dpc.c revision f2046f93db0918f99875853772142143590ba0c6
1/* 2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. 3 * All rights reserved. 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License along 16 * with this program; if not, write to the Free Software Foundation, Inc., 17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * File: dpc.c 20 * 21 * Purpose: handle dpc rx functions 22 * 23 * Author: Lyndon Chen 24 * 25 * Date: May 20, 2003 26 * 27 * Functions: 28 * device_receive_frame - Rcv 802.11 frame function 29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl. 30 * s_bAPModeRxData- AP Rcv data frame handle 31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly 32 * s_bHostWepRxEncryption- Rcv encrypted data via host 33 * s_byGetRateIdx- get rate index 34 * s_vGetDASA- get data offset 35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 36 * 37 * Revision History: 38 * 39 */ 40 41#include "device.h" 42#include "rxtx.h" 43#include "tether.h" 44#include "card.h" 45#include "bssdb.h" 46#include "mac.h" 47#include "baseband.h" 48#include "michael.h" 49#include "tkip.h" 50#include "tcrc.h" 51#include "wctl.h" 52#include "wroute.h" 53#include "hostap.h" 54#include "rf.h" 55#include "iowpa.h" 56#include "aes_ccmp.h" 57 58 59 60/*--------------------- Static Definitions -------------------------*/ 61 62/*--------------------- Static Classes ----------------------------*/ 63 64/*--------------------- Static Variables --------------------------*/ 65//static int msglevel =MSG_LEVEL_DEBUG; 66static int msglevel = MSG_LEVEL_INFO; 67 68const unsigned char acbyRxRate[MAX_RATE] = 69{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; 70 71 72/*--------------------- Static Functions --------------------------*/ 73 74/*--------------------- Static Definitions -------------------------*/ 75 76/*--------------------- Static Functions --------------------------*/ 77 78static unsigned char s_byGetRateIdx(unsigned char byRate); 79 80 81static void 82s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize, 83 PSEthernetHeader psEthHeader); 84 85static void 86s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr, 87 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV, 88 unsigned int *pcbHeadSize); 89 90static bool s_bAPModeRxCtl( 91 PSDevice pDevice, 92 unsigned char *pbyFrame, 93 int iSANodeIndex 94); 95 96 97 98static bool s_bAPModeRxData( 99 PSDevice pDevice, 100 struct sk_buff *skb, 101 unsigned int FrameSize, 102 unsigned int cbHeaderOffset, 103 int iSANodeIndex, 104 int iDANodeIndex 105); 106 107 108static bool s_bHandleRxEncryption( 109 PSDevice pDevice, 110 unsigned char *pbyFrame, 111 unsigned int FrameSize, 112 unsigned char *pbyRsr, 113 unsigned char *pbyNewRsr, 114 PSKeyItem *pKeyOut, 115 bool *pbExtIV, 116 unsigned short *pwRxTSC15_0, 117 unsigned long *pdwRxTSC47_16 118); 119 120static bool s_bHostWepRxEncryption( 121 122 PSDevice pDevice, 123 unsigned char *pbyFrame, 124 unsigned int FrameSize, 125 unsigned char *pbyRsr, 126 bool bOnFly, 127 PSKeyItem pKey, 128 unsigned char *pbyNewRsr, 129 bool *pbExtIV, 130 unsigned short *pwRxTSC15_0, 131 unsigned long *pdwRxTSC47_16 132 133); 134 135/*--------------------- Export Variables --------------------------*/ 136 137/*+ 138 * 139 * Description: 140 * Translate Rcv 802.11 header to 802.3 header with Rx buffer 141 * 142 * Parameters: 143 * In: 144 * pDevice 145 * dwRxBufferAddr - Address of Rcv Buffer 146 * cbPacketSize - Rcv Packet size 147 * bIsWEP - If Rcv with WEP 148 * Out: 149 * pcbHeaderSize - 802.11 header size 150 * 151 * Return Value: None 152 * 153 -*/ 154static void 155s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr, 156 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV, 157 unsigned int *pcbHeadSize) 158{ 159 unsigned char *pbyRxBuffer; 160 unsigned int cbHeaderSize = 0; 161 unsigned short *pwType; 162 PS802_11Header pMACHeader; 163 int ii; 164 165 166 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 167 168 s_vGetDASA((unsigned char *)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); 169 170 if (bIsWEP) { 171 if (bExtIV) { 172 // strip IV&ExtIV , add 8 byte 173 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); 174 } else { 175 // strip IV , add 4 byte 176 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); 177 } 178 } 179 else { 180 cbHeaderSize += WLAN_HDR_ADDR3_LEN; 181 }; 182 183 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize); 184 if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) { 185 cbHeaderSize += 6; 186 } 187 else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) { 188 cbHeaderSize += 6; 189 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 190 if ((*pwType != TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) { 191 } 192 else { 193 cbHeaderSize -= 8; 194 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 195 if (bIsWEP) { 196 if (bExtIV) { 197 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 198 } else { 199 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 200 } 201 } 202 else { 203 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 204 } 205 } 206 } 207 else { 208 cbHeaderSize -= 2; 209 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 210 if (bIsWEP) { 211 if (bExtIV) { 212 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 213 } else { 214 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 215 } 216 } 217 else { 218 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 219 } 220 } 221 222 cbHeaderSize -= (ETH_ALEN * 2); 223 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize); 224 for (ii = 0; ii < ETH_ALEN; ii++) 225 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; 226 for (ii = 0; ii < ETH_ALEN; ii++) 227 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; 228 229 *pcbHeadSize = cbHeaderSize; 230} 231 232 233 234 235static unsigned char s_byGetRateIdx(unsigned char byRate) 236{ 237 unsigned char byRateIdx; 238 239 for (byRateIdx = 0; byRateIdx < MAX_RATE; byRateIdx++) { 240 if (acbyRxRate[byRateIdx % MAX_RATE] == byRate) 241 return byRateIdx; 242 } 243 return 0; 244} 245 246 247static void 248s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize, 249 PSEthernetHeader psEthHeader) 250{ 251 unsigned int cbHeaderSize = 0; 252 PS802_11Header pMACHeader; 253 int ii; 254 255 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 256 257 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { 258 if (pMACHeader->wFrameCtl & FC_FROMDS) { 259 for (ii = 0; ii < ETH_ALEN; ii++) { 260 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 261 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii]; 262 } 263 } 264 else { 265 // IBSS mode 266 for (ii = 0; ii < ETH_ALEN; ii++) { 267 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 268 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 269 } 270 } 271 } 272 else { 273 // Is AP mode.. 274 if (pMACHeader->wFrameCtl & FC_FROMDS) { 275 for (ii = 0; ii < ETH_ALEN; ii++) { 276 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 277 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii]; 278 cbHeaderSize += 6; 279 } 280 } 281 else { 282 for (ii = 0; ii < ETH_ALEN; ii++) { 283 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 284 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 285 } 286 } 287 }; 288 *pcbHeaderSize = cbHeaderSize; 289} 290 291 292 293 294//PLICE_DEBUG -> 295 296void MngWorkItem(void *Context) 297{ 298 PSRxMgmtPacket pRxMgmtPacket; 299 PSDevice pDevice = (PSDevice) Context; 300 301 spin_lock_irq(&pDevice->lock); 302 while (pDevice->rxManeQueue.packet_num != 0) 303 { 304 pRxMgmtPacket = DeQueue(pDevice); 305 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket); 306 } 307 spin_unlock_irq(&pDevice->lock); 308} 309 310 311//PLICE_DEBUG<- 312 313 314 315bool 316device_receive_frame( 317 PSDevice pDevice, 318 PSRxDesc pCurrRD 319) 320{ 321 322 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo; 323 struct net_device_stats *pStats = &pDevice->stats; 324 struct sk_buff *skb; 325 PSMgmtObject pMgmt = pDevice->pMgmt; 326 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket); 327 PS802_11Header p802_11Header; 328 unsigned char *pbyRsr; 329 unsigned char *pbyNewRsr; 330 unsigned char *pbyRSSI; 331 PQWORD pqwTSFTime; 332 unsigned short *pwFrameSize; 333 unsigned char *pbyFrame; 334 bool bDeFragRx = false; 335 bool bIsWEP = false; 336 unsigned int cbHeaderOffset; 337 unsigned int FrameSize; 338 unsigned short wEtherType = 0; 339 int iSANodeIndex = -1; 340 int iDANodeIndex = -1; 341 unsigned int ii; 342 unsigned int cbIVOffset; 343 bool bExtIV = false; 344 unsigned char *pbyRxSts; 345 unsigned char *pbyRxRate; 346 unsigned char *pbySQ; 347 unsigned int cbHeaderSize; 348 PSKeyItem pKey = NULL; 349 unsigned short wRxTSC15_0 = 0; 350 unsigned long dwRxTSC47_16 = 0; 351 SKeyItem STempKey; 352 // 802.11h RPI 353 unsigned long dwDuration = 0; 354 long ldBm = 0; 355 long ldBmThreshold = 0; 356 PS802_11Header pMACHeader; 357 bool bRxeapol_key = false; 358 359// DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- device_receive_frame---\n"); 360 361 skb = pRDInfo->skb; 362 363 364//PLICE_DEBUG-> 365#if 1 366 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma, 367 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE); 368#endif 369//PLICE_DEBUG<- 370 pwFrameSize = (unsigned short *)(skb->data + 2); 371 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount); 372 373 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 374 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 375 if ((FrameSize > 2364) || (FrameSize <= 32)) { 376 // Frame Size error drop this packet. 377 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 1 \n"); 378 return false; 379 } 380 381 pbyRxSts = (unsigned char *)(skb->data); 382 pbyRxRate = (unsigned char *)(skb->data + 1); 383 pbyRsr = (unsigned char *)(skb->data + FrameSize - 1); 384 pbyRSSI = (unsigned char *)(skb->data + FrameSize - 2); 385 pbyNewRsr = (unsigned char *)(skb->data + FrameSize - 3); 386 pbySQ = (unsigned char *)(skb->data + FrameSize - 4); 387 pqwTSFTime = (PQWORD)(skb->data + FrameSize - 12); 388 pbyFrame = (unsigned char *)(skb->data + 4); 389 390 // get packet size 391 FrameSize = cpu_to_le16(*pwFrameSize); 392 393 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC 394 // Min: 14 bytes ACK 395 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2 \n"); 396 return false; 397 } 398//PLICE_DEBUG-> 399#if 1 400 // update receive statistic counter 401 STAvUpdateRDStatCounter(&pDevice->scStatistic, 402 *pbyRsr, 403 *pbyNewRsr, 404 *pbyRxRate, 405 pbyFrame, 406 FrameSize); 407 408#endif 409 410 pMACHeader = (PS802_11Header)((unsigned char *)(skb->data) + 8); 411//PLICE_DEBUG<- 412 if (pDevice->bMeasureInProgress == true) { 413 if ((*pbyRsr & RSR_CRCOK) != 0) { 414 pDevice->byBasicMap |= 0x01; 415 } 416 dwDuration = (FrameSize << 4); 417 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE]; 418 if (*pbyRxRate <= RATE_11M) { 419 if (*pbyRxSts & 0x01) { 420 // long preamble 421 dwDuration += 192; 422 } else { 423 // short preamble 424 dwDuration += 96; 425 } 426 } else { 427 dwDuration += 16; 428 } 429 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 