search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
GUI: Fix Tomato RAF theme for all builds. Compilation typo.
[tomato.git] / release / src-rt-6.x.4708 / linux / linux-2.6.36 / drivers / staging / vt6656 / dpc.c
blob80b0d3f278610059421ad4faaf48fb1ae4e0fe49
1 /*
2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
3 * All rights reserved.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * File: dpc.c
20 *
21 * Purpose: handle dpc rx functions
22 *
23 * Author: Lyndon Chen
24 *
25 * Date: May 20, 2003
26 *
27 * Functions:
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
36 *
37 * Revision History:
38 *
39 */
40
41 #include "device.h"
42 #include "rxtx.h"
43 #include "tether.h"
44 #include "card.h"
45 #include "bssdb.h"
46 #include "mac.h"
47 #include "baseband.h"
48 #include "michael.h"
49 #include "tkip.h"
50 #include "tcrc.h"
51 #include "wctl.h"
52 #include "hostap.h"
53 #include "rf.h"
54 #include "iowpa.h"
55 #include "aes_ccmp.h"
56 #include "datarate.h"
57 #include "usbpipe.h"
58
59 /*--------------------- Static Definitions -------------------------*/
60
61 /*--------------------- Static Classes ----------------------------*/
62
63 /*--------------------- Static Variables --------------------------*/
64 //static int msglevel =MSG_LEVEL_DEBUG;
65 static int msglevel =MSG_LEVEL_INFO;
66
67 const BYTE acbyRxRate[MAX_RATE] =
68 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
69
70
71 /*--------------------- Static Functions --------------------------*/
72
73 /*--------------------- Static Definitions -------------------------*/
74
75 /*--------------------- Static Functions --------------------------*/
76
77 static BYTE s_byGetRateIdx(BYTE byRate);
78
79 static
80 void
81 s_vGetDASA(
82 PBYTE pbyRxBufferAddr,
83 unsigned int *pcbHeaderSize,
84 PSEthernetHeader psEthHeader
85 );
86
87 static
88 void
89 s_vProcessRxMACHeader (
90 PSDevice pDevice,
91 PBYTE pbyRxBufferAddr,
92 unsigned int cbPacketSize,
93 BOOL bIsWEP,
94 BOOL bExtIV,
95 unsigned int *pcbHeadSize
96 );
97
98 static BOOL s_bAPModeRxCtl(
99 PSDevice pDevice,
100 PBYTE pbyFrame,
101 signed int iSANodeIndex
102 );
103
104
105
106 static BOOL s_bAPModeRxData (
107 PSDevice pDevice,
108 struct sk_buff *skb,
109 unsigned int FrameSize,
110 unsigned int cbHeaderOffset,
111 signed int iSANodeIndex,
112 signed int iDANodeIndex
113 );
114
115
116 static BOOL s_bHandleRxEncryption(
117 PSDevice pDevice,
118 PBYTE pbyFrame,
119 unsigned int FrameSize,
120 PBYTE pbyRsr,
121 PBYTE pbyNewRsr,
122 PSKeyItem * pKeyOut,
123 int * pbExtIV,
124 PWORD pwRxTSC15_0,
125 PDWORD pdwRxTSC47_16
126 );
127
128 static BOOL s_bHostWepRxEncryption(
129
130 PSDevice pDevice,
131 PBYTE pbyFrame,
132 unsigned int FrameSize,
133 PBYTE pbyRsr,
134 BOOL bOnFly,
135 PSKeyItem pKey,
136 PBYTE pbyNewRsr,
137 int * pbExtIV,
138 PWORD pwRxTSC15_0,
139 PDWORD pdwRxTSC47_16
140
141 );
142
143 /*--------------------- Export Variables --------------------------*/
144
145 /*+
146 *
147 * Description:
148 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
149 *
150 * Parameters:
151 * In:
152 * pDevice
153 * dwRxBufferAddr - Address of Rcv Buffer
154 * cbPacketSize - Rcv Packet size
155 * bIsWEP - If Rcv with WEP
156 * Out:
157 * pcbHeaderSize - 802.11 header size
158 *
159 * Return Value: None
160 *
161 -*/
162 static
163 void
164 s_vProcessRxMACHeader (
165 PSDevice pDevice,
166 PBYTE pbyRxBufferAddr,
167 unsigned int cbPacketSize,
168 BOOL bIsWEP,
169 BOOL bExtIV,
170 unsigned int *pcbHeadSize
171 )
172 {
173 PBYTE pbyRxBuffer;
174 unsigned int cbHeaderSize = 0;
175 PWORD pwType;
176 PS802_11Header pMACHeader;
177 int ii;
178
179
180 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
181
182 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
183
184 if (bIsWEP) {
185 if (bExtIV) {
186 // strip IV&ExtIV , add 8 byte
187 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
188 } else {
189 // strip IV , add 4 byte
190 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
191 }
192 }
193 else {
194 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
195 };
196
197 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
198 if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
199 cbHeaderSize += 6;
200 } else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
201 cbHeaderSize += 6;
202 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
203 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
204 }
205 else {
206 cbHeaderSize -= 8;
207 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
208 if (bIsWEP) {
209 if (bExtIV) {
