dpc.c revision e64354c0be3b7134c85571a525b2e37fc4a95eef
1/* 2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. 3 * All rights reserved. 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License along 16 * with this program; if not, write to the Free Software Foundation, Inc., 17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * File: dpc.c 20 * 21 * Purpose: handle dpc rx functions 22 * 23 * Author: Lyndon Chen 24 * 25 * Date: May 20, 2003 26 * 27 * Functions: 28 * device_receive_frame - Rcv 802.11 frame function 29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl. 30 * s_bAPModeRxData- AP Rcv data frame handle 31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly 32 * s_bHostWepRxEncryption- Rcv encrypted data via host 33 * s_byGetRateIdx- get rate index 34 * s_vGetDASA- get data offset 35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 36 * 37 * Revision History: 38 * 39 */ 40 41#include "device.h" 42#include "rxtx.h" 43#include "tether.h" 44#include "card.h" 45#include "bssdb.h" 46#include "mac.h" 47#include "baseband.h" 48#include "michael.h" 49#include "tkip.h" 50#include "tcrc.h" 51#include "wctl.h" 52#include "wroute.h" 53#include "hostap.h" 54#include "rf.h" 55#include "iowpa.h" 56#include "aes_ccmp.h" 57 58//#define PLICE_DEBUG 59 60 61/*--------------------- Static Definitions -------------------------*/ 62 63/*--------------------- Static Classes ----------------------------*/ 64 65/*--------------------- Static Variables --------------------------*/ 66//static int msglevel =MSG_LEVEL_DEBUG; 67static int msglevel =MSG_LEVEL_INFO; 68 69const BYTE acbyRxRate[MAX_RATE] = 70{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; 71 72 73/*--------------------- Static Functions --------------------------*/ 74 75/*--------------------- Static Definitions -------------------------*/ 76 77/*--------------------- Static Functions --------------------------*/ 78 79static BYTE s_byGetRateIdx(IN BYTE byRate); 80 81 82static 83void 84s_vGetDASA( 85 IN PBYTE pbyRxBufferAddr, 86 OUT PUINT pcbHeaderSize, 87 OUT PSEthernetHeader psEthHeader 88 ); 89 90static 91void 92s_vProcessRxMACHeader ( 93 IN PSDevice pDevice, 94 IN PBYTE pbyRxBufferAddr, 95 IN UINT cbPacketSize, 96 IN BOOL bIsWEP, 97 IN BOOL bExtIV, 98 OUT PUINT pcbHeadSize 99 ); 100 101static BOOL s_bAPModeRxCtl( 102 IN PSDevice pDevice, 103 IN PBYTE pbyFrame, 104 IN INT iSANodeIndex 105 ); 106 107 108 109static BOOL s_bAPModeRxData ( 110 IN PSDevice pDevice, 111 IN struct sk_buff* skb, 112 IN UINT FrameSize, 113 IN UINT cbHeaderOffset, 114 IN INT iSANodeIndex, 115 IN INT iDANodeIndex 116 ); 117 118 119static BOOL s_bHandleRxEncryption( 120 IN PSDevice pDevice, 121 IN PBYTE pbyFrame, 122 IN UINT FrameSize, 123 IN PBYTE pbyRsr, 124 OUT PBYTE pbyNewRsr, 125 OUT PSKeyItem *pKeyOut, 126 int * pbExtIV, 127 OUT PWORD pwRxTSC15_0, 128 OUT PDWORD pdwRxTSC47_16 129 ); 130 131static BOOL s_bHostWepRxEncryption( 132 133 IN PSDevice pDevice, 134 IN PBYTE pbyFrame, 135 IN UINT FrameSize, 136 IN PBYTE pbyRsr, 137 IN BOOL bOnFly, 138 IN PSKeyItem pKey, 139 OUT PBYTE pbyNewRsr, 140 int * pbExtIV, 141 OUT PWORD pwRxTSC15_0, 142 OUT PDWORD pdwRxTSC47_16 143 144 ); 145 146/*--------------------- Export Variables --------------------------*/ 147 148/*+ 149 * 150 * Description: 151 * Translate Rcv 802.11 header to 802.3 header with Rx buffer 152 * 153 * Parameters: 154 * In: 155 * pDevice 156 * dwRxBufferAddr - Address of Rcv Buffer 157 * cbPacketSize - Rcv Packet size 158 * bIsWEP - If Rcv with WEP 159 * Out: 160 * pcbHeaderSize - 802.11 header size 161 * 162 * Return Value: None 163 * 164-*/ 165static 166void 167s_vProcessRxMACHeader ( 168 IN PSDevice pDevice, 169 IN PBYTE pbyRxBufferAddr, 170 IN UINT cbPacketSize, 171 IN BOOL bIsWEP, 172 IN BOOL bExtIV, 173 OUT PUINT pcbHeadSize 174 ) 175{ 176 PBYTE pbyRxBuffer; 177 UINT cbHeaderSize = 0; 178 PWORD pwType; 179 PS802_11Header pMACHeader; 180 int ii; 181 182 183 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 184 185 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); 186 187 if (bIsWEP) { 188 if (bExtIV) { 189 // strip IV&ExtIV , add 8 byte 190 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); 191 } else { 192 // strip IV , add 4 byte 193 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); 194 } 195 } 196 else { 197 cbHeaderSize += WLAN_HDR_ADDR3_LEN; 198 }; 199 200 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); 201 if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) { 202 cbHeaderSize += 6; 203 } 204 else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) { 205 cbHeaderSize += 6; 206 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); 207 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) { 208 } 209 else { 210 cbHeaderSize -= 8; 211 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); 212 if (bIsWEP) { 213 if (bExtIV) { 214 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 215 } else { 216 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 217 } 218 } 219 else { 220 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 221 } 222 } 223 } 224 else { 225 cbHeaderSize -= 2; 226 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); 227 if (bIsWEP) { 228 if (bExtIV) { 229 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 230 } else { 231 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 232 } 233 } 234 else { 235 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 236 } 237 } 238 239 cbHeaderSize -= (U_ETHER_ADDR_LEN * 2); 240 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); 