dpc.c revision 22c5291e70ba66880c6a6acffbd8200a623c4556
1/* 2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. 3 * All rights reserved. 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License along 16 * with this program; if not, write to the Free Software Foundation, Inc., 17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * File: dpc.c 20 * 21 * Purpose: handle dpc rx functions 22 * 23 * Author: Lyndon Chen 24 * 25 * Date: May 20, 2003 26 * 27 * Functions: 28 * device_receive_frame - Rcv 802.11 frame function 29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl. 30 * s_bAPModeRxData- AP Rcv data frame handle 31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly 32 * s_bHostWepRxEncryption- Rcv encrypted data via host 33 * s_byGetRateIdx- get rate index 34 * s_vGetDASA- get data offset 35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 36 * 37 * Revision History: 38 * 39 */ 40 41#include "device.h" 42#include "rxtx.h" 43#include "tether.h" 44#include "card.h" 45#include "bssdb.h" 46#include "mac.h" 47#include "baseband.h" 48#include "michael.h" 49#include "tkip.h" 50#include "tcrc.h" 51#include "wctl.h" 52#include "wroute.h" 53#include "hostap.h" 54#include "rf.h" 55#include "iowpa.h" 56#include "aes_ccmp.h" 57 58 59 60/*--------------------- Static Definitions -------------------------*/ 61 62/*--------------------- Static Classes ----------------------------*/ 63 64/*--------------------- Static Variables --------------------------*/ 65//static int msglevel =MSG_LEVEL_DEBUG; 66static int msglevel = MSG_LEVEL_INFO; 67 68const unsigned char acbyRxRate[MAX_RATE] = 69{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; 70 71 72/*--------------------- Static Functions --------------------------*/ 73 74/*--------------------- Static Definitions -------------------------*/ 75 76/*--------------------- Static Functions --------------------------*/ 77 78static unsigned char s_byGetRateIdx(unsigned char byRate); 79 80 81static void 82s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize, 83 PSEthernetHeader psEthHeader); 84 85static void 86s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr, 87 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV, 88 unsigned int *pcbHeadSize); 89 90static bool s_bAPModeRxCtl( 91 PSDevice pDevice, 92 unsigned char *pbyFrame, 93 int iSANodeIndex 94); 95 96 97 98static bool s_bAPModeRxData( 99 PSDevice pDevice, 100 struct sk_buff *skb, 101 unsigned int FrameSize, 102 unsigned int cbHeaderOffset, 103 int iSANodeIndex, 104 int iDANodeIndex 105); 106 107 108static bool s_bHandleRxEncryption( 109 PSDevice pDevice, 110 unsigned char *pbyFrame, 111 unsigned int FrameSize, 112 unsigned char *pbyRsr, 113 unsigned char *pbyNewRsr, 114 PSKeyItem *pKeyOut, 115 bool *pbExtIV, 116 unsigned short *pwRxTSC15_0, 117 unsigned long *pdwRxTSC47_16 118); 119 120static bool s_bHostWepRxEncryption( 121 122 PSDevice pDevice, 123 unsigned char *pbyFrame, 124 unsigned int FrameSize, 125 unsigned char *pbyRsr, 126 bool bOnFly, 127 PSKeyItem pKey, 128 unsigned char *pbyNewRsr, 129 bool *pbExtIV, 130 unsigned short *pwRxTSC15_0, 131 unsigned long *pdwRxTSC47_16 132 133); 134 135/*--------------------- Export Variables --------------------------*/ 136 137/*+ 138 * 139 * Description: 140 * Translate Rcv 802.11 header to 802.3 header with Rx buffer 141 * 142 * Parameters: 143 * In: 144 * pDevice 145 * dwRxBufferAddr - Address of Rcv Buffer 146 * cbPacketSize - Rcv Packet size 147 * bIsWEP - If Rcv with WEP 148 * Out: 149 * pcbHeaderSize - 802.11 header size 150 * 151 * Return Value: None 152 * 153 -*/ 154static void 155s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr, 156 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV, 157 unsigned int *pcbHeadSize) 158{ 159 unsigned char *pbyRxBuffer; 160 unsigned int cbHeaderSize = 0; 161 unsigned short *pwType; 162 PS802_11Header pMACHeader; 163 int ii; 164 165 166 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 167 168 s_vGetDASA((unsigned char *)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); 169 170 if (bIsWEP) { 171 if (bExtIV) { 172 // strip IV&ExtIV , add 8 byte 173 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); 174 } else { 175 // strip IV , add 4 byte 176 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); 177 } 178 } 179 else { 180 cbHeaderSize += WLAN_HDR_ADDR3_LEN; 181 }; 182 183 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize); 184 if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) { 185 cbHeaderSize += 6; 186 } 187 else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) { 188 cbHeaderSize += 6; 189 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 190 if ((*pwType != TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) { 191 } 192 else { 193 cbHeaderSize -= 8; 194 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 195 if (bIsWEP) { 196 if (bExtIV) { 197 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 198 } else { 199 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 200 } 201 } 202 else { 203 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 204 } 205 } 206 } 207 else { 208 cbHeaderSize -= 2; 209 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 210 if (bIsWEP) { 211 if (bExtIV) { 212 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 213 } else { 214 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 215 } 216 } 217 else { 218 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 219 } 220 } 221 222 cbHeaderSize -= (ETH_ALEN * 2); 223 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize); 224 for (ii = 0; ii < ETH_ALEN; ii++) 225 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; 