2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * Purpose: handle dpc rx functions
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
59 /*--------------------- Static Definitions -------------------------*/
61 /*--------------------- Static Classes ----------------------------*/
63 /*--------------------- Static Variables --------------------------*/
64 //static int msglevel =MSG_LEVEL_DEBUG;
65 static int msglevel =MSG_LEVEL_INFO;
67 const BYTE acbyRxRate[MAX_RATE] =
68 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
71 /*--------------------- Static Functions --------------------------*/
73 /*--------------------- Static Definitions -------------------------*/
75 /*--------------------- Static Functions --------------------------*/
77 static BYTE s_byGetRateIdx(BYTE byRate);
82 PBYTE pbyRxBufferAddr,
83 unsigned int *pcbHeaderSize,
84 PSEthernetHeader psEthHeader
89 s_vProcessRxMACHeader (
91 PBYTE pbyRxBufferAddr,
92 unsigned int cbPacketSize,
95 unsigned int *pcbHeadSize
98 static BOOL s_bAPModeRxCtl(
101 signed int iSANodeIndex
106 static BOOL s_bAPModeRxData (
109 unsigned int FrameSize,
110 unsigned int cbHeaderOffset,
111 signed int iSANodeIndex,
112 signed int iDANodeIndex
116 static BOOL s_bHandleRxEncryption(
119 unsigned int FrameSize,
128 static BOOL s_bHostWepRxEncryption(
132 unsigned int FrameSize,
143 /*--------------------- Export Variables --------------------------*/
148 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
153 * dwRxBufferAddr - Address of Rcv Buffer
154 * cbPacketSize - Rcv Packet size
155 * bIsWEP - If Rcv with WEP
157 * pcbHeaderSize - 802.11 header size
164 s_vProcessRxMACHeader (
166 PBYTE pbyRxBufferAddr,
167 unsigned int cbPacketSize,
170 unsigned int *pcbHeadSize
174 unsigned int cbHeaderSize = 0;
176 PS802_11Header pMACHeader;
180 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
182 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
186 // strip IV&ExtIV , add 8 byte
187 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
189 // strip IV , add 4 byte
190 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
194 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
197 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
198 if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
200 } else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
202 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
203 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
207 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
210 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
212 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
216 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
222 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
225 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
227 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
231 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
235 cbHeaderSize -= (ETH_ALEN * 2);
236 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
237 for (ii = 0; ii < ETH_ALEN; ii++)
238 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
239 for (ii = 0; ii < ETH_ALEN; ii++)
240 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
242 *pcbHeadSize = cbHeaderSize;
248 static BYTE s_byGetRateIdx(BYTE byRate)
252 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
253 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
263 PBYTE pbyRxBufferAddr,
264 unsigned int *pcbHeaderSize,
265 PSEthernetHeader psEthHeader
268 unsigned int cbHeaderSize = 0;
269 PS802_11Header pMACHeader;
