2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * Purpose: handle dpc rx functions
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
59 /*--------------------- Static Definitions -------------------------*/
61 /*--------------------- Static Classes ----------------------------*/
63 /*--------------------- Static Variables --------------------------*/
64 //static int msglevel =MSG_LEVEL_DEBUG;
65 static int msglevel =MSG_LEVEL_INFO;
67 const BYTE acbyRxRate[MAX_RATE] =
68 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
71 /*--------------------- Static Functions --------------------------*/
73 /*--------------------- Static Definitions -------------------------*/
75 /*--------------------- Static Functions --------------------------*/
77 static BYTE s_byGetRateIdx(IN BYTE byRate);
83 IN PBYTE pbyRxBufferAddr,
84 OUT PUINT pcbHeaderSize,
85 OUT PSEthernetHeader psEthHeader
90 s_vProcessRxMACHeader (
92 IN PBYTE pbyRxBufferAddr,
99 static BOOL s_bAPModeRxCtl(
107 static BOOL s_bAPModeRxData (
109 IN struct sk_buff* skb,
111 IN UINT cbHeaderOffset,
117 static BOOL s_bHandleRxEncryption(
123 OUT PSKeyItem *pKeyOut,
125 OUT PWORD pwRxTSC15_0,
126 OUT PDWORD pdwRxTSC47_16
129 static BOOL s_bHostWepRxEncryption(
139 OUT PWORD pwRxTSC15_0,
140 OUT PDWORD pdwRxTSC47_16
144 /*--------------------- Export Variables --------------------------*/
149 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
154 * dwRxBufferAddr - Address of Rcv Buffer
155 * cbPacketSize - Rcv Packet size
156 * bIsWEP - If Rcv with WEP
158 * pcbHeaderSize - 802.11 header size
165 s_vProcessRxMACHeader (
167 IN PBYTE pbyRxBufferAddr,
168 IN UINT cbPacketSize,
171 OUT PUINT pcbHeadSize
175 UINT cbHeaderSize = 0;
177 PS802_11Header pMACHeader;
181 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
183 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
187 // strip IV&ExtIV , add 8 byte
188 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
190 // strip IV , add 4 byte
191 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
195 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
198 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
199 if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
202 else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
204 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
205 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
209 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
212 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
214 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
218 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
224 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
227 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
229 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
233 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
237 cbHeaderSize -= (U_ETHER_ADDR_LEN * 2);
238 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
239 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
240 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
241 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
242 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
244 *pcbHeadSize = cbHeaderSize;
250 static BYTE s_byGetRateIdx (IN BYTE byRate)
254 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
255 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
265 IN PBYTE pbyRxBufferAddr,
266 OUT PUINT pcbHeaderSize,
267 OUT PSEthernetHeader psEthHeader
270 UINT cbHeaderSize = 0;
271 PS802_11Header pMACHeader;
274 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
276 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
277 if (pMACHeader->wFrameCtl & FC_FROMDS) {
278 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
279 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
280 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
285 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
286 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
287 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
293 if (pMACHeader->wFrameCtl & FC_FROMDS) {
294 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
295 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
296 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
301 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
302 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
303 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
307 *pcbHeaderSize = cbHeaderSize;
314 RXbBulkInProcessData (
317 IN ULONG BytesToIndicate
321 struct net_device_stats* pStats=&pDevice->stats;
323 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
324 PSRxMgmtPacket pRxPacket = &(pMgmt->sRxPacket);
325 PS802_11Header p802_11Header;
331 BOOL bDeFragRx = FALSE;
335 INT iSANodeIndex = -1;
336 INT iDANodeIndex = -1;
342 #ifdef Calcu_LinkQual
346 PSKeyItem pKey = NULL;
348 DWORD dwRxTSC47_16 = 0;
355 PRCB pRCBIndicate = pRCB;
358 BYTE abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108};
359 WORD wPLCPwithPadding;
360 PS802_11Header pMACHeader;
361 BOOL bRxeapol_key = FALSE;
365 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n");
369 //[31:16]RcvByteCount ( not include 4-byte Status )
370 dwWbkStatus = *( (PDWORD)(skb->data) );
371 FrameSize = (UINT)(dwWbkStatus >> 16);
374 if (BytesToIndicate != FrameSize) {
375 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
379 if ((BytesToIndicate > 2372)||(BytesToIndicate <= 40)) {
380 // Frame Size error drop this packet.
