2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * Purpose: handle dpc rx functions
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
42 #if !defined(__DEVICE_H__)
45 #if !defined(__RXTX_H__)
48 #if !defined(__TETHER_H__)
51 #if !defined(__CARD_H__)
54 #if !defined(__BSSDB_H__)
57 #if !defined(__MAC_H__)
60 #if !defined(__BASEBAND_H__)
63 #if !defined(__UMEM_H__)
66 #if !defined(__MICHAEL_H__)
69 #if !defined(__TKIP_H__)
72 #if !defined(__TCRC_H__)
75 #if !defined(__WCTL_H__)
78 #if !defined(__TBIT_H__)
81 #if !defined(__HOSTAP_H__)
84 #if !defined(__RF_H__)
87 #if !defined(__IOWPA_H__)
90 #if !defined(__AES_H__)
93 #if !defined(__DATARATE_H__)
96 #if !defined(__USBPIPE_H__)
101 /*--------------------- Static Definitions -------------------------*/
103 /*--------------------- Static Classes ----------------------------*/
105 /*--------------------- Static Variables --------------------------*/
106 //static int msglevel =MSG_LEVEL_DEBUG;
107 static int msglevel =MSG_LEVEL_INFO;
109 const BYTE acbyRxRate[MAX_RATE] =
110 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
113 /*--------------------- Static Functions --------------------------*/
115 /*--------------------- Static Definitions -------------------------*/
117 /*--------------------- Static Functions --------------------------*/
119 static BYTE s_byGetRateIdx(IN BYTE byRate);
125 IN PBYTE pbyRxBufferAddr,
126 OUT PUINT pcbHeaderSize,
127 OUT PSEthernetHeader psEthHeader
132 s_vProcessRxMACHeader (
134 IN PBYTE pbyRxBufferAddr,
135 IN UINT cbPacketSize,
138 OUT PUINT pcbHeadSize
141 static BOOL s_bAPModeRxCtl(
149 static BOOL s_bAPModeRxData (
151 IN struct sk_buff* skb,
153 IN UINT cbHeaderOffset,
159 static BOOL s_bHandleRxEncryption(
165 OUT PSKeyItem *pKeyOut,
167 OUT PWORD pwRxTSC15_0,
168 OUT PDWORD pdwRxTSC47_16
171 static BOOL s_bHostWepRxEncryption(
181 OUT PWORD pwRxTSC15_0,
182 OUT PDWORD pdwRxTSC47_16
186 /*--------------------- Export Variables --------------------------*/
191 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
196 * dwRxBufferAddr - Address of Rcv Buffer
197 * cbPacketSize - Rcv Packet size
198 * bIsWEP - If Rcv with WEP
200 * pcbHeaderSize - 802.11 header size
207 s_vProcessRxMACHeader (
209 IN PBYTE pbyRxBufferAddr,
210 IN UINT cbPacketSize,
213 OUT PUINT pcbHeadSize
217 UINT cbHeaderSize = 0;
219 PS802_11Header pMACHeader;
223 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
225 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
229 // strip IV&ExtIV , add 8 byte
230 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
232 // strip IV , add 4 byte
233 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
237 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
240 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
241 if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
244 else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
246 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
247 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
251 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
254 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
256 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
260 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
266 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
269 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
271 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
275 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
279 cbHeaderSize -= (U_ETHER_ADDR_LEN * 2);
280 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
281 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
282 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
283 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
284 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
286 *pcbHeadSize = cbHeaderSize;
292 static BYTE s_byGetRateIdx (IN BYTE byRate)
296 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
297 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
307 IN PBYTE pbyRxBufferAddr,
308 OUT PUINT pcbHeaderSize,
309 OUT PSEthernetHeader psEthHeader
312 UINT cbHeaderSize = 0;
313 PS802_11Header pMACHeader;
316 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
318 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
319 if (pMACHeader->wFrameCtl & FC_FROMDS) {
320 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
321 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
322 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
327 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
328 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
329 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
335 if (pMACHeader->wFrameCtl & FC_FROMDS) {
336 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
337 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
338 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
343 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