226 for (ii = 0; ii < ETH_ALEN; ii++) 227 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; 228 229 *pcbHeadSize = cbHeaderSize; 230} 231 232 233 234 235static unsigned char s_byGetRateIdx(unsigned char byRate) 236{ 237 unsigned char byRateIdx; 238 239 for (byRateIdx = 0; byRateIdx < MAX_RATE; byRateIdx++) { 240 if (acbyRxRate[byRateIdx % MAX_RATE] == byRate) 241 return byRateIdx; 242 } 243 return 0; 244} 245 246 247static void 248s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize, 249 PSEthernetHeader psEthHeader) 250{ 251 unsigned int cbHeaderSize = 0; 252 PS802_11Header pMACHeader; 253 int ii; 254 255 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 256 257 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { 258 if (pMACHeader->wFrameCtl & FC_FROMDS) { 259 for (ii = 0; ii < ETH_ALEN; ii++) { 260 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 261 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii]; 262 } 263 } 264 else { 265 // IBSS mode 266 for (ii = 0; ii < ETH_ALEN; ii++) { 267 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 268 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 269 } 270 } 271 } 272 else { 273 // Is AP mode.. 274 if (pMACHeader->wFrameCtl & FC_FROMDS) { 275 for (ii = 0; ii < ETH_ALEN; ii++) { 276 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 277 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii]; 278 cbHeaderSize += 6; 279 } 280 } 281 else { 282 for (ii = 0; ii < ETH_ALEN; ii++) { 283 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 284 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 285 } 286 } 287 }; 288 *pcbHeaderSize = cbHeaderSize; 289} 290 291 292 293 294//PLICE_DEBUG -> 295 296void MngWorkItem(void *Context) 297{ 298 PSRxMgmtPacket pRxMgmtPacket; 299 PSDevice pDevice = (PSDevice) Context; 300 //printk("Enter MngWorkItem,Queue packet num is %d\n",pDevice->rxManeQueue.packet_num); 301 spin_lock_irq(&pDevice->lock); 302 while (pDevice->rxManeQueue.packet_num != 0) 303 { 304 pRxMgmtPacket = DeQueue(pDevice); 305 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket); 306 } 307 spin_unlock_irq(&pDevice->lock); 308} 309 310 311//PLICE_DEBUG<- 312 313 314 315bool 316device_receive_frame( 317 PSDevice pDevice, 318 PSRxDesc pCurrRD 319) 320{ 321 322 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo; 323#ifdef PLICE_DEBUG 324 //printk("device_receive_frame:pCurrRD is %x,pRDInfo is %x\n",pCurrRD,pCurrRD->pRDInfo); 325#endif 326 struct net_device_stats *pStats = &pDevice->stats; 327 struct sk_buff *skb; 328 PSMgmtObject pMgmt = pDevice->pMgmt; 329 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket); 330 PS802_11Header p802_11Header; 331 unsigned char *pbyRsr; 332 unsigned char *pbyNewRsr; 333 unsigned char *pbyRSSI; 334 PQWORD pqwTSFTime; 335 unsigned short *pwFrameSize; 336 unsigned char *pbyFrame; 337 bool bDeFragRx = false; 338 bool bIsWEP = false; 339 unsigned int cbHeaderOffset; 340 unsigned int FrameSize; 341 unsigned short wEtherType = 0; 342 int iSANodeIndex = -1; 343 int iDANodeIndex = -1; 344 unsigned int ii; 345 unsigned int cbIVOffset; 346 bool bExtIV = false; 347 unsigned char *pbyRxSts; 348 unsigned char *pbyRxRate; 349 unsigned char *pbySQ; 350 unsigned int cbHeaderSize; 351 PSKeyItem pKey = NULL; 352 unsigned short wRxTSC15_0 = 0; 353 unsigned long dwRxTSC47_16 = 0; 354 SKeyItem STempKey; 355 // 802.11h RPI 356 unsigned long dwDuration = 0; 357 long ldBm = 0; 358 long ldBmThreshold = 0; 359 PS802_11Header pMACHeader; 360 bool bRxeapol_key = false; 361 362// DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- device_receive_frame---\n"); 363 364 skb = pRDInfo->skb; 365 366 367//PLICE_DEBUG-> 368#if 1 369 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma, 370 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE); 371#endif 372//PLICE_DEBUG<- 373 pwFrameSize = (unsigned short *)(skb->data + 2); 374 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount); 375 376 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 377 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 378 if ((FrameSize > 2364) || (FrameSize <= 32)) { 379 // Frame Size error drop this packet. 380 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 1 \n"); 381 return false; 382 } 383 384 pbyRxSts = (unsigned char *)(skb->data); 385 pbyRxRate = (unsigned char *)(skb->data + 1); 386 pbyRsr = (unsigned char *)(skb->data + FrameSize - 1); 387 pbyRSSI = (unsigned char *)(skb->data + FrameSize - 2); 388 pbyNewRsr = (unsigned char *)(skb->data + FrameSize - 3); 389 pbySQ = (unsigned char *)(skb->data + FrameSize - 4); 390 pqwTSFTime = (PQWORD)(skb->data + FrameSize - 12); 391 pbyFrame = (unsigned char *)(skb->data + 4); 392 393 // get packet size 394 FrameSize = cpu_to_le16(*pwFrameSize); 395 396 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC 397 // Min: 14 bytes ACK 398 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2 \n"); 399 return false; 400 } 401//PLICE_DEBUG-> 402#if 1 403 // update receive statistic counter 404 STAvUpdateRDStatCounter(&pDevice->scStatistic, 405 *pbyRsr, 406 *pbyNewRsr, 407 *pbyRxRate, 408 pbyFrame, 409 FrameSize); 410 411#endif 412 413 pMACHeader = (PS802_11Header)((unsigned char *)(skb->data) + 8); 414//PLICE_DEBUG<- 415 if (pDevice->bMeasureInProgress == true) { 416 if ((*pbyRsr & RSR_CRCOK) != 0) { 417 pDevice->byBasicMap |= 0x01; 418 } 419 dwDuration = (FrameSize << 4); 420 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE]; 421 if (*pbyRxRate <= RATE_11M) { 422 if (*pbyRxSts & 0x01) { 423 // long preamble 424 dwDuration += 192; 425 } else { 426 // short preamble 427 dwDuration += 96; 428 } 429 } else { 