2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * Purpose: handle dpc rx functions
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
59 /*--------------------- Static Definitions -------------------------*/
61 /*--------------------- Static Classes ----------------------------*/
63 /*--------------------- Static Variables --------------------------*/
64 //static int msglevel =MSG_LEVEL_DEBUG;
65 static int msglevel
=MSG_LEVEL_INFO
;
67 const BYTE acbyRxRate
[MAX_RATE
] =
68 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
71 /*--------------------- Static Functions --------------------------*/
73 /*--------------------- Static Definitions -------------------------*/
75 /*--------------------- Static Functions --------------------------*/
77 static BYTE
s_byGetRateIdx(BYTE byRate
);
82 PBYTE pbyRxBufferAddr
,
84 PSEthernetHeader psEthHeader
89 s_vProcessRxMACHeader (
91 PBYTE pbyRxBufferAddr
,
98 static BOOL
s_bAPModeRxCtl(
101 signed int iSANodeIndex
106 static BOOL
s_bAPModeRxData (
111 signed int iSANodeIndex
,
112 signed int iDANodeIndex
116 static BOOL
s_bHandleRxEncryption(
128 static BOOL
s_bHostWepRxEncryption(
143 /*--------------------- Export Variables --------------------------*/
148 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
153 * dwRxBufferAddr - Address of Rcv Buffer
154 * cbPacketSize - Rcv Packet size
155 * bIsWEP - If Rcv with WEP
157 * pcbHeaderSize - 802.11 header size
164 s_vProcessRxMACHeader (
166 PBYTE pbyRxBufferAddr
,
174 UINT cbHeaderSize
= 0;
176 PS802_11Header pMACHeader
;
180 pMACHeader
= (PS802_11Header
) (pbyRxBufferAddr
+ cbHeaderSize
);
182 s_vGetDASA((PBYTE
)pMACHeader
, &cbHeaderSize
, &pDevice
->sRxEthHeader
);
186 // strip IV&ExtIV , add 8 byte
187 cbHeaderSize
+= (WLAN_HDR_ADDR3_LEN
+ 8);
189 // strip IV , add 4 byte
190 cbHeaderSize
+= (WLAN_HDR_ADDR3_LEN
+ 4);
194 cbHeaderSize
+= WLAN_HDR_ADDR3_LEN
;
197 pbyRxBuffer
= (PBYTE
) (pbyRxBufferAddr
+ cbHeaderSize
);
198 if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer
, &pDevice
->abySNAP_Bridgetunnel
[0])) {
201 else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer
, &pDevice
->abySNAP_RFC1042
[0])) {
203 pwType
= (PWORD
) (pbyRxBufferAddr
+ cbHeaderSize
);
204 if ((*pwType
!= TYPE_PKT_IPX
) && (*pwType
!= cpu_to_le16(0xF380))) {
208 pwType
= (PWORD
) (pbyRxBufferAddr
+ cbHeaderSize
);
211 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
- 8); // 8 is IV&ExtIV
213 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
- 4); // 4 is IV
217 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
);
223 pwType
= (PWORD
) (pbyRxBufferAddr
+ cbHeaderSize
);
226 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
- 8); // 8 is IV&ExtIV
228 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
- 4); // 4 is IV
232 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
);
236 cbHeaderSize
-= (ETH_ALEN
* 2);
237 pbyRxBuffer
= (PBYTE
) (pbyRxBufferAddr
+ cbHeaderSize
);
238 for (ii
= 0; ii
< ETH_ALEN
; ii
++)
239 *pbyRxBuffer
++ = pDevice
->sRxEthHeader
.abyDstAddr
[ii
];
240 for (ii
= 0; ii
< ETH_ALEN
; ii
++)
241 *pbyRxBuffer
++ = pDevice
->sRxEthHeader
.abySrcAddr
[ii
];
243 *pcbHeadSize
= cbHeaderSize
;
249 static BYTE
s_byGetRateIdx(BYTE byRate
)
253 for (byRateIdx
= 0; byRateIdx
<MAX_RATE
; byRateIdx
++) {
254 if (acbyRxRate
[byRateIdx
%MAX_RATE
] == byRate
)
264 PBYTE pbyRxBufferAddr
,
266 PSEthernetHeader psEthHeader
269 UINT cbHeaderSize
= 0;
270 PS802_11Header pMACHeader
;
273 pMACHeader
= (PS802_11Header
) (pbyRxBufferAddr
+ cbHeaderSize
);
275 if ((pMACHeader
->wFrameCtl
& FC_TODS
) == 0) {
276 if (pMACHeader
->wFrameCtl
& FC_FROMDS
) {
277 for (ii
= 0; ii
< ETH_ALEN
; ii
++) {
278 psEthHeader
->abyDstAddr
[ii
] =
279 pMACHeader
->abyAddr1
[ii
];
280 psEthHeader
->abySrcAddr
[ii
] =
281 pMACHeader
->abyAddr3
[ii
];
285 for (ii
= 0; ii
< ETH_ALEN
; ii
++) {
286 psEthHeader
->abyDstAddr
[ii
] =
287 pMACHeader
->abyAddr1
[ii
];
288 psEthHeader
->abySrcAddr
[ii
] =
289 pMACHeader
->abyAddr2
[ii
];
294 if (pMACHeader
->wFrameCtl
& FC_FROMDS
) {
295 for (ii
= 0; ii
< ETH_ALEN
; ii
++) {
296 psEthHeader
->abyDstAddr
[ii
] =
297 pMACHeader
->abyAddr3
[ii
];
298 psEthHeader
->abySrcAddr
[ii
] =
299 pMACHeader
->abyAddr4
[ii
];
303 for (ii
= 0; ii
< ETH_ALEN
; ii
++) {
304 psEthHeader
->abyDstAddr
[ii
] =
305 pMACHeader
->abyAddr3
[ii
];
306 psEthHeader
->abySrcAddr
[ii
] =
307 pMACHeader
->abyAddr2
[ii
];
311 *pcbHeaderSize
= cbHeaderSize
;
318 RXbBulkInProcessData (
321 ULONG BytesToIndicate
325 struct net_device_stats
* pStats
=&pDevice
->stats
;
327 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
328 PSRxMgmtPacket pRxPacket
= &(pMgmt
->sRxPacket
);
329 PS802_11Header p802_11Header
;
335 BOOL bDeFragRx
= FALSE
;
339 signed int iSANodeIndex
= -1;
340 signed int iDANodeIndex
= -1;
346 #ifdef Calcu_LinkQual
350 PSKeyItem pKey
= NULL
;
352 DWORD dwRxTSC47_16
= 0;
355 /* signed long ldBm = 0; */
359 PRCB pRCBIndicate
= pRCB
;
362 BYTE abyVaildRate
[MAX_RATE
] = {2,4,11,22,12,18,24,36,48,72,96,108};
363 WORD wPLCPwithPadding
;
364 PS802_11Header pMACHeader
;
365 BOOL bRxeapol_key
= FALSE
;
369 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---------- RXbBulkInProcessData---\n");
373 //[31:16]RcvByteCount ( not include 4-byte Status )
374 dwWbkStatus
= *( (PDWORD
)(skb
->data
) );
375 FrameSize
= (UINT
)(dwWbkStatus
>> 16);
378 if (BytesToIndicate
!= FrameSize
) {
379 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---------- WRONG Length 1 \n");
383 if ((BytesToIndicate
> 2372)||(BytesToIndicate
<= 40)) {
384 // Frame Size error drop this packet.