272 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
274 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
275 if (pMACHeader->wFrameCtl & FC_FROMDS) {
276 for (ii = 0; ii < ETH_ALEN; ii++) {
277 psEthHeader->abyDstAddr[ii] =
278 pMACHeader->abyAddr1[ii];
279 psEthHeader->abySrcAddr[ii] =
280 pMACHeader->abyAddr3[ii];
284 for (ii = 0; ii < ETH_ALEN; ii++) {
285 psEthHeader->abyDstAddr[ii] =
286 pMACHeader->abyAddr1[ii];
287 psEthHeader->abySrcAddr[ii] =
288 pMACHeader->abyAddr2[ii];
293 if (pMACHeader->wFrameCtl & FC_FROMDS) {
294 for (ii = 0; ii < ETH_ALEN; ii++) {
295 psEthHeader->abyDstAddr[ii] =
296 pMACHeader->abyAddr3[ii];
297 psEthHeader->abySrcAddr[ii] =
298 pMACHeader->abyAddr4[ii];
302 for (ii = 0; ii < ETH_ALEN; ii++) {
303 psEthHeader->abyDstAddr[ii] =
304 pMACHeader->abyAddr3[ii];
305 psEthHeader->abySrcAddr[ii] =
306 pMACHeader->abyAddr2[ii];
310 *pcbHeaderSize = cbHeaderSize;
317 RXbBulkInProcessData (
320 unsigned long BytesToIndicate
324 struct net_device_stats* pStats=&pDevice->stats;
326 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
327 PSRxMgmtPacket pRxPacket = &(pMgmt->sRxPacket);
328 PS802_11Header p802_11Header;
334 BOOL bDeFragRx = FALSE;
335 unsigned int cbHeaderOffset;
336 unsigned int FrameSize;
338 signed int iSANodeIndex = -1;
339 signed int iDANodeIndex = -1;
341 unsigned int cbIVOffset;
346 unsigned int cbHeaderSize;
347 PSKeyItem pKey = NULL;
349 DWORD dwRxTSC47_16 = 0;
352 /* signed long ldBm = 0; */
356 PRCB pRCBIndicate = pRCB;
359 BYTE abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108};
360 WORD wPLCPwithPadding;
361 PS802_11Header pMACHeader;
362 BOOL bRxeapol_key = FALSE;
366 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n");
370 //[31:16]RcvByteCount ( not include 4-byte Status )
371 dwWbkStatus = *( (PDWORD)(skb->data) );
372 FrameSize = (unsigned int)(dwWbkStatus >> 16);
375 if (BytesToIndicate != FrameSize) {
376 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
380 if ((BytesToIndicate > 2372)||(BytesToIndicate <= 40)) {
381 // Frame Size error drop this packet.
382 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n");
386 pbyDAddress = (PBYTE)(skb->data);
387 pbyRxSts = pbyDAddress+4;
388 pbyRxRate = pbyDAddress+5;
390 //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding
391 //if SQ3 the range is 24~27, if no SQ3 the range is 20~23
392 //real Frame size in PLCPLength field.
393 pwPLCP_Length = (PWORD) (pbyDAddress + 6);
394 //Fix hardware bug => PLCP_Length error
395 if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) ||
396 ((BytesToIndicate - (*pwPLCP_Length)) < 24) ||
397 (BytesToIndicate < (*pwPLCP_Length)) ) {
399 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length);
403 for ( ii=RATE_1M;ii<MAX_RATE;ii++) {
404 if ( *pbyRxRate == abyVaildRate[ii] ) {
408 if ( ii==MAX_RATE ) {
409 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate);
413 wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4;
415 pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding);
416 if(pDevice->byBBType == BB_TYPE_11G) {
417 pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12;
421 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
424 pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9;
425 pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10;
426 pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11;
428 FrameSize = *pwPLCP_Length;
430 pbyFrame = pbyDAddress + 8;
431 // update receive statistic counter
433 STAvUpdateRDStatCounter(&pDevice->scStatistic,
443 pMACHeader = (PS802_11Header) pbyFrame;
445 //mike add: to judge if current AP is activated?
