dpc.c revision 388bf2e8fe0cd499e1a440648ab0d95cd66a114f
1/* 2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. 3 * All rights reserved. 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License along 16 * with this program; if not, write to the Free Software Foundation, Inc., 17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * File: dpc.c 20 * 21 * Purpose: handle dpc rx functions 22 * 23 * Author: Lyndon Chen 24 * 25 * Date: May 20, 2003 26 * 27 * Functions: 28 * device_receive_frame - Rcv 802.11 frame function 29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl. 30 * s_bAPModeRxData- AP Rcv data frame handle 31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly 32 * s_bHostWepRxEncryption- Rcv encrypted data via host 33 * s_byGetRateIdx- get rate index 34 * s_vGetDASA- get data offset 35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 36 * 37 * Revision History: 38 * 39 */ 40 41#include "device.h" 42#include "rxtx.h" 43#include "tether.h" 44#include "card.h" 45#include "bssdb.h" 46#include "mac.h" 47#include "baseband.h" 48#include "michael.h" 49#include "tkip.h" 50#include "tcrc.h" 51#include "wctl.h" 52#include "wroute.h" 53#include "hostap.h" 54#include "rf.h" 55#include "iowpa.h" 56#include "aes_ccmp.h" 57 58//#define PLICE_DEBUG 59 60 61/*--------------------- Static Definitions -------------------------*/ 62 63/*--------------------- Static Classes ----------------------------*/ 64 65/*--------------------- Static Variables --------------------------*/ 66//static int msglevel =MSG_LEVEL_DEBUG; 67static int msglevel =MSG_LEVEL_INFO; 68 69const unsigned char acbyRxRate[MAX_RATE] = 70{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; 71 72 73/*--------------------- Static Functions --------------------------*/ 74 75/*--------------------- Static Definitions -------------------------*/ 76 77/*--------------------- Static Functions --------------------------*/ 78 79static unsigned char s_byGetRateIdx(unsigned char byRate); 80 81 82static void 83s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize, 84 PSEthernetHeader psEthHeader); 85 86static void 87s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr, 88 unsigned int cbPacketSize, BOOL bIsWEP, BOOL bExtIV, 89 unsigned int *pcbHeadSize); 90 91static BOOL s_bAPModeRxCtl( 92 PSDevice pDevice, 93 unsigned char *pbyFrame, 94 int iSANodeIndex 95 ); 96 97 98 99static BOOL s_bAPModeRxData ( 100 PSDevice pDevice, 101 struct sk_buff* skb, 102 unsigned int FrameSize, 103 unsigned int cbHeaderOffset, 104 int iSANodeIndex, 105 int iDANodeIndex 106 ); 107 108 109static BOOL s_bHandleRxEncryption( 110 PSDevice pDevice, 111 unsigned char *pbyFrame, 112 unsigned int FrameSize, 113 unsigned char *pbyRsr, 114 unsigned char *pbyNewRsr, 115 PSKeyItem *pKeyOut, 116 int * pbExtIV, 117 unsigned short *pwRxTSC15_0, 118 unsigned long *pdwRxTSC47_16 119 ); 120 121static BOOL s_bHostWepRxEncryption( 122 123 PSDevice pDevice, 124 unsigned char *pbyFrame, 125 unsigned int FrameSize, 126 unsigned char *pbyRsr, 127 BOOL bOnFly, 128 PSKeyItem pKey, 129 unsigned char *pbyNewRsr, 130 int * pbExtIV, 131 unsigned short *pwRxTSC15_0, 132 unsigned long *pdwRxTSC47_16 133 134 ); 135 136/*--------------------- Export Variables --------------------------*/ 137 138/*+ 139 * 140 * Description: 141 * Translate Rcv 802.11 header to 802.3 header with Rx buffer 142 * 143 * Parameters: 144 * In: 145 * pDevice 146 * dwRxBufferAddr - Address of Rcv Buffer 147 * cbPacketSize - Rcv Packet size 148 * bIsWEP - If Rcv with WEP 149 * Out: 150 * pcbHeaderSize - 802.11 header size 151 * 152 * Return Value: None 153 * 154-*/ 155static void 156s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr, 157 unsigned int cbPacketSize, BOOL bIsWEP, BOOL bExtIV, 158 unsigned int *pcbHeadSize) 159{ 160 unsigned char *pbyRxBuffer; 161 unsigned int cbHeaderSize = 0; 162 unsigned short *pwType; 163 PS802_11Header pMACHeader; 164 int ii; 165 166 167 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 168 169 s_vGetDASA((unsigned char *)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); 170 171 if (bIsWEP) { 172 if (bExtIV) { 173 // strip IV&ExtIV , add 8 byte 174 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); 175 } else { 176 // strip IV , add 4 byte 177 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); 178 } 179 } 180 else { 181 cbHeaderSize += WLAN_HDR_ADDR3_LEN; 182 }; 183 184 pbyRxBuffer = (unsigned char *) (pbyRxBufferAddr + cbHeaderSize); 185 if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) { 186 cbHeaderSize += 6; 187 } 188 else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) { 189 cbHeaderSize += 6; 190 pwType = (unsigned short *) (pbyRxBufferAddr + cbHeaderSize); 191 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) { 192 } 193 else { 194 cbHeaderSize -= 8; 195 pwType = (unsigned short *) (pbyRxBufferAddr + cbHeaderSize); 196 if (bIsWEP) { 197 if (bExtIV) { 198 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 199 } else { 200 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 201 } 202 } 203 else { 204 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 205 } 206 } 207 } 208 else { 209 cbHeaderSize -= 2; 210 pwType = (unsigned short *) (pbyRxBufferAddr + cbHeaderSize); 211 if (bIsWEP) { 212 if (bExtIV) { 213 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 214 } else { 215 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 216 } 217 } 218 else { 219 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 220 } 221 } 222 223 cbHeaderSize -= (ETH_ALEN * 2); 224 pbyRxBuffer = (unsigned char *) (pbyRxBufferAddr + cbHeaderSize); 225 for(ii=0;ii<ETH_ALEN;ii++) 