2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * Purpose: handle dpc rx functions
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
59 /*--------------------- Static Definitions -------------------------*/
61 /*--------------------- Static Classes ----------------------------*/
63 /*--------------------- Static Variables --------------------------*/
64 //static int msglevel =MSG_LEVEL_DEBUG;
65 static int msglevel
=MSG_LEVEL_INFO
;
67 const BYTE acbyRxRate
[MAX_RATE
] =
68 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
71 /*--------------------- Static Functions --------------------------*/
73 /*--------------------- Static Definitions -------------------------*/
75 /*--------------------- Static Functions --------------------------*/
77 static BYTE
s_byGetRateIdx(BYTE byRate
);
82 PBYTE pbyRxBufferAddr
,
83 unsigned int *pcbHeaderSize
,
84 PSEthernetHeader psEthHeader
89 s_vProcessRxMACHeader (
91 PBYTE pbyRxBufferAddr
,
92 unsigned int cbPacketSize
,
95 unsigned int *pcbHeadSize
98 static BOOL
s_bAPModeRxCtl(
101 signed int iSANodeIndex
106 static BOOL
s_bAPModeRxData (
109 unsigned int FrameSize
,
110 unsigned int cbHeaderOffset
,
111 signed int iSANodeIndex
,
112 signed int iDANodeIndex
116 static BOOL
s_bHandleRxEncryption(
119 unsigned int FrameSize
,
128 static BOOL
s_bHostWepRxEncryption(
132 unsigned int FrameSize
,
143 /*--------------------- Export Variables --------------------------*/
148 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
153 * dwRxBufferAddr - Address of Rcv Buffer
154 * cbPacketSize - Rcv Packet size
155 * bIsWEP - If Rcv with WEP
157 * pcbHeaderSize - 802.11 header size
164 s_vProcessRxMACHeader (
166 PBYTE pbyRxBufferAddr
,
167 unsigned int cbPacketSize
,
170 unsigned int *pcbHeadSize
174 unsigned int cbHeaderSize
= 0;
176 PS802_11Header pMACHeader
;
180 pMACHeader
= (PS802_11Header
) (pbyRxBufferAddr
+ cbHeaderSize
);
182 s_vGetDASA((PBYTE
)pMACHeader
, &cbHeaderSize
, &pDevice
->sRxEthHeader
);
186 // strip IV&ExtIV , add 8 byte
187 cbHeaderSize
+= (WLAN_HDR_ADDR3_LEN
+ 8);
189 // strip IV , add 4 byte
190 cbHeaderSize
+= (WLAN_HDR_ADDR3_LEN
+ 4);
194 cbHeaderSize
+= WLAN_HDR_ADDR3_LEN
;
197 pbyRxBuffer
= (PBYTE
) (pbyRxBufferAddr
+ cbHeaderSize
);
198 if (!compare_ether_addr(pbyRxBuffer
, &pDevice
->abySNAP_Bridgetunnel
[0])) {
200 } else if (!compare_ether_addr(pbyRxBuffer
, &pDevice
->abySNAP_RFC1042
[0])) {
202 pwType
= (PWORD
) (pbyRxBufferAddr
+ cbHeaderSize
);
203 if ((*pwType
!= TYPE_PKT_IPX
) && (*pwType
!= cpu_to_le16(0xF380))) {
207 pwType
= (PWORD
) (pbyRxBufferAddr
+ cbHeaderSize
);
210 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
- 8); // 8 is IV&ExtIV
212 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
- 4); // 4 is IV
216 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
);
222 pwType
= (PWORD
) (pbyRxBufferAddr
+ cbHeaderSize
);
225 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
- 8); // 8 is IV&ExtIV
227 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
- 4); // 4 is IV
231 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
);
235 cbHeaderSize
-= (ETH_ALEN
* 2);
236 pbyRxBuffer
= (PBYTE
) (pbyRxBufferAddr
+ cbHeaderSize
);
237 for (ii
= 0; ii
< ETH_ALEN
; ii
++)
238 *pbyRxBuffer
++ = pDevice
->sRxEthHeader
.abyDstAddr
[ii
];
239 for (ii
= 0; ii
< ETH_ALEN
; ii
++)
240 *pbyRxBuffer
++ = pDevice
->sRxEthHeader
.abySrcAddr
[ii
];
242 *pcbHeadSize
= cbHeaderSize
;
248 static BYTE
s_byGetRateIdx(BYTE byRate
)
252 for (byRateIdx
= 0; byRateIdx
<MAX_RATE
; byRateIdx
++) {
253 if (acbyRxRate
[byRateIdx
%MAX_RATE
] == byRate
)
263 PBYTE pbyRxBufferAddr
,
264 unsigned int *pcbHeaderSize
,
265 PSEthernetHeader psEthHeader
268 unsigned int cbHeaderSize
= 0;
269 PS802_11Header pMACHeader
;
272 pMACHeader
= (PS802_11Header
) (pbyRxBufferAddr
+ cbHeaderSize
);
274 if ((pMACHeader
->wFrameCtl
& FC_TODS
) == 0) {
275 if (pMACHeader
->wFrameCtl
& FC_FROMDS
) {
276 for (ii
= 0; ii
< ETH_ALEN
; ii
++) {
277 psEthHeader
->abyDstAddr
[ii
] =
278 pMACHeader
->abyAddr1
[ii
];
279 psEthHeader
->abySrcAddr
[ii
] =
280 pMACHeader
->abyAddr3
[ii
];
284 for (ii
= 0; ii
< ETH_ALEN
; ii
++) {
285 psEthHeader
->abyDstAddr
[ii
] =
286 pMACHeader
->abyAddr1
[ii
];
287 psEthHeader
->abySrcAddr
[ii
] =
288 pMACHeader
->abyAddr2
[ii
];
293 if (pMACHeader
->wFrameCtl
& FC_FROMDS
) {
294 for (ii
= 0; ii
< ETH_ALEN
; ii
++) {
295 psEthHeader
->abyDstAddr
[ii
] =
296 pMACHeader
->abyAddr3
[ii
];
297 psEthHeader
->abySrcAddr
[ii
] =
298 pMACHeader
->abyAddr4
[ii
];
302 for (ii
= 0; ii
< ETH_ALEN
; ii
++) {
303 psEthHeader
->abyDstAddr
[ii
] =
304 pMACHeader
->abyAddr3
[ii
];
305 psEthHeader
->abySrcAddr
[ii
] =
306 pMACHeader
->abyAddr2
[ii
];
310 *pcbHeaderSize
= cbHeaderSize
;
317 RXbBulkInProcessData (
320 unsigned long BytesToIndicate
324 struct net_device_stats
* pStats
=&pDevice
->stats
;
326 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
327 PSRxMgmtPacket pRxPacket
= &(pMgmt
->sRxPacket
);
328 PS802_11Header p802_11Header
;
334 BOOL bDeFragRx
= FALSE
;
335 unsigned int cbHeaderOffset
;
336 unsigned int FrameSize
;
338 signed int iSANodeIndex
= -1;
339 signed int iDANodeIndex
= -1;
341 unsigned int cbIVOffset
;
346 unsigned int cbHeaderSize
;
347 PSKeyItem pKey
= NULL
;
349 DWORD dwRxTSC47_16
= 0;
352 /* signed long ldBm = 0; */
356 PRCB pRCBIndicate
= pRCB
;
359 BYTE abyVaildRate
[MAX_RATE
] = {2,4,11,22,12,18,24,36,48,72,96,108};
360 WORD wPLCPwithPadding
;
361 PS802_11Header pMACHeader
;
362 BOOL bRxeapol_key
= FALSE
;
366 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---------- RXbBulkInProcessData---\n");
370 //[31:16]RcvByteCount ( not include 4-byte Status )
371 dwWbkStatus
= *( (PDWORD
)(skb
->data
) );
372 FrameSize
= (unsigned int)(dwWbkStatus
>> 16);
375 if (BytesToIndicate
!= FrameSize
) {
376 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---------- WRONG Length 1 \n");
380 if ((BytesToIndicate
> 2372)||(BytesToIndicate
<= 40)) {
381 // Frame Size error drop this packet.
