dpc.c revision 3fc9b584c28095fe0d46cfb8bddafdf93947042e
1/* 2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. 3 * All rights reserved. 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License along 16 * with this program; if not, write to the Free Software Foundation, Inc., 17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * File: dpc.c 20 * 21 * Purpose: handle dpc rx functions 22 * 23 * Author: Lyndon Chen 24 * 25 * Date: May 20, 2003 26 * 27 * Functions: 28 * device_receive_frame - Rcv 802.11 frame function 29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl. 30 * s_bAPModeRxData- AP Rcv data frame handle 31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly 32 * s_bHostWepRxEncryption- Rcv encrypted data via host 33 * s_byGetRateIdx- get rate index 34 * s_vGetDASA- get data offset 35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 36 * 37 * Revision History: 38 * 39 */ 40 41#include "device.h" 42#include "rxtx.h" 43#include "tether.h" 44#include "card.h" 45#include "bssdb.h" 46#include "mac.h" 47#include "baseband.h" 48#include "michael.h" 49#include "tkip.h" 50#include "tcrc.h" 51#include "wctl.h" 52#include "wroute.h" 53#include "hostap.h" 54#include "rf.h" 55#include "iowpa.h" 56#include "aes_ccmp.h" 57 58//#define PLICE_DEBUG 59 60 61/*--------------------- Static Definitions -------------------------*/ 62 63/*--------------------- Static Classes ----------------------------*/ 64 65/*--------------------- Static Variables --------------------------*/ 66//static int msglevel =MSG_LEVEL_DEBUG; 67static int msglevel =MSG_LEVEL_INFO; 68 69const unsigned char acbyRxRate[MAX_RATE] = 70{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; 71 72 73/*--------------------- Static Functions --------------------------*/ 74 75/*--------------------- Static Definitions -------------------------*/ 76 77/*--------------------- Static Functions --------------------------*/ 78 79static unsigned char s_byGetRateIdx(unsigned char byRate); 80 81 82static 83void 84s_vGetDASA( 85 unsigned char *pbyRxBufferAddr, 86 PUINT pcbHeaderSize, 87 PSEthernetHeader psEthHeader 88 ); 89 90static 91void 92s_vProcessRxMACHeader ( 93 PSDevice pDevice, 94 unsigned char *pbyRxBufferAddr, 95 unsigned int cbPacketSize, 96 BOOL bIsWEP, 97 BOOL bExtIV, 98 PUINT pcbHeadSize 99 ); 100 101static BOOL s_bAPModeRxCtl( 102 PSDevice pDevice, 103 unsigned char *pbyFrame, 104 int iSANodeIndex 105 ); 106 107 108 109static BOOL s_bAPModeRxData ( 110 PSDevice pDevice, 111 struct sk_buff* skb, 112 unsigned int FrameSize, 113 unsigned int cbHeaderOffset, 114 int iSANodeIndex, 115 int iDANodeIndex 116 ); 117 118 119static BOOL s_bHandleRxEncryption( 120 PSDevice pDevice, 121 unsigned char *pbyFrame, 122 unsigned int FrameSize, 123 unsigned char *pbyRsr, 124 unsigned char *pbyNewRsr, 125 PSKeyItem *pKeyOut, 126 int * pbExtIV, 127 unsigned short *pwRxTSC15_0, 128 unsigned long *pdwRxTSC47_16 129 ); 130 131static BOOL s_bHostWepRxEncryption( 132 133 PSDevice pDevice, 134 unsigned char *pbyFrame, 135 unsigned int FrameSize, 136 unsigned char *pbyRsr, 137 BOOL bOnFly, 138 PSKeyItem pKey, 139 unsigned char *pbyNewRsr, 140 int * pbExtIV, 141 unsigned short *pwRxTSC15_0, 142 unsigned long *pdwRxTSC47_16 143 144 ); 145 146/*--------------------- Export Variables --------------------------*/ 147 148/*+ 149 * 150 * Description: 151 * Translate Rcv 802.11 header to 802.3 header with Rx buffer 152 * 153 * Parameters: 154 * In: 155 * pDevice 156 * dwRxBufferAddr - Address of Rcv Buffer 157 * cbPacketSize - Rcv Packet size 158 * bIsWEP - If Rcv with WEP 159 * Out: 160 * pcbHeaderSize - 802.11 header size 161 * 162 * Return Value: None 163 * 164-*/ 165static 166void 167s_vProcessRxMACHeader ( 168 PSDevice pDevice, 169 unsigned char *pbyRxBufferAddr, 170 unsigned int cbPacketSize, 171 BOOL bIsWEP, 172 BOOL bExtIV, 173 PUINT pcbHeadSize 174 ) 175{ 176 unsigned char *pbyRxBuffer; 177 unsigned int cbHeaderSize = 0; 178 unsigned short *pwType; 179 PS802_11Header pMACHeader; 180 int ii; 181 182 183 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 184 185 s_vGetDASA((unsigned char *)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); 186 187 if (bIsWEP) { 188 if (bExtIV) { 189 // strip IV&ExtIV , add 8 byte 190 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); 191 } else { 192 // strip IV , add 4 byte 193 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); 194 } 195 } 196 else { 197 cbHeaderSize += WLAN_HDR_ADDR3_LEN; 198 }; 199 200 pbyRxBuffer = (unsigned char *) (pbyRxBufferAddr + cbHeaderSize); 201 if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) { 202 cbHeaderSize += 6; 203 } 204 else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) { 205 cbHeaderSize += 6; 206 pwType = (unsigned short *) (pbyRxBufferAddr + cbHeaderSize); 207 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) { 208 } 209 else { 210 cbHeaderSize -= 8; 211 pwType = (unsigned short *) (pbyRxBufferAddr + cbHeaderSize); 212 if (bIsWEP) { 213 if (bExtIV) { 214 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 215 } else { 216 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 217 } 218 } 219 else { 220 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 221 } 222 } 223 } 224 else { 225 cbHeaderSize -= 2; 226 pwType = (unsigned short *) (pbyRxBufferAddr + cbHeaderSize); 227 if (bIsWEP) { 228 if (bExtIV) { 229 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 230 } else { 231 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 232 } 233 } 234 else { 235 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 236 } 237 } 238 239 cbHeaderSize -= (ETH_ALEN * 2); 240 pbyRxBuffer = (unsigned char *) (pbyRxBufferAddr + cbHeaderSize); 241 for(ii=0;ii<ETH_ALEN;ii++) 242 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; 243 for(ii=0;ii<ETH_ALEN;ii++) 244 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; 245 246 *pcbHeadSize = cbHeaderSize; 247} 248 249 250 251 252static unsigned char s_byGetRateIdx (unsigned char byRate) 253{ 254 unsigned char byRateIdx; 255 256 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) { 257 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate) 258 return byRateIdx; 259 } 260 return 0; 261} 262 263 264static 265void 266s_vGetDASA ( 267 unsigned char *pbyRxBufferAddr, 268 PUINT pcbHeaderSize, 269 PSEthernetHeader psEthHeader 270 ) 271{ 272 unsigned int cbHeaderSize = 0; 273 PS802_11Header pMACHeader; 274 int ii; 275 276 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 277 278 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { 279 if (pMACHeader->wFrameCtl & FC_FROMDS) { 280 for(ii=0;ii<ETH_ALEN;ii++) { 281 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 282 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii]; 283 } 284 } 285 else { 286 // IBSS mode 287 for(ii=0;ii<ETH_ALEN;ii++) { 288 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 289 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 290 } 291 } 292 } 293 else { 294 // Is AP mode.. 295 if (pMACHeader->wFrameCtl & FC_FROMDS) { 296 for(ii=0;ii<ETH_ALEN;ii++) { 297 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 298 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii]; 299 cbHeaderSize += 6; 300 } 301 } 302 else { 303 for(ii=0;ii<ETH_ALEN;ii++) { 304 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 305 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 306 } 307 } 308 }; 309 *pcbHeaderSize = cbHeaderSize; 310} 311 312 313 314 315//PLICE_DEBUG -> 316 317void MngWorkItem(void *Context) 318{ 319 PSRxMgmtPacket pRxMgmtPacket; 320 PSDevice pDevice = (PSDevice) Context; 321 //printk("Enter MngWorkItem,Queue packet num is %d\n",pDevice->rxManeQueue.packet_num); 322 spin_lock_irq(&pDevice->lock); 323 while(pDevice->rxManeQueue.packet_num != 0) 324 { 325 pRxMgmtPacket = DeQueue(pDevice); 326 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket); 327 } 328 spin_unlock_irq(&pDevice->lock); 329} 330 331 332//PLICE_DEBUG<- 333 334 335 336BOOL 337device_receive_frame ( 338 PSDevice pDevice, 339 PSRxDesc pCurrRD 340 ) 341{ 342 343 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo; 344#ifdef PLICE_DEBUG 345 //printk("device_receive_frame:pCurrRD is %x,pRDInfo is %x\n",pCurrRD,pCurrRD->pRDInfo); 346#endif 347 struct net_device_stats* pStats=&pDevice->stats; 348 struct sk_buff* skb; 349 PSMgmtObject pMgmt = pDevice->pMgmt; 350 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket); 351 PS802_11Header p802_11Header; 352 unsigned char *pbyRsr; 353 unsigned char *pbyNewRsr; 354 unsigned char *pbyRSSI; 355 PQWORD pqwTSFTime; 356 unsigned short *pwFrameSize; 357 unsigned char *pbyFrame; 358 BOOL bDeFragRx = FALSE; 359 BOOL bIsWEP = FALSE; 360 unsigned int cbHeaderOffset; 361 unsigned int FrameSize; 362 unsigned short wEtherType = 0; 363 int iSANodeIndex = -1; 364 int iDANodeIndex = -1; 365 unsigned int ii; 366 unsigned int cbIVOffset; 367 BOOL bExtIV = FALSE; 368 unsigned char *pbyRxSts; 369 unsigned char *pbyRxRate; 370 unsigned char *pbySQ; 371 unsigned int cbHeaderSize; 372 PSKeyItem pKey = NULL; 373 unsigned short wRxTSC15_0 = 0; 374 unsigned long dwRxTSC47_16 = 0; 375 SKeyItem STempKey; 376 // 802.11h RPI 377 unsigned long dwDuration = 0; 378 long ldBm = 0; 379 long ldBmThreshold = 0; 380 PS802_11Header pMACHeader; 381 BOOL bRxeapol_key = FALSE; 382 383// DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- device_receive_frame---\n"); 384 385 skb = pRDInfo->skb; 386 387 388//PLICE_DEBUG-> 389#if 1 390 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma, 391 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE); 392#endif 393//PLICE_DEBUG<- 394 pwFrameSize = (unsigned short *)(skb->data + 2); 395 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount); 396 397 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 398 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 399 if ((FrameSize > 2364)||(FrameSize <= 32)) { 400 // Frame Size error drop this packet. 401 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n"); 402 return FALSE; 403 } 404 405 pbyRxSts = (unsigned char *) (skb->data); 406 pbyRxRate = (unsigned char *) (skb->data + 1); 407 pbyRsr = (unsigned char *) (skb->data + FrameSize - 1); 408 pbyRSSI = (unsigned char *) (skb->data + FrameSize - 2); 409 pbyNewRsr = (unsigned char *) (skb->data + FrameSize - 3); 410 pbySQ = (unsigned char *) (skb->data + FrameSize - 4); 411 pqwTSFTime = (PQWORD) (skb->data + FrameSize - 12); 412 pbyFrame = (unsigned char *)(skb->data + 4); 413 414 // get packet size 415 FrameSize = cpu_to_le16(*pwFrameSize); 416 417 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC 418 // Min: 14 bytes ACK 419 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n"); 420 return FALSE; 421 } 422//PLICE_DEBUG-> 423#if 1 424 // update receive statistic counter 425 STAvUpdateRDStatCounter(&pDevice->scStatistic, 426 *pbyRsr, 427 *pbyNewRsr, 428 *pbyRxRate, 429 pbyFrame, 430 FrameSize); 431 432#endif 433 434 pMACHeader=(PS802_11Header)((unsigned char *) (skb->data)+8); 435//PLICE_DEBUG<- 436 if (pDevice->bMeasureInProgress == TRUE) { 437 if ((*pbyRsr & RSR_CRCOK) != 0) { 438 pDevice->byBasicMap |= 0x01; 439 } 440 dwDuration = (FrameSize << 4); 441 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE]; 442 if (*pbyRxRate <= RATE_11M) { 443 if (*pbyRxSts & 0x01) { 444 // long preamble 