430 dwDuration += 16; 431 } 432 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 433 ldBmThreshold = -57; 434 for (ii = 7; ii > 0;) { 435 if (ldBm > ldBmThreshold) { 436 break; 437 } 438 ldBmThreshold -= 5; 439 ii--; 440 } 441 pDevice->dwRPIs[ii] += dwDuration; 442 return false; 443 } 444 445 if (!is_multicast_ether_addr(pbyFrame)) { 446 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header)(skb->data + 4))) { 447 pDevice->s802_11Counter.FrameDuplicateCount++; 448 return false; 449 } 450 } 451 452 453 // Use for TKIP MIC 454 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader); 455 456 // filter packet send from myself 457 if (!compare_ether_addr((unsigned char *)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr)) 458 return false; 459 460 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { 461 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 462 p802_11Header = (PS802_11Header)(pbyFrame); 463 // get SA NodeIndex 464 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(p802_11Header->abyAddr2), &iSANodeIndex)) { 465 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; 466 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; 467 } 468 } 469 } 470 471 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 472 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == true) { 473 return false; 474 } 475 } 476 477 478 if (IS_FC_WEP(pbyFrame)) { 479 bool bRxDecryOK = false; 480 481 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx WEP pkt\n"); 482 bIsWEP = true; 483 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { 484 pKey = &STempKey; 485 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; 486 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; 487 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; 488 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; 489 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; 490 memcpy(pKey->abyKey, 491 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], 492 pKey->uKeyLength 493); 494 495 bRxDecryOK = s_bHostWepRxEncryption(pDevice, 496 pbyFrame, 497 FrameSize, 498 pbyRsr, 499 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, 500 pKey, 501 pbyNewRsr, 502 &bExtIV, 503 &wRxTSC15_0, 504 &dwRxTSC47_16); 505 } else { 506 bRxDecryOK = s_bHandleRxEncryption(pDevice, 507 pbyFrame, 508 FrameSize, 509 pbyRsr, 510 pbyNewRsr, 511 &pKey, 512 &bExtIV, 513 &wRxTSC15_0, 514 &dwRxTSC47_16); 515 } 516 517 if (bRxDecryOK) { 518 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { 519 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV Fail\n"); 520 if ((pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 521 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 522 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 523 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 524 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 525 526 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 527 pDevice->s802_11Counter.TKIPICVErrors++; 528 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) { 529 pDevice->s802_11Counter.CCMPDecryptErrors++; 530 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) { 531// pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++; 532 } 533 } 534 return false; 535 } 536 } else { 537 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "WEP Func Fail\n"); 538 return false; 539 } 540 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) 541 FrameSize -= 8; // Message Integrity Code 542 else 543 FrameSize -= 4; // 4 is ICV 544 } 545 546 547 // 548 // RX OK 549 // 550 //remove the CRC length 551 FrameSize -= ETH_FCS_LEN; 552 553 if ((!(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address 554 (IS_FRAGMENT_PKT((skb->data+4))) 555) { 556 // defragment 557 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header)(skb->data+4), FrameSize, bIsWEP, bExtIV); 558 pDevice->s802_11Counter.ReceivedFragmentCount++; 559 if (bDeFragRx) { 560 // defrag complete 561 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; 562 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; 563 564 } 565 else { 566 return false; 567 } 568 } 569 570 571// Management & Control frame Handle 572 if ((IS_TYPE_DATA((skb->data+4))) == false) { 573 // Handle Control & Manage Frame 574 575 if (IS_TYPE_MGMT((skb->data+4))) { 576 unsigned char *pbyData1; 577 unsigned char *pbyData2; 578 579 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4); 580 pRxPacket->cbMPDULen = FrameSize; 581 pRxPacket->uRSSI = *pbyRSSI; 582 pRxPacket->bySQ = *pbySQ; 583 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime)); 584 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime)); 585 if (bIsWEP) { 586 // strip IV 587 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4); 588 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4; 589 for (ii = 0; ii < (FrameSize - 4); ii++) { 590 *pbyData1 = *pbyData2; 591 pbyData1++; 592 pbyData2++; 593 } 594 } 595 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); 596 pRxPacket->byRxChannel = (*pbyRxSts) >> 2; 597//PLICE_DEBUG-> 598//EnQueue(pDevice,pRxPacket); 599 600#ifdef THREAD 601 EnQueue(pDevice, pRxPacket); 602 603 //printk("enque time is %x\n",jiffies); 604 //up(&pDevice->mlme_semaphore); 605 //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt); 606#else 607 608#ifdef TASK_LET 609 EnQueue(pDevice, pRxPacket); 610 tasklet_schedule(&pDevice->RxMngWorkItem); 611#else 612//printk("RxMan\n"); 613 vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 614 //tasklet_schedule(&pDevice->RxMngWorkItem); 615#endif 616 617#endif 618//PLICE_DEBUG<- 619 //vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 620 // hostap Deamon handle 802.11 management 621 if (pDevice->bEnableHostapd) { 622 skb->dev = pDevice->apdev; 623 skb->data += 4; 624 skb->tail += 4; 625 skb_put(skb, FrameSize); 626 skb_reset_mac_header(skb); 627 skb->pkt_type = PACKET_OTHERHOST; 628 skb->protocol = htons(ETH_P_802_2); 629 memset(skb->cb, 0, sizeof(skb->cb)); 630 netif_rx(skb); 631 return true; 632 } 633 } 634 else { 635 // Control Frame 636 }; 637 return false; 638 } 639 else { 640 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 641 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. 