2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * Purpose: handle dpc rx functions
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
60 /*--------------------- Static Definitions -------------------------*/
62 /*--------------------- Static Classes ----------------------------*/
64 /*--------------------- Static Variables --------------------------*/
65 //static int msglevel =MSG_LEVEL_DEBUG;
66 static int msglevel =MSG_LEVEL_INFO;
68 const BYTE acbyRxRate[MAX_RATE] =
69 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
72 /*--------------------- Static Functions --------------------------*/
74 /*--------------------- Static Definitions -------------------------*/
76 /*--------------------- Static Functions --------------------------*/
78 static BYTE s_byGetRateIdx(IN BYTE byRate);
84 IN PBYTE pbyRxBufferAddr,
85 OUT PUINT pcbHeaderSize,
86 OUT PSEthernetHeader psEthHeader
91 s_vProcessRxMACHeader (
93 IN PBYTE pbyRxBufferAddr,
100 static BOOL s_bAPModeRxCtl(
108 static BOOL s_bAPModeRxData (
110 IN struct sk_buff* skb,
112 IN UINT cbHeaderOffset,
118 static BOOL s_bHandleRxEncryption(
124 OUT PSKeyItem *pKeyOut,
126 OUT PWORD pwRxTSC15_0,
127 OUT PDWORD pdwRxTSC47_16
130 static BOOL s_bHostWepRxEncryption(
140 OUT PWORD pwRxTSC15_0,
141 OUT PDWORD pdwRxTSC47_16
145 /*--------------------- Export Variables --------------------------*/
150 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
155 * dwRxBufferAddr - Address of Rcv Buffer
156 * cbPacketSize - Rcv Packet size
157 * bIsWEP - If Rcv with WEP
159 * pcbHeaderSize - 802.11 header size
166 s_vProcessRxMACHeader (
168 IN PBYTE pbyRxBufferAddr,
169 IN UINT cbPacketSize,
172 OUT PUINT pcbHeadSize
176 UINT cbHeaderSize = 0;
178 PS802_11Header pMACHeader;
182 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
184 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
188 // strip IV&ExtIV , add 8 byte
189 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
191 // strip IV , add 4 byte
192 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
196 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
199 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
200 if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
203 else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
205 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
206 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
210 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
213 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
215 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
219 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
225 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
228 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
230 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
234 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
238 cbHeaderSize -= (U_ETHER_ADDR_LEN * 2);
239 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
240 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
241 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
242 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
243 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
245 *pcbHeadSize = cbHeaderSize;
251 static BYTE s_byGetRateIdx (IN BYTE byRate)
255 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
256 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
266 IN PBYTE pbyRxBufferAddr,
267 OUT PUINT pcbHeaderSize,
268 OUT PSEthernetHeader psEthHeader
271 UINT cbHeaderSize = 0;
272 PS802_11Header pMACHeader;
275 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
277 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
278 if (pMACHeader->wFrameCtl & FC_FROMDS) {
279 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
280 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
281 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
286 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
287 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
288 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
294 if (pMACHeader->wFrameCtl & FC_FROMDS) {
295 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
296 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
297 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
302 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
303 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
304 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
308 *pcbHeaderSize = cbHeaderSize;
315 RXbBulkInProcessData (
318 IN ULONG BytesToIndicate
322 struct net_device_stats* pStats=&pDevice->stats;
324 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
325 PSRxMgmtPacket pRxPacket = &(pMgmt->sRxPacket);
326 PS802_11Header p802_11Header;
332 BOOL bDeFragRx = FALSE;
336 INT iSANodeIndex = -1;
337 INT iDANodeIndex = -1;
343 #ifdef Calcu_LinkQual
347 PSKeyItem pKey = NULL;
349 DWORD dwRxTSC47_16 = 0;
356 PRCB pRCBIndicate = pRCB;
359 BYTE abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108};
360 WORD wPLCPwithPadding;
361 PS802_11Header pMACHeader;
362 BOOL bRxeapol_key = FALSE;
366 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n");
370 //[31:16]RcvByteCount ( not include 4-byte Status )
371 dwWbkStatus = *( (PDWORD)(skb->data) );
372 FrameSize = (UINT)(dwWbkStatus >> 16);
375 if (BytesToIndicate != FrameSize) {
376 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
380 if ((BytesToIndicate > 2372)||(BytesToIndicate <= 40)) {
381 // Frame Size error drop this packet.
