Commit | Line | Data |
---|---|---|
92b96797 FB |
1 | /* |
2 | * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. | |
3 | * All rights reserved. | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License as published by | |
7 | * the Free Software Foundation; either version 2 of the License, or | |
8 | * (at your option) any later version. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, | |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | * GNU General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU General Public License along | |
16 | * with this program; if not, write to the Free Software Foundation, Inc., | |
17 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
18 | * | |
19 | * File: dpc.c | |
20 | * | |
21 | * Purpose: handle dpc rx functions | |
22 | * | |
23 | * Author: Lyndon Chen | |
24 | * | |
25 | * Date: May 20, 2003 | |
26 | * | |
27 | * Functions: | |
28 | * device_receive_frame - Rcv 802.11 frame function | |
29 | * s_bAPModeRxCtl- AP Rcv frame filer Ctl. | |
30 | * s_bAPModeRxData- AP Rcv data frame handle | |
31 | * s_bHandleRxEncryption- Rcv decrypted data via on-fly | |
32 | * s_bHostWepRxEncryption- Rcv encrypted data via host | |
33 | * s_byGetRateIdx- get rate index | |
34 | * s_vGetDASA- get data offset | |
35 | * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 | |
36 | * | |
37 | * Revision History: | |
38 | * | |
39 | */ | |
40 | ||
41 | ||
42 | #if !defined(__DEVICE_H__) | |
43 | #include "device.h" | |
44 | #endif | |
45 | #if !defined(__RXTX_H__) | |
46 | #include "rxtx.h" | |
47 | #endif | |
48 | #if !defined(__TETHER_H__) | |
49 | #include "tether.h" | |
50 | #endif | |
51 | #if !defined(__CARD_H__) | |
52 | #include "card.h" | |
53 | #endif | |
54 | #if !defined(__BSSDB_H__) | |
55 | #include "bssdb.h" | |
56 | #endif | |
57 | #if !defined(__MAC_H__) | |
58 | #include "mac.h" | |
59 | #endif | |
60 | #if !defined(__BASEBAND_H__) | |
61 | #include "baseband.h" | |
62 | #endif | |
63 | #if !defined(__UMEM_H__) | |
64 | #include "umem.h" | |
65 | #endif | |
66 | #if !defined(__MICHAEL_H__) | |
67 | #include "michael.h" | |
68 | #endif | |
69 | #if !defined(__TKIP_H__) | |
70 | #include "tkip.h" | |
71 | #endif | |
72 | #if !defined(__TCRC_H__) | |
73 | #include "tcrc.h" | |
74 | #endif | |
75 | #if !defined(__WCTL_H__) | |
76 | #include "wctl.h" | |
77 | #endif | |
78 | #if !defined(__TBIT_H__) | |
79 | #include "tbit.h" | |
80 | #endif | |
81 | #if !defined(__HOSTAP_H__) | |
82 | #include "hostap.h" | |
83 | #endif | |
84 | #if !defined(__RF_H__) | |
85 | #include "rf.h" | |
86 | #endif | |
87 | #if !defined(__IOWPA_H__) | |
88 | #include "iowpa.h" | |
89 | #endif | |
90 | #if !defined(__AES_H__) | |
91 | #include "aes_ccmp.h" | |
92 | #endif | |
93 | #if !defined(__DATARATE_H__) | |
94 | #include "datarate.h" | |
95 | #endif | |
96 | #if !defined(__USBPIPE_H__) | |
97 | #include "usbpipe.h" | |
98 | #endif | |
99 | ||
100 | ||
101 | /*--------------------- Static Definitions -------------------------*/ | |
102 | ||
103 | /*--------------------- Static Classes ----------------------------*/ | |
104 | ||
105 | /*--------------------- Static Variables --------------------------*/ | |
106 | //static int msglevel =MSG_LEVEL_DEBUG; | |
107 | static int msglevel =MSG_LEVEL_INFO; | |
108 | ||
109 | const BYTE acbyRxRate[MAX_RATE] = | |
110 | {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; | |
111 | ||
112 | ||
113 | /*--------------------- Static Functions --------------------------*/ | |
114 | ||
115 | /*--------------------- Static Definitions -------------------------*/ | |
116 | ||
117 | /*--------------------- Static Functions --------------------------*/ | |
118 | ||
119 | static BYTE s_byGetRateIdx(IN BYTE byRate); | |
120 | ||
121 | ||
122 | static | |
123 | VOID | |
124 | s_vGetDASA( | |
125 | IN PBYTE pbyRxBufferAddr, | |
126 | OUT PUINT pcbHeaderSize, | |
127 | OUT PSEthernetHeader psEthHeader | |
128 | ); | |
129 | ||
130 | static | |
131 | VOID | |
132 | s_vProcessRxMACHeader ( | |
133 | IN PSDevice pDevice, | |
134 | IN PBYTE pbyRxBufferAddr, | |
135 | IN UINT cbPacketSize, | |
136 | IN BOOL bIsWEP, | |
137 | IN BOOL bExtIV, | |
138 | OUT PUINT pcbHeadSize | |
139 | ); | |
140 | ||
141 | static BOOL s_bAPModeRxCtl( | |
142 | IN PSDevice pDevice, | |
143 | IN PBYTE pbyFrame, | |
144 | IN INT iSANodeIndex | |
145 | ); | |
146 | ||
147 | ||
148 | ||
149 | static BOOL s_bAPModeRxData ( | |
150 | IN PSDevice pDevice, | |
151 | IN struct sk_buff* skb, | |
152 | IN UINT FrameSize, | |
153 | IN UINT cbHeaderOffset, | |
154 | IN INT iSANodeIndex, | |
155 | IN INT iDANodeIndex | |
156 | ); | |
157 | ||
158 | ||
159 | static BOOL s_bHandleRxEncryption( | |
160 | IN PSDevice pDevice, | |
161 | IN PBYTE pbyFrame, | |
162 | IN UINT FrameSize, | |
163 | IN PBYTE pbyRsr, | |
164 | OUT PBYTE pbyNewRsr, | |
165 | OUT PSKeyItem *pKeyOut, | |
193a823c | 166 | int * pbExtIV, |
92b96797 FB |
167 | OUT PWORD pwRxTSC15_0, |
168 | OUT PDWORD pdwRxTSC47_16 | |
169 | ); | |
170 | ||
171 | static BOOL s_bHostWepRxEncryption( | |
172 | ||