445 dwDuration += 192; 446 } else { 447 // short preamble 448 dwDuration += 96; 449 } 450 } else { 451 dwDuration += 16; 452 } 453 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 454 ldBmThreshold = -57; 455 for (ii = 7; ii > 0;) { 456 if (ldBm > ldBmThreshold) { 457 break; 458 } 459 ldBmThreshold -= 5; 460 ii--; 461 } 462 pDevice->dwRPIs[ii] += dwDuration; 463 return FALSE; 464 } 465 466 if (!is_multicast_ether_addr(pbyFrame) && !is_broadcast_ether_addr(pbyFrame)) { 467 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) (skb->data + 4))) { 468 pDevice->s802_11Counter.FrameDuplicateCount++; 469 return FALSE; 470 } 471 } 472 473 474 // Use for TKIP MIC 475 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader); 476 477 // filter packet send from myself 478 if (!compare_ether_addr((unsigned char *)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr)) 479 return FALSE; 480 481 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { 482 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 483 p802_11Header = (PS802_11Header) (pbyFrame); 484 // get SA NodeIndex 485 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(p802_11Header->abyAddr2), &iSANodeIndex)) { 486 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; 487 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; 488 } 489 } 490 } 491 492 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 493 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) { 494 return FALSE; 495 } 496 } 497 498 499 if (IS_FC_WEP(pbyFrame)) { 500 BOOL bRxDecryOK = FALSE; 501 502 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n"); 503 bIsWEP = TRUE; 504 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { 505 pKey = &STempKey; 506 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; 507 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; 508 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; 509 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; 510 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; 511 memcpy(pKey->abyKey, 512 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], 513 pKey->uKeyLength 514 ); 515 516 bRxDecryOK = s_bHostWepRxEncryption(pDevice, 517 pbyFrame, 518 FrameSize, 519 pbyRsr, 520 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, 521 pKey, 522 pbyNewRsr, 523 &bExtIV, 524 &wRxTSC15_0, 525 &dwRxTSC47_16); 526 } else { 527 bRxDecryOK = s_bHandleRxEncryption(pDevice, 528 pbyFrame, 529 FrameSize, 530 pbyRsr, 531 pbyNewRsr, 532 &pKey, 533 &bExtIV, 534 &wRxTSC15_0, 535 &dwRxTSC47_16); 536 } 537 538 if (bRxDecryOK) { 539 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { 540 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n"); 541 if ( (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 542 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 543 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 544 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 545 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 546 547 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 548 pDevice->s802_11Counter.TKIPICVErrors++; 549 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) { 550 pDevice->s802_11Counter.CCMPDecryptErrors++; 551 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) { 552// pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++; 553 } 554 } 555 return FALSE; 556 } 557 } else { 558 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n"); 559 return FALSE; 560 } 561 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) 562 FrameSize -= 8; // Message Integrity Code 563 else 564 FrameSize -= 4; // 4 is ICV 565 } 566 567 568 // 569 // RX OK 570 // 571 //remove the CRC length 572 FrameSize -= ETH_FCS_LEN; 573 574 if (( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address 575 (IS_FRAGMENT_PKT((skb->data+4))) 576 ) { 577 // defragment 578 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (skb->data+4), FrameSize, bIsWEP, bExtIV); 579 pDevice->s802_11Counter.ReceivedFragmentCount++; 580 if (bDeFragRx) { 581 // defrag complete 582 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; 583 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; 584 585 } 586 else { 587 return FALSE; 588 } 589 } 590 591 592// Management & Control frame Handle 593 if ((IS_TYPE_DATA((skb->data+4))) == FALSE) { 594 // Handle Control & Manage Frame 595 596 if (IS_TYPE_MGMT((skb->data+4))) { 597 unsigned char *pbyData1; 598 unsigned char *pbyData2; 599 600 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4); 601 pRxPacket->cbMPDULen = FrameSize; 602 pRxPacket->uRSSI = *pbyRSSI; 603 pRxPacket->bySQ = *pbySQ; 604 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime)); 605 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime)); 606 if (bIsWEP) { 607 // strip IV 608 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4); 609 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4; 610 for (ii = 0; ii < (FrameSize - 4); ii++) { 611 *pbyData1 = *pbyData2; 612 pbyData1++; 613 pbyData2++; 614 } 615 } 616 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); 617 pRxPacket->byRxChannel = (*pbyRxSts) >> 2; 618//PLICE_DEBUG-> 619//EnQueue(pDevice,pRxPacket); 620 621#ifdef THREAD 622 EnQueue(pDevice,pRxPacket); 623 624 //printk("enque time is %x\n",jiffies); 625 //up(&pDevice->mlme_semaphore); 626 //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt); 627#else 628 629#ifdef TASK_LET 630 EnQueue(pDevice,pRxPacket); 631 tasklet_schedule(&pDevice->RxMngWorkItem); 632#else 633//printk("RxMan\n"); 634 vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 635 //tasklet_schedule(&pDevice->RxMngWorkItem); 636#endif 637 638#endif 639//PLICE_DEBUG<- 640 //vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 641 // hostap Deamon handle 802.11 management 642 if (pDevice->bEnableHostapd) { 643 skb->dev = pDevice->apdev; 644 skb->data += 4; 645 skb->tail += 4; 646 skb_put(skb, FrameSize); 647 skb_reset_mac_header(skb); 648 skb->pkt_type = PACKET_OTHERHOST; 649 skb->protocol = htons(ETH_P_802_2); 650 memset(skb->cb, 0, sizeof(skb->cb)); 651 netif_rx(skb); 652 return TRUE; 653 } 654 } 655 else { 656 // Control Frame 657 }; 658 return FALSE; 659 } 660 else { 661 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 662 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. 