2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * Purpose: handle dpc rx functions
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
58 /*--------------------- Static Definitions -------------------------*/
60 /*--------------------- Static Classes ----------------------------*/
62 /*--------------------- Static Variables --------------------------*/
63 //static int msglevel =MSG_LEVEL_DEBUG;
64 static int msglevel = MSG_LEVEL_INFO;
66 const unsigned char acbyRxRate[MAX_RATE] =
67 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
69 /*--------------------- Static Functions --------------------------*/
71 /*--------------------- Static Definitions -------------------------*/
73 /*--------------------- Static Functions --------------------------*/
75 static unsigned char s_byGetRateIdx(unsigned char byRate);
78 s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize,
79 PSEthernetHeader psEthHeader);
82 s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr,
83 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV,
84 unsigned int *pcbHeadSize);
86 static bool s_bAPModeRxCtl(
88 unsigned char *pbyFrame,
92 static bool s_bAPModeRxData(
95 unsigned int FrameSize,
96 unsigned int cbHeaderOffset,
101 static bool s_bHandleRxEncryption(
103 unsigned char *pbyFrame,
104 unsigned int FrameSize,
105 unsigned char *pbyRsr,
106 unsigned char *pbyNewRsr,
109 unsigned short *pwRxTSC15_0,
110 unsigned long *pdwRxTSC47_16
113 static bool s_bHostWepRxEncryption(
116 unsigned char *pbyFrame,
117 unsigned int FrameSize,
118 unsigned char *pbyRsr,
121 unsigned char *pbyNewRsr,
123 unsigned short *pwRxTSC15_0,
124 unsigned long *pdwRxTSC47_16
128 /*--------------------- Export Variables --------------------------*/
133 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
138 * dwRxBufferAddr - Address of Rcv Buffer
139 * cbPacketSize - Rcv Packet size
140 * bIsWEP - If Rcv with WEP
142 * pcbHeaderSize - 802.11 header size
148 s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr,
149 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV,
150 unsigned int *pcbHeadSize)
152 unsigned char *pbyRxBuffer;
153 unsigned int cbHeaderSize = 0;
154 unsigned short *pwType;
155 PS802_11Header pMACHeader;
158 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
160 s_vGetDASA((unsigned char *)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
164 // strip IV&ExtIV , add 8 byte
165 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
167 // strip IV , add 4 byte
168 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
171 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
174 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize);
175 if (ether_addr_equal(pbyRxBuffer, pDevice->abySNAP_Bridgetunnel)) {
177 } else if (ether_addr_equal(pbyRxBuffer, pDevice->abySNAP_RFC1042)) {
179 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize);
180 if ((*pwType != TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
183 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize);
186 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
188 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
191 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
196 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize);
199 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
201 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
204 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
208 cbHeaderSize -= (ETH_ALEN * 2);
209 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize);
210 for (ii = 0; ii < ETH_ALEN; ii++)
211 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
212 for (ii = 0; ii < ETH_ALEN; ii++)
213 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
215 *pcbHeadSize = cbHeaderSize;
218 static unsigned char s_byGetRateIdx(unsigned char byRate)
220 unsigned char byRateIdx;
222 for (byRateIdx = 0; byRateIdx < MAX_RATE; byRateIdx++) {
223 if (acbyRxRate[byRateIdx % MAX_RATE] == byRate)
230 s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize,
231 PSEthernetHeader psEthHeader)
233 unsigned int cbHeaderSize = 0;
234 PS802_11Header pMACHeader;
237 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
239 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
240 if (pMACHeader->wFrameCtl & FC_FROMDS) {
241 for (ii = 0; ii < ETH_ALEN; ii++) {
242 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
243 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
247 for (ii = 0; ii < ETH_ALEN; ii++) {
248 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
249 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
254 if (pMACHeader->wFrameCtl & FC_FROMDS) {
255 for (ii = 0; ii < ETH_ALEN; ii++) {
256 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
257 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
261 for (ii = 0; ii < ETH_ALEN; ii++) {
