dpc.c revision 96d69e201bbdb05c363e899138f9f42bc8ad8f88
1/* 2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. 3 * All rights reserved. 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License along 16 * with this program; if not, write to the Free Software Foundation, Inc., 17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * File: dpc.c 20 * 21 * Purpose: handle dpc rx functions 22 * 23 * Author: Lyndon Chen 24 * 25 * Date: May 20, 2003 26 * 27 * Functions: 28 * device_receive_frame - Rcv 802.11 frame function 29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl. 30 * s_bAPModeRxData- AP Rcv data frame handle 31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly 32 * s_bHostWepRxEncryption- Rcv encrypted data via host 33 * s_byGetRateIdx- get rate index 34 * s_vGetDASA- get data offset 35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 36 * 37 * Revision History: 38 * 39 */ 40 41#include "device.h" 42#include "rxtx.h" 43#include "tether.h" 44#include "card.h" 45#include "bssdb.h" 46#include "mac.h" 47#include "baseband.h" 48#include "michael.h" 49#include "tkip.h" 50#include "tcrc.h" 51#include "wctl.h" 52#include "wroute.h" 53#include "hostap.h" 54#include "rf.h" 55#include "iowpa.h" 56#include "aes_ccmp.h" 57 58/*--------------------- Static Definitions -------------------------*/ 59 60/*--------------------- Static Classes ----------------------------*/ 61 62/*--------------------- Static Variables --------------------------*/ 63//static int msglevel =MSG_LEVEL_DEBUG; 64static int msglevel = MSG_LEVEL_INFO; 65 66const unsigned char acbyRxRate[MAX_RATE] = 67{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; 68 69/*--------------------- Static Functions --------------------------*/ 70 71/*--------------------- Static Definitions -------------------------*/ 72 73/*--------------------- Static Functions --------------------------*/ 74 75static unsigned char s_byGetRateIdx(unsigned char byRate); 76 77static void 78s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize, 79 PSEthernetHeader psEthHeader); 80 81static void 82s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr, 83 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV, 84 unsigned int *pcbHeadSize); 85 86static bool s_bAPModeRxCtl( 87 PSDevice pDevice, 88 unsigned char *pbyFrame, 89 int iSANodeIndex 90); 91 92static bool s_bAPModeRxData( 93 PSDevice pDevice, 94 struct sk_buff *skb, 95 unsigned int FrameSize, 96 unsigned int cbHeaderOffset, 97 int iSANodeIndex, 98 int iDANodeIndex 99); 100 101static bool s_bHandleRxEncryption( 102 PSDevice pDevice, 103 unsigned char *pbyFrame, 104 unsigned int FrameSize, 105 unsigned char *pbyRsr, 106 unsigned char *pbyNewRsr, 107 PSKeyItem *pKeyOut, 108 bool *pbExtIV, 109 unsigned short *pwRxTSC15_0, 110 unsigned long *pdwRxTSC47_16 111); 112 113static bool s_bHostWepRxEncryption( 114 115 PSDevice pDevice, 116 unsigned char *pbyFrame, 117 unsigned int FrameSize, 118 unsigned char *pbyRsr, 119 bool bOnFly, 120 PSKeyItem pKey, 121 unsigned char *pbyNewRsr, 122 bool *pbExtIV, 123 unsigned short *pwRxTSC15_0, 124 unsigned long *pdwRxTSC47_16 125 126); 127 128/*--------------------- Export Variables --------------------------*/ 129 130/*+ 131 * 132 * Description: 133 * Translate Rcv 802.11 header to 802.3 header with Rx buffer 134 * 135 * Parameters: 136 * In: 137 * pDevice 138 * dwRxBufferAddr - Address of Rcv Buffer 139 * cbPacketSize - Rcv Packet size 140 * bIsWEP - If Rcv with WEP 141 * Out: 142 * pcbHeaderSize - 802.11 header size 143 * 144 * Return Value: None 145 * 146 -*/ 147static void 148s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr, 149 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV, 150 unsigned int *pcbHeadSize) 151{ 152 unsigned char *pbyRxBuffer; 153 unsigned int cbHeaderSize = 0; 154 unsigned short *pwType; 155 PS802_11Header pMACHeader; 156 int ii; 157 158 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 159 160 s_vGetDASA((unsigned char *)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); 161 162 if (bIsWEP) { 163 if (bExtIV) { 164 // strip IV&ExtIV , add 8 byte 165 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); 166 } else { 167 // strip IV , add 4 byte 168 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); 169 } 170 } else { 171 cbHeaderSize += WLAN_HDR_ADDR3_LEN; 172 }; 173 174 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize); 175 if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) { 176 cbHeaderSize += 6; 177 } else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) { 178 cbHeaderSize += 6; 179 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 180 if ((*pwType != TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) { 181 } else { 182 cbHeaderSize -= 8; 183 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 184 if (bIsWEP) { 185 if (bExtIV) { 186 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 187 } else { 188 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 189 } 190 } else { 191 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 192 } 193 } 194 } else { 195 cbHeaderSize -= 2; 196 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 197 if (bIsWEP) { 198 if (bExtIV) { 199 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 200 } else { 201 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 202 } 203 } else { 204 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 205 } 206 } 207 208 cbHeaderSize -= (ETH_ALEN * 2); 209 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize); 210 for (ii = 0; ii < ETH_ALEN; ii++) 211 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; 212 for (ii = 0; ii < ETH_ALEN; ii++) 213 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; 214 215 *pcbHeadSize = cbHeaderSize; 216} 217 218static unsigned char s_byGetRateIdx(unsigned char byRate) 219{ 220 unsigned char byRateIdx; 221 222 for (byRateIdx = 0; byRateIdx < MAX_RATE; byRateIdx++) { 223 if (acbyRxRate[byRateIdx % MAX_RATE] == byRate) 224 return byRateIdx; 225 } 226 return 0; 227} 228 229static void 230s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize, 231 PSEthernetHeader psEthHeader) 232{ 233 unsigned int cbHeaderSize = 0; 234 PS802_11Header pMACHeader; 235 int ii; 236 237 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 238 239 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { 240 if (pMACHeader->wFrameCtl & FC_FROMDS) { 241 for (ii = 0; ii < ETH_ALEN; ii++) { 242 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 243 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii]; 244 } 245 } else { 246 // IBSS mode 247 for (ii = 0; ii < ETH_ALEN; ii++) { 248 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 249 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 250 } 251 } 252 } else { 253 // Is AP mode.. 254 if (pMACHeader->wFrameCtl & FC_FROMDS) { 255 for (ii = 0; ii < ETH_ALEN; ii++) { 256 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 257 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii]; 258 cbHeaderSize += 6; 259 } 260 } else { 261 for (ii = 0; ii < ETH_ALEN; ii++) { 262 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 263 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 264 } 265 } 266 }; 267 *pcbHeaderSize = cbHeaderSize; 268} 269 270//PLICE_DEBUG -> 271 272void MngWorkItem(void *Context) 273{ 274 PSRxMgmtPacket pRxMgmtPacket; 275 PSDevice pDevice = (PSDevice) Context; 276 277 spin_lock_irq(&pDevice->lock); 278 while (pDevice->rxManeQueue.packet_num != 0) { 279 pRxMgmtPacket = DeQueue(pDevice); 280 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket); 281 } 282 spin_unlock_irq(&pDevice->lock); 283} 284 285//PLICE_DEBUG<- 286 287bool 288device_receive_frame( 289 PSDevice pDevice, 290 PSRxDesc pCurrRD 291) 292{ 293 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo; 294 struct net_device_stats *pStats = &pDevice->stats; 295 struct sk_buff *skb; 296 PSMgmtObject pMgmt = pDevice->pMgmt; 297 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket); 298 PS802_11Header p802_11Header; 299 unsigned char *pbyRsr; 300 unsigned char *pbyNewRsr; 301 unsigned char *pbyRSSI; 302 PQWORD pqwTSFTime; 303 unsigned short *pwFrameSize; 304 unsigned char *pbyFrame; 305 bool bDeFragRx = false; 306 bool bIsWEP = false; 307 unsigned int cbHeaderOffset; 308 unsigned int FrameSize; 309 unsigned short wEtherType = 0; 310 int iSANodeIndex = -1; 311 int iDANodeIndex = -1; 312 unsigned int ii; 313 unsigned int cbIVOffset; 314 bool bExtIV = false; 315 unsigned char *pbyRxSts; 316 unsigned char *pbyRxRate; 317 unsigned char *pbySQ; 318 unsigned int cbHeaderSize; 319 PSKeyItem pKey = NULL; 320 unsigned short wRxTSC15_0 = 0; 321 unsigned long dwRxTSC47_16 = 0; 322 SKeyItem STempKey; 323 // 802.11h RPI 324 unsigned long dwDuration = 0; 325 long ldBm = 0; 326 long ldBmThreshold = 0; 327 PS802_11Header pMACHeader; 328 bool bRxeapol_key = false; 329 330// DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- device_receive_frame---\n"); 331 332 skb = pRDInfo->skb; 333 334//PLICE_DEBUG-> 335#if 1 336 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma, 337 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE); 338#endif 339//PLICE_DEBUG<- 340 pwFrameSize = (unsigned short *)(skb->data + 2); 341 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount); 342 343 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 344 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 345 if ((FrameSize > 2364) || (FrameSize <= 32)) { 346 // Frame Size error drop this packet. 347 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 1 \n"); 348 return false; 349 } 350 351 pbyRxSts = (unsigned char *)(skb->data); 352 pbyRxRate = (unsigned char *)(skb->data + 1); 353 pbyRsr = (unsigned char *)(skb->data + FrameSize - 1); 354 pbyRSSI = (unsigned char *)(skb->data + FrameSize - 2); 355 pbyNewRsr = (unsigned char *)(skb->data + FrameSize - 3); 356 pbySQ = (unsigned char *)(skb->data + FrameSize - 4); 357 pqwTSFTime = (PQWORD)(skb->data + FrameSize - 12); 358 pbyFrame = (unsigned char *)(skb->data + 4); 359 360 // get packet size 361 FrameSize = cpu_to_le16(*pwFrameSize); 362 363 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC 364 // Min: 14 bytes ACK 365 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2 \n"); 366 return false; 367 } 368//PLICE_DEBUG-> 369#if 1 370 // update receive statistic counter 371 STAvUpdateRDStatCounter(&pDevice->scStatistic, 372 *pbyRsr, 373 *pbyNewRsr, 374 *pbyRxRate, 375 pbyFrame, 376 FrameSize); 377 378#endif 379 380 pMACHeader = (PS802_11Header)((unsigned char *)(skb->data) + 8); 381//PLICE_DEBUG<- 382 if (pDevice->bMeasureInProgress == true) { 383 if ((*pbyRsr & RSR_CRCOK) != 0) { 384 pDevice->byBasicMap |= 0x01; 385 } 386 dwDuration = (FrameSize << 4); 387 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE]; 388 if (*pbyRxRate <= RATE_11M) { 389 if (*pbyRxSts & 0x01) { 390 // long preamble 391 dwDuration += 192; 392 } else { 393 // short preamble 394 dwDuration += 96; 395 } 396 } else { 397 dwDuration += 16; 398 } 399 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 400 ldBmThreshold = -57; 401 for (ii = 7; ii > 0;) { 402 if (ldBm > ldBmThreshold) { 403 break; 404 } 405 ldBmThreshold -= 5; 406 ii--; 407 } 408 pDevice->dwRPIs[ii] += dwDuration; 409 return false; 410 } 411 412 if (!is_multicast_ether_addr(pbyFrame)) { 413 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header)(skb->data + 4))) { 414 pDevice->s802_11Counter.FrameDuplicateCount++; 415 return false; 416 } 417 } 418 419 // Use for TKIP MIC 420 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader); 421 422 // filter packet send from myself 423 if (!compare_ether_addr((unsigned char *)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr)) 424 return false; 425 426 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { 427 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 428 p802_11Header = (PS802_11Header)(pbyFrame); 429 // get SA NodeIndex 430 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(p802_11Header->abyAddr2), &iSANodeIndex)) { 431 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; 432 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; 433 } 434 } 435 } 436 437 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 438 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == true) { 439 return false; 440 } 441 } 442 443 if (IS_FC_WEP(pbyFrame)) { 444 bool bRxDecryOK = false; 445 446 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx WEP pkt\n"); 447 bIsWEP = true; 448 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { 449 pKey = &STempKey; 450 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; 451 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; 452 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; 453 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; 454 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; 455 memcpy(pKey->abyKey, 456 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], 457 pKey->uKeyLength 458); 459 460 bRxDecryOK = s_bHostWepRxEncryption(pDevice, 461 pbyFrame, 462 FrameSize, 463 pbyRsr, 464 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, 465 pKey, 466 pbyNewRsr, 467 &bExtIV, 468 &wRxTSC15_0, 469 &dwRxTSC47_16); 470 } else { 471 bRxDecryOK = s_bHandleRxEncryption(pDevice, 472 pbyFrame, 473 FrameSize, 474 pbyRsr, 475 pbyNewRsr, 476 &pKey, 477 &bExtIV, 478 &wRxTSC15_0, 479 &dwRxTSC47_16); 480 } 481 482 if (bRxDecryOK) { 483 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { 484 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV Fail\n"); 485 if ((pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 486 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 487 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 488 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 489 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 490 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 491 pDevice->s802_11Counter.TKIPICVErrors++; 492 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) { 493 pDevice->s802_11Counter.CCMPDecryptErrors++; 494 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) { 495// pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++; 496 } 497 } 498 return false; 499 } 500 } else { 501 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "WEP Func Fail\n"); 502 return false; 503 } 504 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) 505 FrameSize -= 8; // Message Integrity Code 506 else 507 FrameSize -= 4; // 4 is ICV 508 } 509 510 // 511 // RX OK 512 // 513 //remove the CRC length 514 FrameSize -= ETH_FCS_LEN; 515 516 if ((!(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address 517 (IS_FRAGMENT_PKT((skb->data+4))) 518) { 519 // defragment 520 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header)(skb->data+4), FrameSize, bIsWEP, bExtIV); 521 pDevice->s802_11Counter.ReceivedFragmentCount++; 522 if (bDeFragRx) { 523 // defrag complete 524 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; 525 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; 526 527 } else { 528 return false; 529 } 530 } 531 532// Management & Control frame Handle 533 if ((IS_TYPE_DATA((skb->data+4))) == false) { 534 // Handle Control & Manage Frame 535 536 if (IS_TYPE_MGMT((skb->data+4))) { 537 unsigned char *pbyData1; 538 unsigned char *pbyData2; 539 540 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4); 541 pRxPacket->cbMPDULen = FrameSize; 542 pRxPacket->uRSSI = *pbyRSSI; 543 pRxPacket->bySQ = *pbySQ; 544 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime)); 545 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime)); 546 if (bIsWEP) { 547 // strip IV 548 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4); 549 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4; 550 for (ii = 0; ii < (FrameSize - 4); ii++) { 551 *pbyData1 = *pbyData2; 552 pbyData1++; 553 pbyData2++; 554 } 555 } 556 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); 557 pRxPacket->byRxChannel = (*pbyRxSts) >> 2; 558//PLICE_DEBUG-> 559//EnQueue(pDevice,pRxPacket); 560 561#ifdef THREAD 562 EnQueue(pDevice, pRxPacket); 563 564 //up(&pDevice->mlme_semaphore); 565 //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt); 566#else 567 568#ifdef TASK_LET 569 EnQueue(pDevice, pRxPacket); 570 tasklet_schedule(&pDevice->RxMngWorkItem); 571#else 572 vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 573 //tasklet_schedule(&pDevice->RxMngWorkItem); 574#endif 575 576#endif 577//PLICE_DEBUG<- 578 //vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 579 // hostap Deamon handle 802.11 management 580 if (pDevice->bEnableHostapd) { 581 skb->dev = pDevice->apdev; 582 skb->data += 4; 583 skb->tail += 4; 584 skb_put(skb, FrameSize); 585 skb_reset_mac_header(skb); 586 skb->pkt_type = PACKET_OTHERHOST; 587 skb->protocol = htons(ETH_P_802_2); 588 memset(skb->cb, 0, sizeof(skb->cb)); 589 netif_rx(skb); 590 return true; 591 } 592 } else { 593 // Control Frame 594 }; 595 return false; 596 } else { 597 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 598 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. 