382 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n");
386 pbyDAddress = (PBYTE)(skb->data);
387 pbyRxSts = pbyDAddress+4;
388 pbyRxRate = pbyDAddress+5;
390 //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding
391 //if SQ3 the range is 24~27, if no SQ3 the range is 20~23
392 //real Frame size in PLCPLength field.
393 pwPLCP_Length = (PWORD) (pbyDAddress + 6);
394 //Fix hardware bug => PLCP_Length error
395 if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) ||
396 ((BytesToIndicate - (*pwPLCP_Length)) < 24) ||
397 (BytesToIndicate < (*pwPLCP_Length)) ) {
399 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length);
403 for ( ii=RATE_1M;ii<MAX_RATE;ii++) {
404 if ( *pbyRxRate == abyVaildRate[ii] ) {
408 if ( ii==MAX_RATE ) {
409 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate);
413 wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4;
415 pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding);
416 #ifdef Calcu_LinkQual
417 if(pDevice->byBBType == BB_TYPE_11G) {
418 pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12;
422 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
426 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
428 pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9;
429 pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10;
430 pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11;
432 FrameSize = *pwPLCP_Length;
434 pbyFrame = pbyDAddress + 8;
435 // update receive statistic counter
437 STAvUpdateRDStatCounter(&pDevice->scStatistic,
447 pMACHeader = (PS802_11Header) pbyFrame;
449 //mike add: to judge if current AP is activated?
450 if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) ||
451 (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) {
452 if (pMgmt->sNodeDBTable[0].bActive) {
453 if(IS_ETH_ADDRESS_EQUAL (pMgmt->abyCurrBSSID, pMACHeader->abyAddr2) ) {
454 if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
455 pMgmt->sNodeDBTable[0].uInActiveCount = 0;
460 if (!IS_MULTICAST_ADDRESS(pMACHeader->abyAddr1) && !IS_BROADCAST_ADDRESS(pMACHeader->abyAddr1)) {
461 if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) {
462 pDevice->s802_11Counter.FrameDuplicateCount++;
466 if ( !IS_ETH_ADDRESS_EQUAL (pDevice->abyCurrentNetAddr, pMACHeader->abyAddr1) ) {
473 s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader);
475 if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr))
478 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
479 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
480 p802_11Header = (PS802_11Header) (pbyFrame);
482 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
483 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
484 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
489 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
490 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
496 if (IS_FC_WEP(pbyFrame)) {
497 BOOL bRxDecryOK = FALSE;
499 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
501 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
503 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
504 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
505 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
506 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
507 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
509 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
513 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
517 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
524 bRxDecryOK = s_bHandleRxEncryption(pDevice,
536 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
537 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
538 if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
539 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
540 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
541 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
542 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
544 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
545 pDevice->s802_11Counter.TKIPICVErrors++;
546 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
547 pDevice->s802_11Counter.CCMPDecryptErrors++;
548 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
549 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
555 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
558 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