382 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---------- WRONG Length 2 \n");
386 pbyDAddress
= (PBYTE
)(skb
->data
);
387 pbyRxSts
= pbyDAddress
+4;
388 pbyRxRate
= pbyDAddress
+5;
390 //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding
391 //if SQ3 the range is 24~27, if no SQ3 the range is 20~23
392 //real Frame size in PLCPLength field.
393 pwPLCP_Length
= (PWORD
) (pbyDAddress
+ 6);
394 //Fix hardware bug => PLCP_Length error
395 if ( ((BytesToIndicate
- (*pwPLCP_Length
)) > 27) ||
396 ((BytesToIndicate
- (*pwPLCP_Length
)) < 24) ||
397 (BytesToIndicate
< (*pwPLCP_Length
)) ) {
399 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"Wrong PLCP Length %x\n", (int) *pwPLCP_Length
);
403 for ( ii
=RATE_1M
;ii
<MAX_RATE
;ii
++) {
404 if ( *pbyRxRate
== abyVaildRate
[ii
] ) {
408 if ( ii
==MAX_RATE
) {
409 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"Wrong RxRate %x\n",(int) *pbyRxRate
);
413 wPLCPwithPadding
= ( (*pwPLCP_Length
/ 4) + ( (*pwPLCP_Length
% 4) ? 1:0 ) ) *4;
415 pqwTSFTime
= (PQWORD
) (pbyDAddress
+ 8 + wPLCPwithPadding
);
416 if(pDevice
->byBBType
== BB_TYPE_11G
) {
417 pby3SQ
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 12;
421 pbySQ
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 8;
424 pbyNewRsr
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 9;
425 pbyRSSI
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 10;
426 pbyRsr
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 11;
428 FrameSize
= *pwPLCP_Length
;
430 pbyFrame
= pbyDAddress
+ 8;
431 // update receive statistic counter
433 STAvUpdateRDStatCounter(&pDevice
->scStatistic
,
443 pMACHeader
= (PS802_11Header
) pbyFrame
;
445 //mike add: to judge if current AP is activated?
446 if ((pMgmt
->eCurrMode
== WMAC_MODE_STANDBY
) ||
447 (pMgmt
->eCurrMode
== WMAC_MODE_ESS_STA
)) {
448 if (pMgmt
->sNodeDBTable
[0].bActive
) {
449 if (!compare_ether_addr(pMgmt
->abyCurrBSSID
, pMACHeader
->abyAddr2
)) {
450 if (pMgmt
->sNodeDBTable
[0].uInActiveCount
!= 0)
451 pMgmt
->sNodeDBTable
[0].uInActiveCount
= 0;
456 if (!is_multicast_ether_addr(pMACHeader
->abyAddr1
) && !is_broadcast_ether_addr(pMACHeader
->abyAddr1
)) {
457 if ( WCTLbIsDuplicate(&(pDevice
->sDupRxCache
), (PS802_11Header
) pbyFrame
) ) {
458 pDevice
->s802_11Counter
.FrameDuplicateCount
++;
462 if (compare_ether_addr(pDevice
->abyCurrentNetAddr
,
463 pMACHeader
->abyAddr1
)) {
470 s_vGetDASA(pbyFrame
, &cbHeaderSize
, &pDevice
->sRxEthHeader
);
472 if (!compare_ether_addr((PBYTE
)&(pDevice
->sRxEthHeader
.abySrcAddr
[0]),
473 pDevice
->abyCurrentNetAddr
))
476 if ((pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) || (pMgmt
->eCurrMode
== WMAC_MODE_IBSS_STA
)) {
477 if (IS_CTL_PSPOLL(pbyFrame
) || !IS_TYPE_CONTROL(pbyFrame
)) {
478 p802_11Header
= (PS802_11Header
) (pbyFrame
);
480 if (BSSbIsSTAInNodeDB(pDevice
, (PBYTE
)(p802_11Header
->abyAddr2
), &iSANodeIndex
)) {
481 pMgmt
->sNodeDBTable
[iSANodeIndex
].ulLastRxJiffer
= jiffies
;
482 pMgmt
->sNodeDBTable
[iSANodeIndex
].uInActiveCount
= 0;
487 if (pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) {
488 if (s_bAPModeRxCtl(pDevice
, pbyFrame
, iSANodeIndex
) == TRUE
) {
494 if (IS_FC_WEP(pbyFrame
)) {
495 BOOL bRxDecryOK
= FALSE
;
497 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"rx WEP pkt\n");
499 if ((pDevice
->bEnableHostWEP
) && (iSANodeIndex
>= 0)) {
501 pKey
->byCipherSuite
= pMgmt
->sNodeDBTable
[iSANodeIndex
].byCipherSuite
;
502 pKey
->dwKeyIndex
= pMgmt
->sNodeDBTable
[iSANodeIndex
].dwKeyIndex
;
503 pKey
->uKeyLength
= pMgmt
->sNodeDBTable
[iSANodeIndex
].uWepKeyLength
;
504 pKey
->dwTSC47_16
= pMgmt
->sNodeDBTable
[iSANodeIndex
].dwTSC47_16
;
505 pKey
->wTSC15_0
= pMgmt
->sNodeDBTable
[iSANodeIndex
].wTSC15_0
;
507 &pMgmt
->sNodeDBTable
[iSANodeIndex
].abyWepKey
[0],
511 bRxDecryOK
= s_bHostWepRxEncryption(pDevice
,
515 pMgmt
->sNodeDBTable
[iSANodeIndex
].bOnFly
,
522 bRxDecryOK
= s_bHandleRxEncryption(pDevice
,
534 if ((*pbyNewRsr
& NEWRSR_DECRYPTOK
) == 0) {
535 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV Fail\n");
536 if ( (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA
) ||
537 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPAPSK
) ||
538 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPANONE
) ||
539 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA2
) ||
540 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA2PSK
)) {
542 if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_TKIP
)) {
543 pDevice
->s802_11Counter
.TKIPICVErrors
++;
544 } else if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_CCMP
)) {
545 pDevice
->s802_11Counter
.CCMPDecryptErrors
++;
546 } else if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_WEP
)) {
547 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
553 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"WEP Func Fail\n");