173 | IN PSDevice pDevice, | |
174 | IN PBYTE pbyFrame, | |
175 | IN UINT FrameSize, | |
176 | IN PBYTE pbyRsr, | |
177 | IN BOOL bOnFly, | |
178 | IN PSKeyItem pKey, | |
179 | OUT PBYTE pbyNewRsr, | |
193a823c | 180 | int * pbExtIV, |
92b96797 FB |
181 | OUT PWORD pwRxTSC15_0, |
182 | OUT PDWORD pdwRxTSC47_16 | |
183 | ||
184 | ); | |
185 | ||
186 | /*--------------------- Export Variables --------------------------*/ | |
187 | ||
188 | /*+ | |
189 | * | |
190 | * Description: | |
191 | * Translate Rcv 802.11 header to 802.3 header with Rx buffer | |
192 | * | |
193 | * Parameters: | |
194 | * In: | |
195 | * pDevice | |
196 | * dwRxBufferAddr - Address of Rcv Buffer | |
197 | * cbPacketSize - Rcv Packet size | |
198 | * bIsWEP - If Rcv with WEP | |
199 | * Out: | |
200 | * pcbHeaderSize - 802.11 header size | |
201 | * | |
202 | * Return Value: None | |
203 | * | |
204 | -*/ | |
205 | static | |
206 | VOID | |
207 | s_vProcessRxMACHeader ( | |
208 | IN PSDevice pDevice, | |
209 | IN PBYTE pbyRxBufferAddr, | |
210 | IN UINT cbPacketSize, | |
211 | IN BOOL bIsWEP, | |
212 | IN BOOL bExtIV, | |
213 | OUT PUINT pcbHeadSize | |
214 | ) | |
215 | { | |
216 | PBYTE pbyRxBuffer; | |
217 | UINT cbHeaderSize = 0; | |
218 | PWORD pwType; | |
219 | PS802_11Header pMACHeader; | |
220 | int ii; | |
221 | ||
222 | ||
223 | pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); | |
224 | ||
225 | s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); | |
226 | ||
227 | if (bIsWEP) { | |
228 | if (bExtIV) { | |
229 | // strip IV&ExtIV , add 8 byte | |
230 | cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); | |
231 | } else { | |
232 | // strip IV , add 4 byte | |
233 | cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); | |
234 | } | |
235 | } | |
236 | else { | |
237 | cbHeaderSize += WLAN_HDR_ADDR3_LEN; | |
238 | }; | |
239 | ||
240 | pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); | |
241 | if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) { | |
242 | cbHeaderSize += 6; | |
243 | } | |
244 | else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) { | |
245 | cbHeaderSize += 6; | |
246 | pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); | |
247 | if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) { | |
248 | } | |
249 | else { | |
250 | cbHeaderSize -= 8; | |
251 | pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); | |
252 | if (bIsWEP) { | |
253 | if (bExtIV) { | |
254 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV | |
255 | } else { | |
256 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV | |
257 | } | |
258 | } | |
259 | else { | |
260 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); | |
261 | } | |
262 | } | |
263 | } | |
264 | else { | |
265 | cbHeaderSize -= 2; | |
266 | pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); | |
267 | if (bIsWEP) { | |
268 | if (bExtIV) { | |
269 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV | |
270 | } else { | |
271 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV | |
272 | } | |
273 | } | |
274 | else { | |
275 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); | |
276 | } | |
277 | } | |
278 | ||
279 | cbHeaderSize -= (U_ETHER_ADDR_LEN * 2); | |
280 | pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); | |
281 | for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) | |
282 | *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; | |
283 | for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) | |
284 | *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; | |
285 | ||
286 | *pcbHeadSize = cbHeaderSize; | |
287 | } | |
288 | ||
289 | ||
290 | ||
291 | ||
292 | static BYTE s_byGetRateIdx (IN BYTE byRate) | |
293 | { | |
294 | BYTE byRateIdx; | |
295 | ||
296 | for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) { | |
297 | if (acbyRxRate[byRateIdx%MAX_RATE] == byRate) | |
298 | return byRateIdx; | |
299 | } | |
300 | return 0; | |
301 | } | |
302 | ||
303 | ||
304 | static | |
305 | VOID | |
306 | s_vGetDASA ( | |
307 | IN PBYTE pbyRxBufferAddr, | |
308 | OUT PUINT pcbHeaderSize, | |
309 | OUT PSEthernetHeader psEthHeader | |
310 | ) | |
311 | { | |
312 | UINT cbHeaderSize = 0; | |
313 | PS802_11Header pMACHeader; | |
314 | int ii; | |
315 | ||
316 | pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); | |
317 | ||
318 | if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { | |
319 | if (pMACHeader->wFrameCtl & FC_FROMDS) { | |
320 | for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) { | |
321 | psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; | |
322 | psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii]; | |
323 | } | |
324 | } | |
325 | else { | |
326 | // IBSS mode | |
327 | for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) { | |
328 | psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; | |
329 | psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; | |
330 | } | |
331 | } | |
332 | } | |
333 | else { | |
334 | // Is AP mode.. | |
335 | if (pMACHeader->wFrameCtl & FC_FROMDS) { | |
336 | for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) { | |
