1 = *pbyData2;
616 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
617 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
619 //EnQueue(pDevice,pRxPacket);
622 EnQueue(pDevice,pRxPacket);
624 //printk("enque time is %x\n",jiffies);
625 //up(&pDevice->mlme_semaphore);
626 //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt);
630 EnQueue(pDevice,pRxPacket);
631 tasklet_schedule(&pDevice->RxMngWorkItem);
634 vMgrRxManagePacket((HANDLE)pDevice, pDevice->pMgmt, pRxPacket);
635 //tasklet_schedule(&pDevice->RxMngWorkItem);
640 //vMgrRxManagePacket((HANDLE)pDevice, pDevice->pMgmt, pRxPacket);
641 // hostap Deamon handle 802.11 management
642 if (pDevice->bEnableHostapd) {
643 skb->dev = pDevice->apdev;
646 skb_put(skb, FrameSize);
647 skb_reset_mac_header(skb);
648 skb->pkt_type = PACKET_OTHERHOST;
649 skb->protocol = htons(ETH_P_802_2);
650 memset(skb->cb, 0, sizeof(skb->cb));
661 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
662 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
663 if ( !(*pbyRsr & RSR_BSSIDOK)) {
665 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
666 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
674 // discard DATA packet while not associate || BSSID error
675 if ((pDevice->bLinkPass == FALSE) ||
676 !(*pbyRsr & RSR_BSSIDOK)) {
678 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
679 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
685 //mike add:station mode check eapol-key challenge--->
687 BYTE Protocol_Version; //802.1x Authentication
688 BYTE Packet_Type; //802.1x Authentication
693 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
694 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
695 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
696 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
697 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
698 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
699 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive
704 //mike add:station mode check eapol-key challenge<---
712 if (pDevice->bEnablePSMode) {
713 if (IS_FC_MOREDATA((skb->data+4))) {
714 if (*pbyRsr & RSR_ADDROK) {
715 //PSbSendPSPOLL((PSDevice)pDevice);
719 if (pDevice->pMgmt->bInTIMWake == TRUE) {
720 pDevice->pMgmt->bInTIMWake = FALSE;
725 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
726 if (pDevice->bDiversityEnable && (FrameSize>50) &&
727 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
728 (pDevice->bLinkPass == TRUE)) {
729 //printk("device_receive_frame: RxRate is %d\n",*pbyRxRate);
730 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
734 if (pDevice->byLocalID != REV_ID_VT3253_B1) {
735 pDevice->uCurrRSSI = *pbyRSSI;
737 pDevice->byCurrSQ = *pbySQ;
739 if ((*pbyRSSI != 0) &&
740 (pMgmt->pCurrBSS!=NULL)) {
741 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
742 // Moniter if RSSI is too strong.
743 pMgmt->pCurrBSS->byRSSIStatCnt++;
744 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
745 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
746 for(ii=0;ii<RSSI_STAT_COUNT;ii++) {
747 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
748 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
753 // -----------------------------------------------
755 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
758 // Only 802.1x packet incoming allowed
763 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) |
764 skb->data[cbIVOffset + 4 + 24 + 6 + 1];
766 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
767 if (wEtherType == ETH_P_PAE) {
768 skb->dev = pDevice->apdev;
770 if (bIsWEP == TRUE) {
771 // strip IV header(8)
772 memcpy(&abyMacHdr[0], (skb->data + 4), 24);
773 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24);
775 skb->data += (cbIVOffset + 4);
776 skb->tail += (cbIVOffset + 4);
777 skb_put(skb, FrameSize);
778 skb_reset_mac_header(skb);
780 skb->pkt_type = PACKET_OTHERHOST;
781 skb->protocol = htons(ETH_P_802_2);
782 memset(skb->cb, 0, sizeof(skb->cb));
787 // check if 802.1x authorized
788 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
793 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
795 FrameSize -= 8; //MIC
799 //--------------------------------------------------------------------------------
801 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
805 DWORD dwMIC_Priority;
806 DWORD dwMICKey0 = 0, dwMICKey1 = 0;
807 DWORD dwLocalMIC_L = 0;
808 DWORD dwLocalMIC_R = 0;
809 viawget_wpa_header *wpahdr;
812 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
813 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
814 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
817 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
818 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
819 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
820 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
821 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
822 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
824 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
825 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
829 MIC_vInit(dwMICKey0, dwMICKey1);
830 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
832 MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
833 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
834 MIC_vAppend((PBYTE)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8),
835 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
836 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
839 pdwMIC_L = (PDWORD)(skb->data + 4 + FrameSize);
840 pdwMIC_R = (PDWORD)(skb->data + 4 + FrameSize + 4);
841 //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R));
842 //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R));
843 //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1);
846 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
847 (pDevice->bRxMICFail == TRUE)) {
848 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
849 pDevice->bRxMICFail = FALSE;
850 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
851 pDevice->s802_11Counter.TKIPLocalMICFailures++;