241 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) 242 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; 243 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) 244 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; 245 246 *pcbHeadSize = cbHeaderSize; 247} 248 249 250 251 252static BYTE s_byGetRateIdx (IN BYTE byRate) 253{ 254 BYTE byRateIdx; 255 256 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) { 257 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate) 258 return byRateIdx; 259 } 260 return 0; 261} 262 263 264static 265void 266s_vGetDASA ( 267 IN PBYTE pbyRxBufferAddr, 268 OUT PUINT pcbHeaderSize, 269 OUT PSEthernetHeader psEthHeader 270 ) 271{ 272 UINT cbHeaderSize = 0; 273 PS802_11Header pMACHeader; 274 int ii; 275 276 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 277 278 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { 279 if (pMACHeader->wFrameCtl & FC_FROMDS) { 280 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) { 281 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 282 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii]; 283 } 284 } 285 else { 286 // IBSS mode 287 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) { 288 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 289 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 290 } 291 } 292 } 293 else { 294 // Is AP mode.. 295 if (pMACHeader->wFrameCtl & FC_FROMDS) { 296 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) { 297 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 298 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii]; 299 cbHeaderSize += 6; 300 } 301 } 302 else { 303 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) { 304 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 305 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 306 } 307 } 308 }; 309 *pcbHeaderSize = cbHeaderSize; 310} 311 312 313 314 315//PLICE_DEBUG -> 316 317void MngWorkItem(void *Context) 318{ 319 PSRxMgmtPacket pRxMgmtPacket; 320 PSDevice pDevice = (PSDevice) Context; 321 //printk("Enter MngWorkItem,Queue packet num is %d\n",pDevice->rxManeQueue.packet_num); 322 spin_lock_irq(&pDevice->lock); 323 while(pDevice->rxManeQueue.packet_num != 0) 324 { 325 pRxMgmtPacket = DeQueue(pDevice); 326 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket); 327 } 328 spin_unlock_irq(&pDevice->lock); 329} 330 331 332//PLICE_DEBUG<- 333 334 335 336BOOL 337device_receive_frame ( 338 IN PSDevice pDevice, 339 IN PSRxDesc pCurrRD 340 ) 341{ 342 343 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo; 344#ifdef PLICE_DEBUG 345 //printk("device_receive_frame:pCurrRD is %x,pRDInfo is %x\n",pCurrRD,pCurrRD->pRDInfo); 346#endif 347 struct net_device_stats* pStats=&pDevice->stats; 348 struct sk_buff* skb; 349 PSMgmtObject pMgmt = pDevice->pMgmt; 350 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket); 351 PS802_11Header p802_11Header; 352 PBYTE pbyRsr; 353 PBYTE pbyNewRsr; 354 PBYTE pbyRSSI; 355 PQWORD pqwTSFTime; 356 PWORD pwFrameSize; 357 PBYTE pbyFrame; 358 BOOL bDeFragRx = FALSE; 359 BOOL bIsWEP = FALSE; 360 UINT cbHeaderOffset; 361 UINT FrameSize; 362 WORD wEtherType = 0; 363 INT iSANodeIndex = -1; 364 INT iDANodeIndex = -1; 365 UINT ii; 366 UINT cbIVOffset; 367 BOOL bExtIV = FALSE; 368 PBYTE pbyRxSts; 369 PBYTE pbyRxRate; 370 PBYTE pbySQ; 371 UINT cbHeaderSize; 372 PSKeyItem pKey = NULL; 373 WORD wRxTSC15_0 = 0; 374 DWORD dwRxTSC47_16 = 0; 375 SKeyItem STempKey; 376 // 802.11h RPI 377 DWORD dwDuration = 0; 378 LONG ldBm = 0; 379 LONG ldBmThreshold = 0; 380 PS802_11Header pMACHeader; 381 BOOL bRxeapol_key = FALSE; 382 383// DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- device_receive_frame---\n"); 384 385 skb = pRDInfo->skb; 386 387 388//PLICE_DEBUG-> 389#if 1 390 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma, 391 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE); 392#endif 393//PLICE_DEBUG<- 394 pwFrameSize = (PWORD)(skb->data + 2); 395 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount); 396 397 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 398 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 399 if ((FrameSize > 2364)||(FrameSize <= 32)) { 400 // Frame Size error drop this packet. 401 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n"); 402 return FALSE; 403 } 404 405 pbyRxSts = (PBYTE) (skb->data); 406 pbyRxRate = (PBYTE) (skb->data + 1); 407 pbyRsr = (PBYTE) (skb->data + FrameSize - 1); 408 pbyRSSI = (PBYTE) (skb->data + FrameSize - 2); 409 pbyNewRsr = (PBYTE) (skb->data + FrameSize - 3); 410 pbySQ = (PBYTE) (skb->data + FrameSize - 4); 411 pqwTSFTime = (PQWORD) (skb->data + FrameSize - 12); 412 pbyFrame = (PBYTE)(skb->data + 4); 413 414 // get packet size 415 FrameSize = cpu_to_le16(*pwFrameSize); 416 417 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC 418 // Min: 14 bytes ACK 419 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n"); 420 return FALSE; 421 } 422//PLICE_DEBUG-> 423#if 1 424 // update receive statistic counter 425 STAvUpdateRDStatCounter(&pDevice->scStatistic, 426 *pbyRsr, 427 *pbyNewRsr, 428 *pbyRxRate, 429 pbyFrame, 430 FrameSize); 431 432#endif 433 434 pMACHeader=(PS802_11Header)((PBYTE) (skb->data)+8); 435//PLICE_DEBUG<- 436 if (pDevice->bMeasureInProgress == TRUE) { 437 if ((*pbyRsr & RSR_CRCOK) != 0) { 438 pDevice->byBasicMap |= 0x01; 439 } 440 dwDuration = (FrameSize << 4); 441 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE]; 442 if (*pbyRxRate <= RATE_11M) { 443 if (*pbyRxSts & 0x01) { 444 // long preamble 445 dwDuration += 192; 446 } else { 447 // short preamble 448 dwDuration += 96; 449 } 450 } else { 451 dwDuration += 16; 452 } 453 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 454 ldBmThreshold = -57; 455 for (ii = 7; ii > 0;) { 456 if (ldBm > ldBmThreshold) { 457 break; 458 } 459 ldBmThreshold -= 5; 460 ii--; 461 } 462 pDevice->dwRPIs[ii] += dwDuration; 463 return FALSE; 464 } 465 466 if (!IS_MULTICAST_ADDRESS(pbyFrame) && !IS_BROADCAST_ADDRESS(pbyFrame)) { 467 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) (skb->data + 4))) { 468 pDevice->s802_11Counter.FrameDuplicateCount++; 469 return FALSE; 470 } 471 } 472 473 474 // Use for TKIP MIC 475 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader); 476 477 // filter packet send from myself 478 if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr)) 479 return FALSE; 480 481 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { 482 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 483 p802_11Header = (PS802_11Header) (pbyFrame); 484 // get SA NodeIndex 485 if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) { 486 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; 487 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; 488 } 489 } 490 } 491 492 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 493 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) { 494 return FALSE; 495 } 496 } 497 498 499 if (IS_FC_WEP(pbyFrame)) { 500 BOOL bRxDecryOK = FALSE; 501 502 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n"); 503 bIsWEP = TRUE; 504 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { 505 pKey = &STempKey; 506 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; 507 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; 508 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; 509 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; 510 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; 511 memcpy(pKey->abyKey, 512 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], 513 pKey->uKeyLength 514 ); 515 516 bRxDecryOK = s_bHostWepRxEncryption(pDevice, 517 pbyFrame, 518 FrameSize, 519 pbyRsr, 520 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, 521 pKey, 522 pbyNewRsr, 523 &bExtIV, 524 &wRxTSC15_0, 525 &dwRxTSC47_16); 526 } else { 527 bRxDecryOK = s_bHandleRxEncryption(pDevice, 528 pbyFrame, 529 FrameSize, 530 pbyRsr, 531 pbyNewRsr, 532 &pKey, 533 &bExtIV, 534 &wRxTSC15_0, 535 &dwRxTSC47_16); 536 } 537 538 if (bRxDecryOK) { 539 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { 540 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n"); 541 if ( (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 542 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 543 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 544 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 545 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 546 547 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 548 pDevice->s802_11Counter.TKIPICVErrors++; 549 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) { 550 pDevice->s802_11Counter.CCMPDecryptErrors++; 551 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) { 552// pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++; 553 } 554 } 555 return FALSE; 556 } 557 } else { 558 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n"); 559 return FALSE; 560 } 561 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) 562 FrameSize -= 8; // Message Integrity Code 563 else 564 FrameSize -= 4; // 4 is ICV 565 } 566 567 568 // 569 // RX OK 570 // 571 //remove the CRC length 572 FrameSize -= U_CRC_LEN; 573 574 if (( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address 575 (IS_FRAGMENT_PKT((skb->data+4))) 576 ) { 577 // defragment 578 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (skb->data+4), FrameSize, bIsWEP, bExtIV); 579 pDevice->s802_11Counter.ReceivedFragmentCount++; 580 if (bDeFragRx) { 581 // defrag complete 582 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; 583 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; 584 585 } 586 else { 587 return FALSE; 588 } 589 } 590 591 592// Management & Control frame Handle 593 if ((IS_TYPE_DATA((skb->data+4))) == FALSE) { 594 // Handle Control & Manage Frame 595 596 if (IS_TYPE_MGMT((skb->data+4))) { 597 PBYTE pbyData1; 598 PBYTE pbyData2; 599 600 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4); 601 pRxPacket->cbMPDULen = FrameSize; 602 pRxPacket->uRSSI = *pbyRSSI; 603 pRxPacket->bySQ = *pbySQ; 604 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime)); 605 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime)); 606 if (bIsWEP) { 607 // strip IV 608 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4); 609 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4; 610 for (ii = 0; ii < (FrameSize - 4); ii++) { 611 *pbyData1 = *pbyData2; 612 pbyData1++; 613 pbyData2++; 614 } 615 } 616 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); 617 pRxPacket->byRxChannel = (*pbyRxSts) >> 2; 618//PLICE_DEBUG-> 619//EnQueue(pDevice,pRxPacket); 620 621#ifdef THREAD 622 EnQueue(pDevice,pRxPacket); 623 624 //printk("enque time is %x\n",jiffies); 625 //up(&pDevice->mlme_semaphore); 626 //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt); 627#else 628 629#ifdef TASK_LET 630 EnQueue(pDevice,pRxPacket); 631 tasklet_schedule(&pDevice->RxMngWorkItem); 632#else 633//printk("RxMan\n"); 634 vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 635 //tasklet_schedule(&pDevice->RxMngWorkItem); 636#endif 637 638#endif 639//PLICE_DEBUG<- 640 //vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 641 // hostap Deamon handle 802.11 management 642 if (pDevice->bEnableHostapd) { 643 skb->dev = pDevice->apdev; 644 skb->data += 4; 645 skb->tail += 4; 646 skb_put(skb, FrameSize); 647 skb_reset_mac_header(skb); 648 skb->pkt_type = PACKET_OTHERHOST; 649 skb->protocol = htons(ETH_P_802_2); 650 memset(skb->cb, 0, sizeof(skb->cb)); 651 netif_rx(skb); 652 return TRUE; 653 } 654 } 655 else { 656 // Control Frame 657 }; 658 return FALSE; 659 } 660 else { 661 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 662 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. 