drivers/staging/vt6655/dpc.c

   1 /*
   2  * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
   3  * All rights reserved.
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * File: dpc.c
  20  *
  21  * Purpose: handle dpc rx functions
  22  *
  23  * Author: Lyndon Chen
  24  *
  25  * Date: May 20, 2003
  26  *
  27  * Functions:
  28  *      device_receive_frame - Rcv 802.11 frame function
  29  *      s_bAPModeRxCtl- AP Rcv frame filer Ctl.
  30  *      s_bAPModeRxData- AP Rcv data frame handle
  31  *      s_bHandleRxEncryption- Rcv decrypted data via on-fly
  32  *      s_bHostWepRxEncryption- Rcv encrypted data via host
  33  *      s_byGetRateIdx- get rate index
  34  *      s_vGetDASA- get data offset
  35  *      s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
  36  *
  37  * Revision History:
  38  *
  39  */
  40
  41
  42 #if !defined(__DEVICE_H__)
  43 #include "device.h"
  44 #endif
  45 #if !defined(__RXTX_H__)
  46 #include "rxtx.h"
  47 #endif
  48 #if !defined(__TETHER_H__)
  49 #include "tether.h"
  50 #endif
  51 #if !defined(__CARD_H__)
  52 #include "card.h"
  53 #endif
  54 #if !defined(__BSSDB_H__)
  55 #include "bssdb.h"
  56 #endif
  57 #if !defined(__MAC_H__)
  58 #include "mac.h"
  59 #endif
  60 #if !defined(__BASEBAND_H__)
  61 #include "baseband.h"
  62 #endif
  63 #if !defined(__UMEM_H__)
  64 #include "umem.h"
  65 #endif
  66 #if !defined(__MICHAEL_H__)
  67 #include "michael.h"
  68 #endif
  69 #if !defined(__TKIP_H__)
  70 #include "tkip.h"
  71 #endif
  72 #if !defined(__TCRC_H__)
  73 #include "tcrc.h"
  74 #endif
  75 #if !defined(__WCTL_H__)
  76 #include "wctl.h"
  77 #endif
  78 #if !defined(__WROUTE_H__)
  79 #include "wroute.h"
  80 #endif
  81 #if !defined(__TBIT_H__)
  82 #include "tbit.h"
  83 #endif
  84 #if !defined(__HOSTAP_H__)
  85 #include "hostap.h"
  86 #endif
  87 #if !defined(__RF_H__)
  88 #include "rf.h"
  89 #endif
  90 #if !defined(__IOWPA_H__)
  91 #include "iowpa.h"
  92 #endif
  93 #if !defined(__AES_H__)
  94 #include "aes_ccmp.h"
  95 #endif
  96
  97 //#define       PLICE_DEBUG
  98
  99
 100 /*---------------------  Static Definitions -------------------------*/
 101
 102 /*---------------------  Static Classes  ----------------------------*/
 103
 104 /*---------------------  Static Variables  --------------------------*/
 105 //static int          msglevel                =MSG_LEVEL_DEBUG;
 106 static int          msglevel                =MSG_LEVEL_INFO;
 107
 108 const BYTE acbyRxRate[MAX_RATE] =
 109 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
 110
 111
 112 /*---------------------  Static Functions  --------------------------*/
 113
 114 /*---------------------  Static Definitions -------------------------*/
 115
 116 /*---------------------  Static Functions  --------------------------*/
 117
 118 static BYTE s_byGetRateIdx(IN BYTE byRate);
 119
 120
 121 static
 122 VOID
 123 s_vGetDASA(
 124     IN  PBYTE pbyRxBufferAddr,
 125     OUT PUINT pcbHeaderSize,
 126     OUT PSEthernetHeader psEthHeader
 127     );
 128
 129 static
 130 VOID
 131 s_vProcessRxMACHeader (
 132     IN  PSDevice pDevice,
 133     IN  PBYTE pbyRxBufferAddr,
 134     IN  UINT cbPacketSize,
 135     IN  BOOL bIsWEP,
 136     IN  BOOL bExtIV,
 137     OUT PUINT pcbHeadSize
 138     );
 139
 140 static BOOL s_bAPModeRxCtl(
 141     IN PSDevice pDevice,
 142     IN PBYTE    pbyFrame,
 143     IN INT      iSANodeIndex
 144     );
 145
 146 #ifdef PRIVATE_OBJ
 147
 148 static BOOL s_bAPModeRxData (
 149     IN PSDevice pDevice,
 150     IN ref_sk_buff* skb,
 151     IN UINT     FrameSize,
 152     IN UINT     cbHeaderOffset,
 153     IN INT      iSANodeIndex,
 154     IN INT      iDANodeIndex
 155     );
 156 #else
 157
 158 static BOOL s_bAPModeRxData (
 159     IN PSDevice pDevice,
 160     IN struct sk_buff* skb,
 161     IN UINT     FrameSize,
 162     IN UINT     cbHeaderOffset,
 163     IN INT      iSANodeIndex,
 164     IN INT      iDANodeIndex
 165     );
 166 #endif
 167
 168
 169 static BOOL s_bHandleRxEncryption(
 170     IN PSDevice     pDevice,
 171     IN PBYTE        pbyFrame,
 172     IN UINT         FrameSize,
 173     IN PBYTE        pbyRsr,
 174     OUT PBYTE       pbyNewRsr,
 175     OUT PSKeyItem   *pKeyOut,
 176     OUT PBOOL       pbExtIV,
 177     OUT PWORD       pwRxTSC15_0,
 178     OUT PDWORD      pdwRxTSC47_16
 179     );
 180
 181 static BOOL s_bHostWepRxEncryption(
 182
 183     IN PSDevice     pDevice,
 184     IN PBYTE        pbyFrame,
 185     IN UINT         FrameSize,
 186     IN PBYTE        pbyRsr,
 187     IN BOOL         bOnFly,
 188     IN PSKeyItem    pKey,
 189     OUT PBYTE       pbyNewRsr,
 190     OUT PBOOL       pbExtIV,
 191     OUT PWORD       pwRxTSC15_0,
 192     OUT PDWORD      pdwRxTSC47_16
 193
 194     );
 195
 196 /*---------------------  Export Variables  --------------------------*/
 197
 198 /*+
 199  *
 200  * Description:
 201  *    Translate Rcv 802.11 header to 802.3 header with Rx buffer
 202  *
 203  * Parameters:
 204  *  In:
 205  *      pDevice
 206  *      dwRxBufferAddr  - Address of Rcv Buffer
 207  *      cbPacketSize    - Rcv Packet size
 208  *      bIsWEP          - If Rcv with WEP
 209  *  Out:
 210  *      pcbHeaderSize   - 802.11 header size
 211  *
 212  * Return Value: None
 213  *
 214 -*/
 215 static
 216 VOID
 217 s_vProcessRxMACHeader (
 218     IN  PSDevice pDevice,
 219     IN  PBYTE pbyRxBufferAddr,
 220     IN  UINT cbPacketSize,
 221     IN  BOOL bIsWEP,
 222     IN  BOOL bExtIV,
 223     OUT PUINT pcbHeadSize
 224     )
 225 {
 226     PBYTE           pbyRxBuffer;
 227     UINT            cbHeaderSize = 0;
 228     PWORD           pwType;
 229     PS802_11Header  pMACHeader;
 230     int             ii;
 231
 232
 233     pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
 234
 235     s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
 236
 237     if (bIsWEP) {
 238         if (bExtIV) {
 239             // strip IV&ExtIV , add 8 byte
 240             cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
 241         } else {
 242             // strip IV , add 4 byte
 243             cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
 244         }
 245     }
 246     else {
 247         cbHeaderSize += WLAN_HDR_ADDR3_LEN;
 248     };
 249
 250     pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
 251     if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
 252         cbHeaderSize += 6;
 253     }
 254     else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
 255         cbHeaderSize += 6;
 256         pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
 257         if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
 258         }
 259         else {
 260             cbHeaderSize -= 8;
 261             pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