430 ldBmThreshold = -57; 431 for (ii = 7; ii > 0;) { 432 if (ldBm > ldBmThreshold) { 433 break; 434 } 435 ldBmThreshold -= 5; 436 ii--; 437 } 438 pDevice->dwRPIs[ii] += dwDuration; 439 return false; 440 } 441 442 if (!is_multicast_ether_addr(pbyFrame)) { 443 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header)(skb->data + 4))) { 444 pDevice->s802_11Counter.FrameDuplicateCount++; 445 return false; 446 } 447 } 448 449 450 // Use for TKIP MIC 451 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader); 452 453 // filter packet send from myself 454 if (!compare_ether_addr((unsigned char *)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr)) 455 return false; 456 457 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { 458 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 459 p802_11Header = (PS802_11Header)(pbyFrame); 460 // get SA NodeIndex 461 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(p802_11Header->abyAddr2), &iSANodeIndex)) { 462 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; 463 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; 464 } 465 } 466 } 467 468 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 469 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == true) { 470 return false; 471 } 472 } 473 474 475 if (IS_FC_WEP(pbyFrame)) { 476 bool bRxDecryOK = false; 477 478 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx WEP pkt\n"); 479 bIsWEP = true; 480 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { 481 pKey = &STempKey; 482 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; 483 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; 484 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; 485 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; 486 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; 487 memcpy(pKey->abyKey, 488 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], 489 pKey->uKeyLength 490); 491 492 bRxDecryOK = s_bHostWepRxEncryption(pDevice, 493 pbyFrame, 494 FrameSize, 495 pbyRsr, 496 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, 497 pKey, 498 pbyNewRsr, 499 &bExtIV, 500 &wRxTSC15_0, 501 &dwRxTSC47_16); 502 } else { 503 bRxDecryOK = s_bHandleRxEncryption(pDevice, 504 pbyFrame, 505 FrameSize, 506 pbyRsr, 507 pbyNewRsr, 508 &pKey, 509 &bExtIV, 510 &wRxTSC15_0, 511 &dwRxTSC47_16); 512 } 513 514 if (bRxDecryOK) { 515 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { 516 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV Fail\n"); 517 if ((pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 518 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 519 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 520 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 521 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 522 523 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 524 pDevice->s802_11Counter.TKIPICVErrors++; 525 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) { 526 pDevice->s802_11Counter.CCMPDecryptErrors++; 527 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) { 528// pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++; 529 } 530 } 531 return false; 532 } 533 } else { 534 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "WEP Func Fail\n"); 535 return false; 536 } 537 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) 538 FrameSize -= 8; // Message Integrity Code 539 else 540 FrameSize -= 4; // 4 is ICV 541 } 542 543 544 // 545 // RX OK 546 // 547 //remove the CRC length 548 FrameSize -= ETH_FCS_LEN; 549 550 if ((!(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address 551 (IS_FRAGMENT_PKT((skb->data+4))) 552) { 553 // defragment 554 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header)(skb->data+4), FrameSize, bIsWEP, bExtIV); 555 pDevice->s802_11Counter.ReceivedFragmentCount++; 556 if (bDeFragRx) { 557 // defrag complete 558 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; 559 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; 560 561 } 562 else { 563 return false; 564 } 565 } 566 567 568// Management & Control frame Handle 569 if ((IS_TYPE_DATA((skb->data+4))) == false) { 570 // Handle Control & Manage Frame 571 572 if (IS_TYPE_MGMT((skb->data+4))) { 573 unsigned char *pbyData1; 574 unsigned char *pbyData2; 575 576 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4); 577 pRxPacket->cbMPDULen = FrameSize; 578 pRxPacket->uRSSI = *pbyRSSI; 579 pRxPacket->bySQ = *pbySQ; 580 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime)); 581 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime)); 582 if (bIsWEP) { 583 // strip IV 584 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4); 585 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4; 586 for (ii = 0; ii < (FrameSize - 4); ii++) { 587 *pbyData1 = *pbyData2; 588 pbyData1++; 589 pbyData2++; 590 } 591 } 592 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); 593 pRxPacket->byRxChannel = (*pbyRxSts) >> 2; 594//PLICE_DEBUG-> 595//EnQueue(pDevice,pRxPacket); 596 597#ifdef THREAD 598 EnQueue(pDevice, pRxPacket); 599 600 //up(&pDevice->mlme_semaphore); 601 //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt); 602#else 603 604#ifdef TASK_LET 605 EnQueue(pDevice, pRxPacket); 606 tasklet_schedule(&pDevice->RxMngWorkItem); 607#else 608 vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 609 //tasklet_schedule(&pDevice->RxMngWorkItem); 610#endif 611 612#endif 613//PLICE_DEBUG<- 614 //vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 615 // hostap Deamon handle 802.11 management 616 if (pDevice->bEnableHostapd) { 617 skb->dev = pDevice->apdev; 618 skb->data += 4; 619 skb->tail += 4; 620 skb_put(skb, FrameSize); 621 skb_reset_mac_header(skb); 622 skb->pkt_type = PACKET_OTHERHOST; 623 skb->protocol = htons(ETH_P_802_2); 624 memset(skb->cb, 0, sizeof(skb->cb)); 625 netif_rx(skb); 626 return true; 627 } 628 } 629 else { 630 // Control Frame 631 }; 632 return false; 633 } 634 else { 635 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 636 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. 