642 if (!(*pbyRsr & RSR_BSSIDOK)) { 643 if (bDeFragRx) { 644 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 645 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 646 pDevice->dev->name); 647 } 648 } 649 return false; 650 } 651 } 652 else { 653 // discard DATA packet while not associate || BSSID error 654 if ((pDevice->bLinkPass == false) || 655 !(*pbyRsr & RSR_BSSIDOK)) { 656 if (bDeFragRx) { 657 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 658 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 659 pDevice->dev->name); 660 } 661 } 662 return false; 663 } 664 //mike add:station mode check eapol-key challenge---> 665 { 666 unsigned char Protocol_Version; //802.1x Authentication 667 unsigned char Packet_Type; //802.1x Authentication 668 if (bIsWEP) 669 cbIVOffset = 8; 670 else 671 cbIVOffset = 0; 672 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | 673 skb->data[cbIVOffset + 8 + 24 + 6 + 1]; 674 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1]; 675 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1 + 1]; 676 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header 677 if (((Protocol_Version == 1) || (Protocol_Version == 2)) && 678 (Packet_Type == 3)) { //802.1x OR eapol-key challenge frame receive 679 bRxeapol_key = true; 680 } 681 } 682 } 683 //mike add:station mode check eapol-key challenge<--- 684 } 685 } 686 687 688// Data frame Handle 689 690 691 if (pDevice->bEnablePSMode) { 692 if (IS_FC_MOREDATA((skb->data+4))) { 693 if (*pbyRsr & RSR_ADDROK) { 694 //PSbSendPSPOLL((PSDevice)pDevice); 695 } 696 } 697 else { 698 if (pDevice->pMgmt->bInTIMWake == true) { 699 pDevice->pMgmt->bInTIMWake = false; 700 } 701 } 702 } 703 704 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps 705 if (pDevice->bDiversityEnable && (FrameSize > 50) && 706 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) && 707 (pDevice->bLinkPass == true)) { 708 //printk("device_receive_frame: RxRate is %d\n",*pbyRxRate); 709 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); 710 } 711 712 713 if (pDevice->byLocalID != REV_ID_VT3253_B1) { 714 pDevice->uCurrRSSI = *pbyRSSI; 715 } 716 pDevice->byCurrSQ = *pbySQ; 717 718 if ((*pbyRSSI != 0) && 719 (pMgmt->pCurrBSS != NULL)) { 720 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 721 // Monitor if RSSI is too strong. 722 pMgmt->pCurrBSS->byRSSIStatCnt++; 723 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; 724 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; 725 for (ii = 0; ii < RSSI_STAT_COUNT; ii++) { 726 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) { 727 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); 728 } 729 } 730 } 731 732 // ----------------------------------------------- 733 734 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == true)) { 735 unsigned char abyMacHdr[24]; 736 737 // Only 802.1x packet incoming allowed 738 if (bIsWEP) 739 cbIVOffset = 8; 740 else 741 cbIVOffset = 0; 742 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) | 743 skb->data[cbIVOffset + 4 + 24 + 6 + 1]; 744 745 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wEtherType = %04x \n", wEtherType); 746 if (wEtherType == ETH_P_PAE) { 747 skb->dev = pDevice->apdev; 748 749 if (bIsWEP == true) { 750 // strip IV header(8) 751 memcpy(&abyMacHdr[0], (skb->data + 4), 24); 752 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24); 753 } 754 skb->data += (cbIVOffset + 4); 755 skb->tail += (cbIVOffset + 4); 756 skb_put(skb, FrameSize); 757 skb_reset_mac_header(skb); 758 759 skb->pkt_type = PACKET_OTHERHOST; 760 skb->protocol = htons(ETH_P_802_2); 761 memset(skb->cb, 0, sizeof(skb->cb)); 762 netif_rx(skb); 763 return true; 764 765 } 766 // check if 802.1x authorized 767 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) 768 return false; 769 } 770 771 772 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 773 if (bIsWEP) { 774 FrameSize -= 8; //MIC 775 } 776 } 777 778 //-------------------------------------------------------------------------------- 779 // Soft MIC 780 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 781 if (bIsWEP) { 782 unsigned long *pdwMIC_L; 783 unsigned long *pdwMIC_R; 784 unsigned long dwMIC_Priority; 785 unsigned long dwMICKey0 = 0, dwMICKey1 = 0; 786 unsigned long dwLocalMIC_L = 0; 787 unsigned long dwLocalMIC_R = 0; 788 viawget_wpa_header *wpahdr; 789 790 791 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 792 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[24])); 793 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[28])); 794 } 795 else { 796 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { 797 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[16])); 798 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[20])); 799 } else if ((pKey->dwKeyIndex & BIT28) == 0) { 800 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[16])); 801 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[20])); 802 } else { 803 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[24])); 804 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[28])); 805 } 806 } 807 808 MIC_vInit(dwMICKey0, dwMICKey1); 809 MIC_vAppend((unsigned char *)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); 810 dwMIC_Priority = 0; 811 MIC_vAppend((unsigned char *)&dwMIC_Priority, 4); 812 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. 