663 if ( !(*pbyRsr & RSR_BSSIDOK)) { 664 if (bDeFragRx) { 665 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 666 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 667 pDevice->dev->name); 668 } 669 } 670 return FALSE; 671 } 672 } 673 else { 674 // discard DATA packet while not associate || BSSID error 675 if ((pDevice->bLinkPass == FALSE) || 676 !(*pbyRsr & RSR_BSSIDOK)) { 677 if (bDeFragRx) { 678 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 679 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 680 pDevice->dev->name); 681 } 682 } 683 return FALSE; 684 } 685 //mike add:station mode check eapol-key challenge---> 686 { 687 BYTE Protocol_Version; //802.1x Authentication 688 BYTE Packet_Type; //802.1x Authentication 689 if (bIsWEP) 690 cbIVOffset = 8; 691 else 692 cbIVOffset = 0; 693 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | 694 skb->data[cbIVOffset + 8 + 24 + 6 + 1]; 695 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1]; 696 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1]; 697 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header 698 if(((Protocol_Version==1) ||(Protocol_Version==2)) && 699 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive 700 bRxeapol_key = TRUE; 701 } 702 } 703 } 704 //mike add:station mode check eapol-key challenge<--- 705 } 706 } 707 708 709// Data frame Handle 710 711 712 if (pDevice->bEnablePSMode) { 713 if (IS_FC_MOREDATA((skb->data+4))) { 714 if (*pbyRsr & RSR_ADDROK) { 715 //PSbSendPSPOLL((PSDevice)pDevice); 716 } 717 } 718 else { 719 if (pDevice->pMgmt->bInTIMWake == TRUE) { 720 pDevice->pMgmt->bInTIMWake = FALSE; 721 } 722 } 723 }; 724 725 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps 726 if (pDevice->bDiversityEnable && (FrameSize>50) && 727 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) && 728 (pDevice->bLinkPass == TRUE)) { 729 //printk("device_receive_frame: RxRate is %d\n",*pbyRxRate); 730 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); 731 } 732 733 734 if (pDevice->byLocalID != REV_ID_VT3253_B1) { 735 pDevice->uCurrRSSI = *pbyRSSI; 736 } 737 pDevice->byCurrSQ = *pbySQ; 738 739 if ((*pbyRSSI != 0) && 740 (pMgmt->pCurrBSS!=NULL)) { 741 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 742 // Moniter if RSSI is too strong. 743 pMgmt->pCurrBSS->byRSSIStatCnt++; 744 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; 745 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; 746 for(ii=0;ii<RSSI_STAT_COUNT;ii++) { 747 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) { 748 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); 749 } 750 } 751 } 752 753 // ----------------------------------------------- 754 755 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){ 756 BYTE abyMacHdr[24]; 757 758 // Only 802.1x packet incoming allowed 759 if (bIsWEP) 760 cbIVOffset = 8; 761 else 762 cbIVOffset = 0; 763 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) | 764 skb->data[cbIVOffset + 4 + 24 + 6 + 1]; 765 766 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType); 767 if (wEtherType == ETH_P_PAE) { 768 skb->dev = pDevice->apdev; 769 770 if (bIsWEP == TRUE) { 771 // strip IV header(8) 772 memcpy(&abyMacHdr[0], (skb->data + 4), 24); 773 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24); 774 } 775 skb->data += (cbIVOffset + 4); 776 skb->tail += (cbIVOffset + 4); 777 skb_put(skb, FrameSize); 778 skb_reset_mac_header(skb); 779 780 skb->pkt_type = PACKET_OTHERHOST; 781 skb->protocol = htons(ETH_P_802_2); 782 memset(skb->cb, 0, sizeof(skb->cb)); 783 netif_rx(skb); 784 return TRUE; 785 786} 787 // check if 802.1x authorized 788 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) 789 return FALSE; 790 } 791 792 793 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 794 if (bIsWEP) { 795 FrameSize -= 8; //MIC 796 } 797 } 798 799 //-------------------------------------------------------------------------------- 800 // Soft MIC 801 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 802 if (bIsWEP) { 803 PDWORD pdwMIC_L; 804 PDWORD pdwMIC_R; 805 DWORD dwMIC_Priority; 806 DWORD dwMICKey0 = 0, dwMICKey1 = 0; 807 DWORD dwLocalMIC_L = 0; 808 DWORD dwLocalMIC_R = 0; 809 viawget_wpa_header *wpahdr; 810 811 812 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 813 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); 814 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); 815 } 816 else { 817 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { 818 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); 819 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); 820 } else if ((pKey->dwKeyIndex & BIT28) == 0) { 821 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); 822 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); 823 } else { 824 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); 825 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); 826 } 827 } 828 829 MIC_vInit(dwMICKey0, dwMICKey1); 830 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); 831 dwMIC_Priority = 0; 832 MIC_vAppend((PBYTE)&dwMIC_Priority, 4); 833 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. 