dpc.c revision 1208f14a37fde2669b86bf1b1cd1122ad2ba3579
1/* 2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. 3 * All rights reserved. 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License along 16 * with this program; if not, write to the Free Software Foundation, Inc., 17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * File: dpc.c 20 * 21 * Purpose: handle dpc rx functions 22 * 23 * Author: Lyndon Chen 24 * 25 * Date: May 20, 2003 26 * 27 * Functions: 28 * device_receive_frame - Rcv 802.11 frame function 29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl. 30 * s_bAPModeRxData- AP Rcv data frame handle 31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly 32 * s_bHostWepRxEncryption- Rcv encrypted data via host 33 * s_byGetRateIdx- get rate index 34 * s_vGetDASA- get data offset 35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 36 * 37 * Revision History: 38 * 39 */ 40 41#include "device.h" 42#include "rxtx.h" 43#include "tether.h" 44#include "card.h" 45#include "bssdb.h" 46#include "mac.h" 47#include "baseband.h" 48#include "michael.h" 49#include "tkip.h" 50#include "tcrc.h" 51#include "wctl.h" 52#include "wroute.h" 53#include "hostap.h" 54#include "rf.h" 55#include "iowpa.h" 56#include "aes_ccmp.h" 57 58/*--------------------- Static Definitions -------------------------*/ 59 60/*--------------------- Static Classes ----------------------------*/ 61 62/*--------------------- Static Variables --------------------------*/ 63//static int msglevel =MSG_LEVEL_DEBUG; 64static int msglevel = MSG_LEVEL_INFO; 65 66const unsigned char acbyRxRate[MAX_RATE] = 67{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; 68 69/*--------------------- Static Functions --------------------------*/ 70 71/*--------------------- Static Definitions -------------------------*/ 72 73/*--------------------- Static Functions --------------------------*/ 74 75static unsigned char s_byGetRateIdx(unsigned char byRate); 76 77static void 78s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize, 79 PSEthernetHeader psEthHeader); 80 81static void 82s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr, 83 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV, 84 unsigned int *pcbHeadSize); 85 86static bool s_bAPModeRxCtl( 87 PSDevice pDevice, 88 unsigned char *pbyFrame, 89 int iSANodeIndex 90); 91 92static bool s_bAPModeRxData( 93 PSDevice pDevice, 94 struct sk_buff *skb, 95 unsigned int FrameSize, 96 unsigned int cbHeaderOffset, 97 int iSANodeIndex, 98 int iDANodeIndex 99); 100 101static bool s_bHandleRxEncryption( 102 PSDevice pDevice, 103 unsigned char *pbyFrame, 104 unsigned int FrameSize, 105 unsigned char *pbyRsr, 106 unsigned char *pbyNewRsr, 107 PSKeyItem *pKeyOut, 108 bool *pbExtIV, 109 unsigned short *pwRxTSC15_0, 110 unsigned long *pdwRxTSC47_16 111); 112 113static bool s_bHostWepRxEncryption( 114 115 PSDevice pDevice, 116 unsigned char *pbyFrame, 117 unsigned int FrameSize, 118 unsigned char *pbyRsr, 119 bool bOnFly, 120 PSKeyItem pKey, 121 unsigned char *pbyNewRsr, 122 bool *pbExtIV, 123 unsigned short *pwRxTSC15_0, 124 unsigned long *pdwRxTSC47_16 125 126); 127 128/*--------------------- Export Variables --------------------------*/ 129 130/*+ 131 * 132 * Description: 133 * Translate Rcv 802.11 header to 802.3 header with Rx buffer 134 * 135 * Parameters: 136 * In: 137 * pDevice 138 * dwRxBufferAddr - Address of Rcv Buffer 139 * cbPacketSize - Rcv Packet size 140 * bIsWEP - If Rcv with WEP 141 * Out: 142 * pcbHeaderSize - 802.11 header size 143 * 144 * Return Value: None 145 * 146 -*/ 147static void 148s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr, 149 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV, 150 unsigned int *pcbHeadSize) 151{ 152 unsigned char *pbyRxBuffer; 153 unsigned int cbHeaderSize = 0; 154 unsigned short *pwType; 155 PS802_11Header pMACHeader; 156 int ii; 157 158 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 159 160 s_vGetDASA((unsigned char *)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); 161 162 if (bIsWEP) { 163 if (bExtIV) { 164 // strip IV&ExtIV , add 8 byte 165 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); 166 } else { 167 // strip IV , add 4 byte 168 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); 169 } 170 } else { 171 cbHeaderSize += WLAN_HDR_ADDR3_LEN; 172 }; 173 174 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize); 175 if (ether_addr_equal(pbyRxBuffer, pDevice->abySNAP_Bridgetunnel)) { 176 cbHeaderSize += 6; 177 } else if (ether_addr_equal(pbyRxBuffer, pDevice->abySNAP_RFC1042)) { 178 cbHeaderSize += 6; 179 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 180 if ((*pwType != TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) { 181 } else { 182 cbHeaderSize -= 8; 183 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 184 if (bIsWEP) { 185 if (bExtIV) { 186 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 187 } else { 188 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 189 } 190 } else { 191 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 192 } 193 } 194 } else { 195 cbHeaderSize -= 2; 196 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 197 if (bIsWEP) { 198 if (bExtIV) { 199 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 200 } else { 201 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 202 } 203 } else { 204 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 205 } 206 } 207 208 cbHeaderSize -= (ETH_ALEN * 2); 209 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize); 210 