262 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
263 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
267 *pcbHeaderSize = cbHeaderSize;
272 void MngWorkItem(void *Context)
274 PSRxMgmtPacket pRxMgmtPacket;
275 PSDevice pDevice = (PSDevice) Context;
277 spin_lock_irq(&pDevice->lock);
278 while (pDevice->rxManeQueue.packet_num != 0) {
279 pRxMgmtPacket = DeQueue(pDevice);
280 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket);
282 spin_unlock_irq(&pDevice->lock);
288 device_receive_frame(
293 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo;
294 struct net_device_stats *pStats = &pDevice->stats;
296 PSMgmtObject pMgmt = pDevice->pMgmt;
297 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket);
298 PS802_11Header p802_11Header;
299 unsigned char *pbyRsr;
300 unsigned char *pbyNewRsr;
301 unsigned char *pbyRSSI;
303 unsigned short *pwFrameSize;
304 unsigned char *pbyFrame;
305 bool bDeFragRx = false;
307 unsigned int cbHeaderOffset;
308 unsigned int FrameSize;
309 unsigned short wEtherType = 0;
310 int iSANodeIndex = -1;
311 int iDANodeIndex = -1;
313 unsigned int cbIVOffset;
315 unsigned char *pbyRxSts;
316 unsigned char *pbyRxRate;
317 unsigned char *pbySQ;
318 unsigned int cbHeaderSize;
319 PSKeyItem pKey = NULL;
320 unsigned short wRxTSC15_0 = 0;
321 unsigned long dwRxTSC47_16 = 0;
324 unsigned long dwDuration = 0;
326 long ldBmThreshold = 0;
327 PS802_11Header pMACHeader;
328 bool bRxeapol_key = false;
330 // DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- device_receive_frame---\n");
336 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma,
337 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE);
340 pwFrameSize = (unsigned short *)(skb->data + 2);
341 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount);
343 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
344 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
345 if ((FrameSize > 2364) || (FrameSize <= 32)) {
346 // Frame Size error drop this packet.
347 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 1 \n");
351 pbyRxSts = (unsigned char *)(skb->data);
352 pbyRxRate = (unsigned char *)(skb->data + 1);
353 pbyRsr = (unsigned char *)(skb->data + FrameSize - 1);
354 pbyRSSI = (unsigned char *)(skb->data + FrameSize - 2);
355 pbyNewRsr = (unsigned char *)(skb->data + FrameSize - 3);
356 pbySQ = (unsigned char *)(skb->data + FrameSize - 4);
357 pqwTSFTime = (PQWORD)(skb->data + FrameSize - 12);
358 pbyFrame = (unsigned char *)(skb->data + 4);
361 FrameSize = cpu_to_le16(*pwFrameSize);
363 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC
365 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2 \n");
370 // update receive statistic counter
371 STAvUpdateRDStatCounter(&pDevice->scStatistic,
380 pMACHeader = (PS802_11Header)((unsigned char *)(skb->data) + 8);
382 if (pDevice->bMeasureInProgress) {
383 if ((*pbyRsr & RSR_CRCOK) != 0) {
384 pDevice->byBasicMap |= 0x01;
386 dwDuration = (FrameSize << 4);
387 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE];
388 if (*pbyRxRate <= RATE_11M) {
389 if (*pbyRxSts & 0x01) {
399 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
401 for (ii = 7; ii > 0;) {
402 if (ldBm > ldBmThreshold) {
408 pDevice->dwRPIs[ii] += dwDuration;
412 if (!is_multicast_ether_addr(pbyFrame)) {
413 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header)(skb->data + 4))) {
414 pDevice->s802_11Counter.FrameDuplicateCount++;
420 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader);
422 // filter packet send from myself
423 if (ether_addr_equal(pDevice->sRxEthHeader.abySrcAddr,
424 pDevice->abyCurrentNetAddr))
427 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
428 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
429 p802_11Header = (PS802_11Header)(pbyFrame);
431 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(p802_11Header->abyAddr2), &iSANodeIndex)) {
432 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
433 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
438 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
439 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex)) {
444 if (IS_FC_WEP(pbyFrame)) {
445 bool bRxDecryOK = false;
447 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx WEP pkt\n");
449 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
451 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
452 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
453 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
454 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
455 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
457 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
461 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
465 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
472 bRxDecryOK = s_bHandleRxEncryption(pDevice,