556 if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_CCMP
))
557 FrameSize
-= 8; // Message Integrity Code
559 FrameSize
-= 4; // 4 is ICV
566 /* remove the FCS/CRC length */
567 FrameSize
-= ETH_FCS_LEN
;
569 if ( !(*pbyRsr
& (RSR_ADDRBROAD
| RSR_ADDRMULTI
)) && // unicast address
570 (IS_FRAGMENT_PKT((pbyFrame
)))
573 bDeFragRx
= WCTLbHandleFragment(pDevice
, (PS802_11Header
) (pbyFrame
), FrameSize
, bIsWEP
, bExtIV
);
574 pDevice
->s802_11Counter
.ReceivedFragmentCount
++;
577 // TODO skb, pbyFrame
578 skb
= pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
].skb
;
579 FrameSize
= pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
].cbFrameLength
;
580 pbyFrame
= skb
->data
+ 8;
588 // Management & Control frame Handle
590 if ((IS_TYPE_DATA((pbyFrame
))) == FALSE
) {
591 // Handle Control & Manage Frame
593 if (IS_TYPE_MGMT((pbyFrame
))) {
597 pRxPacket
= &(pRCB
->sMngPacket
);
598 pRxPacket
->p80211Header
= (PUWLAN_80211HDR
)(pbyFrame
);
599 pRxPacket
->cbMPDULen
= FrameSize
;
600 pRxPacket
->uRSSI
= *pbyRSSI
;
601 pRxPacket
->bySQ
= *pbySQ
;
602 HIDWORD(pRxPacket
->qwLocalTSF
) = cpu_to_le32(HIDWORD(*pqwTSFTime
));
603 LODWORD(pRxPacket
->qwLocalTSF
) = cpu_to_le32(LODWORD(*pqwTSFTime
));
606 pbyData1
= WLAN_HDR_A3_DATA_PTR(pbyFrame
);
607 pbyData2
= WLAN_HDR_A3_DATA_PTR(pbyFrame
) + 4;
608 for (ii
= 0; ii
< (FrameSize
- 4); ii
++) {
609 *pbyData1
= *pbyData2
;
615 pRxPacket
->byRxRate
= s_byGetRateIdx(*pbyRxRate
);
617 if ( *pbyRxSts
== 0 ) {
618 //Discard beacon packet which channel is 0
619 if ( (WLAN_GET_FC_FSTYPE((pRxPacket
->p80211Header
->sA3
.wFrameCtl
)) == WLAN_FSTYPE_BEACON
) ||
620 (WLAN_GET_FC_FSTYPE((pRxPacket
->p80211Header
->sA3
.wFrameCtl
)) == WLAN_FSTYPE_PROBERESP
) ) {
624 pRxPacket
->byRxChannel
= (*pbyRxSts
) >> 2;
626 // hostap Deamon handle 802.11 management
627 if (pDevice
->bEnableHostapd
) {
628 skb
->dev
= pDevice
->apdev
;
633 skb_put(skb
, FrameSize
);
634 skb_reset_mac_header(skb
);
635 skb
->pkt_type
= PACKET_OTHERHOST
;
636 skb
->protocol
= htons(ETH_P_802_2
);
637 memset(skb
->cb
, 0, sizeof(skb
->cb
));
643 // Insert the RCB in the Recv Mng list
645 EnqueueRCB(pDevice
->FirstRecvMngList
, pDevice
->LastRecvMngList
, pRCBIndicate
);
646 pDevice
->NumRecvMngList
++;
647 if ( bDeFragRx
== FALSE
) {
650 if (pDevice
->bIsRxMngWorkItemQueued
== FALSE
) {
651 pDevice
->bIsRxMngWorkItemQueued
= TRUE
;
652 tasklet_schedule(&pDevice
->RxMngWorkItem
);
662 if (pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) {
663 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
664 if ( !(*pbyRsr
& RSR_BSSIDOK
)) {
666 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
667 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
675 // discard DATA packet while not associate || BSSID error
676 if ((pDevice
->bLinkPass
== FALSE
) ||
677 !(*pbyRsr
& RSR_BSSIDOK
)) {
679 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
680 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
686 //mike add:station mode check eapol-key challenge--->
688 BYTE Protocol_Version
; //802.1x Authentication
689 BYTE Packet_Type
; //802.1x Authentication
690 BYTE Descriptor_type
;
696 wEtherType
= (skb
->data
[cbIVOffset
+ 8 + 24 + 6] << 8) |
697 skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1];
698 Protocol_Version
= skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1];
699 Packet_Type
= skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1+1];
700 if (wEtherType
== ETH_P_PAE
) { //Protocol Type in LLC-Header
701 if(((Protocol_Version
==1) ||(Protocol_Version
==2)) &&
702 (Packet_Type
==3)) { //802.1x OR eapol-key challenge frame receive
704 Descriptor_type
= skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1+1+1+2];
705 Key_info
= (skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1+1+1+2+2] ;
706 if(Descriptor_type
==2) { //RSN
707 // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info);
709 else if(Descriptor_type
==254) {
710 // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info);
715 //mike add:station mode check eapol-key challenge<---
723 if (pDevice
->bEnablePSMode
) {
724 if (IS_FC_MOREDATA((pbyFrame
))) {
725 if (*pbyRsr
& RSR_ADDROK
) {
726 //PSbSendPSPOLL((PSDevice)pDevice);
730 if (pMgmt
->bInTIMWake
== TRUE
) {
731 pMgmt
->bInTIMWake
= FALSE
;
736 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
737 if (pDevice
->bDiversityEnable
&& (FrameSize
>50) &&
738 (pDevice
->eOPMode
== OP_MODE_INFRASTRUCTURE
) &&
739 (pDevice
->bLinkPass
== TRUE
)) {
740 BBvAntennaDiversity(pDevice
, s_byGetRateIdx(*pbyRxRate
), 0);
743 // ++++++++ For BaseBand Algorithm +++++++++++++++
744 pDevice
->uCurrRSSI
= *pbyRSSI
;
745 pDevice
->byCurrSQ
= *pbySQ
;
749 if ((*pbyRSSI != 0) &&
750 (pMgmt->pCurrBSS!=NULL)) {
751 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
752 // Moniter if RSSI is too strong.