for (ii = 0; ii < ETH_ALEN; ii++) 211 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; 212 for (ii = 0; ii < ETH_ALEN; ii++) 213 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; 214 215 *pcbHeadSize = cbHeaderSize; 216} 217 218static unsigned char s_byGetRateIdx(unsigned char byRate) 219{ 220 unsigned char byRateIdx; 221 222 for (byRateIdx = 0; byRateIdx < MAX_RATE; byRateIdx++) { 223 if (acbyRxRate[byRateIdx % MAX_RATE] == byRate) 224 return byRateIdx; 225 } 226 return 0; 227} 228 229static void 230s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize, 231 PSEthernetHeader psEthHeader) 232{ 233 unsigned int cbHeaderSize = 0; 234 PS802_11Header pMACHeader; 235 int ii; 236 237 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 238 239 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { 240 if (pMACHeader->wFrameCtl & FC_FROMDS) { 241 for (ii = 0; ii < ETH_ALEN; ii++) { 242 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 243 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii]; 244 } 245 } else { 246 // IBSS mode 247 for (ii = 0; ii < ETH_ALEN; ii++) { 248 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 249 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 250 } 251 } 252 } else { 253 // Is AP mode.. 254 if (pMACHeader->wFrameCtl & FC_FROMDS) { 255 for (ii = 0; ii < ETH_ALEN; ii++) { 256 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 257 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii]; 258 cbHeaderSize += 6; 259 } 260 } else { 261 for (ii = 0; ii < ETH_ALEN; ii++) { 262 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 263 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 264 } 265 } 266 }; 267 *pcbHeaderSize = cbHeaderSize; 268} 269 270//PLICE_DEBUG -> 271 272void MngWorkItem(void *Context) 273{ 274 PSRxMgmtPacket pRxMgmtPacket; 275 PSDevice pDevice = (PSDevice) Context; 276 277 spin_lock_irq(&pDevice->lock); 278 while (pDevice->rxManeQueue.packet_num != 0) { 279 pRxMgmtPacket = DeQueue(pDevice); 280 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket); 281 } 282 spin_unlock_irq(&pDevice->lock); 283} 284 285//PLICE_DEBUG<- 286 287bool 288device_receive_frame( 289 PSDevice pDevice, 290 PSRxDesc pCurrRD 291) 292{ 293 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo; 294 struct net_device_stats *pStats = &pDevice->stats; 295 struct sk_buff *skb; 296 PSMgmtObject pMgmt = pDevice->pMgmt; 297 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket); 298 PS802_11Header p802_11Header; 299 unsigned char *pbyRsr; 300 unsigned char *pbyNewRsr; 301 unsigned char *pbyRSSI; 302 PQWORD pqwTSFTime; 303 unsigned short *pwFrameSize; 304 unsigned char *pbyFrame; 305 bool bDeFragRx = false; 306 bool bIsWEP = false; 307 unsigned int cbHeaderOffset; 308 unsigned int FrameSize; 309 unsigned short wEtherType = 0; 310 int iSANodeIndex = -1; 311 int iDANodeIndex = -1; 312 unsigned int ii; 313 unsigned int cbIVOffset; 314 bool bExtIV = false; 315 unsigned char *pbyRxSts; 316 unsigned char *pbyRxRate; 317 unsigned char *pbySQ; 318 unsigned int cbHeaderSize; 319 PSKeyItem pKey = NULL; 320 unsigned short wRxTSC15_0 = 0; 321 unsigned long dwRxTSC47_16 = 0; 322 SKeyItem STempKey; 323 // 802.11h RPI 324 unsigned long dwDuration = 0; 325 long ldBm = 0; 326 long ldBmThreshold = 0; 327 PS802_11Header pMACHeader; 328 bool bRxeapol_key = false; 329 330// DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- device_receive_frame---\n"); 331 332 skb = pRDInfo->skb; 333 334//PLICE_DEBUG-> 335#if 1 336 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma, 337 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE); 338#endif 339//PLICE_DEBUG<- 340 pwFrameSize = (unsigned short *)(skb->data + 2); 341 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount); 342 343 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 344 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 345 if ((FrameSize > 2364) || (FrameSize <= 32)) { 346 // Frame Size error drop this packet. 347 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 1 \n"); 348 return false; 349 } 350 351 pbyRxSts = (unsigned char *)(skb->data); 352 pbyRxRate = (unsigned char *)(skb->data + 1); 353 pbyRsr = (unsigned char *)(skb->data + FrameSize - 1); 354 pbyRSSI = (unsigned char *)(skb->data + FrameSize - 2); 355 pbyNewRsr = (unsigned char *)(skb->data + FrameSize - 3); 356 pbySQ = (unsigned char *)(skb->data + FrameSize - 4); 357 pqwTSFTime = (PQWORD)(skb->data + FrameSize - 12); 358 pbyFrame = (unsigned char *)(skb->data + 4); 359 360 // get packet size 361 FrameSize = cpu_to_le16(*pwFrameSize); 362 363 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC 364 // Min: 14 bytes ACK 365 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2 \n"); 366 return false; 367 } 368//PLICE_DEBUG-> 369#if 1 370 // update receive statistic counter 371 STAvUpdateRDStatCounter(&pDevice->scStatistic, 372 *pbyRsr, 373 *pbyNewRsr, 374 *pbyRxRate, 375 pbyFrame, 376 FrameSize); 377 378#endif 379 380 pMACHeader = (PS802_11Header)((unsigned char *)(skb->data) + 8); 381//PLICE_DEBUG<- 382 if (pDevice->bMeasureInProgress) { 383 if ((*pbyRsr & RSR_CRCOK) != 0) { 384 pDevice->byBasicMap |= 0x01; 385 } 386 dwDuration = (FrameSize << 4); 387 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE]; 388 if (*pbyRxRate <= RATE_11M) { 389 if (*pbyRxSts & 0x01) { 390 // long preamble 391 dwDuration += 192; 392 } else { 393 // short preamble 394 dwDuration += 96; 395 } 396 } else { 397 dwDuration += 16; 398 } 399 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 