381 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n");
385 pbyDAddress = (PBYTE)(skb->data);
386 pbyRxSts = pbyDAddress+4;
387 pbyRxRate = pbyDAddress+5;
389 //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding
390 //if SQ3 the range is 24~27, if no SQ3 the range is 20~23
391 //real Frame size in PLCPLength field.
392 pwPLCP_Length = (PWORD) (pbyDAddress + 6);
393 //Fix hardware bug => PLCP_Length error
394 if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) ||
395 ((BytesToIndicate - (*pwPLCP_Length)) < 24) ||
396 (BytesToIndicate < (*pwPLCP_Length)) ) {
398 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length);
402 for ( ii=RATE_1M;ii<MAX_RATE;ii++) {
403 if ( *pbyRxRate == abyVaildRate[ii] ) {
407 if ( ii==MAX_RATE ) {
408 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate);
412 wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4;
414 pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding);
415 #ifdef Calcu_LinkQual
416 if(pDevice->byBBType == BB_TYPE_11G) {
417 pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12;
421 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
425 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
427 pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9;
428 pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10;
429 pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11;
431 FrameSize = *pwPLCP_Length;
433 pbyFrame = pbyDAddress + 8;
434 // update receive statistic counter
436 STAvUpdateRDStatCounter(&pDevice->scStatistic,
446 pMACHeader = (PS802_11Header) pbyFrame;
448 //mike add: to judge if current AP is activated?
449 if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) ||
450 (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) {
451 if (pMgmt->sNodeDBTable[0].bActive) {
452 if(IS_ETH_ADDRESS_EQUAL (pMgmt->abyCurrBSSID, pMACHeader->abyAddr2) ) {
453 if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
454 pMgmt->sNodeDBTable[0].uInActiveCount = 0;
459 if (!IS_MULTICAST_ADDRESS(pMACHeader->abyAddr1) && !IS_BROADCAST_ADDRESS(pMACHeader->abyAddr1)) {
460 if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) {
461 pDevice->s802_11Counter.FrameDuplicateCount++;
465 if ( !IS_ETH_ADDRESS_EQUAL (pDevice->abyCurrentNetAddr, pMACHeader->abyAddr1) ) {
472 s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader);
474 if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr))
477 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
478 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
479 p802_11Header = (PS802_11Header) (pbyFrame);
481 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
482 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
483 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
488 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
489 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
495 if (IS_FC_WEP(pbyFrame)) {
496 BOOL bRxDecryOK = FALSE;
498 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
500 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
502 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
503 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
504 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
505 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
506 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
508 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
512 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
516 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
523 bRxDecryOK = s_bHandleRxEncryption(pDevice,
535 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
536 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
537 if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
538 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
539 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
540 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
541 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
543 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
544 pDevice->s802_11Counter.TKIPICVErrors++;
545 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
546 pDevice->s802_11Counter.CCMPDecryptErrors++;
547 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
548 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
554 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
557 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
