2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * Purpose: handle dpc rx functions
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
42 #if !defined(__DEVICE_H__)
45 #if !defined(__RXTX_H__)
48 #if !defined(__TETHER_H__)
51 #if !defined(__CARD_H__)
54 #if !defined(__BSSDB_H__)
57 #if !defined(__MAC_H__)
60 #if !defined(__BASEBAND_H__)
63 #if !defined(__UMEM_H__)
66 #if !defined(__MICHAEL_H__)
69 #if !defined(__TKIP_H__)
72 #if !defined(__TCRC_H__)
75 #if !defined(__WCTL_H__)
78 #if !defined(__WROUTE_H__)
81 #if !defined(__TBIT_H__)
84 #if !defined(__HOSTAP_H__)
87 #if !defined(__RF_H__)
90 #if !defined(__IOWPA_H__)
93 #if !defined(__AES_H__)
100 /*--------------------- Static Definitions -------------------------*/
102 /*--------------------- Static Classes ----------------------------*/
104 /*--------------------- Static Variables --------------------------*/
105 //static int msglevel =MSG_LEVEL_DEBUG;
106 static int msglevel =MSG_LEVEL_INFO;
108 const BYTE acbyRxRate[MAX_RATE] =
109 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
112 /*--------------------- Static Functions --------------------------*/
114 /*--------------------- Static Definitions -------------------------*/
116 /*--------------------- Static Functions --------------------------*/
118 static BYTE s_byGetRateIdx(IN BYTE byRate);
124 IN PBYTE pbyRxBufferAddr,
125 OUT PUINT pcbHeaderSize,
126 OUT PSEthernetHeader psEthHeader
131 s_vProcessRxMACHeader (
133 IN PBYTE pbyRxBufferAddr,
134 IN UINT cbPacketSize,
137 OUT PUINT pcbHeadSize
140 static BOOL s_bAPModeRxCtl(
148 static BOOL s_bAPModeRxData (
152 IN UINT cbHeaderOffset,
158 static BOOL s_bAPModeRxData (
160 IN struct sk_buff* skb,
162 IN UINT cbHeaderOffset,
169 static BOOL s_bHandleRxEncryption(
175 OUT PSKeyItem *pKeyOut,
177 OUT PWORD pwRxTSC15_0,
178 OUT PDWORD pdwRxTSC47_16
181 static BOOL s_bHostWepRxEncryption(
191 OUT PWORD pwRxTSC15_0,
192 OUT PDWORD pdwRxTSC47_16
196 /*--------------------- Export Variables --------------------------*/
201 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
206 * dwRxBufferAddr - Address of Rcv Buffer
207 * cbPacketSize - Rcv Packet size
208 * bIsWEP - If Rcv with WEP
210 * pcbHeaderSize - 802.11 header size
217 s_vProcessRxMACHeader (
219 IN PBYTE pbyRxBufferAddr,
220 IN UINT cbPacketSize,
223 OUT PUINT pcbHeadSize
227 UINT cbHeaderSize = 0;
229 PS802_11Header pMACHeader;
233 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
235 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
239 // strip IV&ExtIV , add 8 byte
240 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
242 // strip IV , add 4 byte
243 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
247 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
250 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
251 if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
254 else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
256 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
257 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
261 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
264 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
266 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
270 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
276 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
279 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
281 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
285 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
289 cbHeaderSize -= (U_ETHER_ADDR_LEN * 2);
290 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
291 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
292 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
293 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
294 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
296 *pcbHeadSize = cbHeaderSize;
302 static BYTE s_byGetRateIdx (IN BYTE byRate)
306 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
307 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
317 IN PBYTE pbyRxBufferAddr,
318 OUT PUINT pcbHeaderSize,
319 OUT PSEthernetHeader psEthHeader
322 UINT cbHeaderSize = 0;
323 PS802_11Header pMACHeader;
326 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
328 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
329 if (pMACHeader->wFrameCtl & FC_FROMDS) {
330 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
331 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
332 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
337 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
338 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
339 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
345 if (pMACHeader->wFrameCtl & FC_FROMDS) {
346 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
347 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
348 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
353 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