663 if ( !(*pbyRsr & RSR_BSSIDOK)) { 664 if (bDeFragRx) { 665 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 666 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 667 pDevice->dev->name); 668 } 669 } 670 return FALSE; 671 } 672 } 673 else { 674 // discard DATA packet while not associate || BSSID error 675 if ((pDevice->bLinkPass == FALSE) || 676 !(*pbyRsr & RSR_BSSIDOK)) { 677 if (bDeFragRx) { 678 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 679 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 680 pDevice->dev->name); 681 } 682 } 683 return FALSE; 684 } 685 //mike add:station mode check eapol-key challenge---> 686 { 687 unsigned char Protocol_Version; //802.1x Authentication 688 unsigned char Packet_Type; //802.1x Authentication 689 if (bIsWEP) 690 cbIVOffset = 8; 691 else 692 cbIVOffset = 0; 693 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | 694 skb->data[cbIVOffset + 8 + 24 + 6 + 1]; 695 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1]; 696 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1]; 697 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header 698 if(((Protocol_Version==1) ||(Protocol_Version==2)) && 699 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive 700 bRxeapol_key = TRUE; 701 } 702 } 703 } 704 //mike add:station mode check eapol-key challenge<--- 705 } 706 } 707 708 709// Data frame Handle 710 711 712 if (pDevice->bEnablePSMode) { 713 if (IS_FC_MOREDATA((skb->data+4))) { 714 if (*pbyRsr & RSR_ADDROK) { 715 //PSbSendPSPOLL((PSDevice)pDevice); 716 } 717 } 718 else { 719 if (pDevice->pMgmt->bInTIMWake == TRUE) { 720 pDevice->pMgmt->bInTIMWake = FALSE; 721 } 722 } 723 }; 724 725 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps 726 if (pDevice->bDiversityEnable && (FrameSize>50) && 727 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) && 728 (pDevice->bLinkPass == TRUE)) { 729 //printk("device_receive_frame: RxRate is %d\n",*pbyRxRate); 730 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); 731 } 732 733 734 if (pDevice->byLocalID != REV_ID_VT3253_B1) { 735 pDevice->uCurrRSSI = *pbyRSSI; 736 } 737 pDevice->byCurrSQ = *pbySQ; 738 739 if ((*pbyRSSI != 0) && 740 (pMgmt->pCurrBSS!=NULL)) { 741 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 742 // Moniter if RSSI is too strong. 743 pMgmt->pCurrBSS->byRSSIStatCnt++; 744 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; 745 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; 746 for(ii=0;ii<RSSI_STAT_COUNT;ii++) { 747 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) { 748 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); 749 } 750 } 751 } 752 753 // ----------------------------------------------- 754 755 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){ 756 unsigned char abyMacHdr[24]; 757 758 // Only 802.1x packet incoming allowed 759 if (bIsWEP) 760 cbIVOffset = 8; 761 else 762 cbIVOffset = 0; 763 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) | 764 skb->data[cbIVOffset + 4 + 24 + 6 + 1]; 765 766 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType); 767 if (wEtherType == ETH_P_PAE) { 768 skb->dev = pDevice->apdev; 769 770 if (bIsWEP == TRUE) { 771 // strip IV header(8) 772 memcpy(&abyMacHdr[0], (skb->data + 4), 24); 773 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24); 774 } 775 skb->data += (cbIVOffset + 4); 776 skb->tail += (cbIVOffset + 4); 777 skb_put(skb, FrameSize); 778 skb_reset_mac_header(skb); 779 780 skb->pkt_type = PACKET_OTHERHOST; 781 skb->protocol = htons(ETH_P_802_2); 782 memset(skb->cb, 0, sizeof(skb->cb)); 783 netif_rx(skb); 784 return TRUE; 785 786} 787 // check if 802.1x authorized 788 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) 789 return FALSE; 790 } 791 792 793 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 794 if (bIsWEP) { 795 FrameSize -= 8; //MIC 796 } 797 } 798 799 //-------------------------------------------------------------------------------- 800 // Soft MIC 801 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 802 if (bIsWEP) { 803 unsigned long *pdwMIC_L; 804 unsigned long *pdwMIC_R; 805 unsigned long dwMIC_Priority; 806 unsigned long dwMICKey0 = 0, dwMICKey1 = 0; 807 unsigned long dwLocalMIC_L = 0; 808 unsigned long dwLocalMIC_R = 0; 809 viawget_wpa_header *wpahdr; 810 811 812 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 813 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[24])); 814 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[28])); 815 } 816 else { 817 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { 818 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[16])); 819 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[20])); 820 } else if ((pKey->dwKeyIndex & BIT28) == 0) { 821 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[16])); 822 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[20])); 823 } else { 824 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[24])); 825 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[28])); 826 } 827 } 828 829 MIC_vInit(dwMICKey0, dwMICKey1); 830 MIC_vAppend((unsigned char *)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); 831 dwMIC_Priority = 0; 832 MIC_vAppend((unsigned char *)&dwMIC_Priority, 4); 833 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. 