559 FrameSize -= 8; // Message Integrity Code
561 FrameSize -= 4; // 4 is ICV
568 //remove the CRC length
569 FrameSize -= U_CRC_LEN;
571 if ((BITbIsAllBitsOff(*pbyRsr, (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address
572 (IS_FRAGMENT_PKT((pbyFrame)))
575 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV);
576 pDevice->s802_11Counter.ReceivedFragmentCount++;
579 // TODO skb, pbyFrame
580 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
581 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
582 pbyFrame = skb->data + 8;
590 // Management & Control frame Handle
592 if ((IS_TYPE_DATA((pbyFrame))) == FALSE) {
593 // Handle Control & Manage Frame
595 if (IS_TYPE_MGMT((pbyFrame))) {
599 pRxPacket = &(pRCB->sMngPacket);
600 pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame);
601 pRxPacket->cbMPDULen = FrameSize;
602 pRxPacket->uRSSI = *pbyRSSI;
603 pRxPacket->bySQ = *pbySQ;
604 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
605 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
608 pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame);
609 pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4;
610 for (ii = 0; ii < (FrameSize - 4); ii++) {
611 *pbyData1 = *pbyData2;
617 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
619 if ( *pbyRxSts == 0 ) {
620 //Discard beacon packet which channel is 0
621 if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) ||
622 (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) {
626 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
628 // hostap Deamon handle 802.11 management
629 if (pDevice->bEnableHostapd) {
630 skb->dev = pDevice->apdev;
635 skb_put(skb, FrameSize);
636 skb_reset_mac_header(skb);
637 skb->pkt_type = PACKET_OTHERHOST;
638 skb->protocol = htons(ETH_P_802_2);
639 memset(skb->cb, 0, sizeof(skb->cb));
645 // Insert the RCB in the Recv Mng list
647 EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate);
648 pDevice->NumRecvMngList++;
649 if ( bDeFragRx == FALSE) {
652 if (pDevice->bIsRxMngWorkItemQueued == FALSE) {
653 pDevice->bIsRxMngWorkItemQueued = TRUE;
654 tasklet_schedule(&pDevice->RxMngWorkItem);
664 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
665 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
666 if (BITbIsBitOff(*pbyRsr, RSR_BSSIDOK)) {
668 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
669 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
677 // discard DATA packet while not associate || BSSID error
678 if ((pDevice->bLinkPass == FALSE) ||
679 BITbIsBitOff(*pbyRsr, RSR_BSSIDOK)) {
681 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
682 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
688 //mike add:station mode check eapol-key challenge--->
690 BYTE Protocol_Version; //802.1x Authentication
691 BYTE Packet_Type; //802.1x Authentication
692 BYTE Descriptor_type;
698 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
699 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
700 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
701 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
702 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
703 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
704 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive
706 Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2];
707 Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ;
708 if(Descriptor_type==2) { //RSN
709 // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info);
711 else if(Descriptor_type==254) {
712 // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info);
717 //mike add:station mode check eapol-key challenge<---
725 if (pDevice->bEnablePSMode) {
726 if (IS_FC_MOREDATA((pbyFrame))) {
727 if (BITbIsBitOn(*pbyRsr, RSR_ADDROK)) {
728 //PSbSendPSPOLL((PSDevice)pDevice);
732 if (pMgmt->bInTIMWake == TRUE) {
733 pMgmt->bInTIMWake = FALSE;
738 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
739 if (pDevice->bDiversityEnable && (FrameSize>50) &&
740 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
741 (pDevice->bLinkPass == TRUE)) {
742 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
745 // ++++++++ For BaseBand Algorithm +++++++++++++++
746 pDevice->uCurrRSSI = *pbyRSSI;
747 pDevice->byCurrSQ = *pbySQ;
751 if ((*pbyRSSI != 0) &&
752 (pMgmt->pCurrBSS!=NULL)) {
753 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
754 // Moniter if RSSI is too strong.