484 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
485 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV Fail\n");
486 if ((pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
487 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
488 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
489 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
490 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
491 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
492 pDevice->s802_11Counter.TKIPICVErrors++;
493 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
494 pDevice->s802_11Counter.CCMPDecryptErrors++;
495 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
496 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
502 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "WEP Func Fail\n");
505 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
506 FrameSize -= 8; // Message Integrity Code
508 FrameSize -= 4; // 4 is ICV
514 //remove the CRC length
515 FrameSize -= ETH_FCS_LEN;
517 if ((!(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address
518 (IS_FRAGMENT_PKT((skb->data+4)))
521 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header)(skb->data+4), FrameSize, bIsWEP, bExtIV);
522 pDevice->s802_11Counter.ReceivedFragmentCount++;
525 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
526 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
533 // Management & Control frame Handle
534 if ((IS_TYPE_DATA((skb->data+4))) == false) {
535 // Handle Control & Manage Frame
537 if (IS_TYPE_MGMT((skb->data+4))) {
538 unsigned char *pbyData1;
539 unsigned char *pbyData2;
541 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4);
542 pRxPacket->cbMPDULen = FrameSize;
543 pRxPacket->uRSSI = *pbyRSSI;
544 pRxPacket->bySQ = *pbySQ;
545 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
546 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
549 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4);
550 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4;
551 for (ii = 0; ii < (FrameSize - 4); ii++) {
552 *pbyData1 = *pbyData2;
557 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
558 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
560 //EnQueue(pDevice,pRxPacket);
563 EnQueue(pDevice, pRxPacket);
565 //up(&pDevice->mlme_semaphore);
566 //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt);
570 EnQueue(pDevice, pRxPacket);
571 tasklet_schedule(&pDevice->RxMngWorkItem);
573 vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket);
574 //tasklet_schedule(&pDevice->RxMngWorkItem);
579 //vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket);
580 // hostap Deamon handle 802.11 management
581 if (pDevice->bEnableHostapd) {
582 skb->dev = pDevice->apdev;
585 skb_put(skb, FrameSize);
586 skb_reset_mac_header(skb);
587 skb->pkt_type = PACKET_OTHERHOST;
588 skb->protocol = htons(ETH_P_802_2);
589 memset(skb->cb, 0, sizeof(skb->cb));
598 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
599 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
600 if (!(*pbyRsr & RSR_BSSIDOK)) {
602 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
603 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
610 // discard DATA packet while not associate || BSSID error
611 if (!pDevice->bLinkPass || !(*pbyRsr & RSR_BSSIDOK)) {
613 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
614 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
620 //mike add:station mode check eapol-key challenge--->
622 unsigned char Protocol_Version; //802.1x Authentication
623 unsigned char Packet_Type; //802.1x Authentication
628 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
629 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
630 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1];
631 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1 + 1];
632 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
633 if (((Protocol_Version == 1) || (Protocol_Version == 2)) &&
634 (Packet_Type == 3)) { //802.1x OR eapol-key challenge frame receive
639 //mike add:station mode check eapol-key challenge<---
645 if (pDevice->bEnablePSMode) {
646 if (IS_FC_MOREDATA((skb->data+4))) {
647 if (*pbyRsr & RSR_ADDROK) {
648 //PSbSendPSPOLL((PSDevice)pDevice);
651 if (pDevice->pMgmt->bInTIMWake == true) {
652 pDevice->pMgmt->bInTIMWake = false;
657 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
658 if (pDevice->bDiversityEnable && (FrameSize > 50) &&
659 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
660 pDevice->bLinkPass) {
661 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
664 if (pDevice->byLocalID != REV_ID_VT3253_B1) {
665 pDevice->uCurrRSSI = *pbyRSSI;
667 pDevice->byCurrSQ = *pbySQ;
669 if ((*pbyRSSI != 0) &&
670 (pMgmt->pCurrBSS != NULL)) {
671 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
672 // Monitor if RSSI is too strong.