337 | psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; | |
338 | psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii]; | |
339 | cbHeaderSize += 6; | |
340 | } | |
341 | } | |
342 | else { | |
343 | for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) { | |
344 | psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; | |
345 | psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; | |
346 | } | |
347 | } | |
348 | }; | |
349 | *pcbHeaderSize = cbHeaderSize; | |
350 | } | |
351 | ||
352 | ||
353 | ||
354 | ||
355 | BOOL | |
356 | RXbBulkInProcessData ( | |
357 | IN PSDevice pDevice, | |
358 | IN PRCB pRCB, | |
359 | IN ULONG BytesToIndicate | |
360 | ) | |
361 | { | |
362 | ||
363 | struct net_device_stats* pStats=&pDevice->stats; | |
364 | struct sk_buff* skb; | |
365 | PSMgmtObject pMgmt = &(pDevice->sMgmtObj); | |
366 | PSRxMgmtPacket pRxPacket = &(pMgmt->sRxPacket); | |
367 | PS802_11Header p802_11Header; | |
368 | PBYTE pbyRsr; | |
369 | PBYTE pbyNewRsr; | |
370 | PBYTE pbyRSSI; | |
371 | PQWORD pqwTSFTime; | |
372 | PBYTE pbyFrame; | |
373 | BOOL bDeFragRx = FALSE; | |
374 | UINT cbHeaderOffset; | |
375 | UINT FrameSize; | |
376 | WORD wEtherType = 0; | |
377 | INT iSANodeIndex = -1; | |
378 | INT iDANodeIndex = -1; | |
379 | UINT ii; | |
380 | UINT cbIVOffset; | |
381 | PBYTE pbyRxSts; | |
382 | PBYTE pbyRxRate; | |
383 | PBYTE pbySQ; | |
384 | #ifdef Calcu_LinkQual | |
385 | PBYTE pby3SQ; | |
386 | #endif | |
387 | UINT cbHeaderSize; | |
388 | PSKeyItem pKey = NULL; | |
389 | WORD wRxTSC15_0 = 0; | |
390 | DWORD dwRxTSC47_16 = 0; | |
391 | SKeyItem STempKey; | |
392 | // 802.11h RPI | |
393 | //LONG ldBm = 0; | |
394 | BOOL bIsWEP = FALSE; | |
395 | BOOL bExtIV = FALSE; | |
396 | DWORD dwWbkStatus; | |
397 | PRCB pRCBIndicate = pRCB; | |
398 | PBYTE pbyDAddress; | |
399 | PWORD pwPLCP_Length; | |
400 | BYTE abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108}; | |
401 | WORD wPLCPwithPadding; | |
402 | PS802_11Header pMACHeader; | |
403 | BOOL bRxeapol_key = FALSE; | |
404 | ||
405 | ||
406 | ||
407 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n"); | |
408 | ||
409 | skb = pRCB->skb; | |
410 | ||
411 | //[31:16]RcvByteCount ( not include 4-byte Status ) | |
412 | dwWbkStatus = *( (PDWORD)(skb->data) ); | |
413 | FrameSize = (UINT)(dwWbkStatus >> 16); | |
414 | FrameSize += 4; | |
415 | ||
416 | if (BytesToIndicate != FrameSize) { | |
417 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n"); | |
418 | return FALSE; | |
419 | } | |
420 | ||
421 | if ((BytesToIndicate > 2372)||(BytesToIndicate <= 40)) { | |
422 | // Frame Size error drop this packet. | |
423 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n"); | |
424 | return FALSE; | |
425 | } | |
426 | ||
427 | pbyDAddress = (PBYTE)(skb->data); | |
428 | pbyRxSts = pbyDAddress+4; | |
429 | pbyRxRate = pbyDAddress+5; | |
430 | ||
431 | //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding | |
432 | //if SQ3 the range is 24~27, if no SQ3 the range is 20~23 | |
433 | //real Frame size in PLCPLength field. | |
434 | pwPLCP_Length = (PWORD) (pbyDAddress + 6); | |
435 | //Fix hardware bug => PLCP_Length error | |
436 | if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) || | |
437 | ((BytesToIndicate - (*pwPLCP_Length)) < 24) || | |
438 | (BytesToIndicate < (*pwPLCP_Length)) ) { | |
439 | ||
440 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length); | |
441 | ASSERT(0); | |
442 | return FALSE; | |
443 | } | |
444 | for ( ii=RATE_1M;ii<MAX_RATE;ii++) { | |
445 | if ( *pbyRxRate == abyVaildRate[ii] ) { | |
446 | break; | |
447 | } | |
448 | } | |
449 | if ( ii==MAX_RATE ) { | |
450 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate); | |
451 | return FALSE; | |
452 | } | |
453 | ||
454 | wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4; | |
455 | ||
456 | pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding); | |
457 | #ifdef Calcu_LinkQual | |
458 | if(pDevice->byBBType == BB_TYPE_11G) { | |
459 | pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12; | |
460 | pbySQ = pby3SQ; | |
461 | } | |
462 | else { | |
463 | pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8; | |
464 | pby3SQ = pbySQ; | |
465 | } | |
466 | #else | |
467 | pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8; | |
468 | #endif | |
469 | pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9; | |
470 | pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10; | |
471 | pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11; | |
472 | ||
473 | FrameSize = *pwPLCP_Length; | |
474 | ||
475 | pbyFrame = pbyDAddress + 8; | |
476 | // update receive statistic counter | |
477 | ||
478 | STAvUpdateRDStatCounter(&pDevice->scStatistic, | |
479 | *pbyRsr, | |
480 | *pbyNewRsr, | |
481 | *pbyRxSts, | |
482 | *pbyRxRate, | |
483 | pbyFrame, | |
484 | FrameSize | |
485 | ); | |
486 | ||
487 | ||
488 | pMACHeader = (PS802_11Header) pbyFrame; | |
489 | ||
490 | //mike add: to judge if current AP is activated? | |
491 | if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) || | |