385 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---------- WRONG Length 2 \n");
389 pbyDAddress
= (PBYTE
)(skb
->data
);
390 pbyRxSts
= pbyDAddress
+4;
391 pbyRxRate
= pbyDAddress
+5;
393 //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding
394 //if SQ3 the range is 24~27, if no SQ3 the range is 20~23
395 //real Frame size in PLCPLength field.
396 pwPLCP_Length
= (PWORD
) (pbyDAddress
+ 6);
397 //Fix hardware bug => PLCP_Length error
398 if ( ((BytesToIndicate
- (*pwPLCP_Length
)) > 27) ||
399 ((BytesToIndicate
- (*pwPLCP_Length
)) < 24) ||
400 (BytesToIndicate
< (*pwPLCP_Length
)) ) {
402 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"Wrong PLCP Length %x\n", (int) *pwPLCP_Length
);
406 for ( ii
=RATE_1M
;ii
<MAX_RATE
;ii
++) {
407 if ( *pbyRxRate
== abyVaildRate
[ii
] ) {
411 if ( ii
==MAX_RATE
) {
412 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"Wrong RxRate %x\n",(int) *pbyRxRate
);
416 wPLCPwithPadding
= ( (*pwPLCP_Length
/ 4) + ( (*pwPLCP_Length
% 4) ? 1:0 ) ) *4;
418 pqwTSFTime
= (PQWORD
) (pbyDAddress
+ 8 + wPLCPwithPadding
);
419 #ifdef Calcu_LinkQual
420 if(pDevice
->byBBType
== BB_TYPE_11G
) {
421 pby3SQ
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 12;
425 pbySQ
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 8;
429 pbySQ
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 8;
431 pbyNewRsr
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 9;
432 pbyRSSI
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 10;
433 pbyRsr
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 11;
435 FrameSize
= *pwPLCP_Length
;
437 pbyFrame
= pbyDAddress
+ 8;
438 // update receive statistic counter
440 STAvUpdateRDStatCounter(&pDevice
->scStatistic
,
450 pMACHeader
= (PS802_11Header
) pbyFrame
;
452 //mike add: to judge if current AP is activated?
453 if ((pMgmt
->eCurrMode
== WMAC_MODE_STANDBY
) ||
454 (pMgmt
->eCurrMode
== WMAC_MODE_ESS_STA
)) {
455 if (pMgmt
->sNodeDBTable
[0].bActive
) {
456 if(IS_ETH_ADDRESS_EQUAL (pMgmt
->abyCurrBSSID
, pMACHeader
->abyAddr2
) ) {
457 if (pMgmt
->sNodeDBTable
[0].uInActiveCount
!= 0)
458 pMgmt
->sNodeDBTable
[0].uInActiveCount
= 0;
463 if (!IS_MULTICAST_ADDRESS(pMACHeader
->abyAddr1
) && !IS_BROADCAST_ADDRESS(pMACHeader
->abyAddr1
)) {
464 if ( WCTLbIsDuplicate(&(pDevice
->sDupRxCache
), (PS802_11Header
) pbyFrame
) ) {
465 pDevice
->s802_11Counter
.FrameDuplicateCount
++;
469 if ( !IS_ETH_ADDRESS_EQUAL (pDevice
->abyCurrentNetAddr
, pMACHeader
->abyAddr1
) ) {
476 s_vGetDASA(pbyFrame
, &cbHeaderSize
, &pDevice
->sRxEthHeader
);
478 if (IS_ETH_ADDRESS_EQUAL((PBYTE
)&(pDevice
->sRxEthHeader
.abySrcAddr
[0]), pDevice
->abyCurrentNetAddr
))
481 if ((pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) || (pMgmt
->eCurrMode
== WMAC_MODE_IBSS_STA
)) {
482 if (IS_CTL_PSPOLL(pbyFrame
) || !IS_TYPE_CONTROL(pbyFrame
)) {
483 p802_11Header
= (PS802_11Header
) (pbyFrame
);
485 if (BSSbIsSTAInNodeDB(pDevice
, (PBYTE
)(p802_11Header
->abyAddr2
), &iSANodeIndex
)) {
486 pMgmt
->sNodeDBTable
[iSANodeIndex
].ulLastRxJiffer
= jiffies
;
487 pMgmt
->sNodeDBTable
[iSANodeIndex
].uInActiveCount
= 0;
492 if (pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) {
493 if (s_bAPModeRxCtl(pDevice
, pbyFrame
, iSANodeIndex
) == TRUE
) {
499 if (IS_FC_WEP(pbyFrame
)) {
500 BOOL bRxDecryOK
= FALSE
;
502 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"rx WEP pkt\n");
504 if ((pDevice
->bEnableHostWEP
) && (iSANodeIndex
>= 0)) {
506 pKey
->byCipherSuite
= pMgmt
->sNodeDBTable
[iSANodeIndex
].byCipherSuite
;
507 pKey
->dwKeyIndex
= pMgmt
->sNodeDBTable
[iSANodeIndex
].dwKeyIndex
;
508 pKey
->uKeyLength
= pMgmt
->sNodeDBTable
[iSANodeIndex
].uWepKeyLength
;
509 pKey
->dwTSC47_16
= pMgmt
->sNodeDBTable
[iSANodeIndex
].dwTSC47_16
;
510 pKey
->wTSC15_0
= pMgmt
->sNodeDBTable
[iSANodeIndex
].wTSC15_0
;
512 &pMgmt
->sNodeDBTable
[iSANodeIndex
].abyWepKey
[0],
516 bRxDecryOK
= s_bHostWepRxEncryption(pDevice
,
520 pMgmt
->sNodeDBTable
[iSANodeIndex
].bOnFly
,
527 bRxDecryOK
= s_bHandleRxEncryption(pDevice
,
539 if ((*pbyNewRsr
& NEWRSR_DECRYPTOK
) == 0) {
540 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV Fail\n");
541 if ( (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA
) ||
542 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPAPSK
) ||
543 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPANONE
) ||
544 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA2
) ||
545 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA2PSK
)) {
547 if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_TKIP
)) {
548 pDevice
->s802_11Counter
.TKIPICVErrors
++;
549 } else if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_CCMP
)) {
550 pDevice
->s802_11Counter
.CCMPDecryptErrors
++;
551 } else if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_WEP
)) {
552 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