753 pMgmt->pCurrBSS->byRSSIStatCnt++;
754 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
755 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
756 for (ii = 0; ii < RSSI_STAT_COUNT; ii++) {
757 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
758 pMgmt->pCurrBSS->ldBmMAX =
759 max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
766 // -----------------------------------------------
768 if ((pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) && (pDevice
->bEnable8021x
== TRUE
)){
771 // Only 802.1x packet incoming allowed
776 wEtherType
= (skb
->data
[cbIVOffset
+ 8 + 24 + 6] << 8) |
777 skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1];
779 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"wEtherType = %04x \n", wEtherType
);
780 if (wEtherType
== ETH_P_PAE
) {
781 skb
->dev
= pDevice
->apdev
;
783 if (bIsWEP
== TRUE
) {
784 // strip IV header(8)
785 memcpy(&abyMacHdr
[0], (skb
->data
+ 8), 24);
786 memcpy((skb
->data
+ 8 + cbIVOffset
), &abyMacHdr
[0], 24);
789 skb
->data
+= (cbIVOffset
+ 8);
790 skb
->tail
+= (cbIVOffset
+ 8);
791 skb_put(skb
, FrameSize
);
792 skb_reset_mac_header(skb
);
793 skb
->pkt_type
= PACKET_OTHERHOST
;
794 skb
->protocol
= htons(ETH_P_802_2
);
795 memset(skb
->cb
, 0, sizeof(skb
->cb
));
800 // check if 802.1x authorized
801 if (!(pMgmt
->sNodeDBTable
[iSANodeIndex
].dwFlags
& WLAN_STA_AUTHORIZED
))
806 if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_TKIP
)) {
808 FrameSize
-= 8; //MIC
812 //--------------------------------------------------------------------------------
814 if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_TKIP
)) {
818 DWORD dwMIC_Priority
;
819 DWORD dwMICKey0
= 0, dwMICKey1
= 0;
820 DWORD dwLocalMIC_L
= 0;
821 DWORD dwLocalMIC_R
= 0;
822 viawget_wpa_header
*wpahdr
;
825 if (pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) {
826 dwMICKey0
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[24]));
827 dwMICKey1
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[28]));
830 if (pMgmt
->eAuthenMode
== WMAC_AUTH_WPANONE
) {
831 dwMICKey0
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[16]));
832 dwMICKey1
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[20]));
833 } else if ((pKey
->dwKeyIndex
& BIT28
) == 0) {
834 dwMICKey0
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[16]));
835 dwMICKey1
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[20]));
837 dwMICKey0
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[24]));
838 dwMICKey1
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[28]));
842 MIC_vInit(dwMICKey0
, dwMICKey1
);
843 MIC_vAppend((PBYTE
)&(pDevice
->sRxEthHeader
.abyDstAddr
[0]), 12);
845 MIC_vAppend((PBYTE
)&dwMIC_Priority
, 4);
846 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
847 MIC_vAppend((PBYTE
)(skb
->data
+ 8 + WLAN_HDR_ADDR3_LEN
+ 8),
848 FrameSize
- WLAN_HDR_ADDR3_LEN
- 8);
849 MIC_vGetMIC(&dwLocalMIC_L
, &dwLocalMIC_R
);
852 pdwMIC_L
= (PDWORD
)(skb
->data
+ 8 + FrameSize
);
853 pdwMIC_R
= (PDWORD
)(skb
->data
+ 8 + FrameSize
+ 4);
856 if ((cpu_to_le32(*pdwMIC_L
) != dwLocalMIC_L
) || (cpu_to_le32(*pdwMIC_R
) != dwLocalMIC_R
) ||
857 (pDevice
->bRxMICFail
== TRUE
)) {
858 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"MIC comparison is fail!\n");
859 pDevice
->bRxMICFail
= FALSE
;
860 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
861 pDevice
->s802_11Counter
.TKIPLocalMICFailures
++;
863 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
864 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
868 //2008-0409-07, <Add> by Einsn Liu
869 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
870 //send event to wpa_supplicant
871 //if(pDevice->bWPASuppWextEnabled == TRUE)
873 union iwreq_data wrqu
;
874 struct iw_michaelmicfailure ev
;
875 int keyidx
= pbyFrame
[cbHeaderSize
+3] >> 6; //top two-bits
876 memset(&ev
, 0, sizeof(ev
));
877 ev
.flags
= keyidx
& IW_MICFAILURE_KEY_ID
;
878 if ((pMgmt
->eCurrMode
== WMAC_MODE_ESS_STA
) &&
879 (pMgmt
->eCurrState
== WMAC_STATE_ASSOC
) &&
880 (*pbyRsr
& (RSR_ADDRBROAD
| RSR_ADDRMULTI
)) == 0) {
881 ev
.flags
|= IW_MICFAILURE_PAIRWISE
;
883 ev
.flags
|= IW_MICFAILURE_GROUP
;
886 ev
.src_addr
.sa_family
= ARPHRD_ETHER
;
887 memcpy(ev
.src_addr
.sa_data
, pMACHeader
->abyAddr2
, ETH_ALEN
);
888 memset(&wrqu
, 0, sizeof(wrqu
));
889 wrqu
.data
.length
= sizeof(ev
);
890 PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
891 wireless_send_event(pDevice
->dev
, IWEVMICHAELMICFAILURE
, &wrqu
, (char *)&ev
);
897 if ((pDevice
->bWPADEVUp
) && (pDevice
->skb
!= NULL
)) {
898 wpahdr
= (viawget_wpa_header
*)pDevice
->skb
->data
;
899 if ((pMgmt
->eCurrMode
== WMAC_MODE_ESS_STA
) &&
900 (pMgmt
->eCurrState
== WMAC_STATE_ASSOC
) &&
901 (*pbyRsr
& (RSR_ADDRBROAD
| RSR_ADDRMULTI
)) == 0) {
902 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
903 wpahdr
->type
= VIAWGET_PTK_MIC_MSG
;