755 pMgmt->pCurrBSS->byRSSIStatCnt++;
756 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
757 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
758 for(ii=0;ii<RSSI_STAT_COUNT;ii++) {
759 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
760 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
767 // -----------------------------------------------
769 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
772 // Only 802.1x packet incoming allowed
777 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
778 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
780 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
781 if (wEtherType == ETH_P_PAE) {
782 skb->dev = pDevice->apdev;
784 if (bIsWEP == TRUE) {
785 // strip IV header(8)
786 memcpy(&abyMacHdr[0], (skb->data + 8), 24);
787 memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24);
790 skb->data += (cbIVOffset + 8);
791 skb->tail += (cbIVOffset + 8);
792 skb_put(skb, FrameSize);
793 skb_reset_mac_header(skb);
794 skb->pkt_type = PACKET_OTHERHOST;
795 skb->protocol = htons(ETH_P_802_2);
796 memset(skb->cb, 0, sizeof(skb->cb));
801 // check if 802.1x authorized
802 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
807 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
809 FrameSize -= 8; //MIC
813 //--------------------------------------------------------------------------------
815 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
819 DWORD dwMIC_Priority;
820 DWORD dwMICKey0 = 0, dwMICKey1 = 0;
821 DWORD dwLocalMIC_L = 0;
822 DWORD dwLocalMIC_R = 0;
823 viawget_wpa_header *wpahdr;
826 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
827 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
828 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
831 if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
832 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
833 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
834 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
835 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
836 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
838 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
839 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
843 MIC_vInit(dwMICKey0, dwMICKey1);
844 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
846 MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
847 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
848 MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8),
849 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
850 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
853 pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize);
854 pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4);
857 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
858 (pDevice->bRxMICFail == TRUE)) {
859 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
860 pDevice->bRxMICFail = FALSE;
861 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
862 pDevice->s802_11Counter.TKIPLocalMICFailures++;
864 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
865 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
869 //2008-0409-07, <Add> by Einsn Liu
870 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
871 //send event to wpa_supplicant
872 //if(pDevice->bWPASuppWextEnabled == TRUE)
874 union iwreq_data wrqu;
875 struct iw_michaelmicfailure ev;
876 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
877 memset(&ev, 0, sizeof(ev));
878 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
879 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
880 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
881 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
882 ev.flags |= IW_MICFAILURE_PAIRWISE;
884 ev.flags |= IW_MICFAILURE_GROUP;
887 ev.src_addr.sa_family = ARPHRD_ETHER;
888 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
889 memset(&wrqu, 0, sizeof(wrqu));
890 wrqu.data.length = sizeof(ev);
891 PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
892 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
898 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
899 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
900 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
901 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
902 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
903 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
904 wpahdr->type = VIAWGET_PTK_MIC_MSG;
906 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
907 wpahdr->type = VIAWGET_GTK_MIC_MSG;
909 wpahdr->resp_ie_len = 0;
910 wpahdr->req_ie_len = 0;
911 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
912 pDevice->skb->dev = pDevice->wpadev;
913 skb_reset_mac_header(pDevice->skb);
914 pDevice->skb->pkt_type = PACKET_HOST;
915 pDevice->skb->protocol = htons(ETH_P_802_2);
916 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
917 netif_rx(pDevice->skb);
918 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
925 } //---end of SOFT MIC-----------------------------------------------------------------------
927 // ++++++++++ Reply Counter Check +++++++++++++
929 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
930 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
932 WORD wLocalTSC15_0 = 0;
933 DWORD dwLocalTSC47_16 = 0;
936 RSC = *((ULONGLONG *) &(pKey->KeyRSC));
937 wLocalTSC15_0 = (WORD) RSC;
938 dwLocalTSC47_16 = (DWORD) (RSC>>16);
943 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
945 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
946 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
948 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
949 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
950 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
951 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
952 if (pKey->byCipherSuite == KEY_CTL_TKIP)
953 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
954 pDevice->s802_11Counter.TKIPReplays++;
956 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
957 pDevice->s802_11Counter.CCMPReplays++;
960 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