210 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
211 } else {
212 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
213 }
214 }
215 else {
216 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
217 }
218 }
219 }
220 else {
221 cbHeaderSize -= 2;
222 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
223 if (bIsWEP) {
224 if (bExtIV) {
225 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
226 } else {
227 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
228 }
229 }
230 else {
231 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
232 }
233 }
234
235 cbHeaderSize -= (ETH_ALEN * 2);
236 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
237 for (ii = 0; ii < ETH_ALEN; ii++)
238 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
239 for (ii = 0; ii < ETH_ALEN; ii++)
240 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
241
242 *pcbHeadSize = cbHeaderSize;
243 }
244
245
246
247
248 static BYTE s_byGetRateIdx(BYTE byRate)
249 {
250 BYTE byRateIdx;
251
252 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
253 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
254 return byRateIdx;
255 }
256 return 0;
257 }
258
259
260 static
261 void
262 s_vGetDASA (
263 PBYTE pbyRxBufferAddr,
264 unsigned int *pcbHeaderSize,
265 PSEthernetHeader psEthHeader
266 )
267 {
268 unsigned int cbHeaderSize = 0;
269 PS802_11Header pMACHeader;
270 int ii;
271
272 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
273
274 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
275 if (pMACHeader->wFrameCtl & FC_FROMDS) {
276 for (ii = 0; ii < ETH_ALEN; ii++) {
277 psEthHeader->abyDstAddr[ii] =
278 pMACHeader->abyAddr1[ii];
279 psEthHeader->abySrcAddr[ii] =
280 pMACHeader->abyAddr3[ii];
281 }
282 } else {
283 /* IBSS mode */
284 for (ii = 0; ii < ETH_ALEN; ii++) {
285 psEthHeader->abyDstAddr[ii] =
286 pMACHeader->abyAddr1[ii];
287 psEthHeader->abySrcAddr[ii] =
288 pMACHeader->abyAddr2[ii];
289 }
290 }
291 } else {
292 /* Is AP mode.. */
293 if (pMACHeader->wFrameCtl & FC_FROMDS) {
294 for (ii = 0; ii < ETH_ALEN; ii++) {
295 psEthHeader->abyDstAddr[ii] =
296 pMACHeader->abyAddr3[ii];
297 psEthHeader->abySrcAddr[ii] =
298 pMACHeader->abyAddr4[ii];
299 cbHeaderSize += 6;
300 }
301 } else {
302 for (ii = 0; ii < ETH_ALEN; ii++) {
303 psEthHeader->abyDstAddr[ii] =
304 pMACHeader->abyAddr3[ii];
305 psEthHeader->abySrcAddr[ii] =
306 pMACHeader->abyAddr2[ii];
307 }
308 }
309 };
310 *pcbHeaderSize = cbHeaderSize;
311 }
312
313
314
315
316 BOOL
317 RXbBulkInProcessData (
318 PSDevice pDevice,
319 PRCB pRCB,
320 unsigned long BytesToIndicate
321 )
322 {
323
324 struct net_device_stats* pStats=&pDevice->stats;
325 struct sk_buff* skb;
326 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
327 PSRxMgmtPacket pRxPacket = &(pMgmt->sRxPacket);
328 PS802_11Header p802_11Header;
329 PBYTE pbyRsr;
330 PBYTE pbyNewRsr;
331 PBYTE pbyRSSI;
332 PQWORD pqwTSFTime;
333 PBYTE pbyFrame;
334 BOOL bDeFragRx = FALSE;
335 unsigned int cbHeaderOffset;
336 unsigned int FrameSize;
337 WORD wEtherType = 0;
338 signed int iSANodeIndex = -1;
339 signed int iDANodeIndex = -1;
340 unsigned int ii;
341 unsigned int cbIVOffset;
342 PBYTE pbyRxSts;
343 PBYTE pbyRxRate;
344 PBYTE pbySQ;
345 PBYTE pby3SQ;
346 unsigned int cbHeaderSize;
347 PSKeyItem pKey = NULL;
348 WORD wRxTSC15_0 = 0;
349 DWORD dwRxTSC47_16 = 0;
350 SKeyItem STempKey;
351 // 802.11h RPI
352 /* signed long ldBm = 0; */
353 BOOL bIsWEP = FALSE;
354 BOOL bExtIV = FALSE;
355 DWORD dwWbkStatus;
356 PRCB pRCBIndicate = pRCB;
357 PBYTE pbyDAddress;
358 PWORD pwPLCP_Length;
359 BYTE abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108};
360 WORD wPLCPwithPadding;
361 PS802_11Header pMACHeader;
362 BOOL bRxeapol_key = FALSE;
363
364
365
366 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n");
367
368 skb = pRCB->skb;
369
370 //[31:16]RcvByteCount ( not include 4-byte Status )
371 dwWbkStatus = *( (PDWORD)(skb->data) );
372 FrameSize = (unsigned int)(dwWbkStatus >> 16);
373 FrameSize += 4;
374
375 if (BytesToIndicate != FrameSize) {
376 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
377 return FALSE;
378 }
379
380 if ((BytesToIndicate > 2372)||(BytesToIndicate <= 40)) {
381 // Frame Size error drop this packet.
382 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n");
383 return FALSE;
384 }
385
386 pbyDAddress = (PBYTE)(skb->data);
387 pbyRxSts = pbyDAddress+4;
388 pbyRxRate = pbyDAddress+5;
389
390 //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding
391 //if SQ3 the range is 24~27, if no SQ3 the range is 20~23
392 //real Frame size in PLCPLength field.