446 if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) ||
447 (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) {
448 if (pMgmt->sNodeDBTable[0].bActive) {
449 if (!compare_ether_addr(pMgmt->abyCurrBSSID, pMACHeader->abyAddr2)) {
450 if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
451 pMgmt->sNodeDBTable[0].uInActiveCount = 0;
456 if (!is_multicast_ether_addr(pMACHeader->abyAddr1) && !is_broadcast_ether_addr(pMACHeader->abyAddr1)) {
457 if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) {
458 pDevice->s802_11Counter.FrameDuplicateCount++;
462 if (compare_ether_addr(pDevice->abyCurrentNetAddr,
463 pMACHeader->abyAddr1)) {
470 s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader);
472 if (!compare_ether_addr((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]),
473 pDevice->abyCurrentNetAddr))
476 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
477 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
478 p802_11Header = (PS802_11Header) (pbyFrame);
480 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
481 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
482 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
487 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
488 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
494 if (IS_FC_WEP(pbyFrame)) {
495 BOOL bRxDecryOK = FALSE;
497 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
499 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
501 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
502 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
503 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
504 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
505 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
507 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
511 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
515 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
522 bRxDecryOK = s_bHandleRxEncryption(pDevice,
534 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
535 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
536 if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
537 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
538 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
539 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
540 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
542 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
543 pDevice->s802_11Counter.TKIPICVErrors++;
544 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
545 pDevice->s802_11Counter.CCMPDecryptErrors++;
546 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
547 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
553 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
556 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
557 FrameSize -= 8; // Message Integrity Code
559 FrameSize -= 4; // 4 is ICV
566 /* remove the FCS/CRC length */
567 FrameSize -= ETH_FCS_LEN;
569 if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) && // unicast address
570 (IS_FRAGMENT_PKT((pbyFrame)))
573 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV);
574 pDevice->s802_11Counter.ReceivedFragmentCount++;
577 // TODO skb, pbyFrame
578 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
579 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
580 pbyFrame = skb->data + 8;
588 // Management & Control frame Handle
590 if ((IS_TYPE_DATA((pbyFrame))) == FALSE) {
591 // Handle Control & Manage Frame
593 if (IS_TYPE_MGMT((pbyFrame))) {
597 pRxPacket = &(pRCB->sMngPacket);
598 pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame);
599 pRxPacket->cbMPDULen = FrameSize;
600 pRxPacket->uRSSI = *pbyRSSI;
601 pRxPacket->bySQ = *pbySQ;
602 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
603 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
606 pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame);
607 pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4;
608 for (ii = 0; ii < (FrameSize - 4); ii++) {
609 *pbyData1 = *pbyData2;
615 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
617 if ( *pbyRxSts == 0 ) {
618 //Discard beacon packet which channel is 0
619 if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) ||
620 (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) {
624 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
626 // hostap Deamon handle 802.11 management
627 if (pDevice->bEnableHostapd) {
628 skb->dev = pDevice->apdev;
633 skb_put(skb, FrameSize);
634 skb_reset_mac_header(skb);
635 skb->pkt_type = PACKET_OTHERHOST;
636 skb->protocol = htons(ETH_P_802_2);
637 memset(skb->cb, 0, sizeof(skb->cb));
643 // Insert the RCB in the Recv Mng list
645 EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate);
646 pDevice->NumRecvMngList++;
647 if ( bDeFragRx == FALSE) {
650 if (pDevice->bIsRxMngWorkItemQueued == FALSE) {
651 pDevice->bIsRxMngWorkItemQueued = TRUE;
652 tasklet_schedule(&pDevice->RxMngWorkItem);
662 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
663 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
664 if ( !(*pbyRsr & RSR_BSSIDOK)) {
666 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
667 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
675 // discard DATA packet while not associate || BSSID error
676 if ((pDevice->bLinkPass == FALSE) ||
677 !(*pbyRsr & RSR_BSSIDOK)) {
679 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
680 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
686 //mike add:station mode check eapol-key challenge--->
688 BYTE Protocol_Version; //802.1x Authentication
689 BYTE Packet_Type; //802.1x Authentication
690 BYTE Descriptor_type;
696 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
697 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
698 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
699 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
700 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
701 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
702 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive
704 Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2];
705 Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ;
706 if(Descriptor_type==2) { //RSN
707 // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info);
709 else if(Descriptor_type==254) {
710 // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info);
715 //mike add:station mode check eapol-key challenge<---
723 if (pDevice->bEnablePSMode) {
724 if (IS_FC_MOREDATA((pbyFrame))) {
725 if (*pbyRsr & RSR_ADDROK) {
726 //PSbSendPSPOLL((PSDevice)pDevice);
730 if (pMgmt->bInTIMWake == TRUE) {
731 pMgmt->bInTIMWake = FALSE;
736 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
737 if (pDevice->bDiversityEnable && (FrameSize>50) &&
738 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
739 (pDevice->bLinkPass == TRUE)) {
740 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
743 // ++++++++ For BaseBand Algorithm +++++++++++++++
744 pDevice->uCurrRSSI = *pbyRSSI;
745 pDevice->byCurrSQ = *pbySQ;
749 if ((*pbyRSSI != 0) &&
750 (pMgmt->pCurrBSS!=NULL)) {
751 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
752 // Moniter if RSSI is too strong.