354 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
355 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
359 *pcbHeaderSize = cbHeaderSize;
367 VOID MngWorkItem(PVOID Context)
369 PSRxMgmtPacket pRxMgmtPacket;
370 PSDevice pDevice = (PSDevice) Context;
371 //printk("Enter MngWorkItem,Queue packet num is %d\n",pDevice->rxManeQueue.packet_num);
372 spin_lock_irq(&pDevice->lock);
373 while(pDevice->rxManeQueue.packet_num != 0)
375 pRxMgmtPacket = DeQueue(pDevice);
376 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket);
378 spin_unlock_irq(&pDevice->lock);
387 device_receive_frame (
393 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo;
395 //printk("device_receive_frame:pCurrRD is %x,pRDInfo is %x\n",pCurrRD,pCurrRD->pRDInfo);
397 struct net_device_stats* pStats=&pDevice->stats;
403 PSMgmtObject pMgmt = pDevice->pMgmt;
404 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket);
405 PS802_11Header p802_11Header;
412 BOOL bDeFragRx = FALSE;
417 INT iSANodeIndex = -1;
418 INT iDANodeIndex = -1;
426 PSKeyItem pKey = NULL;
428 DWORD dwRxTSC47_16 = 0;
431 DWORD dwDuration = 0;
433 LONG ldBmThreshold = 0;
434 PS802_11Header pMACHeader;
435 BOOL bRxeapol_key = FALSE;
437 // DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- device_receive_frame---\n");
439 skb = &(pRDInfo->ref_skb);
448 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma,
449 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE);
452 pwFrameSize = (PWORD)(skb->data + 2);
453 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount);
455 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
456 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
457 if ((FrameSize > 2364)||(FrameSize <= 32)) {
458 // Frame Size error drop this packet.
459 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
463 pbyRxSts = (PBYTE) (skb->data);
464 pbyRxRate = (PBYTE) (skb->data + 1);
465 pbyRsr = (PBYTE) (skb->data + FrameSize - 1);
466 pbyRSSI = (PBYTE) (skb->data + FrameSize - 2);
467 pbyNewRsr = (PBYTE) (skb->data + FrameSize - 3);
468 pbySQ = (PBYTE) (skb->data + FrameSize - 4);
469 pqwTSFTime = (PQWORD) (skb->data + FrameSize - 12);
470 pbyFrame = (PBYTE)(skb->data + 4);
473 FrameSize = cpu_to_le16(*pwFrameSize);
475 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC
477 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n");
482 // update receive statistic counter
483 STAvUpdateRDStatCounter(&pDevice->scStatistic,
492 pMACHeader=(PS802_11Header)((PBYTE) (skb->data)+8);
494 if (pDevice->bMeasureInProgress == TRUE) {
495 if ((*pbyRsr & RSR_CRCOK) != 0) {
496 pDevice->byBasicMap |= 0x01;
498 dwDuration = (FrameSize << 4);
499 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE];
500 if (*pbyRxRate <= RATE_11M) {
501 if (BITbIsBitOn(*pbyRxSts, 0x01)) {
511 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
513 for (ii = 7; ii > 0;) {
514 if (ldBm > ldBmThreshold) {
520 pDevice->dwRPIs[ii] += dwDuration;
524 if (!IS_MULTICAST_ADDRESS(pbyFrame) && !IS_BROADCAST_ADDRESS(pbyFrame)) {
525 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) (skb->data + 4))) {
526 pDevice->s802_11Counter.FrameDuplicateCount++;
533 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader);
535 // filter packet send from myself
536 if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr))
539 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
540 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
541 p802_11Header = (PS802_11Header) (pbyFrame);
543 if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
545 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = get_jiffies();
547 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
549 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
554 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
555 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
559 if (IS_FC_WEP(pbyFrame)) {
560 BOOL bRxDecryOK = FALSE;
562 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
564 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
566 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
567 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
568 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
569 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
570 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
572 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
576 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
580 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
587 bRxDecryOK = s_bHandleRxEncryption(pDevice,
599 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
600 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
601 if ( (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
602 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
603 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
604 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
605 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
607 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