400 ldBmThreshold = -57; 401 for (ii = 7; ii > 0;) { 402 if (ldBm > ldBmThreshold) { 403 break; 404 } 405 ldBmThreshold -= 5; 406 ii--; 407 } 408 pDevice->dwRPIs[ii] += dwDuration; 409 return false; 410 } 411 412 if (!is_multicast_ether_addr(pbyFrame)) { 413 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header)(skb->data + 4))) { 414 pDevice->s802_11Counter.FrameDuplicateCount++; 415 return false; 416 } 417 } 418 419 // Use for TKIP MIC 420 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader); 421 422 // filter packet send from myself 423 if (ether_addr_equal(pDevice->sRxEthHeader.abySrcAddr, 424 pDevice->abyCurrentNetAddr)) 425 return false; 426 427 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { 428 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 429 p802_11Header = (PS802_11Header)(pbyFrame); 430 // get SA NodeIndex 431 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(p802_11Header->abyAddr2), &iSANodeIndex)) { 432 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; 433 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; 434 } 435 } 436 } 437 438 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 439 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex)) { 440 return false; 441 } 442 } 443 444 if (IS_FC_WEP(pbyFrame)) { 445 bool bRxDecryOK = false; 446 447 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx WEP pkt\n"); 448 bIsWEP = true; 449 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { 450 pKey = &STempKey; 451 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; 452 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; 453 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; 454 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; 455 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; 456 memcpy(pKey->abyKey, 457 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], 458 pKey->uKeyLength 459); 460 461 bRxDecryOK = s_bHostWepRxEncryption(pDevice, 462 pbyFrame, 463 FrameSize, 464 pbyRsr, 465 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, 466 pKey, 467 pbyNewRsr, 468 &bExtIV, 469 &wRxTSC15_0, 470 &dwRxTSC47_16); 471 } else { 472 bRxDecryOK = s_bHandleRxEncryption(pDevice, 473 pbyFrame, 474 FrameSize, 475 pbyRsr, 476 pbyNewRsr, 477 &pKey, 478 &bExtIV, 479 &wRxTSC15_0, 480 &dwRxTSC47_16); 481 } 482 483 if (bRxDecryOK) { 484 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { 485 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV Fail\n"); 486 if ((pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 487 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 488 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 489 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 490 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 491 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 492 pDevice->s802_11Counter.TKIPICVErrors++; 493 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) { 494 pDevice->s802_11Counter.CCMPDecryptErrors++; 495 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) { 496// pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++; 497 } 498 } 499 return false; 500 } 501 } else { 502 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "WEP Func Fail\n"); 503 return false; 504 } 505 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) 506 FrameSize -= 8; // Message Integrity Code 507 else 508 FrameSize -= 4; // 4 is ICV 509 } 510 511 // 512 // RX OK 513 // 514 //remove the CRC length 515 FrameSize -= ETH_FCS_LEN; 516 517 if ((!(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address 518 (IS_FRAGMENT_PKT((skb->data+4))) 519) { 520 // defragment 521 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header)(skb->data+4), FrameSize, bIsWEP, bExtIV); 522 pDevice->s802_11Counter.ReceivedFragmentCount++; 523 if (bDeFragRx) { 524 // defrag complete 525 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; 526 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; 527 528 } else { 529 return false; 530 } 531 } 532 533// Management & Control frame Handle 534 if ((IS_TYPE_DATA((skb->data+4))) == false) { 535 // Handle Control & Manage Frame 536 537 if (IS_TYPE_MGMT((skb->data+4))) { 538 unsigned char *pbyData1; 539 unsigned char *pbyData2; 540 541 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4); 542 pRxPacket->cbMPDULen = FrameSize; 543 pRxPacket->uRSSI = *pbyRSSI; 544 pRxPacket->bySQ = *pbySQ; 545 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime)); 546 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime)); 547 if (bIsWEP) { 548 // strip IV 549 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4); 550 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4; 551 for (ii = 0; ii < (FrameSize - 4); ii++) { 552 *pbyData1 = *pbyData2; 553 pbyData1++; 554 pbyData2++; 555 } 556 } 557 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); 558 pRxPacket->byRxChannel = (*pbyRxSts) >> 2; 559//PLICE_DEBUG-> 560//EnQueue(pDevice,pRxPacket); 561 562#ifdef THREAD 563 EnQueue(pDevice, pRxPacket); 564 565 //up(&pDevice->mlme_semaphore); 566 //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt); 567#else 568 569#ifdef TASK_LET 570 EnQueue(pDevice, pRxPacket); 571 tasklet_schedule(&pDevice->RxMngWorkItem); 572#else 573 vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 574 //tasklet_schedule(&pDevice->RxMngWorkItem); 575#endif 576 577#endif 578//PLICE_DEBUG<- 579 //vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 580 // hostap Deamon handle 802.11 management 581 if (pDevice->bEnableHostapd) { 582 skb->dev = pDevice->apdev; 583 skb->data += 4; 584 skb->tail += 4; 585 skb_put(skb, FrameSize); 586 skb_reset_mac_header(skb); 587 skb->pkt_type = PACKET_OTHERHOST; 588 skb->protocol = htons(ETH_P_802_2); 589 memset(skb->cb, 0, sizeof(skb->cb)); 590 netif_rx(skb); 591 return true; 592 } 593 } else { 594 // Control Frame 595 }; 596 return false; 597 } else { 598 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 599 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. 