344 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
345 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
349 *pcbHeaderSize = cbHeaderSize;
356 RXbBulkInProcessData (
359 IN ULONG BytesToIndicate
363 struct net_device_stats* pStats=&pDevice->stats;
365 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
366 PSRxMgmtPacket pRxPacket = &(pMgmt->sRxPacket);
367 PS802_11Header p802_11Header;
373 BOOL bDeFragRx = FALSE;
377 INT iSANodeIndex = -1;
378 INT iDANodeIndex = -1;
384 #ifdef Calcu_LinkQual
388 PSKeyItem pKey = NULL;
390 DWORD dwRxTSC47_16 = 0;
397 PRCB pRCBIndicate = pRCB;
400 BYTE abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108};
401 WORD wPLCPwithPadding;
402 PS802_11Header pMACHeader;
403 BOOL bRxeapol_key = FALSE;
407 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n");
411 //[31:16]RcvByteCount ( not include 4-byte Status )
412 dwWbkStatus = *( (PDWORD)(skb->data) );
413 FrameSize = (UINT)(dwWbkStatus >> 16);
416 if (BytesToIndicate != FrameSize) {
417 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
421 if ((BytesToIndicate > 2372)||(BytesToIndicate <= 40)) {
422 // Frame Size error drop this packet.
423 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n");
427 pbyDAddress = (PBYTE)(skb->data);
428 pbyRxSts = pbyDAddress+4;
429 pbyRxRate = pbyDAddress+5;
431 //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding
432 //if SQ3 the range is 24~27, if no SQ3 the range is 20~23
433 //real Frame size in PLCPLength field.
434 pwPLCP_Length = (PWORD) (pbyDAddress + 6);
435 //Fix hardware bug => PLCP_Length error
436 if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) ||
437 ((BytesToIndicate - (*pwPLCP_Length)) < 24) ||
438 (BytesToIndicate < (*pwPLCP_Length)) ) {
440 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length);
444 for ( ii=RATE_1M;ii<MAX_RATE;ii++) {
445 if ( *pbyRxRate == abyVaildRate[ii] ) {
449 if ( ii==MAX_RATE ) {
450 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate);
454 wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4;
456 pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding);
457 #ifdef Calcu_LinkQual
458 if(pDevice->byBBType == BB_TYPE_11G) {
459 pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12;
463 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
467 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
469 pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9;
470 pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10;
471 pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11;
473 FrameSize = *pwPLCP_Length;
475 pbyFrame = pbyDAddress + 8;
476 // update receive statistic counter
478 STAvUpdateRDStatCounter(&pDevice->scStatistic,
488 pMACHeader = (PS802_11Header) pbyFrame;
490 //mike add: to judge if current AP is activated?
491 if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) ||
492 (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) {
493 if (pMgmt->sNodeDBTable[0].bActive) {
494 if(IS_ETH_ADDRESS_EQUAL (pMgmt->abyCurrBSSID, pMACHeader->abyAddr2) ) {
495 if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
496 pMgmt->sNodeDBTable[0].uInActiveCount = 0;
501 if (!IS_MULTICAST_ADDRESS(pMACHeader->abyAddr1) && !IS_BROADCAST_ADDRESS(pMACHeader->abyAddr1)) {
502 if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) {
503 pDevice->s802_11Counter.FrameDuplicateCount++;
507 if ( !IS_ETH_ADDRESS_EQUAL (pDevice->abyCurrentNetAddr, pMACHeader->abyAddr1) ) {
514 s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader);
516 if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr))
519 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
520 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
521 p802_11Header = (PS802_11Header) (pbyFrame);
523 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
524 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
525 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
530 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
531 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
537 if (IS_FC_WEP(pbyFrame)) {
538 BOOL bRxDecryOK = FALSE;
540 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
542 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
544 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
545 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
546 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
547 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
548 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
550 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
554 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
558 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
565 bRxDecryOK = s_bHandleRxEncryption(pDevice,
577 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
578 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
579 if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
580 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
581 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