393 pwPLCP_Length = (PWORD) (pbyDAddress + 6);
394 //Fix hardware bug => PLCP_Length error
395 if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) ||
396 ((BytesToIndicate - (*pwPLCP_Length)) < 24) ||
397 (BytesToIndicate < (*pwPLCP_Length)) ) {
398
399 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length);
400 ASSERT(0);
401 return FALSE;
402 }
403 for ( ii=RATE_1M;ii<MAX_RATE;ii++) {
404 if ( *pbyRxRate == abyVaildRate[ii] ) {
405 break;
406 }
407 }
408 if ( ii==MAX_RATE ) {
409 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate);
410 return FALSE;
411 }
412
413 wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4;
414
415 pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding);
416 if(pDevice->byBBType == BB_TYPE_11G) {
417 pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12;
418 pbySQ = pby3SQ;
419 }
420 else {
421 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
422 pby3SQ = pbySQ;
423 }
424 pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9;
425 pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10;
426 pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11;
427
428 FrameSize = *pwPLCP_Length;
429
430 pbyFrame = pbyDAddress + 8;
431 // update receive statistic counter
432
433 STAvUpdateRDStatCounter(&pDevice->scStatistic,
434 *pbyRsr,
435 *pbyNewRsr,
436 *pbyRxSts,
437 *pbyRxRate,
438 pbyFrame,
439 FrameSize
440 );
441
442
443 pMACHeader = (PS802_11Header) pbyFrame;
444
445 //mike add: to judge if current AP is activated?
446 if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) ||
447 (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) {
448 if (pMgmt->sNodeDBTable[0].bActive) {
449 if (!compare_ether_addr(pMgmt->abyCurrBSSID, pMACHeader->abyAddr2)) {
450 if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
451 pMgmt->sNodeDBTable[0].uInActiveCount = 0;
452 }
453 }
454 }
455
456 if (!is_multicast_ether_addr(pMACHeader->abyAddr1) && !is_broadcast_ether_addr(pMACHeader->abyAddr1)) {
457 if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) {
458 pDevice->s802_11Counter.FrameDuplicateCount++;
459 return FALSE;
460 }
461
462 if (compare_ether_addr(pDevice->abyCurrentNetAddr,
463 pMACHeader->abyAddr1)) {
464 return FALSE;
465 }
466 }
467
468
469 // Use for TKIP MIC
470 s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader);
471
472 if (!compare_ether_addr((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]),
473 pDevice->abyCurrentNetAddr))
474 return FALSE;
475
476 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
477 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
478 p802_11Header = (PS802_11Header) (pbyFrame);
479 // get SA NodeIndex
480 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
481 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
482 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
483 }
484 }
485 }
486
487 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
488 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
489 return FALSE;
490 }
491 }
492
493
494 if (IS_FC_WEP(pbyFrame)) {
495 BOOL bRxDecryOK = FALSE;
496
497 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
498 bIsWEP = TRUE;
499 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
500 pKey = &STempKey;
501 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
502 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
503 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
504 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
505 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
506 memcpy(pKey->abyKey,
507 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
508 pKey->uKeyLength
509 );
510
511 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
512 pbyFrame,
513 FrameSize,
514 pbyRsr,
515 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
516 pKey,
517 pbyNewRsr,
518 &bExtIV,
519 &wRxTSC15_0,
520 &dwRxTSC47_16);
521 } else {
522 bRxDecryOK = s_bHandleRxEncryption(pDevice,
523 pbyFrame,
524 FrameSize,
525 pbyRsr,
526 pbyNewRsr,
527 &pKey,
528 &bExtIV,
529 &wRxTSC15_0,
530 &dwRxTSC47_16);
531 }
532
533 if (bRxDecryOK) {
534 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
535 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
536 if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
537 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
538 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
539 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
540 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
541
542 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
543 pDevice->s802_11Counter.TKIPICVErrors++;
544 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
545 pDevice->s802_11Counter.CCMPDecryptErrors++;
546 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
547 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
548 }
549 }
550 return FALSE;
551 }
552 } else {
553 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
554 return FALSE;
555 }
556 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
557 FrameSize -= 8; // Message Integrity Code
558 else
559 FrameSize -= 4; // 4 is ICV
560 }
561
562
563 //
564 // RX OK
565 //
566 /* remove the FCS/CRC length */
567 FrameSize -= ETH_FCS_LEN;
568