753 pMgmt->pCurrBSS->byRSSIStatCnt++;
754 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
755 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
756 for (ii = 0; ii < RSSI_STAT_COUNT; ii++) {
757 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
758 pMgmt->pCurrBSS->ldBmMAX =
759 max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
766 // -----------------------------------------------
768 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
771 // Only 802.1x packet incoming allowed
776 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
777 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
779 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
780 if (wEtherType == ETH_P_PAE) {
781 skb->dev = pDevice->apdev;
783 if (bIsWEP == TRUE) {
784 // strip IV header(8)
785 memcpy(&abyMacHdr[0], (skb->data + 8), 24);
786 memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24);
789 skb->data += (cbIVOffset + 8);
790 skb->tail += (cbIVOffset + 8);
791 skb_put(skb, FrameSize);
792 skb_reset_mac_header(skb);
793 skb->pkt_type = PACKET_OTHERHOST;
794 skb->protocol = htons(ETH_P_802_2);
795 memset(skb->cb, 0, sizeof(skb->cb));
800 // check if 802.1x authorized
801 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
806 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
808 FrameSize -= 8; //MIC
812 //--------------------------------------------------------------------------------
814 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
818 DWORD dwMIC_Priority;
819 DWORD dwMICKey0 = 0, dwMICKey1 = 0;
820 DWORD dwLocalMIC_L = 0;
821 DWORD dwLocalMIC_R = 0;
822 viawget_wpa_header *wpahdr;
825 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
826 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
827 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
830 if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
831 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
832 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
833 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
834 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
835 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
837 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
838 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
842 MIC_vInit(dwMICKey0, dwMICKey1);
843 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
845 MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
846 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
847 MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8),
848 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
849 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
852 pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize);
853 pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4);
856 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
857 (pDevice->bRxMICFail == TRUE)) {
858 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
859 pDevice->bRxMICFail = FALSE;
860 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
861 pDevice->s802_11Counter.TKIPLocalMICFailures++;
863 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
864 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
868 //2008-0409-07, <Add> by Einsn Liu
869 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
870 //send event to wpa_supplicant
871 //if(pDevice->bWPASuppWextEnabled == TRUE)
873 union iwreq_data wrqu;
874 struct iw_michaelmicfailure ev;
875 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
876 memset(&ev, 0, sizeof(ev));
877 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
878 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
879 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
880 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
881 ev.flags |= IW_MICFAILURE_PAIRWISE;
883 ev.flags |= IW_MICFAILURE_GROUP;
886 ev.src_addr.sa_family = ARPHRD_ETHER;
887 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
888 memset(&wrqu, 0, sizeof(wrqu));
889 wrqu.data.length = sizeof(ev);
890 PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
891 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
897 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
898 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
899 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
900 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
901 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
902 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
903 wpahdr->type = VIAWGET_PTK_MIC_MSG;
905 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
906 wpahdr->type = VIAWGET_GTK_MIC_MSG;
908 wpahdr->resp_ie_len = 0;
909 wpahdr->req_ie_len = 0;
910 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
911 pDevice->skb->dev = pDevice->wpadev;
912 skb_reset_mac_header(pDevice->skb);
913 pDevice->skb->pkt_type = PACKET_HOST;
914 pDevice->skb->protocol = htons(ETH_P_802_2);
915 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
916 netif_rx(pDevice->skb);
917 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
924 } //---end of SOFT MIC-----------------------------------------------------------------------
926 // ++++++++++ Reply Counter Check +++++++++++++
928 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
929 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
931 WORD wLocalTSC15_0 = 0;
932 DWORD dwLocalTSC47_16 = 0;
933 unsigned long long RSC = 0;
935 RSC = *((unsigned long long *) &(pKey->KeyRSC));
936 wLocalTSC15_0 = (WORD) RSC;
937 dwLocalTSC47_16 = (DWORD) (RSC>>16);
942 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
944 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
945 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
947 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
948 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
949 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
950 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
951 if (pKey->byCipherSuite == KEY_CTL_TKIP)
952 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
953 pDevice->s802_11Counter.TKIPReplays++;
955 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