226 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; 227 for(ii=0;ii<ETH_ALEN;ii++) 228 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; 229 230 *pcbHeadSize = cbHeaderSize; 231} 232 233 234 235 236static unsigned char s_byGetRateIdx (unsigned char byRate) 237{ 238 unsigned char byRateIdx; 239 240 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) { 241 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate) 242 return byRateIdx; 243 } 244 return 0; 245} 246 247 248static void 249s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize, 250 PSEthernetHeader psEthHeader) 251{ 252 unsigned int cbHeaderSize = 0; 253 PS802_11Header pMACHeader; 254 int ii; 255 256 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 257 258 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { 259 if (pMACHeader->wFrameCtl & FC_FROMDS) { 260 for(ii=0;ii<ETH_ALEN;ii++) { 261 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 262 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii]; 263 } 264 } 265 else { 266 // IBSS mode 267 for(ii=0;ii<ETH_ALEN;ii++) { 268 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 269 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 270 } 271 } 272 } 273 else { 274 // Is AP mode.. 275 if (pMACHeader->wFrameCtl & FC_FROMDS) { 276 for(ii=0;ii<ETH_ALEN;ii++) { 277 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 278 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii]; 279 cbHeaderSize += 6; 280 } 281 } 282 else { 283 for(ii=0;ii<ETH_ALEN;ii++) { 284 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 285 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 286 } 287 } 288 }; 289 *pcbHeaderSize = cbHeaderSize; 290} 291 292 293 294 295//PLICE_DEBUG -> 296 297void MngWorkItem(void *Context) 298{ 299 PSRxMgmtPacket pRxMgmtPacket; 300 PSDevice pDevice = (PSDevice) Context; 301 //printk("Enter MngWorkItem,Queue packet num is %d\n",pDevice->rxManeQueue.packet_num); 302 spin_lock_irq(&pDevice->lock); 303 while(pDevice->rxManeQueue.packet_num != 0) 304 { 305 pRxMgmtPacket = DeQueue(pDevice); 306 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket); 307 } 308 spin_unlock_irq(&pDevice->lock); 309} 310 311 312//PLICE_DEBUG<- 313 314 315 316BOOL 317device_receive_frame ( 318 PSDevice pDevice, 319 PSRxDesc pCurrRD 320 ) 321{ 322 323 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo; 324#ifdef PLICE_DEBUG 325 //printk("device_receive_frame:pCurrRD is %x,pRDInfo is %x\n",pCurrRD,pCurrRD->pRDInfo); 326#endif 327 struct net_device_stats* pStats=&pDevice->stats; 328 struct sk_buff* skb; 329 PSMgmtObject pMgmt = pDevice->pMgmt; 330 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket); 331 PS802_11Header p802_11Header; 332 unsigned char *pbyRsr; 333 unsigned char *pbyNewRsr; 334 unsigned char *pbyRSSI; 335 PQWORD pqwTSFTime; 336 unsigned short *pwFrameSize; 337 unsigned char *pbyFrame; 338 BOOL bDeFragRx = FALSE; 339 BOOL bIsWEP = FALSE; 340 unsigned int cbHeaderOffset; 341 unsigned int FrameSize; 342 unsigned short wEtherType = 0; 343 int iSANodeIndex = -1; 344 int iDANodeIndex = -1; 345 unsigned int ii; 346 unsigned int cbIVOffset; 347 BOOL bExtIV = FALSE; 348 unsigned char *pbyRxSts; 349 unsigned char *pbyRxRate; 350 unsigned char *pbySQ; 351 unsigned int cbHeaderSize; 352 PSKeyItem pKey = NULL; 353 unsigned short wRxTSC15_0 = 0; 354 unsigned long dwRxTSC47_16 = 0; 355 SKeyItem STempKey; 356 // 802.11h RPI 357 unsigned long dwDuration = 0; 358 long ldBm = 0; 359 long ldBmThreshold = 0; 360 PS802_11Header pMACHeader; 361 BOOL bRxeapol_key = FALSE; 362 363// DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- device_receive_frame---\n"); 364 365 skb = pRDInfo->skb; 366 367 368//PLICE_DEBUG-> 369#if 1 370 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma, 371 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE); 372#endif 373//PLICE_DEBUG<- 374 pwFrameSize = (unsigned short *)(skb->data + 2); 375 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount); 376 377 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 378 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 379 if ((FrameSize > 2364)||(FrameSize <= 32)) { 380 // Frame Size error drop this packet. 381 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n"); 382 return FALSE; 383 } 384 385 pbyRxSts = (unsigned char *) (skb->data); 386 pbyRxRate = (unsigned char *) (skb->data + 1); 387 pbyRsr = (unsigned char *) (skb->data + FrameSize - 1); 388 pbyRSSI = (unsigned char *) (skb->data + FrameSize - 2); 389 pbyNewRsr = (unsigned char *) (skb->data + FrameSize - 3); 390 pbySQ = (unsigned char *) (skb->data + FrameSize - 4); 391 pqwTSFTime = (PQWORD) (skb->data + FrameSize - 12); 392 pbyFrame = (unsigned char *)(skb->data + 4); 393 394 // get packet size 395 FrameSize = cpu_to_le16(*pwFrameSize); 396 397 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC 398 // Min: 14 bytes ACK 399 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n"); 400 return FALSE; 401 } 402//PLICE_DEBUG-> 403#if 1 404 // update receive statistic counter 405 STAvUpdateRDStatCounter(&pDevice->scStatistic, 406 *pbyRsr, 407 *pbyNewRsr, 408 *pbyRxRate, 409 pbyFrame, 410 FrameSize); 411 412#endif 413 414 pMACHeader=(PS802_11Header)((unsigned char *) (skb->data)+8); 415//PLICE_DEBUG<- 416 if (pDevice->bMeasureInProgress == TRUE) { 417 if ((*pbyRsr & RSR_CRCOK) != 0) { 418 pDevice->byBasicMap |= 0x01; 419 } 420 dwDuration = (FrameSize << 4); 421 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE]; 422 if (*pbyRxRate <= RATE_11M) { 423 if (*pbyRxSts & 0x01) { 424 // long preamble 425 dwDuration += 192; 426 } else { 427 // short preamble 428 dwDuration += 96; 429 } 430 } else { 431 dwDuration += 16; 432 } 433 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 434 ldBmThreshold = -57; 435 for (ii = 7; ii > 0;) { 436 if (ldBm > ldBmThreshold) { 437 break; 438 } 439 ldBmThreshold -= 5; 440 ii--; 441 } 442 pDevice->dwRPIs[ii] += dwDuration; 443 return FALSE; 444 } 445 446 if (!is_multicast_ether_addr(pbyFrame)) { 447 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) (skb->data + 4))) { 448 pDevice->s802_11Counter.FrameDuplicateCount++; 449 return FALSE; 450 } 451 } 452 453 454 // Use for TKIP MIC 455 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader); 456 457 // filter packet send from myself 458 if (!compare_ether_addr((unsigned char *)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr)) 459 return FALSE; 460 461 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { 462 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 463 p802_11Header = (PS802_11Header) (pbyFrame); 464 // get SA NodeIndex 465 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(p802_11Header->abyAddr2), &iSANodeIndex)) { 466 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; 467 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; 468 } 469 } 470 } 471 472 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 473 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) { 474 return FALSE; 475 } 476 } 477 478 479 if (IS_FC_WEP(pbyFrame)) { 480 BOOL bRxDecryOK = FALSE; 481 482 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n"); 483 bIsWEP = TRUE; 484 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { 485 pKey = &STempKey; 486 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; 487 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; 488 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; 489 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; 490 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; 491 memcpy(pKey->abyKey, 492 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], 493 pKey->uKeyLength 494 ); 495 496 bRxDecryOK = s_bHostWepRxEncryption(pDevice, 497 pbyFrame, 498 FrameSize, 499 pbyRsr, 500 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, 501 pKey, 502 pbyNewRsr, 503 &bExtIV, 504 &wRxTSC15_0, 505 &dwRxTSC47_16); 506 } else { 507 bRxDecryOK = s_bHandleRxEncryption(pDevice, 508 pbyFrame, 509 FrameSize, 510 pbyRsr, 511 pbyNewRsr, 512 &pKey, 513 &bExtIV, 514 &wRxTSC15_0, 515 &dwRxTSC47_16); 516 } 517 518 if (bRxDecryOK) { 519 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { 520 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n"); 521 if ( (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 522 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 523 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 524 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 525 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 526 527 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 528 pDevice->s802_11Counter.TKIPICVErrors++; 529 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) { 530 pDevice->s802_11Counter.CCMPDecryptErrors++; 531 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) { 532// pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++; 533 } 534 } 535 return FALSE; 536 } 537 } else { 538 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n"); 539 return FALSE; 540 } 541 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) 542 FrameSize -= 8; // Message Integrity Code 543 else 544 FrameSize -= 4; // 4 is ICV 545 } 546 547 548 // 549 // RX OK 550 // 551 //remove the CRC length 552 FrameSize -= ETH_FCS_LEN; 553 554 if (( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address 555 (IS_FRAGMENT_PKT((skb->data+4))) 556 ) { 557 // defragment 558 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (skb->data+4), FrameSize, bIsWEP, bExtIV); 559 pDevice->s802_11Counter.ReceivedFragmentCount++; 560 if (bDeFragRx) { 561 // defrag complete 562 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; 563 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; 564 565 } 566 else { 567 return FALSE; 568 } 569 } 570 571 572// Management & Control frame Handle 573 if ((IS_TYPE_DATA((skb->data+4))) == FALSE) { 574 // Handle Control & Manage Frame 575 576 if (IS_TYPE_MGMT((skb->data+4))) { 577 unsigned char *pbyData1; 578 unsigned char *pbyData2; 579 580 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4); 581 pRxPacket->cbMPDULen = FrameSize; 582 pRxPacket->uRSSI = *pbyRSSI; 583 pRxPacket->bySQ = *pbySQ; 584 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime)); 585 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime)); 586 if (bIsWEP) { 587 // strip IV 588 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4); 589 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4; 590 for (ii = 0; ii < (FrameSize - 4); ii++) { 591 *pbyData1 = *pbyData2; 592 pbyData1++; 593 pbyData2++; 594 } 595 } 596 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); 597 pRxPacket->byRxChannel = (*pbyRxSts) >> 2; 598//PLICE_DEBUG-> 599//EnQueue(pDevice,pRxPacket); 600 601#ifdef THREAD 602 EnQueue(pDevice,pRxPacket); 603 604 //printk("enque time is %x\n",jiffies); 605 //up(&pDevice->mlme_semaphore); 606 //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt); 607#else 608 609#ifdef TASK_LET 610 EnQueue(pDevice,pRxPacket); 611 tasklet_schedule(&pDevice->RxMngWorkItem); 612#else 613//printk("RxMan\n"); 614 vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 615 //tasklet_schedule(&pDevice->RxMngWorkItem); 616#endif 617 618#endif 619//PLICE_DEBUG<- 620 //vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 621 // hostap Deamon handle 802.11 management 622 if (pDevice->bEnableHostapd) { 623 skb->dev = pDevice->apdev; 624 skb->data += 4; 625 skb->tail += 4; 626 skb_put(skb, FrameSize); 627 skb_reset_mac_header(skb); 628 skb->pkt_type = PACKET_OTHERHOST; 629 skb->protocol = htons(ETH_P_802_2); 630 memset(skb->cb, 0, sizeof(skb->cb)); 631 netif_rx(skb); 632 return TRUE; 633 } 634 } 635 else { 636 // Control Frame 637 }; 638 return FALSE; 639 } 640 else { 641 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 642 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. 