 262             if (bIsWEP) {
 263                 if (bExtIV) {
 264                     *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);    // 8 is IV&ExtIV
 265                 } else {
 266                     *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);    // 4 is IV
 267                 }
 268             }
 269             else {
 270                 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
 271             }
 272         }
 273     }
 274     else {
 275         cbHeaderSize -= 2;
 276         pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
 277         if (bIsWEP) {
 278             if (bExtIV) {
 279                 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);    // 8 is IV&ExtIV
 280             } else {
 281                 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);    // 4 is IV
 282             }
 283         }
 284         else {
 285             *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
 286         }
 287     }
 288
 289     cbHeaderSize -= (U_ETHER_ADDR_LEN * 2);
 290     pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
 291     for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
 292         *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
 293     for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
 294         *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
 295
 296     *pcbHeadSize = cbHeaderSize;
 297 }
 298
 299
 300
 301
 302 static BYTE s_byGetRateIdx (IN BYTE byRate)
 303 {
 304     BYTE    byRateIdx;
 305
 306     for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
 307         if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
 308             return byRateIdx;
 309     }
 310     return 0;
 311 }
 312
 313
 314 static
 315 VOID
 316 s_vGetDASA (
 317     IN  PBYTE pbyRxBufferAddr,
 318     OUT PUINT pcbHeaderSize,
 319     OUT PSEthernetHeader psEthHeader
 320     )
 321 {
 322     UINT            cbHeaderSize = 0;
 323     PS802_11Header  pMACHeader;
 324     int             ii;
 325
 326     pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
 327
 328     if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
 329         if (pMACHeader->wFrameCtl & FC_FROMDS) {
 330             for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
 331                 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
 332                 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
 333             }
 334         }
 335         else {
 336             // IBSS mode
 337             for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
 338                 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
 339                 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
 340             }
 341         }
 342     }
 343     else {
 344         // Is AP mode..
 345         if (pMACHeader->wFrameCtl & FC_FROMDS) {
 346             for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
 347                 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
 348                 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
 349                 cbHeaderSize += 6;
 350             }
 351         }
 352         else {
 353             for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
 354                 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
 355                 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
 356             }
 357         }
 358     };
 359     *pcbHeaderSize = cbHeaderSize;
 360 }
 361
 362
 363
 364
 365 //PLICE_DEBUG ->
 366
 367 VOID    MngWorkItem(PVOID Context)
 368 {
 369         PSRxMgmtPacket                  pRxMgmtPacket;
 370         PSDevice        pDevice =  (PSDevice) Context;
 371         //printk("Enter MngWorkItem,Queue packet num is %d\n",pDevice->rxManeQueue.packet_num);
 372         spin_lock_irq(&pDevice->lock);
 373          while(pDevice->rxManeQueue.packet_num != 0)
 374          {
 375                  pRxMgmtPacket =  DeQueue(pDevice);
 376                         vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket);
 377         }
 378         spin_unlock_irq(&pDevice->lock);
 379 }
 380
 381
 382 //PLICE_DEBUG<-
 383
 384
 385
 386 BOOL
 387 device_receive_frame (
 388     IN  PSDevice pDevice,
 389     IN  PSRxDesc pCurrRD
 390     )
 391 {
 392
 393     PDEVICE_RD_INFO  pRDInfo = pCurrRD->pRDInfo;
 394 #ifdef  PLICE_DEBUG
 395         //printk("device_receive_frame:pCurrRD is %x,pRDInfo is %x\n",pCurrRD,pCurrRD->pRDInfo);
 396 #endif
 397     struct net_device_stats* pStats=&pDevice->stats;
 398 #ifdef PRIVATE_OBJ
 399     ref_sk_buff*    skb;
 400 #else
 401     struct sk_buff* skb;
 402 #endif
 403     PSMgmtObject    pMgmt = pDevice->pMgmt;
 404     PSRxMgmtPacket  pRxPacket = &(pDevice->pMgmt->sRxPacket);
 405     PS802_11Header  p802_11Header;
 406     PBYTE           pbyRsr;
 407     PBYTE           pbyNewRsr;
 408     PBYTE           pbyRSSI;
 409     PQWORD          pqwTSFTime;
 410     PWORD           pwFrameSize;
 411     PBYTE           pbyFrame;
 412     BOOL            bDeFragRx = FALSE;
 413     BOOL            bIsWEP = FALSE;
 414     UINT            cbHeaderOffset;
 415     UINT            FrameSize;
 416     WORD            wEtherType = 0;
 417     INT             iSANodeIndex = -1;
 418     INT             iDANodeIndex = -1;
 419     UINT            ii;
 420     UINT            cbIVOffset;
 421     BOOL            bExtIV = FALSE;
 422     PBYTE           pbyRxSts;
 423     PBYTE           pbyRxRate;
 424     PBYTE           pbySQ;
 425     UINT            cbHeaderSize;
 426     PSKeyItem       pKey = NULL;
 427     WORD            wRxTSC15_0 = 0;
 428     DWORD           dwRxTSC47_16 = 0;
 429     SKeyItem        STempKey;
 430     // 802.11h RPI
 431     DWORD           dwDuration = 0;
 432     LONG            ldBm = 0;
 433     LONG            ldBmThreshold = 0;
 434     PS802_11Header pMACHeader;
 435  BOOL            bRxeapol_key = FALSE;
 436
 437 //    DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- device_receive_frame---\n");
 438 #ifdef PRIVATE_OBJ
 439     skb = &(pRDInfo->ref_skb);
 440 #else
 441
 442     skb = pRDInfo->skb;
 443 #endif
 444
 445
 446 //PLICE_DEBUG->
 447 #if 1
 448         pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma,
 449                      pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE);
 450 #endif
 451 //PLICE_DEBUG<-
 452     pwFrameSize = (PWORD)(skb->data + 2);
 453     FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount);
 454
 455     // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
 456     // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
 457     if ((FrameSize > 2364)||(FrameSize <= 32)) {
 458         // Frame Size error drop this packet.