608 pDevice->s802_11Counter.TKIPICVErrors++;
609 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
610 pDevice->s802_11Counter.CCMPDecryptErrors++;
611 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
612 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
618 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
621 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
622 FrameSize -= 8; // Message Integrity Code
624 FrameSize -= 4; // 4 is ICV
631 //remove the CRC length
632 FrameSize -= U_CRC_LEN;
634 if ((BITbIsAllBitsOff(*pbyRsr, (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address
635 (IS_FRAGMENT_PKT((skb->data+4)))
638 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (skb->data+4), FrameSize, bIsWEP, bExtIV);
639 pDevice->s802_11Counter.ReceivedFragmentCount++;
643 skb = &(pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].ref_skb);
645 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
647 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
656 // Management & Control frame Handle
657 if ((IS_TYPE_DATA((skb->data+4))) == FALSE) {
658 // Handle Control & Manage Frame
660 if (IS_TYPE_MGMT((skb->data+4))) {
664 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4);
665 pRxPacket->cbMPDULen = FrameSize;
666 pRxPacket->uRSSI = *pbyRSSI;
667 pRxPacket->bySQ = *pbySQ;
668 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
669 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
672 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4);
673 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4;
674 for (ii = 0; ii < (FrameSize - 4); ii++) {
675 *pbyData1 = *pbyData2;
680 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
681 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
683 //EnQueue(pDevice,pRxPacket);
686 EnQueue(pDevice,pRxPacket);
688 //printk("enque time is %x\n",jiffies);
689 //up(&pDevice->mlme_semaphore);
690 //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt);
694 EnQueue(pDevice,pRxPacket);
695 tasklet_schedule(&pDevice->RxMngWorkItem);
698 vMgrRxManagePacket((HANDLE)pDevice, pDevice->pMgmt, pRxPacket);
699 //tasklet_schedule(&pDevice->RxMngWorkItem);
704 //vMgrRxManagePacket((HANDLE)pDevice, pDevice->pMgmt, pRxPacket);
705 // hostap Deamon handle 802.11 management
706 if (pDevice->bEnableHostapd) {
707 skb->dev = pDevice->apdev;
709 ref_skb_add_offset(skb->skb, 4);
710 ref_skb_set_dev(pDevice->apdev, skb->skb);
711 skb_put(skb->skb, FrameSize);
712 #if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,21)
713 skb->mac_header = skb->data;
715 skb->mac.raw = skb->data;
717 *(skb->pkt_type) = PACKET_OTHERHOST;
718 *(skb->protocol) = htons(ETH_P_802_2);
719 memset(skb->cb, 0, sizeof(skb->cb));
724 skb_put(skb, FrameSize);
725 #if LINUX_VERSION_CODE > KERNEL_VERSION (2,6,21)
726 skb->mac_header = skb->data;
728 skb->mac.raw = skb->data;
730 skb->pkt_type = PACKET_OTHERHOST;
731 skb->protocol = htons(ETH_P_802_2);
732 memset(skb->cb, 0, sizeof(skb->cb));
744 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
745 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
746 if (BITbIsBitOff(*pbyRsr, RSR_BSSIDOK)) {
748 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
749 DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
757 // discard DATA packet while not associate || BSSID error
758 if ((pDevice->bLinkPass == FALSE) ||
759 BITbIsBitOff(*pbyRsr, RSR_BSSIDOK)) {
761 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
762 DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
769 //mike add:station mode check eapol-key challenge--->
771 BYTE Protocol_Version; //802.1x Authentication
772 BYTE Packet_Type; //802.1x Authentication
777 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
778 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
779 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
780 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
781 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
782 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
783 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive
788 //mike add:station mode check eapol-key challenge<---
794 if (pDevice->bEnablePSMode) {
795 if (IS_FC_MOREDATA((skb->data+4))) {
796 if (BITbIsBitOn(*pbyRsr, RSR_ADDROK)) {
797 //PSbSendPSPOLL((PSDevice)pDevice);
801 if (pDevice->pMgmt->bInTIMWake == TRUE) {
802 pDevice->pMgmt->bInTIMWake = FALSE;
807 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
808 if (pDevice->bDiversityEnable && (FrameSize>50) &&
809 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
810 (pDevice->bLinkPass == TRUE)) {
811 //printk("device_receive_frame: RxRate is %d\n",*pbyRxRate);
812 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
816 if (pDevice->byLocalID != REV_ID_VT3253_B1) {
817 pDevice->uCurrRSSI = *pbyRSSI;
819 pDevice->byCurrSQ = *pbySQ;
821 if ((*pbyRSSI != 0) &&
822 (pMgmt->pCurrBSS!=NULL)) {
823 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
824 // Moniter if RSSI is too strong.