600 if (!(*pbyRsr & RSR_BSSIDOK)) { 601 if (bDeFragRx) { 602 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 603 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 604 pDevice->dev->name); 605 } 606 } 607 return false; 608 } 609 } else { 610 // discard DATA packet while not associate || BSSID error 611 if (!pDevice->bLinkPass || !(*pbyRsr & RSR_BSSIDOK)) { 612 if (bDeFragRx) { 613 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 614 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 615 pDevice->dev->name); 616 } 617 } 618 return false; 619 } 620 //mike add:station mode check eapol-key challenge---> 621 { 622 unsigned char Protocol_Version; //802.1x Authentication 623 unsigned char Packet_Type; //802.1x Authentication 624 if (bIsWEP) 625 cbIVOffset = 8; 626 else 627 cbIVOffset = 0; 628 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | 629 skb->data[cbIVOffset + 8 + 24 + 6 + 1]; 630 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1]; 631 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1 + 1]; 632 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header 633 if (((Protocol_Version == 1) || (Protocol_Version == 2)) && 634 (Packet_Type == 3)) { //802.1x OR eapol-key challenge frame receive 635 bRxeapol_key = true; 636 } 637 } 638 } 639 //mike add:station mode check eapol-key challenge<--- 640 } 641 } 642 643// Data frame Handle 644 645 if (pDevice->bEnablePSMode) { 646 if (IS_FC_MOREDATA((skb->data+4))) { 647 if (*pbyRsr & RSR_ADDROK) { 648 //PSbSendPSPOLL((PSDevice)pDevice); 649 } 650 } else { 651 if (pDevice->pMgmt->bInTIMWake == true) { 652 pDevice->pMgmt->bInTIMWake = false; 653 } 654 } 655 } 656 657 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps 658 if (pDevice->bDiversityEnable && (FrameSize > 50) && 659 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) && 660 pDevice->bLinkPass) { 661 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); 662 } 663 664 if (pDevice->byLocalID != REV_ID_VT3253_B1) { 665 pDevice->uCurrRSSI = *pbyRSSI; 666 } 667 pDevice->byCurrSQ = *pbySQ; 668 669 if ((*pbyRSSI != 0) && 670 (pMgmt->pCurrBSS != NULL)) { 671 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 672 // Monitor if RSSI is too strong. 673 pMgmt->pCurrBSS->byRSSIStatCnt++; 674 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; 675 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; 676 for (ii = 0; ii < RSSI_STAT_COUNT; ii++) { 677 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) { 678 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); 679 } 680 } 681 } 682 683 // ----------------------------------------------- 684 685 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && pDevice->bEnable8021x) { 686 unsigned char abyMacHdr[24]; 687 688 // Only 802.1x packet incoming allowed 689 if (bIsWEP) 690 cbIVOffset = 8; 691 else 692 cbIVOffset = 0; 693 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) | 694 skb->data[cbIVOffset + 4 + 24 + 6 + 1]; 695 696 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wEtherType = %04x \n", wEtherType); 697 if (wEtherType == ETH_P_PAE) { 698 skb->dev = pDevice->apdev; 699 700 if (bIsWEP) { 701 // strip IV header(8) 702 memcpy(&abyMacHdr[0], (skb->data + 4), 24); 703 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24); 704 } 705 skb->data += (cbIVOffset + 4); 706 skb->tail += (cbIVOffset + 4); 707 skb_put(skb, FrameSize); 708 skb_reset_mac_header(skb); 709 710 skb->pkt_type = PACKET_OTHERHOST; 711 skb->protocol = htons(ETH_P_802_2); 712 memset(skb->cb, 0, sizeof(skb->cb)); 713 netif_rx(skb); 714 return true; 715 716 } 717 // check if 802.1x authorized 718 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) 719 return false; 720 } 721 722 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 723 if (bIsWEP) { 724 FrameSize -= 8; //MIC 725 } 726 } 727 728 //-------------------------------------------------------------------------------- 729 // Soft MIC 730 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 731 if (bIsWEP) { 732 unsigned long *pdwMIC_L; 733 unsigned long *pdwMIC_R; 734 unsigned long dwMIC_Priority; 735 unsigned long dwMICKey0 = 0, dwMICKey1 = 0; 736 unsigned long dwLocalMIC_L = 0; 737 unsigned long dwLocalMIC_R = 0; 738 viawget_wpa_header *wpahdr; 739 740 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 741 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[24])); 742 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[28])); 743 } else { 744 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { 745 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[16])); 746 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[20])); 747 } else if ((pKey->dwKeyIndex & BIT28) == 0) { 748 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[16])); 749 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[20])); 750 } else { 751 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[24])); 752 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[28])); 753 } 754 } 755 756 MIC_vInit(dwMICKey0, dwMICKey1); 757 MIC_vAppend((unsigned char *)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); 758 dwMIC_Priority = 0; 759 MIC_vAppend((unsigned char *)&dwMIC_Priority, 4); 760 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. 