956 pDevice->s802_11Counter.CCMPReplays++;
959 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
960 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
968 } // ----- End of Reply Counter Check --------------------------
971 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
972 FrameSize -= cbHeaderOffset;
973 cbHeaderOffset += 8; // 8 is Rcv buffer header
975 // Null data, framesize = 12
979 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
980 if (s_bAPModeRxData(pDevice,
989 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
990 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
999 skb->data += cbHeaderOffset;
1000 skb->tail += cbHeaderOffset;
1001 skb_put(skb, FrameSize);
1002 skb->protocol=eth_type_trans(skb, skb->dev);
1003 skb->ip_summed=CHECKSUM_NONE;
1004 pStats->rx_bytes +=skb->len;
1005 pStats->rx_packets++;
1008 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1009 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1010 pDevice->dev->name);
1019 static BOOL s_bAPModeRxCtl (
1022 signed int iSANodeIndex
1025 PS802_11Header p802_11Header;
1027 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1030 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1032 p802_11Header = (PS802_11Header) (pbyFrame);
1033 if (!IS_TYPE_MGMT(pbyFrame)) {
1035 // Data & PS-Poll packet
1036 // check frame class
1037 if (iSANodeIndex > 0) {
1038 // frame class 3 fliter & checking
1039 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1040 // send deauth notification
1041 // reason = (6) class 2 received from nonauth sta
1042 vMgrDeAuthenBeginSta(pDevice,
1044 (PBYTE)(p802_11Header->abyAddr2),
1045 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1048 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1051 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1052 // send deassoc notification
1053 // reason = (7) class 3 received from nonassoc sta
1054 vMgrDisassocBeginSta(pDevice,
1056 (PBYTE)(p802_11Header->abyAddr2),
1057 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1060 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1064 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1065 // delcare received ps-poll event
1066 if (IS_CTL_PSPOLL(pbyFrame)) {
1067 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1068 bScheduleCommand((void *) pDevice,
1071 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1074 // check Data PS state
1075 // if PW bit off, send out all PS bufferring packets.
1076 if (!IS_FC_POWERMGT(pbyFrame)) {
1077 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1078 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1079 bScheduleCommand((void *) pDevice,
1082 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1087 if (IS_FC_POWERMGT(pbyFrame)) {
1088 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1089 // Once if STA in PS state, enable multicast bufferring
1090 pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1093 // clear all pending PS frame.
1094 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1095 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1096 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1097 bScheduleCommand((void *) pDevice,
1100 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1107 vMgrDeAuthenBeginSta(pDevice,
1109 (PBYTE)(p802_11Header->abyAddr2),
1110 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1113 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1114 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1115 p802_11Header->abyAddr3[0],
1116 p802_11Header->abyAddr3[1],
1117 p802_11Header->abyAddr3[2],
1118 p802_11Header->abyAddr3[3],
1119 p802_11Header->abyAddr3[4],
1120 p802_11Header->abyAddr3[5]
1122 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1123 p802_11Header->abyAddr2[0],
1124 p802_11Header->abyAddr2[1],
1125 p802_11Header->abyAddr2[2],
1126 p802_11Header->abyAddr2[3],
1127 p802_11Header->abyAddr2[4],
1128 p802_11Header->abyAddr2[5]
1130 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1131 p802_11Header->abyAddr1[0],
1132 p802_11Header->abyAddr1[1],
1133 p802_11Header->abyAddr1[2],
1134 p802_11Header->abyAddr1[3],
1135 p802_11Header->abyAddr1[4],
1136 p802_11Header->abyAddr1[5]
1138 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1147 static BOOL s_bHandleRxEncryption (
1150 unsigned int FrameSize,
1153 PSKeyItem * pKeyOut,
1156 PDWORD pdwRxTSC47_16
1159 unsigned int PayloadLen = FrameSize;
1162 PSKeyItem pKey = NULL;
1163 BYTE byDecMode = KEY_CTL_WEP;
1164 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1170 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1171 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1172 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1173 pbyIV += 6; // 6 is 802.11 address4
1176 byKeyIdx = (*(pbyIV+3) & 0xc0);
1178 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1180 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1181 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1182 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1183 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1184 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1185 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1186 (pMgmt->byCSSPK != KEY_CTL_NONE)) {
1187 // unicast pkt use pairwise key
1188 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1189 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1190 if (pMgmt->byCSSPK == KEY_CTL_TKIP)
1191 byDecMode = KEY_CTL_TKIP;
1192 else if (pMgmt->byCSSPK == KEY_CTL_CCMP)
1193 byDecMode = KEY_CTL_CCMP;
1195 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1198 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1199 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1200 byDecMode = KEY_CTL_TKIP;
1201 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1202 byDecMode = KEY_CTL_CCMP;
1203 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1206 // our WEP only support Default Key
1208 // use default group key
1209 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1210 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1211 byDecMode = KEY_CTL_TKIP;
1212 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1213 byDecMode = KEY_CTL_CCMP;