825 pMgmt->pCurrBSS->byRSSIStatCnt++;
826 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
827 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
828 for(ii=0;ii<RSSI_STAT_COUNT;ii++) {
829 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
830 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
835 // -----------------------------------------------
837 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
840 // Only 802.1x packet incoming allowed
845 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) |
846 skb->data[cbIVOffset + 4 + 24 + 6 + 1];
848 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
849 if (wEtherType == ETH_P_PAE) {
850 skb->dev = pDevice->apdev;
852 if (bIsWEP == TRUE) {
853 // strip IV header(8)
854 memcpy(&abyMacHdr[0], (skb->data + 4), 24);
855 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24);
858 ref_skb_add_offset(skb->skb, (cbIVOffset + 4));
859 ref_skb_set_dev(pDevice->apdev, skb->skb);
860 skb_put(skb->skb, FrameSize);
861 #if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,21)
862 skb->mac_header = skb->data;
864 skb->mac.raw = skb->data;
866 *(skb->pkt_type) = PACKET_OTHERHOST;
867 *(skb->protocol) = htons(ETH_P_802_2);
868 memset(skb->cb, 0, sizeof(skb->cb));
871 skb->data += (cbIVOffset + 4);
872 skb->tail += (cbIVOffset + 4);
873 skb_put(skb, FrameSize);
874 #if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,21)
875 skb->mac_header = skb->data;
877 skb->mac.raw = skb->data;
880 skb->pkt_type = PACKET_OTHERHOST;
881 skb->protocol = htons(ETH_P_802_2);
882 memset(skb->cb, 0, sizeof(skb->cb));
888 // check if 802.1x authorized
889 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
894 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
896 FrameSize -= 8; //MIC
900 //--------------------------------------------------------------------------------
902 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
906 DWORD dwMIC_Priority;
907 DWORD dwMICKey0 = 0, dwMICKey1 = 0;
908 DWORD dwLocalMIC_L = 0;
909 DWORD dwLocalMIC_R = 0;
910 viawget_wpa_header *wpahdr;
913 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
914 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
915 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
918 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
919 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
920 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
921 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
922 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
923 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
925 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
926 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
930 MIC_vInit(dwMICKey0, dwMICKey1);
931 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
933 MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
934 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
935 MIC_vAppend((PBYTE)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8),
936 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
937 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
940 pdwMIC_L = (PDWORD)(skb->data + 4 + FrameSize);
941 pdwMIC_R = (PDWORD)(skb->data + 4 + FrameSize + 4);
942 //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R));
943 //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R));
944 //DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1);
947 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
948 (pDevice->bRxMICFail == TRUE)) {
949 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
950 pDevice->bRxMICFail = FALSE;
951 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
952 pDevice->s802_11Counter.TKIPLocalMICFailures++;
954 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
955 DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
960 //2008-0409-07, <Add> by Einsn Liu
961 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
962 //send event to wpa_supplicant
963 //if(pDevice->bWPADevEnable == TRUE)
965 union iwreq_data wrqu;
966 struct iw_michaelmicfailure ev;
967 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
968 memset(&ev, 0, sizeof(ev));
969 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
970 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
971 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
972 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
973 ev.flags |= IW_MICFAILURE_PAIRWISE;
975 ev.flags |= IW_MICFAILURE_GROUP;
978 ev.src_addr.sa_family = ARPHRD_ETHER;
979 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
980 memset(&wrqu, 0, sizeof(wrqu));
981 wrqu.data.length = sizeof(ev);
982 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
986 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
987 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
988 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
989 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
990 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
991 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
992 wpahdr->type = VIAWGET_PTK_MIC_MSG;
994 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
995 wpahdr->type = VIAWGET_GTK_MIC_MSG;