 459         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
 460         return FALSE;
 461     }
 462
 463     pbyRxSts = (PBYTE) (skb->data);
 464     pbyRxRate = (PBYTE) (skb->data + 1);
 465     pbyRsr = (PBYTE) (skb->data + FrameSize - 1);
 466     pbyRSSI = (PBYTE) (skb->data + FrameSize - 2);
 467     pbyNewRsr = (PBYTE) (skb->data + FrameSize - 3);
 468     pbySQ = (PBYTE) (skb->data + FrameSize - 4);
 469     pqwTSFTime = (PQWORD) (skb->data + FrameSize - 12);
 470     pbyFrame = (PBYTE)(skb->data + 4);
 471
 472     // get packet size
 473     FrameSize = cpu_to_le16(*pwFrameSize);
 474
 475     if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC
 476                                                // Min: 14 bytes ACK
 477         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n");
 478         return FALSE;
 479     }
 480 //PLICE_DEBUG->
 481 #if 1
 482         // update receive statistic counter
 483     STAvUpdateRDStatCounter(&pDevice->scStatistic,
 484                             *pbyRsr,
 485                             *pbyNewRsr,
 486                             *pbyRxRate,
 487                             pbyFrame,
 488                             FrameSize);
 489
 490 #endif
 491
 492   pMACHeader=(PS802_11Header)((PBYTE) (skb->data)+8);
 493 //PLICE_DEBUG<-
 494         if (pDevice->bMeasureInProgress == TRUE) {
 495         if ((*pbyRsr & RSR_CRCOK) != 0) {
 496             pDevice->byBasicMap |= 0x01;
 497         }
 498         dwDuration = (FrameSize << 4);
 499         dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE];
 500         if (*pbyRxRate <= RATE_11M) {
 501             if (BITbIsBitOn(*pbyRxSts, 0x01)) {
 502                 // long preamble
 503                 dwDuration += 192;
 504             } else {
 505                 // short preamble
 506                 dwDuration += 96;
 507             }
 508         } else {
 509             dwDuration += 16;
 510         }
 511         RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
 512         ldBmThreshold = -57;
 513         for (ii = 7; ii > 0;) {
 514             if (ldBm > ldBmThreshold) {
 515                 break;
 516             }
 517             ldBmThreshold -= 5;
 518             ii--;
 519         }
 520         pDevice->dwRPIs[ii] += dwDuration;
 521         return FALSE;
 522     }
 523
 524     if (!IS_MULTICAST_ADDRESS(pbyFrame) && !IS_BROADCAST_ADDRESS(pbyFrame)) {
 525         if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) (skb->data + 4))) {
 526             pDevice->s802_11Counter.FrameDuplicateCount++;
 527             return FALSE;
 528         }
 529     }
 530
 531
 532     // Use for TKIP MIC
 533     s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader);
 534
 535     // filter packet send from myself
 536     if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr))
 537         return FALSE;
 538
 539     if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
 540         if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
 541             p802_11Header = (PS802_11Header) (pbyFrame);
 542             // get SA NodeIndex
 543             if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
 544 #ifdef PRIVATE_OBJ
 545                 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = get_jiffies();
 546 #else
 547                 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
 548 #endif
 549                 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
 550             }
 551         }
 552     }
 553
 554     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 555         if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
 556             return FALSE;
 557         }
 558     }
 559     if (IS_FC_WEP(pbyFrame)) {
 560         BOOL     bRxDecryOK = FALSE;
 561
 562         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
 563         bIsWEP = TRUE;
 564         if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
 565             pKey = &STempKey;
 566             pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
 567             pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
 568             pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
 569             pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
 570             pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
 571             memcpy(pKey->abyKey,
 572                 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
 573                 pKey->uKeyLength
 574                 );
 575
 576             bRxDecryOK = s_bHostWepRxEncryption(pDevice,
 577                                                 pbyFrame,
 578                                                 FrameSize,
 579                                                 pbyRsr,
 580                                                 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
 581                                                 pKey,
 582                                                 pbyNewRsr,
 583                                                 &bExtIV,
 584                                                 &wRxTSC15_0,
 585                                                 &dwRxTSC47_16);
 586         } else {
 587             bRxDecryOK = s_bHandleRxEncryption(pDevice,
 588                                                 pbyFrame,
 589                                                 FrameSize,
 590                                                 pbyRsr,
 591                                                 pbyNewRsr,
 592                                                 &pKey,
 593                                                 &bExtIV,
 594                                                 &wRxTSC15_0,
 595                                                 &dwRxTSC47_16);
 596         }
 597
 598         if (bRxDecryOK) {
 599             if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
 600                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
 601                 if ( (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
 602                     (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
 603                     (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
 604                     (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
 605                     (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
 606
 607                     if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
 608                         pDevice->s802_11Counter.TKIPICVErrors++;
 609                     } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
 610                         pDevice->s802_11Counter.CCMPDecryptErrors++;
 611                     } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
 612 //                      pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
 613                     }
 614                 }
 615                 return FALSE;
 616             }
 617         } else {
 618             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
 619             return FALSE;
 620         }
 621         if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
 622             FrameSize -= 8;         // Message Integrity Code
 623         else
 624             FrameSize -= 4;         // 4 is ICV
 625     }
 626
 627
 628     //
 629     // RX OK
 630     //
 631     //remove the CRC length
 632     FrameSize -= U_CRC_LEN;
 633
 634     if ((BITbIsAllBitsOff(*pbyRsr, (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address
 635         (IS_FRAGMENT_PKT((skb->data+4)))
 636         ) {