599 if (!(*pbyRsr & RSR_BSSIDOK)) { 600 if (bDeFragRx) { 601 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 602 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 603 pDevice->dev->name); 604 } 605 } 606 return false; 607 } 608 } else { 609 // discard DATA packet while not associate || BSSID error 610 if ((pDevice->bLinkPass == false) || 611 !(*pbyRsr & RSR_BSSIDOK)) { 612 if (bDeFragRx) { 613 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 614 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 615 pDevice->dev->name); 616 } 617 } 618 return false; 619 } 620 //mike add:station mode check eapol-key challenge---> 621 { 622 unsigned char Protocol_Version; //802.1x Authentication 623 unsigned char Packet_Type; //802.1x Authentication 624 if (bIsWEP) 625 cbIVOffset = 8; 626 else 627 cbIVOffset = 0; 628 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | 629 skb->data[cbIVOffset + 8 + 24 + 6 + 1]; 630 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1]; 631 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1 + 1]; 632 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header 633 if (((Protocol_Version == 1) || (Protocol_Version == 2)) && 634 (Packet_Type == 3)) { //802.1x OR eapol-key challenge frame receive 635 bRxeapol_key = true; 636 } 637 } 638 } 639 //mike add:station mode check eapol-key challenge<--- 640 } 641 } 642 643// Data frame Handle 644 645 if (pDevice->bEnablePSMode) { 646 if (IS_FC_MOREDATA((skb->data+4))) { 647 if (*pbyRsr & RSR_ADDROK) { 648 //PSbSendPSPOLL((PSDevice)pDevice); 649 } 650 } else { 651 if (pDevice->pMgmt->bInTIMWake == true) { 652 pDevice->pMgmt->bInTIMWake = false; 653 } 654 } 655 } 656 657 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps 658 if (pDevice->bDiversityEnable && (FrameSize > 50) && 659 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) && 660 (pDevice->bLinkPass == true)) { 661 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); 662 } 663 664 if (pDevice->byLocalID != REV_ID_VT3253_B1) { 665 pDevice->uCurrRSSI = *pbyRSSI; 666 } 667 pDevice->byCurrSQ = *pbySQ; 668 669 if ((*pbyRSSI != 0) && 670 (pMgmt->pCurrBSS != NULL)) { 671 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 672 // Monitor if RSSI is too strong. 673 pMgmt->pCurrBSS->byRSSIStatCnt++; 674 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; 675 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; 676 for (ii = 0; ii < RSSI_STAT_COUNT; ii++) { 677 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) { 678 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); 679 } 680 } 681 } 682 683 // ----------------------------------------------- 684 685 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == true)) { 686 unsigned char abyMacHdr[24]; 687 688 // Only 802.1x packet incoming allowed 689 if (bIsWEP) 690 cbIVOffset = 8; 691 else 692 cbIVOffset = 0; 693 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) | 694 skb->data[cbIVOffset + 4 + 24 + 6 + 1]; 695 696 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wEtherType = %04x \n", wEtherType); 697 if (wEtherType == ETH_P_PAE) { 698 skb->dev = pDevice->apdev; 699 700 if (bIsWEP == true) { 701 // strip IV header(8) 702 memcpy(&abyMacHdr[0], (skb->data + 4), 24); 703 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24); 704 } 705 skb->data += (cbIVOffset + 4); 706 skb->tail += (cbIVOffset + 4); 707 skb_put(skb, FrameSize); 708 skb_reset_mac_header(skb); 709 710 skb->pkt_type = PACKET_OTHERHOST; 711 skb->protocol = htons(ETH_P_802_2); 712 memset(skb->cb, 0, sizeof(skb->cb)); 713 netif_rx(skb); 714 return true; 715 716 } 717 // check if 802.1x authorized 718 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) 719 return false; 720 } 721 722 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 723 if (bIsWEP) { 724 FrameSize -= 8; //MIC 725 } 726 } 727 728 //-------------------------------------------------------------------------------- 729 // Soft MIC 730 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 731 if (bIsWEP) { 732 unsigned long *pdwMIC_L; 733 unsigned long *pdwMIC_R; 734 unsigned long dwMIC_Priority; 735 unsigned long dwMICKey0 = 0, dwMICKey1 = 0; 736 unsigned long dwLocalMIC_L = 0; 737 unsigned long dwLocalMIC_R = 0; 738 viawget_wpa_header *wpahdr; 739 740 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 741 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[24])); 742 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[28])); 743 } else { 744 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { 745 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[16])); 746 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[20])); 747 } else if ((pKey->dwKeyIndex & BIT28) == 0) { 748 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[16])); 749 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[20])); 750 } else { 751 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[24])); 752 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[28])); 753 } 754 } 755 756 MIC_vInit(dwMICKey0, dwMICKey1); 757 MIC_vAppend((unsigned char *)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); 758 dwMIC_Priority = 0; 759 MIC_vAppend((unsigned char *)&dwMIC_Priority, 4); 760 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. 