558 FrameSize -= 8; // Message Integrity Code
560 FrameSize -= 4; // 4 is ICV
567 //remove the CRC length
568 FrameSize -= U_CRC_LEN;
570 if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) && // unicast address
571 (IS_FRAGMENT_PKT((pbyFrame)))
574 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV);
575 pDevice->s802_11Counter.ReceivedFragmentCount++;
578 // TODO skb, pbyFrame
579 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
580 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
581 pbyFrame = skb->data + 8;
589 // Management & Control frame Handle
591 if ((IS_TYPE_DATA((pbyFrame))) == FALSE) {
592 // Handle Control & Manage Frame
594 if (IS_TYPE_MGMT((pbyFrame))) {
598 pRxPacket = &(pRCB->sMngPacket);
599 pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame);
600 pRxPacket->cbMPDULen = FrameSize;
601 pRxPacket->uRSSI = *pbyRSSI;
602 pRxPacket->bySQ = *pbySQ;
603 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
604 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
607 pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame);
608 pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4;
609 for (ii = 0; ii < (FrameSize - 4); ii++) {
610 *pbyData1 = *pbyData2;
616 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
618 if ( *pbyRxSts == 0 ) {
619 //Discard beacon packet which channel is 0
620 if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) ||
621 (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) {
625 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
627 // hostap Deamon handle 802.11 management
628 if (pDevice->bEnableHostapd) {
629 skb->dev = pDevice->apdev;
634 skb_put(skb, FrameSize);
635 skb_reset_mac_header(skb);
636 skb->pkt_type = PACKET_OTHERHOST;
637 skb->protocol = htons(ETH_P_802_2);
638 memset(skb->cb, 0, sizeof(skb->cb));
644 // Insert the RCB in the Recv Mng list
646 EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate);
647 pDevice->NumRecvMngList++;
648 if ( bDeFragRx == FALSE) {
651 if (pDevice->bIsRxMngWorkItemQueued == FALSE) {
652 pDevice->bIsRxMngWorkItemQueued = TRUE;
653 tasklet_schedule(&pDevice->RxMngWorkItem);
663 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
664 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
665 if ( !(*pbyRsr & RSR_BSSIDOK)) {
667 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
668 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
676 // discard DATA packet while not associate || BSSID error
677 if ((pDevice->bLinkPass == FALSE) ||
678 !(*pbyRsr & RSR_BSSIDOK)) {
680 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
681 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
687 //mike add:station mode check eapol-key challenge--->
689 BYTE Protocol_Version; //802.1x Authentication
690 BYTE Packet_Type; //802.1x Authentication
691 BYTE Descriptor_type;
697 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
698 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
699 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
700 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
701 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
702 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
703 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive
705 Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2];
706 Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ;
707 if(Descriptor_type==2) { //RSN
708 // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info);
710 else if(Descriptor_type==254) {
711 // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info);
716 //mike add:station mode check eapol-key challenge<---
724 if (pDevice->bEnablePSMode) {
725 if (IS_FC_MOREDATA((pbyFrame))) {
726 if (*pbyRsr & RSR_ADDROK) {
727 //PSbSendPSPOLL((PSDevice)pDevice);
731 if (pMgmt->bInTIMWake == TRUE) {
732 pMgmt->bInTIMWake = FALSE;
737 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
738 if (pDevice->bDiversityEnable && (FrameSize>50) &&
739 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
740 (pDevice->bLinkPass == TRUE)) {
741 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
744 // ++++++++ For BaseBand Algorithm +++++++++++++++
745 pDevice->uCurrRSSI = *pbyRSSI;
746 pDevice->byCurrSQ = *pbySQ;
750 if ((*pbyRSSI != 0) &&
751 (pMgmt->pCurrBSS!=NULL)) {
752 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
753 // Moniter if RSSI is too strong.