997 wpahdr->resp_ie_len = 0;
998 wpahdr->req_ie_len = 0;
999 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
1000 pDevice->skb->dev = pDevice->wpadev;
1001 #if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,21)
1002 pDevice->skb->mac_header = pDevice->skb->data;
1004 pDevice->skb->mac.raw=pDevice->skb->data;
1006 pDevice->skb->pkt_type = PACKET_HOST;
1007 pDevice->skb->protocol = htons(ETH_P_802_2);
1008 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
1009 netif_rx(pDevice->skb);
1010 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1017 } //---end of SOFT MIC-----------------------------------------------------------------------
1019 // ++++++++++ Reply Counter Check +++++++++++++
1021 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
1022 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
1024 WORD wLocalTSC15_0 = 0;
1025 DWORD dwLocalTSC47_16 = 0;
1028 RSC = *((ULONGLONG *) &(pKey->KeyRSC));
1029 wLocalTSC15_0 = (WORD) RSC;
1030 dwLocalTSC47_16 = (DWORD) (RSC>>16);
1035 MEMvCopy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
1037 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
1038 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
1040 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
1041 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
1042 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
1043 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
1044 if (pKey->byCipherSuite == KEY_CTL_TKIP)
1045 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
1046 pDevice->s802_11Counter.TKIPReplays++;
1048 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
1049 pDevice->s802_11Counter.CCMPReplays++;
1052 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1053 DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1054 pDevice->dev->name);
1061 } // ----- End of Reply Counter Check --------------------------
1065 if ((pKey != NULL) && (bIsWEP)) {
1066 // pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++;
1070 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
1071 FrameSize -= cbHeaderOffset;
1072 cbHeaderOffset += 4; // 4 is Rcv buffer header
1074 // Null data, framesize = 14
1078 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
1079 if (s_bAPModeRxData(pDevice,
1088 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1089 DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1090 pDevice->dev->name);
1096 // if(pDevice->bRxMICFail == FALSE) {
1097 // for (ii =0; ii < 100; ii++)
1098 // printk(" %02x", *(skb->data + ii));
1105 ref_skb_add_offset(skb->skb, cbHeaderOffset);
1106 skb_put(skb->skb, FrameSize);
1107 *(skb->protocol)=eth_type_trans(skb->skb, skb->dev);
1110 skb->data += cbHeaderOffset;
1111 skb->tail += cbHeaderOffset;
1112 skb_put(skb, FrameSize);
1113 skb->protocol=eth_type_trans(skb, skb->dev);
1117 //drop frame not met IEEE 802.3
1119 if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) {
1121 if ((*(skb->protocol)==htons(ETH_P_802_3)) &&
1122 (*(skb->len)!=htons(skb->mac.ethernet->h_proto))) {
1124 if ((skb->protocol==htons(ETH_P_802_3)) &&
1125 (skb->len!=htons(skb->mac.ethernet->h_proto))) {
1127 pStats->rx_length_errors++;
1128 pStats->rx_dropped++;
1130 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1131 DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1132 pDevice->dev->name);
1141 *(skb->ip_summed)=CHECKSUM_NONE;
1142 pStats->rx_bytes +=*(skb->len);
1143 pStats->rx_packets++;
1146 skb->ip_summed=CHECKSUM_NONE;
1147 pStats->rx_bytes +=skb->len;
1148 pStats->rx_packets++;
1153 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1154 DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1155 pDevice->dev->name);
1163 static BOOL s_bAPModeRxCtl (
1164 IN PSDevice pDevice,
1169 PS802_11Header p802_11Header;
1171 PSMgmtObject pMgmt = pDevice->pMgmt;
1174 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1176 p802_11Header = (PS802_11Header) (pbyFrame);
1177 if (!IS_TYPE_MGMT(pbyFrame)) {
1179 // Data & PS-Poll packet
1180 // check frame class
1181 if (iSANodeIndex > 0) {
1182 // frame class 3 fliter & checking
1183 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1184 // send deauth notification
1185 // reason = (6) class 2 received from nonauth sta
1186 vMgrDeAuthenBeginSta(pDevice,
1188 (PBYTE)(p802_11Header->abyAddr2),
1189 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1192 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1195 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1196 // send deassoc notification
1197 // reason = (7) class 3 received from nonassoc sta
1198 vMgrDisassocBeginSta(pDevice,
1200 (PBYTE)(p802_11Header->abyAddr2),
1201 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1204 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1208 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1209 // delcare received ps-poll event
1210 if (IS_CTL_PSPOLL(pbyFrame)) {
1211 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1212 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1213 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1216 // check Data PS state
1217 // if PW bit off, send out all PS bufferring packets.