761 MIC_vAppend((unsigned char *)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8), 762 FrameSize - WLAN_HDR_ADDR3_LEN - 8); 763 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); 764 MIC_vUnInit(); 765 766 pdwMIC_L = (unsigned long *)(skb->data + 4 + FrameSize); 767 pdwMIC_R = (unsigned long *)(skb->data + 4 + FrameSize + 4); 768 //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R)); 769 //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R)); 770 //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1); 771 772 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || 773 (pDevice->bRxMICFail == true)) { 774 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "MIC comparison is fail!\n"); 775 pDevice->bRxMICFail = false; 776 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; 777 pDevice->s802_11Counter.TKIPLocalMICFailures++; 778 if (bDeFragRx) { 779 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 780 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 781 pDevice->dev->name); 782 } 783 } 784 //2008-0409-07, <Add> by Einsn Liu 785#ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT 786 //send event to wpa_supplicant 787 { 788 union iwreq_data wrqu; 789 struct iw_michaelmicfailure ev; 790 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits 791 memset(&ev, 0, sizeof(ev)); 792 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 793 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 794 (pMgmt->eCurrState == WMAC_STATE_ASSOC) && 795 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 796 ev.flags |= IW_MICFAILURE_PAIRWISE; 797 } else { 798 ev.flags |= IW_MICFAILURE_GROUP; 799 } 800 801 ev.src_addr.sa_family = ARPHRD_ETHER; 802 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); 803 memset(&wrqu, 0, sizeof(wrqu)); 804 wrqu.data.length = sizeof(ev); 805 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); 806 807 } 808#endif 809 810 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) { 811 wpahdr = (viawget_wpa_header *)pDevice->skb->data; 812 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 813 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) && 814 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 815 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR; 816 wpahdr->type = VIAWGET_PTK_MIC_MSG; 817 } else { 818 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR; 819 wpahdr->type = VIAWGET_GTK_MIC_MSG; 820 } 821 wpahdr->resp_ie_len = 0; 822 wpahdr->req_ie_len = 0; 823 skb_put(pDevice->skb, sizeof(viawget_wpa_header)); 824 pDevice->skb->dev = pDevice->wpadev; 825 skb_reset_mac_header(pDevice->skb); 826 pDevice->skb->pkt_type = PACKET_HOST; 827 pDevice->skb->protocol = htons(ETH_P_802_2); 828 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); 829 netif_rx(pDevice->skb); 830 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); 831 } 832 833 return false; 834 835 } 836 } 837 } //---end of SOFT MIC----------------------------------------------------------------------- 838 839 // ++++++++++ Reply Counter Check +++++++++++++ 840 841 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || 842 (pKey->byCipherSuite == KEY_CTL_CCMP))) { 843 if (bIsWEP) { 844 unsigned short wLocalTSC15_0 = 0; 845 unsigned long dwLocalTSC47_16 = 0; 846 unsigned long long RSC = 0; 847 // endian issues 848 RSC = *((unsigned long long *)&(pKey->KeyRSC)); 849 wLocalTSC15_0 = (unsigned short)RSC; 850 dwLocalTSC47_16 = (unsigned long)(RSC>>16); 851 852 RSC = dwRxTSC47_16; 853 RSC <<= 16; 854 RSC += wRxTSC15_0; 855 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD)); 856 857 if ((pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && 858 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { 859 // check RSC 860 if ((wRxTSC15_0 < wLocalTSC15_0) && 861 (dwRxTSC47_16 <= dwLocalTSC47_16) && 862 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { 863 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC is illegal~~!\n "); 864 if (pKey->byCipherSuite == KEY_CTL_TKIP) 865 //pDevice->s802_11Counter.TKIPReplays.QuadPart++; 866 pDevice->s802_11Counter.TKIPReplays++; 867 else 868 //pDevice->s802_11Counter.CCMPReplays.QuadPart++; 869 pDevice->s802_11Counter.CCMPReplays++; 870 871 if (bDeFragRx) { 872 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 873 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 874 pDevice->dev->name); 875 } 876 } 877 return false; 878 } 879 } 880 } 881 } // ----- End of Reply Counter Check -------------------------- 882 883 if ((pKey != NULL) && (bIsWEP)) { 884// pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++; 885 } 886 887 s_vProcessRxMACHeader(pDevice, (unsigned char *)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); 888 FrameSize -= cbHeaderOffset; 889 cbHeaderOffset += 4; // 4 is Rcv buffer header 890 891 // Null data, framesize = 14 892 if (FrameSize < 15) 893 return false; 894 895 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 896 if (s_bAPModeRxData(pDevice, 897 skb, 898 FrameSize, 899 cbHeaderOffset, 900 iSANodeIndex, 901 iDANodeIndex 902) == false) { 903 if (bDeFragRx) { 904 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 905 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 906 pDevice->dev->name); 907 } 908 } 909 return false; 910 } 911 } 912 913 skb->data += cbHeaderOffset; 914 skb->tail += cbHeaderOffset; 915 skb_put(skb, FrameSize); 916 skb->protocol = eth_type_trans(skb, skb->dev); 917 918 //drop frame not met IEEE 802.3 919/* 920 if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) { 921 if ((skb->protocol==htons(ETH_P_802_3)) && 922 (skb->len!