 637         // defragment
 638         bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (skb->data+4), FrameSize, bIsWEP, bExtIV);
 639         pDevice->s802_11Counter.ReceivedFragmentCount++;
 640         if (bDeFragRx) {
 641             // defrag complete
 642 #ifdef PRIVATE_OBJ
 643             skb = &(pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].ref_skb);
 644 #else
 645             skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
 646 #endif
 647             FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
 648
 649         }
 650         else {
 651             return FALSE;
 652         }
 653     }
 654
 655
 656 // Management & Control frame Handle
 657     if ((IS_TYPE_DATA((skb->data+4))) == FALSE) {
 658         // Handle Control & Manage Frame
 659
 660         if (IS_TYPE_MGMT((skb->data+4))) {
 661             PBYTE pbyData1;
 662             PBYTE pbyData2;
 663
 664             pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4);
 665             pRxPacket->cbMPDULen = FrameSize;
 666             pRxPacket->uRSSI = *pbyRSSI;
 667             pRxPacket->bySQ = *pbySQ;
 668             HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
 669             LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
 670             if (bIsWEP) {
 671                 // strip IV
 672                 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4);
 673                 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4;
 674                 for (ii = 0; ii < (FrameSize - 4); ii++) {
 675                     *pbyData1 = *pbyData2;
 676                      pbyData1++;
 677                      pbyData2++;
 678                 }
 679             }
 680             pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
 681             pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
 682 //PLICE_DEBUG->
 683 //EnQueue(pDevice,pRxPacket);
 684
 685 #ifdef  THREAD
 686                 EnQueue(pDevice,pRxPacket);
 687
 688                 //printk("enque time is %x\n",jiffies);
 689                 //up(&pDevice->mlme_semaphore);
 690                         //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt);
 691 #else
 692
 693 #ifdef  TASK_LET
 694                 EnQueue(pDevice,pRxPacket);
 695                 tasklet_schedule(&pDevice->RxMngWorkItem);
 696 #else
 697 //printk("RxMan\n");
 698         vMgrRxManagePacket((HANDLE)pDevice, pDevice->pMgmt, pRxPacket);
 699            //tasklet_schedule(&pDevice->RxMngWorkItem);
 700 #endif
 701
 702 #endif
 703 //PLICE_DEBUG<-
 704                         //vMgrRxManagePacket((HANDLE)pDevice, pDevice->pMgmt, pRxPacket);
 705             // hostap Deamon handle 802.11 management
 706             if (pDevice->bEnableHostapd) {
 707                     skb->dev = pDevice->apdev;
 708 #ifdef PRIVATE_OBJ
 709                 ref_skb_add_offset(skb->skb, 4);
 710                 ref_skb_set_dev(pDevice->apdev, skb->skb);
 711                 skb_put(skb->skb, FrameSize);
 712 #if     LINUX_VERSION_CODE      > KERNEL_VERSION(2,6,21)
 713                     skb->mac_header = skb->data;
 714 #else
 715                         skb->mac.raw = skb->data;
 716 #endif
 717                     *(skb->pkt_type) = PACKET_OTHERHOST;
 718                 *(skb->protocol) = htons(ETH_P_802_2);
 719                     memset(skb->cb, 0, sizeof(skb->cb));
 720                     netif_rx(skb->skb);
 721 #else
 722                     skb->data += 4;
 723                     skb->tail += 4;
 724                      skb_put(skb, FrameSize);
 725 #if     LINUX_VERSION_CODE > KERNEL_VERSION (2,6,21)
 726                     skb->mac_header = skb->data;
 727 #else
 728                 skb->mac.raw = skb->data;
 729 #endif
 730                     skb->pkt_type = PACKET_OTHERHOST;
 731                 skb->protocol = htons(ETH_P_802_2);
 732                     memset(skb->cb, 0, sizeof(skb->cb));
 733                     netif_rx(skb);
 734 #endif
 735                 return TRUE;
 736                 }
 737         }
 738         else {
 739             // Control Frame
 740         };
 741         return FALSE;
 742     }
 743     else {
 744         if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 745             //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
 746             if (BITbIsBitOff(*pbyRsr, RSR_BSSIDOK)) {
 747                 if (bDeFragRx) {
 748                     if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 749                         DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
 750                         pDevice->dev->name);
 751                     }
 752                 }
 753                 return FALSE;
 754             }
 755         }
 756         else {
 757             // discard DATA packet while not associate || BSSID error
 758             if ((pDevice->bLinkPass == FALSE) ||
 759                 BITbIsBitOff(*pbyRsr, RSR_BSSIDOK)) {
 760                 if (bDeFragRx) {
 761                     if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 762                         DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
 763                         pDevice->dev->name);
 764                     }
 765                 }
 766                 return FALSE;
 767             }
 768
 769    //mike add:station mode check eapol-key challenge--->
 770           {
 771             BYTE  Protocol_Version;    //802.1x Authentication
 772             BYTE  Packet_Type;           //802.1x Authentication
 773               if (bIsWEP)
 774                   cbIVOffset = 8;
 775               else
 776                   cbIVOffset = 0;
 777               wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
 778                           skb->data[cbIVOffset + 8 + 24 + 6 + 1];
 779               Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
 780               Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
 781              if (wEtherType == ETH_P_PAE) {         //Protocol Type in LLC-Header
 782                   if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
 783                      (Packet_Type==3)) {  //802.1x OR eapol-key challenge frame receive
 784                         bRxeapol_key = TRUE;
 785                   }
 786               }
 787           }
 788     //mike add:station mode check eapol-key challenge<---
 789         }
 790     }
 791
 792 // Data frame Handle
 793
 794     if (pDevice->bEnablePSMode) {
 795         if (IS_FC_MOREDATA((skb->data+4))) {
 796             if (BITbIsBitOn(*pbyRsr, RSR_ADDROK)) {
 797                 //PSbSendPSPOLL((PSDevice)pDevice);
 798             }
 799         }
 800         else {
 801             if (pDevice->pMgmt->bInTIMWake == TRUE) {
 802                 pDevice->pMgmt->bInTIMWake = FALSE;
 803             }
 804         }
 805     };
 806
 807     // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
 808     if (pDevice->bDiversityEnable && (FrameSize>50) &&
 809         (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
 810         (pDevice->bLinkPass == TRUE)) {
 811         //printk("device_receive_frame: RxRate is %d\n",*pbyRxRate);
 812                 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
 813     }
 814
 815
 816     if (pDevice->byLocalID != REV_ID_VT3253_B1) {
 817         pDevice->uCurrRSSI = *pbyRSSI;
 818     }
 819     pDevice->byCurrSQ = *pbySQ;
 820
 821     if ((*pbyRSSI != 0) &&
 822         (pMgmt->pCurrBSS!=NULL)) {
 823         RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
 824         // Moniter if RSSI is too strong.