558 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"WEP Func Fail\n");
561 if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_CCMP
))
562 FrameSize
-= 8; // Message Integrity Code
564 FrameSize
-= 4; // 4 is ICV
571 //remove the CRC length
572 FrameSize
-= U_CRC_LEN
;
574 if ( !(*pbyRsr
& (RSR_ADDRBROAD
| RSR_ADDRMULTI
)) && // unicast address
575 (IS_FRAGMENT_PKT((pbyFrame
)))
578 bDeFragRx
= WCTLbHandleFragment(pDevice
, (PS802_11Header
) (pbyFrame
), FrameSize
, bIsWEP
, bExtIV
);
579 pDevice
->s802_11Counter
.ReceivedFragmentCount
++;
582 // TODO skb, pbyFrame
583 skb
= pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
].skb
;
584 FrameSize
= pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
].cbFrameLength
;
585 pbyFrame
= skb
->data
+ 8;
593 // Management & Control frame Handle
595 if ((IS_TYPE_DATA((pbyFrame
))) == FALSE
) {
596 // Handle Control & Manage Frame
598 if (IS_TYPE_MGMT((pbyFrame
))) {
602 pRxPacket
= &(pRCB
->sMngPacket
);
603 pRxPacket
->p80211Header
= (PUWLAN_80211HDR
)(pbyFrame
);
604 pRxPacket
->cbMPDULen
= FrameSize
;
605 pRxPacket
->uRSSI
= *pbyRSSI
;
606 pRxPacket
->bySQ
= *pbySQ
;
607 HIDWORD(pRxPacket
->qwLocalTSF
) = cpu_to_le32(HIDWORD(*pqwTSFTime
));
608 LODWORD(pRxPacket
->qwLocalTSF
) = cpu_to_le32(LODWORD(*pqwTSFTime
));
611 pbyData1
= WLAN_HDR_A3_DATA_PTR(pbyFrame
);
612 pbyData2
= WLAN_HDR_A3_DATA_PTR(pbyFrame
) + 4;
613 for (ii
= 0; ii
< (FrameSize
- 4); ii
++) {
614 *pbyData1
= *pbyData2
;
620 pRxPacket
->byRxRate
= s_byGetRateIdx(*pbyRxRate
);
622 if ( *pbyRxSts
== 0 ) {
623 //Discard beacon packet which channel is 0
624 if ( (WLAN_GET_FC_FSTYPE((pRxPacket
->p80211Header
->sA3
.wFrameCtl
)) == WLAN_FSTYPE_BEACON
) ||
625 (WLAN_GET_FC_FSTYPE((pRxPacket
->p80211Header
->sA3
.wFrameCtl
)) == WLAN_FSTYPE_PROBERESP
) ) {
629 pRxPacket
->byRxChannel
= (*pbyRxSts
) >> 2;
631 // hostap Deamon handle 802.11 management
632 if (pDevice
->bEnableHostapd
) {
633 skb
->dev
= pDevice
->apdev
;
638 skb_put(skb
, FrameSize
);
639 skb_reset_mac_header(skb
);
640 skb
->pkt_type
= PACKET_OTHERHOST
;
641 skb
->protocol
= htons(ETH_P_802_2
);
642 memset(skb
->cb
, 0, sizeof(skb
->cb
));
648 // Insert the RCB in the Recv Mng list
650 EnqueueRCB(pDevice
->FirstRecvMngList
, pDevice
->LastRecvMngList
, pRCBIndicate
);
651 pDevice
->NumRecvMngList
++;
652 if ( bDeFragRx
== FALSE
) {
655 if (pDevice
->bIsRxMngWorkItemQueued
== FALSE
) {
656 pDevice
->bIsRxMngWorkItemQueued
= TRUE
;
657 tasklet_schedule(&pDevice
->RxMngWorkItem
);
667 if (pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) {
668 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
669 if ( !(*pbyRsr
& RSR_BSSIDOK
)) {
671 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
672 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
680 // discard DATA packet while not associate || BSSID error
681 if ((pDevice
->bLinkPass
== FALSE
) ||
682 !(*pbyRsr
& RSR_BSSIDOK
)) {
684 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
685 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
691 //mike add:station mode check eapol-key challenge--->
693 BYTE Protocol_Version
; //802.1x Authentication
694 BYTE Packet_Type
; //802.1x Authentication
695 BYTE Descriptor_type
;
701 wEtherType
= (skb
->data
[cbIVOffset
+ 8 + 24 + 6] << 8) |
702 skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1];
703 Protocol_Version
= skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1];
704 Packet_Type
= skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1+1];
705 if (wEtherType
== ETH_P_PAE
) { //Protocol Type in LLC-Header
706 if(((Protocol_Version
==1) ||(Protocol_Version
==2)) &&
707 (Packet_Type
==3)) { //802.1x OR eapol-key challenge frame receive
709 Descriptor_type
= skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1+1+1+2];
710 Key_info
= (skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1+1+1+2+2] ;
711 if(Descriptor_type
==2) { //RSN
712 // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info);
714 else if(Descriptor_type
==254) {
715 // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info);
720 //mike add:station mode check eapol-key challenge<---
728 if (pDevice
->bEnablePSMode
) {
729 if (IS_FC_MOREDATA((pbyFrame
))) {
730 if (*pbyRsr
& RSR_ADDROK
) {
731 //PSbSendPSPOLL((PSDevice)pDevice);
735 if (pMgmt
->bInTIMWake
== TRUE
) {
736 pMgmt
->bInTIMWake
= FALSE
;
741 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
742 if (pDevice
->bDiversityEnable
&& (FrameSize
>50) &&
743 (pDevice
->eOPMode
== OP_MODE_INFRASTRUCTURE
) &&
744 (pDevice
->bLinkPass
== TRUE
)) {
745 BBvAntennaDiversity(pDevice
, s_byGetRateIdx(*pbyRxRate
), 0);
748 // ++++++++ For BaseBand Algorithm +++++++++++++++
749 pDevice
->uCurrRSSI
= *pbyRSSI
;
750 pDevice
->byCurrSQ
= *pbySQ
;
754 if ((*pbyRSSI != 0) &&
755 (pMgmt->pCurrBSS!=NULL)) {
756 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
757 // Moniter if RSSI is too strong.