=htons(skb->mac.ethernet->h_proto))) { 923 pStats->rx_length_errors++; 924 pStats->rx_dropped++; 925 if (bDeFragRx) { 926 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 927 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 928 pDevice->dev->name); 929 } 930 } 931 return false; 932 } 933 } 934*/ 935 936 skb->ip_summed = CHECKSUM_NONE; 937 pStats->rx_bytes += skb->len; 938 pStats->rx_packets++; 939 netif_rx(skb); 940 941 if (bDeFragRx) { 942 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 943 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 944 pDevice->dev->name); 945 } 946 return false; 947 } 948 949 return true; 950} 951 952static bool s_bAPModeRxCtl( 953 PSDevice pDevice, 954 unsigned char *pbyFrame, 955 int iSANodeIndex 956) 957{ 958 PS802_11Header p802_11Header; 959 CMD_STATUS Status; 960 PSMgmtObject pMgmt = pDevice->pMgmt; 961 962 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 963 p802_11Header = (PS802_11Header)(pbyFrame); 964 if (!IS_TYPE_MGMT(pbyFrame)) { 965 // Data & PS-Poll packet 966 // check frame class 967 if (iSANodeIndex > 0) { 968 // frame class 3 fliter & checking 969 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { 970 // send deauth notification 971 // reason = (6) class 2 received from nonauth sta 972 vMgrDeAuthenBeginSta(pDevice, 973 pMgmt, 974 (unsigned char *)(p802_11Header->abyAddr2), 975 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 976 &Status 977); 978 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); 979 return true; 980 } 981 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { 982 // send deassoc notification 983 // reason = (7) class 3 received from nonassoc sta 984 vMgrDisassocBeginSta(pDevice, 985 pMgmt, 986 (unsigned char *)(p802_11Header->abyAddr2), 987 (WLAN_MGMT_REASON_CLASS3_NONASSOC), 988 &Status 989); 990 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); 991 return true; 992 } 993 994 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { 995 // delcare received ps-poll event 996 if (IS_CTL_PSPOLL(pbyFrame)) { 997 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 998 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 999 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); 1000 } else { 1001 // check Data PS state 1002 // if PW bit off, send out all PS bufferring packets. 1003 if (!IS_FC_POWERMGT(pbyFrame)) { 1004 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false; 1005 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 1006 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1007 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); 1008 } 1009 } 1010 } else { 1011 if (IS_FC_POWERMGT(pbyFrame)) { 1012 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = true; 1013 // Once if STA in PS state, enable multicast bufferring 1014 pMgmt->sNodeDBTable[0].bPSEnable = true; 1015 } else { 1016 // clear all pending PS frame. 1017 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { 1018 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false; 1019 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 1020 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1021 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); 1022 1023 } 1024 } 1025 } 1026 } else { 1027 vMgrDeAuthenBeginSta(pDevice, 1028 pMgmt, 1029 (unsigned char *)(p802_11Header->abyAddr2), 1030 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1031 &Status 1032); 1033 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); 1034 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%pM\n", 1035 p802_11Header->abyAddr3); 1036 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%pM\n", 1037 p802_11Header->abyAddr2); 1038 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%pM\n", 1039 p802_11Header->abyAddr1); 1040 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl); 1041 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode)); 1042 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode); 1043 return true; 1044 } 1045 } 1046 } 1047 return false; 1048} 1049 1050static bool s_bHandleRxEncryption( 1051 PSDevice pDevice, 1052 unsigned char *pbyFrame, 1053 unsigned int FrameSize, 1054 unsigned char *pbyRsr, 1055 unsigned char *pbyNewRsr, 1056 PSKeyItem *pKeyOut, 1057 bool *pbExtIV, 1058 unsigned short *pwRxTSC15_0, 1059 unsigned long *pdwRxTSC47_16 1060) 1061{ 1062 unsigned int PayloadLen = FrameSize; 1063 unsigned char *pbyIV; 1064 unsigned char byKeyIdx; 1065 PSKeyItem pKey = NULL; 1066 unsigned char byDecMode = KEY_CTL_WEP; 1067 PSMgmtObject pMgmt = pDevice->pMgmt; 1068 1069 *pwRxTSC15_0 = 0; 1070 *pdwRxTSC47_16 = 0; 1071 1072 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1073 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) && 1074 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) { 1075 pbyIV += 6; // 6 is 802.11 address4 1076 PayloadLen -= 6; 1077 } 1078 byKeyIdx = (*(pbyIV+3) & 0xc0); 1079 byKeyIdx >>= 6; 1080 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "\nKeyIdx: %d\n", byKeyIdx); 1081 1082 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 1083 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 1084 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 1085 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 1086 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 1087 