905 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
906 wpahdr
->type
= VIAWGET_GTK_MIC_MSG
;
908 wpahdr
->resp_ie_len
= 0;
909 wpahdr
->req_ie_len
= 0;
910 skb_put(pDevice
->skb
, sizeof(viawget_wpa_header
));
911 pDevice
->skb
->dev
= pDevice
->wpadev
;
912 skb_reset_mac_header(pDevice
->skb
);
913 pDevice
->skb
->pkt_type
= PACKET_HOST
;
914 pDevice
->skb
->protocol
= htons(ETH_P_802_2
);
915 memset(pDevice
->skb
->cb
, 0, sizeof(pDevice
->skb
->cb
));
916 netif_rx(pDevice
->skb
);
917 pDevice
->skb
= dev_alloc_skb((int)pDevice
->rx_buf_sz
);
924 } //---end of SOFT MIC-----------------------------------------------------------------------
926 // ++++++++++ Reply Counter Check +++++++++++++
928 if ((pKey
!= NULL
) && ((pKey
->byCipherSuite
== KEY_CTL_TKIP
) ||
929 (pKey
->byCipherSuite
== KEY_CTL_CCMP
))) {
931 WORD wLocalTSC15_0
= 0;
932 DWORD dwLocalTSC47_16
= 0;
933 unsigned long long RSC
= 0;
935 RSC
= *((unsigned long long *) &(pKey
->KeyRSC
));
936 wLocalTSC15_0
= (WORD
) RSC
;
937 dwLocalTSC47_16
= (DWORD
) (RSC
>>16);
942 memcpy(&(pKey
->KeyRSC
), &RSC
, sizeof(QWORD
));
944 if ( (pDevice
->sMgmtObj
.eCurrMode
== WMAC_MODE_ESS_STA
) &&
945 (pDevice
->sMgmtObj
.eCurrState
== WMAC_STATE_ASSOC
)) {
947 if ( (wRxTSC15_0
< wLocalTSC15_0
) &&
948 (dwRxTSC47_16
<= dwLocalTSC47_16
) &&
949 !((dwRxTSC47_16
== 0) && (dwLocalTSC47_16
== 0xFFFFFFFF))) {
950 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"TSC is illegal~~!\n ");
951 if (pKey
->byCipherSuite
== KEY_CTL_TKIP
)
952 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
953 pDevice
->s802_11Counter
.TKIPReplays
++;
955 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
956 pDevice
->s802_11Counter
.CCMPReplays
++;
959 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
960 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
968 } // ----- End of Reply Counter Check --------------------------
971 s_vProcessRxMACHeader(pDevice
, (PBYTE
)(skb
->data
+8), FrameSize
, bIsWEP
, bExtIV
, &cbHeaderOffset
);
972 FrameSize
-= cbHeaderOffset
;
973 cbHeaderOffset
+= 8; // 8 is Rcv buffer header
975 // Null data, framesize = 12
979 if (pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) {
980 if (s_bAPModeRxData(pDevice
,
989 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
990 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
999 skb
->data
+= cbHeaderOffset
;
1000 skb
->tail
+= cbHeaderOffset
;
1001 skb_put(skb
, FrameSize
);
1002 skb
->protocol
=eth_type_trans(skb
, skb
->dev
);
1003 skb
->ip_summed
=CHECKSUM_NONE
;
1004 pStats
->rx_bytes
+=skb
->len
;
1005 pStats
->rx_packets
++;
1008 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
1009 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
1010 pDevice
->dev
->name
);
1019 static BOOL
s_bAPModeRxCtl (
1022 signed int iSANodeIndex
1025 PS802_11Header p802_11Header
;
1027 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
1030 if (IS_CTL_PSPOLL(pbyFrame
) || !IS_TYPE_CONTROL(pbyFrame
)) {
1032 p802_11Header
= (PS802_11Header
) (pbyFrame
);
1033 if (!IS_TYPE_MGMT(pbyFrame
)) {
1035 // Data & PS-Poll packet
1036 // check frame class
1037 if (iSANodeIndex
> 0) {
1038 // frame class 3 fliter & checking
1039 if (pMgmt
->sNodeDBTable
[iSANodeIndex
].eNodeState
< NODE_AUTH
) {
1040 // send deauth notification
1041 // reason = (6) class 2 received from nonauth sta
1042 vMgrDeAuthenBeginSta(pDevice
,
1044 (PBYTE
)(p802_11Header
->abyAddr2
),
1045 (WLAN_MGMT_REASON_CLASS2_NONAUTH
),
1048 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: send vMgrDeAuthenBeginSta 1\n");
1051 if (pMgmt
->sNodeDBTable
[iSANodeIndex
].eNodeState
< NODE_ASSOC
) {
1052 // send deassoc notification
1053 // reason = (7) class 3 received from nonassoc sta
1054 vMgrDisassocBeginSta(pDevice
,
1056 (PBYTE
)(p802_11Header
->abyAddr2
),
1057 (WLAN_MGMT_REASON_CLASS3_NONASSOC
),
1060 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: send vMgrDisassocBeginSta 2\n");
1064 if (pMgmt
->sNodeDBTable
[iSANodeIndex
].bPSEnable
) {
1065 // delcare received ps-poll event
1066 if (IS_CTL_PSPOLL(pbyFrame
)) {
1067 pMgmt
->sNodeDBTable
[iSANodeIndex
].bRxPSPoll
= TRUE
;
1068 bScheduleCommand((void *) pDevice
,
1071 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: WLAN_CMD_RX_PSPOLL 1\n");
1074 // check Data PS state
1075 // if PW bit off, send out all PS bufferring packets.
1076 if (!IS_FC_POWERMGT(pbyFrame
)) {
1077 pMgmt
->sNodeDBTable
[iSANodeIndex
].bPSEnable
= FALSE
;
1078 pMgmt
->sNodeDBTable
[iSANodeIndex
].bRxPSPoll
= TRUE
;
1079 bScheduleCommand((void *) pDevice
,
1082 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: WLAN_CMD_RX_PSPOLL 2\n");
1087 if (IS_FC_POWERMGT(pbyFrame
)) {
1088 pMgmt
->sNodeDBTable
[iSANodeIndex
].bPSEnable
= TRUE
;
1089 // Once if STA in PS state, enable multicast bufferring
1090 pMgmt
->sNodeDBTable
[0].bPSEnable
= TRUE
;
1093 // clear all pending PS frame.