758 pMgmt->pCurrBSS->byRSSIStatCnt++;
759 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
760 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
761 for(ii=0;ii<RSSI_STAT_COUNT;ii++) {
762 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
763 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
770 // -----------------------------------------------
772 if ((pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) && (pDevice
->bEnable8021x
== TRUE
)){
775 // Only 802.1x packet incoming allowed
780 wEtherType
= (skb
->data
[cbIVOffset
+ 8 + 24 + 6] << 8) |
781 skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1];
783 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"wEtherType = %04x \n", wEtherType
);
784 if (wEtherType
== ETH_P_PAE
) {
785 skb
->dev
= pDevice
->apdev
;
787 if (bIsWEP
== TRUE
) {
788 // strip IV header(8)
789 memcpy(&abyMacHdr
[0], (skb
->data
+ 8), 24);
790 memcpy((skb
->data
+ 8 + cbIVOffset
), &abyMacHdr
[0], 24);
793 skb
->data
+= (cbIVOffset
+ 8);
794 skb
->tail
+= (cbIVOffset
+ 8);
795 skb_put(skb
, FrameSize
);
796 skb_reset_mac_header(skb
);
797 skb
->pkt_type
= PACKET_OTHERHOST
;
798 skb
->protocol
= htons(ETH_P_802_2
);
799 memset(skb
->cb
, 0, sizeof(skb
->cb
));
804 // check if 802.1x authorized
805 if (!(pMgmt
->sNodeDBTable
[iSANodeIndex
].dwFlags
& WLAN_STA_AUTHORIZED
))
810 if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_TKIP
)) {
812 FrameSize
-= 8; //MIC
816 //--------------------------------------------------------------------------------
818 if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_TKIP
)) {
822 DWORD dwMIC_Priority
;
823 DWORD dwMICKey0
= 0, dwMICKey1
= 0;
824 DWORD dwLocalMIC_L
= 0;
825 DWORD dwLocalMIC_R
= 0;
826 viawget_wpa_header
*wpahdr
;
829 if (pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) {
830 dwMICKey0
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[24]));
831 dwMICKey1
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[28]));
834 if (pMgmt
->eAuthenMode
== WMAC_AUTH_WPANONE
) {
835 dwMICKey0
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[16]));
836 dwMICKey1
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[20]));
837 } else if ((pKey
->dwKeyIndex
& BIT28
) == 0) {
838 dwMICKey0
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[16]));
839 dwMICKey1
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[20]));
841 dwMICKey0
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[24]));
842 dwMICKey1
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[28]));
846 MIC_vInit(dwMICKey0
, dwMICKey1
);
847 MIC_vAppend((PBYTE
)&(pDevice
->sRxEthHeader
.abyDstAddr
[0]), 12);
849 MIC_vAppend((PBYTE
)&dwMIC_Priority
, 4);
850 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
851 MIC_vAppend((PBYTE
)(skb
->data
+ 8 + WLAN_HDR_ADDR3_LEN
+ 8),
852 FrameSize
- WLAN_HDR_ADDR3_LEN
- 8);
853 MIC_vGetMIC(&dwLocalMIC_L
, &dwLocalMIC_R
);
856 pdwMIC_L
= (PDWORD
)(skb
->data
+ 8 + FrameSize
);
857 pdwMIC_R
= (PDWORD
)(skb
->data
+ 8 + FrameSize
+ 4);
860 if ((cpu_to_le32(*pdwMIC_L
) != dwLocalMIC_L
) || (cpu_to_le32(*pdwMIC_R
) != dwLocalMIC_R
) ||
861 (pDevice
->bRxMICFail
== TRUE
)) {
862 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"MIC comparison is fail!\n");
863 pDevice
->bRxMICFail
= FALSE
;
864 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
865 pDevice
->s802_11Counter
.TKIPLocalMICFailures
++;
867 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
868 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
872 //2008-0409-07, <Add> by Einsn Liu
873 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
874 //send event to wpa_supplicant
875 //if(pDevice->bWPASuppWextEnabled == TRUE)
877 union iwreq_data wrqu
;
878 struct iw_michaelmicfailure ev
;
879 int keyidx
= pbyFrame
[cbHeaderSize
+3] >> 6; //top two-bits
880 memset(&ev
, 0, sizeof(ev
));
881 ev
.flags
= keyidx
& IW_MICFAILURE_KEY_ID
;
882 if ((pMgmt
->eCurrMode
== WMAC_MODE_ESS_STA
) &&
883 (pMgmt
->eCurrState
== WMAC_STATE_ASSOC
) &&
884 (*pbyRsr
& (RSR_ADDRBROAD
| RSR_ADDRMULTI
)) == 0) {
885 ev
.flags
|= IW_MICFAILURE_PAIRWISE
;
887 ev
.flags
|= IW_MICFAILURE_GROUP
;
890 ev
.src_addr
.sa_family
= ARPHRD_ETHER
;
891 memcpy(ev
.src_addr
.sa_data
, pMACHeader
->abyAddr2
, ETH_ALEN
);
892 memset(&wrqu
, 0, sizeof(wrqu
));
893 wrqu
.data
.length
= sizeof(ev
);
894 PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
895 wireless_send_event(pDevice
->dev
, IWEVMICHAELMICFAILURE
, &wrqu
, (char *)&ev
);
901 if ((pDevice
->bWPADEVUp
) && (pDevice
->skb
!= NULL
)) {
902 wpahdr
= (viawget_wpa_header
*)pDevice
->skb
->data
;
903 if ((pMgmt
->eCurrMode
== WMAC_MODE_ESS_STA
) &&
904 (pMgmt
->eCurrState
== WMAC_STATE_ASSOC
) &&
905 (*pbyRsr
& (RSR_ADDRBROAD
| RSR_ADDRMULTI
)) == 0) {
906 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
907 wpahdr
->type
= VIAWGET_PTK_MIC_MSG
;