637 if (!(*pbyRsr & RSR_BSSIDOK)) { 638 if (bDeFragRx) { 639 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 640 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 641 pDevice->dev->name); 642 } 643 } 644 return false; 645 } 646 } 647 else { 648 // discard DATA packet while not associate || BSSID error 649 if ((pDevice->bLinkPass == false) || 650 !(*pbyRsr & RSR_BSSIDOK)) { 651 if (bDeFragRx) { 652 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 653 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 654 pDevice->dev->name); 655 } 656 } 657 return false; 658 } 659 //mike add:station mode check eapol-key challenge---> 660 { 661 unsigned char Protocol_Version; //802.1x Authentication 662 unsigned char Packet_Type; //802.1x Authentication 663 if (bIsWEP) 664 cbIVOffset = 8; 665 else 666 cbIVOffset = 0; 667 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | 668 skb->data[cbIVOffset + 8 + 24 + 6 + 1]; 669 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1]; 670 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1 + 1]; 671 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header 672 if (((Protocol_Version == 1) || (Protocol_Version == 2)) && 673 (Packet_Type == 3)) { //802.1x OR eapol-key challenge frame receive 674 bRxeapol_key = true; 675 } 676 } 677 } 678 //mike add:station mode check eapol-key challenge<--- 679 } 680 } 681 682 683// Data frame Handle 684 685 686 if (pDevice->bEnablePSMode) { 687 if (IS_FC_MOREDATA((skb->data+4))) { 688 if (*pbyRsr & RSR_ADDROK) { 689 //PSbSendPSPOLL((PSDevice)pDevice); 690 } 691 } 692 else { 693 if (pDevice->pMgmt->bInTIMWake == true) { 694 pDevice->pMgmt->bInTIMWake = false; 695 } 696 } 697 } 698 699 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps 700 if (pDevice->bDiversityEnable && (FrameSize > 50) && 701 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) && 702 (pDevice->bLinkPass == true)) { 703 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); 704 } 705 706 707 if (pDevice->byLocalID != REV_ID_VT3253_B1) { 708 pDevice->uCurrRSSI = *pbyRSSI; 709 } 710 pDevice->byCurrSQ = *pbySQ; 711 712 if ((*pbyRSSI != 0) && 713 (pMgmt->pCurrBSS != NULL)) { 714 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 715 // Monitor if RSSI is too strong. 716 pMgmt->pCurrBSS->byRSSIStatCnt++; 717 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; 718 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; 719 for (ii = 0; ii < RSSI_STAT_COUNT; ii++) { 720 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) { 721 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); 722 } 723 } 724 } 725 726 // ----------------------------------------------- 727 728 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == true)) { 729 unsigned char abyMacHdr[24]; 730 731 // Only 802.1x packet incoming allowed 732 if (bIsWEP) 733 cbIVOffset = 8; 734 else 735 cbIVOffset = 0; 736 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) | 737 skb->data[cbIVOffset + 4 + 24 + 6 + 1]; 738 739 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wEtherType = %04x \n", wEtherType); 740 if (wEtherType == ETH_P_PAE) { 741 skb->dev = pDevice->apdev; 742 743 if (bIsWEP == true) { 744 // strip IV header(8) 745 memcpy(&abyMacHdr[0], (skb->data + 4), 24); 746 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24); 747 } 748 skb->data += (cbIVOffset + 4); 749 skb->tail += (cbIVOffset + 4); 750 skb_put(skb, FrameSize); 751 skb_reset_mac_header(skb); 752 753 skb->pkt_type = PACKET_OTHERHOST; 754 skb->protocol = htons(ETH_P_802_2); 755 memset(skb->cb, 0, sizeof(skb->cb)); 756 netif_rx(skb); 757 return true; 758 759 } 760 // check if 802.1x authorized 761 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) 762 return false; 763 } 764 765 766 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 767 if (bIsWEP) { 768 FrameSize -= 8; //MIC 769 } 770 } 771 772 //-------------------------------------------------------------------------------- 773 // Soft MIC 774 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 775 if (bIsWEP) { 776 unsigned long *pdwMIC_L; 777 unsigned long *pdwMIC_R; 778 unsigned long dwMIC_Priority; 779 unsigned long dwMICKey0 = 0, dwMICKey1 = 0; 780 unsigned long dwLocalMIC_L = 0; 781 unsigned long dwLocalMIC_R = 0; 782 viawget_wpa_header *wpahdr; 783 784 785 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 786 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[24])); 787 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[28])); 788 } 789 else { 790 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { 791 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[16])); 792 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[20])); 793 } else if ((pKey->dwKeyIndex & BIT28) == 0) { 794 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[16])); 795 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[20])); 796 } else { 797 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[24])); 798 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[28])); 799 } 800 } 801 802 MIC_vInit(dwMICKey0, dwMICKey1); 803 MIC_vAppend((unsigned char *)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); 804 dwMIC_Priority = 0; 805 MIC_vAppend((unsigned char *)&dwMIC_Priority, 4); 806 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. 