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && 1088 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) { 1089 // unicast pkt use pairwise key 1090 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "unicast pkt\n"); 1091 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == true) { 1092 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP) 1093 byDecMode = KEY_CTL_TKIP; 1094 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP) 1095 byDecMode = KEY_CTL_CCMP; 1096 } 1097 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "unicast pkt: %d, %p\n", byDecMode, pKey); 1098 } else { 1099 // use group key 1100 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); 1101 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1102 byDecMode = KEY_CTL_TKIP; 1103 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1104 byDecMode = KEY_CTL_CCMP; 1105 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); 1106 } 1107 } 1108 // our WEP only support Default Key 1109 if (pKey == NULL) { 1110 // use default group key 1111 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); 1112 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1113 byDecMode = KEY_CTL_TKIP; 1114 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1115 byDecMode = KEY_CTL_CCMP; 1116 } 1117 *pKeyOut = pKey; 1118 1119 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1120 1121 if (pKey == NULL) { 1122 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "pKey == NULL\n"); 1123 if (byDecMode == KEY_CTL_WEP) { 1124// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1125 } else if (pDevice->bLinkPass == true) { 1126// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1127 } 1128 return false; 1129 } 1130 if (byDecMode != pKey->byCipherSuite) { 1131 if (byDecMode == KEY_CTL_WEP) { 1132// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1133 } else if (pDevice->bLinkPass == true) { 1134// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1135 } 1136 *pKeyOut = NULL; 1137 return false; 1138 } 1139 if (byDecMode == KEY_CTL_WEP) { 1140 // handle WEP 1141 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1142 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true)) { 1143 // Software WEP 1144 // 1. 3253A 1145 // 2. WEP 256 1146 1147 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1148 memcpy(pDevice->abyPRNG, pbyIV, 3); 1149 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1150 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1151 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1152 1153 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1154 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1155 } 1156 } 1157 } else if ((byDecMode == KEY_CTL_TKIP) || 1158 (byDecMode == KEY_CTL_CCMP)) { 1159 // TKIP/AES 1160 1161 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1162 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4)); 1163 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ExtIV: %lx\n", *pdwRxTSC47_16); 1164 if (byDecMode == KEY_CTL_TKIP) { 1165 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV + 2), *pbyIV)); 1166 } else { 1167 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV); 1168 } 1169 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC0_15: %x\n", *pwRxTSC15_0); 1170 1171 if ((byDecMode == KEY_CTL_TKIP) && 1172 (pDevice->byLocalID <= REV_ID_VT3253_A1)) { 1173 // Software TKIP 1174 // 1. 3253 A 1175 PS802_11Header pMACHeader = (PS802_11Header)(pbyFrame); 1176 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1177 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1178 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1179 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1180 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1181 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV OK!\n"); 1182 } else { 1183 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV FAIL!!!\n"); 1184 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "PayloadLen = %d\n", PayloadLen); 1185 } 1186 } 1187 }// end of TKIP/AES 1188 1189 if ((*(pbyIV+3) & 0x20) != 0) 1190 *pbExtIV = true; 1191 return true; 1192} 1193 1194static bool s_bHostWepRxEncryption( 1195 PSDevice pDevice, 1196 unsigned char *pbyFrame, 1197 unsigned int FrameSize, 1198 unsigned char *pbyRsr, 1199 bool bOnFly, 1200 PSKeyItem pKey, 1201 unsigned char *pbyNewRsr, 1202 bool *pbExtIV, 1203 unsigned short *pwRxTSC15_0, 1204 unsigned long *pdwRxTSC47_16 1205) 1206{ 1207 unsigned int PayloadLen = FrameSize; 1208 unsigned char *pbyIV; 1209 unsigned char byKeyIdx; 1210 unsigned char byDecMode = KEY_CTL_WEP; 1211 PS802_11Header pMACHeader; 1212 1213 *pwRxTSC15_0 = 0; 1214 *pdwRxTSC47_16 = 0; 1215 1216 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1217 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) && 1218 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) { 1219 pbyIV += 6; // 6 is 802.11 address4 1220 PayloadLen -= 6; 1221 } 1222 byKeyIdx = (*(pbyIV+3) & 0xc0); 1223 byKeyIdx >>= 6; 1224 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "\nKeyIdx: %d\n", byKeyIdx); 1225 1226 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1227 byDecMode = KEY_CTL_TKIP; 1228 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1229 byDecMode = KEY_CTL_CCMP; 1230 1231 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1232 1233 if (byDecMode != pKey->byCipherSuite) { 1234 if (byDecMode == KEY_CTL_WEP) { 1235// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1236 } else if (pDevice->bLinkPass == true) { 1237// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1238 } 1239 return false; 1240 } 1241 1242 if (byDecMode == KEY_CTL_WEP) { 1243 // handle WEP 1244 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "byDecMode == KEY_CTL_WEP \n"); 1245 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1246 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true) || 1247 (bOnFly == false)) { 1248 // Software WEP 1249 // 1. 