492 | (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) { | |
493 | if (pMgmt->sNodeDBTable[0].bActive) { | |
494 | if(IS_ETH_ADDRESS_EQUAL (pMgmt->abyCurrBSSID, pMACHeader->abyAddr2) ) { | |
495 | if (pMgmt->sNodeDBTable[0].uInActiveCount != 0) | |
496 | pMgmt->sNodeDBTable[0].uInActiveCount = 0; | |
497 | } | |
498 | } | |
499 | } | |
500 | ||
501 | if (!IS_MULTICAST_ADDRESS(pMACHeader->abyAddr1) && !IS_BROADCAST_ADDRESS(pMACHeader->abyAddr1)) { | |
502 | if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) { | |
503 | pDevice->s802_11Counter.FrameDuplicateCount++; | |
504 | return FALSE; | |
505 | } | |
506 | ||
507 | if ( !IS_ETH_ADDRESS_EQUAL (pDevice->abyCurrentNetAddr, pMACHeader->abyAddr1) ) { | |
508 | return FALSE; | |
509 | } | |
510 | } | |
511 | ||
512 | ||
513 | // Use for TKIP MIC | |
514 | s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader); | |
515 | ||
516 | if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr)) | |
517 | return FALSE; | |
518 | ||
519 | if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { | |
520 | if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { | |
521 | p802_11Header = (PS802_11Header) (pbyFrame); | |
522 | // get SA NodeIndex | |
523 | if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) { | |
524 | pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; | |
525 | pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; | |
526 | } | |
527 | } | |
528 | } | |
529 | ||
530 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
531 | if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) { | |
532 | return FALSE; | |
533 | } | |
534 | } | |
535 | ||
536 | ||
537 | if (IS_FC_WEP(pbyFrame)) { | |
538 | BOOL bRxDecryOK = FALSE; | |
539 | ||
540 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n"); | |
541 | bIsWEP = TRUE; | |
542 | if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { | |
543 | pKey = &STempKey; | |
544 | pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; | |
545 | pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; | |
546 | pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; | |
547 | pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; | |
548 | pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; | |
549 | memcpy(pKey->abyKey, | |
550 | &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], | |
551 | pKey->uKeyLength | |
552 | ); | |
553 | ||
554 | bRxDecryOK = s_bHostWepRxEncryption(pDevice, | |
555 | pbyFrame, | |
556 | FrameSize, | |
557 | pbyRsr, | |
558 | pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, | |
559 | pKey, | |
560 | pbyNewRsr, | |
561 | &bExtIV, | |
562 | &wRxTSC15_0, | |
563 | &dwRxTSC47_16); | |
564 | } else { | |
565 | bRxDecryOK = s_bHandleRxEncryption(pDevice, | |
566 | pbyFrame, | |
567 | FrameSize, | |
568 | pbyRsr, | |
569 | pbyNewRsr, | |
570 | &pKey, | |
571 | &bExtIV, | |
572 | &wRxTSC15_0, | |
573 | &dwRxTSC47_16); | |
574 | } | |
575 | ||
576 | if (bRxDecryOK) { | |
577 | if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { | |
578 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n"); | |
579 | if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) || | |
580 | (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || | |
581 | (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || | |
582 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || | |
583 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { | |
584 | ||
585 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { | |
586 | pDevice->s802_11Counter.TKIPICVErrors++; | |
587 | } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) { | |
588 | pDevice->s802_11Counter.CCMPDecryptErrors++; | |
589 | } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) { | |
590 | // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++; | |
591 | } | |
592 | } | |
593 | return FALSE; | |
594 | } | |
595 | } else { | |
596 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n"); | |
597 | return FALSE; | |
598 | } | |
599 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) | |
600 | FrameSize -= 8; // Message Integrity Code | |
601 | else | |
602 | FrameSize -= 4; // 4 is ICV | |
603 | } | |
604 | ||
605 | ||
606 | // | |
607 | // RX OK | |
608 | // | |
609 | //remove the CRC length | |
610 | FrameSize -= U_CRC_LEN; | |
611 | ||
612 | if ((BITbIsAllBitsOff(*pbyRsr, (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address | |
613 | (IS_FRAGMENT_PKT((pbyFrame))) | |
614 | ) { | |
615 | // defragment | |
616 | bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV); | |
617 | pDevice->s802_11Counter.ReceivedFragmentCount++; | |
618 | if (bDeFragRx) { | |
619 | // defrag complete | |
620 | // TODO skb, pbyFrame | |
621 | skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; | |
622 | FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; | |
623 | pbyFrame = skb->data + 8; | |
624 | } | |
625 | else { | |
626 | return FALSE; | |
627 | } | |
628 | } | |
629 | ||
630 | // | |
631 | // Management & Control frame Handle | |
632 | // | |
633 | if ((IS_TYPE_DATA((pbyFrame))) == FALSE) { | |