909 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
910 wpahdr
->type
= VIAWGET_GTK_MIC_MSG
;
912 wpahdr
->resp_ie_len
= 0;
913 wpahdr
->req_ie_len
= 0;
914 skb_put(pDevice
->skb
, sizeof(viawget_wpa_header
));
915 pDevice
->skb
->dev
= pDevice
->wpadev
;
916 skb_reset_mac_header(pDevice
->skb
);
917 pDevice
->skb
->pkt_type
= PACKET_HOST
;
918 pDevice
->skb
->protocol
= htons(ETH_P_802_2
);
919 memset(pDevice
->skb
->cb
, 0, sizeof(pDevice
->skb
->cb
));
920 netif_rx(pDevice
->skb
);
921 pDevice
->skb
= dev_alloc_skb((int)pDevice
->rx_buf_sz
);
928 } //---end of SOFT MIC-----------------------------------------------------------------------
930 // ++++++++++ Reply Counter Check +++++++++++++
932 if ((pKey
!= NULL
) && ((pKey
->byCipherSuite
== KEY_CTL_TKIP
) ||
933 (pKey
->byCipherSuite
== KEY_CTL_CCMP
))) {
935 WORD wLocalTSC15_0
= 0;
936 DWORD dwLocalTSC47_16
= 0;
939 RSC
= *((ULONGLONG
*) &(pKey
->KeyRSC
));
940 wLocalTSC15_0
= (WORD
) RSC
;
941 dwLocalTSC47_16
= (DWORD
) (RSC
>>16);
946 memcpy(&(pKey
->KeyRSC
), &RSC
, sizeof(QWORD
));
948 if ( (pDevice
->sMgmtObj
.eCurrMode
== WMAC_MODE_ESS_STA
) &&
949 (pDevice
->sMgmtObj
.eCurrState
== WMAC_STATE_ASSOC
)) {
951 if ( (wRxTSC15_0
< wLocalTSC15_0
) &&
952 (dwRxTSC47_16
<= dwLocalTSC47_16
) &&
953 !((dwRxTSC47_16
== 0) && (dwLocalTSC47_16
== 0xFFFFFFFF))) {
954 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"TSC is illegal~~!\n ");
955 if (pKey
->byCipherSuite
== KEY_CTL_TKIP
)
956 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
957 pDevice
->s802_11Counter
.TKIPReplays
++;
959 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
960 pDevice
->s802_11Counter
.CCMPReplays
++;
963 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
964 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
972 } // ----- End of Reply Counter Check --------------------------
975 s_vProcessRxMACHeader(pDevice
, (PBYTE
)(skb
->data
+8), FrameSize
, bIsWEP
, bExtIV
, &cbHeaderOffset
);
976 FrameSize
-= cbHeaderOffset
;
977 cbHeaderOffset
+= 8; // 8 is Rcv buffer header
979 // Null data, framesize = 12
983 if (pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) {
984 if (s_bAPModeRxData(pDevice
,
993 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
994 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
1003 skb
->data
+= cbHeaderOffset
;
1004 skb
->tail
+= cbHeaderOffset
;
1005 skb_put(skb
, FrameSize
);
1006 skb
->protocol
=eth_type_trans(skb
, skb
->dev
);
1007 skb
->ip_summed
=CHECKSUM_NONE
;
1008 pStats
->rx_bytes
+=skb
->len
;
1009 pStats
->rx_packets
++;
1012 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
1013 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
1014 pDevice
->dev
->name
);
1023 static BOOL
s_bAPModeRxCtl (
1026 signed int iSANodeIndex
1029 PS802_11Header p802_11Header
;
1031 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
1034 if (IS_CTL_PSPOLL(pbyFrame
) || !IS_TYPE_CONTROL(pbyFrame
)) {
1036 p802_11Header
= (PS802_11Header
) (pbyFrame
);
1037 if (!IS_TYPE_MGMT(pbyFrame
)) {
1039 // Data & PS-Poll packet
1040 // check frame class
1041 if (iSANodeIndex
> 0) {
1042 // frame class 3 fliter & checking
1043 if (pMgmt
->sNodeDBTable
[iSANodeIndex
].eNodeState
< NODE_AUTH
) {
1044 // send deauth notification
1045 // reason = (6) class 2 received from nonauth sta
1046 vMgrDeAuthenBeginSta(pDevice
,
1048 (PBYTE
)(p802_11Header
->abyAddr2
),
1049 (WLAN_MGMT_REASON_CLASS2_NONAUTH
),
1052 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: send vMgrDeAuthenBeginSta 1\n");
1055 if (pMgmt
->sNodeDBTable
[iSANodeIndex
].eNodeState
< NODE_ASSOC
) {
1056 // send deassoc notification
1057 // reason = (7) class 3 received from nonassoc sta
1058 vMgrDisassocBeginSta(pDevice
,
1060 (PBYTE
)(p802_11Header
->abyAddr2
),
1061 (WLAN_MGMT_REASON_CLASS3_NONASSOC
),
1064 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: send vMgrDisassocBeginSta 2\n");
1068 if (pMgmt
->sNodeDBTable
[iSANodeIndex
].bPSEnable
) {
1069 // delcare received ps-poll event
1070 if (IS_CTL_PSPOLL(pbyFrame
)) {
1071 pMgmt
->sNodeDBTable
[iSANodeIndex
].bRxPSPoll
= TRUE
;
1072 bScheduleCommand((void *) pDevice
,
1075 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: WLAN_CMD_RX_PSPOLL 1\n");
1078 // check Data PS state
1079 // if PW bit off, send out all PS bufferring packets.
1080 if (!IS_FC_POWERMGT(pbyFrame
)) {
1081 pMgmt
->sNodeDBTable
[iSANodeIndex
].bPSEnable
= FALSE
;
1082 pMgmt
->sNodeDBTable
[iSANodeIndex
].bRxPSPoll
= TRUE
;
1083 bScheduleCommand((void *) pDevice
,
1086 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: WLAN_CMD_RX_PSPOLL 2\n");
1091 if (IS_FC_POWERMGT(pbyFrame
)) {
1092 pMgmt
->sNodeDBTable
[iSANodeIndex
].bPSEnable
= TRUE
;
1093 // Once if STA in PS state, enable multicast bufferring
1094 pMgmt
->sNodeDBTable
[0].bPSEnable
= TRUE
;
1097 // clear all pending PS frame.