761 MIC_vAppend((unsigned char *)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8), 762 FrameSize - WLAN_HDR_ADDR3_LEN - 8); 763 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); 764 MIC_vUnInit(); 765 766 pdwMIC_L = (unsigned long *)(skb->data + 4 + FrameSize); 767 pdwMIC_R = (unsigned long *)(skb->data + 4 + FrameSize + 4); 768 //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R)); 769 //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R)); 770 //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1); 771 772 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || 773 (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || 774 pDevice->bRxMICFail) { 775 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "MIC comparison is fail!\n"); 776 pDevice->bRxMICFail = false; 777 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; 778 pDevice->s802_11Counter.TKIPLocalMICFailures++; 779 if (bDeFragRx) { 780 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 781 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 782 pDevice->dev->name); 783 } 784 } 785 //2008-0409-07, <Add> by Einsn Liu 786#ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT 787 //send event to wpa_supplicant 788 { 789 union iwreq_data wrqu; 790 struct iw_michaelmicfailure ev; 791 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits 792 memset(&ev, 0, sizeof(ev)); 793 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 794 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 795 (pMgmt->eCurrState == WMAC_STATE_ASSOC) && 796 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 797 ev.flags |= IW_MICFAILURE_PAIRWISE; 798 } else { 799 ev.flags |= IW_MICFAILURE_GROUP; 800 } 801 802 ev.src_addr.sa_family = ARPHRD_ETHER; 803 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); 804 memset(&wrqu, 0, sizeof(wrqu)); 805 wrqu.data.length = sizeof(ev); 806 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); 807 808 } 809#endif 810 811 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) { 812 wpahdr = (viawget_wpa_header *)pDevice->skb->data; 813 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 814 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) && 815 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 816 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR; 817 wpahdr->type = VIAWGET_PTK_MIC_MSG; 818 } else { 819 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR; 820 wpahdr->type = VIAWGET_GTK_MIC_MSG; 821 } 822 wpahdr->resp_ie_len = 0; 823 wpahdr->req_ie_len = 0; 824 skb_put(pDevice->skb, sizeof(viawget_wpa_header)); 825 pDevice->skb->dev = pDevice->wpadev; 826 skb_reset_mac_header(pDevice->skb); 827 pDevice->skb->pkt_type = PACKET_HOST; 828 pDevice->skb->protocol = htons(ETH_P_802_2); 829 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); 830 netif_rx(pDevice->skb); 831 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); 832 } 833 834 return false; 835 836 } 837 } 838 } //---end of SOFT MIC----------------------------------------------------------------------- 839 840 // ++++++++++ Reply Counter Check +++++++++++++ 841 842 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || 843 (pKey->byCipherSuite == KEY_CTL_CCMP))) { 844 if (bIsWEP) { 845 unsigned short wLocalTSC15_0 = 0; 846 unsigned long dwLocalTSC47_16 = 0; 847 unsigned long long RSC = 0; 848 // endian issues 849 RSC = *((unsigned long long *)&(pKey->KeyRSC)); 850 wLocalTSC15_0 = (unsigned short)RSC; 851 dwLocalTSC47_16 = (unsigned long)(RSC>>16); 852 853 RSC = dwRxTSC47_16; 854 RSC <<= 16; 855 RSC += wRxTSC15_0; 856 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD)); 857 858 if ((pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && 859 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { 860 // check RSC 861 if ((wRxTSC15_0 < wLocalTSC15_0) && 862 (dwRxTSC47_16 <= dwLocalTSC47_16) && 863 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { 864 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC is illegal~~!\n "); 865 if (pKey->byCipherSuite == KEY_CTL_TKIP) 866 //pDevice->s802_11Counter.TKIPReplays.QuadPart++; 867 pDevice->s802_11Counter.TKIPReplays++; 868 else 869 //pDevice->s802_11Counter.CCMPReplays.QuadPart++; 870 pDevice->s802_11Counter.CCMPReplays++; 871 872 if (bDeFragRx) { 873 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 874 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 875 pDevice->dev->name); 876 } 877 } 878 return false; 879 } 880 } 881 } 882 } // ----- End of Reply Counter Check -------------------------- 883 884 if ((pKey != NULL) && (bIsWEP)) { 885// pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++; 886 } 887 888 s_vProcessRxMACHeader(pDevice, (unsigned char *)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); 889 FrameSize -= cbHeaderOffset; 890 cbHeaderOffset += 4; // 4 is Rcv buffer header 891 892 // Null data, framesize = 14 893 if (FrameSize < 15) 894 return false; 895 896 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 897 if (!s_bAPModeRxData(pDevice, 898 skb, 899 FrameSize, 900 cbHeaderOffset, 901 iSANodeIndex, 902 iDANodeIndex 903)) { 904 if (bDeFragRx) { 905 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 906 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 907 pDevice->dev->name); 908 } 909 } 910 return false; 911 } 912 } 913 914 skb->data += cbHeaderOffset; 915 skb->tail += cbHeaderOffset; 916 skb_put(skb, FrameSize); 917 skb->protocol = eth_type_trans(skb, skb->dev); 918 919 //drop frame not met IEEE 802.3 920/* 921 if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) { 922 if ((skb->protocol==htons(ETH_P_802_3)) && 923 (skb->len!