2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * Purpose: handle dpc rx functions
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
42 #if !defined(__DEVICE_H__)
45 #if !defined(__RXTX_H__)
48 #if !defined(__TETHER_H__)
51 #if !defined(__CARD_H__)
54 #if !defined(__BSSDB_H__)
57 #if !defined(__MAC_H__)
60 #if !defined(__BASEBAND_H__)
63 #if !defined(__UMEM_H__)
66 #if !defined(__MICHAEL_H__)
69 #if !defined(__TKIP_H__)
72 #if !defined(__TCRC_H__)
75 #if !defined(__WCTL_H__)
78 #if !defined(__WROUTE_H__)
81 #if !defined(__TBIT_H__)
84 #if !defined(__HOSTAP_H__)
87 #if !defined(__RF_H__)
90 #if !defined(__IOWPA_H__)
93 #if !defined(__AES_H__)
100 /*--------------------- Static Definitions -------------------------*/
102 /*--------------------- Static Classes ----------------------------*/
104 /*--------------------- Static Variables --------------------------*/
105 //static int msglevel =MSG_LEVEL_DEBUG;
106 static int msglevel =MSG_LEVEL_INFO;
108 const BYTE acbyRxRate[MAX_RATE] =
109 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
112 /*--------------------- Static Functions --------------------------*/
114 /*--------------------- Static Definitions -------------------------*/
116 /*--------------------- Static Functions --------------------------*/
118 static BYTE s_byGetRateIdx(IN BYTE byRate);
124 IN PBYTE pbyRxBufferAddr,
125 OUT PUINT pcbHeaderSize,
126 OUT PSEthernetHeader psEthHeader
131 s_vProcessRxMACHeader (
133 IN PBYTE pbyRxBufferAddr,
134 IN UINT cbPacketSize,
137 OUT PUINT pcbHeadSize
140 static BOOL s_bAPModeRxCtl(
148 static BOOL s_bAPModeRxData (
152 IN UINT cbHeaderOffset,
158 static BOOL s_bAPModeRxData (
160 IN struct sk_buff* skb,
162 IN UINT cbHeaderOffset,
169 static BOOL s_bHandleRxEncryption(
175 OUT PSKeyItem *pKeyOut,
177 OUT PWORD pwRxTSC15_0,
178 OUT PDWORD pdwRxTSC47_16
181 static BOOL s_bHostWepRxEncryption(
191 OUT PWORD pwRxTSC15_0,
192 OUT PDWORD pdwRxTSC47_16
196 /*--------------------- Export Variables --------------------------*/
201 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
206 * dwRxBufferAddr - Address of Rcv Buffer
207 * cbPacketSize - Rcv Packet size
208 * bIsWEP - If Rcv with WEP
210 * pcbHeaderSize - 802.11 header size
217 s_vProcessRxMACHeader (
219 IN PBYTE pbyRxBufferAddr,
220 IN UINT cbPacketSize,
223 OUT PUINT pcbHeadSize
227 UINT cbHeaderSize = 0;
229 PS802_11Header pMACHeader;
233 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
235 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
239 // strip IV&ExtIV , add 8 byte
240 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
242 // strip IV , add 4 byte
243 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
247 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
250 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
251 if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
254 else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
256 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
257 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
261 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
264 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
266 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
270 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
276 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
279 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
281 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
285 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
289 cbHeaderSize -= (U_ETHER_ADDR_LEN * 2);
290 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
291 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
292 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
293 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
294 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
296 *pcbHeadSize = cbHeaderSize;
302 static BYTE s_byGetRateIdx (IN BYTE byRate)
306 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
307 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
317 IN PBYTE pbyRxBufferAddr,
318 OUT PUINT pcbHeaderSize,
319 OUT PSEthernetHeader psEthHeader
322 UINT cbHeaderSize = 0;
323 PS802_11Header pMACHeader;
326 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
328 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
329 if (pMACHeader->wFrameCtl & FC_FROMDS) {
330 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
331 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
332 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
337 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
338 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
339 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
345 if (pMACHeader->wFrameCtl & FC_FROMDS) {
346 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
347 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
348 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