813 MIC_vAppend((unsigned char *)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8), 814 FrameSize - WLAN_HDR_ADDR3_LEN - 8); 815 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); 816 MIC_vUnInit(); 817 818 pdwMIC_L = (unsigned long *)(skb->data + 4 + FrameSize); 819 pdwMIC_R = (unsigned long *)(skb->data + 4 + FrameSize + 4); 820 //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R)); 821 //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R)); 822 //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1); 823 824 825 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || 826 (pDevice->bRxMICFail == true)) { 827 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "MIC comparison is fail!\n"); 828 pDevice->bRxMICFail = false; 829 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; 830 pDevice->s802_11Counter.TKIPLocalMICFailures++; 831 if (bDeFragRx) { 832 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 833 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 834 pDevice->dev->name); 835 } 836 } 837 //2008-0409-07, <Add> by Einsn Liu 838#ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT 839 //send event to wpa_supplicant 840 //if (pDevice->bWPADevEnable == true) 841 { 842 union iwreq_data wrqu; 843 struct iw_michaelmicfailure ev; 844 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits 845 memset(&ev, 0, sizeof(ev)); 846 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 847 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 848 (pMgmt->eCurrState == WMAC_STATE_ASSOC) && 849 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 850 ev.flags |= IW_MICFAILURE_PAIRWISE; 851 } else { 852 ev.flags |= IW_MICFAILURE_GROUP; 853 } 854 855 ev.src_addr.sa_family = ARPHRD_ETHER; 856 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); 857 memset(&wrqu, 0, sizeof(wrqu)); 858 wrqu.data.length = sizeof(ev); 859 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); 860 861 } 862#endif 863 864 865 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) { 866 wpahdr = (viawget_wpa_header *)pDevice->skb->data; 867 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 868 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) && 869 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 870 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR; 871 wpahdr->type = VIAWGET_PTK_MIC_MSG; 872 } else { 873 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR; 874 wpahdr->type = VIAWGET_GTK_MIC_MSG; 875 } 876 wpahdr->resp_ie_len = 0; 877 wpahdr->req_ie_len = 0; 878 skb_put(pDevice->skb, sizeof(viawget_wpa_header)); 879 pDevice->skb->dev = pDevice->wpadev; 880 skb_reset_mac_header(pDevice->skb); 881 pDevice->skb->pkt_type = PACKET_HOST; 882 pDevice->skb->protocol = htons(ETH_P_802_2); 883 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); 884 netif_rx(pDevice->skb); 885 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); 886 } 887 888 return false; 889 890 } 891 } 892 } //---end of SOFT MIC----------------------------------------------------------------------- 893 894 // ++++++++++ Reply Counter Check +++++++++++++ 895 896 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || 897 (pKey->byCipherSuite == KEY_CTL_CCMP))) { 898 if (bIsWEP) { 899 unsigned short wLocalTSC15_0 = 0; 900 unsigned long dwLocalTSC47_16 = 0; 901 unsigned long long RSC = 0; 902 // endian issues 903 RSC = *((unsigned long long *)&(pKey->KeyRSC)); 904 wLocalTSC15_0 = (unsigned short)RSC; 905 dwLocalTSC47_16 = (unsigned long)(RSC>>16); 906 907 RSC = dwRxTSC47_16; 908 RSC <<= 16; 909 RSC += wRxTSC15_0; 910 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD)); 911 912 if ((pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && 913 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { 914 // check RSC 915 if ((wRxTSC15_0 < wLocalTSC15_0) && 916 (dwRxTSC47_16 <= dwLocalTSC47_16) && 917 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { 918 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC is illegal~~!\n "); 919 if (pKey->byCipherSuite == KEY_CTL_TKIP) 920 //pDevice->s802_11Counter.TKIPReplays.QuadPart++; 921 pDevice->s802_11Counter.TKIPReplays++; 922 else 923 //pDevice->s802_11Counter.CCMPReplays.QuadPart++; 924 pDevice->s802_11Counter.CCMPReplays++; 925 926 if (bDeFragRx) { 927 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 928 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 929 pDevice->dev->name); 930 } 931 } 932 return false; 933 } 934 } 935 } 936 } // ----- End of Reply Counter Check -------------------------- 937 938 939 940 if ((pKey != NULL) && (bIsWEP)) { 941// pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++; 942 } 943 944 945 s_vProcessRxMACHeader(pDevice, (unsigned char *)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); 946 FrameSize -= cbHeaderOffset; 947 cbHeaderOffset += 4; // 4 is Rcv buffer header 948 949 // Null data, framesize = 14 950 if (FrameSize < 15) 951 return false; 952 953 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 954 if (s_bAPModeRxData(pDevice, 955 skb, 956 FrameSize, 957 cbHeaderOffset, 958 iSANodeIndex, 959 iDANodeIndex 960) == false) { 961 962 if (bDeFragRx) { 963 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 964 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 965 pDevice->dev->name); 966 } 967 } 968 return false; 969 } 970 971// if (pDevice->bRxMICFail == false) { 972// for (ii =0; ii < 100; ii++) 973// printk(" %02x", *(skb->data + ii)); 974// printk("\n"); 975// } 976 977 } 978 979 skb->data += cbHeaderOffset; 980 skb->tail += cbHeaderOffset; 981 skb_put(skb, FrameSize); 982 skb->protocol = eth_type_trans(skb, skb->dev); 983 984 985 //drop frame not met IEEE 802.3 986/* 987 if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) { 988 if ((skb->protocol==htons(ETH_P_802_3)) && 989 (skb->len!