569 if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) && // unicast address
570 (IS_FRAGMENT_PKT((pbyFrame)))
571 ) {
572 // defragment
573 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV);
574 pDevice->s802_11Counter.ReceivedFragmentCount++;
575 if (bDeFragRx) {
576 // defrag complete
577 // TODO skb, pbyFrame
578 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
579 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
580 pbyFrame = skb->data + 8;
581 }
582 else {
583 return FALSE;
584 }
585 }
586
587 //
588 // Management & Control frame Handle
589 //
590 if ((IS_TYPE_DATA((pbyFrame))) == FALSE) {
591 // Handle Control & Manage Frame
592
593 if (IS_TYPE_MGMT((pbyFrame))) {
594 PBYTE pbyData1;
595 PBYTE pbyData2;
596
597 pRxPacket = &(pRCB->sMngPacket);
598 pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame);
599 pRxPacket->cbMPDULen = FrameSize;
600 pRxPacket->uRSSI = *pbyRSSI;
601 pRxPacket->bySQ = *pbySQ;
602 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
603 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
604 if (bIsWEP) {
605 // strip IV
606 pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame);
607 pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4;
608 for (ii = 0; ii < (FrameSize - 4); ii++) {
609 *pbyData1 = *pbyData2;
610 pbyData1++;
611 pbyData2++;
612 }
613 }
614
615 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
616
617 if ( *pbyRxSts == 0 ) {
618 //Discard beacon packet which channel is 0
619 if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) ||
620 (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) {
621 return TRUE;
622 }
623 }
624 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
625
626 // hostap Deamon handle 802.11 management
627 if (pDevice->bEnableHostapd) {
628 skb->dev = pDevice->apdev;
629 //skb->data += 4;
630 //skb->tail += 4;
631 skb->data += 8;
632 skb->tail += 8;
633 skb_put(skb, FrameSize);
634 skb_reset_mac_header(skb);
635 skb->pkt_type = PACKET_OTHERHOST;
636 skb->protocol = htons(ETH_P_802_2);
637 memset(skb->cb, 0, sizeof(skb->cb));
638 netif_rx(skb);
639 return TRUE;
640 }
641
642 //
643 // Insert the RCB in the Recv Mng list
644 //
645 EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate);
646 pDevice->NumRecvMngList++;
647 if ( bDeFragRx == FALSE) {
648 pRCB->Ref++;
649 }
650 if (pDevice->bIsRxMngWorkItemQueued == FALSE) {
651 pDevice->bIsRxMngWorkItemQueued = TRUE;
652 tasklet_schedule(&pDevice->RxMngWorkItem);
653 }
654
655 }
656 else {
657 // Control Frame
658 };
659 return FALSE;
660 }
661 else {
662 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
663 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
664 if ( !(*pbyRsr & RSR_BSSIDOK)) {
665 if (bDeFragRx) {
666 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
667 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
668 pDevice->dev->name);
669 }
670 }
671 return FALSE;
672 }
673 }
674 else {
675 // discard DATA packet while not associate || BSSID error
676 if ((pDevice->bLinkPass == FALSE) ||
677 !(*pbyRsr & RSR_BSSIDOK)) {
678 if (bDeFragRx) {
679 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
680 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
681 pDevice->dev->name);
682 }
683 }
684 return FALSE;
685 }
686 //mike add:station mode check eapol-key challenge--->
687 {
688 BYTE Protocol_Version; //802.1x Authentication
689 BYTE Packet_Type; //802.1x Authentication
690 BYTE Descriptor_type;
691 WORD Key_info;
692 if (bIsWEP)
693 cbIVOffset = 8;
694 else
695 cbIVOffset = 0;
696 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
697 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
698 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
699 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
700 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
701 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
702 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive
703 bRxeapol_key = TRUE;
704 Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2];
705 Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ;
706 if(Descriptor_type==2) { //RSN
707 // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info);
708 }
709 else if(Descriptor_type==254) {
710 // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info);
711 }
712 }
713 }
714 }
715 //mike add:station mode check eapol-key challenge<---
716 }
717 }
718
719
720 // Data frame Handle
721
722
723 if (pDevice->bEnablePSMode) {
724 if (IS_FC_MOREDATA((pbyFrame))) {
725 if (*pbyRsr & RSR_ADDROK) {
726 //PSbSendPSPOLL((PSDevice)pDevice);
727 }
728 }
729 else {
730 if (pMgmt->bInTIMWake == TRUE) {
731 pMgmt->bInTIMWake = FALSE;
732 }
733 }
734 };
735
736 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
737 if (pDevice->bDiversityEnable && (FrameSize>50) &&
738 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
739 (pDevice->bLinkPass == TRUE)) {
740 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
741 }
742
743 // ++++++++ For BaseBand Algorithm +++++++++++++++
744 pDevice->uCurrRSSI = *pbyRSSI;
745 pDevice->byCurrSQ = *pbySQ;
746
747 // todo
748 /*
749 if ((*pbyRSSI != 0) &&
750 (pMgmt->pCurrBSS!=NULL)) {
751 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
752 // Moniter if RSSI is too strong.