353 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
354 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
355 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
359 *pcbHeaderSize = cbHeaderSize;
367 VOID MngWorkItem(PVOID Context)
369 PSRxMgmtPacket pRxMgmtPacket;
370 PSDevice pDevice = (PSDevice) Context;
371 //printk("Enter MngWorkItem,Queue packet num is %d\n",pDevice->rxManeQueue.packet_num);
372 spin_lock_irq(&pDevice->lock);
373 while(pDevice->rxManeQueue.packet_num != 0)
375 pRxMgmtPacket = DeQueue(pDevice);
376 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket);
378 spin_unlock_irq(&pDevice->lock);
387 device_receive_frame (
393 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo;
395 //printk("device_receive_frame:pCurrRD is %x,pRDInfo is %x\n",pCurrRD,pCurrRD->pRDInfo);
397 struct net_device_stats* pStats=&pDevice->stats;
403 PSMgmtObject pMgmt = pDevice->pMgmt;
404 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket);
405 PS802_11Header p802_11Header;
412 BOOL bDeFragRx = FALSE;
417 INT iSANodeIndex = -1;
418 INT iDANodeIndex = -1;
426 PSKeyItem pKey = NULL;
428 DWORD dwRxTSC47_16 = 0;
431 DWORD dwDuration = 0;
433 LONG ldBmThreshold = 0;
434 PS802_11Header pMACHeader;
435 BOOL bRxeapol_key = FALSE;
437 // DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- device_receive_frame---\n");
439 skb = &(pRDInfo->ref_skb);
448 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma,
449 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE);
452 pwFrameSize = (PWORD)(skb->data + 2);
453 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount);
455 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
456 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
457 if ((FrameSize > 2364)||(FrameSize <= 32)) {
458 // Frame Size error drop this packet.
459 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
463 pbyRxSts = (PBYTE) (skb->data);
464 pbyRxRate = (PBYTE) (skb->data + 1);
465 pbyRsr = (PBYTE) (skb->data + FrameSize - 1);
466 pbyRSSI = (PBYTE) (skb->data + FrameSize - 2);
467 pbyNewRsr = (PBYTE) (skb->data + FrameSize - 3);
468 pbySQ = (PBYTE) (skb->data + FrameSize - 4);
469 pqwTSFTime = (PQWORD) (skb->data + FrameSize - 12);
470 pbyFrame = (PBYTE)(skb->data + 4);
473 FrameSize = cpu_to_le16(*pwFrameSize);
475 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC
477 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n");
482 // update receive statistic counter
483 STAvUpdateRDStatCounter(&pDevice->scStatistic,
492 pMACHeader=(PS802_11Header)((PBYTE) (skb->data)+8);
494 if (pDevice->bMeasureInProgress == TRUE) {
495 if ((*pbyRsr & RSR_CRCOK) != 0) {
496 pDevice->byBasicMap |= 0x01;
498 dwDuration = (FrameSize << 4);
499 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE];
500 if (*pbyRxRate <= RATE_11M) {
501 if (BITbIsBitOn(*pbyRxSts, 0x01)) {
511 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
513 for (ii = 7; ii > 0;) {
514 if (ldBm > ldBmThreshold) {
520 pDevice->dwRPIs[ii] += dwDuration;
524 if (!IS_MULTICAST_ADDRESS(pbyFrame) && !IS_BROADCAST_ADDRESS(pbyFrame)) {
525 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) (skb->data + 4))) {
526 pDevice->s802_11Counter.FrameDuplicateCount++;
533 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader);
535 // filter packet send from myself
536 if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr))
539 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
540 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
541 p802_11Header = (PS802_11Header) (pbyFrame);
543 if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
545 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = get_jiffies();
547 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
549 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
554 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
555 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
559 if (IS_FC_WEP(pbyFrame)) {
560 BOOL bRxDecryOK = FALSE;
562 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
564 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
566 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
567 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
568 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
569 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
570 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
572 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
576 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
580 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
587 bRxDecryOK = s_bHandleRxEncryption(pDevice,
599 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
600 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
601 if ( (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
602 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
603 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
604 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