1098 if (pMgmt
->sNodeDBTable
[iSANodeIndex
].wEnQueueCnt
> 0) {
1099 pMgmt
->sNodeDBTable
[iSANodeIndex
].bPSEnable
= FALSE
;
1100 pMgmt
->sNodeDBTable
[iSANodeIndex
].bRxPSPoll
= TRUE
;
1101 bScheduleCommand((void *) pDevice
,
1104 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: WLAN_CMD_RX_PSPOLL 3\n");
1111 vMgrDeAuthenBeginSta(pDevice
,
1113 (PBYTE
)(p802_11Header
->abyAddr2
),
1114 (WLAN_MGMT_REASON_CLASS2_NONAUTH
),
1117 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: send vMgrDeAuthenBeginSta 3\n");
1118 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1119 p802_11Header
->abyAddr3
[0],
1120 p802_11Header
->abyAddr3
[1],
1121 p802_11Header
->abyAddr3
[2],
1122 p802_11Header
->abyAddr3
[3],
1123 p802_11Header
->abyAddr3
[4],
1124 p802_11Header
->abyAddr3
[5]
1126 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1127 p802_11Header
->abyAddr2
[0],
1128 p802_11Header
->abyAddr2
[1],
1129 p802_11Header
->abyAddr2
[2],
1130 p802_11Header
->abyAddr2
[3],
1131 p802_11Header
->abyAddr2
[4],
1132 p802_11Header
->abyAddr2
[5]
1134 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1135 p802_11Header
->abyAddr1
[0],
1136 p802_11Header
->abyAddr1
[1],
1137 p802_11Header
->abyAddr1
[2],
1138 p802_11Header
->abyAddr1
[3],
1139 p802_11Header
->abyAddr1
[4],
1140 p802_11Header
->abyAddr1
[5]
1142 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: wFrameCtl= %x\n", p802_11Header
->wFrameCtl
);
1151 static BOOL
s_bHandleRxEncryption (
1157 PSKeyItem
* pKeyOut
,
1160 PDWORD pdwRxTSC47_16
1163 UINT PayloadLen
= FrameSize
;
1166 PSKeyItem pKey
= NULL
;
1167 BYTE byDecMode
= KEY_CTL_WEP
;
1168 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
1174 pbyIV
= pbyFrame
+ WLAN_HDR_ADDR3_LEN
;
1175 if ( WLAN_GET_FC_TODS(*(PWORD
)pbyFrame
) &&
1176 WLAN_GET_FC_FROMDS(*(PWORD
)pbyFrame
) ) {
1177 pbyIV
+= 6; // 6 is 802.11 address4
1180 byKeyIdx
= (*(pbyIV
+3) & 0xc0);
1182 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"\nKeyIdx: %d\n", byKeyIdx
);
1184 if ((pMgmt
->eAuthenMode
== WMAC_AUTH_WPA
) ||
1185 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPAPSK
) ||
1186 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPANONE
) ||
1187 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA2
) ||
1188 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA2PSK
)) {
1189 if (((*pbyRsr
& (RSR_ADDRBROAD
| RSR_ADDRMULTI
)) == 0) &&
1190 (pMgmt
->byCSSPK
!= KEY_CTL_NONE
)) {
1191 // unicast pkt use pairwise key
1192 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"unicast pkt\n");
1193 if (KeybGetKey(&(pDevice
->sKey
), pDevice
->abyBSSID
, 0xFFFFFFFF, &pKey
) == TRUE
) {
1194 if (pMgmt
->byCSSPK
== KEY_CTL_TKIP
)
1195 byDecMode
= KEY_CTL_TKIP
;
1196 else if (pMgmt
->byCSSPK
== KEY_CTL_CCMP
)
1197 byDecMode
= KEY_CTL_CCMP
;
1199 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"unicast pkt: %d, %p\n", byDecMode
, pKey
);
1202 KeybGetKey(&(pDevice
->sKey
), pDevice
->abyBSSID
, byKeyIdx
, &pKey
);
1203 if (pMgmt
->byCSSGK
== KEY_CTL_TKIP
)
1204 byDecMode
= KEY_CTL_TKIP
;
1205 else if (pMgmt
->byCSSGK
== KEY_CTL_CCMP
)
1206 byDecMode
= KEY_CTL_CCMP
;
1207 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"group pkt: %d, %d, %p\n", byKeyIdx
, byDecMode
, pKey
);
1210 // our WEP only support Default Key
1212 // use default group key
1213 KeybGetKey(&(pDevice
->sKey
), pDevice
->abyBroadcastAddr
, byKeyIdx
, &pKey
);
1214 if (pMgmt
->byCSSGK
== KEY_CTL_TKIP
)
1215 byDecMode
= KEY_CTL_TKIP
;
1216 else if (pMgmt
->byCSSGK
== KEY_CTL_CCMP
)
1217 byDecMode
= KEY_CTL_CCMP
;
1221 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"AES:%d %d %d\n", pMgmt
->byCSSPK
, pMgmt
->byCSSGK
, byDecMode
);
1224 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"pKey == NULL\n");
1225 if (byDecMode
== KEY_CTL_WEP
) {
1226 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1227 } else if (pDevice
->bLinkPass
== TRUE
) {
1228 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1232 if (byDecMode
!= pKey
->byCipherSuite
) {
1233 if (byDecMode
== KEY_CTL_WEP
) {
1234 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1235 } else if (pDevice
->bLinkPass
== TRUE
) {
1236 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1241 if (byDecMode
== KEY_CTL_WEP
) {
1243 if ((pDevice
->byLocalID
<= REV_ID_VT3253_A1
) ||
1244 (((PSKeyTable
)(pKey
->pvKeyTable
))->bSoftWEP
== TRUE
)) {
1249 PayloadLen
-= (WLAN_HDR_ADDR3_LEN
+ 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1250 memcpy(pDevice
->abyPRNG
, pbyIV
, 3);
1251 memcpy(pDevice
->abyPRNG
+ 3, pKey
->abyKey
, pKey
->uKeyLength
);
1252 rc4_init(&pDevice
->SBox
, pDevice
->abyPRNG
, pKey
->uKeyLength
+ 3);
1253 rc4_encrypt(&pDevice
->SBox
, pbyIV
+4, pbyIV
+4, PayloadLen
);
1255 if (ETHbIsBufferCrc32Ok(pbyIV
+4, PayloadLen
)) {
1256 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1259 } else if ((byDecMode
== KEY_CTL_TKIP
) ||
1260 (byDecMode
== KEY_CTL_CCMP
)) {
1263 PayloadLen
-= (WLAN_HDR_ADDR3_LEN
+ 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1264 *pdwRxTSC47_16
= cpu_to_le32(*(PDWORD
)(pbyIV
+ 4));
1265 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ExtIV: %lx\n",*pdwRxTSC47_16
);
1266 if (byDecMode
== KEY_CTL_TKIP
) {
1267 *pwRxTSC15_0
= cpu_to_le16(MAKEWORD(*(pbyIV
+2), *pbyIV
));
1269 *pwRxTSC15_0