582 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
583 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
585 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
586 pDevice->s802_11Counter.TKIPICVErrors++;
587 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
588 pDevice->s802_11Counter.CCMPDecryptErrors++;
589 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
590 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
596 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
599 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
600 FrameSize -= 8; // Message Integrity Code
602 FrameSize -= 4; // 4 is ICV
609 //remove the CRC length
610 FrameSize -= U_CRC_LEN;
612 if ((BITbIsAllBitsOff(*pbyRsr, (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address
613 (IS_FRAGMENT_PKT((pbyFrame)))
616 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV);
617 pDevice->s802_11Counter.ReceivedFragmentCount++;
620 // TODO skb, pbyFrame
621 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
622 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
623 pbyFrame = skb->data + 8;
631 // Management & Control frame Handle
633 if ((IS_TYPE_DATA((pbyFrame))) == FALSE) {
634 // Handle Control & Manage Frame
636 if (IS_TYPE_MGMT((pbyFrame))) {
640 pRxPacket = &(pRCB->sMngPacket);
641 pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame);
642 pRxPacket->cbMPDULen = FrameSize;
643 pRxPacket->uRSSI = *pbyRSSI;
644 pRxPacket->bySQ = *pbySQ;
645 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
646 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
649 pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame);
650 pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4;
651 for (ii = 0; ii < (FrameSize - 4); ii++) {
652 *pbyData1 = *pbyData2;
658 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
660 if ( *pbyRxSts == 0 ) {
661 //Discard beacon packet which channel is 0
662 if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) ||
663 (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) {
667 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
669 // hostap Deamon handle 802.11 management
670 if (pDevice->bEnableHostapd) {
671 skb->dev = pDevice->apdev;
676 skb_put(skb, FrameSize);
677 skb_reset_mac_header(skb);
678 skb->pkt_type = PACKET_OTHERHOST;
679 skb->protocol = htons(ETH_P_802_2);
680 memset(skb->cb, 0, sizeof(skb->cb));
686 // Insert the RCB in the Recv Mng list
688 EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate);
689 pDevice->NumRecvMngList++;
690 if ( bDeFragRx == FALSE) {
693 if (pDevice->bIsRxMngWorkItemQueued == FALSE) {
694 pDevice->bIsRxMngWorkItemQueued = TRUE;
695 tasklet_schedule(&pDevice->RxMngWorkItem);
705 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
706 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
707 if (BITbIsBitOff(*pbyRsr, RSR_BSSIDOK)) {
709 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
710 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
718 // discard DATA packet while not associate || BSSID error
719 if ((pDevice->bLinkPass == FALSE) ||
720 BITbIsBitOff(*pbyRsr, RSR_BSSIDOK)) {
722 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
723 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
729 //mike add:station mode check eapol-key challenge--->
731 BYTE Protocol_Version; //802.1x Authentication
732 BYTE Packet_Type; //802.1x Authentication
733 BYTE Descriptor_type;
739 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
740 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
741 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
742 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
743 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
744 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
745 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive
747 Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2];
748 Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ;
749 if(Descriptor_type==2) { //RSN
750 // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info);
752 else if(Descriptor_type==254) {
753 // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info);
758 //mike add:station mode check eapol-key challenge<---
766 if (pDevice->bEnablePSMode) {
767 if (IS_FC_MOREDATA((pbyFrame))) {
768 if (BITbIsBitOn(*pbyRsr, RSR_ADDROK)) {
769 //PSbSendPSPOLL((PSDevice)pDevice);
773 if (pMgmt->bInTIMWake == TRUE) {
774 pMgmt->bInTIMWake = FALSE;
779 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
780 if (pDevice->bDiversityEnable && (FrameSize>50) &&
781 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
782 (pDevice->bLinkPass == TRUE)) {
783 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
786 // ++++++++ For BaseBand Algorithm +++++++++++++++
787 pDevice->uCurrRSSI = *pbyRSSI;
788 pDevice->byCurrSQ = *pbySQ;
792 if ((*pbyRSSI != 0) &&
793 (pMgmt->pCurrBSS!=NULL)) {
794 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
795 // Moniter if RSSI is too strong.