605 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
607 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
608 pDevice->s802_11Counter.TKIPICVErrors++;
609 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
610 pDevice->s802_11Counter.CCMPDecryptErrors++;
611 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
612 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
618 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
621 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
622 FrameSize -= 8; // Message Integrity Code
624 FrameSize -= 4; // 4 is ICV
631 //remove the CRC length
632 FrameSize -= U_CRC_LEN;
634 if ((BITbIsAllBitsOff(*pbyRsr, (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address
635 (IS_FRAGMENT_PKT((skb->data+4)))
638 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (skb->data+4), FrameSize, bIsWEP, bExtIV);
639 pDevice->s802_11Counter.ReceivedFragmentCount++;
643 skb = &(pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].ref_skb);
645 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
647 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
656 // Management & Control frame Handle
657 if ((IS_TYPE_DATA((skb->data+4))) == FALSE) {
658 // Handle Control & Manage Frame
660 if (IS_TYPE_MGMT((skb->data+4))) {
664 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4);
665 pRxPacket->cbMPDULen = FrameSize;
666 pRxPacket->uRSSI = *pbyRSSI;
667 pRxPacket->bySQ = *pbySQ;
668 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
669 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
672 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4);
673 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4;
674 for (ii = 0; ii < (FrameSize - 4); ii++) {
675 *pbyData1 = *pbyData2;
680 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
681 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
683 //EnQueue(pDevice,pRxPacket);
686 EnQueue(pDevice,pRxPacket);
688 //printk("enque time is %x\n",jiffies);
689 //up(&pDevice->mlme_semaphore);
690 //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt);
694 EnQueue(pDevice,pRxPacket);
695 tasklet_schedule(&pDevice->RxMngWorkItem);
698 vMgrRxManagePacket((HANDLE)pDevice, pDevice->pMgmt, pRxPacket);
699 //tasklet_schedule(&pDevice->RxMngWorkItem);
704 //vMgrRxManagePacket((HANDLE)pDevice, pDevice->pMgmt, pRxPacket);
705 // hostap Deamon handle 802.11 management
706 if (pDevice->bEnableHostapd) {
707 skb->dev = pDevice->apdev;
709 ref_skb_add_offset(skb->skb, 4);
710 ref_skb_set_dev(pDevice->apdev, skb->skb);
711 skb_put(skb->skb, FrameSize);
712 skb->mac_header = skb->data;
713 *(skb->pkt_type) = PACKET_OTHERHOST;
714 *(skb->protocol) = htons(ETH_P_802_2);
715 memset(skb->cb, 0, sizeof(skb->cb));
720 skb_put(skb, FrameSize);
721 skb->mac_header = skb->data;
722 skb->pkt_type = PACKET_OTHERHOST;
723 skb->protocol = htons(ETH_P_802_2);
724 memset(skb->cb, 0, sizeof(skb->cb));
736 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
737 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
738 if (BITbIsBitOff(*pbyRsr, RSR_BSSIDOK)) {
740 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
741 DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
749 // discard DATA packet while not associate || BSSID error
750 if ((pDevice->bLinkPass == FALSE) ||
751 BITbIsBitOff(*pbyRsr, RSR_BSSIDOK)) {
753 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
754 DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
761 //mike add:station mode check eapol-key challenge--->
763 BYTE Protocol_Version; //802.1x Authentication
764 BYTE Packet_Type; //802.1x Authentication
769 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
770 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
771 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
772 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
773 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
774 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
775 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive
780 //mike add:station mode check eapol-key challenge<---
786 if (pDevice->bEnablePSMode) {
787 if (IS_FC_MOREDATA((skb->data+4))) {
788 if (BITbIsBitOn(*pbyRsr, RSR_ADDROK)) {
789 //PSbSendPSPOLL((PSDevice)pDevice);
793 if (pDevice->pMgmt->bInTIMWake == TRUE) {
794 pDevice->pMgmt->bInTIMWake = FALSE;
799 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
800 if (pDevice->bDiversityEnable && (FrameSize>50) &&
801 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
802 (pDevice->bLinkPass == TRUE)) {
803 //printk("device_receive_frame: RxRate is %d\n",*pbyRxRate);
804 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
808 if (pDevice->byLocalID != REV_ID_VT3253_B1) {
809 pDevice->uCurrRSSI = *pbyRSSI;
811 pDevice->byCurrSQ = *pbySQ;
813 if ((*pbyRSSI != 0) &&
814 (pMgmt->pCurrBSS!=NULL)) {
815 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
816 // Moniter if RSSI is too strong.