961 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
969 } // ----- End of Reply Counter Check --------------------------
972 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
973 FrameSize -= cbHeaderOffset;
974 cbHeaderOffset += 8; // 8 is Rcv buffer header
976 // Null data, framesize = 12
980 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
981 if (s_bAPModeRxData(pDevice,
990 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
991 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1000 skb->data += cbHeaderOffset;
1001 skb->tail += cbHeaderOffset;
1002 skb_put(skb, FrameSize);
1003 skb->protocol=eth_type_trans(skb, skb->dev);
1004 skb->ip_summed=CHECKSUM_NONE;
1005 pStats->rx_bytes +=skb->len;
1006 pStats->rx_packets++;
1009 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1010 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1011 pDevice->dev->name);
1020 static BOOL s_bAPModeRxCtl (
1021 IN PSDevice pDevice,
1026 PS802_11Header p802_11Header;
1028 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1031 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1033 p802_11Header = (PS802_11Header) (pbyFrame);
1034 if (!IS_TYPE_MGMT(pbyFrame)) {
1036 // Data & PS-Poll packet
1037 // check frame class
1038 if (iSANodeIndex > 0) {
1039 // frame class 3 fliter & checking
1040 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1041 // send deauth notification
1042 // reason = (6) class 2 received from nonauth sta
1043 vMgrDeAuthenBeginSta(pDevice,
1045 (PBYTE)(p802_11Header->abyAddr2),
1046 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1049 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1052 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1053 // send deassoc notification
1054 // reason = (7) class 3 received from nonassoc sta
1055 vMgrDisassocBeginSta(pDevice,
1057 (PBYTE)(p802_11Header->abyAddr2),
1058 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1061 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1065 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1066 // delcare received ps-poll event
1067 if (IS_CTL_PSPOLL(pbyFrame)) {
1068 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1069 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1070 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1073 // check Data PS state
1074 // if PW bit off, send out all PS bufferring packets.
1075 if (!IS_FC_POWERMGT(pbyFrame)) {
1076 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1077 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1078 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1079 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1084 if (IS_FC_POWERMGT(pbyFrame)) {
1085 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1086 // Once if STA in PS state, enable multicast bufferring
1087 pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1090 // clear all pending PS frame.
1091 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1092 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1093 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1094 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1095 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1102 vMgrDeAuthenBeginSta(pDevice,
1104 (PBYTE)(p802_11Header->abyAddr2),
1105 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1108 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1109 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1110 p802_11Header->abyAddr3[0],
1111 p802_11Header->abyAddr3[1],
1112 p802_11Header->abyAddr3[2],
1113 p802_11Header->abyAddr3[3],
1114 p802_11Header->abyAddr3[4],
1115 p802_11Header->abyAddr3[5]
1117 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1118 p802_11Header->abyAddr2[0],
1119 p802_11Header->abyAddr2[1],
1120 p802_11Header->abyAddr2[2],
1121 p802_11Header->abyAddr2[3],
1122 p802_11Header->abyAddr2[4],
1123 p802_11Header->abyAddr2[5]
1125 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1126 p802_11Header->abyAddr1[0],
1127 p802_11Header->abyAddr1[1],
1128 p802_11Header->abyAddr1[2],
1129 p802_11Header->abyAddr1[3],
1130 p802_11Header->abyAddr1[4],
1131 p802_11Header->abyAddr1[5]
1133 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1142 static BOOL s_bHandleRxEncryption (
1143 IN PSDevice pDevice,
1147 OUT PBYTE pbyNewRsr,
1148 OUT PSKeyItem *pKeyOut,
1150 OUT PWORD pwRxTSC15_0,
1151 OUT PDWORD pdwRxTSC47_16
1154 UINT PayloadLen = FrameSize;
1157 PSKeyItem pKey = NULL;
1158 BYTE byDecMode = KEY_CTL_WEP;
1159 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1165 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1166 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1167 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1168 pbyIV += 6; // 6 is 802.11 address4
1171 byKeyIdx = (*(pbyIV+3) & 0xc0);
1173 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1175 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1176 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1177 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1178 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1179 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1180 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1181 (pMgmt->byCSSPK != KEY_CTL_NONE)) {
1182 // unicast pkt use pairwise key
1183 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1184 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1185 if (pMgmt->byCSSPK == KEY_CTL_TKIP)
1186 byDecMode = KEY_CTL_TKIP;
1187 else if (pMgmt->byCSSPK == KEY_CTL_CCMP)
1188 byDecMode = KEY_CTL_CCMP;
1190 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1193 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1194 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1195 byDecMode = KEY_CTL_TKIP;
1196 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1197 byDecMode = KEY_CTL_CCMP;
1198 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1201 // our WEP only support Default Key
1203 // use default group key
1204 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1205 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1206 byDecMode = KEY_CTL_TKIP;
1207 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1208 byDecMode = KEY_CTL_CCMP;