673 pMgmt->pCurrBSS->byRSSIStatCnt++;
674 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
675 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
676 for (ii = 0; ii < RSSI_STAT_COUNT; ii++) {
677 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
678 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
683 // -----------------------------------------------
685 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && pDevice->bEnable8021x) {
686 unsigned char abyMacHdr[24];
688 // Only 802.1x packet incoming allowed
693 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) |
694 skb->data[cbIVOffset + 4 + 24 + 6 + 1];
696 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wEtherType = %04x \n", wEtherType);
697 if (wEtherType == ETH_P_PAE) {
698 skb->dev = pDevice->apdev;
701 // strip IV header(8)
702 memcpy(&abyMacHdr[0], (skb->data + 4), 24);
703 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24);
705 skb->data += (cbIVOffset + 4);
706 skb->tail += (cbIVOffset + 4);
707 skb_put(skb, FrameSize);
708 skb_reset_mac_header(skb);
710 skb->pkt_type = PACKET_OTHERHOST;
711 skb->protocol = htons(ETH_P_802_2);
712 memset(skb->cb, 0, sizeof(skb->cb));
717 // check if 802.1x authorized
718 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
722 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
724 FrameSize -= 8; //MIC
728 //--------------------------------------------------------------------------------
730 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
734 __le32 dwMIC_Priority;
735 __le32 dwMICKey0 = 0, dwMICKey1 = 0;
736 u32 dwLocalMIC_L = 0;
737 u32 dwLocalMIC_R = 0;
738 viawget_wpa_header *wpahdr;
740 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
741 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[24]));
742 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[28]));
744 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
745 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[16]));
746 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[20]));
747 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
748 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[16]));
749 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[20]));
751 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[24]));
752 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[28]));
756 MIC_vInit(dwMICKey0, dwMICKey1);
757 MIC_vAppend((unsigned char *)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
759 MIC_vAppend((unsigned char *)&dwMIC_Priority, 4);
760 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
761 MIC_vAppend((unsigned char *)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8),
762 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
763 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
766 pdwMIC_L = (__le32 *)(skb->data + 4 + FrameSize);
767 pdwMIC_R = (__le32 *)(skb->data + 4 + FrameSize + 4);
768 //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R));
769 //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R));
770 //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1);
772 if ((le32_to_cpu(*pdwMIC_L) != dwLocalMIC_L) ||
773 (le32_to_cpu(*pdwMIC_R) != dwLocalMIC_R) ||
774 pDevice->bRxMICFail) {
775 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "MIC comparison is fail!\n");
776 pDevice->bRxMICFail = false;
777 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
778 pDevice->s802_11Counter.TKIPLocalMICFailures++;
780 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
781 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
785 //2008-0409-07, <Add> by Einsn Liu
786 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
787 //send event to wpa_supplicant
789 union iwreq_data wrqu;
790 struct iw_michaelmicfailure ev;
791 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
792 memset(&ev, 0, sizeof(ev));
793 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
794 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
795 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
796 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
797 ev.flags |= IW_MICFAILURE_PAIRWISE;
799 ev.flags |= IW_MICFAILURE_GROUP;
802 ev.src_addr.sa_family = ARPHRD_ETHER;
803 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
804 memset(&wrqu, 0, sizeof(wrqu));
805 wrqu.data.length = sizeof(ev);
806 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
811 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
812 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
813 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
814 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
815 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
816 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
817 wpahdr->type = VIAWGET_PTK_MIC_MSG;
819 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
820 wpahdr->type = VIAWGET_GTK_MIC_MSG;
822 wpahdr->resp_ie_len = 0;
823 wpahdr->req_ie_len = 0;