 825         pMgmt->pCurrBSS->byRSSIStatCnt++;
 826         pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
 827         pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
 828         for(ii=0;ii<RSSI_STAT_COUNT;ii++) {
 829             if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
 830             pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
 831             }
 832         }
 833     }
 834
 835     // -----------------------------------------------
 836
 837     if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
 838         BYTE    abyMacHdr[24];
 839
 840         // Only 802.1x packet incoming allowed
 841         if (bIsWEP)
 842             cbIVOffset = 8;
 843         else
 844             cbIVOffset = 0;
 845         wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) |
 846                     skb->data[cbIVOffset + 4 + 24 + 6 + 1];
 847
 848             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
 849         if (wEtherType == ETH_P_PAE) {
 850             skb->dev = pDevice->apdev;
 851
 852             if (bIsWEP == TRUE) {
 853                 // strip IV header(8)
 854                 memcpy(&abyMacHdr[0], (skb->data + 4), 24);
 855                 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24);
 856             }
 857 #ifdef PRIVATE_OBJ
 858             ref_skb_add_offset(skb->skb, (cbIVOffset + 4));
 859             ref_skb_set_dev(pDevice->apdev, skb->skb);
 860             skb_put(skb->skb, FrameSize);
 861 #if     LINUX_VERSION_CODE      > KERNEL_VERSION(2,6,21)
 862                         skb->mac_header = skb->data;
 863 #else
 864                         skb->mac.raw = skb->data;
 865 #endif
 866             *(skb->pkt_type) = PACKET_OTHERHOST;
 867                 *(skb->protocol) = htons(ETH_P_802_2);
 868             memset(skb->cb, 0, sizeof(skb->cb));
 869             netif_rx(skb->skb);
 870 #else
 871             skb->data +=  (cbIVOffset + 4);
 872             skb->tail +=  (cbIVOffset + 4);
 873             skb_put(skb, FrameSize);
 874 #if     LINUX_VERSION_CODE      > KERNEL_VERSION(2,6,21)
 875            skb->mac_header = skb->data;
 876 #else
 877         skb->mac.raw = skb->data;
 878 #endif
 879
 880         skb->pkt_type = PACKET_OTHERHOST;
 881             skb->protocol = htons(ETH_P_802_2);
 882             memset(skb->cb, 0, sizeof(skb->cb));
 883             netif_rx(skb);
 884 #endif
 885             return TRUE;
 886
 887 }
 888         // check if 802.1x authorized
 889         if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
 890             return FALSE;
 891     }
 892
 893
 894     if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
 895         if (bIsWEP) {
 896             FrameSize -= 8;  //MIC
 897         }
 898     }
 899
 900     //--------------------------------------------------------------------------------
 901     // Soft MIC
 902     if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
 903         if (bIsWEP) {
 904             PDWORD          pdwMIC_L;
 905             PDWORD          pdwMIC_R;
 906             DWORD           dwMIC_Priority;
 907             DWORD           dwMICKey0 = 0, dwMICKey1 = 0;
 908             DWORD           dwLocalMIC_L = 0;
 909             DWORD           dwLocalMIC_R = 0;
 910             viawget_wpa_header *wpahdr;
 911
 912
 913             if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 914                 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
 915                 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
 916             }
 917             else {
 918                 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
 919                     dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
 920                     dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
 921                 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
 922                     dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
 923                     dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
 924                 } else {
 925                     dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
 926                     dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
 927                 }
 928             }
 929
 930             MIC_vInit(dwMICKey0, dwMICKey1);
 931             MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
 932             dwMIC_Priority = 0;
 933             MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
 934             // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
 935             MIC_vAppend((PBYTE)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8),
 936                         FrameSize - WLAN_HDR_ADDR3_LEN - 8);
 937             MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
 938             MIC_vUnInit();
 939
 940             pdwMIC_L = (PDWORD)(skb->data + 4 + FrameSize);
 941             pdwMIC_R = (PDWORD)(skb->data + 4 + FrameSize + 4);
 942             //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R));
 943             //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R));
 944             //DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1);
 945
 946
 947             if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
 948                 (pDevice->bRxMICFail == TRUE)) {
 949                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
 950                 pDevice->bRxMICFail = FALSE;
 951                 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
 952                 pDevice->s802_11Counter.TKIPLocalMICFailures++;
 953                 if (bDeFragRx) {
 954                     if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 955                         DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
 956                             pDevice->dev->name);
 957                     }
 958                 }
 959
 960 //2008-0409-07, <Add> by Einsn Liu
 961        #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
 962                                 //send event to wpa_supplicant
 963                                 //if(pDevice->bWPADevEnable == TRUE)
 964                                         {
 965                                         union iwreq_data wrqu;
 966                                         struct iw_michaelmicfailure ev;
 967                                         int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
 968                                         memset(&ev, 0, sizeof(ev));
 969                                         ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
 970                                         if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
 971                                                         (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
 972                                                                 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
 973                                                 ev.flags |= IW_MICFAILURE_PAIRWISE;
 974                                         } else {
 975                                                 ev.flags |= IW_MICFAILURE_GROUP;
 976                                         }
 977
 978                                         ev.src_addr.sa_family = ARPHRD_ETHER;
 979                                         memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
 980                                         memset(&wrqu, 0, sizeof(wrqu));
 981                                         wrqu.data.length = sizeof(ev);
 982                                         wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
 983
 984                                 }
 985          #endif
 986                 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
 987                      wpahdr = (viawget_wpa_header *)pDevice->skb->data;
 988                      if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
 989                          (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
 990                          (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
 991                          //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
 992                          wpahdr->type = VIAWGET_PTK_MIC_MSG;
 993                      } else {
 994                          //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
 995                          wpahdr->type = VIAWGET_GTK_MIC_MSG;
 996                      }
 997                      wpahdr->resp_ie_len = 0;
 998                      wpahdr->req_ie_len = 0;
 999                      skb_put(pDevice->skb, sizeof(viawget_wpa_header));
1000                      pDevice->skb->dev = pDevice->wpadev;
1001 #if     LINUX_VERSION_CODE      > KERNEL_VERSION(2,6,21)
1002                 pDevice->skb->mac_header = pDevice->skb->data;
1003 #else
1004                 pDevice->skb->mac.raw=pDevice->skb->data;
1005 #endif
1006                         pDevice->skb->pkt_type = PACKET_HOST;
1007                      pDevice->skb->protocol = htons(ETH_P_802_2);
1008                      memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
1009                      netif_rx(pDevice->skb);