817 pMgmt->pCurrBSS->byRSSIStatCnt++;
818 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
819 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
820 for(ii=0;ii<RSSI_STAT_COUNT;ii++) {
821 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
822 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
827 // -----------------------------------------------
829 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
832 // Only 802.1x packet incoming allowed
837 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) |
838 skb->data[cbIVOffset + 4 + 24 + 6 + 1];
840 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
841 if (wEtherType == ETH_P_PAE) {
842 skb->dev = pDevice->apdev;
844 if (bIsWEP == TRUE) {
845 // strip IV header(8)
846 memcpy(&abyMacHdr[0], (skb->data + 4), 24);
847 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24);
850 ref_skb_add_offset(skb->skb, (cbIVOffset + 4));
851 ref_skb_set_dev(pDevice->apdev, skb->skb);
852 skb_put(skb->skb, FrameSize);
853 skb->mac_header = skb->data;
854 *(skb->pkt_type) = PACKET_OTHERHOST;
855 *(skb->protocol) = htons(ETH_P_802_2);
856 memset(skb->cb, 0, sizeof(skb->cb));
859 skb->data += (cbIVOffset + 4);
860 skb->tail += (cbIVOffset + 4);
861 skb_put(skb, FrameSize);
862 skb->mac_header = skb->data;
864 skb->pkt_type = PACKET_OTHERHOST;
865 skb->protocol = htons(ETH_P_802_2);
866 memset(skb->cb, 0, sizeof(skb->cb));
872 // check if 802.1x authorized
873 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
878 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
880 FrameSize -= 8; //MIC
884 //--------------------------------------------------------------------------------
886 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
890 DWORD dwMIC_Priority;
891 DWORD dwMICKey0 = 0, dwMICKey1 = 0;
892 DWORD dwLocalMIC_L = 0;
893 DWORD dwLocalMIC_R = 0;
894 viawget_wpa_header *wpahdr;
897 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
898 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
899 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
902 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
903 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
904 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
905 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
906 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
907 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
909 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
910 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
914 MIC_vInit(dwMICKey0, dwMICKey1);
915 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
917 MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
918 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
919 MIC_vAppend((PBYTE)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8),
920 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
921 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
924 pdwMIC_L = (PDWORD)(skb->data + 4 + FrameSize);
925 pdwMIC_R = (PDWORD)(skb->data + 4 + FrameSize + 4);
926 //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R));
927 //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R));
928 //DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1);
931 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
932 (pDevice->bRxMICFail == TRUE)) {
933 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
934 pDevice->bRxMICFail = FALSE;
935 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
936 pDevice->s802_11Counter.TKIPLocalMICFailures++;
938 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
939 DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
944 //2008-0409-07, <Add> by Einsn Liu
945 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
946 //send event to wpa_supplicant
947 //if(pDevice->bWPADevEnable == TRUE)
949 union iwreq_data wrqu;
950 struct iw_michaelmicfailure ev;
951 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
952 memset(&ev, 0, sizeof(ev));
953 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
954 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
955 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
956 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
957 ev.flags |= IW_MICFAILURE_PAIRWISE;
959 ev.flags |= IW_MICFAILURE_GROUP;
962 ev.src_addr.sa_family = ARPHRD_ETHER;
963 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
964 memset(&wrqu, 0, sizeof(wrqu));
965 wrqu.data.length = sizeof(ev);
966 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
970 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
971 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
972 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
973 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
974 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
975 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
976 wpahdr->type = VIAWGET_PTK_MIC_MSG;
978 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
979 wpahdr->type = VIAWGET_GTK_MIC_MSG;
981 wpahdr->resp_ie_len = 0;