796 pMgmt->pCurrBSS->byRSSIStatCnt++;
797 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
798 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
799 for(ii=0;ii<RSSI_STAT_COUNT;ii++) {
800 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
801 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
808 // -----------------------------------------------
810 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
813 // Only 802.1x packet incoming allowed
818 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
819 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
821 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
822 if (wEtherType == ETH_P_PAE) {
823 skb->dev = pDevice->apdev;
825 if (bIsWEP == TRUE) {
826 // strip IV header(8)
827 memcpy(&abyMacHdr[0], (skb->data + 8), 24);
828 memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24);
831 skb->data += (cbIVOffset + 8);
832 skb->tail += (cbIVOffset + 8);
833 skb_put(skb, FrameSize);
834 skb_reset_mac_header(skb);
835 skb->pkt_type = PACKET_OTHERHOST;
836 skb->protocol = htons(ETH_P_802_2);
837 memset(skb->cb, 0, sizeof(skb->cb));
842 // check if 802.1x authorized
843 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
848 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
850 FrameSize -= 8; //MIC
854 //--------------------------------------------------------------------------------
856 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
860 DWORD dwMIC_Priority;
861 DWORD dwMICKey0 = 0, dwMICKey1 = 0;
862 DWORD dwLocalMIC_L = 0;
863 DWORD dwLocalMIC_R = 0;
864 viawget_wpa_header *wpahdr;
867 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
868 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
869 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
872 if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
873 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
874 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
875 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
876 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
877 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
879 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
880 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
884 MIC_vInit(dwMICKey0, dwMICKey1);
885 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
887 MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
888 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
889 MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8),
890 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
891 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
894 pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize);
895 pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4);
898 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
899 (pDevice->bRxMICFail == TRUE)) {
900 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
901 pDevice->bRxMICFail = FALSE;
902 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
903 pDevice->s802_11Counter.TKIPLocalMICFailures++;
905 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
906 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
910 //2008-0409-07, <Add> by Einsn Liu
911 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
912 //send event to wpa_supplicant
913 //if(pDevice->bWPASuppWextEnabled == TRUE)
915 union iwreq_data wrqu;
916 struct iw_michaelmicfailure ev;
917 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
918 memset(&ev, 0, sizeof(ev));
919 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
920 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
921 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
922 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
923 ev.flags |= IW_MICFAILURE_PAIRWISE;
925 ev.flags |= IW_MICFAILURE_GROUP;
928 ev.src_addr.sa_family = ARPHRD_ETHER;
929 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
930 memset(&wrqu, 0, sizeof(wrqu));
931 wrqu.data.length = sizeof(ev);
932 PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
933 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
939 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
940 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
941 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
942 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
943 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
944 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
945 wpahdr->type = VIAWGET_PTK_MIC_MSG;
947 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
948 wpahdr->type = VIAWGET_GTK_MIC_MSG;
950 wpahdr->resp_ie_len = 0;
951 wpahdr->req_ie_len = 0;
952 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
953 pDevice->skb->dev = pDevice->wpadev;
954 skb_reset_mac_header(pDevice->skb);
955 pDevice->skb->pkt_type = PACKET_HOST;
956 pDevice->skb->protocol = htons(ETH_P_802_2);
957 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
958 netif_rx(pDevice->skb);
959 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
966 } //---end of SOFT MIC-----------------------------------------------------------------------
968 // ++++++++++ Reply Counter Check +++++++++++++
970 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
971 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
973 WORD wLocalTSC15_0 = 0;
974 DWORD dwLocalTSC47_16 = 0;
977 RSC = *((ULONGLONG *) &(pKey->KeyRSC));
978 wLocalTSC15_0 = (WORD) RSC;
979 dwLocalTSC47_16 = (DWORD) (RSC>>16);
984 MEMvCopy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
986 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
987 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
989 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
990 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
991 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
992 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
993 if (pKey->byCipherSuite == KEY_CTL_TKIP)
994 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
995 pDevice->s802_11Counter.TKIPReplays++;
997 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
998 pDevice->s802_11Counter.CCMPReplays++;
1001 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1002 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1003 pDevice->dev->name);