1010                      pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1011                  };
1012
1013                 return FALSE;
1014
1015             }
1016         }
1017     } //---end of SOFT MIC-----------------------------------------------------------------------
1018
1019     // ++++++++++ Reply Counter Check +++++++++++++
1020
1021     if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
1022                            (pKey->byCipherSuite == KEY_CTL_CCMP))) {
1023         if (bIsWEP) {
1024             WORD        wLocalTSC15_0 = 0;
1025             DWORD       dwLocalTSC47_16 = 0;
1026             ULONGLONG       RSC = 0;
1027             // endian issues
1028             RSC = *((ULONGLONG *) &(pKey->KeyRSC));
1029             wLocalTSC15_0 = (WORD) RSC;
1030             dwLocalTSC47_16 = (DWORD) (RSC>>16);
1031
1032             RSC = dwRxTSC47_16;
1033             RSC <<= 16;
1034             RSC += wRxTSC15_0;
1035             MEMvCopy(&(pKey->KeyRSC), &RSC,  sizeof(QWORD));
1036
1037             if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
1038                  (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
1039                 // check RSC
1040                 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
1041                      (dwRxTSC47_16 <= dwLocalTSC47_16) &&
1042                      !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
1043                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
1044                     if (pKey->byCipherSuite == KEY_CTL_TKIP)
1045                         //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
1046                         pDevice->s802_11Counter.TKIPReplays++;
1047                     else
1048                         //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
1049                         pDevice->s802_11Counter.CCMPReplays++;
1050
1051                     if (bDeFragRx) {
1052                         if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1053                             DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1054                                 pDevice->dev->name);
1055                         }
1056                     }
1057                     return FALSE;
1058                 }
1059             }
1060         }
1061     } // ----- End of Reply Counter Check --------------------------
1062
1063
1064
1065     if ((pKey != NULL) && (bIsWEP)) {
1066 //      pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++;
1067     }
1068
1069
1070     s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
1071     FrameSize -= cbHeaderOffset;
1072     cbHeaderOffset += 4;        // 4 is Rcv buffer header
1073
1074     // Null data, framesize = 14
1075     if (FrameSize < 15)
1076         return FALSE;
1077
1078     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
1079         if (s_bAPModeRxData(pDevice,
1080                             skb,
1081                             FrameSize,
1082                             cbHeaderOffset,
1083                             iSANodeIndex,
1084                             iDANodeIndex
1085                             ) == FALSE) {
1086
1087             if (bDeFragRx) {
1088                 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1089                     DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1090                     pDevice->dev->name);
1091                 }
1092             }
1093             return FALSE;
1094         }
1095
1096 //        if(pDevice->bRxMICFail == FALSE) {
1097 //           for (ii =0; ii < 100; ii++)
1098 //                printk(" %02x", *(skb->data + ii));
1099 //           printk("\n");
1100 //          }
1101
1102     }
1103
1104 #ifdef PRIVATE_OBJ
1105     ref_skb_add_offset(skb->skb, cbHeaderOffset);
1106     skb_put(skb->skb, FrameSize);
1107     *(skb->protocol)=eth_type_trans(skb->skb, skb->dev);
1108
1109 #else
1110         skb->data += cbHeaderOffset;
1111         skb->tail += cbHeaderOffset;
1112     skb_put(skb, FrameSize);
1113     skb->protocol=eth_type_trans(skb, skb->dev);
1114 #endif
1115
1116
1117         //drop frame not met IEEE 802.3
1118 /*
1119         if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) {
1120 #ifdef PRIVATE_OBJ
1121                 if ((*(skb->protocol)==htons(ETH_P_802_3)) &&
1122                         (*(skb->len)!=htons(skb->mac.ethernet->h_proto))) {
1123 #else
1124                 if ((skb->protocol==htons(ETH_P_802_3)) &&
1125                         (skb->len!=htons(skb->mac.ethernet->h_proto))) {
1126 #endif
1127                         pStats->rx_length_errors++;
1128                         pStats->rx_dropped++;
1129             if (bDeFragRx) {
1130                 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1131                     DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1132                     pDevice->dev->name);
1133                 }
1134             }
1135                         return FALSE;
1136                 }
1137         }
1138 */
1139
1140 #ifdef PRIVATE_OBJ
1141     *(skb->ip_summed)=CHECKSUM_NONE;
1142     pStats->rx_bytes +=*(skb->len);
1143     pStats->rx_packets++;
1144     netif_rx(skb->skb);
1145 #else
1146     skb->ip_summed=CHECKSUM_NONE;
1147     pStats->rx_bytes +=skb->len;
1148     pStats->rx_packets++;
1149     netif_rx(skb);
1150 #endif
1151
1152     if (bDeFragRx) {
1153         if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1154             DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1155                 pDevice->dev->name);
1156         }
1157         return FALSE;
1158     }
1159     return TRUE;
1160 }
1161
1162
1163 static BOOL s_bAPModeRxCtl (
1164     IN PSDevice pDevice,
1165     IN PBYTE    pbyFrame,
1166     IN INT      iSANodeIndex
1167     )
1168 {
1169     PS802_11Header      p802_11Header;
1170     CMD_STATUS          Status;
1171     PSMgmtObject        pMgmt = pDevice->pMgmt;
1172
1173
1174     if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1175
1176         p802_11Header = (PS802_11Header) (pbyFrame);
1177         if (!IS_TYPE_MGMT(pbyFrame)) {
1178
1179             // Data & PS-Poll packet
1180             // check frame class
1181             if (iSANodeIndex > 0) {
1182                 // frame class 3 fliter & checking
1183                 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1184                     // send deauth notification
1185                     // reason = (6) class 2 received from nonauth sta
1186                     vMgrDeAuthenBeginSta(pDevice,
1187                                          pMgmt,
1188                                          (PBYTE)(p802_11Header->abyAddr2),
1189                                          (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1190                                          &Status
1191                                          );
1192                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1193                     return TRUE;
1194                 };
1195                 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1196                     // send deassoc notification
1197                     // reason = (7) class 3 received from nonassoc sta
1198                     vMgrDisassocBeginSta(pDevice,
1199                                          pMgmt,
1200                                          (PBYTE)(p802_11Header->abyAddr2),
1201                                          (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1202                                          &Status
1203                                          );
1204                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1205                     return TRUE;
1206                 };
1207
1208                 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1209                     // delcare received ps-poll event
1210                     if (IS_CTL_PSPOLL(pbyFrame)) {
1211                         pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1212                         bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1213                         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1214                     }
1215                     else {
1216                         // check Data PS state
1217                         // if PW bit off, send out all PS bufferring packets.
1218                         if (!IS_FC_POWERMGT(pbyFrame)) {
1219                             pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1220                             pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1221                             bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1222                             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1223                         }
1224                     }
1225                 }
1226                 else {
1227                    if (IS_FC_POWERMGT(pbyFrame)) {
1228                        pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1229                        // Once if STA in PS state, enable multicast bufferring
1230                        pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1231                    }
1232                    else {
1233                       // clear all pending PS frame.