754 pMgmt->pCurrBSS->byRSSIStatCnt++;
755 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
756 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
757 for(ii=0;ii<RSSI_STAT_COUNT;ii++) {
758 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
759 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
766 // -----------------------------------------------
768 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
771 // Only 802.1x packet incoming allowed
776 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
777 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
779 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
780 if (wEtherType == ETH_P_PAE) {
781 skb->dev = pDevice->apdev;
783 if (bIsWEP == TRUE) {
784 // strip IV header(8)
785 memcpy(&abyMacHdr[0], (skb->data + 8), 24);
786 memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24);
789 skb->data += (cbIVOffset + 8);
790 skb->tail += (cbIVOffset + 8);
791 skb_put(skb, FrameSize);
792 skb_reset_mac_header(skb);
793 skb->pkt_type = PACKET_OTHERHOST;
794 skb->protocol = htons(ETH_P_802_2);
795 memset(skb->cb, 0, sizeof(skb->cb));
800 // check if 802.1x authorized
801 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
806 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
808 FrameSize -= 8; //MIC
812 //--------------------------------------------------------------------------------
814 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
818 DWORD dwMIC_Priority;
819 DWORD dwMICKey0 = 0, dwMICKey1 = 0;
820 DWORD dwLocalMIC_L = 0;
821 DWORD dwLocalMIC_R = 0;
822 viawget_wpa_header *wpahdr;
825 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
826 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
827 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
830 if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
831 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
832 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
833 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
834 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
835 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
837 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
838 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
842 MIC_vInit(dwMICKey0, dwMICKey1);
843 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
845 MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
846 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
847 MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8),
848 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
849 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
852 pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize);
853 pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4);
856 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
857 (pDevice->bRxMICFail == TRUE)) {
858 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
859 pDevice->bRxMICFail = FALSE;
860 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
861 pDevice->s802_11Counter.TKIPLocalMICFailures++;
863 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
864 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
868 //2008-0409-07, <Add> by Einsn Liu
869 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
870 //send event to wpa_supplicant
871 //if(pDevice->bWPASuppWextEnabled == TRUE)
873 union iwreq_data wrqu;
874 struct iw_michaelmicfailure ev;
875 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
876 memset(&ev, 0, sizeof(ev));
877 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
878 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
879 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
880 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
881 ev.flags |= IW_MICFAILURE_PAIRWISE;
883 ev.flags |= IW_MICFAILURE_GROUP;
886 ev.src_addr.sa_family = ARPHRD_ETHER;
887 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
888 memset(&wrqu, 0, sizeof(wrqu));
889 wrqu.data.length = sizeof(ev);
890 PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
891 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
897 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
898 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
899 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
900 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
901 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
902 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
903 wpahdr->type = VIAWGET_PTK_MIC_MSG;
905 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
906 wpahdr->type = VIAWGET_GTK_MIC_MSG;
908 wpahdr->resp_ie_len = 0;
909 wpahdr->req_ie_len = 0;
910 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
911 pDevice->skb->dev = pDevice->wpadev;
912 skb_reset_mac_header(pDevice->skb);
913 pDevice->skb->pkt_type = PACKET_HOST;
914 pDevice->skb->protocol = htons(ETH_P_802_2);
915 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
916 netif_rx(pDevice->skb);
917 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
924 } //---end of SOFT MIC-----------------------------------------------------------------------
926 // ++++++++++ Reply Counter Check +++++++++++++
928 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
929 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
931 WORD wLocalTSC15_0 = 0;
932 DWORD dwLocalTSC47_16 = 0;
935 RSC = *((ULONGLONG *) &(pKey->KeyRSC));
936 wLocalTSC15_0 = (WORD) RSC;
937 dwLocalTSC47_16 = (DWORD) (RSC>>16);
942 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
944 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
945 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
947 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
948 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
949 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
950 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
951 if (pKey->byCipherSuite == KEY_CTL_TKIP)
952 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
953 pDevice->s802_11Counter.TKIPReplays++;
955 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
956 pDevice->s802_11Counter.CCMPReplays++;
959 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