834 MIC_vAppend((unsigned char *)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8), 835 FrameSize - WLAN_HDR_ADDR3_LEN - 8); 836 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); 837 MIC_vUnInit(); 838 839 pdwMIC_L = (unsigned long *)(skb->data + 4 + FrameSize); 840 pdwMIC_R = (unsigned long *)(skb->data + 4 + FrameSize + 4); 841 //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R)); 842 //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R)); 843 //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1); 844 845 846 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || 847 (pDevice->bRxMICFail == TRUE)) { 848 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n"); 849 pDevice->bRxMICFail = FALSE; 850 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; 851 pDevice->s802_11Counter.TKIPLocalMICFailures++; 852 if (bDeFragRx) { 853 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 854 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 855 pDevice->dev->name); 856 } 857 } 858 //2008-0409-07, <Add> by Einsn Liu 859 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT 860 //send event to wpa_supplicant 861 //if(pDevice->bWPADevEnable == TRUE) 862 { 863 union iwreq_data wrqu; 864 struct iw_michaelmicfailure ev; 865 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits 866 memset(&ev, 0, sizeof(ev)); 867 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 868 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 869 (pMgmt->eCurrState == WMAC_STATE_ASSOC) && 870 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 871 ev.flags |= IW_MICFAILURE_PAIRWISE; 872 } else { 873 ev.flags |= IW_MICFAILURE_GROUP; 874 } 875 876 ev.src_addr.sa_family = ARPHRD_ETHER; 877 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); 878 memset(&wrqu, 0, sizeof(wrqu)); 879 wrqu.data.length = sizeof(ev); 880 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); 881 882 } 883 #endif 884 885 886 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) { 887 wpahdr = (viawget_wpa_header *)pDevice->skb->data; 888 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 889 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) && 890 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 891 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR; 892 wpahdr->type = VIAWGET_PTK_MIC_MSG; 893 } else { 894 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR; 895 wpahdr->type = VIAWGET_GTK_MIC_MSG; 896 } 897 wpahdr->resp_ie_len = 0; 898 wpahdr->req_ie_len = 0; 899 skb_put(pDevice->skb, sizeof(viawget_wpa_header)); 900 pDevice->skb->dev = pDevice->wpadev; 901 skb_reset_mac_header(pDevice->skb); 902 pDevice->skb->pkt_type = PACKET_HOST; 903 pDevice->skb->protocol = htons(ETH_P_802_2); 904 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); 905 netif_rx(pDevice->skb); 906 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); 907 }; 908 909 return FALSE; 910 911 } 912 } 913 } //---end of SOFT MIC----------------------------------------------------------------------- 914 915 // ++++++++++ Reply Counter Check +++++++++++++ 916 917 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || 918 (pKey->byCipherSuite == KEY_CTL_CCMP))) { 919 if (bIsWEP) { 920 unsigned short wLocalTSC15_0 = 0; 921 unsigned long dwLocalTSC47_16 = 0; 922 unsigned long long RSC = 0; 923 // endian issues 924 RSC = *((unsigned long long *) &(pKey->KeyRSC)); 925 wLocalTSC15_0 = (unsigned short) RSC; 926 dwLocalTSC47_16 = (unsigned long) (RSC>>16); 927 928 RSC = dwRxTSC47_16; 929 RSC <<= 16; 930 RSC += wRxTSC15_0; 931 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD)); 932 933 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && 934 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { 935 // check RSC 936 if ( (wRxTSC15_0 < wLocalTSC15_0) && 937 (dwRxTSC47_16 <= dwLocalTSC47_16) && 938 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { 939 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n "); 940 if (pKey->byCipherSuite == KEY_CTL_TKIP) 941 //pDevice->s802_11Counter.TKIPReplays.QuadPart++; 942 pDevice->s802_11Counter.TKIPReplays++; 943 else 944 //pDevice->s802_11Counter.CCMPReplays.QuadPart++; 945 pDevice->s802_11Counter.CCMPReplays++; 946 947 if (bDeFragRx) { 948 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 949 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 950 pDevice->dev->name); 951 } 952 } 953 return FALSE; 954 } 955 } 956 } 957 } // ----- End of Reply Counter Check -------------------------- 958 959 960 961 if ((pKey != NULL) && (bIsWEP)) { 962// pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++; 963 } 964 965 966 s_vProcessRxMACHeader(pDevice, (unsigned char *)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); 967 FrameSize -= cbHeaderOffset; 968 cbHeaderOffset += 4; // 4 is Rcv buffer header 969 970 // Null data, framesize = 14 971 if (FrameSize < 15) 972 return FALSE; 973 974 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 975 if (s_bAPModeRxData(pDevice, 976 skb, 977 FrameSize, 978 cbHeaderOffset, 979 iSANodeIndex, 980 iDANodeIndex 981 ) == FALSE) { 982 983 if (bDeFragRx) { 984 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 985 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 986 pDevice->dev->name); 987 } 988 } 989 return FALSE; 990 } 991 992// if(pDevice->bRxMICFail == FALSE) { 993// for (ii =0; ii < 100; ii++) 994// printk(" %02x", *(skb->data + ii)); 995// printk("\n"); 996// } 997 998 } 999 1000 skb->data += cbHeaderOffset; 1001 skb->tail += cbHeaderOffset; 1002 skb_put(skb, FrameSize); 1003 skb->protocol=eth_type_trans(skb, skb->dev); 1004 1005 1006 //drop frame not met IEEE 802.3 1007/* 1008 if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) { 1009 if ((skb->protocol==htons(ETH_P_802_3)) && 1010 (skb->len!