853 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
854 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
858 //2008-0409-07, <Add> by Einsn Liu
859 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
860 //send event to wpa_supplicant
861 //if(pDevice->bWPADevEnable == TRUE)
863 union iwreq_data wrqu;
864 struct iw_michaelmicfailure ev;
865 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
866 memset(&ev, 0, sizeof(ev));
867 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
868 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
869 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
870 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
871 ev.flags |= IW_MICFAILURE_PAIRWISE;
873 ev.flags |= IW_MICFAILURE_GROUP;
876 ev.src_addr.sa_family = ARPHRD_ETHER;
877 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
878 memset(&wrqu, 0, sizeof(wrqu));
879 wrqu.data.length = sizeof(ev);
880 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
886 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
887 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
888 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
889 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
890 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
891 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
892 wpahdr->type = VIAWGET_PTK_MIC_MSG;
894 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
895 wpahdr->type = VIAWGET_GTK_MIC_MSG;
897 wpahdr->resp_ie_len = 0;
898 wpahdr->req_ie_len = 0;
899 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
900 pDevice->skb->dev = pDevice->wpadev;
901 skb_reset_mac_header(pDevice->skb);
902 pDevice->skb->pkt_type = PACKET_HOST;
903 pDevice->skb->protocol = htons(ETH_P_802_2);
904 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
905 netif_rx(pDevice->skb);
906 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
913 } //---end of SOFT MIC-----------------------------------------------------------------------
915 // ++++++++++ Reply Counter Check +++++++++++++
917 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
918 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
920 WORD wLocalTSC15_0 = 0;
921 DWORD dwLocalTSC47_16 = 0;
924 RSC = *((ULONGLONG *) &(pKey->KeyRSC));
925 wLocalTSC15_0 = (WORD) RSC;
926 dwLocalTSC47_16 = (DWORD) (RSC>>16);
931 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
933 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
934 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
936 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
937 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
938 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
939 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
940 if (pKey->byCipherSuite == KEY_CTL_TKIP)
941 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
942 pDevice->s802_11Counter.TKIPReplays++;
944 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
945 pDevice->s802_11Counter.CCMPReplays++;
948 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
949 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
957 } // ----- End of Reply Counter Check --------------------------
961 if ((pKey != NULL) && (bIsWEP)) {
962 // pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++;
966 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
967 FrameSize -= cbHeaderOffset;
968 cbHeaderOffset += 4; // 4 is Rcv buffer header
970 // Null data, framesize = 14
974 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
975 if (s_bAPModeRxData(pDevice,
984 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
985 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
992 // if(pDevice->bRxMICFail == FALSE) {
993 // for (ii =0; ii < 100; ii++)
994 // printk(" %02x", *(skb->data + ii));
1000 skb->data += cbHeaderOffset;
1001 skb->tail += cbHeaderOffset;
1002 skb_put(skb, FrameSize);
1003 skb->protocol=eth_type_trans(skb, skb->dev);
1006 //drop frame not met IEEE 802.3
1008 if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) {
1009 if ((skb->protocol==htons(ETH_P_802_3)) &&
1010 (skb->len!=htons(skb->mac.ethernet->h_proto))) {
1011 pStats->rx_length_errors++;
1012 pStats->rx_dropped++;
1014 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1015 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1016 pDevice->dev->name);
1024 skb->ip_summed=CHECKSUM_NONE;
1025 pStats->rx_bytes +=skb->len;
1026 pStats->rx_packets++;
1030 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1031 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1032 pDevice->dev->name);
1041 static BOOL s_bAPModeRxCtl (
1042 IN PSDevice pDevice,
1047 PS802_11Header p802_11Header;
1049 PSMgmtObject pMgmt = pDevice->pMgmt;
1052 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1054 p802_11Header = (PS802_11Header) (pbyFrame);
1055 if (!IS_TYPE_MGMT(pbyFrame)) {
1057 // Data & PS-Poll packet
1058 // check frame class
1059 if (iSANodeIndex > 0) {
1060 // frame class 3 fliter & checking
1061 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1062 // send deauth notification
1063 // reason = (6) class 2 received from nonauth sta
1064 vMgrDeAuthenBeginSta(pDevice,
1066 (PBYTE)(p802_11Header->abyAddr2),
1067 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1070 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1073 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1074 // send deassoc notification
1075 // reason = (7) class 3 received from nonassoc sta
1076 vMgrDisassocBeginSta(pDevice,
1078 (PBYTE)(p802_11Header->abyAddr2),
1079 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1082 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1086 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1087 // delcare received ps-poll event
1088 if (IS_CTL_PSPOLL(pbyFrame)) {
1089 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1090 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1091 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1094 // check Data PS state
1095 // if PW bit off, send out all PS bufferring packets.