834 MIC_vAppend((PBYTE)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8), 835 FrameSize - WLAN_HDR_ADDR3_LEN - 8); 836 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); 837 MIC_vUnInit(); 838 839 pdwMIC_L = (PDWORD)(skb->data + 4 + FrameSize); 840 pdwMIC_R = (PDWORD)(skb->data + 4 + FrameSize + 4); 841 //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R)); 842 //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R)); 843 //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1); 844 845 846 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || 847 (pDevice->bRxMICFail == TRUE)) { 848 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n"); 849 pDevice->bRxMICFail = FALSE; 850 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; 851 pDevice->s802_11Counter.TKIPLocalMICFailures++; 852 if (bDeFragRx) { 853 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 854 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 855 pDevice->dev->name); 856 } 857 } 858 //2008-0409-07, <Add> by Einsn Liu 859 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT 860 //send event to wpa_supplicant 861 //if(pDevice->bWPADevEnable == TRUE) 862 { 863 union iwreq_data wrqu; 864 struct iw_michaelmicfailure ev; 865 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits 866 memset(&ev, 0, sizeof(ev)); 867 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 868 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 869 (pMgmt->eCurrState == WMAC_STATE_ASSOC) && 870 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 871 ev.flags |= IW_MICFAILURE_PAIRWISE; 872 } else { 873 ev.flags |= IW_MICFAILURE_GROUP; 874 } 875 876 ev.src_addr.sa_family = ARPHRD_ETHER; 877 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); 878 memset(&wrqu, 0, sizeof(wrqu)); 879 wrqu.data.length = sizeof(ev); 880 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); 881 882 } 883 #endif 884 885 886 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) { 887 wpahdr = (viawget_wpa_header *)pDevice->skb->data; 888 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 889 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) && 890 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 891 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR; 892 wpahdr->type = VIAWGET_PTK_MIC_MSG; 893 } else { 894 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR; 895 wpahdr->type = VIAWGET_GTK_MIC_MSG; 896 } 897 wpahdr->resp_ie_len = 0; 898 wpahdr->req_ie_len = 0; 899 skb_put(pDevice->skb, sizeof(viawget_wpa_header)); 900 pDevice->skb->dev = pDevice->wpadev; 901 skb_reset_mac_header(pDevice->skb); 902 pDevice->skb->pkt_type = PACKET_HOST; 903 pDevice->skb->protocol = htons(ETH_P_802_2); 904 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); 905 netif_rx(pDevice->skb); 906 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); 907 }; 908 909 return FALSE; 910 911 } 912 } 913 } //---end of SOFT MIC----------------------------------------------------------------------- 914 915 // ++++++++++ Reply Counter Check +++++++++++++ 916 917 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || 918 (pKey->byCipherSuite == KEY_CTL_CCMP))) { 919 if (bIsWEP) { 920 WORD wLocalTSC15_0 = 0; 921 DWORD dwLocalTSC47_16 = 0; 922 ULONGLONG RSC = 0; 923 // endian issues 924 RSC = *((ULONGLONG *) &(pKey->KeyRSC)); 925 wLocalTSC15_0 = (WORD) RSC; 926 dwLocalTSC47_16 = (DWORD) (RSC>>16); 927 928 RSC = dwRxTSC47_16; 929 RSC <<= 16; 930 RSC += wRxTSC15_0; 931 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD)); 932 933 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && 934 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { 935 // check RSC 936 if ( (wRxTSC15_0 < wLocalTSC15_0) && 937 (dwRxTSC47_16 <= dwLocalTSC47_16) && 938 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { 939 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n "); 940 if (pKey->byCipherSuite == KEY_CTL_TKIP) 941 //pDevice->s802_11Counter.TKIPReplays.QuadPart++; 942 pDevice->s802_11Counter.TKIPReplays++; 943 else 944 //pDevice->s802_11Counter.CCMPReplays.QuadPart++; 945 pDevice->s802_11Counter.CCMPReplays++; 946 947 if (bDeFragRx) { 948 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 949 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 950 pDevice->dev->name); 951 } 952 } 953 return FALSE; 954 } 955 } 956 } 957 } // ----- End of Reply Counter Check -------------------------- 958 959 960 961 if ((pKey != NULL) && (bIsWEP)) { 962// pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++; 963 } 964 965 966 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); 967 FrameSize -= cbHeaderOffset; 968 cbHeaderOffset += 4; // 4 is Rcv buffer header 969 970 // Null data, framesize = 14 971 if (FrameSize < 15) 972 return FALSE; 973 974 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 975 if (s_bAPModeRxData(pDevice, 976 skb, 977 FrameSize, 978 cbHeaderOffset, 979 iSANodeIndex, 980 iDANodeIndex 981 ) == FALSE) { 982 983 if (bDeFragRx) { 984 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 985 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 986 pDevice->dev->name); 987 } 988 } 989 return FALSE; 990 } 991 992// if(pDevice->bRxMICFail == FALSE) { 993// for (ii =0; ii < 100; ii++) 994// printk(" %02x", *(skb->data + ii)); 995// printk("\n"); 996// } 997 998 } 999 1000 skb->data += cbHeaderOffset; 1001 skb->tail += cbHeaderOffset; 1002 skb_put(skb, FrameSize); 1003 skb->protocol=eth_type_trans(skb, skb->dev); 1004 1005 1006 //drop frame not met IEEE 802.3 1007/* 1008 if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) { 1009 if ((skb->protocol==htons(ETH_P_802_3)) && 1010 (skb->len!