807 MIC_vAppend((unsigned char *)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8), 808 FrameSize - WLAN_HDR_ADDR3_LEN - 8); 809 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); 810 MIC_vUnInit(); 811 812 pdwMIC_L = (unsigned long *)(skb->data + 4 + FrameSize); 813 pdwMIC_R = (unsigned long *)(skb->data + 4 + FrameSize + 4); 814 //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R)); 815 //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R)); 816 //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1); 817 818 819 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || 820 (pDevice->bRxMICFail == true)) { 821 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "MIC comparison is fail!\n"); 822 pDevice->bRxMICFail = false; 823 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; 824 pDevice->s802_11Counter.TKIPLocalMICFailures++; 825 if (bDeFragRx) { 826 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 827 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 828 pDevice->dev->name); 829 } 830 } 831 //2008-0409-07, <Add> by Einsn Liu 832#ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT 833 //send event to wpa_supplicant 834 //if (pDevice->bWPADevEnable == true) 835 { 836 union iwreq_data wrqu; 837 struct iw_michaelmicfailure ev; 838 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits 839 memset(&ev, 0, sizeof(ev)); 840 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 841 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 842 (pMgmt->eCurrState == WMAC_STATE_ASSOC) && 843 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 844 ev.flags |= IW_MICFAILURE_PAIRWISE; 845 } else { 846 ev.flags |= IW_MICFAILURE_GROUP; 847 } 848 849 ev.src_addr.sa_family = ARPHRD_ETHER; 850 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); 851 memset(&wrqu, 0, sizeof(wrqu)); 852 wrqu.data.length = sizeof(ev); 853 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); 854 855 } 856#endif 857 858 859 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) { 860 wpahdr = (viawget_wpa_header *)pDevice->skb->data; 861 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 862 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) && 863 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 864 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR; 865 wpahdr->type = VIAWGET_PTK_MIC_MSG; 866 } else { 867 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR; 868 wpahdr->type = VIAWGET_GTK_MIC_MSG; 869 } 870 wpahdr->resp_ie_len = 0; 871 wpahdr->req_ie_len = 0; 872 skb_put(pDevice->skb, sizeof(viawget_wpa_header)); 873 pDevice->skb->dev = pDevice->wpadev; 874 skb_reset_mac_header(pDevice->skb); 875 pDevice->skb->pkt_type = PACKET_HOST; 876 pDevice->skb->protocol = htons(ETH_P_802_2); 877 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); 878 netif_rx(pDevice->skb); 879 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); 880 } 881 882 return false; 883 884 } 885 } 886 } //---end of SOFT MIC----------------------------------------------------------------------- 887 888 // ++++++++++ Reply Counter Check +++++++++++++ 889 890 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || 891 (pKey->byCipherSuite == KEY_CTL_CCMP))) { 892 if (bIsWEP) { 893 unsigned short wLocalTSC15_0 = 0; 894 unsigned long dwLocalTSC47_16 = 0; 895 unsigned long long RSC = 0; 896 // endian issues 897 RSC = *((unsigned long long *)&(pKey->KeyRSC)); 898 wLocalTSC15_0 = (unsigned short)RSC; 899 dwLocalTSC47_16 = (unsigned long)(RSC>>16); 900 901 RSC = dwRxTSC47_16; 902 RSC <<= 16; 903 RSC += wRxTSC15_0; 904 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD)); 905 906 if ((pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && 907 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { 908 // check RSC 909 if ((wRxTSC15_0 < wLocalTSC15_0) && 910 (dwRxTSC47_16 <= dwLocalTSC47_16) && 911 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { 912 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC is illegal~~!\n "); 913 if (pKey->byCipherSuite == KEY_CTL_TKIP) 914 //pDevice->s802_11Counter.TKIPReplays.QuadPart++; 915 pDevice->s802_11Counter.TKIPReplays++; 916 else 917 //pDevice->s802_11Counter.CCMPReplays.QuadPart++; 918 pDevice->s802_11Counter.CCMPReplays++; 919 920 if (bDeFragRx) { 921 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 922 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 923 pDevice->dev->name); 924 } 925 } 926 return false; 927 } 928 } 929 } 930 } // ----- End of Reply Counter Check -------------------------- 931 932 933 934 if ((pKey != NULL) && (bIsWEP)) { 935// pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++; 936 } 937 938 939 s_vProcessRxMACHeader(pDevice, (unsigned char *)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); 940 FrameSize -= cbHeaderOffset; 941 cbHeaderOffset += 4; // 4 is Rcv buffer header 942 943 // Null data, framesize = 14 944 if (FrameSize < 15) 945 return false; 946 947 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 948 if (s_bAPModeRxData(pDevice, 949 skb, 950 FrameSize, 951 cbHeaderOffset, 952 iSANodeIndex, 953 iDANodeIndex 954) == false) { 955 956 if (bDeFragRx) { 957 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 958 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 959 pDevice->dev->name); 960 } 961 } 962 return false; 963 } 964 } 965 966 skb->data += cbHeaderOffset; 967 skb->tail += cbHeaderOffset; 968 skb_put(skb, FrameSize); 969 skb->protocol = eth_type_trans(skb, skb->dev); 970 971 972 //drop frame not met IEEE 802.3 973/* 974 if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) { 975 if ((skb->protocol==htons(ETH_P_802_3)) && 976 (skb->len!