982 wpahdr->req_ie_len = 0;
983 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
984 pDevice->skb->dev = pDevice->wpadev;
985 pDevice->skb->mac_header = pDevice->skb->data;
986 pDevice->skb->pkt_type = PACKET_HOST;
987 pDevice->skb->protocol = htons(ETH_P_802_2);
988 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
989 netif_rx(pDevice->skb);
990 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
997 } //---end of SOFT MIC-----------------------------------------------------------------------
999 // ++++++++++ Reply Counter Check +++++++++++++
1001 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
1002 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
1004 WORD wLocalTSC15_0 = 0;
1005 DWORD dwLocalTSC47_16 = 0;
1008 RSC = *((ULONGLONG *) &(pKey->KeyRSC));
1009 wLocalTSC15_0 = (WORD) RSC;
1010 dwLocalTSC47_16 = (DWORD) (RSC>>16);
1015 MEMvCopy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
1017 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
1018 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
1020 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
1021 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
1022 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
1023 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
1024 if (pKey->byCipherSuite == KEY_CTL_TKIP)
1025 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
1026 pDevice->s802_11Counter.TKIPReplays++;
1028 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
1029 pDevice->s802_11Counter.CCMPReplays++;
1032 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1033 DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1034 pDevice->dev->name);
1041 } // ----- End of Reply Counter Check --------------------------
1045 if ((pKey != NULL) && (bIsWEP)) {
1046 // pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++;
1050 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
1051 FrameSize -= cbHeaderOffset;
1052 cbHeaderOffset += 4; // 4 is Rcv buffer header
1054 // Null data, framesize = 14
1058 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
1059 if (s_bAPModeRxData(pDevice,
1068 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1069 DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1070 pDevice->dev->name);
1076 // if(pDevice->bRxMICFail == FALSE) {
1077 // for (ii =0; ii < 100; ii++)
1078 // printk(" %02x", *(skb->data + ii));
1085 ref_skb_add_offset(skb->skb, cbHeaderOffset);
1086 skb_put(skb->skb, FrameSize);
1087 *(skb->protocol)=eth_type_trans(skb->skb, skb->dev);
1090 skb->data += cbHeaderOffset;
1091 skb->tail += cbHeaderOffset;
1092 skb_put(skb, FrameSize);
1093 skb->protocol=eth_type_trans(skb, skb->dev);
1097 //drop frame not met IEEE 802.3
1099 if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) {
1101 if ((*(skb->protocol)==htons(ETH_P_802_3)) &&
1102 (*(skb->len)!=htons(skb->mac.ethernet->h_proto))) {
1104 if ((skb->protocol==htons(ETH_P_802_3)) &&
1105 (skb->len!=htons(skb->mac.ethernet->h_proto))) {
1107 pStats->rx_length_errors++;
1108 pStats->rx_dropped++;
1110 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1111 DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1112 pDevice->dev->name);
1121 *(skb->ip_summed)=CHECKSUM_NONE;
1122 pStats->rx_bytes +=*(skb->len);
1123 pStats->rx_packets++;
1126 skb->ip_summed=CHECKSUM_NONE;
1127 pStats->rx_bytes +=skb->len;
1128 pStats->rx_packets++;
1133 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1134 DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1135 pDevice->dev->name);
1143 static BOOL s_bAPModeRxCtl (
1144 IN PSDevice pDevice,
1149 PS802_11Header p802_11Header;
1151 PSMgmtObject pMgmt = pDevice->pMgmt;
1154 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1156 p802_11Header = (PS802_11Header) (pbyFrame);
1157 if (!IS_TYPE_MGMT(pbyFrame)) {
1159 // Data & PS-Poll packet
1160 // check frame class
1161 if (iSANodeIndex > 0) {
1162 // frame class 3 fliter & checking
1163 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1164 // send deauth notification
1165 // reason = (6) class 2 received from nonauth sta
1166 vMgrDeAuthenBeginSta(pDevice,
1168 (PBYTE)(p802_11Header->abyAddr2),
1169 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1172 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1175 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1176 // send deassoc notification
1177 // reason = (7) class 3 received from nonassoc sta
1178 vMgrDisassocBeginSta(pDevice,
1180 (PBYTE)(p802_11Header->abyAddr2),
1181 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1184 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1188 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1189 // delcare received ps-poll event
1190 if (IS_CTL_PSPOLL(pbyFrame)) {
1191 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1192 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1193 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1196 // check Data PS state
1197 // if PW bit off, send out all PS bufferring packets.