=htons(skb->mac.ethernet->h_proto))) { 1011 pStats->rx_length_errors++; 1012 pStats->rx_dropped++; 1013 if (bDeFragRx) { 1014 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 1015 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 1016 pDevice->dev->name); 1017 } 1018 } 1019 return FALSE; 1020 } 1021 } 1022*/ 1023 1024 skb->ip_summed=CHECKSUM_NONE; 1025 pStats->rx_bytes +=skb->len; 1026 pStats->rx_packets++; 1027 netif_rx(skb); 1028 1029 if (bDeFragRx) { 1030 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 1031 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 1032 pDevice->dev->name); 1033 } 1034 return FALSE; 1035 } 1036 1037 return TRUE; 1038} 1039 1040 1041static BOOL s_bAPModeRxCtl ( 1042 PSDevice pDevice, 1043 unsigned char *pbyFrame, 1044 int iSANodeIndex 1045 ) 1046{ 1047 PS802_11Header p802_11Header; 1048 CMD_STATUS Status; 1049 PSMgmtObject pMgmt = pDevice->pMgmt; 1050 1051 1052 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 1053 1054 p802_11Header = (PS802_11Header) (pbyFrame); 1055 if (!IS_TYPE_MGMT(pbyFrame)) { 1056 1057 // Data & PS-Poll packet 1058 // check frame class 1059 if (iSANodeIndex > 0) { 1060 // frame class 3 fliter & checking 1061 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { 1062 // send deauth notification 1063 // reason = (6) class 2 received from nonauth sta 1064 vMgrDeAuthenBeginSta(pDevice, 1065 pMgmt, 1066 (unsigned char *)(p802_11Header->abyAddr2), 1067 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1068 &Status 1069 ); 1070 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); 1071 return TRUE; 1072 }; 1073 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { 1074 // send deassoc notification 1075 // reason = (7) class 3 received from nonassoc sta 1076 vMgrDisassocBeginSta(pDevice, 1077 pMgmt, 1078 (unsigned char *)(p802_11Header->abyAddr2), 1079 (WLAN_MGMT_REASON_CLASS3_NONASSOC), 1080 &Status 1081 ); 1082 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); 1083 return TRUE; 1084 }; 1085 1086 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { 1087 // delcare received ps-poll event 1088 if (IS_CTL_PSPOLL(pbyFrame)) { 1089 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1090 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1091 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); 1092 } 1093 else { 1094 // check Data PS state 1095 // if PW bit off, send out all PS bufferring packets. 1096 if (!IS_FC_POWERMGT(pbyFrame)) { 1097 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; 1098 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1099 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1100 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); 1101 } 1102 } 1103 } 1104 else { 1105 if (IS_FC_POWERMGT(pbyFrame)) { 1106 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE; 1107 // Once if STA in PS state, enable multicast bufferring 1108 pMgmt->sNodeDBTable[0].bPSEnable = TRUE; 1109 } 1110 else { 1111 // clear all pending PS frame. 1112 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { 1113 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; 1114 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1115 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1116 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); 1117 1118 } 1119 } 1120 } 1121 } 1122 else { 1123 vMgrDeAuthenBeginSta(pDevice, 1124 pMgmt, 1125 (unsigned char *)(p802_11Header->abyAddr2), 1126 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1127 &Status 1128 ); 1129 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); 1130 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n", 1131 p802_11Header->abyAddr3[0], 1132 p802_11Header->abyAddr3[1], 1133 p802_11Header->abyAddr3[2], 1134 p802_11Header->abyAddr3[3], 1135 p802_11Header->abyAddr3[4], 1136 p802_11Header->abyAddr3[5] 1137 ); 1138 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n", 1139 p802_11Header->abyAddr2[0], 1140 p802_11Header->abyAddr2[1], 1141 p802_11Header->abyAddr2[2], 1142 p802_11Header->abyAddr2[3], 1143 p802_11Header->abyAddr2[4], 1144 p802_11Header->abyAddr2[5] 1145 ); 1146 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n", 1147 p802_11Header->abyAddr1[0], 1148 p802_11Header->abyAddr1[1], 1149 p802_11Header->abyAddr1[2], 1150 p802_11Header->abyAddr1[3], 1151 p802_11Header->abyAddr1[4], 1152 p802_11Header->abyAddr1[5] 1153 ); 1154 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl ); 1155 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode)); 1156 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode ); 1157 return TRUE; 1158 } 1159 } 1160 } 1161 return FALSE; 1162 1163} 1164 1165static BOOL s_bHandleRxEncryption ( 1166 PSDevice pDevice, 1167 unsigned char *pbyFrame, 1168 unsigned int FrameSize, 1169 unsigned char *pbyRsr, 1170 unsigned char *pbyNewRsr, 1171 PSKeyItem *pKeyOut, 1172 int * pbExtIV, 1173 unsigned short *pwRxTSC15_0, 1174 unsigned long *pdwRxTSC47_16 1175 ) 1176{ 1177 unsigned int PayloadLen = FrameSize; 1178 unsigned char *pbyIV; 1179 unsigned char byKeyIdx; 1180 PSKeyItem pKey = NULL; 1181 unsigned char byDecMode = KEY_CTL_WEP; 1182 PSMgmtObject pMgmt = pDevice->pMgmt; 1183 1184 1185 *pwRxTSC15_0 = 0; 1186 *pdwRxTSC47_16 = 0; 1187 1188 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1189 if ( WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) && 