634 | // Handle Control & Manage Frame | |
635 | ||
636 | if (IS_TYPE_MGMT((pbyFrame))) { | |
637 | PBYTE pbyData1; | |
638 | PBYTE pbyData2; | |
639 | ||
640 | pRxPacket = &(pRCB->sMngPacket); | |
641 | pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame); | |
642 | pRxPacket->cbMPDULen = FrameSize; | |
643 | pRxPacket->uRSSI = *pbyRSSI; | |
644 | pRxPacket->bySQ = *pbySQ; | |
645 | HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime)); | |
646 | LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime)); | |
647 | if (bIsWEP) { | |
648 | // strip IV | |
649 | pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame); | |
650 | pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4; | |
651 | for (ii = 0; ii < (FrameSize - 4); ii++) { | |
652 | *pbyData1 = *pbyData2; | |
653 | pbyData1++; | |
654 | pbyData2++; | |
655 | } | |
656 | } | |
657 | ||
658 | pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); | |
659 | ||
660 | if ( *pbyRxSts == 0 ) { | |
661 | //Discard beacon packet which channel is 0 | |
662 | if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) || | |
663 | (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) { | |
664 | return TRUE; | |
665 | } | |
666 | } | |
667 | pRxPacket->byRxChannel = (*pbyRxSts) >> 2; | |
668 | ||
669 | // hostap Deamon handle 802.11 management | |
670 | if (pDevice->bEnableHostapd) { | |
671 | skb->dev = pDevice->apdev; | |
672 | //skb->data += 4; | |
673 | //skb->tail += 4; | |
674 | skb->data += 8; | |
675 | skb->tail += 8; | |
676 | skb_put(skb, FrameSize); | |
d899d403 | 677 | skb_reset_mac_header(skb); |
92b96797 FB |
678 | skb->pkt_type = PACKET_OTHERHOST; |
679 | skb->protocol = htons(ETH_P_802_2); | |
680 | memset(skb->cb, 0, sizeof(skb->cb)); | |
681 | netif_rx(skb); | |
682 | return TRUE; | |
683 | } | |
684 | ||
685 | // | |
686 | // Insert the RCB in the Recv Mng list | |
687 | // | |
688 | EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate); | |
689 | pDevice->NumRecvMngList++; | |
690 | if ( bDeFragRx == FALSE) { | |
691 | pRCB->Ref++; | |
692 | } | |
693 | if (pDevice->bIsRxMngWorkItemQueued == FALSE) { | |
694 | pDevice->bIsRxMngWorkItemQueued = TRUE; | |
695 | tasklet_schedule(&pDevice->RxMngWorkItem); | |
696 | } | |
697 | ||
698 | } | |
699 | else { | |
700 | // Control Frame | |
701 | }; | |
702 | return FALSE; | |
703 | } | |
704 | else { | |
705 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
706 | //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. | |
707 | if (BITbIsBitOff(*pbyRsr, RSR_BSSIDOK)) { | |
708 | if (bDeFragRx) { | |
709 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
710 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
711 | pDevice->dev->name); | |
712 | } | |
713 | } | |
714 | return FALSE; | |
715 | } | |
716 | } | |
717 | else { | |
718 | // discard DATA packet while not associate || BSSID error | |
719 | if ((pDevice->bLinkPass == FALSE) || | |
720 | BITbIsBitOff(*pbyRsr, RSR_BSSIDOK)) { | |
721 | if (bDeFragRx) { | |
722 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
723 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
724 | pDevice->dev->name); | |
725 | } | |
726 | } | |
727 | return FALSE; | |
728 | } | |
729 | //mike add:station mode check eapol-key challenge---> | |
730 | { | |
731 | BYTE Protocol_Version; //802.1x Authentication | |
732 | BYTE Packet_Type; //802.1x Authentication | |
733 | BYTE Descriptor_type; | |
734 | WORD Key_info; | |
735 | if (bIsWEP) | |
736 | cbIVOffset = 8; | |
737 | else | |
738 | cbIVOffset = 0; | |
739 | wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | | |
740 | skb->data[cbIVOffset + 8 + 24 + 6 + 1]; | |
741 | Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1]; | |
742 | Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1]; | |
743 | if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header | |
744 | if(((Protocol_Version==1) ||(Protocol_Version==2)) && | |
745 | (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive | |
746 | bRxeapol_key = TRUE; | |
747 | Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2]; | |
748 | Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ; | |
749 | if(Descriptor_type==2) { //RSN | |
750 | // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info); | |
751 | } | |
752 | else if(Descriptor_type==254) { | |
753 | // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info); | |
754 | } | |
755 | } | |
756 | } | |
757 | } | |
758 | //mike add:station mode check eapol-key challenge<--- | |
759 | } | |
760 | } | |
761 | ||
762 | ||
763 | // Data frame Handle | |
764 | ||
765 | ||
766 | if (pDevice->bEnablePSMode) { | |
767 | if (IS_FC_MOREDATA((pbyFrame))) { | |
768 | if (BITbIsBitOn(*pbyRsr, RSR_ADDROK)) { | |
769 | //PSbSendPSPOLL((PSDevice)pDevice); | |
770 | } | |
771 | } | |
772 | else { | |
773 | if (pMgmt->bInTIMWake == TRUE) { | |
774 | pMgmt->bInTIMWake = FALSE; | |
775 | } | |
776 | } | |
777 | }; | |
778 | ||
779 | // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps | |
780 | if (pDevice->bDiversityEnable && (FrameSize>50) && | |