643 if ( !(*pbyRsr & RSR_BSSIDOK)) { 644 if (bDeFragRx) { 645 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 646 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 647 pDevice->dev->name); 648 } 649 } 650 return FALSE; 651 } 652 } 653 else { 654 // discard DATA packet while not associate || BSSID error 655 if ((pDevice->bLinkPass == FALSE) || 656 !(*pbyRsr & RSR_BSSIDOK)) { 657 if (bDeFragRx) { 658 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 659 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 660 pDevice->dev->name); 661 } 662 } 663 return FALSE; 664 } 665 //mike add:station mode check eapol-key challenge---> 666 { 667 unsigned char Protocol_Version; //802.1x Authentication 668 unsigned char Packet_Type; //802.1x Authentication 669 if (bIsWEP) 670 cbIVOffset = 8; 671 else 672 cbIVOffset = 0; 673 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | 674 skb->data[cbIVOffset + 8 + 24 + 6 + 1]; 675 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1]; 676 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1]; 677 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header 678 if(((Protocol_Version==1) ||(Protocol_Version==2)) && 679 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive 680 bRxeapol_key = TRUE; 681 } 682 } 683 } 684 //mike add:station mode check eapol-key challenge<--- 685 } 686 } 687 688 689// Data frame Handle 690 691 692 if (pDevice->bEnablePSMode) { 693 if (IS_FC_MOREDATA((skb->data+4))) { 694 if (*pbyRsr & RSR_ADDROK) { 695 //PSbSendPSPOLL((PSDevice)pDevice); 696 } 697 } 698 else { 699 if (pDevice->pMgmt->bInTIMWake == TRUE) { 700 pDevice->pMgmt->bInTIMWake = FALSE; 701 } 702 } 703 }; 704 705 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps 706 if (pDevice->bDiversityEnable && (FrameSize>50) && 707 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) && 708 (pDevice->bLinkPass == TRUE)) { 709 //printk("device_receive_frame: RxRate is %d\n",*pbyRxRate); 710 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); 711 } 712 713 714 if (pDevice->byLocalID != REV_ID_VT3253_B1) { 715 pDevice->uCurrRSSI = *pbyRSSI; 716 } 717 pDevice->byCurrSQ = *pbySQ; 718 719 if ((*pbyRSSI != 0) && 720 (pMgmt->pCurrBSS!=NULL)) { 721 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 722 // Moniter if RSSI is too strong. 723 pMgmt->pCurrBSS->byRSSIStatCnt++; 724 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; 725 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; 726 for(ii=0;ii<RSSI_STAT_COUNT;ii++) { 727 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) { 728 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); 729 } 730 } 731 } 732 733 // ----------------------------------------------- 734 735 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){ 736 unsigned char abyMacHdr[24]; 737 738 // Only 802.1x packet incoming allowed 739 if (bIsWEP) 740 cbIVOffset = 8; 741 else 742 cbIVOffset = 0; 743 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) | 744 skb->data[cbIVOffset + 4 + 24 + 6 + 1]; 745 746 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType); 747 if (wEtherType == ETH_P_PAE) { 748 skb->dev = pDevice->apdev; 749 750 if (bIsWEP == TRUE) { 751 // strip IV header(8) 752 memcpy(&abyMacHdr[0], (skb->data + 4), 24); 753 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24); 754 } 755 skb->data += (cbIVOffset + 4); 756 skb->tail += (cbIVOffset + 4); 757 skb_put(skb, FrameSize); 758 skb_reset_mac_header(skb); 759 760 skb->pkt_type = PACKET_OTHERHOST; 761 skb->protocol = htons(ETH_P_802_2); 762 memset(skb->cb, 0, sizeof(skb->cb)); 763 netif_rx(skb); 764 return TRUE; 765 766} 767 // check if 802.1x authorized 768 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) 769 return FALSE; 770 } 771 772 773 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 774 if (bIsWEP) { 775 FrameSize -= 8; //MIC 776 } 777 } 778 779 //-------------------------------------------------------------------------------- 780 // Soft MIC 781 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 782 if (bIsWEP) { 783 unsigned long *pdwMIC_L; 784 unsigned long *pdwMIC_R; 785 unsigned long dwMIC_Priority; 786 unsigned long dwMICKey0 = 0, dwMICKey1 = 0; 787 unsigned long dwLocalMIC_L = 0; 788 unsigned long dwLocalMIC_R = 0; 789 viawget_wpa_header *wpahdr; 790 791 792 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 793 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[24])); 794 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[28])); 795 } 796 else { 797 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { 798 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[16])); 799 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[20])); 800 } else if ((pKey->dwKeyIndex & BIT28) == 0) { 801 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[16])); 802 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[20])); 803 } else { 804 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[24])); 805 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[28])); 806 } 807 } 808 809 MIC_vInit(dwMICKey0, dwMICKey1); 810 MIC_vAppend((unsigned char *)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); 811 dwMIC_Priority = 0; 812 MIC_vAppend((unsigned char *)&dwMIC_Priority, 4); 813 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. 