1218 if (!IS_FC_POWERMGT(pbyFrame)) {
1219 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1220 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1221 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1222 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1227 if (IS_FC_POWERMGT(pbyFrame)) {
1228 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1229 // Once if STA in PS state, enable multicast bufferring
1230 pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1233 // clear all pending PS frame.
1234 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1235 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1236 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1237 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1238 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1245 vMgrDeAuthenBeginSta(pDevice,
1247 (PBYTE)(p802_11Header->abyAddr2),
1248 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1251 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1252 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1253 p802_11Header->abyAddr3[0],
1254 p802_11Header->abyAddr3[1],
1255 p802_11Header->abyAddr3[2],
1256 p802_11Header->abyAddr3[3],
1257 p802_11Header->abyAddr3[4],
1258 p802_11Header->abyAddr3[5]
1260 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1261 p802_11Header->abyAddr2[0],
1262 p802_11Header->abyAddr2[1],
1263 p802_11Header->abyAddr2[2],
1264 p802_11Header->abyAddr2[3],
1265 p802_11Header->abyAddr2[4],
1266 p802_11Header->abyAddr2[5]
1268 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1269 p802_11Header->abyAddr1[0],
1270 p802_11Header->abyAddr1[1],
1271 p802_11Header->abyAddr1[2],
1272 p802_11Header->abyAddr1[3],
1273 p802_11Header->abyAddr1[4],
1274 p802_11Header->abyAddr1[5]
1276 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1277 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode));
1278 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode );
1287 static BOOL s_bHandleRxEncryption (
1288 IN PSDevice pDevice,
1292 OUT PBYTE pbyNewRsr,
1293 OUT PSKeyItem *pKeyOut,
1295 OUT PWORD pwRxTSC15_0,
1296 OUT PDWORD pdwRxTSC47_16
1299 UINT PayloadLen = FrameSize;
1302 PSKeyItem pKey = NULL;
1303 BYTE byDecMode = KEY_CTL_WEP;
1304 PSMgmtObject pMgmt = pDevice->pMgmt;
1310 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1311 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1312 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1313 pbyIV += 6; // 6 is 802.11 address4
1316 byKeyIdx = (*(pbyIV+3) & 0xc0);
1318 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1320 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1321 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1322 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1323 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1324 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1325 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1326 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) {
1327 // unicast pkt use pairwise key
1328 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1329 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1330 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP)
1331 byDecMode = KEY_CTL_TKIP;
1332 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP)
1333 byDecMode = KEY_CTL_CCMP;
1335 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1338 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1339 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1340 byDecMode = KEY_CTL_TKIP;
1341 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1342 byDecMode = KEY_CTL_CCMP;
1343 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1346 // our WEP only support Default Key
1348 // use default group key
1349 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1350 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1351 byDecMode = KEY_CTL_TKIP;
1352 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1353 byDecMode = KEY_CTL_CCMP;
1357 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1360 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1361 if (byDecMode == KEY_CTL_WEP) {
1362 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1363 } else if (pDevice->bLinkPass == TRUE) {
1364 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1368 if (byDecMode != pKey->byCipherSuite) {
1369 if (byDecMode == KEY_CTL_WEP) {
1370 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1371 } else if (pDevice->bLinkPass == TRUE) {
1372 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1377 if (byDecMode == KEY_CTL_WEP) {
1379 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1380 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1385 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1386 MEMvCopy(pDevice->abyPRNG, pbyIV, 3);
1387 MEMvCopy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1388 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1389 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1391 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1392 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1395 } else if ((byDecMode == KEY_CTL_TKIP) ||
1396 (byDecMode == KEY_CTL_CCMP)) {
1399 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1400 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1401 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1402 if (byDecMode == KEY_CTL_TKIP) {
1403 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1405 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1407 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1409 if ((byDecMode == KEY_CTL_TKIP) &&
1410 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1413 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1414 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1415 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1416 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1417 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1418 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1419 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1421 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1422 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1427 if ((*(pbyIV+3) & 0x20) != 0)