=htons(skb->mac.ethernet->h_proto))) { 924 pStats->rx_length_errors++; 925 pStats->rx_dropped++; 926 if (bDeFragRx) { 927 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 928 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 929 pDevice->dev->name); 930 } 931 } 932 return false; 933 } 934 } 935*/ 936 937 skb->ip_summed = CHECKSUM_NONE; 938 pStats->rx_bytes += skb->len; 939 pStats->rx_packets++; 940 netif_rx(skb); 941 942 if (bDeFragRx) { 943 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 944 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 945 pDevice->dev->name); 946 } 947 return false; 948 } 949 950 return true; 951} 952 953static bool s_bAPModeRxCtl( 954 PSDevice pDevice, 955 unsigned char *pbyFrame, 956 int iSANodeIndex 957) 958{ 959 PS802_11Header p802_11Header; 960 CMD_STATUS Status; 961 PSMgmtObject pMgmt = pDevice->pMgmt; 962 963 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 964 p802_11Header = (PS802_11Header)(pbyFrame); 965 if (!IS_TYPE_MGMT(pbyFrame)) { 966 // Data & PS-Poll packet 967 // check frame class 968 if (iSANodeIndex > 0) { 969 // frame class 3 fliter & checking 970 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { 971 // send deauth notification 972 // reason = (6) class 2 received from nonauth sta 973 vMgrDeAuthenBeginSta(pDevice, 974 pMgmt, 975 (unsigned char *)(p802_11Header->abyAddr2), 976 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 977 &Status 978); 979 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); 980 return true; 981 } 982 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { 983 // send deassoc notification 984 // reason = (7) class 3 received from nonassoc sta 985 vMgrDisassocBeginSta(pDevice, 986 pMgmt, 987 (unsigned char *)(p802_11Header->abyAddr2), 988 (WLAN_MGMT_REASON_CLASS3_NONASSOC), 989 &Status 990); 991 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); 992 return true; 993 } 994 995 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { 996 // delcare received ps-poll event 997 if (IS_CTL_PSPOLL(pbyFrame)) { 998 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 999 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1000 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); 1001 } else { 1002 // check Data PS state 1003 // if PW bit off, send out all PS bufferring packets. 1004 if (!IS_FC_POWERMGT(pbyFrame)) { 1005 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false; 1006 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 1007 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1008 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); 1009 } 1010 } 1011 } else { 1012 if (IS_FC_POWERMGT(pbyFrame)) { 1013 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = true; 1014 // Once if STA in PS state, enable multicast bufferring 1015 pMgmt->sNodeDBTable[0].bPSEnable = true; 1016 } else { 1017 // clear all pending PS frame. 1018 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { 1019 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false; 1020 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 1021 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1022 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); 1023 1024 } 1025 } 1026 } 1027 } else { 1028 vMgrDeAuthenBeginSta(pDevice, 1029 pMgmt, 1030 (unsigned char *)(p802_11Header->abyAddr2), 1031 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1032 &Status 1033); 1034 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); 1035 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%pM\n", 1036 p802_11Header->abyAddr3); 1037 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%pM\n", 1038 p802_11Header->abyAddr2); 1039 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%pM\n", 1040 p802_11Header->abyAddr1); 1041 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl); 1042 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode)); 1043 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode); 1044 return true; 1045 } 1046 } 1047 } 1048 return false; 1049} 1050 1051static bool s_bHandleRxEncryption( 1052 PSDevice pDevice, 1053 unsigned char *pbyFrame, 1054 unsigned int FrameSize, 1055 unsigned char *pbyRsr, 1056 unsigned char *pbyNewRsr, 1057 PSKeyItem *pKeyOut, 1058 bool *pbExtIV, 1059 unsigned short *pwRxTSC15_0, 1060 unsigned long *pdwRxTSC47_16 1061) 1062{ 1063 unsigned int PayloadLen = FrameSize; 1064 unsigned char *pbyIV; 1065 unsigned char byKeyIdx; 1066 PSKeyItem pKey = NULL; 1067 unsigned char byDecMode = KEY_CTL_WEP; 1068 PSMgmtObject pMgmt = pDevice->pMgmt; 1069 1070 *pwRxTSC15_0 = 0; 1071 *pdwRxTSC47_16 = 0; 1072 1073 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1074 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) && 1075 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) { 1076 pbyIV += 6; // 6 is 802.11 address4 1077 PayloadLen -= 6; 1078 } 1079 byKeyIdx = (*(pbyIV+3) & 0xc0); 1080 byKeyIdx >>= 6; 1081 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "\nKeyIdx: %d\n", byKeyIdx); 1082 1083 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 1084 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 1085 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 1086 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 1087 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 