1010 } // ----- End of Reply Counter Check --------------------------
1013 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
1014 FrameSize -= cbHeaderOffset;
1015 cbHeaderOffset += 8; // 8 is Rcv buffer header
1017 // Null data, framesize = 12
1021 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
1022 if (s_bAPModeRxData(pDevice,
1031 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1032 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1033 pDevice->dev->name);
1041 skb->data += cbHeaderOffset;
1042 skb->tail += cbHeaderOffset;
1043 skb_put(skb, FrameSize);
1044 skb->protocol=eth_type_trans(skb, skb->dev);
1045 skb->ip_summed=CHECKSUM_NONE;
1046 pStats->rx_bytes +=skb->len;
1047 pStats->rx_packets++;
1050 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1051 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1052 pDevice->dev->name);
1061 static BOOL s_bAPModeRxCtl (
1062 IN PSDevice pDevice,
1067 PS802_11Header p802_11Header;
1069 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1072 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1074 p802_11Header = (PS802_11Header) (pbyFrame);
1075 if (!IS_TYPE_MGMT(pbyFrame)) {
1077 // Data & PS-Poll packet
1078 // check frame class
1079 if (iSANodeIndex > 0) {
1080 // frame class 3 fliter & checking
1081 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1082 // send deauth notification
1083 // reason = (6) class 2 received from nonauth sta
1084 vMgrDeAuthenBeginSta(pDevice,
1086 (PBYTE)(p802_11Header->abyAddr2),
1087 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1090 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1093 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1094 // send deassoc notification
1095 // reason = (7) class 3 received from nonassoc sta
1096 vMgrDisassocBeginSta(pDevice,
1098 (PBYTE)(p802_11Header->abyAddr2),
1099 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1102 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1106 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1107 // delcare received ps-poll event
1108 if (IS_CTL_PSPOLL(pbyFrame)) {
1109 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1110 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1111 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1114 // check Data PS state
1115 // if PW bit off, send out all PS bufferring packets.
1116 if (!IS_FC_POWERMGT(pbyFrame)) {
1117 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1118 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1119 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1120 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1125 if (IS_FC_POWERMGT(pbyFrame)) {
1126 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1127 // Once if STA in PS state, enable multicast bufferring
1128 pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1131 // clear all pending PS frame.
1132 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1133 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1134 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1135 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1136 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1143 vMgrDeAuthenBeginSta(pDevice,
1145 (PBYTE)(p802_11Header->abyAddr2),
1146 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1149 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1150 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1151 p802_11Header->abyAddr3[0],
1152 p802_11Header->abyAddr3[1],
1153 p802_11Header->abyAddr3[2],
1154 p802_11Header->abyAddr3[3],
1155 p802_11Header->abyAddr3[4],
1156 p802_11Header->abyAddr3[5]
1158 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1159 p802_11Header->abyAddr2[0],
1160 p802_11Header->abyAddr2[1],
1161 p802_11Header->abyAddr2[2],
1162 p802_11Header->abyAddr2[3],
1163 p802_11Header->abyAddr2[4],
1164 p802_11Header->abyAddr2[5]
1166 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1167 p802_11Header->abyAddr1[0],
1168 p802_11Header->abyAddr1[1],
1169 p802_11Header->abyAddr1[2],
1170 p802_11Header->abyAddr1[3],
1171 p802_11Header->abyAddr1[4],
1172 p802_11Header->abyAddr1[5]
1174 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1183 static BOOL s_bHandleRxEncryption (
1184 IN PSDevice pDevice,
1188 OUT PBYTE pbyNewRsr,
1189 OUT PSKeyItem *pKeyOut,
1191 OUT PWORD pwRxTSC15_0,
1192 OUT PDWORD pdwRxTSC47_16
1195 UINT PayloadLen = FrameSize;
1198 PSKeyItem pKey = NULL;
1199 BYTE byDecMode = KEY_CTL_WEP;
1200 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1206 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1207 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1208 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1209 pbyIV += 6; // 6 is 802.11 address4
1212 byKeyIdx = (*(pbyIV+3) & 0xc0);
1214 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1216 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1217 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1218 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1219 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1220 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1221 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1222 (pMgmt->byCSSPK != KEY_CTL_NONE)) {
1223 // unicast pkt use pairwise key
1224 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1225 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1226 if (pMgmt->byCSSPK == KEY_CTL_TKIP)
1227 byDecMode = KEY_CTL_TKIP;
1228 else if (pMgmt->byCSSPK == KEY_CTL_CCMP)
1229 byDecMode = KEY_CTL_CCMP;
1231 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1234 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1235 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1236 byDecMode = KEY_CTL_TKIP;
1237 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1238 byDecMode = KEY_CTL_CCMP;
1239 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1242 // our WEP only support Default Key
1244 // use default group key
1245 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1246 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1247 byDecMode = KEY_CTL_TKIP;