824 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
825 pDevice->skb->dev = pDevice->wpadev;
826 skb_reset_mac_header(pDevice->skb);
827 pDevice->skb->pkt_type = PACKET_HOST;
828 pDevice->skb->protocol = htons(ETH_P_802_2);
829 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
830 netif_rx(pDevice->skb);
831 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
838 } //---end of SOFT MIC-----------------------------------------------------------------------
840 // ++++++++++ Reply Counter Check +++++++++++++
842 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
843 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
845 unsigned short wLocalTSC15_0 = 0;
846 unsigned long dwLocalTSC47_16 = 0;
847 unsigned long long RSC = 0;
849 RSC = *((unsigned long long *)&(pKey->KeyRSC));
850 wLocalTSC15_0 = (unsigned short)RSC;
851 dwLocalTSC47_16 = (unsigned long)(RSC>>16);
856 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
858 if ((pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
859 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
861 if ((wRxTSC15_0 < wLocalTSC15_0) &&
862 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
863 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
864 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC is illegal~~!\n ");
865 if (pKey->byCipherSuite == KEY_CTL_TKIP)
866 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
867 pDevice->s802_11Counter.TKIPReplays++;
869 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
870 pDevice->s802_11Counter.CCMPReplays++;
873 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
874 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
882 } // ----- End of Reply Counter Check --------------------------
884 if ((pKey != NULL) && (bIsWEP)) {
885 // pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++;
888 s_vProcessRxMACHeader(pDevice, (unsigned char *)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
889 FrameSize -= cbHeaderOffset;
890 cbHeaderOffset += 4; // 4 is Rcv buffer header
892 // Null data, framesize = 14
896 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
897 if (!s_bAPModeRxData(pDevice,
905 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
906 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
914 skb->data += cbHeaderOffset;
915 skb->tail += cbHeaderOffset;
916 skb_put(skb, FrameSize);
917 skb->protocol = eth_type_trans(skb, skb->dev);
919 //drop frame not met IEEE 802.3
921 if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) {
922 if ((skb->protocol==htons(ETH_P_802_3)) &&
923 (skb->len!=htons(skb->mac.ethernet->h_proto))) {
924 pStats->rx_length_errors++;
925 pStats->rx_dropped++;
927 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
928 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
937 skb->ip_summed = CHECKSUM_NONE;
938 pStats->rx_bytes += skb->len;
939 pStats->rx_packets++;
943 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
944 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
953 static bool s_bAPModeRxCtl(
955 unsigned char *pbyFrame,
959 PS802_11Header p802_11Header;
961 PSMgmtObject pMgmt = pDevice->pMgmt;
963 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
964 p802_11Header = (PS802_11Header)(pbyFrame);
965 if (!IS_TYPE_MGMT(pbyFrame)) {
966 // Data & PS-Poll packet
968 if (iSANodeIndex > 0) {
969 // frame class 3 fliter & checking
970 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
971 // send deauth notification
972 // reason = (6) class 2 received from nonauth sta
973 vMgrDeAuthenBeginSta(pDevice,
975 (unsigned char *)(p802_11Header->abyAddr2),
976 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
979 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
982 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
983 // send deassoc notification
984 // reason = (7) class 3 received from nonassoc sta
985 vMgrDisassocBeginSta(pDevice,
987 (unsigned char *)(p802_11Header->abyAddr2),
988 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
991 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
995 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
996 // delcare received ps-poll event
997 if (IS_CTL_PSPOLL(pbyFrame)) {
998 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
999 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1000 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1002 // check Data PS state
1003 // if PW bit off, send out all PS bufferring packets.
1004 if (!IS_FC_POWERMGT(pbyFrame)) {
1005 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false;
1006 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
1007 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1008 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1012 if (IS_FC_POWERMGT(pbyFrame)) {
1013 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = true;
1014 // Once if STA in PS state, enable multicast bufferring
1015 pMgmt->sNodeDBTable[0].bPSEnable = true;
1017 // clear all pending PS frame.