1217 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1220 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1221 if (byDecMode == KEY_CTL_WEP) {
1222 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1223 } else if (pDevice->bLinkPass == TRUE) {
1224 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1228 if (byDecMode != pKey->byCipherSuite) {
1229 if (byDecMode == KEY_CTL_WEP) {
1230 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1231 } else if (pDevice->bLinkPass == TRUE) {
1232 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1237 if (byDecMode == KEY_CTL_WEP) {
1239 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1240 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1245 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1246 memcpy(pDevice->abyPRNG, pbyIV, 3);
1247 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1248 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1249 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1251 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1252 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1255 } else if ((byDecMode == KEY_CTL_TKIP) ||
1256 (byDecMode == KEY_CTL_CCMP)) {
1259 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1260 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1261 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1262 if (byDecMode == KEY_CTL_TKIP) {
1263 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1265 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1267 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1269 if ((byDecMode == KEY_CTL_TKIP) &&
1270 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1273 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1274 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1275 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1276 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1277 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1278 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1279 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1281 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1282 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1287 if ((*(pbyIV+3) & 0x20) != 0)
1293 static BOOL s_bHostWepRxEncryption (
1296 unsigned int FrameSize,
1303 PDWORD pdwRxTSC47_16
1306 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1307 unsigned int PayloadLen = FrameSize;
1310 BYTE byDecMode = KEY_CTL_WEP;
1311 PS802_11Header pMACHeader;
1318 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1319 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1320 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1321 pbyIV += 6; // 6 is 802.11 address4
1324 byKeyIdx = (*(pbyIV+3) & 0xc0);
1326 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1329 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1330 byDecMode = KEY_CTL_TKIP;
1331 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1332 byDecMode = KEY_CTL_CCMP;
1334 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1336 if (byDecMode != pKey->byCipherSuite) {
1337 if (byDecMode == KEY_CTL_WEP) {
1338 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1339 } else if (pDevice->bLinkPass == TRUE) {
1340 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1345 if (byDecMode == KEY_CTL_WEP) {
1347 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1348 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1349 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1350 (bOnFly == FALSE)) {
1356 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1357 memcpy(pDevice->abyPRNG, pbyIV, 3);
1358 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1359 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1360 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1362 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1363 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1366 } else if ((byDecMode == KEY_CTL_TKIP) ||
1367 (byDecMode == KEY_CTL_CCMP)) {
1370 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1371 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1372 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1374 if (byDecMode == KEY_CTL_TKIP) {
1375 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1377 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1379 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1381 if (byDecMode == KEY_CTL_TKIP) {
1383 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1387 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1388 pMACHeader = (PS802_11Header) (pbyFrame);
1389 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1390 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1391 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1392 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1393 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1394 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1396 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1397 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1402 if (byDecMode == KEY_CTL_CCMP) {
1403 if (bOnFly == FALSE) {
1406 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1407 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1408 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1409 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1411 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1418 if ((*(pbyIV+3) & 0x20) != 0)
1425 static BOOL s_bAPModeRxData (
1427 struct sk_buff *skb,
1428 unsigned int FrameSize,
1429 unsigned int cbHeaderOffset,
1430 signed int iSANodeIndex,
1431 signed int iDANodeIndex
1435 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1436 BOOL bRelayAndForward = FALSE;
1437 BOOL bRelayOnly = FALSE;
1438 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1442 struct sk_buff* skbcpy = NULL;
1444 if (FrameSize > CB_MAX_BUF_SIZE)
1447 if (is_multicast_ether_addr((PBYTE)(skb->data+cbHeaderOffset))) {
1448 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1450 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1452 // if any node in PS mode, buffer packet until DTIM.