1094 if (pMgmt
->sNodeDBTable
[iSANodeIndex
].wEnQueueCnt
> 0) {
1095 pMgmt
->sNodeDBTable
[iSANodeIndex
].bPSEnable
= FALSE
;
1096 pMgmt
->sNodeDBTable
[iSANodeIndex
].bRxPSPoll
= TRUE
;
1097 bScheduleCommand((void *) pDevice
,
1100 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: WLAN_CMD_RX_PSPOLL 3\n");
1107 vMgrDeAuthenBeginSta(pDevice
,
1109 (PBYTE
)(p802_11Header
->abyAddr2
),
1110 (WLAN_MGMT_REASON_CLASS2_NONAUTH
),
1113 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: send vMgrDeAuthenBeginSta 3\n");
1114 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1115 p802_11Header
->abyAddr3
[0],
1116 p802_11Header
->abyAddr3
[1],
1117 p802_11Header
->abyAddr3
[2],
1118 p802_11Header
->abyAddr3
[3],
1119 p802_11Header
->abyAddr3
[4],
1120 p802_11Header
->abyAddr3
[5]
1122 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1123 p802_11Header
->abyAddr2
[0],
1124 p802_11Header
->abyAddr2
[1],
1125 p802_11Header
->abyAddr2
[2],
1126 p802_11Header
->abyAddr2
[3],
1127 p802_11Header
->abyAddr2
[4],
1128 p802_11Header
->abyAddr2
[5]
1130 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1131 p802_11Header
->abyAddr1
[0],
1132 p802_11Header
->abyAddr1
[1],
1133 p802_11Header
->abyAddr1
[2],
1134 p802_11Header
->abyAddr1
[3],
1135 p802_11Header
->abyAddr1
[4],
1136 p802_11Header
->abyAddr1
[5]
1138 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: wFrameCtl= %x\n", p802_11Header
->wFrameCtl
);
1147 static BOOL
s_bHandleRxEncryption (
1150 unsigned int FrameSize
,
1153 PSKeyItem
* pKeyOut
,
1156 PDWORD pdwRxTSC47_16
1159 unsigned int PayloadLen
= FrameSize
;
1162 PSKeyItem pKey
= NULL
;
1163 BYTE byDecMode
= KEY_CTL_WEP
;
1164 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
1170 pbyIV
= pbyFrame
+ WLAN_HDR_ADDR3_LEN
;
1171 if ( WLAN_GET_FC_TODS(*(PWORD
)pbyFrame
) &&
1172 WLAN_GET_FC_FROMDS(*(PWORD
)pbyFrame
) ) {
1173 pbyIV
+= 6; // 6 is 802.11 address4
1176 byKeyIdx
= (*(pbyIV
+3) & 0xc0);
1178 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"\nKeyIdx: %d\n", byKeyIdx
);
1180 if ((pMgmt
->eAuthenMode
== WMAC_AUTH_WPA
) ||
1181 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPAPSK
) ||
1182 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPANONE
) ||
1183 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA2
) ||
1184 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA2PSK
)) {
1185 if (((*pbyRsr
& (RSR_ADDRBROAD
| RSR_ADDRMULTI
)) == 0) &&
1186 (pMgmt
->byCSSPK
!= KEY_CTL_NONE
)) {
1187 // unicast pkt use pairwise key
1188 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"unicast pkt\n");
1189 if (KeybGetKey(&(pDevice
->sKey
), pDevice
->abyBSSID
, 0xFFFFFFFF, &pKey
) == TRUE
) {
1190 if (pMgmt
->byCSSPK
== KEY_CTL_TKIP
)
1191 byDecMode
= KEY_CTL_TKIP
;
1192 else if (pMgmt
->byCSSPK
== KEY_CTL_CCMP
)
1193 byDecMode
= KEY_CTL_CCMP
;
1195 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"unicast pkt: %d, %p\n", byDecMode
, pKey
);
1198 KeybGetKey(&(pDevice
->sKey
), pDevice
->abyBSSID
, byKeyIdx
, &pKey
);
1199 if (pMgmt
->byCSSGK
== KEY_CTL_TKIP
)
1200 byDecMode
= KEY_CTL_TKIP
;
1201 else if (pMgmt
->byCSSGK
== KEY_CTL_CCMP
)
1202 byDecMode
= KEY_CTL_CCMP
;
1203 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"group pkt: %d, %d, %p\n", byKeyIdx
, byDecMode
, pKey
);
1206 // our WEP only support Default Key
1208 // use default group key
1209 KeybGetKey(&(pDevice
->sKey
), pDevice
->abyBroadcastAddr
, byKeyIdx
, &pKey
);
1210 if (pMgmt
->byCSSGK
== KEY_CTL_TKIP
)
1211 byDecMode
= KEY_CTL_TKIP
;
1212 else if (pMgmt
->byCSSGK
== KEY_CTL_CCMP
)
1213 byDecMode
= KEY_CTL_CCMP
;
1217 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"AES:%d %d %d\n", pMgmt
->byCSSPK
, pMgmt
->byCSSGK
, byDecMode
);
1220 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"pKey == NULL\n");
1221 if (byDecMode
== KEY_CTL_WEP
) {
1222 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1223 } else if (pDevice
->bLinkPass
== TRUE
) {
1224 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1228 if (byDecMode
!= pKey
->byCipherSuite
) {
1229 if (byDecMode
== KEY_CTL_WEP
) {
1230 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1231 } else if (pDevice
->bLinkPass
== TRUE
) {
1232 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1237 if (byDecMode
== KEY_CTL_WEP
) {
1239 if ((pDevice
->byLocalID
<= REV_ID_VT3253_A1
) ||
1240 (((PSKeyTable
)(pKey
->pvKeyTable
))->bSoftWEP
== TRUE
)) {
1245 PayloadLen
-= (WLAN_HDR_ADDR3_LEN
+ 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1246 memcpy(pDevice
->abyPRNG
, pbyIV
, 3);
1247 memcpy(pDevice
->abyPRNG
+ 3, pKey
->abyKey
, pKey
->uKeyLength
);
1248 rc4_init(&pDevice
->SBox
, pDevice
->abyPRNG
, pKey
->uKeyLength
+ 3);
1249 rc4_encrypt(&pDevice
->SBox
, pbyIV
+4, pbyIV
+4, PayloadLen
);
1251 if (ETHbIsBufferCrc32Ok(pbyIV
+4, PayloadLen
)) {
1252 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1255 } else if ((byDecMode
== KEY_CTL_TKIP
) ||
1256 (byDecMode
== KEY_CTL_CCMP
)) {
1259 PayloadLen
-= (WLAN_HDR_ADDR3_LEN
+ 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1260 *pdwRxTSC47_16
= cpu_to_le32(*(PDWORD
)(pbyIV
+ 4));
1261 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ExtIV: %lx\n",*pdwRxTSC47_16
);
1262 if (byDecMode
== KEY_CTL_TKIP
) {
1263 *pwRxTSC15_0
= cpu_to_le16(MAKEWORD(*(pbyIV
+2), *pbyIV
));
1265 *pwRxTSC15_0
= cpu_to_le16(*(PWORD