814 MIC_vAppend((unsigned char *)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8), 815 FrameSize - WLAN_HDR_ADDR3_LEN - 8); 816 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); 817 MIC_vUnInit(); 818 819 pdwMIC_L = (unsigned long *)(skb->data + 4 + FrameSize); 820 pdwMIC_R = (unsigned long *)(skb->data + 4 + FrameSize + 4); 821 //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R)); 822 //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R)); 823 //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1); 824 825 826 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || 827 (pDevice->bRxMICFail == TRUE)) { 828 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n"); 829 pDevice->bRxMICFail = FALSE; 830 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; 831 pDevice->s802_11Counter.TKIPLocalMICFailures++; 832 if (bDeFragRx) { 833 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 834 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 835 pDevice->dev->name); 836 } 837 } 838 //2008-0409-07, <Add> by Einsn Liu 839 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT 840 //send event to wpa_supplicant 841 //if(pDevice->bWPADevEnable == TRUE) 842 { 843 union iwreq_data wrqu; 844 struct iw_michaelmicfailure ev; 845 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits 846 memset(&ev, 0, sizeof(ev)); 847 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 848 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 849 (pMgmt->eCurrState == WMAC_STATE_ASSOC) && 850 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 851 ev.flags |= IW_MICFAILURE_PAIRWISE; 852 } else { 853 ev.flags |= IW_MICFAILURE_GROUP; 854 } 855 856 ev.src_addr.sa_family = ARPHRD_ETHER; 857 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); 858 memset(&wrqu, 0, sizeof(wrqu)); 859 wrqu.data.length = sizeof(ev); 860 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); 861 862 } 863 #endif 864 865 866 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) { 867 wpahdr = (viawget_wpa_header *)pDevice->skb->data; 868 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 869 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) && 870 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 871 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR; 872 wpahdr->type = VIAWGET_PTK_MIC_MSG; 873 } else { 874 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR; 875 wpahdr->type = VIAWGET_GTK_MIC_MSG; 876 } 877 wpahdr->resp_ie_len = 0; 878 wpahdr->req_ie_len = 0; 879 skb_put(pDevice->skb, sizeof(viawget_wpa_header)); 880 pDevice->skb->dev = pDevice->wpadev; 881 skb_reset_mac_header(pDevice->skb); 882 pDevice->skb->pkt_type = PACKET_HOST; 883 pDevice->skb->protocol = htons(ETH_P_802_2); 884 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); 885 netif_rx(pDevice->skb); 886 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); 887 }; 888 889 return FALSE; 890 891 } 892 } 893 } //---end of SOFT MIC----------------------------------------------------------------------- 894 895 // ++++++++++ Reply Counter Check +++++++++++++ 896 897 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || 898 (pKey->byCipherSuite == KEY_CTL_CCMP))) { 899 if (bIsWEP) { 900 unsigned short wLocalTSC15_0 = 0; 901 unsigned long dwLocalTSC47_16 = 0; 902 unsigned long long RSC = 0; 903 // endian issues 904 RSC = *((unsigned long long *) &(pKey->KeyRSC)); 905 wLocalTSC15_0 = (unsigned short) RSC; 906 dwLocalTSC47_16 = (unsigned long) (RSC>>16); 907 908 RSC = dwRxTSC47_16; 909 RSC <<= 16; 910 RSC += wRxTSC15_0; 911 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD)); 912 913 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && 914 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { 915 // check RSC 916 if ( (wRxTSC15_0 < wLocalTSC15_0) && 917 (dwRxTSC47_16 <= dwLocalTSC47_16) && 918 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { 919 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n "); 920 if (pKey->byCipherSuite == KEY_CTL_TKIP) 921 //pDevice->s802_11Counter.TKIPReplays.QuadPart++; 922 pDevice->s802_11Counter.TKIPReplays++; 923 else 924 //pDevice->s802_11Counter.CCMPReplays.QuadPart++; 925 pDevice->s802_11Counter.CCMPReplays++; 926 927 if (bDeFragRx) { 928 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 929 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 930 pDevice->dev->name); 931 } 932 } 933 return FALSE; 934 } 935 } 936 } 937 } // ----- End of Reply Counter Check -------------------------- 938 939 940 941 if ((pKey != NULL) && (bIsWEP)) { 942// pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++; 943 } 944 945 946 s_vProcessRxMACHeader(pDevice, (unsigned char *)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); 947 FrameSize -= cbHeaderOffset; 948 cbHeaderOffset += 4; // 4 is Rcv buffer header 949 950 // Null data, framesize = 14 951 if (FrameSize < 15) 952 return FALSE; 953 954 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 955 if (s_bAPModeRxData(pDevice, 956 skb, 957 FrameSize, 958 cbHeaderOffset, 959 iSANodeIndex, 960 iDANodeIndex 961 ) == FALSE) { 962 963 if (bDeFragRx) { 964 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 965 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 966 pDevice->dev->name); 967 } 968 } 969 return FALSE; 970 } 971 972// if(pDevice->bRxMICFail == FALSE) { 973// for (ii =0; ii < 100; ii++) 974// printk(" %02x", *(skb->data + ii)); 975// printk("\n"); 976// } 977 978 } 979 980 skb->data += cbHeaderOffset; 981 skb->tail += cbHeaderOffset; 982 skb_put(skb, FrameSize); 983 skb->protocol=eth_type_trans(skb, skb->dev); 984 985 986 //drop frame not met IEEE 802.3 987/* 988 if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) { 989 if ((skb->protocol==htons(ETH_P_802_3)) && 990 (skb->len!