= cpu_to_le16(*(PWORD
)pbyIV
);
1271 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"TSC0_15: %x\n", *pwRxTSC15_0
);
1273 if ((byDecMode
== KEY_CTL_TKIP
) &&
1274 (pDevice
->byLocalID
<= REV_ID_VT3253_A1
)) {
1277 PS802_11Header pMACHeader
= (PS802_11Header
) (pbyFrame
);
1278 TKIPvMixKey(pKey
->abyKey
, pMACHeader
->abyAddr2
, *pwRxTSC15_0
, *pdwRxTSC47_16
, pDevice
->abyPRNG
);
1279 rc4_init(&pDevice
->SBox
, pDevice
->abyPRNG
, TKIP_KEY_LEN
);
1280 rc4_encrypt(&pDevice
->SBox
, pbyIV
+8, pbyIV
+8, PayloadLen
);
1281 if (ETHbIsBufferCrc32Ok(pbyIV
+8, PayloadLen
)) {
1282 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1283 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV OK!\n");
1285 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV FAIL!!!\n");
1286 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"PayloadLen = %d\n", PayloadLen
);
1291 if ((*(pbyIV
+3) & 0x20) != 0)
1297 static BOOL
s_bHostWepRxEncryption (
1307 PDWORD pdwRxTSC47_16
1310 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
1311 UINT PayloadLen
= FrameSize
;
1314 BYTE byDecMode
= KEY_CTL_WEP
;
1315 PS802_11Header pMACHeader
;
1322 pbyIV
= pbyFrame
+ WLAN_HDR_ADDR3_LEN
;
1323 if ( WLAN_GET_FC_TODS(*(PWORD
)pbyFrame
) &&
1324 WLAN_GET_FC_FROMDS(*(PWORD
)pbyFrame
) ) {
1325 pbyIV
+= 6; // 6 is 802.11 address4
1328 byKeyIdx
= (*(pbyIV
+3) & 0xc0);
1330 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"\nKeyIdx: %d\n", byKeyIdx
);
1333 if (pMgmt
->byCSSGK
== KEY_CTL_TKIP
)
1334 byDecMode
= KEY_CTL_TKIP
;
1335 else if (pMgmt
->byCSSGK
== KEY_CTL_CCMP
)
1336 byDecMode
= KEY_CTL_CCMP
;
1338 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"AES:%d %d %d\n", pMgmt
->byCSSPK
, pMgmt
->byCSSGK
, byDecMode
);
1340 if (byDecMode
!= pKey
->byCipherSuite
) {
1341 if (byDecMode
== KEY_CTL_WEP
) {
1342 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1343 } else if (pDevice
->bLinkPass
== TRUE
) {
1344 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1349 if (byDecMode
== KEY_CTL_WEP
) {
1351 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"byDecMode == KEY_CTL_WEP \n");
1352 if ((pDevice
->byLocalID
<= REV_ID_VT3253_A1
) ||
1353 (((PSKeyTable
)(pKey
->pvKeyTable
))->bSoftWEP
== TRUE
) ||
1354 (bOnFly
== FALSE
)) {
1360 PayloadLen
-= (WLAN_HDR_ADDR3_LEN
+ 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1361 memcpy(pDevice
->abyPRNG
, pbyIV
, 3);
1362 memcpy(pDevice
->abyPRNG
+ 3, pKey
->abyKey
, pKey
->uKeyLength
);
1363 rc4_init(&pDevice
->SBox
, pDevice
->abyPRNG
, pKey
->uKeyLength
+ 3);
1364 rc4_encrypt(&pDevice
->SBox
, pbyIV
+4, pbyIV
+4, PayloadLen
);
1366 if (ETHbIsBufferCrc32Ok(pbyIV
+4, PayloadLen
)) {
1367 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1370 } else if ((byDecMode
== KEY_CTL_TKIP
) ||
1371 (byDecMode
== KEY_CTL_CCMP
)) {
1374 PayloadLen
-= (WLAN_HDR_ADDR3_LEN
+ 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1375 *pdwRxTSC47_16
= cpu_to_le32(*(PDWORD
)(pbyIV
+ 4));
1376 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ExtIV: %lx\n",*pdwRxTSC47_16
);
1378 if (byDecMode
== KEY_CTL_TKIP
) {
1379 *pwRxTSC15_0
= cpu_to_le16(MAKEWORD(*(pbyIV
+2), *pbyIV
));
1381 *pwRxTSC15_0
= cpu_to_le16(*(PWORD
)pbyIV
);
1383 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"TSC0_15: %x\n", *pwRxTSC15_0
);
1385 if (byDecMode
== KEY_CTL_TKIP
) {
1387 if ((pDevice
->byLocalID
<= REV_ID_VT3253_A1
) || (bOnFly
== FALSE
)) {
1391 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"soft KEY_CTL_TKIP \n");
1392 pMACHeader
= (PS802_11Header
) (pbyFrame
);
1393 TKIPvMixKey(pKey
->abyKey
, pMACHeader
->abyAddr2
, *pwRxTSC15_0
, *pdwRxTSC47_16
, pDevice
->abyPRNG
);
1394 rc4_init(&pDevice
->SBox
, pDevice
->abyPRNG
, TKIP_KEY_LEN
);
1395 rc4_encrypt(&pDevice
->SBox
, pbyIV
+8, pbyIV
+8, PayloadLen
);
1396 if (ETHbIsBufferCrc32Ok(pbyIV
+8, PayloadLen
)) {
1397 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1398 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV OK!\n");
1400 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV FAIL!!!\n");
1401 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"PayloadLen = %d\n", PayloadLen
);
1406 if (byDecMode
== KEY_CTL_CCMP
) {
1407 if (bOnFly
== FALSE
) {
1410 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"soft KEY_CTL_CCMP\n");
1411 if (AESbGenCCMP(pKey
->abyKey
, pbyFrame
, FrameSize
)) {
1412 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1413 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"CCMP MIC compare OK!\n");
1415 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"CCMP MIC fail!\n");
1422 if ((*(pbyIV
+3) & 0x20) != 0)
1429 static BOOL
s_bAPModeRxData (
1431 struct sk_buff
*skb
,
1433 UINT cbHeaderOffset
,
1434 signed int iSANodeIndex
,
1435 signed int iDANodeIndex
1439 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
1440 BOOL bRelayAndForward
= FALSE
;
1441 BOOL bRelayOnly
= FALSE
;
1442 BYTE byMask
[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1446 struct sk_buff
* skbcpy
= NULL
;
1448 if (FrameSize
> CB_MAX_BUF_SIZE
)
1451 if(IS_MULTICAST_ADDRESS((PBYTE
)(skb
->data
+cbHeaderOffset
))) {
1452 if (pMgmt
->sNodeDBTable
[0].bPSEnable
) {
1454 skbcpy
= dev_alloc_skb((int)pDevice
->rx_buf_sz
);
1456 // if any node in PS mode, buffer packet until DTIM.