)pbyIV
);
1267 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"TSC0_15: %x\n", *pwRxTSC15_0
);
1269 if ((byDecMode
== KEY_CTL_TKIP
) &&
1270 (pDevice
->byLocalID
<= REV_ID_VT3253_A1
)) {
1273 PS802_11Header pMACHeader
= (PS802_11Header
) (pbyFrame
);
1274 TKIPvMixKey(pKey
->abyKey
, pMACHeader
->abyAddr2
, *pwRxTSC15_0
, *pdwRxTSC47_16
, pDevice
->abyPRNG
);
1275 rc4_init(&pDevice
->SBox
, pDevice
->abyPRNG
, TKIP_KEY_LEN
);
1276 rc4_encrypt(&pDevice
->SBox
, pbyIV
+8, pbyIV
+8, PayloadLen
);
1277 if (ETHbIsBufferCrc32Ok(pbyIV
+8, PayloadLen
)) {
1278 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1279 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV OK!\n");
1281 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV FAIL!!!\n");
1282 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"PayloadLen = %d\n", PayloadLen
);
1287 if ((*(pbyIV
+3) & 0x20) != 0)
1293 static BOOL
s_bHostWepRxEncryption (
1296 unsigned int FrameSize
,
1303 PDWORD pdwRxTSC47_16
1306 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
1307 unsigned int PayloadLen
= FrameSize
;
1310 BYTE byDecMode
= KEY_CTL_WEP
;
1311 PS802_11Header pMACHeader
;
1318 pbyIV
= pbyFrame
+ WLAN_HDR_ADDR3_LEN
;
1319 if ( WLAN_GET_FC_TODS(*(PWORD
)pbyFrame
) &&
1320 WLAN_GET_FC_FROMDS(*(PWORD
)pbyFrame
) ) {
1321 pbyIV
+= 6; // 6 is 802.11 address4
1324 byKeyIdx
= (*(pbyIV
+3) & 0xc0);
1326 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"\nKeyIdx: %d\n", byKeyIdx
);
1329 if (pMgmt
->byCSSGK
== KEY_CTL_TKIP
)
1330 byDecMode
= KEY_CTL_TKIP
;
1331 else if (pMgmt
->byCSSGK
== KEY_CTL_CCMP
)
1332 byDecMode
= KEY_CTL_CCMP
;
1334 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"AES:%d %d %d\n", pMgmt
->byCSSPK
, pMgmt
->byCSSGK
, byDecMode
);
1336 if (byDecMode
!= pKey
->byCipherSuite
) {
1337 if (byDecMode
== KEY_CTL_WEP
) {
1338 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1339 } else if (pDevice
->bLinkPass
== TRUE
) {
1340 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1345 if (byDecMode
== KEY_CTL_WEP
) {
1347 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"byDecMode == KEY_CTL_WEP \n");
1348 if ((pDevice
->byLocalID
<= REV_ID_VT3253_A1
) ||
1349 (((PSKeyTable
)(pKey
->pvKeyTable
))->bSoftWEP
== TRUE
) ||
1350 (bOnFly
== FALSE
)) {
1356 PayloadLen
-= (WLAN_HDR_ADDR3_LEN
+ 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1357 memcpy(pDevice
->abyPRNG
, pbyIV
, 3);
1358 memcpy(pDevice
->abyPRNG
+ 3, pKey
->abyKey
, pKey
->uKeyLength
);
1359 rc4_init(&pDevice
->SBox
, pDevice
->abyPRNG
, pKey
->uKeyLength
+ 3);
1360 rc4_encrypt(&pDevice
->SBox
, pbyIV
+4, pbyIV
+4, PayloadLen
);
1362 if (ETHbIsBufferCrc32Ok(pbyIV
+4, PayloadLen
)) {
1363 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1366 } else if ((byDecMode
== KEY_CTL_TKIP
) ||
1367 (byDecMode
== KEY_CTL_CCMP
)) {
1370 PayloadLen
-= (WLAN_HDR_ADDR3_LEN
+ 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1371 *pdwRxTSC47_16
= cpu_to_le32(*(PDWORD
)(pbyIV
+ 4));
1372 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ExtIV: %lx\n",*pdwRxTSC47_16
);
1374 if (byDecMode
== KEY_CTL_TKIP
) {
1375 *pwRxTSC15_0
= cpu_to_le16(MAKEWORD(*(pbyIV
+2), *pbyIV
));
1377 *pwRxTSC15_0
= cpu_to_le16(*(PWORD
)pbyIV
);
1379 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"TSC0_15: %x\n", *pwRxTSC15_0
);
1381 if (byDecMode
== KEY_CTL_TKIP
) {
1383 if ((pDevice
->byLocalID
<= REV_ID_VT3253_A1
) || (bOnFly
== FALSE
)) {
1387 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"soft KEY_CTL_TKIP \n");
1388 pMACHeader
= (PS802_11Header
) (pbyFrame
);
1389 TKIPvMixKey(pKey
->abyKey
, pMACHeader
->abyAddr2
, *pwRxTSC15_0
, *pdwRxTSC47_16
, pDevice
->abyPRNG
);
1390 rc4_init(&pDevice
->SBox
, pDevice
->abyPRNG
, TKIP_KEY_LEN
);
1391 rc4_encrypt(&pDevice
->SBox
, pbyIV
+8, pbyIV
+8, PayloadLen
);
1392 if (ETHbIsBufferCrc32Ok(pbyIV
+8, PayloadLen
)) {
1393 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1394 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV OK!\n");
1396 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV FAIL!!!\n");
1397 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"PayloadLen = %d\n", PayloadLen
);
1402 if (byDecMode
== KEY_CTL_CCMP
) {
1403 if (bOnFly
== FALSE
) {
1406 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"soft KEY_CTL_CCMP\n");
1407 if (AESbGenCCMP(pKey
->abyKey
, pbyFrame
, FrameSize
)) {
1408 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1409 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"CCMP MIC compare OK!\n");
1411 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"CCMP MIC fail!\n");
1418 if ((*(pbyIV
+3) & 0x20) != 0)
1425 static BOOL
s_bAPModeRxData (
1427 struct sk_buff
*skb
,
1428 unsigned int FrameSize
,
1429 unsigned int cbHeaderOffset
,
1430 signed int iSANodeIndex
,
1431 signed int iDANodeIndex
1435 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
1436 BOOL bRelayAndForward
= FALSE
;
1437 BOOL bRelayOnly
= FALSE
;
1438 BYTE byMask
[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1442 struct sk_buff
* skbcpy
= NULL
;
1444 if (FrameSize
> CB_MAX_BUF_SIZE
)
1447 if (is_multicast_ether_addr((PBYTE
)(skb
->data
+cbHeaderOffset
))) {
1448 if (pMgmt
->sNodeDBTable
[0].bPSEnable
) {
1450 skbcpy
= dev_alloc_skb((int)pDevice
->rx_buf_sz
);
1452 // if any node in PS mode, buffer packet until DTIM.