=htons(skb->mac.ethernet->h_proto))) { 991 pStats->rx_length_errors++; 992 pStats->rx_dropped++; 993 if (bDeFragRx) { 994 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 995 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 996 pDevice->dev->name); 997 } 998 } 999 return FALSE; 1000 } 1001 } 1002*/ 1003 1004 skb->ip_summed=CHECKSUM_NONE; 1005 pStats->rx_bytes +=skb->len; 1006 pStats->rx_packets++; 1007 netif_rx(skb); 1008 1009 if (bDeFragRx) { 1010 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 1011 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 1012 pDevice->dev->name); 1013 } 1014 return FALSE; 1015 } 1016 1017 return TRUE; 1018} 1019 1020 1021static BOOL s_bAPModeRxCtl ( 1022 PSDevice pDevice, 1023 unsigned char *pbyFrame, 1024 int iSANodeIndex 1025 ) 1026{ 1027 PS802_11Header p802_11Header; 1028 CMD_STATUS Status; 1029 PSMgmtObject pMgmt = pDevice->pMgmt; 1030 1031 1032 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 1033 1034 p802_11Header = (PS802_11Header) (pbyFrame); 1035 if (!IS_TYPE_MGMT(pbyFrame)) { 1036 1037 // Data & PS-Poll packet 1038 // check frame class 1039 if (iSANodeIndex > 0) { 1040 // frame class 3 fliter & checking 1041 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { 1042 // send deauth notification 1043 // reason = (6) class 2 received from nonauth sta 1044 vMgrDeAuthenBeginSta(pDevice, 1045 pMgmt, 1046 (unsigned char *)(p802_11Header->abyAddr2), 1047 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1048 &Status 1049 ); 1050 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); 1051 return TRUE; 1052 }; 1053 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { 1054 // send deassoc notification 1055 // reason = (7) class 3 received from nonassoc sta 1056 vMgrDisassocBeginSta(pDevice, 1057 pMgmt, 1058 (unsigned char *)(p802_11Header->abyAddr2), 1059 (WLAN_MGMT_REASON_CLASS3_NONASSOC), 1060 &Status 1061 ); 1062 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); 1063 return TRUE; 1064 }; 1065 1066 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { 1067 // delcare received ps-poll event 1068 if (IS_CTL_PSPOLL(pbyFrame)) { 1069 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1070 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1071 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); 1072 } 1073 else { 1074 // check Data PS state 1075 // if PW bit off, send out all PS bufferring packets. 1076 if (!IS_FC_POWERMGT(pbyFrame)) { 1077 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; 1078 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1079 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1080 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); 1081 } 1082 } 1083 } 1084 else { 1085 if (IS_FC_POWERMGT(pbyFrame)) { 1086 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE; 1087 // Once if STA in PS state, enable multicast bufferring 1088 pMgmt->sNodeDBTable[0].bPSEnable = TRUE; 1089 } 1090 else { 1091 // clear all pending PS frame. 1092 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { 1093 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; 1094 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1095 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1096 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); 1097 1098 } 1099 } 1100 } 1101 } 1102 else { 1103 vMgrDeAuthenBeginSta(pDevice, 1104 pMgmt, 1105 (unsigned char *)(p802_11Header->abyAddr2), 1106 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1107 &Status 1108 ); 1109 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); 1110 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n", 1111 p802_11Header->abyAddr3[0], 1112 p802_11Header->abyAddr3[1], 1113 p802_11Header->abyAddr3[2], 1114 p802_11Header->abyAddr3[3], 1115 p802_11Header->abyAddr3[4], 1116 p802_11Header->abyAddr3[5] 1117 ); 1118 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n", 1119 p802_11Header->abyAddr2[0], 1120 p802_11Header->abyAddr2[1], 1121 p802_11Header->abyAddr2[2], 1122 p802_11Header->abyAddr2[3], 1123 p802_11Header->abyAddr2[4], 1124 p802_11Header->abyAddr2[5] 1125 ); 1126 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n", 1127 p802_11Header->abyAddr1[0], 1128 p802_11Header->abyAddr1[1], 1129 p802_11Header->abyAddr1[2], 1130 p802_11Header->abyAddr1[3], 1131 p802_11Header->abyAddr1[4], 1132 p802_11Header->abyAddr1[5] 1133 ); 1134 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl ); 1135 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode)); 1136 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode ); 1137 return TRUE; 1138 } 1139 } 1140 } 1141 return FALSE; 1142 1143} 1144 1145static BOOL s_bHandleRxEncryption ( 1146 PSDevice pDevice, 1147 unsigned char *pbyFrame, 1148 unsigned int FrameSize, 1149 unsigned char *pbyRsr, 1150 unsigned char *pbyNewRsr, 1151 PSKeyItem *pKeyOut, 1152 int * pbExtIV, 1153 unsigned short *pwRxTSC15_0, 1154 unsigned long *pdwRxTSC47_16 1155 ) 1156{ 1157 unsigned int PayloadLen = FrameSize; 1158 unsigned char *pbyIV; 1159 unsigned char byKeyIdx; 1160 PSKeyItem pKey = NULL; 1161 unsigned char byDecMode = KEY_CTL_WEP; 1162 PSMgmtObject pMgmt = pDevice->pMgmt; 1163 1164 1165 *pwRxTSC15_0 = 0; 1166 *pdwRxTSC47_16 = 0; 1167 1168 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1169 if ( WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) && 1170 