781 | (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) && | |
782 | (pDevice->bLinkPass == TRUE)) { | |
783 | BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); | |
784 | } | |
785 | ||
786 | // ++++++++ For BaseBand Algorithm +++++++++++++++ | |
787 | pDevice->uCurrRSSI = *pbyRSSI; | |
788 | pDevice->byCurrSQ = *pbySQ; | |
789 | ||
790 | // todo | |
791 | /* | |
792 | if ((*pbyRSSI != 0) && | |
793 | (pMgmt->pCurrBSS!=NULL)) { | |
794 | RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); | |
795 | // Moniter if RSSI is too strong. | |
796 | pMgmt->pCurrBSS->byRSSIStatCnt++; | |
797 | pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; | |
798 | pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; | |
799 | for(ii=0;ii<RSSI_STAT_COUNT;ii++) { | |
800 | if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) { | |
801 | pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); | |
802 | } | |
803 | } | |
804 | } | |
805 | */ | |
806 | ||
807 | ||
808 | // ----------------------------------------------- | |
809 | ||
810 | if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){ | |
811 | BYTE abyMacHdr[24]; | |
812 | ||
813 | // Only 802.1x packet incoming allowed | |
814 | if (bIsWEP) | |
815 | cbIVOffset = 8; | |
816 | else | |
817 | cbIVOffset = 0; | |
818 | wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | | |
819 | skb->data[cbIVOffset + 8 + 24 + 6 + 1]; | |
820 | ||
821 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType); | |
822 | if (wEtherType == ETH_P_PAE) { | |
823 | skb->dev = pDevice->apdev; | |
824 | ||
825 | if (bIsWEP == TRUE) { | |
826 | // strip IV header(8) | |
827 | memcpy(&abyMacHdr[0], (skb->data + 8), 24); | |
828 | memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24); | |
829 | } | |
830 | ||
831 | skb->data += (cbIVOffset + 8); | |
832 | skb->tail += (cbIVOffset + 8); | |
833 | skb_put(skb, FrameSize); | |
d899d403 | 834 | skb_reset_mac_header(skb); |
92b96797 FB |
835 | skb->pkt_type = PACKET_OTHERHOST; |
836 | skb->protocol = htons(ETH_P_802_2); | |
837 | memset(skb->cb, 0, sizeof(skb->cb)); | |
838 | netif_rx(skb); | |
839 | return TRUE; | |
840 | ||
841 | } | |
842 | // check if 802.1x authorized | |
843 | if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) | |
844 | return FALSE; | |
845 | } | |
846 | ||
847 | ||
848 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { | |
849 | if (bIsWEP) { | |
850 | FrameSize -= 8; //MIC | |
851 | } | |
852 | } | |
853 | ||
854 | //-------------------------------------------------------------------------------- | |
855 | // Soft MIC | |
856 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { | |
857 | if (bIsWEP) { | |
858 | PDWORD pdwMIC_L; | |
859 | PDWORD pdwMIC_R; | |
860 | DWORD dwMIC_Priority; | |
861 | DWORD dwMICKey0 = 0, dwMICKey1 = 0; | |
862 | DWORD dwLocalMIC_L = 0; | |
863 | DWORD dwLocalMIC_R = 0; | |
864 | viawget_wpa_header *wpahdr; | |
865 | ||
866 | ||
867 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
868 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); | |
869 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); | |
870 | } | |
871 | else { | |
872 | if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { | |
873 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); | |
874 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); | |
875 | } else if ((pKey->dwKeyIndex & BIT28) == 0) { | |
876 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); | |
877 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); | |
878 | } else { | |
879 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); | |
880 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); | |
881 | } | |
882 | } | |
883 | ||
884 | MIC_vInit(dwMICKey0, dwMICKey1); | |
885 | MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); | |
886 | dwMIC_Priority = 0; | |
887 | MIC_vAppend((PBYTE)&dwMIC_Priority, 4); | |
888 | // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. | |
889 | MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8), | |
890 | FrameSize - WLAN_HDR_ADDR3_LEN - 8); | |
891 | MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); | |
892 | MIC_vUnInit(); | |
893 | ||
894 | pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize); | |
895 | pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4); | |
896 | ||
897 | ||
898 | if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || | |
899 | (pDevice->bRxMICFail == TRUE)) { | |
900 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n"); | |
901 | pDevice->bRxMICFail = FALSE; | |
902 | //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; | |
903 | pDevice->s802_11Counter.TKIPLocalMICFailures++; | |
904 | if (bDeFragRx) { | |
905 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
906 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
907 | pDevice->dev->name); | |
908 | } | |
909 | } | |
910 | //2008-0409-07, <Add> by Einsn Liu | |
911 | #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT | |
912 | //send event to wpa_supplicant | |
913 | //if(pDevice->bWPASuppWextEnabled == TRUE) | |