1190 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame) ) { 1191 pbyIV += 6; // 6 is 802.11 address4 1192 PayloadLen -= 6; 1193 } 1194 byKeyIdx = (*(pbyIV+3) & 0xc0); 1195 byKeyIdx >>= 6; 1196 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); 1197 1198 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 1199 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 1200 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 1201 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 1202 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 1203 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && 1204 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) { 1205 // unicast pkt use pairwise key 1206 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n"); 1207 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) { 1208 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP) 1209 byDecMode = KEY_CTL_TKIP; 1210 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP) 1211 byDecMode = KEY_CTL_CCMP; 1212 } 1213 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey); 1214 } else { 1215 // use group key 1216 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); 1217 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1218 byDecMode = KEY_CTL_TKIP; 1219 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1220 byDecMode = KEY_CTL_CCMP; 1221 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); 1222 } 1223 } 1224 // our WEP only support Default Key 1225 if (pKey == NULL) { 1226 // use default group key 1227 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); 1228 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1229 byDecMode = KEY_CTL_TKIP; 1230 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1231 byDecMode = KEY_CTL_CCMP; 1232 } 1233 *pKeyOut = pKey; 1234 1235 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1236 1237 if (pKey == NULL) { 1238 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n"); 1239 if (byDecMode == KEY_CTL_WEP) { 1240// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1241 } else if (pDevice->bLinkPass == TRUE) { 1242// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1243 } 1244 return FALSE; 1245 } 1246 if (byDecMode != pKey->byCipherSuite) { 1247 if (byDecMode == KEY_CTL_WEP) { 1248// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1249 } else if (pDevice->bLinkPass == TRUE) { 1250// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1251 } 1252 *pKeyOut = NULL; 1253 return FALSE; 1254 } 1255 if (byDecMode == KEY_CTL_WEP) { 1256 // handle WEP 1257 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1258 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) { 1259 // Software WEP 1260 // 1. 3253A 1261 // 2. WEP 256 1262 1263 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1264 memcpy(pDevice->abyPRNG, pbyIV, 3); 1265 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1266 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1267 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1268 1269 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1270 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1271 } 1272 } 1273 } else if ((byDecMode == KEY_CTL_TKIP) || 1274 (byDecMode == KEY_CTL_CCMP)) { 1275 // TKIP/AES 1276 1277 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1278 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4)); 1279 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); 1280 if (byDecMode == KEY_CTL_TKIP) { 1281 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1282 } else { 1283 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV); 1284 } 1285 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); 1286 1287 if ((byDecMode == KEY_CTL_TKIP) && 1288 (pDevice->byLocalID <= REV_ID_VT3253_A1)) { 1289 // Software TKIP 1290 // 1. 3253 A 1291 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame); 1292 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1293 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1294 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1295 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1296 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1297 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); 1298 } else { 1299 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); 1300 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); 1301 } 1302 } 1303 }// end of TKIP/AES 1304 1305 if ((*(pbyIV+3) & 0x20) != 0) 1306 *pbExtIV = TRUE; 1307 return TRUE; 1308} 1309 1310 1311static BOOL s_bHostWepRxEncryption ( 1312 PSDevice pDevice, 1313 unsigned char *pbyFrame, 1314 unsigned int FrameSize, 1315 unsigned char *pbyRsr, 1316 BOOL bOnFly, 1317 PSKeyItem pKey, 1318 unsigned char *pbyNewRsr, 1319 int * pbExtIV, 1320 unsigned short *pwRxTSC15_0, 1321 unsigned long *pdwRxTSC47_16 1322 ) 1323{ 1324 unsigned int PayloadLen = FrameSize; 1325 unsigned char *pbyIV; 1326 unsigned char byKeyIdx; 1327 unsigned char byDecMode = KEY_CTL_WEP; 1328 PS802_11Header pMACHeader; 1329 1330 1331 1332 *pwRxTSC15_0 = 0; 1333 *pdwRxTSC47_16 = 0; 1334 1335 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1336 if ( WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) && 1337 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame) ) { 1338 pbyIV += 6; // 6 is 802.11 address4 1339 PayloadLen -= 6; 1340 } 1341 byKeyIdx = (*(pbyIV+3) & 0xc0); 1342 byKeyIdx >>= 6; 1343 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); 1344 1345 1346 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1347 byDecMode = KEY_CTL_TKIP; 1348 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1349 byDecMode = KEY_CTL_CCMP; 1350 1351 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1352 1353 if (byDecMode != pKey->byCipherSuite) { 1354 if (byDecMode == KEY_CTL_WEP) { 1355// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1356 } else if (pDevice->bLinkPass == TRUE) { 1357// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1358 } 1359 return FALSE; 1360 } 1361 1362 if (byDecMode == KEY_CTL_WEP) { 1363 // handle WEP 1364 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n"); 1365 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1366 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) || 1367 (bOnFly == FALSE)) { 1368 // Software WEP 1369 // 1. 