3253A 1250 // 2. WEP 256 1251 // 3. NotOnFly 1252 1253 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1254 memcpy(pDevice->abyPRNG, pbyIV, 3); 1255 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1256 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1257 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1258 1259 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1260 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1261 } 1262 } 1263 } else if ((byDecMode == KEY_CTL_TKIP) || 1264 (byDecMode == KEY_CTL_CCMP)) { 1265 // TKIP/AES 1266 1267 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1268 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4)); 1269 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ExtIV: %lx\n", *pdwRxTSC47_16); 1270 1271 if (byDecMode == KEY_CTL_TKIP) { 1272 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1273 } else { 1274 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV); 1275 } 1276 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC0_15: %x\n", *pwRxTSC15_0); 1277 1278 if (byDecMode == KEY_CTL_TKIP) { 1279 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == false)) { 1280 // Software TKIP 1281 // 1. 3253 A 1282 // 2. NotOnFly 1283 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "soft KEY_CTL_TKIP \n"); 1284 pMACHeader = (PS802_11Header)(pbyFrame); 1285 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1286 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1287 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1288 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1289 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1290 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV OK!\n"); 1291 } else { 1292 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV FAIL!!!\n"); 1293 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "PayloadLen = %d\n", PayloadLen); 1294 } 1295 } 1296 } 1297 1298 if (byDecMode == KEY_CTL_CCMP) { 1299 if (bOnFly == false) { 1300 // Software CCMP 1301 // NotOnFly 1302 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "soft KEY_CTL_CCMP\n"); 1303 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) { 1304 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1305 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "CCMP MIC compare OK!\n"); 1306 } else { 1307 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "CCMP MIC fail!\n"); 1308 } 1309 } 1310 } 1311 1312 }// end of TKIP/AES 1313 1314 if ((*(pbyIV+3) & 0x20) != 0) 1315 *pbExtIV = true; 1316 return true; 1317} 1318 1319static bool s_bAPModeRxData( 1320 PSDevice pDevice, 1321 struct sk_buff *skb, 1322 unsigned int FrameSize, 1323 unsigned int cbHeaderOffset, 1324 int iSANodeIndex, 1325 int iDANodeIndex 1326) 1327{ 1328 PSMgmtObject pMgmt = pDevice->pMgmt; 1329 bool bRelayAndForward = false; 1330 bool bRelayOnly = false; 1331 unsigned char byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80}; 1332 unsigned short wAID; 1333 1334 struct sk_buff *skbcpy = NULL; 1335 1336 if (FrameSize > CB_MAX_BUF_SIZE) 1337 return false; 1338 // check DA 1339 if (is_multicast_ether_addr((unsigned char *)(skb->data+cbHeaderOffset))) { 1340 if (pMgmt->sNodeDBTable[0].bPSEnable) { 1341 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz); 1342 1343 // if any node in PS mode, buffer packet until DTIM. 1344 if (skbcpy == NULL) { 1345 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n"); 1346 } else { 1347 skbcpy->dev = pDevice->dev; 1348 skbcpy->len = FrameSize; 1349 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize); 1350 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy); 1351 1352 pMgmt->sNodeDBTable[0].wEnQueueCnt++; 1353 // set tx map 1354 pMgmt->abyPSTxMap[0] |= byMask[0]; 1355 } 1356 } else { 1357 bRelayAndForward = true; 1358 } 1359 } else { 1360 // check if relay 1361 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(skb->data+cbHeaderOffset), &iDANodeIndex)) { 1362 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) { 1363 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) { 1364 // queue this skb until next PS tx, and then release. 1365 1366 skb->data += cbHeaderOffset; 1367 skb->tail += cbHeaderOffset; 1368 skb_put(skb, FrameSize); 1369 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb); 1370 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++; 1371 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID; 1372 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7]; 1373 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n", 1374 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]); 1375 return true; 1376 } else { 1377 bRelayOnly = true; 1378 } 1379 } 1380 } 1381 } 1382 1383 if (bRelayOnly || bRelayAndForward) { 1384 // relay this packet right now 1385 if (bRelayAndForward) 1386 iDANodeIndex = 0; 1387 1388 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) { 1389 ROUTEbRelay(pDevice, (unsigned char *)(skb->data + cbHeaderOffset), FrameSize, (unsigned int)iDANodeIndex); 1390 } 1391 1392 if (bRelayOnly) 1393 return false; 1394 } 1395 // none associate, don't forward 1396 if (pDevice->uAssocCount == 0) 1397 return false; 1398 1399 return true; 1400} 1401