960 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
968 } // ----- End of Reply Counter Check --------------------------
971 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
972 FrameSize -= cbHeaderOffset;
973 cbHeaderOffset += 8; // 8 is Rcv buffer header
975 // Null data, framesize = 12
979 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
980 if (s_bAPModeRxData(pDevice,
989 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
990 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
999 skb->data += cbHeaderOffset;
1000 skb->tail += cbHeaderOffset;
1001 skb_put(skb, FrameSize);
1002 skb->protocol=eth_type_trans(skb, skb->dev);
1003 skb->ip_summed=CHECKSUM_NONE;
1004 pStats->rx_bytes +=skb->len;
1005 pStats->rx_packets++;
1008 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1009 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1010 pDevice->dev->name);
1019 static BOOL s_bAPModeRxCtl (
1020 IN PSDevice pDevice,
1025 PS802_11Header p802_11Header;
1027 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1030 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1032 p802_11Header = (PS802_11Header) (pbyFrame);
1033 if (!IS_TYPE_MGMT(pbyFrame)) {
1035 // Data & PS-Poll packet
1036 // check frame class
1037 if (iSANodeIndex > 0) {
1038 // frame class 3 fliter & checking
1039 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1040 // send deauth notification
1041 // reason = (6) class 2 received from nonauth sta
1042 vMgrDeAuthenBeginSta(pDevice,
1044 (PBYTE)(p802_11Header->abyAddr2),
1045 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1048 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1051 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1052 // send deassoc notification
1053 // reason = (7) class 3 received from nonassoc sta
1054 vMgrDisassocBeginSta(pDevice,
1056 (PBYTE)(p802_11Header->abyAddr2),
1057 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1060 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1064 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1065 // delcare received ps-poll event
1066 if (IS_CTL_PSPOLL(pbyFrame)) {
1067 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1068 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1069 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1072 // check Data PS state
1073 // if PW bit off, send out all PS bufferring packets.
1074 if (!IS_FC_POWERMGT(pbyFrame)) {
1075 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1076 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1077 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1078 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1083 if (IS_FC_POWERMGT(pbyFrame)) {
1084 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1085 // Once if STA in PS state, enable multicast bufferring
1086 pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1089 // clear all pending PS frame.
1090 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1091 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1092 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1093 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1094 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1101 vMgrDeAuthenBeginSta(pDevice,
1103 (PBYTE)(p802_11Header->abyAddr2),
1104 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1107 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1108 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1109 p802_11Header->abyAddr3[0],
1110 p802_11Header->abyAddr3[1],
1111 p802_11Header->abyAddr3[2],
1112 p802_11Header->abyAddr3[3],
1113 p802_11Header->abyAddr3[4],
1114 p802_11Header->abyAddr3[5]
1116 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1117 p802_11Header->abyAddr2[0],
1118 p802_11Header->abyAddr2[1],
1119 p802_11Header->abyAddr2[2],
1120 p802_11Header->abyAddr2[3],
1121 p802_11Header->abyAddr2[4],
1122 p802_11Header->abyAddr2[5]
1124 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1125 p802_11Header->abyAddr1[0],
1126 p802_11Header->abyAddr1[1],
1127 p802_11Header->abyAddr1[2],
1128 p802_11Header->abyAddr1[3],
1129 p802_11Header->abyAddr1[4],
1130 p802_11Header->abyAddr1[5]
1132 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1141 static BOOL s_bHandleRxEncryption (
1142 IN PSDevice pDevice,
1146 OUT PBYTE pbyNewRsr,
1147 OUT PSKeyItem *pKeyOut,
1149 OUT PWORD pwRxTSC15_0,
1150 OUT PDWORD pdwRxTSC47_16
1153 UINT PayloadLen = FrameSize;
1156 PSKeyItem pKey = NULL;
1157 BYTE byDecMode = KEY_CTL_WEP;
1158 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1164 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1165 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1166 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1167 pbyIV += 6; // 6 is 802.11 address4
1170 byKeyIdx = (*(pbyIV+3) & 0xc0);
1172 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1174 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1175 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1176 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1177 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1178 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1179 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1180 (pMgmt->byCSSPK != KEY_CTL_NONE)) {
1181 // unicast pkt use pairwise key
1182 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1183 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1184 if (pMgmt->byCSSPK == KEY_CTL_TKIP)
1185 byDecMode = KEY_CTL_TKIP;
1186 else if (pMgmt->byCSSPK == KEY_CTL_CCMP)
1187 byDecMode = KEY_CTL_CCMP;
1189 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1192 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1193 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1194 byDecMode = KEY_CTL_TKIP;
1195 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1196 byDecMode = KEY_CTL_CCMP;
1197 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1200 // our WEP only support Default Key
1202 // use default group key
1203 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1204 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1205 byDecMode = KEY_CTL_TKIP;
1206 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1207 byDecMode = KEY_CTL_CCMP;