1457 if (skbcpy
== NULL
) {
1458 DBG_PRT(MSG_LEVEL_NOTICE
, KERN_INFO
"relay multicast no skb available \n");
1461 skbcpy
->dev
= pDevice
->dev
;
1462 skbcpy
->len
= FrameSize
;
1463 memcpy(skbcpy
->data
, skb
->data
+cbHeaderOffset
, FrameSize
);
1464 skb_queue_tail(&(pMgmt
->sNodeDBTable
[0].sTxPSQueue
), skbcpy
);
1465 pMgmt
->sNodeDBTable
[0].wEnQueueCnt
++;
1467 pMgmt
->abyPSTxMap
[0] |= byMask
[0];
1471 bRelayAndForward
= TRUE
;
1476 if (BSSbIsSTAInNodeDB(pDevice
, (PBYTE
)(skb
->data
+cbHeaderOffset
), &iDANodeIndex
)) {
1477 if (pMgmt
->sNodeDBTable
[iDANodeIndex
].eNodeState
>= NODE_ASSOC
) {
1478 if (pMgmt
->sNodeDBTable
[iDANodeIndex
].bPSEnable
) {
1479 // queue this skb until next PS tx, and then release.
1481 skb
->data
+= cbHeaderOffset
;
1482 skb
->tail
+= cbHeaderOffset
;
1483 skb_put(skb
, FrameSize
);
1484 skb_queue_tail(&pMgmt
->sNodeDBTable
[iDANodeIndex
].sTxPSQueue
, skb
);
1486 pMgmt
->sNodeDBTable
[iDANodeIndex
].wEnQueueCnt
++;
1487 wAID
= pMgmt
->sNodeDBTable
[iDANodeIndex
].wAID
;
1488 pMgmt
->abyPSTxMap
[wAID
>> 3] |= byMask
[wAID
& 7];
1489 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1490 iDANodeIndex
, (wAID
>> 3), pMgmt
->abyPSTxMap
[wAID
>> 3]);
1500 if (bRelayOnly
|| bRelayAndForward
) {
1501 // relay this packet right now
1502 if (bRelayAndForward
)
1505 if ((pDevice
->uAssocCount
> 1) && (iDANodeIndex
>= 0)) {
1506 bRelayPacketSend(pDevice
, (PBYTE
)(skb
->data
+ cbHeaderOffset
), FrameSize
, (UINT
)iDANodeIndex
);
1512 // none associate, don't forward
1513 if (pDevice
->uAssocCount
== 0)
1522 void RXvWorkItem(void *Context
)
1524 PSDevice pDevice
= (PSDevice
) Context
;
1528 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---->Rx Polling Thread\n");
1529 spin_lock_irq(&pDevice
->lock
);
1530 while ( MP_TEST_FLAG(pDevice
, fMP_POST_READS
) &&
1531 MP_IS_READY(pDevice
) &&
1532 (pDevice
->NumRecvFreeList
!= 0) ) {
1533 pRCB
= pDevice
->FirstRecvFreeList
;
1534 pDevice
->NumRecvFreeList
--;
1535 ASSERT(pRCB
);// cannot be NULL
1536 DequeueRCB(pDevice
->FirstRecvFreeList
, pDevice
->LastRecvFreeList
);
1537 ntStatus
= PIPEnsBulkInUsbRead(pDevice
, pRCB
);
1539 pDevice
->bIsRxWorkItemQueued
= FALSE
;
1540 spin_unlock_irq(&pDevice
->lock
);
1551 PSDevice pDevice
= (PSDevice
)pRCB
->pDevice
;
1554 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---->RXvFreeRCB\n");
1556 ASSERT(!pRCB
->Ref
); // should be 0
1557 ASSERT(pRCB
->pDevice
); // shouldn't be NULL
1559 if (bReAllocSkb
== TRUE
) {
1560 pRCB
->skb
= dev_alloc_skb((int)pDevice
->rx_buf_sz
);
1561 // todo error handling
1562 if (pRCB
->skb
== NULL
) {
1563 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
" Failed to re-alloc rx skb\n");
1565 pRCB
->skb
->dev
= pDevice
->dev
;
1569 // Insert the RCB back in the Recv free list
1571 EnqueueRCB(pDevice
->FirstRecvFreeList
, pDevice
->LastRecvFreeList
, pRCB
);
1572 pDevice
->NumRecvFreeList
++;
1575 if (MP_TEST_FLAG(pDevice
, fMP_POST_READS
) && MP_IS_READY(pDevice
) &&
1576 (pDevice
->bIsRxWorkItemQueued
== FALSE
) ) {
1578 pDevice
->bIsRxWorkItemQueued
= TRUE
;
1579 tasklet_schedule(&pDevice
->ReadWorkItem
);
1581 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"<----RXFreeRCB %d %d\n",pDevice
->NumRecvFreeList
, pDevice
->NumRecvMngList
);
1585 void RXvMngWorkItem(void *Context
)
1587 PSDevice pDevice
= (PSDevice
) Context
;
1589 PSRxMgmtPacket pRxPacket
;
1590 BOOL bReAllocSkb
= FALSE
;
1592 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---->Rx Mng Thread\n");
1594 spin_lock_irq(&pDevice
->lock
);
1595 while (pDevice
->NumRecvMngList
!=0)
1597 pRCB
= pDevice
->FirstRecvMngList
;
1598 pDevice
->NumRecvMngList
--;
1599 DequeueRCB(pDevice
->FirstRecvMngList
, pDevice
->LastRecvMngList
);
1603 ASSERT(pRCB
);// cannot be NULL
1604 pRxPacket
= &(pRCB
->sMngPacket
);
1605 vMgrRxManagePacket((void *) pDevice
, &(pDevice
->sMgmtObj
), pRxPacket
);
1607 if(pRCB
->Ref
== 0) {
1608 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"RxvFreeMng %d %d\n",pDevice
->NumRecvFreeList
, pDevice
->NumRecvMngList
);
1609 RXvFreeRCB(pRCB
, bReAllocSkb
);
1611 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"Rx Mng Only we have the right to free RCB\n");
1615 pDevice
->bIsRxMngWorkItemQueued
= FALSE
;
1616 spin_unlock_irq(&pDevice
->lock
);