1248 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1249 byDecMode = KEY_CTL_CCMP;
1253 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1256 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1257 if (byDecMode == KEY_CTL_WEP) {
1258 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1259 } else if (pDevice->bLinkPass == TRUE) {
1260 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1264 if (byDecMode != pKey->byCipherSuite) {
1265 if (byDecMode == KEY_CTL_WEP) {
1266 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1267 } else if (pDevice->bLinkPass == TRUE) {
1268 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1273 if (byDecMode == KEY_CTL_WEP) {
1275 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1276 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1281 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1282 MEMvCopy(pDevice->abyPRNG, pbyIV, 3);
1283 MEMvCopy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1284 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1285 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1287 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1288 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1291 } else if ((byDecMode == KEY_CTL_TKIP) ||
1292 (byDecMode == KEY_CTL_CCMP)) {
1295 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1296 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1297 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1298 if (byDecMode == KEY_CTL_TKIP) {
1299 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1301 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1303 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1305 if ((byDecMode == KEY_CTL_TKIP) &&
1306 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1309 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1310 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1311 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1312 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1313 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1314 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1315 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1317 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1318 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1323 if ((*(pbyIV+3) & 0x20) != 0)
1329 static BOOL s_bHostWepRxEncryption (
1330 IN PSDevice pDevice,
1336 OUT PBYTE pbyNewRsr,
1338 OUT PWORD pwRxTSC15_0,
1339 OUT PDWORD pdwRxTSC47_16
1342 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1343 UINT PayloadLen = FrameSize;
1346 BYTE byDecMode = KEY_CTL_WEP;
1347 PS802_11Header pMACHeader;
1354 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1355 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1356 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1357 pbyIV += 6; // 6 is 802.11 address4
1360 byKeyIdx = (*(pbyIV+3) & 0xc0);
1362 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1365 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1366 byDecMode = KEY_CTL_TKIP;
1367 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1368 byDecMode = KEY_CTL_CCMP;
1370 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1372 if (byDecMode != pKey->byCipherSuite) {
1373 if (byDecMode == KEY_CTL_WEP) {
1374 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1375 } else if (pDevice->bLinkPass == TRUE) {
1376 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1381 if (byDecMode == KEY_CTL_WEP) {
1383 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1384 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1385 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1386 (bOnFly == FALSE)) {
1392 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1393 MEMvCopy(pDevice->abyPRNG, pbyIV, 3);
1394 MEMvCopy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1395 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1396 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1398 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1399 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1402 } else if ((byDecMode == KEY_CTL_TKIP) ||
1403 (byDecMode == KEY_CTL_CCMP)) {
1406 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1407 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1408 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1410 if (byDecMode == KEY_CTL_TKIP) {
1411 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1413 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1415 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1417 if (byDecMode == KEY_CTL_TKIP) {
1419 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1423 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1424 pMACHeader = (PS802_11Header) (pbyFrame);
1425 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1426 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1427 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1428 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1429 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1430 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1432 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1433 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1438 if (byDecMode == KEY_CTL_CCMP) {
1439 if (bOnFly == FALSE) {
1442 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1443 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1444 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1445 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1447 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1454 if ((*(pbyIV+3) & 0x20) != 0)
1461 static BOOL s_bAPModeRxData (
1462 IN PSDevice pDevice,
1463 IN struct sk_buff* skb,
1465 IN UINT cbHeaderOffset,
1466 IN INT iSANodeIndex,
1471 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1472 BOOL bRelayAndForward = FALSE;
1473 BOOL bRelayOnly = FALSE;
1474 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1478 struct sk_buff* skbcpy = NULL;
1480 if (FrameSize > CB_MAX_BUF_SIZE)
1483 if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) {
1484 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1486 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1488 // if any node in PS mode, buffer packet until DTIM.