1211 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1214 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1215 if (byDecMode == KEY_CTL_WEP) {
1216 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1217 } else if (pDevice->bLinkPass == TRUE) {
1218 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1222 if (byDecMode != pKey->byCipherSuite) {
1223 if (byDecMode == KEY_CTL_WEP) {
1224 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1225 } else if (pDevice->bLinkPass == TRUE) {
1226 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1231 if (byDecMode == KEY_CTL_WEP) {
1233 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1234 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1239 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1240 memcpy(pDevice->abyPRNG, pbyIV, 3);
1241 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1242 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1243 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1245 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1246 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1249 } else if ((byDecMode == KEY_CTL_TKIP) ||
1250 (byDecMode == KEY_CTL_CCMP)) {
1253 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1254 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1255 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1256 if (byDecMode == KEY_CTL_TKIP) {
1257 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1259 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1261 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1263 if ((byDecMode == KEY_CTL_TKIP) &&
1264 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1267 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1268 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1269 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1270 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1271 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1272 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1273 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1275 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1276 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1281 if ((*(pbyIV+3) & 0x20) != 0)
1287 static BOOL s_bHostWepRxEncryption (
1288 IN PSDevice pDevice,
1294 OUT PBYTE pbyNewRsr,
1296 OUT PWORD pwRxTSC15_0,
1297 OUT PDWORD pdwRxTSC47_16
1300 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1301 UINT PayloadLen = FrameSize;
1304 BYTE byDecMode = KEY_CTL_WEP;
1305 PS802_11Header pMACHeader;
1312 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1313 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1314 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1315 pbyIV += 6; // 6 is 802.11 address4
1318 byKeyIdx = (*(pbyIV+3) & 0xc0);
1320 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1323 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1324 byDecMode = KEY_CTL_TKIP;
1325 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1326 byDecMode = KEY_CTL_CCMP;
1328 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1330 if (byDecMode != pKey->byCipherSuite) {
1331 if (byDecMode == KEY_CTL_WEP) {
1332 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1333 } else if (pDevice->bLinkPass == TRUE) {
1334 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1339 if (byDecMode == KEY_CTL_WEP) {
1341 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1342 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1343 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1344 (bOnFly == FALSE)) {
1350 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1351 memcpy(pDevice->abyPRNG, pbyIV, 3);
1352 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1353 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1354 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1356 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1357 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1360 } else if ((byDecMode == KEY_CTL_TKIP) ||
1361 (byDecMode == KEY_CTL_CCMP)) {
1364 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1365 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1366 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1368 if (byDecMode == KEY_CTL_TKIP) {
1369 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1371 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1373 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1375 if (byDecMode == KEY_CTL_TKIP) {
1377 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1381 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1382 pMACHeader = (PS802_11Header) (pbyFrame);
1383 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1384 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1385 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1386 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1387 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1388 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1390 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1391 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1396 if (byDecMode == KEY_CTL_CCMP) {
1397 if (bOnFly == FALSE) {
1400 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1401 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1402 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1403 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1405 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1412 if ((*(pbyIV+3) & 0x20) != 0)
1419 static BOOL s_bAPModeRxData (
1420 IN PSDevice pDevice,
1421 IN struct sk_buff* skb,
1423 IN UINT cbHeaderOffset,
1424 IN INT iSANodeIndex,
1429 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1430 BOOL bRelayAndForward = FALSE;
1431 BOOL bRelayOnly = FALSE;
1432 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1436 struct sk_buff* skbcpy = NULL;
1438 if (FrameSize > CB_MAX_BUF_SIZE)
1441 if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) {
1442 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1444 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1446 // if any node in PS mode, buffer packet until DTIM.