1096 if (!IS_FC_POWERMGT(pbyFrame)) {
1097 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1098 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1099 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1100 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1105 if (IS_FC_POWERMGT(pbyFrame)) {
1106 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1107 // Once if STA in PS state, enable multicast bufferring
1108 pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1111 // clear all pending PS frame.
1112 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1113 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1114 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1115 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1116 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1123 vMgrDeAuthenBeginSta(pDevice,
1125 (PBYTE)(p802_11Header->abyAddr2),
1126 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1129 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1130 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1131 p802_11Header->abyAddr3[0],
1132 p802_11Header->abyAddr3[1],
1133 p802_11Header->abyAddr3[2],
1134 p802_11Header->abyAddr3[3],
1135 p802_11Header->abyAddr3[4],
1136 p802_11Header->abyAddr3[5]
1138 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1139 p802_11Header->abyAddr2[0],
1140 p802_11Header->abyAddr2[1],
1141 p802_11Header->abyAddr2[2],
1142 p802_11Header->abyAddr2[3],
1143 p802_11Header->abyAddr2[4],
1144 p802_11Header->abyAddr2[5]
1146 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1147 p802_11Header->abyAddr1[0],
1148 p802_11Header->abyAddr1[1],
1149 p802_11Header->abyAddr1[2],
1150 p802_11Header->abyAddr1[3],
1151 p802_11Header->abyAddr1[4],
1152 p802_11Header->abyAddr1[5]
1154 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1155 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode));
1156 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode );
1165 static BOOL s_bHandleRxEncryption (
1166 IN PSDevice pDevice,
1170 OUT PBYTE pbyNewRsr,
1171 OUT PSKeyItem *pKeyOut,
1173 OUT PWORD pwRxTSC15_0,
1174 OUT PDWORD pdwRxTSC47_16
1177 UINT PayloadLen = FrameSize;
1180 PSKeyItem pKey = NULL;
1181 BYTE byDecMode = KEY_CTL_WEP;
1182 PSMgmtObject pMgmt = pDevice->pMgmt;
1188 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1189 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1190 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1191 pbyIV += 6; // 6 is 802.11 address4
1194 byKeyIdx = (*(pbyIV+3) & 0xc0);
1196 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1198 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1199 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1200 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1201 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1202 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1203 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1204 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) {
1205 // unicast pkt use pairwise key
1206 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1207 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1208 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP)
1209 byDecMode = KEY_CTL_TKIP;
1210 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP)
1211 byDecMode = KEY_CTL_CCMP;
1213 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1216 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1217 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1218 byDecMode = KEY_CTL_TKIP;
1219 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1220 byDecMode = KEY_CTL_CCMP;
1221 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1224 // our WEP only support Default Key
1226 // use default group key
1227 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1228 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1229 byDecMode = KEY_CTL_TKIP;
1230 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1231 byDecMode = KEY_CTL_CCMP;
1235 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1238 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1239 if (byDecMode == KEY_CTL_WEP) {
1240 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1241 } else if (pDevice->bLinkPass == TRUE) {
1242 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1246 if (byDecMode != pKey->byCipherSuite) {
1247 if (byDecMode == KEY_CTL_WEP) {
1248 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1249 } else if (pDevice->bLinkPass == TRUE) {
1250 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1255 if (byDecMode == KEY_CTL_WEP) {
1257 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1258 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1263 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1264 memcpy(pDevice->abyPRNG, pbyIV, 3);
1265 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1266 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1267 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1269 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1270 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1273 } else if ((byDecMode == KEY_CTL_TKIP) ||
1274 (byDecMode == KEY_CTL_CCMP)) {
1277 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1278 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1279 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1280 if (byDecMode == KEY_CTL_TKIP) {
1281 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1283 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1285 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1287 if ((byDecMode == KEY_CTL_TKIP) &&