914 | { | |
915 | union iwreq_data wrqu; | |
916 | struct iw_michaelmicfailure ev; | |
917 | int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits | |
918 | memset(&ev, 0, sizeof(ev)); | |
919 | ev.flags = keyidx & IW_MICFAILURE_KEY_ID; | |
920 | if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && | |
921 | (pMgmt->eCurrState == WMAC_STATE_ASSOC) && | |
922 | (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { | |
923 | ev.flags |= IW_MICFAILURE_PAIRWISE; | |
924 | } else { | |
925 | ev.flags |= IW_MICFAILURE_GROUP; | |
926 | } | |
927 | ||
928 | ev.src_addr.sa_family = ARPHRD_ETHER; | |
929 | memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); | |
930 | memset(&wrqu, 0, sizeof(wrqu)); | |
931 | wrqu.data.length = sizeof(ev); | |
932 | PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n"); | |
933 | wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); | |
934 | ||
935 | } | |
936 | #endif | |
937 | ||
938 | ||
939 | if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) { | |
940 | wpahdr = (viawget_wpa_header *)pDevice->skb->data; | |
941 | if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && | |
942 | (pMgmt->eCurrState == WMAC_STATE_ASSOC) && | |
943 | (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { | |
944 | //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR; | |
945 | wpahdr->type = VIAWGET_PTK_MIC_MSG; | |
946 | } else { | |
947 | //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR; | |
948 | wpahdr->type = VIAWGET_GTK_MIC_MSG; | |
949 | } | |
950 | wpahdr->resp_ie_len = 0; | |
951 | wpahdr->req_ie_len = 0; | |
952 | skb_put(pDevice->skb, sizeof(viawget_wpa_header)); | |
953 | pDevice->skb->dev = pDevice->wpadev; | |
d899d403 | 954 | skb_reset_mac_header(pDevice->skb); |
92b96797 FB |
955 | pDevice->skb->pkt_type = PACKET_HOST; |
956 | pDevice->skb->protocol = htons(ETH_P_802_2); | |
957 | memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); | |
958 | netif_rx(pDevice->skb); | |
959 | pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); | |
960 | }; | |
961 | ||
962 | return FALSE; | |
963 | ||
964 | } | |
965 | } | |
966 | } //---end of SOFT MIC----------------------------------------------------------------------- | |
967 | ||
968 | // ++++++++++ Reply Counter Check +++++++++++++ | |
969 | ||
970 | if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || | |
971 | (pKey->byCipherSuite == KEY_CTL_CCMP))) { | |
972 | if (bIsWEP) { | |
973 | WORD wLocalTSC15_0 = 0; | |
974 | DWORD dwLocalTSC47_16 = 0; | |
975 | ULONGLONG RSC = 0; | |
976 | // endian issues | |
977 | RSC = *((ULONGLONG *) &(pKey->KeyRSC)); | |
978 | wLocalTSC15_0 = (WORD) RSC; | |
979 | dwLocalTSC47_16 = (DWORD) (RSC>>16); | |
980 | ||
981 | RSC = dwRxTSC47_16; | |
982 | RSC <<= 16; | |
983 | RSC += wRxTSC15_0; | |
984 | MEMvCopy(&(pKey->KeyRSC), &RSC, sizeof(QWORD)); | |
985 | ||
986 | if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && | |
987 | (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { | |
988 | // check RSC | |
989 | if ( (wRxTSC15_0 < wLocalTSC15_0) && | |
990 | (dwRxTSC47_16 <= dwLocalTSC47_16) && | |
991 | !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { | |
992 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n "); | |
993 | if (pKey->byCipherSuite == KEY_CTL_TKIP) | |
994 | //pDevice->s802_11Counter.TKIPReplays.QuadPart++; | |
995 | pDevice->s802_11Counter.TKIPReplays++; | |
996 | else | |
997 | //pDevice->s802_11Counter.CCMPReplays.QuadPart++; | |
998 | pDevice->s802_11Counter.CCMPReplays++; | |
999 | ||
1000 | if (bDeFragRx) { | |
1001 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
1002 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
1003 | pDevice->dev->name); | |
1004 | } | |
1005 | } | |
1006 | return FALSE; | |
1007 | } | |
1008 | } | |
1009 | } | |
1010 | } // ----- End of Reply Counter Check -------------------------- | |
1011 | ||
1012 | ||
1013 | s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); | |
1014 | FrameSize -= cbHeaderOffset; | |
1015 | cbHeaderOffset += 8; // 8 is Rcv buffer header | |
1016 | ||
1017 | // Null data, framesize = 12 | |
1018 | if (FrameSize < 12) | |
1019 | return FALSE; | |
1020 | ||
1021 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
1022 | if (s_bAPModeRxData(pDevice, | |
1023 | skb, | |
1024 | FrameSize, | |
1025 | cbHeaderOffset, | |
1026 | iSANodeIndex, | |
1027 | iDANodeIndex | |
1028 | ) == FALSE) { | |
1029 | ||
1030 | if (bDeFragRx) { | |
1031 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
1032 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
1033 | pDevice->dev->name); | |
1034 | } | |
1035 | } | |
1036 | return FALSE; | |
1037 | } | |
1038 | ||
1039 | } | |
1040 | ||
1041 | skb->data += cbHeaderOffset; | |
1042 | skb->tail += cbHeaderOffset; | |
1043 | skb_put(skb, FrameSize); | |
1044 | skb->protocol=eth_type_trans(skb, skb->dev); | |
1045 | skb->ip_summed=CHECKSUM_NONE; | |
1046 | pStats->rx_bytes +=skb->len; | |
1047 | pStats->rx_packets++; | |
1048 | netif_rx(skb); | |
1049 | if (bDeFragRx) { | |
1050 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