1234                       if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1235                           pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1236                           pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1237                           bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1238                          DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1239
1240                       }
1241                    }
1242                 }
1243             }
1244             else {
1245                   vMgrDeAuthenBeginSta(pDevice,
1246                                        pMgmt,
1247                                        (PBYTE)(p802_11Header->abyAddr2),
1248                                        (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1249                                        &Status
1250                                        );
1251                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1252                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1253                                 p802_11Header->abyAddr3[0],
1254                                 p802_11Header->abyAddr3[1],
1255                                 p802_11Header->abyAddr3[2],
1256                                 p802_11Header->abyAddr3[3],
1257                                 p802_11Header->abyAddr3[4],
1258                                 p802_11Header->abyAddr3[5]
1259                                );
1260                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1261                                 p802_11Header->abyAddr2[0],
1262                                 p802_11Header->abyAddr2[1],
1263                                 p802_11Header->abyAddr2[2],
1264                                 p802_11Header->abyAddr2[3],
1265                                 p802_11Header->abyAddr2[4],
1266                                 p802_11Header->abyAddr2[5]
1267                                );
1268                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1269                                 p802_11Header->abyAddr1[0],
1270                                 p802_11Header->abyAddr1[1],
1271                                 p802_11Header->abyAddr1[2],
1272                                 p802_11Header->abyAddr1[3],
1273                                 p802_11Header->abyAddr1[4],
1274                                 p802_11Header->abyAddr1[5]
1275                                );
1276                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1277                     VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode));
1278                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode );
1279                     return TRUE;
1280             }
1281         }
1282     }
1283     return FALSE;
1284
1285 }
1286
1287 static BOOL s_bHandleRxEncryption (
1288     IN PSDevice     pDevice,
1289     IN PBYTE        pbyFrame,
1290     IN UINT         FrameSize,
1291     IN PBYTE        pbyRsr,
1292     OUT PBYTE       pbyNewRsr,
1293     OUT PSKeyItem   *pKeyOut,
1294     OUT PBOOL       pbExtIV,
1295     OUT PWORD       pwRxTSC15_0,
1296     OUT PDWORD      pdwRxTSC47_16
1297     )
1298 {
1299     UINT            PayloadLen = FrameSize;
1300     PBYTE           pbyIV;
1301     BYTE            byKeyIdx;
1302     PSKeyItem       pKey = NULL;
1303     BYTE            byDecMode = KEY_CTL_WEP;
1304     PSMgmtObject    pMgmt = pDevice->pMgmt;
1305
1306
1307     *pwRxTSC15_0 = 0;
1308     *pdwRxTSC47_16 = 0;
1309
1310     pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1311     if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1312          WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1313          pbyIV += 6;             // 6 is 802.11 address4
1314          PayloadLen -= 6;
1315     }
1316     byKeyIdx = (*(pbyIV+3) & 0xc0);
1317     byKeyIdx >>= 6;
1318     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1319
1320     if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1321         (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1322         (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1323         (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1324         (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1325         if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1326             (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) {
1327             // unicast pkt use pairwise key
1328             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1329             if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1330                 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP)
1331                     byDecMode = KEY_CTL_TKIP;
1332                 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP)
1333                     byDecMode = KEY_CTL_CCMP;
1334             }
1335             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1336         } else {
1337             // use group key
1338             KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1339             if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1340                 byDecMode = KEY_CTL_TKIP;
1341             else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1342                 byDecMode = KEY_CTL_CCMP;
1343             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1344         }
1345     }
1346     // our WEP only support Default Key
1347     if (pKey == NULL) {
1348         // use default group key
1349         KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1350         if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1351             byDecMode = KEY_CTL_TKIP;
1352         else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1353             byDecMode = KEY_CTL_CCMP;
1354     }
1355     *pKeyOut = pKey;
1356
1357     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1358
1359     if (pKey == NULL) {
1360         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1361         if (byDecMode == KEY_CTL_WEP) {
1362 //            pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1363         } else if (pDevice->bLinkPass == TRUE) {
1364 //            pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1365         }
1366         return FALSE;
1367     }
1368     if (byDecMode != pKey->byCipherSuite) {
1369         if (byDecMode == KEY_CTL_WEP) {
1370 //            pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1371         } else if (pDevice->bLinkPass == TRUE) {
1372 //            pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1373         }
1374         *pKeyOut = NULL;
1375         return FALSE;
1376     }
1377     if (byDecMode == KEY_CTL_WEP) {
1378         // handle WEP
1379         if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1380             (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1381             // Software WEP
1382             // 1. 3253A
1383             // 2. WEP 256
1384
1385             PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1386             MEMvCopy(pDevice->abyPRNG, pbyIV, 3);
1387             MEMvCopy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1388             rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1389             rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1390
1391             if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1392                 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1393             }
1394         }
1395     } else if ((byDecMode == KEY_CTL_TKIP) ||
1396                (byDecMode == KEY_CTL_CCMP)) {
1397         // TKIP/AES
1398
1399         PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1400         *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1401         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1402         if (byDecMode == KEY_CTL_TKIP) {
1403             *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1404         } else {
1405             *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1406         }
1407         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1408
1409         if ((byDecMode == KEY_CTL_TKIP) &&
1410             (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1411             // Software TKIP
1412             // 1. 3253 A
1413             PS802_11Header  pMACHeader = (PS802_11Header) (pbyFrame);
1414             TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1415             rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1416             rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1417             if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1418                 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1419                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1420             } else {
1421                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1422                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1423             }
1424         }
1425     }// end of TKIP/AES
1426
1427     if ((*(pbyIV+3) & 0x20) != 0)
1428         *pbExtIV = TRUE;
1429     return TRUE;
1430 }
1431
1432
1433 static BOOL s_bHostWepRxEncryption (
1434     IN PSDevice     pDevice,
1435     IN PBYTE        pbyFrame,
1436     IN UINT         FrameSize,
1437     IN PBYTE        pbyRsr,
1438     IN BOOL         bOnFly,