1453 if (skbcpy
== NULL
) {
1454 DBG_PRT(MSG_LEVEL_NOTICE
, KERN_INFO
"relay multicast no skb available \n");
1457 skbcpy
->dev
= pDevice
->dev
;
1458 skbcpy
->len
= FrameSize
;
1459 memcpy(skbcpy
->data
, skb
->data
+cbHeaderOffset
, FrameSize
);
1460 skb_queue_tail(&(pMgmt
->sNodeDBTable
[0].sTxPSQueue
), skbcpy
);
1461 pMgmt
->sNodeDBTable
[0].wEnQueueCnt
++;
1463 pMgmt
->abyPSTxMap
[0] |= byMask
[0];
1467 bRelayAndForward
= TRUE
;
1472 if (BSSbIsSTAInNodeDB(pDevice
, (PBYTE
)(skb
->data
+cbHeaderOffset
), &iDANodeIndex
)) {
1473 if (pMgmt
->sNodeDBTable
[iDANodeIndex
].eNodeState
>= NODE_ASSOC
) {
1474 if (pMgmt
->sNodeDBTable
[iDANodeIndex
].bPSEnable
) {
1475 // queue this skb until next PS tx, and then release.
1477 skb
->data
+= cbHeaderOffset
;
1478 skb
->tail
+= cbHeaderOffset
;
1479 skb_put(skb
, FrameSize
);
1480 skb_queue_tail(&pMgmt
->sNodeDBTable
[iDANodeIndex
].sTxPSQueue
, skb
);
1482 pMgmt
->sNodeDBTable
[iDANodeIndex
].wEnQueueCnt
++;
1483 wAID
= pMgmt
->sNodeDBTable
[iDANodeIndex
].wAID
;
1484 pMgmt
->abyPSTxMap
[wAID
>> 3] |= byMask
[wAID
& 7];
1485 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1486 iDANodeIndex
, (wAID
>> 3), pMgmt
->abyPSTxMap
[wAID
>> 3]);
1496 if (bRelayOnly
|| bRelayAndForward
) {
1497 // relay this packet right now
1498 if (bRelayAndForward
)
1501 if ((pDevice
->uAssocCount
> 1) && (iDANodeIndex
>= 0)) {
1502 bRelayPacketSend(pDevice
, (PBYTE
) (skb
->data
+ cbHeaderOffset
),
1503 FrameSize
, (unsigned int) iDANodeIndex
);
1509 // none associate, don't forward
1510 if (pDevice
->uAssocCount
== 0)
1519 void RXvWorkItem(void *Context
)
1521 PSDevice pDevice
= (PSDevice
) Context
;
1525 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---->Rx Polling Thread\n");
1526 spin_lock_irq(&pDevice
->lock
);
1527 while ( MP_TEST_FLAG(pDevice
, fMP_POST_READS
) &&
1528 MP_IS_READY(pDevice
) &&
1529 (pDevice
->NumRecvFreeList
!= 0) ) {
1530 pRCB
= pDevice
->FirstRecvFreeList
;
1531 pDevice
->NumRecvFreeList
--;
1532 ASSERT(pRCB
);// cannot be NULL
1533 DequeueRCB(pDevice
->FirstRecvFreeList
, pDevice
->LastRecvFreeList
);
1534 ntStatus
= PIPEnsBulkInUsbRead(pDevice
, pRCB
);
1536 pDevice
->bIsRxWorkItemQueued
= FALSE
;
1537 spin_unlock_irq(&pDevice
->lock
);
1548 PSDevice pDevice
= (PSDevice
)pRCB
->pDevice
;
1551 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---->RXvFreeRCB\n");
1553 ASSERT(!pRCB
->Ref
); // should be 0
1554 ASSERT(pRCB
->pDevice
); // shouldn't be NULL
1556 if (bReAllocSkb
== TRUE
) {
1557 pRCB
->skb
= dev_alloc_skb((int)pDevice
->rx_buf_sz
);
1558 // todo error handling
1559 if (pRCB
->skb
== NULL
) {
1560 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
" Failed to re-alloc rx skb\n");
1562 pRCB
->skb
->dev
= pDevice
->dev
;
1566 // Insert the RCB back in the Recv free list
1568 EnqueueRCB(pDevice
->FirstRecvFreeList
, pDevice
->LastRecvFreeList
, pRCB
);
1569 pDevice
->NumRecvFreeList
++;
1572 if (MP_TEST_FLAG(pDevice
, fMP_POST_READS
) && MP_IS_READY(pDevice
) &&
1573 (pDevice
->bIsRxWorkItemQueued
== FALSE
) ) {
1575 pDevice
->bIsRxWorkItemQueued
= TRUE
;
1576 tasklet_schedule(&pDevice
->ReadWorkItem
);
1578 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"<----RXFreeRCB %d %d\n",pDevice
->NumRecvFreeList
, pDevice
->NumRecvMngList
);
1582 void RXvMngWorkItem(void *Context
)
1584 PSDevice pDevice
= (PSDevice
) Context
;
1586 PSRxMgmtPacket pRxPacket
;
1587 BOOL bReAllocSkb
= FALSE
;
1589 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---->Rx Mng Thread\n");
1591 spin_lock_irq(&pDevice
->lock
);
1592 while (pDevice
->NumRecvMngList
!=0)
1594 pRCB
= pDevice
->FirstRecvMngList
;
1595 pDevice
->NumRecvMngList
--;
1596 DequeueRCB(pDevice
->FirstRecvMngList
, pDevice
->LastRecvMngList
);
1600 ASSERT(pRCB
);// cannot be NULL
1601 pRxPacket
= &(pRCB
->sMngPacket
);
1602 vMgrRxManagePacket((void *) pDevice
, &(pDevice
->sMgmtObj
), pRxPacket
);
1604 if(pRCB
->Ref
== 0) {
1605 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"RxvFreeMng %d %d\n",pDevice
->NumRecvFreeList
, pDevice
->NumRecvMngList
);
1606 RXvFreeRCB(pRCB
, bReAllocSkb
);
1608 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"Rx Mng Only we have the right to free RCB\n");
1612 pDevice
->bIsRxMngWorkItemQueued
= FALSE
;
1613 spin_unlock_irq(&pDevice
->lock
);