1489 if (skbcpy == NULL) {
1490 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1493 skbcpy->dev = pDevice->dev;
1494 skbcpy->len = FrameSize;
1495 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1496 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1497 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1499 pMgmt->abyPSTxMap[0] |= byMask[0];
1503 bRelayAndForward = TRUE;
1508 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1509 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1510 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1511 // queue this skb until next PS tx, and then release.
1513 skb->data += cbHeaderOffset;
1514 skb->tail += cbHeaderOffset;
1515 skb_put(skb, FrameSize);
1516 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1518 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1519 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1520 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1521 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1522 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1532 if (bRelayOnly || bRelayAndForward) {
1533 // relay this packet right now
1534 if (bRelayAndForward)
1537 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1538 bRelayPacketSend(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex);
1544 // none associate, don't forward
1545 if (pDevice->uAssocCount == 0)
1559 PSDevice pDevice = (PSDevice) Context;
1563 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n");
1564 spin_lock_irq(&pDevice->lock);
1565 while ( MP_TEST_FLAG(pDevice, fMP_POST_READS) &&
1566 MP_IS_READY(pDevice) &&
1567 (pDevice->NumRecvFreeList != 0) ) {
1568 pRCB = pDevice->FirstRecvFreeList;
1569 pDevice->NumRecvFreeList--;
1570 ASSERT(pRCB);// cannot be NULL
1571 DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList);
1572 ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB);
1574 pDevice->bIsRxWorkItemQueued = FALSE;
1575 spin_unlock_irq(&pDevice->lock);
1586 PSDevice pDevice = (PSDevice)pRCB->pDevice;
1589 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n");
1591 ASSERT(!pRCB->Ref); // should be 0
1592 ASSERT(pRCB->pDevice); // shouldn't be NULL
1594 if (bReAllocSkb == TRUE) {
1595 pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1596 // todo error handling
1597 if (pRCB->skb == NULL) {
1598 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n");
1600 pRCB->skb->dev = pDevice->dev;
1604 // Insert the RCB back in the Recv free list
1606 EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB);
1607 pDevice->NumRecvFreeList++;
1610 if (MP_TEST_FLAG(pDevice, fMP_POST_READS) && MP_IS_READY(pDevice) &&
1611 (pDevice->bIsRxWorkItemQueued == FALSE) ) {
1613 pDevice->bIsRxWorkItemQueued = TRUE;
1614 tasklet_schedule(&pDevice->ReadWorkItem);
1616 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1625 PSDevice pDevice = (PSDevice) Context;
1627 PSRxMgmtPacket pRxPacket;
1628 BOOL bReAllocSkb = FALSE;
1630 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n");
1632 spin_lock_irq(&pDevice->lock);
1633 while (pDevice->NumRecvMngList!=0)
1635 pRCB = pDevice->FirstRecvMngList;
1636 pDevice->NumRecvMngList--;
1637 DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList);
1641 ASSERT(pRCB);// cannot be NULL
1642 pRxPacket = &(pRCB->sMngPacket);
1643 vMgrRxManagePacket((HANDLE)pDevice, &(pDevice->sMgmtObj), pRxPacket);
1645 if(pRCB->Ref == 0) {
1646 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1647 RXvFreeRCB(pRCB, bReAllocSkb);
1649 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n");
1653 pDevice->bIsRxMngWorkItemQueued = FALSE;
1654 spin_unlock_irq(&pDevice->lock);