753 pMgmt->pCurrBSS->byRSSIStatCnt++;
754 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
755 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
756 for (ii = 0; ii < RSSI_STAT_COUNT; ii++) {
757 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
758 pMgmt->pCurrBSS->ldBmMAX =
759 max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
760 }
761 }
762 }
763 */
764
765
766 // -----------------------------------------------
767
768 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
769 BYTE abyMacHdr[24];
770
771 // Only 802.1x packet incoming allowed
772 if (bIsWEP)
773 cbIVOffset = 8;
774 else
775 cbIVOffset = 0;
776 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
777 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
778
779 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
780 if (wEtherType == ETH_P_PAE) {
781 skb->dev = pDevice->apdev;
782
783 if (bIsWEP == TRUE) {
784 // strip IV header(8)
785 memcpy(&abyMacHdr[0], (skb->data + 8), 24);
786 memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24);
787 }
788
789 skb->data += (cbIVOffset + 8);
790 skb->tail += (cbIVOffset + 8);
791 skb_put(skb, FrameSize);
792 skb_reset_mac_header(skb);
793 skb->pkt_type = PACKET_OTHERHOST;
794 skb->protocol = htons(ETH_P_802_2);
795 memset(skb->cb, 0, sizeof(skb->cb));
796 netif_rx(skb);
797 return TRUE;
798
799 }
800 // check if 802.1x authorized
801 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
802 return FALSE;
803 }
804
805
806 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
807 if (bIsWEP) {
808 FrameSize -= 8; //MIC
809 }
810 }
811
812 //--------------------------------------------------------------------------------
813 // Soft MIC
814 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
815 if (bIsWEP) {
816 PDWORD pdwMIC_L;
817 PDWORD pdwMIC_R;
818 DWORD dwMIC_Priority;
819 DWORD dwMICKey0 = 0, dwMICKey1 = 0;
820 DWORD dwLocalMIC_L = 0;
821 DWORD dwLocalMIC_R = 0;
822 viawget_wpa_header *wpahdr;
823
824
825 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
826 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
827 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
828 }
829 else {
830 if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
831 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
832 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
833 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
834 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
835 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
836 } else {
837 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
838 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
839 }
840 }
841
842 MIC_vInit(dwMICKey0, dwMICKey1);
843 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
844 dwMIC_Priority = 0;
845 MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
846 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
847 MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8),
848 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
849 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
850 MIC_vUnInit();
851
852 pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize);
853 pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4);
854
855
856 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
857 (pDevice->bRxMICFail == TRUE)) {
858 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
859 pDevice->bRxMICFail = FALSE;
860 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
861 pDevice->s802_11Counter.TKIPLocalMICFailures++;
862 if (bDeFragRx) {
863 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
864 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
865 pDevice->dev->name);
866 }
867 }
868 //2008-0409-07, <Add> by Einsn Liu
869 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
870 //send event to wpa_supplicant
871 //if(pDevice->bWPASuppWextEnabled == TRUE)
872 {
873 union iwreq_data wrqu;
874 struct iw_michaelmicfailure ev;
875 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
876 memset(&ev, 0, sizeof(ev));
877 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
878 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
879 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
880 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
881 ev.flags |= IW_MICFAILURE_PAIRWISE;
882 } else {
883 ev.flags |= IW_MICFAILURE_GROUP;
884 }
885
886 ev.src_addr.sa_family = ARPHRD_ETHER;
887 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
888 memset(&wrqu, 0, sizeof(wrqu));
889 wrqu.data.length = sizeof(ev);
890 PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
891 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
892
893 }
894 #endif
895
896
897 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
898 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
899 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
900 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
901 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
902 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
903 wpahdr->type = VIAWGET_PTK_MIC_MSG;
904 } else {
905 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
906 wpahdr->type = VIAWGET_GTK_MIC_MSG;
907 }
908 wpahdr->resp_ie_len = 0;
909 wpahdr->req_ie_len = 0;
910 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
911 pDevice->skb->dev = pDevice->wpadev;
912 skb_reset_mac_header(pDevice->skb);
913 pDevice->skb->pkt_type = PACKET_HOST;
914 pDevice->skb->protocol = htons(ETH_P_802_2);
915 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
916 netif_rx(pDevice->skb);
917 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
918 };
919
920 return FALSE;
921
922 }
923 }
924 } //---end of SOFT MIC-----------------------------------------------------------------------
925
926 // ++++++++++ Reply Counter Check +++++++++++++
927
928 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
929 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
930 if (bIsWEP) {
931 WORD wLocalTSC15_0 = 0;
932 DWORD dwLocalTSC47_16 = 0;
933 unsigned long long RSC = 0;
934 // endian issues
935 RSC = *((unsigned long long *) &(pKey->KeyRSC));
936 wLocalTSC15_0 = (WORD) RSC;
937 dwLocalTSC47_16 = (DWORD) (RSC>>16);
938
939 RSC = dwRxTSC47_16;
940 RSC <<= 16;
941 RSC += wRxTSC15_0;
942 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
943
944 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
945 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
946 // check RSC
947 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
948 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
949 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
950 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
951 if (pKey->byCipherSuite == KEY_CTL_TKIP)
952 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
953 pDevice->s802_11Counter.TKIPReplays++;
954 else
955 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
956 pDevice->s802_11Counter.CCMPReplays++;
957
958 if (bDeFragRx) {
959 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
960 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
961 pDevice->dev->name);
962 }
963 }
964 return FALSE;
965 }
966 }
967 }
968 } // ----- End of Reply Counter Check --------------------------
969
970
971 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
972 FrameSize -= cbHeaderOffset;
973 cbHeaderOffset += 8; // 8 is Rcv buffer header
974
975 // Null data, framesize = 12
976 if (FrameSize < 12)
977 return FALSE;
978
979 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
980 if (s_bAPModeRxData(pDevice,
981 skb,
982 FrameSize,
983 cbHeaderOffset,
984 iSANodeIndex,
985 iDANodeIndex
986 ) == FALSE) {
987
988 if (bDeFragRx) {
989 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
990 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
991 pDevice->dev->name);
992 }
993 }
994 return FALSE;
995 }
996
997 }
998
999 skb->data += cbHeaderOffset;
1000 skb->tail += cbHeaderOffset;
1001 skb_put(skb, FrameSize);
1002 skb->protocol=eth_type_trans(skb, skb->dev);
1003 skb->ip_summed=CHECKSUM_NONE;
1004 pStats->rx_bytes +=skb->len;
1005 pStats->rx_packets++;
1006 netif_rx(skb);
1007 if (bDeFragRx) {
1008 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1009 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1010 pDevice->dev->name);
1011 }
1012 return FALSE;
1013 }
1014
1015 return TRUE;
1016 }
1017
1018
1019 static BOOL s_bAPModeRxCtl (
1020 PSDevice pDevice,
1021 PBYTE pbyFrame,
1022 signed int iSANodeIndex
1023 )
1024 {
1025 PS802_11Header p802_11Header;
1026 CMD_STATUS Status;
1027 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1028
1029
1030 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1031
1032 p802_11Header = (PS802_11Header) (pbyFrame);
1033 if (!IS_TYPE_MGMT(pbyFrame)) {
1034
1035 // Data & PS-Poll packet
1036 // check frame class
1037 if (iSANodeIndex > 0) {
1038 // frame class 3 fliter & checking
1039 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1040 // send deauth notification
1041 // reason = (6) class 2 received from nonauth sta
1042 vMgrDeAuthenBeginSta(pDevice,
1043 pMgmt,
1044 (PBYTE)(p802_11Header->abyAddr2),
1045 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1046 &Status
1047 );
1048 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1049 return TRUE;
1050 };
1051 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1052 // send deassoc notification
1053 // reason = (7) class 3 received from nonassoc sta
1054 vMgrDisassocBeginSta(pDevice,
1055 pMgmt,
1056 (PBYTE)(p802_11Header->abyAddr2),
1057 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1058 &Status
1059 );
1060 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1061 return TRUE;
1062 };
1063
1064 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1065 // delcare received ps-poll event
1066 if (IS_CTL_PSPOLL(pbyFrame)) {
1067 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1068 bScheduleCommand((void *) pDevice,
1069 WLAN_CMD_RX_PSPOLL,
1070 NULL);
1071 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1072 }
1073 else {
1074 // check Data PS state
1075 // if PW bit off, send out all PS bufferring packets.