=htons(skb->mac.ethernet->h_proto))) { 990 pStats->rx_length_errors++; 991 pStats->rx_dropped++; 992 if (bDeFragRx) { 993 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 994 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 995 pDevice->dev->name); 996 } 997 } 998 return false; 999 } 1000 } 1001*/ 1002 1003 skb->ip_summed = CHECKSUM_NONE; 1004 pStats->rx_bytes += skb->len; 1005 pStats->rx_packets++; 1006 netif_rx(skb); 1007 1008 if (bDeFragRx) { 1009 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 1010 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 1011 pDevice->dev->name); 1012 } 1013 return false; 1014 } 1015 1016 return true; 1017} 1018 1019 1020static bool s_bAPModeRxCtl( 1021 PSDevice pDevice, 1022 unsigned char *pbyFrame, 1023 int iSANodeIndex 1024) 1025{ 1026 PS802_11Header p802_11Header; 1027 CMD_STATUS Status; 1028 PSMgmtObject pMgmt = pDevice->pMgmt; 1029 1030 1031 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 1032 1033 p802_11Header = (PS802_11Header)(pbyFrame); 1034 if (!IS_TYPE_MGMT(pbyFrame)) { 1035 1036 // Data & PS-Poll packet 1037 // check frame class 1038 if (iSANodeIndex > 0) { 1039 // frame class 3 fliter & checking 1040 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { 1041 // send deauth notification 1042 // reason = (6) class 2 received from nonauth sta 1043 vMgrDeAuthenBeginSta(pDevice, 1044 pMgmt, 1045 (unsigned char *)(p802_11Header->abyAddr2), 1046 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1047 &Status 1048); 1049 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); 1050 return true; 1051 } 1052 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { 1053 // send deassoc notification 1054 // reason = (7) class 3 received from nonassoc sta 1055 vMgrDisassocBeginSta(pDevice, 1056 pMgmt, 1057 (unsigned char *)(p802_11Header->abyAddr2), 1058 (WLAN_MGMT_REASON_CLASS3_NONASSOC), 1059 &Status 1060); 1061 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); 1062 return true; 1063 } 1064 1065 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { 1066 // delcare received ps-poll event 1067 if (IS_CTL_PSPOLL(pbyFrame)) { 1068 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 1069 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1070 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); 1071 } 1072 else { 1073 // check Data PS state 1074 // if PW bit off, send out all PS bufferring packets. 1075 if (!IS_FC_POWERMGT(pbyFrame)) { 1076 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false; 1077 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 1078 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1079 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); 1080 } 1081 } 1082 } 1083 else { 1084 if (IS_FC_POWERMGT(pbyFrame)) { 1085 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = true; 1086 // Once if STA in PS state, enable multicast bufferring 1087 pMgmt->sNodeDBTable[0].bPSEnable = true; 1088 } 1089 else { 1090 // clear all pending PS frame. 1091 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { 1092 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false; 1093 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 1094 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1095 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); 1096 1097 } 1098 } 1099 } 1100 } 1101 else { 1102 vMgrDeAuthenBeginSta(pDevice, 1103 pMgmt, 1104 (unsigned char *)(p802_11Header->abyAddr2), 1105 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1106 &Status 1107); 1108 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); 1109 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%pM\n", 1110 p802_11Header->abyAddr3); 1111 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%pM\n", 1112 p802_11Header->abyAddr2); 1113 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%pM\n", 1114 p802_11Header->abyAddr1); 1115 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl); 1116 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode)); 1117 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode); 1118 return true; 1119 } 1120 } 1121 } 1122 return false; 1123 1124} 1125 1126static bool s_bHandleRxEncryption( 1127 PSDevice pDevice, 1128 unsigned char *pbyFrame, 1129 unsigned int FrameSize, 1130 unsigned char *pbyRsr, 1131 unsigned char *pbyNewRsr, 1132 PSKeyItem *pKeyOut, 1133 bool *pbExtIV, 1134 unsigned short *pwRxTSC15_0, 1135 unsigned long *pdwRxTSC47_16 1136) 1137{ 1138 unsigned int PayloadLen = FrameSize; 1139 unsigned char *pbyIV; 1140 unsigned char byKeyIdx; 1141 PSKeyItem pKey = NULL; 1142 unsigned char byDecMode = KEY_CTL_WEP; 1143 PSMgmtObject pMgmt = pDevice->pMgmt; 1144 1145 1146 *pwRxTSC15_0 = 0; 1147 *pdwRxTSC47_16 = 0; 1148 1149 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1150 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) && 1151 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) { 1152 pbyIV += 6; // 6 is 802.11 address4 1153 PayloadLen -= 6; 1154 } 1155 byKeyIdx = (*(pbyIV+3) & 0xc0); 1156 byKeyIdx >>= 6; 1157 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "\nKeyIdx: %d\n", byKeyIdx); 1158 1159 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 1160 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 1161 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 