1447 if (skbcpy == NULL) {
1448 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1451 skbcpy->dev = pDevice->dev;
1452 skbcpy->len = FrameSize;
1453 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1454 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1455 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1457 pMgmt->abyPSTxMap[0] |= byMask[0];
1461 bRelayAndForward = TRUE;
1466 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1467 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1468 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1469 // queue this skb until next PS tx, and then release.
1471 skb->data += cbHeaderOffset;
1472 skb->tail += cbHeaderOffset;
1473 skb_put(skb, FrameSize);
1474 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1476 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1477 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1478 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1479 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1480 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1490 if (bRelayOnly || bRelayAndForward) {
1491 // relay this packet right now
1492 if (bRelayAndForward)
1495 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1496 bRelayPacketSend(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex);
1502 // none associate, don't forward
1503 if (pDevice->uAssocCount == 0)
1517 PSDevice pDevice = (PSDevice) Context;
1521 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n");
1522 spin_lock_irq(&pDevice->lock);
1523 while ( MP_TEST_FLAG(pDevice, fMP_POST_READS) &&
1524 MP_IS_READY(pDevice) &&
1525 (pDevice->NumRecvFreeList != 0) ) {
1526 pRCB = pDevice->FirstRecvFreeList;
1527 pDevice->NumRecvFreeList--;
1528 ASSERT(pRCB);// cannot be NULL
1529 DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList);
1530 ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB);
1532 pDevice->bIsRxWorkItemQueued = FALSE;
1533 spin_unlock_irq(&pDevice->lock);
1544 PSDevice pDevice = (PSDevice)pRCB->pDevice;
1547 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n");
1549 ASSERT(!pRCB->Ref); // should be 0
1550 ASSERT(pRCB->pDevice); // shouldn't be NULL
1552 if (bReAllocSkb == TRUE) {
1553 pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1554 // todo error handling
1555 if (pRCB->skb == NULL) {
1556 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n");
1558 pRCB->skb->dev = pDevice->dev;
1562 // Insert the RCB back in the Recv free list
1564 EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB);
1565 pDevice->NumRecvFreeList++;
1568 if (MP_TEST_FLAG(pDevice, fMP_POST_READS) && MP_IS_READY(pDevice) &&
1569 (pDevice->bIsRxWorkItemQueued == FALSE) ) {
1571 pDevice->bIsRxWorkItemQueued = TRUE;
1572 tasklet_schedule(&pDevice->ReadWorkItem);
1574 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1583 PSDevice pDevice = (PSDevice) Context;
1585 PSRxMgmtPacket pRxPacket;
1586 BOOL bReAllocSkb = FALSE;
1588 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n");
1590 spin_lock_irq(&pDevice->lock);
1591 while (pDevice->NumRecvMngList!=0)
1593 pRCB = pDevice->FirstRecvMngList;
1594 pDevice->NumRecvMngList--;
1595 DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList);
1599 ASSERT(pRCB);// cannot be NULL
1600 pRxPacket = &(pRCB->sMngPacket);
1601 vMgrRxManagePacket((HANDLE)pDevice, &(pDevice->sMgmtObj), pRxPacket);
1603 if(pRCB->Ref == 0) {
1604 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1605 RXvFreeRCB(pRCB, bReAllocSkb);
1607 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n");
1611 pDevice->bIsRxMngWorkItemQueued = FALSE;
1612 spin_unlock_irq(&pDevice->lock);
git.openpandora.org / pandora-kernel.git / blob