1076 if (!IS_FC_POWERMGT(pbyFrame)) {
1077 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1078 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1079 bScheduleCommand((void *) pDevice,
1080 WLAN_CMD_RX_PSPOLL,
1081 NULL);
1082 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1083 }
1084 }
1085 }
1086 else {
1087 if (IS_FC_POWERMGT(pbyFrame)) {
1088 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1089 // Once if STA in PS state, enable multicast bufferring
1090 pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1091 }
1092 else {
1093 // clear all pending PS frame.
1094 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1095 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1096 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1097 bScheduleCommand((void *) pDevice,
1098 WLAN_CMD_RX_PSPOLL,
1099 NULL);
1100 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1101
1102 }
1103 }
1104 }
1105 }
1106 else {
1107 vMgrDeAuthenBeginSta(pDevice,
1108 pMgmt,
1109 (PBYTE)(p802_11Header->abyAddr2),
1110 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1111 &Status
1112 );
1113 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1114 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1115 p802_11Header->abyAddr3[0],
1116 p802_11Header->abyAddr3[1],
1117 p802_11Header->abyAddr3[2],
1118 p802_11Header->abyAddr3[3],
1119 p802_11Header->abyAddr3[4],
1120 p802_11Header->abyAddr3[5]
1121 );
1122 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1123 p802_11Header->abyAddr2[0],
1124 p802_11Header->abyAddr2[1],
1125 p802_11Header->abyAddr2[2],
1126 p802_11Header->abyAddr2[3],
1127 p802_11Header->abyAddr2[4],
1128 p802_11Header->abyAddr2[5]
1129 );
1130 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1131 p802_11Header->abyAddr1[0],
1132 p802_11Header->abyAddr1[1],
1133 p802_11Header->abyAddr1[2],
1134 p802_11Header->abyAddr1[3],
1135 p802_11Header->abyAddr1[4],
1136 p802_11Header->abyAddr1[5]
1137 );
1138 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1139 return TRUE;
1140 }
1141 }
1142 }
1143 return FALSE;
1144
1145 }
1146
1147 static BOOL s_bHandleRxEncryption (
1148 PSDevice pDevice,
1149 PBYTE pbyFrame,
1150 unsigned int FrameSize,
1151 PBYTE pbyRsr,
1152 PBYTE pbyNewRsr,
1153 PSKeyItem * pKeyOut,
1154 int * pbExtIV,
1155 PWORD pwRxTSC15_0,
1156 PDWORD pdwRxTSC47_16
1157 )
1158 {
1159 unsigned int PayloadLen = FrameSize;
1160 PBYTE pbyIV;
1161 BYTE byKeyIdx;
1162 PSKeyItem pKey = NULL;
1163 BYTE byDecMode = KEY_CTL_WEP;
1164 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1165
1166
1167 *pwRxTSC15_0 = 0;
1168 *pdwRxTSC47_16 = 0;
1169
1170 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1171 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1172 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1173 pbyIV += 6; // 6 is 802.11 address4
1174 PayloadLen -= 6;
1175 }
1176 byKeyIdx = (*(pbyIV+3) & 0xc0);
1177 byKeyIdx >>= 6;
1178 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1179
1180 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1181 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1182 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1183 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1184 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1185 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1186 (pMgmt->byCSSPK != KEY_CTL_NONE)) {
1187 // unicast pkt use pairwise key
1188 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1189 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1190 if (pMgmt->byCSSPK == KEY_CTL_TKIP)
1191 byDecMode = KEY_CTL_TKIP;
1192 else if (pMgmt->byCSSPK == KEY_CTL_CCMP)
1193 byDecMode = KEY_CTL_CCMP;
1194 }
1195 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1196 } else {
1197 // use group key
1198 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1199 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1200 byDecMode = KEY_CTL_TKIP;
1201 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1202 byDecMode = KEY_CTL_CCMP;
1203 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1204 }
1205 }
1206 // our WEP only support Default Key
1207 if (pKey == NULL) {
1208 // use default group key
1209 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1210 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1211 byDecMode = KEY_CTL_TKIP;
1212 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1213 byDecMode = KEY_CTL_CCMP;
1214 }
1215 *pKeyOut = pKey;
1216
1217 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1218
1219 if (pKey == NULL) {
1220 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1221 if (byDecMode == KEY_CTL_WEP) {
1222 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1223 } else if (pDevice->bLinkPass == TRUE) {
1224 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1225 }
1226 return FALSE;
1227 }
1228 if (byDecMode != pKey->byCipherSuite) {
1229 if (byDecMode == KEY_CTL_WEP) {
1230 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1231 } else if (pDevice->bLinkPass == TRUE) {
1232 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1233 }
1234 *pKeyOut = NULL;
1235 return FALSE;
1236 }
1237 if (byDecMode == KEY_CTL_WEP) {
1238 // handle WEP
1239 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1240 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1241 // Software WEP
1242 // 1. 3253A
1243 // 2. WEP 256
1244
1245 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1246 memcpy(pDevice->abyPRNG, pbyIV, 3);
1247 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1248 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1249 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1250
1251 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1252 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1253 }
1254 }
1255 } else if ((byDecMode == KEY_CTL_TKIP) ||
1256 (byDecMode == KEY_CTL_CCMP)) {
1257 // TKIP/AES
1258