1212 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1215 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1216 if (byDecMode == KEY_CTL_WEP) {
1217 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1218 } else if (pDevice->bLinkPass == TRUE) {
1219 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1223 if (byDecMode != pKey->byCipherSuite) {
1224 if (byDecMode == KEY_CTL_WEP) {
1225 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1226 } else if (pDevice->bLinkPass == TRUE) {
1227 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1232 if (byDecMode == KEY_CTL_WEP) {
1234 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1235 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1240 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1241 memcpy(pDevice->abyPRNG, pbyIV, 3);
1242 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1243 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1244 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1246 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1247 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1250 } else if ((byDecMode == KEY_CTL_TKIP) ||
1251 (byDecMode == KEY_CTL_CCMP)) {
1254 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1255 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1256 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1257 if (byDecMode == KEY_CTL_TKIP) {
1258 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1260 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1262 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1264 if ((byDecMode == KEY_CTL_TKIP) &&
1265 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1268 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1269 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1270 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1271 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1272 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1273 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1274 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1276 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1277 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1282 if ((*(pbyIV+3) & 0x20) != 0)
1288 static BOOL s_bHostWepRxEncryption (
1289 IN PSDevice pDevice,
1295 OUT PBYTE pbyNewRsr,
1297 OUT PWORD pwRxTSC15_0,
1298 OUT PDWORD pdwRxTSC47_16
1301 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1302 UINT PayloadLen = FrameSize;
1305 BYTE byDecMode = KEY_CTL_WEP;
1306 PS802_11Header pMACHeader;
1313 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1314 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1315 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1316 pbyIV += 6; // 6 is 802.11 address4
1319 byKeyIdx = (*(pbyIV+3) & 0xc0);
1321 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1324 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1325 byDecMode = KEY_CTL_TKIP;
1326 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1327 byDecMode = KEY_CTL_CCMP;
1329 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1331 if (byDecMode != pKey->byCipherSuite) {
1332 if (byDecMode == KEY_CTL_WEP) {
1333 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1334 } else if (pDevice->bLinkPass == TRUE) {
1335 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1340 if (byDecMode == KEY_CTL_WEP) {
1342 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1343 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1344 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1345 (bOnFly == FALSE)) {
1351 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1352 memcpy(pDevice->abyPRNG, pbyIV, 3);
1353 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1354 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1355 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1357 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1358 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1361 } else if ((byDecMode == KEY_CTL_TKIP) ||
1362 (byDecMode == KEY_CTL_CCMP)) {
1365 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1366 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1367 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1369 if (byDecMode == KEY_CTL_TKIP) {
1370 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1372 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1374 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1376 if (byDecMode == KEY_CTL_TKIP) {
1378 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1382 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1383 pMACHeader = (PS802_11Header) (pbyFrame);
1384 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1385 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1386 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1387 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1388 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1389 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1391 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1392 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1397 if (byDecMode == KEY_CTL_CCMP) {
1398 if (bOnFly == FALSE) {
1401 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1402 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1403 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1404 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1406 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1413 if ((*(pbyIV+3) & 0x20) != 0)
1420 static BOOL s_bAPModeRxData (
1421 IN PSDevice pDevice,
1422 IN struct sk_buff* skb,
1424 IN UINT cbHeaderOffset,
1425 IN INT iSANodeIndex,
1430 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1431 BOOL bRelayAndForward = FALSE;
1432 BOOL bRelayOnly = FALSE;
1433 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1437 struct sk_buff* skbcpy = NULL;
1439 if (FrameSize > CB_MAX_BUF_SIZE)
1442 if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) {
1443 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1445 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1447 // if any node in PS mode, buffer packet until DTIM.