1162 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 1163 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 1164 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && 1165 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) { 1166 // unicast pkt use pairwise key 1167 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "unicast pkt\n"); 1168 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == true) { 1169 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP) 1170 byDecMode = KEY_CTL_TKIP; 1171 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP) 1172 byDecMode = KEY_CTL_CCMP; 1173 } 1174 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "unicast pkt: %d, %p\n", byDecMode, pKey); 1175 } else { 1176 // use group key 1177 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); 1178 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1179 byDecMode = KEY_CTL_TKIP; 1180 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1181 byDecMode = KEY_CTL_CCMP; 1182 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); 1183 } 1184 } 1185 // our WEP only support Default Key 1186 if (pKey == NULL) { 1187 // use default group key 1188 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); 1189 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1190 byDecMode = KEY_CTL_TKIP; 1191 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1192 byDecMode = KEY_CTL_CCMP; 1193 } 1194 *pKeyOut = pKey; 1195 1196 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1197 1198 if (pKey == NULL) { 1199 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "pKey == NULL\n"); 1200 if (byDecMode == KEY_CTL_WEP) { 1201// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1202 } else if (pDevice->bLinkPass == true) { 1203// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1204 } 1205 return false; 1206 } 1207 if (byDecMode != pKey->byCipherSuite) { 1208 if (byDecMode == KEY_CTL_WEP) { 1209// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1210 } else if (pDevice->bLinkPass == true) { 1211// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1212 } 1213 *pKeyOut = NULL; 1214 return false; 1215 } 1216 if (byDecMode == KEY_CTL_WEP) { 1217 // handle WEP 1218 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1219 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true)) { 1220 // Software WEP 1221 // 1. 3253A 1222 // 2. WEP 256 1223 1224 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1225 memcpy(pDevice->abyPRNG, pbyIV, 3); 1226 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1227 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1228 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1229 1230 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1231 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1232 } 1233 } 1234 } else if ((byDecMode == KEY_CTL_TKIP) || 1235 (byDecMode == KEY_CTL_CCMP)) { 1236 // TKIP/AES 1237 1238 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1239 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4)); 1240 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ExtIV: %lx\n", *pdwRxTSC47_16); 1241 if (byDecMode == KEY_CTL_TKIP) { 1242 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV + 2), *pbyIV)); 1243 } else { 1244 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV); 1245 } 1246 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC0_15: %x\n", *pwRxTSC15_0); 1247 1248 if ((byDecMode == KEY_CTL_TKIP) && 1249 (pDevice->byLocalID <= REV_ID_VT3253_A1)) { 1250 // Software TKIP 1251 // 1. 3253 A 1252 PS802_11Header pMACHeader = (PS802_11Header)(pbyFrame); 1253 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1254 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1255 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1256 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1257 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1258 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV OK!\n"); 1259 } else { 1260 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV FAIL!!!\n"); 1261 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "PayloadLen = %d\n", PayloadLen); 1262 } 1263 } 1264 }// end of TKIP/AES 1265 1266 if ((*(pbyIV+3) & 0x20) != 0) 1267 *pbExtIV = true; 1268 return true; 1269} 1270 1271 1272static bool s_bHostWepRxEncryption( 1273 PSDevice pDevice, 1274 unsigned char *pbyFrame, 1275 unsigned int FrameSize, 1276 unsigned char *pbyRsr, 1277 bool bOnFly, 1278 PSKeyItem pKey, 1279 unsigned char *pbyNewRsr, 1280 bool *pbExtIV, 1281 unsigned short *pwRxTSC15_0, 1282 unsigned long *pdwRxTSC47_16 1283) 1284{ 1285 unsigned int PayloadLen = FrameSize; 1286 unsigned char *pbyIV; 1287 unsigned char byKeyIdx; 1288 unsigned char byDecMode = KEY_CTL_WEP; 1289 PS802_11Header pMACHeader; 1290 1291 1292 1293 *pwRxTSC15_0 = 0; 1294 *pdwRxTSC47_16 = 0; 1295 1296 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1297 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) && 1298 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) { 1299 pbyIV += 6; // 6 is 802.11 address4 1300 PayloadLen -= 6; 1301 } 1302 byKeyIdx = (*(pbyIV+3) & 0xc0); 1303 byKeyIdx >>= 6; 1304 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "\nKeyIdx: %d\n", byKeyIdx); 1305 1306 1307 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1308 byDecMode = KEY_CTL_TKIP; 1309 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1310 byDecMode = KEY_CTL_CCMP; 1311 1312 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1313 1314 if (byDecMode != pKey->byCipherSuite) { 1315 if (byDecMode == KEY_CTL_WEP) { 1316// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1317 } else if (pDevice->bLinkPass == true) { 1318// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1319 } 1320 return false; 1321 } 1322 1323 if (byDecMode == KEY_CTL_WEP) { 1324 // handle WEP 1325 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "byDecMode == KEY_CTL_WEP \n"); 1326 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1327 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true) || 1328 (bOnFly == false)) { 1329 // Software WEP 1330 // 1. 