1433 static BOOL s_bHostWepRxEncryption (
1434 IN PSDevice pDevice,
1440 OUT PBYTE pbyNewRsr,
1442 OUT PWORD pwRxTSC15_0,
1443 OUT PDWORD pdwRxTSC47_16
1446 UINT PayloadLen = FrameSize;
1449 BYTE byDecMode = KEY_CTL_WEP;
1450 PS802_11Header pMACHeader;
1457 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1458 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1459 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1460 pbyIV += 6; // 6 is 802.11 address4
1463 byKeyIdx = (*(pbyIV+3) & 0xc0);
1465 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1468 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1469 byDecMode = KEY_CTL_TKIP;
1470 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1471 byDecMode = KEY_CTL_CCMP;
1473 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1475 if (byDecMode != pKey->byCipherSuite) {
1476 if (byDecMode == KEY_CTL_WEP) {
1477 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1478 } else if (pDevice->bLinkPass == TRUE) {
1479 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1484 if (byDecMode == KEY_CTL_WEP) {
1486 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1487 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1488 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1489 (bOnFly == FALSE)) {
1495 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1496 MEMvCopy(pDevice->abyPRNG, pbyIV, 3);
1497 MEMvCopy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1498 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1499 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1501 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1502 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1505 } else if ((byDecMode == KEY_CTL_TKIP) ||
1506 (byDecMode == KEY_CTL_CCMP)) {
1509 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1510 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1511 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1513 if (byDecMode == KEY_CTL_TKIP) {
1514 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1516 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1518 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1520 if (byDecMode == KEY_CTL_TKIP) {
1521 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1525 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1526 pMACHeader = (PS802_11Header) (pbyFrame);
1527 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1528 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1529 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1530 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1531 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1532 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1534 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1535 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1540 if (byDecMode == KEY_CTL_CCMP) {
1541 if (bOnFly == FALSE) {
1544 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1545 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1546 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1547 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1549 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1556 if ((*(pbyIV+3) & 0x20) != 0)
1566 static BOOL s_bAPModeRxData (
1567 IN PSDevice pDevice,
1568 IN ref_sk_buff* skb,
1570 IN UINT cbHeaderOffset,
1571 IN INT iSANodeIndex,
1577 static BOOL s_bAPModeRxData (
1578 IN PSDevice pDevice,
1579 IN struct sk_buff* skb,
1581 IN UINT cbHeaderOffset,
1582 IN INT iSANodeIndex,
1587 PSMgmtObject pMgmt = pDevice->pMgmt;
1588 BOOL bRelayAndForward = FALSE;
1589 BOOL bRelayOnly = FALSE;
1590 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1593 struct sk_buff* tmp_skb;
1594 ref_sk_buff s_ref_skb;
1595 ref_sk_buff* skbcpy = &s_ref_skb;
1597 struct sk_buff* skbcpy = NULL;
1602 if (FrameSize > CB_MAX_BUF_SIZE)
1605 if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) {
1606 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1609 tmp_skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1610 skbcpy = &s_ref_skb;
1611 ref_skb_remap(pDevice->dev, skbcpy, tmp_skb);
1613 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1615 // if any node in PS mode, buffer packet until DTIM.
1616 if (skbcpy == NULL) {
1617 DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1620 skbcpy->dev = pDevice->dev;
1622 *(skbcpy->len) = FrameSize;
1623 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1624 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy->skb);
1626 skbcpy->len = FrameSize;
1627 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1628 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1630 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1632 pMgmt->abyPSTxMap[0] |= byMask[0];
1636 bRelayAndForward = TRUE;
1641 if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1642 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1643 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1644 // queue this skb until next PS tx, and then release.
1647 ref_skb_add_offset(skb->skb, cbHeaderOffset);
1648 skb_put(skb->skb, FrameSize);
1649 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb->skb);
1651 skb->data += cbHeaderOffset;
1652 skb->tail += cbHeaderOffset;
1653 skb_put(skb, FrameSize);
1654 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1656 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1657 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1658 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1659 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1660 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1670 if (bRelayOnly || bRelayAndForward) {
1671 // relay this packet right now
1672 if (bRelayAndForward)
1675 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1676 ROUTEbRelay(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex);
1682 // none associate, don't forward
1683 if (pDevice->uAssocCount == 0)