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame) ) { 1171 pbyIV += 6; // 6 is 802.11 address4 1172 PayloadLen -= 6; 1173 } 1174 byKeyIdx = (*(pbyIV+3) & 0xc0); 1175 byKeyIdx >>= 6; 1176 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); 1177 1178 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 1179 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 1180 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 1181 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 1182 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 1183 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && 1184 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) { 1185 // unicast pkt use pairwise key 1186 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n"); 1187 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) { 1188 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP) 1189 byDecMode = KEY_CTL_TKIP; 1190 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP) 1191 byDecMode = KEY_CTL_CCMP; 1192 } 1193 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey); 1194 } else { 1195 // use group key 1196 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); 1197 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1198 byDecMode = KEY_CTL_TKIP; 1199 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1200 byDecMode = KEY_CTL_CCMP; 1201 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); 1202 } 1203 } 1204 // our WEP only support Default Key 1205 if (pKey == NULL) { 1206 // use default group key 1207 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); 1208 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1209 byDecMode = KEY_CTL_TKIP; 1210 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1211 byDecMode = KEY_CTL_CCMP; 1212 } 1213 *pKeyOut = pKey; 1214 1215 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1216 1217 if (pKey == NULL) { 1218 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n"); 1219 if (byDecMode == KEY_CTL_WEP) { 1220// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1221 } else if (pDevice->bLinkPass == TRUE) { 1222// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1223 } 1224 return FALSE; 1225 } 1226 if (byDecMode != pKey->byCipherSuite) { 1227 if (byDecMode == KEY_CTL_WEP) { 1228// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1229 } else if (pDevice->bLinkPass == TRUE) { 1230// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1231 } 1232 *pKeyOut = NULL; 1233 return FALSE; 1234 } 1235 if (byDecMode == KEY_CTL_WEP) { 1236 // handle WEP 1237 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1238 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) { 1239 // Software WEP 1240 // 1. 3253A 1241 // 2. WEP 256 1242 1243 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1244 memcpy(pDevice->abyPRNG, pbyIV, 3); 1245 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1246 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1247 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1248 1249 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1250 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1251 } 1252 } 1253 } else if ((byDecMode == KEY_CTL_TKIP) || 1254 (byDecMode == KEY_CTL_CCMP)) { 1255 // TKIP/AES 1256 1257 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1258 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4)); 1259 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); 1260 if (byDecMode == KEY_CTL_TKIP) { 1261 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1262 } else { 1263 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV); 1264 } 1265 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); 1266 1267 if ((byDecMode == KEY_CTL_TKIP) && 1268 (pDevice->byLocalID <= REV_ID_VT3253_A1)) { 1269 // Software TKIP 1270 // 1. 3253 A 1271 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame); 1272 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1273 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1274 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1275 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1276 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1277 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); 1278 } else { 1279 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); 1280 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); 1281 } 1282 } 1283 }// end of TKIP/AES 1284 1285 if ((*(pbyIV+3) & 0x20) != 0) 1286 *pbExtIV = TRUE; 1287 return TRUE; 1288} 1289 1290 1291static BOOL s_bHostWepRxEncryption ( 1292 PSDevice pDevice, 1293 unsigned char *pbyFrame, 1294 unsigned int FrameSize, 1295 unsigned char *pbyRsr, 1296 BOOL bOnFly, 1297 PSKeyItem pKey, 1298 unsigned char *pbyNewRsr, 1299 int * pbExtIV, 1300 unsigned short *pwRxTSC15_0, 1301 unsigned long *pdwRxTSC47_16 1302 ) 1303{ 1304 unsigned int PayloadLen = FrameSize; 1305 unsigned char *pbyIV; 1306 unsigned char byKeyIdx; 1307 unsigned char byDecMode = KEY_CTL_WEP; 1308 PS802_11Header pMACHeader; 1309 1310 1311 1312 *pwRxTSC15_0 = 0; 1313 *pdwRxTSC47_16 = 0; 1314 1315 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1316 if ( WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) && 1317 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame) ) { 1318 pbyIV += 6; // 6 is 802.11 address4 1319 PayloadLen -= 6; 1320 } 1321 byKeyIdx = (*(pbyIV+3) & 0xc0); 1322 byKeyIdx >>= 6; 1323 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); 1324 1325 1326 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1327 byDecMode = KEY_CTL_TKIP; 1328 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1329 byDecMode = KEY_CTL_CCMP; 1330 1331 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1332 1333 if (byDecMode != pKey->byCipherSuite) { 1334 if (byDecMode == KEY_CTL_WEP) { 1335// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1336 } else if (pDevice->bLinkPass == TRUE) { 1337// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1338 } 1339 return FALSE; 1340 } 1341 1342 if (byDecMode == KEY_CTL_WEP) { 1343 // handle WEP 1344 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n"); 1345 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1346 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) || 1347 (bOnFly == FALSE)) { 1348 // Software WEP 1349 // 1. 