1288 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1291 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1292 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1293 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1294 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1295 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1296 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1297 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1299 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1300 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1305 if ((*(pbyIV+3) & 0x20) != 0)
1311 static BOOL s_bHostWepRxEncryption (
1312 IN PSDevice pDevice,
1318 OUT PBYTE pbyNewRsr,
1320 OUT PWORD pwRxTSC15_0,
1321 OUT PDWORD pdwRxTSC47_16
1324 UINT PayloadLen = FrameSize;
1327 BYTE byDecMode = KEY_CTL_WEP;
1328 PS802_11Header pMACHeader;
1335 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1336 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1337 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1338 pbyIV += 6; // 6 is 802.11 address4
1341 byKeyIdx = (*(pbyIV+3) & 0xc0);
1343 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1346 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1347 byDecMode = KEY_CTL_TKIP;
1348 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1349 byDecMode = KEY_CTL_CCMP;
1351 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1353 if (byDecMode != pKey->byCipherSuite) {
1354 if (byDecMode == KEY_CTL_WEP) {
1355 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1356 } else if (pDevice->bLinkPass == TRUE) {
1357 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1362 if (byDecMode == KEY_CTL_WEP) {
1364 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1365 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1366 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1367 (bOnFly == FALSE)) {
1373 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1374 memcpy(pDevice->abyPRNG, pbyIV, 3);
1375 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1376 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1377 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1379 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1380 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1383 } else if ((byDecMode == KEY_CTL_TKIP) ||
1384 (byDecMode == KEY_CTL_CCMP)) {
1387 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1388 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1389 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1391 if (byDecMode == KEY_CTL_TKIP) {
1392 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1394 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1396 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1398 if (byDecMode == KEY_CTL_TKIP) {
1400 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1404 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1405 pMACHeader = (PS802_11Header) (pbyFrame);
1406 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1407 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1408 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1409 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1410 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1411 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1413 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1414 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1419 if (byDecMode == KEY_CTL_CCMP) {
1420 if (bOnFly == FALSE) {
1423 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1424 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1425 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1426 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1428 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1435 if ((*(pbyIV+3) & 0x20) != 0)
1442 static BOOL s_bAPModeRxData (
1443 IN PSDevice pDevice,
1444 IN struct sk_buff* skb,
1446 IN UINT cbHeaderOffset,
1447 IN INT iSANodeIndex,
1451 PSMgmtObject pMgmt = pDevice->pMgmt;
1452 BOOL bRelayAndForward = FALSE;
1453 BOOL bRelayOnly = FALSE;
1454 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1458 struct sk_buff* skbcpy = NULL;
1460 if (FrameSize > CB_MAX_BUF_SIZE)
1463 if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) {
1464 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1466 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1468 // if any node in PS mode, buffer packet until DTIM.
1469 if (skbcpy == NULL) {
1470 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1473 skbcpy->dev = pDevice->dev;
1474 skbcpy->len = FrameSize;
1475 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1476 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1478 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1480 pMgmt->abyPSTxMap[0] |= byMask[0];
1484 bRelayAndForward = TRUE;
1489 if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1490 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1491 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1492 // queue this skb until next PS tx, and then release.
1494 skb->data += cbHeaderOffset;
1495 skb->tail += cbHeaderOffset;
1496 skb_put(skb, FrameSize);
1497 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1498 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1499 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1500 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1501 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1502 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1512 if (bRelayOnly || bRelayAndForward) {
1513 // relay this packet right now
1514 if (bRelayAndForward)
1517 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1518 ROUTEbRelay(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex);
1524 // none associate, don't forward
1525 if (pDevice->uAssocCount == 0)
git.openpandora.org / pandora-kernel.git / blob