1448 if (skbcpy == NULL) {
1449 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1452 skbcpy->dev = pDevice->dev;
1453 skbcpy->len = FrameSize;
1454 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1455 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1456 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1458 pMgmt->abyPSTxMap[0] |= byMask[0];
1462 bRelayAndForward = TRUE;
1467 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1468 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1469 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1470 // queue this skb until next PS tx, and then release.
1472 skb->data += cbHeaderOffset;
1473 skb->tail += cbHeaderOffset;
1474 skb_put(skb, FrameSize);
1475 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1477 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1478 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1479 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1480 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1481 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1491 if (bRelayOnly || bRelayAndForward) {
1492 // relay this packet right now
1493 if (bRelayAndForward)
1496 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1497 bRelayPacketSend(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex);
1503 // none associate, don't forward
1504 if (pDevice->uAssocCount == 0)
1518 PSDevice pDevice = (PSDevice) Context;
1522 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n");
1523 spin_lock_irq(&pDevice->lock);
1524 while ( MP_TEST_FLAG(pDevice, fMP_POST_READS) &&
1525 MP_IS_READY(pDevice) &&
1526 (pDevice->NumRecvFreeList != 0) ) {
1527 pRCB = pDevice->FirstRecvFreeList;
1528 pDevice->NumRecvFreeList--;
1529 ASSERT(pRCB);// cannot be NULL
1530 DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList);
1531 ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB);
1533 pDevice->bIsRxWorkItemQueued = FALSE;
1534 spin_unlock_irq(&pDevice->lock);
1545 PSDevice pDevice = (PSDevice)pRCB->pDevice;
1548 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n");
1550 ASSERT(!pRCB->Ref); // should be 0
1551 ASSERT(pRCB->pDevice); // shouldn't be NULL
1553 if (bReAllocSkb == TRUE) {
1554 pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1555 // todo error handling
1556 if (pRCB->skb == NULL) {
1557 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n");
1559 pRCB->skb->dev = pDevice->dev;
1563 // Insert the RCB back in the Recv free list
1565 EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB);
1566 pDevice->NumRecvFreeList++;
1569 if (MP_TEST_FLAG(pDevice, fMP_POST_READS) && MP_IS_READY(pDevice) &&
1570 (pDevice->bIsRxWorkItemQueued == FALSE) ) {
1572 pDevice->bIsRxWorkItemQueued = TRUE;
1573 tasklet_schedule(&pDevice->ReadWorkItem);
1575 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1584 PSDevice pDevice = (PSDevice) Context;
1586 PSRxMgmtPacket pRxPacket;
1587 BOOL bReAllocSkb = FALSE;
1589 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n");
1591 spin_lock_irq(&pDevice->lock);
1592 while (pDevice->NumRecvMngList!=0)
1594 pRCB = pDevice->FirstRecvMngList;
1595 pDevice->NumRecvMngList--;
1596 DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList);
1600 ASSERT(pRCB);// cannot be NULL
1601 pRxPacket = &(pRCB->sMngPacket);
1602 vMgrRxManagePacket((HANDLE)pDevice, &(pDevice->sMgmtObj), pRxPacket);
1604 if(pRCB->Ref == 0) {
1605 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1606 RXvFreeRCB(pRCB, bReAllocSkb);
1608 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n");
1612 pDevice->bIsRxMngWorkItemQueued = FALSE;
1613 spin_unlock_irq(&pDevice->lock);