=htons(skb->mac.ethernet->h_proto))) { 1011 pStats->rx_length_errors++; 1012 pStats->rx_dropped++; 1013 if (bDeFragRx) { 1014 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 1015 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 1016 pDevice->dev->name); 1017 } 1018 } 1019 return FALSE; 1020 } 1021 } 1022*/ 1023 1024 skb->ip_summed=CHECKSUM_NONE; 1025 pStats->rx_bytes +=skb->len; 1026 pStats->rx_packets++; 1027 netif_rx(skb); 1028 1029 if (bDeFragRx) { 1030 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 1031 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 1032 pDevice->dev->name); 1033 } 1034 return FALSE; 1035 } 1036 1037 return TRUE; 1038} 1039 1040 1041static BOOL s_bAPModeRxCtl ( 1042 IN PSDevice pDevice, 1043 IN PBYTE pbyFrame, 1044 IN INT iSANodeIndex 1045 ) 1046{ 1047 PS802_11Header p802_11Header; 1048 CMD_STATUS Status; 1049 PSMgmtObject pMgmt = pDevice->pMgmt; 1050 1051 1052 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 1053 1054 p802_11Header = (PS802_11Header) (pbyFrame); 1055 if (!IS_TYPE_MGMT(pbyFrame)) { 1056 1057 // Data & PS-Poll packet 1058 // check frame class 1059 if (iSANodeIndex > 0) { 1060 // frame class 3 fliter & checking 1061 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { 1062 // send deauth notification 1063 // reason = (6) class 2 received from nonauth sta 1064 vMgrDeAuthenBeginSta(pDevice, 1065 pMgmt, 1066 (PBYTE)(p802_11Header->abyAddr2), 1067 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1068 &Status 1069 ); 1070 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); 1071 return TRUE; 1072 }; 1073 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { 1074 // send deassoc notification 1075 // reason = (7) class 3 received from nonassoc sta 1076 vMgrDisassocBeginSta(pDevice, 1077 pMgmt, 1078 (PBYTE)(p802_11Header->abyAddr2), 1079 (WLAN_MGMT_REASON_CLASS3_NONASSOC), 1080 &Status 1081 ); 1082 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); 1083 return TRUE; 1084 }; 1085 1086 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { 1087 // delcare received ps-poll event 1088 if (IS_CTL_PSPOLL(pbyFrame)) { 1089 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1090 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1091 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); 1092 } 1093 else { 1094 // check Data PS state 1095 // if PW bit off, send out all PS bufferring packets. 1096 if (!IS_FC_POWERMGT(pbyFrame)) { 1097 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; 1098 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1099 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1100 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); 1101 } 1102 } 1103 } 1104 else { 1105 if (IS_FC_POWERMGT(pbyFrame)) { 1106 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE; 1107 // Once if STA in PS state, enable multicast bufferring 1108 pMgmt->sNodeDBTable[0].bPSEnable = TRUE; 1109 } 1110 else { 1111 // clear all pending PS frame. 1112 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { 1113 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; 1114 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1115 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1116 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); 1117 1118 } 1119 } 1120 } 1121 } 1122 else { 1123 vMgrDeAuthenBeginSta(pDevice, 1124 pMgmt, 1125 (PBYTE)(p802_11Header->abyAddr2), 1126 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1127 &Status 1128 ); 1129 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); 1130 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n", 1131 p802_11Header->abyAddr3[0], 1132 p802_11Header->abyAddr3[1], 1133 p802_11Header->abyAddr3[2], 1134 p802_11Header->abyAddr3[3], 1135 p802_11Header->abyAddr3[4], 1136 p802_11Header->abyAddr3[5] 1137 ); 1138 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n", 1139 p802_11Header->abyAddr2[0], 1140 p802_11Header->abyAddr2[1], 1141 p802_11Header->abyAddr2[2], 1142 p802_11Header->abyAddr2[3], 1143 p802_11Header->abyAddr2[4], 1144 p802_11Header->abyAddr2[5] 1145 ); 1146 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n", 1147 p802_11Header->abyAddr1[0], 1148 p802_11Header->abyAddr1[1], 1149 p802_11Header->abyAddr1[2], 1150 p802_11Header->abyAddr1[3], 1151 p802_11Header->abyAddr1[4], 1152 p802_11Header->abyAddr1[5] 1153 ); 1154 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl ); 1155 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode)); 1156 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode ); 1157 return TRUE; 1158 } 1159 } 1160 } 1161 return FALSE; 1162 1163} 1164 1165static BOOL s_bHandleRxEncryption ( 1166 IN PSDevice pDevice, 1167 IN PBYTE pbyFrame, 1168 IN UINT FrameSize, 1169 IN PBYTE pbyRsr, 1170 OUT PBYTE pbyNewRsr, 1171 OUT PSKeyItem *pKeyOut, 1172 int * pbExtIV, 1173 OUT PWORD pwRxTSC15_0, 1174 OUT PDWORD pdwRxTSC47_16 1175 ) 1176{ 1177 UINT PayloadLen = FrameSize; 1178 PBYTE pbyIV; 1179 BYTE byKeyIdx; 1180 PSKeyItem pKey = NULL; 1181 BYTE byDecMode = KEY_CTL_WEP; 1182 PSMgmtObject pMgmt = pDevice->pMgmt; 1183 1184 1185 *pwRxTSC15_0 = 0; 1186 *pdwRxTSC47_16 = 0; 1187 1188 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1189 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && 1190 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { 1191 pbyIV += 6; // 6 is 802.11 address4 1192 PayloadLen -= 6; 1193 } 1194 byKeyIdx = (*(pbyIV+3) & 0xc0); 1195 byKeyIdx >>= 6; 1196 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); 1197 1198 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 1199 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 1200 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 1201 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 1202 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 1203 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && 1204 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) { 1205 // unicast pkt use pairwise key 1206 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n"); 1207 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) { 1208 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP) 1209 byDecMode = KEY_CTL_TKIP; 1210 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP) 1211 byDecMode = KEY_CTL_CCMP; 1212 } 1213 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey); 1214 } else { 1215 // use group key 1216 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); 1217 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1218 byDecMode = KEY_CTL_TKIP; 1219 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1220 byDecMode = KEY_CTL_CCMP; 1221 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); 1222 } 1223 } 1224 // our WEP only support Default Key 1225 if (pKey == NULL) { 1226 // use default group key 1227 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); 1228 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1229 byDecMode = KEY_CTL_TKIP; 1230 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1231 byDecMode = KEY_CTL_CCMP; 1232 } 1233 *pKeyOut = pKey; 1234 1235 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1236 1237 if (pKey == NULL) { 1238 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n"); 1239 if (byDecMode == KEY_CTL_WEP) { 1240// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1241 } else if (pDevice->bLinkPass == TRUE) { 1242// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1243 } 1244 return FALSE; 1245 } 1246 if (byDecMode != pKey->byCipherSuite) { 1247 if (byDecMode == KEY_CTL_WEP) { 1248// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1249 } else if (pDevice->bLinkPass == TRUE) { 1250// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1251 } 1252 *pKeyOut = NULL; 1253 return FALSE; 1254 } 1255 if (byDecMode == KEY_CTL_WEP) { 1256 // handle WEP 1257 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1258 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) { 1259 // Software WEP 1260 // 1. 3253A 1261 // 2. WEP 256 1262 1263 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1264 memcpy(pDevice->abyPRNG, pbyIV, 3); 1265 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1266 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1267 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1268 1269 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1270 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1271 } 1272 } 1273 } else if ((byDecMode == KEY_CTL_TKIP) || 1274 (byDecMode == KEY_CTL_CCMP)) { 1275 // TKIP/AES 1276 1277 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1278 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); 1279 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); 1280 if (byDecMode == KEY_CTL_TKIP) { 1281 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1282 } else { 1283 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); 1284 } 1285 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); 1286 1287 if ((byDecMode == KEY_CTL_TKIP) && 1288 (pDevice->byLocalID <= REV_ID_VT3253_A1)) { 1289 // Software TKIP 1290 // 1. 3253 A 1291 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame); 1292 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1293 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1294 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1295 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1296 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1297 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); 1298 } else { 1299 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); 1300 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); 1301 } 1302 } 1303 }// end of TKIP/AES 1304 1305 if ((*(pbyIV+3) & 0x20) != 0) 1306 *pbExtIV = TRUE; 1307 return TRUE; 1308} 1309 1310 1311static BOOL s_bHostWepRxEncryption ( 1312 IN PSDevice pDevice, 1313 IN PBYTE pbyFrame, 1314 IN UINT FrameSize, 1315 IN PBYTE pbyRsr, 1316 IN BOOL bOnFly, 1317 IN PSKeyItem pKey, 1318 OUT PBYTE pbyNewRsr, 1319 int * pbExtIV, 1320 OUT PWORD pwRxTSC15_0, 1321 OUT PDWORD pdwRxTSC47_16 1322 ) 1323{ 1324 UINT PayloadLen = FrameSize; 1325 PBYTE pbyIV; 1326 BYTE byKeyIdx; 1327 BYTE byDecMode = KEY_CTL_WEP; 1328 PS802_11Header pMACHeader; 1329 1330 1331 1332 *pwRxTSC15_0 = 0; 1333 *pdwRxTSC47_16 = 0; 1334 1335 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1336 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && 1337 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { 1338 pbyIV += 6; // 6 is 802.11 address4 1339 PayloadLen -= 6; 1340 } 1341 byKeyIdx = (*(pbyIV+3) & 0xc0); 1342 byKeyIdx >>= 6; 1343 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); 1344 1345 1346 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1347 byDecMode = KEY_CTL_TKIP; 1348 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1349 byDecMode = KEY_CTL_CCMP; 1350 1351 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1352 1353 if (byDecMode != pKey->byCipherSuite) { 1354 if (byDecMode == KEY_CTL_WEP) { 1355// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1356 } else if (pDevice->bLinkPass == TRUE) { 1357// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1358 } 1359 return FALSE; 1360 } 1361 1362 if (byDecMode == KEY_CTL_WEP) { 1363 // handle WEP 1364 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n"); 1365 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1366 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) || 1367 (bOnFly == FALSE)) { 1368 // Software WEP 1369 // 1. 