1439     IN PSKeyItem    pKey,
1440     OUT PBYTE       pbyNewRsr,
1441     OUT PBOOL       pbExtIV,
1442     OUT PWORD       pwRxTSC15_0,
1443     OUT PDWORD      pdwRxTSC47_16
1444     )
1445 {
1446     UINT            PayloadLen = FrameSize;
1447     PBYTE           pbyIV;
1448     BYTE            byKeyIdx;
1449     BYTE            byDecMode = KEY_CTL_WEP;
1450     PS802_11Header  pMACHeader;
1451
1452
1453
1454     *pwRxTSC15_0 = 0;
1455     *pdwRxTSC47_16 = 0;
1456
1457     pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1458     if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1459          WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1460          pbyIV += 6;             // 6 is 802.11 address4
1461          PayloadLen -= 6;
1462     }
1463     byKeyIdx = (*(pbyIV+3) & 0xc0);
1464     byKeyIdx >>= 6;
1465     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1466
1467
1468     if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1469         byDecMode = KEY_CTL_TKIP;
1470     else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1471         byDecMode = KEY_CTL_CCMP;
1472
1473     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1474
1475     if (byDecMode != pKey->byCipherSuite) {
1476         if (byDecMode == KEY_CTL_WEP) {
1477 //            pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1478         } else if (pDevice->bLinkPass == TRUE) {
1479 //            pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1480         }
1481         return FALSE;
1482     }
1483
1484     if (byDecMode == KEY_CTL_WEP) {
1485         // handle WEP
1486         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1487         if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1488             (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1489             (bOnFly == FALSE)) {
1490             // Software WEP
1491             // 1. 3253A
1492             // 2. WEP 256
1493             // 3. NotOnFly
1494
1495             PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1496             MEMvCopy(pDevice->abyPRNG, pbyIV, 3);
1497             MEMvCopy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1498             rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1499             rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1500
1501             if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1502                 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1503             }
1504         }
1505     } else if ((byDecMode == KEY_CTL_TKIP) ||
1506                (byDecMode == KEY_CTL_CCMP)) {
1507         // TKIP/AES
1508
1509         PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1510         *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1511         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1512
1513         if (byDecMode == KEY_CTL_TKIP) {
1514             *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1515         } else {
1516             *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1517         }
1518         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1519
1520         if (byDecMode == KEY_CTL_TKIP) {
1521             if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1522                 // Software TKIP
1523                 // 1. 3253 A
1524                 // 2. NotOnFly
1525                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1526                 pMACHeader = (PS802_11Header) (pbyFrame);
1527                 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1528                 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1529                 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1530                 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1531                     *pbyNewRsr |= NEWRSR_DECRYPTOK;
1532                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1533                 } else {
1534                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1535                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1536                 }
1537             }
1538         }
1539
1540         if (byDecMode == KEY_CTL_CCMP) {
1541             if (bOnFly == FALSE) {
1542                 // Software CCMP
1543                 // NotOnFly
1544                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1545                 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1546                     *pbyNewRsr |= NEWRSR_DECRYPTOK;
1547                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1548                 } else {
1549                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1550                 }
1551             }
1552         }
1553
1554     }// end of TKIP/AES
1555
1556     if ((*(pbyIV+3) & 0x20) != 0)
1557         *pbExtIV = TRUE;
1558     return TRUE;
1559 }
1560
1561
1562
1563
1564 #ifdef PRIVATE_OBJ
1565
1566 static BOOL s_bAPModeRxData (
1567     IN PSDevice pDevice,
1568     IN ref_sk_buff* skb,
1569     IN UINT     FrameSize,
1570     IN UINT     cbHeaderOffset,
1571     IN INT      iSANodeIndex,
1572     IN INT      iDANodeIndex
1573     )
1574
1575 #else
1576
1577 static BOOL s_bAPModeRxData (
1578     IN PSDevice pDevice,
1579     IN struct sk_buff* skb,
1580     IN UINT     FrameSize,
1581     IN UINT     cbHeaderOffset,
1582     IN INT      iSANodeIndex,
1583     IN INT      iDANodeIndex
1584     )
1585 #endif
1586 {
1587     PSMgmtObject        pMgmt = pDevice->pMgmt;
1588     BOOL                bRelayAndForward = FALSE;
1589     BOOL                bRelayOnly = FALSE;
1590     BYTE                byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1591     WORD                wAID;
1592 #ifdef PRIVATE_OBJ
1593     struct sk_buff* tmp_skb;
1594     ref_sk_buff     s_ref_skb;
1595     ref_sk_buff*    skbcpy = &s_ref_skb;
1596 #else
1597     struct sk_buff* skbcpy = NULL;
1598 #endif
1599
1600
1601
1602     if (FrameSize > CB_MAX_BUF_SIZE)
1603         return FALSE;
1604     // check DA
1605     if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) {
1606        if (pMgmt->sNodeDBTable[0].bPSEnable) {
1607
1608 #ifdef PRIVATE_OBJ
1609            tmp_skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1610            skbcpy = &s_ref_skb;
1611            ref_skb_remap(pDevice->dev, skbcpy, tmp_skb);
1612 #else
1613            skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1614 #endif
1615         // if any node in PS mode, buffer packet until DTIM.
1616            if (skbcpy == NULL) {
1617                DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1618            }
1619            else {
1620                skbcpy->dev = pDevice->dev;
1621 #ifdef PRIVATE_OBJ
1622                *(skbcpy->len) = FrameSize;
1623                memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1624                skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy->skb);
1625 #else
1626                skbcpy->len = FrameSize;
1627                memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1628                skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1629 #endif
1630                pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1631                // set tx map
1632                pMgmt->abyPSTxMap[0] |= byMask[0];
1633            }
1634        }
1635        else {
1636            bRelayAndForward = TRUE;
1637        }
1638     }
1639     else {
1640         // check if relay
1641         if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1642             if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1643                 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1644                     // queue this skb until next PS tx, and then release.
1645
1646 #ifdef PRIVATE_OBJ
1647                     ref_skb_add_offset(skb->skb, cbHeaderOffset);
1648                     skb_put(skb->skb, FrameSize);
1649                     skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb->skb);
1650 #else
1651                         skb->data += cbHeaderOffset;
1652                         skb->tail += cbHeaderOffset;
1653                     skb_put(skb, FrameSize);
1654                     skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1655 #endif
1656                     pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1657                     wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1658                     pMgmt->abyPSTxMap[wAID >> 3] |=  byMask[wAID & 7];
1659                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1660                                iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1661                     return TRUE;
1662                 }
1663                 else {
1664                     bRelayOnly = TRUE;
1665                 }
1666             }
1667         };
1668     }
1669
1670     if (bRelayOnly || bRelayAndForward) {
1671         // relay this packet right now
1672         if (bRelayAndForward)
1673             iDANodeIndex = 0;
1674
1675         if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1676             ROUTEbRelay(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex);
1677         }
1678
1679         if (bRelayOnly)
1680             return FALSE;
1681     }
1682     // none associate, don't forward
1683     if (pDevice->uAssocCount == 0)
1684         return FALSE;
1685
1686     return TRUE;
1687 }
1688