1198 if (!IS_FC_POWERMGT(pbyFrame)) {
1199 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1200 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1201 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1202 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1207 if (IS_FC_POWERMGT(pbyFrame)) {
1208 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1209 // Once if STA in PS state, enable multicast bufferring
1210 pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1213 // clear all pending PS frame.
1214 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1215 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1216 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1217 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1218 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1225 vMgrDeAuthenBeginSta(pDevice,
1227 (PBYTE)(p802_11Header->abyAddr2),
1228 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1231 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1232 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1233 p802_11Header->abyAddr3[0],
1234 p802_11Header->abyAddr3[1],
1235 p802_11Header->abyAddr3[2],
1236 p802_11Header->abyAddr3[3],
1237 p802_11Header->abyAddr3[4],
1238 p802_11Header->abyAddr3[5]
1240 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1241 p802_11Header->abyAddr2[0],
1242 p802_11Header->abyAddr2[1],
1243 p802_11Header->abyAddr2[2],
1244 p802_11Header->abyAddr2[3],
1245 p802_11Header->abyAddr2[4],
1246 p802_11Header->abyAddr2[5]
1248 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1249 p802_11Header->abyAddr1[0],
1250 p802_11Header->abyAddr1[1],
1251 p802_11Header->abyAddr1[2],
1252 p802_11Header->abyAddr1[3],
1253 p802_11Header->abyAddr1[4],
1254 p802_11Header->abyAddr1[5]
1256 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1257 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode));
1258 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode );
1267 static BOOL s_bHandleRxEncryption (
1268 IN PSDevice pDevice,
1272 OUT PBYTE pbyNewRsr,
1273 OUT PSKeyItem *pKeyOut,
1275 OUT PWORD pwRxTSC15_0,
1276 OUT PDWORD pdwRxTSC47_16
1279 UINT PayloadLen = FrameSize;
1282 PSKeyItem pKey = NULL;
1283 BYTE byDecMode = KEY_CTL_WEP;
1284 PSMgmtObject pMgmt = pDevice->pMgmt;
1290 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1291 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1292 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1293 pbyIV += 6; // 6 is 802.11 address4
1296 byKeyIdx = (*(pbyIV+3) & 0xc0);
1298 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1300 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1301 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1302 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1303 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1304 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1305 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1306 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) {
1307 // unicast pkt use pairwise key
1308 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1309 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1310 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP)
1311 byDecMode = KEY_CTL_TKIP;
1312 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP)
1313 byDecMode = KEY_CTL_CCMP;
1315 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1318 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1319 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1320 byDecMode = KEY_CTL_TKIP;
1321 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1322 byDecMode = KEY_CTL_CCMP;
1323 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1326 // our WEP only support Default Key
1328 // use default group key
1329 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1330 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1331 byDecMode = KEY_CTL_TKIP;
1332 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1333 byDecMode = KEY_CTL_CCMP;
1337 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1340 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1341 if (byDecMode == KEY_CTL_WEP) {
1342 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1343 } else if (pDevice->bLinkPass == TRUE) {
1344 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1348 if (byDecMode != pKey->byCipherSuite) {
1349 if (byDecMode == KEY_CTL_WEP) {
1350 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1351 } else if (pDevice->bLinkPass == TRUE) {
1352 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1357 if (byDecMode == KEY_CTL_WEP) {
1359 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1360 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1365 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1366 MEMvCopy(pDevice->abyPRNG, pbyIV, 3);
1367 MEMvCopy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1368 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1369 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1371 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1372 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1375 } else if ((byDecMode == KEY_CTL_TKIP) ||
1376 (byDecMode == KEY_CTL_CCMP)) {
1379 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1380 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1381 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1382 if (byDecMode == KEY_CTL_TKIP) {
1383 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1385 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1387 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1389 if ((byDecMode == KEY_CTL_TKIP) &&
1390 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1393 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1394 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1395 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1396 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1397 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1398 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1399 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1401 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1402 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1407 if ((*(pbyIV+3) & 0x20) != 0)