3253A 1370 // 2. WEP 256 1371 // 3. NotOnFly 1372 1373 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1374 memcpy(pDevice->abyPRNG, pbyIV, 3); 1375 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1376 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1377 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1378 1379 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1380 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1381 } 1382 } 1383 } else if ((byDecMode == KEY_CTL_TKIP) || 1384 (byDecMode == KEY_CTL_CCMP)) { 1385 // TKIP/AES 1386 1387 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1388 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); 1389 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); 1390 1391 if (byDecMode == KEY_CTL_TKIP) { 1392 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1393 } else { 1394 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); 1395 } 1396 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); 1397 1398 if (byDecMode == KEY_CTL_TKIP) { 1399 1400 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) { 1401 // Software TKIP 1402 // 1. 3253 A 1403 // 2. NotOnFly 1404 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n"); 1405 pMACHeader = (PS802_11Header) (pbyFrame); 1406 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1407 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1408 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1409 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1410 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1411 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); 1412 } else { 1413 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); 1414 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); 1415 } 1416 } 1417 } 1418 1419 if (byDecMode == KEY_CTL_CCMP) { 1420 if (bOnFly == FALSE) { 1421 // Software CCMP 1422 // NotOnFly 1423 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n"); 1424 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) { 1425 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1426 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n"); 1427 } else { 1428 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n"); 1429 } 1430 } 1431 } 1432 1433 }// end of TKIP/AES 1434 1435 if ((*(pbyIV+3) & 0x20) != 0) 1436 *pbExtIV = TRUE; 1437 return TRUE; 1438} 1439 1440 1441 1442static BOOL s_bAPModeRxData ( 1443 IN PSDevice pDevice, 1444 IN struct sk_buff* skb, 1445 IN UINT FrameSize, 1446 IN UINT cbHeaderOffset, 1447 IN INT iSANodeIndex, 1448 IN INT iDANodeIndex 1449 ) 1450{ 1451 PSMgmtObject pMgmt = pDevice->pMgmt; 1452 BOOL bRelayAndForward = FALSE; 1453 BOOL bRelayOnly = FALSE; 1454 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80}; 1455 WORD wAID; 1456 1457 1458 struct sk_buff* skbcpy = NULL; 1459 1460 if (FrameSize > CB_MAX_BUF_SIZE) 1461 return FALSE; 1462 // check DA 1463 if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) { 1464 if (pMgmt->sNodeDBTable[0].bPSEnable) { 1465 1466 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz); 1467 1468 // if any node in PS mode, buffer packet until DTIM. 1469 if (skbcpy == NULL) { 1470 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n"); 1471 } 1472 else { 1473 skbcpy->dev = pDevice->dev; 1474 skbcpy->len = FrameSize; 1475 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize); 1476 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy); 1477 1478 pMgmt->sNodeDBTable[0].wEnQueueCnt++; 1479 // set tx map 1480 pMgmt->abyPSTxMap[0] |= byMask[0]; 1481 } 1482 } 1483 else { 1484 bRelayAndForward = TRUE; 1485 } 1486 } 1487 else { 1488 // check if relay 1489 if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) { 1490 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) { 1491 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) { 1492 // queue this skb until next PS tx, and then release. 1493 1494 skb->data += cbHeaderOffset; 1495 skb->tail += cbHeaderOffset; 1496 skb_put(skb, FrameSize); 1497 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb); 1498 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++; 1499 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID; 1500 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7]; 1501 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n", 1502 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]); 1503 return TRUE; 1504 } 1505 else { 1506 bRelayOnly = TRUE; 1507 } 1508 } 1509 }; 1510 } 1511 1512 if (bRelayOnly || bRelayAndForward) { 1513 // relay this packet right now 1514 if (bRelayAndForward) 1515 iDANodeIndex = 0; 1516 1517 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) { 1518 ROUTEbRelay(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex); 1519 } 1520 1521 if (bRelayOnly) 1522 return FALSE; 1523 } 1524 // none associate, don't forward 1525 if (pDevice->uAssocCount == 0) 1526 return FALSE; 1527 1528 return TRUE; 1529} 1530 1531