1259 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1260 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1261 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1262 if (byDecMode == KEY_CTL_TKIP) {
1263 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1264 } else {
1265 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1266 }
1267 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1268
1269 if ((byDecMode == KEY_CTL_TKIP) &&
1270 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1271 // Software TKIP
1272 // 1. 3253 A
1273 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1274 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1275 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1276 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1277 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1278 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1279 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1280 } else {
1281 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1282 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1283 }
1284 }
1285 }// end of TKIP/AES
1286
1287 if ((*(pbyIV+3) & 0x20) != 0)
1288 *pbExtIV = TRUE;
1289 return TRUE;
1290 }
1291
1292
1293 static BOOL s_bHostWepRxEncryption (
1294 PSDevice pDevice,
1295 PBYTE pbyFrame,
1296 unsigned int FrameSize,
1297 PBYTE pbyRsr,
1298 BOOL bOnFly,
1299 PSKeyItem pKey,
1300 PBYTE pbyNewRsr,
1301 int * pbExtIV,
1302 PWORD pwRxTSC15_0,
1303 PDWORD pdwRxTSC47_16
1304 )
1305 {
1306 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1307 unsigned int PayloadLen = FrameSize;
1308 PBYTE pbyIV;
1309 BYTE byKeyIdx;
1310 BYTE byDecMode = KEY_CTL_WEP;
1311 PS802_11Header pMACHeader;
1312
1313
1314
1315 *pwRxTSC15_0 = 0;
1316 *pdwRxTSC47_16 = 0;
1317
1318 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1319 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1320 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1321 pbyIV += 6; // 6 is 802.11 address4
1322 PayloadLen -= 6;
1323 }
1324 byKeyIdx = (*(pbyIV+3) & 0xc0);
1325 byKeyIdx >>= 6;
1326 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1327
1328
1329 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1330 byDecMode = KEY_CTL_TKIP;
1331 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1332 byDecMode = KEY_CTL_CCMP;
1333
1334 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1335
1336 if (byDecMode != pKey->byCipherSuite) {
1337 if (byDecMode == KEY_CTL_WEP) {
1338 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1339 } else if (pDevice->bLinkPass == TRUE) {
1340 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1341 }
1342 return FALSE;
1343 }
1344
1345 if (byDecMode == KEY_CTL_WEP) {
1346 // handle WEP
1347 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1348 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1349 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1350 (bOnFly == FALSE)) {
1351 // Software WEP
1352 // 1. 3253A
1353 // 2. WEP 256
1354 // 3. NotOnFly
1355
1356 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1357 memcpy(pDevice->abyPRNG, pbyIV, 3);
1358 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1359 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1360 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1361
1362 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1363 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1364 }
1365 }
1366 } else if ((byDecMode == KEY_CTL_TKIP) ||
1367 (byDecMode == KEY_CTL_CCMP)) {
1368 // TKIP/AES
1369
1370 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1371 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1372 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1373
1374 if (byDecMode == KEY_CTL_TKIP) {
1375 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1376 } else {
1377 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1378 }
1379 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1380
1381 if (byDecMode == KEY_CTL_TKIP) {
1382
1383 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1384 // Software TKIP
1385 // 1. 3253 A
1386 // 2. NotOnFly
1387 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1388 pMACHeader = (PS802_11Header) (pbyFrame);
1389 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1390 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1391 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1392 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1393 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1394 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1395 } else {
1396 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1397 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1398 }
1399 }
1400 }
1401
1402 if (byDecMode == KEY_CTL_CCMP) {
1403 if (bOnFly == FALSE) {
1404 // Software CCMP
1405 // NotOnFly
1406 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1407 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1408 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1409 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1410 } else {
1411 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1412 }
1413 }
1414 }
1415
1416 }// end of TKIP/AES
1417
1418 if ((*(pbyIV+3) & 0x20) != 0)
1419 *pbExtIV = TRUE;
1420 return TRUE;
1421 }
1422
1423
1424
1425 static BOOL s_bAPModeRxData (
1426 PSDevice pDevice,
1427 struct sk_buff *skb,
1428 unsigned int FrameSize,
1429 unsigned int cbHeaderOffset,
1430 signed int iSANodeIndex,
1431 signed int iDANodeIndex
1432 )
1433
1434 {
1435 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1436 BOOL bRelayAndForward = FALSE;
1437 BOOL bRelayOnly = FALSE;
1438 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1439 WORD wAID;
1440
1441
1442 struct sk_buff* skbcpy = NULL;
1443
1444 if (FrameSize > CB_MAX_BUF_SIZE)
1445 return FALSE;
1446 // check DA
1447 if (is_multicast_ether_addr((PBYTE)(skb->data+cbHeaderOffset))) {
1448 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1449
1450 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1451
1452 // if any node in PS mode, buffer packet until DTIM.