3253A 1370 // 2. WEP 256 1371 // 3. NotOnFly 1372 1373 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1374 memcpy(pDevice->abyPRNG, pbyIV, 3); 1375 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1376 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1377 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1378 1379 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1380 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1381 } 1382 } 1383 } else if ((byDecMode == KEY_CTL_TKIP) || 1384 (byDecMode == KEY_CTL_CCMP)) { 1385 // TKIP/AES 1386 1387 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1388 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4)); 1389 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); 1390 1391 if (byDecMode == KEY_CTL_TKIP) { 1392 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1393 } else { 1394 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV); 1395 } 1396 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); 1397 1398 if (byDecMode == KEY_CTL_TKIP) { 1399 1400 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) { 1401 // Software TKIP 1402 // 1. 3253 A 1403 // 2. NotOnFly 1404 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n"); 1405 pMACHeader = (PS802_11Header) (pbyFrame); 1406 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1407 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1408 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1409 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1410 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1411 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); 1412 } else { 1413 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); 1414 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); 1415 } 1416 } 1417 } 1418 1419 if (byDecMode == KEY_CTL_CCMP) { 1420 if (bOnFly == FALSE) { 1421 // Software CCMP 1422 // NotOnFly 1423 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n"); 1424 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) { 1425 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1426 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n"); 1427 } else { 1428 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n"); 1429 } 1430 } 1431 } 1432 1433 }// end of TKIP/AES 1434 1435 if ((*(pbyIV+3) & 0x20) != 0) 1436 *pbExtIV = TRUE; 1437 return TRUE; 1438} 1439 1440 1441 1442static BOOL s_bAPModeRxData ( 1443 PSDevice pDevice, 1444 struct sk_buff* skb, 1445 unsigned int FrameSize, 1446 unsigned int cbHeaderOffset, 1447 int iSANodeIndex, 1448 int iDANodeIndex 1449 ) 1450{ 1451 PSMgmtObject pMgmt = pDevice->pMgmt; 1452 BOOL bRelayAndForward = FALSE; 1453 BOOL bRelayOnly = FALSE; 1454 unsigned char byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80}; 1455 unsigned short wAID; 1456 1457 1458 struct sk_buff* skbcpy = NULL; 1459 1460 if (FrameSize > CB_MAX_BUF_SIZE) 1461 return FALSE; 1462 // check DA 1463 if(is_multicast_ether_addr((unsigned char *)(skb->data+cbHeaderOffset))) { 1464 if (pMgmt->sNodeDBTable[0].bPSEnable) { 1465 1466 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz); 1467 1468 // if any node in PS mode, buffer packet until DTIM. 1469 if (skbcpy == NULL) { 1470 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n"); 1471 } 1472 else { 1473 skbcpy->dev = pDevice->dev; 1474 skbcpy->len = FrameSize; 1475 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize); 1476 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy); 1477 1478 pMgmt->sNodeDBTable[0].wEnQueueCnt++; 1479 // set tx map 1480 pMgmt->abyPSTxMap[0] |= byMask[0]; 1481 } 1482 } 1483 else { 1484 bRelayAndForward = TRUE; 1485 } 1486 } 1487 else { 1488 // check if relay 1489 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(skb->data+cbHeaderOffset), &iDANodeIndex)) { 1490 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) { 1491 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) { 1492 // queue this skb until next PS tx, and then release. 1493 1494 skb->data += cbHeaderOffset; 1495 skb->tail += cbHeaderOffset; 1496 skb_put(skb, FrameSize); 1497 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb); 1498 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++; 1499 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID; 1500 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7]; 1501 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n", 1502 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]); 1503 return TRUE; 1504 } 1505 else { 1506 bRelayOnly = TRUE; 1507 } 1508 } 1509 }; 1510 } 1511 1512 if (bRelayOnly || bRelayAndForward) { 1513 // relay this packet right now 1514 if (bRelayAndForward) 1515 iDANodeIndex = 0; 1516 1517 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) { 1518 ROUTEbRelay(pDevice, (unsigned char *)(skb->data + cbHeaderOffset), FrameSize, (unsigned int)iDANodeIndex); 1519 } 1520 1521 if (bRelayOnly) 1522 return FALSE; 1523 } 1524 // none associate, don't forward 1525 if (pDevice->uAssocCount == 0) 1526 return FALSE; 1527 1528 return TRUE; 1529} 1530 1531