1018 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1019 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false;
1020 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
1021 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1022 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1028 vMgrDeAuthenBeginSta(pDevice,
1030 (unsigned char *)(p802_11Header->abyAddr2),
1031 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1034 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1035 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%pM\n",
1036 p802_11Header->abyAddr3);
1037 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%pM\n",
1038 p802_11Header->abyAddr2);
1039 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%pM\n",
1040 p802_11Header->abyAddr1);
1041 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl);
1042 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode));
1043 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode);
1051 static bool s_bHandleRxEncryption(
1053 unsigned char *pbyFrame,
1054 unsigned int FrameSize,
1055 unsigned char *pbyRsr,
1056 unsigned char *pbyNewRsr,
1059 unsigned short *pwRxTSC15_0,
1060 unsigned long *pdwRxTSC47_16
1063 unsigned int PayloadLen = FrameSize;
1064 unsigned char *pbyIV;
1065 unsigned char byKeyIdx;
1066 PSKeyItem pKey = NULL;
1067 unsigned char byDecMode = KEY_CTL_WEP;
1068 PSMgmtObject pMgmt = pDevice->pMgmt;
1073 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1074 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) &&
1075 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) {
1076 pbyIV += 6; // 6 is 802.11 address4
1079 byKeyIdx = (*(pbyIV+3) & 0xc0);
1081 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "\nKeyIdx: %d\n", byKeyIdx);
1083 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1084 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1085 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1086 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1087 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1088 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1089 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) {
1090 // unicast pkt use pairwise key
1091 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "unicast pkt\n");
1092 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == true) {
1093 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP)
1094 byDecMode = KEY_CTL_TKIP;
1095 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP)
1096 byDecMode = KEY_CTL_CCMP;
1098 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "unicast pkt: %d, %p\n", byDecMode, pKey);
1101 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1102 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1103 byDecMode = KEY_CTL_TKIP;
1104 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1105 byDecMode = KEY_CTL_CCMP;
1106 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1109 // our WEP only support Default Key
1111 // use default group key
1112 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1113 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1114 byDecMode = KEY_CTL_TKIP;
1115 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1116 byDecMode = KEY_CTL_CCMP;
1120 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1123 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "pKey == NULL\n");
1124 if (byDecMode == KEY_CTL_WEP) {
1125 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1126 } else if (pDevice->bLinkPass) {
1127 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1131 if (byDecMode != pKey->byCipherSuite) {
1132 if (byDecMode == KEY_CTL_WEP) {
1133 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1134 } else if (pDevice->bLinkPass) {
1135 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1140 if (byDecMode == KEY_CTL_WEP) {
1142 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1143 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true)) {
1148 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1149 memcpy(pDevice->abyPRNG, pbyIV, 3);
1150 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1151 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1152 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1154 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1155 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1158 } else if ((byDecMode == KEY_CTL_TKIP) ||
1159 (byDecMode == KEY_CTL_CCMP)) {
1162 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1163 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4));
1164 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ExtIV: %lx\n", *pdwRxTSC47_16);
1165 if (byDecMode == KEY_CTL_TKIP) {
1166 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV + 2), *pbyIV));
1168 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV);
1170 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC0_15: %x\n", *pwRxTSC15_0);
1172 if ((byDecMode == KEY_CTL_TKIP) &&
1173 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1176 PS802_11Header pMACHeader = (PS802_11Header)(pbyFrame);
1177 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1178 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1179 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1180 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1181 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1182 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV OK!\n");
1184 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV FAIL!!!\n");
1185 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "PayloadLen = %d\n", PayloadLen);
1190 if ((*(pbyIV+3) & 0x20) != 0)
1195 static bool s_bHostWepRxEncryption(