1453 if (skbcpy == NULL) {
1454 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1455 }
1456 else {
1457 skbcpy->dev = pDevice->dev;
1458 skbcpy->len = FrameSize;
1459 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1460 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1461 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1462 // set tx map
1463 pMgmt->abyPSTxMap[0] |= byMask[0];
1464 }
1465 }
1466 else {
1467 bRelayAndForward = TRUE;
1468 }
1469 }
1470 else {
1471 // check if relay
1472 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1473 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1474 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1475 // queue this skb until next PS tx, and then release.
1476
1477 skb->data += cbHeaderOffset;
1478 skb->tail += cbHeaderOffset;
1479 skb_put(skb, FrameSize);
1480 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1481
1482 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1483 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1484 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1485 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1486 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1487 return TRUE;
1488 }
1489 else {
1490 bRelayOnly = TRUE;
1491 }
1492 }
1493 };
1494 }
1495
1496 if (bRelayOnly || bRelayAndForward) {
1497 // relay this packet right now
1498 if (bRelayAndForward)
1499 iDANodeIndex = 0;
1500
1501 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1502 bRelayPacketSend(pDevice, (PBYTE) (skb->data + cbHeaderOffset),
1503 FrameSize, (unsigned int) iDANodeIndex);
1504 }
1505
1506 if (bRelayOnly)
1507 return FALSE;
1508 }
1509 // none associate, don't forward
1510 if (pDevice->uAssocCount == 0)
1511 return FALSE;
1512
1513 return TRUE;
1514 }
1515
1516
1517
1518
1519 void RXvWorkItem(void *Context)
1520 {
1521 PSDevice pDevice = (PSDevice) Context;
1522 int ntStatus;
1523 PRCB pRCB=NULL;
1524
1525 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n");
1526 spin_lock_irq(&pDevice->lock);
1527 while ( MP_TEST_FLAG(pDevice, fMP_POST_READS) &&
1528 MP_IS_READY(pDevice) &&
1529 (pDevice->NumRecvFreeList != 0) ) {
1530 pRCB = pDevice->FirstRecvFreeList;
1531 pDevice->NumRecvFreeList--;
1532 ASSERT(pRCB);// cannot be NULL
1533 DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList);
1534 ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB);
1535 }
1536 pDevice->bIsRxWorkItemQueued = FALSE;
1537 spin_unlock_irq(&pDevice->lock);
1538
1539 }
1540
1541
1542 void
1543 RXvFreeRCB(
1544 PRCB pRCB,
1545 BOOL bReAllocSkb
1546 )
1547 {
1548 PSDevice pDevice = (PSDevice)pRCB->pDevice;
1549
1550
1551 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n");
1552
1553 ASSERT(!pRCB->Ref); // should be 0
1554 ASSERT(pRCB->pDevice); // shouldn't be NULL
1555
1556 if (bReAllocSkb == TRUE) {
1557 pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1558 // todo error handling
1559 if (pRCB->skb == NULL) {
1560 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n");
1561 }else {
1562 pRCB->skb->dev = pDevice->dev;
1563 }
1564 }
1565 //
1566 // Insert the RCB back in the Recv free list
1567 //
1568 EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB);
1569 pDevice->NumRecvFreeList++;
1570
1571
1572 if (MP_TEST_FLAG(pDevice, fMP_POST_READS) && MP_IS_READY(pDevice) &&
1573 (pDevice->bIsRxWorkItemQueued == FALSE) ) {
1574
1575 pDevice->bIsRxWorkItemQueued = TRUE;
1576 tasklet_schedule(&pDevice->ReadWorkItem);
1577 }
1578 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1579 }
1580
1581
1582 void RXvMngWorkItem(void *Context)
1583 {
1584 PSDevice pDevice = (PSDevice) Context;
1585 PRCB pRCB=NULL;
1586 PSRxMgmtPacket pRxPacket;
1587 BOOL bReAllocSkb = FALSE;
1588
1589 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n");
1590
1591 spin_lock_irq(&pDevice->lock);
1592 while (pDevice->NumRecvMngList!=0)
1593 {
1594 pRCB = pDevice->FirstRecvMngList;
1595 pDevice->NumRecvMngList--;
1596 DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList);
1597 if(!pRCB){
1598 break;
1599 }
1600 ASSERT(pRCB);// cannot be NULL
1601 pRxPacket = &(pRCB->sMngPacket);
1602 vMgrRxManagePacket((void *) pDevice, &(pDevice->sMgmtObj), pRxPacket);
1603 pRCB->Ref--;
1604 if(pRCB->Ref == 0) {
1605 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1606 RXvFreeRCB(pRCB, bReAllocSkb);
1607 } else {
1608 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n");
1609 }
1610 }
1611
1612 pDevice->bIsRxMngWorkItemQueued = FALSE;
1613 spin_unlock_irq(&pDevice->lock);
1614
1615 }
Tomato firmware and modifications.