=htons(skb->mac.ethernet->h_proto))) { 977 pStats->rx_length_errors++; 978 pStats->rx_dropped++; 979 if (bDeFragRx) { 980 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 981 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 982 pDevice->dev->name); 983 } 984 } 985 return false; 986 } 987 } 988*/ 989 990 skb->ip_summed = CHECKSUM_NONE; 991 pStats->rx_bytes += skb->len; 992 pStats->rx_packets++; 993 netif_rx(skb); 994 995 if (bDeFragRx) { 996 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 997 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n", 998 pDevice->dev->name); 999 } 1000 return false; 1001 } 1002 1003 return true; 1004} 1005 1006 1007static bool s_bAPModeRxCtl( 1008 PSDevice pDevice, 1009 unsigned char *pbyFrame, 1010 int iSANodeIndex 1011) 1012{ 1013 PS802_11Header p802_11Header; 1014 CMD_STATUS Status; 1015 PSMgmtObject pMgmt = pDevice->pMgmt; 1016 1017 1018 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 1019 1020 p802_11Header = (PS802_11Header)(pbyFrame); 1021 if (!IS_TYPE_MGMT(pbyFrame)) { 1022 1023 // Data & PS-Poll packet 1024 // check frame class 1025 if (iSANodeIndex > 0) { 1026 // frame class 3 fliter & checking 1027 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { 1028 // send deauth notification 1029 // reason = (6) class 2 received from nonauth sta 1030 vMgrDeAuthenBeginSta(pDevice, 1031 pMgmt, 1032 (unsigned char *)(p802_11Header->abyAddr2), 1033 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1034 &Status 1035); 1036 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); 1037 return true; 1038 } 1039 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { 1040 // send deassoc notification 1041 // reason = (7) class 3 received from nonassoc sta 1042 vMgrDisassocBeginSta(pDevice, 1043 pMgmt, 1044 (unsigned char *)(p802_11Header->abyAddr2), 1045 (WLAN_MGMT_REASON_CLASS3_NONASSOC), 1046 &Status 1047); 1048 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); 1049 return true; 1050 } 1051 1052 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { 1053 // delcare received ps-poll event 1054 if (IS_CTL_PSPOLL(pbyFrame)) { 1055 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 1056 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1057 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); 1058 } 1059 else { 1060 // check Data PS state 1061 // if PW bit off, send out all PS bufferring packets. 1062 if (!IS_FC_POWERMGT(pbyFrame)) { 1063 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false; 1064 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 1065 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1066 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); 1067 } 1068 } 1069 } 1070 else { 1071 if (IS_FC_POWERMGT(pbyFrame)) { 1072 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = true; 1073 // Once if STA in PS state, enable multicast bufferring 1074 pMgmt->sNodeDBTable[0].bPSEnable = true; 1075 } 1076 else { 1077 // clear all pending PS frame. 1078 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { 1079 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false; 1080 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 1081 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 1082 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); 1083 1084 } 1085 } 1086 } 1087 } 1088 else { 1089 vMgrDeAuthenBeginSta(pDevice, 1090 pMgmt, 1091 (unsigned char *)(p802_11Header->abyAddr2), 1092 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1093 &Status 1094); 1095 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); 1096 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%pM\n", 1097 p802_11Header->abyAddr3); 1098 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%pM\n", 1099 p802_11Header->abyAddr2); 1100 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%pM\n", 1101 p802_11Header->abyAddr1); 1102 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl); 1103 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode)); 1104 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode); 1105 return true; 1106 } 1107 } 1108 } 1109 return false; 1110 1111} 1112 1113static bool s_bHandleRxEncryption( 1114 PSDevice pDevice, 1115 unsigned char *pbyFrame, 1116 unsigned int FrameSize, 1117 unsigned char *pbyRsr, 1118 unsigned char *pbyNewRsr, 1119 PSKeyItem *pKeyOut, 1120 bool *pbExtIV, 1121 unsigned short *pwRxTSC15_0, 1122 unsigned long *pdwRxTSC47_16 1123) 1124{ 1125 unsigned int PayloadLen = FrameSize; 1126 unsigned char *pbyIV; 1127 unsigned char byKeyIdx; 1128 PSKeyItem pKey = NULL; 1129 unsigned char byDecMode = KEY_CTL_WEP; 1130 PSMgmtObject pMgmt = pDevice->pMgmt; 1131 1132 1133 *pwRxTSC15_0 = 0; 1134 *pdwRxTSC47_16 = 0; 1135 1136 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1137 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) && 1138 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) { 1139 pbyIV += 6; // 6 is 802.11 address4 1140 PayloadLen -= 6; 1141 } 1142 byKeyIdx = (*(pbyIV+3) & 0xc0); 1143 byKeyIdx >>= 6; 1144 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "\nKeyIdx: %d\n", byKeyIdx); 1145 1146 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 1147 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 1148 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 1149 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 1150 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 