1088 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && 1089 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) { 1090 // unicast pkt use pairwise key 1091 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "unicast pkt\n"); 1092 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == true) { 1093 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP) 1094 byDecMode = KEY_CTL_TKIP; 1095 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP) 1096 byDecMode = KEY_CTL_CCMP; 1097 } 1098 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "unicast pkt: %d, %p\n", byDecMode, pKey); 1099 } else { 1100 // use group key 1101 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); 1102 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1103 byDecMode = KEY_CTL_TKIP; 1104 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1105 byDecMode = KEY_CTL_CCMP; 1106 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); 1107 } 1108 } 1109 // our WEP only support Default Key 1110 if (pKey == NULL) { 1111 // use default group key 1112 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); 1113 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1114 byDecMode = KEY_CTL_TKIP; 1115 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1116 byDecMode = KEY_CTL_CCMP; 1117 } 1118 *pKeyOut = pKey; 1119 1120 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1121 1122 if (pKey == NULL) { 1123 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "pKey == NULL\n"); 1124 if (byDecMode == KEY_CTL_WEP) { 1125// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1126 } else if (pDevice->bLinkPass) { 1127// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1128 } 1129 return false; 1130 } 1131 if (byDecMode != pKey->byCipherSuite) { 1132 if (byDecMode == KEY_CTL_WEP) { 1133// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1134 } else if (pDevice->bLinkPass) { 1135// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1136 } 1137 *pKeyOut = NULL; 1138 return false; 1139 } 1140 if (byDecMode == KEY_CTL_WEP) { 1141 // handle WEP 1142 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1143 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true)) { 1144 // Software WEP 1145 // 1. 3253A 1146 // 2. WEP 256 1147 1148 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1149 memcpy(pDevice->abyPRNG, pbyIV, 3); 1150 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1151 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1152 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1153 1154 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1155 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1156 } 1157 } 1158 } else if ((byDecMode == KEY_CTL_TKIP) || 1159 (byDecMode == KEY_CTL_CCMP)) { 1160 // TKIP/AES 1161 1162 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1163 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4)); 1164 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ExtIV: %lx\n", *pdwRxTSC47_16); 1165 if (byDecMode == KEY_CTL_TKIP) { 1166 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV + 2), *pbyIV)); 1167 } else { 1168 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV); 1169 } 1170 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC0_15: %x\n", *pwRxTSC15_0); 1171 1172 if ((byDecMode == KEY_CTL_TKIP) && 1173 (pDevice->byLocalID <= REV_ID_VT3253_A1)) { 1174 // Software TKIP 1175 // 1. 3253 A 1176 PS802_11Header pMACHeader = (PS802_11Header)(pbyFrame); 1177 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1178 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1179 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1180 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1181 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1182 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV OK!\n"); 1183 } else { 1184 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV FAIL!!!\n"); 1185 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "PayloadLen = %d\n", PayloadLen); 1186 } 1187 } 1188 }// end of TKIP/AES 1189 1190 if ((*(pbyIV+3) & 0x20) != 0) 1191 *pbExtIV = true; 1192 return true; 1193} 1194 1195static bool s_bHostWepRxEncryption( 1196 PSDevice pDevice, 1197 unsigned char *pbyFrame, 1198 unsigned int FrameSize, 1199 unsigned char *pbyRsr, 1200 bool bOnFly, 1201 PSKeyItem pKey, 1202 unsigned char *pbyNewRsr, 1203 bool *pbExtIV, 1204 unsigned short *pwRxTSC15_0, 1205 unsigned long *pdwRxTSC47_16 1206) 1207{ 1208 unsigned int PayloadLen = FrameSize; 1209 unsigned char *pbyIV; 1210 unsigned char byKeyIdx; 1211 unsigned char byDecMode = KEY_CTL_WEP; 1212 PS802_11Header pMACHeader; 1213 1214 *pwRxTSC15_0 = 0; 1215 *pdwRxTSC47_16 = 0; 1216 1217 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1218 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) && 1219 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) { 1220 pbyIV += 6; // 6 is 802.11 address4 1221 PayloadLen -= 6; 1222 } 1223 byKeyIdx = (*(pbyIV+3) & 0xc0); 1224 byKeyIdx >>= 6; 1225 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "\nKeyIdx: %d\n", byKeyIdx); 1226 1227 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1228 byDecMode = KEY_CTL_TKIP; 1229 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1230 byDecMode = KEY_CTL_CCMP; 1231 1232 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1233 1234 if (byDecMode != pKey->byCipherSuite) { 1235 if (byDecMode == KEY_CTL_WEP) { 1236// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1237 } else if (pDevice->bLinkPass) { 1238// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1239 } 1240 return false; 1241 } 1242 1243 if (byDecMode == KEY_CTL_WEP) { 1244 // handle WEP 1245 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "byDecMode == KEY_CTL_WEP \n"); 1246 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1247 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true) || 1248 !bOnFly) { 1249 // Software WEP 1250 // 1. 