3253A 1331 // 2. WEP 256 1332 // 3. NotOnFly 1333 1334 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1335 memcpy(pDevice->abyPRNG, pbyIV, 3); 1336 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1337 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1338 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1339 1340 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1341 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1342 } 1343 } 1344 } else if ((byDecMode == KEY_CTL_TKIP) || 1345 (byDecMode == KEY_CTL_CCMP)) { 1346 // TKIP/AES 1347 1348 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1349 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4)); 1350 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ExtIV: %lx\n", *pdwRxTSC47_16); 1351 1352 if (byDecMode == KEY_CTL_TKIP) { 1353 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1354 } else { 1355 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV); 1356 } 1357 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC0_15: %x\n", *pwRxTSC15_0); 1358 1359 if (byDecMode == KEY_CTL_TKIP) { 1360 1361 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == false)) { 1362 // Software TKIP 1363 // 1. 3253 A 1364 // 2. NotOnFly 1365 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "soft KEY_CTL_TKIP \n"); 1366 pMACHeader = (PS802_11Header)(pbyFrame); 1367 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1368 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1369 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1370 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1371 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1372 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV OK!\n"); 1373 } else { 1374 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV FAIL!!!\n"); 1375 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "PayloadLen = %d\n", PayloadLen); 1376 } 1377 } 1378 } 1379 1380 if (byDecMode == KEY_CTL_CCMP) { 1381 if (bOnFly == false) { 1382 // Software CCMP 1383 // NotOnFly 1384 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "soft KEY_CTL_CCMP\n"); 1385 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) { 1386 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1387 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "CCMP MIC compare OK!\n"); 1388 } else { 1389 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "CCMP MIC fail!\n"); 1390 } 1391 } 1392 } 1393 1394 }// end of TKIP/AES 1395 1396 if ((*(pbyIV+3) & 0x20) != 0) 1397 *pbExtIV = true; 1398 return true; 1399} 1400 1401 1402 1403static bool s_bAPModeRxData( 1404 PSDevice pDevice, 1405 struct sk_buff *skb, 1406 unsigned int FrameSize, 1407 unsigned int cbHeaderOffset, 1408 int iSANodeIndex, 1409 int iDANodeIndex 1410) 1411{ 1412 PSMgmtObject pMgmt = pDevice->pMgmt; 1413 bool bRelayAndForward = false; 1414 bool bRelayOnly = false; 1415 unsigned char byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80}; 1416 unsigned short wAID; 1417 1418 1419 struct sk_buff *skbcpy = NULL; 1420 1421 if (FrameSize > CB_MAX_BUF_SIZE) 1422 return false; 1423 // check DA 1424 if (is_multicast_ether_addr((unsigned char *)(skb->data+cbHeaderOffset))) { 1425 if (pMgmt->sNodeDBTable[0].bPSEnable) { 1426 1427 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz); 1428 1429 // if any node in PS mode, buffer packet until DTIM. 1430 if (skbcpy == NULL) { 1431 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n"); 1432 } 1433 else { 1434 skbcpy->dev = pDevice->dev; 1435 skbcpy->len = FrameSize; 1436 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize); 1437 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy); 1438 1439 pMgmt->sNodeDBTable[0].wEnQueueCnt++; 1440 // set tx map 1441 pMgmt->abyPSTxMap[0] |= byMask[0]; 1442 } 1443 } 1444 else { 1445 bRelayAndForward = true; 1446 } 1447 } 1448 else { 1449 // check if relay 1450 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(skb->data+cbHeaderOffset), &iDANodeIndex)) { 1451 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) { 1452 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) { 1453 // queue this skb until next PS tx, and then release. 1454 1455 skb->data += cbHeaderOffset; 1456 skb->tail += cbHeaderOffset; 1457 skb_put(skb, FrameSize); 1458 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb); 1459 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++; 1460 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID; 1461 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7]; 1462 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n", 1463 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]); 1464 return true; 1465 } 1466 else { 1467 bRelayOnly = true; 1468 } 1469 } 1470 } 1471 } 1472 1473 if (bRelayOnly || bRelayAndForward) { 1474 // relay this packet right now 1475 if (bRelayAndForward) 1476 iDANodeIndex = 0; 1477 1478 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) { 1479 ROUTEbRelay(pDevice, (unsigned char *)(skb->data + cbHeaderOffset), FrameSize, (unsigned int)iDANodeIndex); 1480 } 1481 1482 if (bRelayOnly) 1483 return false; 1484 } 1485 // none associate, don't forward 1486 if (pDevice->uAssocCount == 0) 1487 return false; 1488 1489 return true; 1490} 1491 1492