1151 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && 1152 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) { 1153 // unicast pkt use pairwise key 1154 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "unicast pkt\n"); 1155 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == true) { 1156 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP) 1157 byDecMode = KEY_CTL_TKIP; 1158 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP) 1159 byDecMode = KEY_CTL_CCMP; 1160 } 1161 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "unicast pkt: %d, %p\n", byDecMode, pKey); 1162 } else { 1163 // use group key 1164 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); 1165 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1166 byDecMode = KEY_CTL_TKIP; 1167 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1168 byDecMode = KEY_CTL_CCMP; 1169 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); 1170 } 1171 } 1172 // our WEP only support Default Key 1173 if (pKey == NULL) { 1174 // use default group key 1175 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); 1176 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1177 byDecMode = KEY_CTL_TKIP; 1178 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1179 byDecMode = KEY_CTL_CCMP; 1180 } 1181 *pKeyOut = pKey; 1182 1183 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1184 1185 if (pKey == NULL) { 1186 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "pKey == NULL\n"); 1187 if (byDecMode == KEY_CTL_WEP) { 1188// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1189 } else if (pDevice->bLinkPass == true) { 1190// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1191 } 1192 return false; 1193 } 1194 if (byDecMode != pKey->byCipherSuite) { 1195 if (byDecMode == KEY_CTL_WEP) { 1196// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1197 } else if (pDevice->bLinkPass == true) { 1198// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1199 } 1200 *pKeyOut = NULL; 1201 return false; 1202 } 1203 if (byDecMode == KEY_CTL_WEP) { 1204 // handle WEP 1205 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1206 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true)) { 1207 // Software WEP 1208 // 1. 3253A 1209 // 2. WEP 256 1210 1211 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1212 memcpy(pDevice->abyPRNG, pbyIV, 3); 1213 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1214 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1215 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1216 1217 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1218 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1219 } 1220 } 1221 } else if ((byDecMode == KEY_CTL_TKIP) || 1222 (byDecMode == KEY_CTL_CCMP)) { 1223 // TKIP/AES 1224 1225 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1226 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4)); 1227 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ExtIV: %lx\n", *pdwRxTSC47_16); 1228 if (byDecMode == KEY_CTL_TKIP) { 1229 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV + 2), *pbyIV)); 1230 } else { 1231 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV); 1232 } 1233 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC0_15: %x\n", *pwRxTSC15_0); 1234 1235 if ((byDecMode == KEY_CTL_TKIP) && 1236 (pDevice->byLocalID <= REV_ID_VT3253_A1)) { 1237 // Software TKIP 1238 // 1. 3253 A 1239 PS802_11Header pMACHeader = (PS802_11Header)(pbyFrame); 1240 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1241 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1242 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1243 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1244 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1245 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV OK!\n"); 1246 } else { 1247 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV FAIL!!!\n"); 1248 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "PayloadLen = %d\n", PayloadLen); 1249 } 1250 } 1251 }// end of TKIP/AES 1252 1253 if ((*(pbyIV+3) & 0x20) != 0) 1254 *pbExtIV = true; 1255 return true; 1256} 1257 1258 1259static bool s_bHostWepRxEncryption( 1260 PSDevice pDevice, 1261 unsigned char *pbyFrame, 1262 unsigned int FrameSize, 1263 unsigned char *pbyRsr, 1264 bool bOnFly, 1265 PSKeyItem pKey, 1266 unsigned char *pbyNewRsr, 1267 bool *pbExtIV, 1268 unsigned short *pwRxTSC15_0, 1269 unsigned long *pdwRxTSC47_16 1270) 1271{ 1272 unsigned int PayloadLen = FrameSize; 1273 unsigned char *pbyIV; 1274 unsigned char byKeyIdx; 1275 unsigned char byDecMode = KEY_CTL_WEP; 1276 PS802_11Header pMACHeader; 1277 1278 1279 1280 *pwRxTSC15_0 = 0; 1281 *pdwRxTSC47_16 = 0; 1282 1283 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1284 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) && 1285 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) { 1286 pbyIV += 6; // 6 is 802.11 address4 1287 PayloadLen -= 6; 1288 } 1289 byKeyIdx = (*(pbyIV+3) & 0xc0); 1290 byKeyIdx >>= 6; 1291 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "\nKeyIdx: %d\n", byKeyIdx); 1292 1293 1294 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1295 byDecMode = KEY_CTL_TKIP; 1296 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1297 byDecMode = KEY_CTL_CCMP; 1298 1299 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1300 1301 if (byDecMode != pKey->byCipherSuite) { 1302 if (byDecMode == KEY_CTL_WEP) { 1303// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1304 } else if (pDevice->bLinkPass == true) { 1305// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1306 } 1307 return false; 1308 } 1309 1310 if (byDecMode == KEY_CTL_WEP) { 1311 // handle WEP 1312 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "byDecMode == KEY_CTL_WEP \n"); 1313 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1314 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true) || 1315 (bOnFly == false)) { 1316 // Software WEP 1317 // 1. 