3253A 1350 // 2. WEP 256 1351 // 3. NotOnFly 1352 1353 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1354 memcpy(pDevice->abyPRNG, pbyIV, 3); 1355 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1356 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1357 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1358 1359 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1360 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1361 } 1362 } 1363 } else if ((byDecMode == KEY_CTL_TKIP) || 1364 (byDecMode == KEY_CTL_CCMP)) { 1365 // TKIP/AES 1366 1367 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1368 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4)); 1369 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); 1370 1371 if (byDecMode == KEY_CTL_TKIP) { 1372 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1373 } else { 1374 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV); 1375 } 1376 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); 1377 1378 if (byDecMode == KEY_CTL_TKIP) { 1379 1380 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) { 1381 // Software TKIP 1382 // 1. 3253 A 1383 // 2. NotOnFly 1384 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n"); 1385 pMACHeader = (PS802_11Header) (pbyFrame); 1386 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1387 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1388 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1389 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1390 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1391 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); 1392 } else { 1393 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); 1394 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); 1395 } 1396 } 1397 } 1398 1399 if (byDecMode == KEY_CTL_CCMP) { 1400 if (bOnFly == FALSE) { 1401 // Software CCMP 1402 // NotOnFly 1403 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n"); 1404 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) { 1405 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1406 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n"); 1407 } else { 1408 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n"); 1409 } 1410 } 1411 } 1412 1413 }// end of TKIP/AES 1414 1415 if ((*(pbyIV+3) & 0x20) != 0) 1416 *pbExtIV = TRUE; 1417 return TRUE; 1418} 1419 1420 1421 1422static BOOL s_bAPModeRxData ( 1423 PSDevice pDevice, 1424 struct sk_buff* skb, 1425 unsigned int FrameSize, 1426 unsigned int cbHeaderOffset, 1427 int iSANodeIndex, 1428 int iDANodeIndex 1429 ) 1430{ 1431 PSMgmtObject pMgmt = pDevice->pMgmt; 1432 BOOL bRelayAndForward = FALSE; 1433 BOOL bRelayOnly = FALSE; 1434 unsigned char byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80}; 1435 unsigned short wAID; 1436 1437 1438 struct sk_buff* skbcpy = NULL; 1439 1440 if (FrameSize > CB_MAX_BUF_SIZE) 1441 return FALSE; 1442 // check DA 1443 if(is_multicast_ether_addr((unsigned char *)(skb->data+cbHeaderOffset))) { 1444 if (pMgmt->sNodeDBTable[0].bPSEnable) { 1445 1446 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz); 1447 1448 // if any node in PS mode, buffer packet until DTIM. 1449 if (skbcpy == NULL) { 1450 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n"); 1451 } 1452 else { 1453 skbcpy->dev = pDevice->dev; 1454 skbcpy->len = FrameSize; 1455 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize); 1456 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy); 1457 1458 pMgmt->sNodeDBTable[0].wEnQueueCnt++; 1459 // set tx map 1460 pMgmt->abyPSTxMap[0] |= byMask[0]; 1461 } 1462 } 1463 else { 1464 bRelayAndForward = TRUE; 1465 } 1466 } 1467 else { 1468 // check if relay 1469 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(skb->data+cbHeaderOffset), &iDANodeIndex)) { 1470 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) { 1471 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) { 1472 // queue this skb until next PS tx, and then release. 1473 1474 skb->data += cbHeaderOffset; 1475 skb->tail += cbHeaderOffset; 1476 skb_put(skb, FrameSize); 1477 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb); 1478 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++; 1479 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID; 1480 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7]; 1481 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n", 1482 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]); 1483 return TRUE; 1484 } 1485 else { 1486 bRelayOnly = TRUE; 1487 } 1488 } 1489 }; 1490 } 1491 1492 if (bRelayOnly || bRelayAndForward) { 1493 // relay this packet right now 1494 if (bRelayAndForward) 1495 iDANodeIndex = 0; 1496 1497 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) { 1498 ROUTEbRelay(pDevice, (unsigned char *)(skb->data + cbHeaderOffset), FrameSize, (unsigned int)iDANodeIndex); 1499 } 1500 1501 if (bRelayOnly) 1502 return FALSE; 1503 } 1504 // none associate, don't forward 1505 if (pDevice->uAssocCount == 0) 1506 return FALSE; 1507 1508 return TRUE; 1509} 1510 1511