1413 static BOOL s_bHostWepRxEncryption (
1414 IN PSDevice pDevice,
1420 OUT PBYTE pbyNewRsr,
1422 OUT PWORD pwRxTSC15_0,
1423 OUT PDWORD pdwRxTSC47_16
1426 UINT PayloadLen = FrameSize;
1429 BYTE byDecMode = KEY_CTL_WEP;
1430 PS802_11Header pMACHeader;
1437 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1438 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1439 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1440 pbyIV += 6; // 6 is 802.11 address4
1443 byKeyIdx = (*(pbyIV+3) & 0xc0);
1445 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1448 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1449 byDecMode = KEY_CTL_TKIP;
1450 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1451 byDecMode = KEY_CTL_CCMP;
1453 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1455 if (byDecMode != pKey->byCipherSuite) {
1456 if (byDecMode == KEY_CTL_WEP) {
1457 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1458 } else if (pDevice->bLinkPass == TRUE) {
1459 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1464 if (byDecMode == KEY_CTL_WEP) {
1466 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1467 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1468 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1469 (bOnFly == FALSE)) {
1475 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1476 MEMvCopy(pDevice->abyPRNG, pbyIV, 3);
1477 MEMvCopy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1478 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1479 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1481 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1482 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1485 } else if ((byDecMode == KEY_CTL_TKIP) ||
1486 (byDecMode == KEY_CTL_CCMP)) {
1489 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1490 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1491 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1493 if (byDecMode == KEY_CTL_TKIP) {
1494 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1496 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1498 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1500 if (byDecMode == KEY_CTL_TKIP) {
1501 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1505 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1506 pMACHeader = (PS802_11Header) (pbyFrame);
1507 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1508 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1509 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1510 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1511 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1512 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1514 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1515 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1520 if (byDecMode == KEY_CTL_CCMP) {
1521 if (bOnFly == FALSE) {
1524 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1525 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1526 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1527 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1529 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1536 if ((*(pbyIV+3) & 0x20) != 0)
1546 static BOOL s_bAPModeRxData (
1547 IN PSDevice pDevice,
1548 IN ref_sk_buff* skb,
1550 IN UINT cbHeaderOffset,
1551 IN INT iSANodeIndex,
1557 static BOOL s_bAPModeRxData (
1558 IN PSDevice pDevice,
1559 IN struct sk_buff* skb,
1561 IN UINT cbHeaderOffset,
1562 IN INT iSANodeIndex,
1567 PSMgmtObject pMgmt = pDevice->pMgmt;
1568 BOOL bRelayAndForward = FALSE;
1569 BOOL bRelayOnly = FALSE;
1570 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1573 struct sk_buff* tmp_skb;
1574 ref_sk_buff s_ref_skb;
1575 ref_sk_buff* skbcpy = &s_ref_skb;
1577 struct sk_buff* skbcpy = NULL;
1582 if (FrameSize > CB_MAX_BUF_SIZE)
1585 if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) {
1586 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1589 tmp_skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1590 skbcpy = &s_ref_skb;
1591 ref_skb_remap(pDevice->dev, skbcpy, tmp_skb);
1593 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1595 // if any node in PS mode, buffer packet until DTIM.
1596 if (skbcpy == NULL) {
1597 DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1600 skbcpy->dev = pDevice->dev;
1602 *(skbcpy->len) = FrameSize;
1603 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1604 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy->skb);
1606 skbcpy->len = FrameSize;
1607 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1608 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1610 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1612 pMgmt->abyPSTxMap[0] |= byMask[0];
1616 bRelayAndForward = TRUE;
1621 if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1622 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1623 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1624 // queue this skb until next PS tx, and then release.
1627 ref_skb_add_offset(skb->skb, cbHeaderOffset);
1628 skb_put(skb->skb, FrameSize);
1629 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb->skb);
1631 skb->data += cbHeaderOffset;
1632 skb->tail += cbHeaderOffset;
1633 skb_put(skb, FrameSize);
1634 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1636 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1637 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1638 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1639 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1640 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1650 if (bRelayOnly || bRelayAndForward) {
1651 // relay this packet right now
1652 if (bRelayAndForward)
1655 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1656 ROUTEbRelay(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex);
1662 // none associate, don't forward
1663 if (pDevice->uAssocCount == 0)
projects / linux-2.6 / blob