3253A 1318 // 2. WEP 256 1319 // 3. NotOnFly 1320 1321 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1322 memcpy(pDevice->abyPRNG, pbyIV, 3); 1323 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1324 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1325 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1326 1327 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1328 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1329 } 1330 } 1331 } else if ((byDecMode == KEY_CTL_TKIP) || 1332 (byDecMode == KEY_CTL_CCMP)) { 1333 // TKIP/AES 1334 1335 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1336 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4)); 1337 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ExtIV: %lx\n", *pdwRxTSC47_16); 1338 1339 if (byDecMode == KEY_CTL_TKIP) { 1340 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1341 } else { 1342 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV); 1343 } 1344 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC0_15: %x\n", *pwRxTSC15_0); 1345 1346 if (byDecMode == KEY_CTL_TKIP) { 1347 1348 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == false)) { 1349 // Software TKIP 1350 // 1. 3253 A 1351 // 2. NotOnFly 1352 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "soft KEY_CTL_TKIP \n"); 1353 pMACHeader = (PS802_11Header)(pbyFrame); 1354 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1355 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1356 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1357 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1358 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1359 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV OK!\n"); 1360 } else { 1361 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV FAIL!!!\n"); 1362 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "PayloadLen = %d\n", PayloadLen); 1363 } 1364 } 1365 } 1366 1367 if (byDecMode == KEY_CTL_CCMP) { 1368 if (bOnFly == false) { 1369 // Software CCMP 1370 // NotOnFly 1371 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "soft KEY_CTL_CCMP\n"); 1372 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) { 1373 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1374 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "CCMP MIC compare OK!\n"); 1375 } else { 1376 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "CCMP MIC fail!\n"); 1377 } 1378 } 1379 } 1380 1381 }// end of TKIP/AES 1382 1383 if ((*(pbyIV+3) & 0x20) != 0) 1384 *pbExtIV = true; 1385 return true; 1386} 1387 1388 1389 1390static bool s_bAPModeRxData( 1391 PSDevice pDevice, 1392 struct sk_buff *skb, 1393 unsigned int FrameSize, 1394 unsigned int cbHeaderOffset, 1395 int iSANodeIndex, 1396 int iDANodeIndex 1397) 1398{ 1399 PSMgmtObject pMgmt = pDevice->pMgmt; 1400 bool bRelayAndForward = false; 1401 bool bRelayOnly = false; 1402 unsigned char byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80}; 1403 unsigned short wAID; 1404 1405 1406 struct sk_buff *skbcpy = NULL; 1407 1408 if (FrameSize > CB_MAX_BUF_SIZE) 1409 return false; 1410 // check DA 1411 if (is_multicast_ether_addr((unsigned char *)(skb->data+cbHeaderOffset))) { 1412 if (pMgmt->sNodeDBTable[0].bPSEnable) { 1413 1414 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz); 1415 1416 // if any node in PS mode, buffer packet until DTIM. 1417 if (skbcpy == NULL) { 1418 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n"); 1419 } 1420 else { 1421 skbcpy->dev = pDevice->dev; 1422 skbcpy->len = FrameSize; 1423 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize); 1424 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy); 1425 1426 pMgmt->sNodeDBTable[0].wEnQueueCnt++; 1427 // set tx map 1428 pMgmt->abyPSTxMap[0] |= byMask[0]; 1429 } 1430 } 1431 else { 1432 bRelayAndForward = true; 1433 } 1434 } 1435 else { 1436 // check if relay 1437 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(skb->data+cbHeaderOffset), &iDANodeIndex)) { 1438 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) { 1439 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) { 1440 // queue this skb until next PS tx, and then release. 1441 1442 skb->data += cbHeaderOffset; 1443 skb->tail += cbHeaderOffset; 1444 skb_put(skb, FrameSize); 1445 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb); 1446 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++; 1447 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID; 1448 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7]; 1449 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n", 1450 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]); 1451 return true; 1452 } 1453 else { 1454 bRelayOnly = true; 1455 } 1456 } 1457 } 1458 } 1459 1460 if (bRelayOnly || bRelayAndForward) { 1461 // relay this packet right now 1462 if (bRelayAndForward) 1463 iDANodeIndex = 0; 1464 1465 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) { 1466 ROUTEbRelay(pDevice, (unsigned char *)(skb->data + cbHeaderOffset), FrameSize, (unsigned int)iDANodeIndex); 1467 } 1468 1469 if (bRelayOnly) 1470 return false; 1471 } 1472 // none associate, don't forward 1473 if (pDevice->uAssocCount == 0) 1474 return false; 1475 1476 return true; 1477} 1478 1479