3253A 1251 // 2. WEP 256 1252 // 3. NotOnFly 1253 1254 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1255 memcpy(pDevice->abyPRNG, pbyIV, 3); 1256 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1257 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1258 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1259 1260 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1261 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1262 } 1263 } 1264 } else if ((byDecMode == KEY_CTL_TKIP) || 1265 (byDecMode == KEY_CTL_CCMP)) { 1266 // TKIP/AES 1267 1268 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1269 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4)); 1270 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ExtIV: %lx\n", *pdwRxTSC47_16); 1271 1272 if (byDecMode == KEY_CTL_TKIP) { 1273 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1274 } else { 1275 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV); 1276 } 1277 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC0_15: %x\n", *pwRxTSC15_0); 1278 1279 if (byDecMode == KEY_CTL_TKIP) { 1280 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || !bOnFly) { 1281 // Software TKIP 1282 // 1. 3253 A 1283 // 2. NotOnFly 1284 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "soft KEY_CTL_TKIP \n"); 1285 pMACHeader = (PS802_11Header)(pbyFrame); 1286 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1287 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1288 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1289 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1290 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1291 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV OK!\n"); 1292 } else { 1293 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV FAIL!!!\n"); 1294 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "PayloadLen = %d\n", PayloadLen); 1295 } 1296 } 1297 } 1298 1299 if (byDecMode == KEY_CTL_CCMP) { 1300 if (!bOnFly) { 1301 // Software CCMP 1302 // NotOnFly 1303 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "soft KEY_CTL_CCMP\n"); 1304 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) { 1305 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1306 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "CCMP MIC compare OK!\n"); 1307 } else { 1308 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "CCMP MIC fail!\n"); 1309 } 1310 } 1311 } 1312 1313 }// end of TKIP/AES 1314 1315 if ((*(pbyIV+3) & 0x20) != 0) 1316 *pbExtIV = true; 1317 return true; 1318} 1319 1320static bool s_bAPModeRxData( 1321 PSDevice pDevice, 1322 struct sk_buff *skb, 1323 unsigned int FrameSize, 1324 unsigned int cbHeaderOffset, 1325 int iSANodeIndex, 1326 int iDANodeIndex 1327) 1328{ 1329 PSMgmtObject pMgmt = pDevice->pMgmt; 1330 bool bRelayAndForward = false; 1331 bool bRelayOnly = false; 1332 unsigned char byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80}; 1333 unsigned short wAID; 1334 1335 struct sk_buff *skbcpy = NULL; 1336 1337 if (FrameSize > CB_MAX_BUF_SIZE) 1338 return false; 1339 // check DA 1340 if (is_multicast_ether_addr((unsigned char *)(skb->data+cbHeaderOffset))) { 1341 if (pMgmt->sNodeDBTable[0].bPSEnable) { 1342 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz); 1343 1344 // if any node in PS mode, buffer packet until DTIM. 1345 if (skbcpy == NULL) { 1346 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n"); 1347 } else { 1348 skbcpy->dev = pDevice->dev; 1349 skbcpy->len = FrameSize; 1350 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize); 1351 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy); 1352 1353 pMgmt->sNodeDBTable[0].wEnQueueCnt++; 1354 // set tx map 1355 pMgmt->abyPSTxMap[0] |= byMask[0]; 1356 } 1357 } else { 1358 bRelayAndForward = true; 1359 } 1360 } else { 1361 // check if relay 1362 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(skb->data+cbHeaderOffset), &iDANodeIndex)) { 1363 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) { 1364 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) { 1365 // queue this skb until next PS tx, and then release. 1366 1367 skb->data += cbHeaderOffset; 1368 skb->tail += cbHeaderOffset; 1369 skb_put(skb, FrameSize); 1370 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb); 1371 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++; 1372 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID; 1373 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7]; 1374 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n", 1375 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]); 1376 return true; 1377 } else { 1378 bRelayOnly = true; 1379 } 1380 } 1381 } 1382 } 1383 1384 if (bRelayOnly || bRelayAndForward) { 1385 // relay this packet right now 1386 if (bRelayAndForward) 1387 iDANodeIndex = 0; 1388 1389 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) { 1390 ROUTEbRelay(pDevice, (unsigned char *)(skb->data + cbHeaderOffset), FrameSize, (unsigned int)iDANodeIndex); 1391 } 1392 1393 if (bRelayOnly) 1394 return false; 1395 } 1396 // none associate, don't forward 1397 if (pDevice->uAssocCount == 0) 1398 return false; 1399 1400 return true; 1401} 1402