1453 if (skbcpy == NULL) {
1454 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1457 skbcpy->dev = pDevice->dev;
1458 skbcpy->len = FrameSize;
1459 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1460 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1461 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1463 pMgmt->abyPSTxMap[0] |= byMask[0];
1467 bRelayAndForward = TRUE;
1472 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1473 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1474 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1475 // queue this skb until next PS tx, and then release.
1477 skb->data += cbHeaderOffset;
1478 skb->tail += cbHeaderOffset;
1479 skb_put(skb, FrameSize);
1480 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1482 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1483 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1484 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1485 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1486 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1496 if (bRelayOnly || bRelayAndForward) {
1497 // relay this packet right now
1498 if (bRelayAndForward)
1501 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1502 bRelayPacketSend(pDevice, (PBYTE) (skb->data + cbHeaderOffset),
1503 FrameSize, (unsigned int) iDANodeIndex);
1509 // none associate, don't forward
1510 if (pDevice->uAssocCount == 0)
1519 void RXvWorkItem(void *Context)
1521 PSDevice pDevice = (PSDevice) Context;
1525 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n");
1526 spin_lock_irq(&pDevice->lock);
1527 while ( MP_TEST_FLAG(pDevice, fMP_POST_READS) &&
1528 MP_IS_READY(pDevice) &&
1529 (pDevice->NumRecvFreeList != 0) ) {
1530 pRCB = pDevice->FirstRecvFreeList;
1531 pDevice->NumRecvFreeList--;
1532 ASSERT(pRCB);// cannot be NULL
1533 DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList);
1534 ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB);
1536 pDevice->bIsRxWorkItemQueued = FALSE;
1537 spin_unlock_irq(&pDevice->lock);
1548 PSDevice pDevice = (PSDevice)pRCB->pDevice;
1551 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n");
1553 ASSERT(!pRCB->Ref); // should be 0
1554 ASSERT(pRCB->pDevice); // shouldn't be NULL
1556 if (bReAllocSkb == TRUE) {
1557 pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1558 // todo error handling
1559 if (pRCB->skb == NULL) {
1560 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n");
1562 pRCB->skb->dev = pDevice->dev;
1566 // Insert the RCB back in the Recv free list
1568 EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB);
1569 pDevice->NumRecvFreeList++;
1572 if (MP_TEST_FLAG(pDevice, fMP_POST_READS) && MP_IS_READY(pDevice) &&
1573 (pDevice->bIsRxWorkItemQueued == FALSE) ) {
1575 pDevice->bIsRxWorkItemQueued = TRUE;
1576 tasklet_schedule(&pDevice->ReadWorkItem);
1578 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1582 void RXvMngWorkItem(void *Context)
1584 PSDevice pDevice = (PSDevice) Context;
1586 PSRxMgmtPacket pRxPacket;
1587 BOOL bReAllocSkb = FALSE;
1589 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n");
1591 spin_lock_irq(&pDevice->lock);
1592 while (pDevice->NumRecvMngList!=0)
1594 pRCB = pDevice->FirstRecvMngList;
1595 pDevice->NumRecvMngList--;
1596 DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList);
1600 ASSERT(pRCB);// cannot be NULL
1601 pRxPacket = &(pRCB->sMngPacket);
1602 vMgrRxManagePacket((void *) pDevice, &(pDevice->sMgmtObj), pRxPacket);
1604 if(pRCB->Ref == 0) {
1605 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1606 RXvFreeRCB(pRCB, bReAllocSkb);
1608 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n");
1612 pDevice->bIsRxMngWorkItemQueued = FALSE;
1613 spin_unlock_irq(&pDevice->lock);