1197 unsigned char *pbyFrame,
1198 unsigned int FrameSize,
1199 unsigned char *pbyRsr,
1202 unsigned char *pbyNewRsr,
1204 unsigned short *pwRxTSC15_0,
1205 unsigned long *pdwRxTSC47_16
1208 unsigned int PayloadLen = FrameSize;
1209 unsigned char *pbyIV;
1210 unsigned char byKeyIdx;
1211 unsigned char byDecMode = KEY_CTL_WEP;
1212 PS802_11Header pMACHeader;
1217 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1218 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) &&
1219 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) {
1220 pbyIV += 6; // 6 is 802.11 address4
1223 byKeyIdx = (*(pbyIV+3) & 0xc0);
1225 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "\nKeyIdx: %d\n", byKeyIdx);
1227 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1228 byDecMode = KEY_CTL_TKIP;
1229 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1230 byDecMode = KEY_CTL_CCMP;
1232 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1234 if (byDecMode != pKey->byCipherSuite) {
1235 if (byDecMode == KEY_CTL_WEP) {
1236 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1237 } else if (pDevice->bLinkPass) {
1238 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1243 if (byDecMode == KEY_CTL_WEP) {
1245 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "byDecMode == KEY_CTL_WEP \n");
1246 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1247 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true) ||
1254 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1255 memcpy(pDevice->abyPRNG, pbyIV, 3);
1256 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1257 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1258 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1260 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1261 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1264 } else if ((byDecMode == KEY_CTL_TKIP) ||
1265 (byDecMode == KEY_CTL_CCMP)) {
1268 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1269 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4));
1270 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ExtIV: %lx\n", *pdwRxTSC47_16);
1272 if (byDecMode == KEY_CTL_TKIP) {
1273 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1275 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV);
1277 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC0_15: %x\n", *pwRxTSC15_0);
1279 if (byDecMode == KEY_CTL_TKIP) {
1280 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || !bOnFly) {
1284 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "soft KEY_CTL_TKIP \n");
1285 pMACHeader = (PS802_11Header)(pbyFrame);
1286 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1287 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1288 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1289 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1290 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1291 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV OK!\n");
1293 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV FAIL!!!\n");
1294 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "PayloadLen = %d\n", PayloadLen);
1299 if (byDecMode == KEY_CTL_CCMP) {
1303 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "soft KEY_CTL_CCMP\n");
1304 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1305 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1306 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "CCMP MIC compare OK!\n");
1308 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "CCMP MIC fail!\n");
1315 if ((*(pbyIV+3) & 0x20) != 0)
1320 static bool s_bAPModeRxData(
1322 struct sk_buff *skb,
1323 unsigned int FrameSize,
1324 unsigned int cbHeaderOffset,
1329 PSMgmtObject pMgmt = pDevice->pMgmt;
1330 bool bRelayAndForward = false;
1331 bool bRelayOnly = false;
1332 unsigned char byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1333 unsigned short wAID;
1335 struct sk_buff *skbcpy = NULL;
1337 if (FrameSize > CB_MAX_BUF_SIZE)
1340 if (is_multicast_ether_addr((unsigned char *)(skb->data+cbHeaderOffset))) {
1341 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1342 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1344 // if any node in PS mode, buffer packet until DTIM.
1345 if (skbcpy == NULL) {
1346 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1348 skbcpy->dev = pDevice->dev;
1349 skbcpy->len = FrameSize;
1350 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1351 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1353 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1355 pMgmt->abyPSTxMap[0] |= byMask[0];
1358 bRelayAndForward = true;
1362 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1363 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1364 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1365 // queue this skb until next PS tx, and then release.
1367 skb->data += cbHeaderOffset;
1368 skb->tail += cbHeaderOffset;
1369 skb_put(skb, FrameSize);
1370 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1371 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1372 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1373 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1374 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1375 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1384 if (bRelayOnly || bRelayAndForward) {
1385 // relay this packet right now
1386 if (bRelayAndForward)
1389 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1390 ROUTEbRelay(pDevice, (unsigned char *)(skb->data + cbHeaderOffset), FrameSize, (unsigned int)iDANodeIndex);
1396 // none associate, don't forward
1397 if (pDevice->uAssocCount == 0)
projects / cascardo / linux.git / blob