1051 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
1052 | pDevice->dev->name); | |
1053 | } | |
1054 | return FALSE; | |
1055 | } | |
1056 | ||
1057 | return TRUE; | |
1058 | } | |
1059 | ||
1060 | ||
1061 | static BOOL s_bAPModeRxCtl ( | |
1062 | IN PSDevice pDevice, | |
1063 | IN PBYTE pbyFrame, | |
1064 | IN INT iSANodeIndex | |
1065 | ) | |
1066 | { | |
1067 | PS802_11Header p802_11Header; | |
1068 | CMD_STATUS Status; | |
1069 | PSMgmtObject pMgmt = &(pDevice->sMgmtObj); | |
1070 | ||
1071 | ||
1072 | if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { | |
1073 | ||
1074 | p802_11Header = (PS802_11Header) (pbyFrame); | |
1075 | if (!IS_TYPE_MGMT(pbyFrame)) { | |
1076 | ||
1077 | // Data & PS-Poll packet | |
1078 | // check frame class | |
1079 | if (iSANodeIndex > 0) { | |
1080 | // frame class 3 fliter & checking | |
1081 | if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { | |
1082 | // send deauth notification | |
1083 | // reason = (6) class 2 received from nonauth sta | |
1084 | vMgrDeAuthenBeginSta(pDevice, | |
1085 | pMgmt, | |
1086 | (PBYTE)(p802_11Header->abyAddr2), | |
1087 | (WLAN_MGMT_REASON_CLASS2_NONAUTH), | |
1088 | &Status | |
1089 | ); | |
1090 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); | |
1091 | return TRUE; | |
1092 | }; | |
1093 | if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { | |
1094 | // send deassoc notification | |
1095 | // reason = (7) class 3 received from nonassoc sta | |
1096 | vMgrDisassocBeginSta(pDevice, | |
1097 | pMgmt, | |
1098 | (PBYTE)(p802_11Header->abyAddr2), | |
1099 | (WLAN_MGMT_REASON_CLASS3_NONASSOC), | |
1100 | &Status | |
1101 | ); | |
1102 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); | |
1103 | return TRUE; | |
1104 | }; | |
1105 | ||
1106 | if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { | |
1107 | // delcare received ps-poll event | |
1108 | if (IS_CTL_PSPOLL(pbyFrame)) { | |
1109 | pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; | |
1110 | bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL); | |
1111 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); | |
1112 | } | |
1113 | else { | |
1114 | // check Data PS state | |
1115 | // if PW bit off, send out all PS bufferring packets. | |
1116 | if (!IS_FC_POWERMGT(pbyFrame)) { | |
1117 | pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; | |
1118 | pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; | |
1119 | bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL); | |
1120 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); | |
1121 | } | |
1122 | } | |
1123 | } | |
1124 | else { | |
1125 | if (IS_FC_POWERMGT(pbyFrame)) { | |
1126 | pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE; | |
1127 | // Once if STA in PS state, enable multicast bufferring | |
1128 | pMgmt->sNodeDBTable[0].bPSEnable = TRUE; | |
1129 | } | |
1130 | else { | |
1131 | // clear all pending PS frame. | |
1132 | if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { | |
1133 | pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; | |
1134 | pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; | |
1135 | bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL); | |
1136 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); | |
1137 | ||
1138 | } | |
1139 | } | |
1140 | } | |
1141 | } | |
1142 | else { | |
1143 | vMgrDeAuthenBeginSta(pDevice, | |
1144 | pMgmt, | |
1145 | (PBYTE)(p802_11Header->abyAddr2), | |
1146 | (WLAN_MGMT_REASON_CLASS2_NONAUTH), | |
1147 | &Status | |
1148 | ); | |
1149 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); | |
1150 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n", | |
1151 | p802_11Header->abyAddr3[0], | |
1152 | p802_11Header->abyAddr3[1], | |
1153 | p802_11Header->abyAddr3[2], | |
1154 | p802_11Header->abyAddr3[3], | |
1155 | p802_11Header->abyAddr3[4], | |
1156 | p802_11Header->abyAddr3[5] | |
1157 | ); | |
1158 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n", | |
1159 | p802_11Header->abyAddr2[0], | |
1160 | p802_11Header->abyAddr2[1], | |
1161 | p802_11Header->abyAddr2[2], | |
1162 | p802_11Header->abyAddr2[3], | |
1163 | p802_11Header->abyAddr2[4], | |
1164 | p802_11Header->abyAddr2[5] | |
1165 | ); | |
1166 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n", | |
1167 | p802_11Header->abyAddr1[0], | |
1168 | p802_11Header->abyAddr1[1], | |
1169 | p802_11Header->abyAddr1[2], | |
1170 | p802_11Header->abyAddr1[3], | |
1171 | p802_11Header->abyAddr1[4], | |
1172 | p802_11Header->abyAddr1[5] | |
1173 | ); | |
1174 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl ); | |
1175 | return TRUE; | |
1176 | } | |
1177 | } | |
1178 | } | |
1179 | return FALSE; | |
1180 | ||
1181 | } | |
1182 | ||
1183 | static BOOL s_bHandleRxEncryption ( | |
1184 | IN PSDevice pDevice, | |
1185 | IN PBYTE pbyFrame, | |
1186 | IN UINT FrameSize, | |
1187 | IN PBYTE pbyRsr, | |
1188 | OUT PBYTE pbyNewRsr, | |
1189 | OUT PSKeyItem *pKeyOut, | |
193a823c | 1190 | int * pbExtIV, |
92b96797 FB |
1191 | OUT PWORD pwRxTSC15_0, |
1192 | OUT PDWORD pdwRxTSC47_16 | |
1193 | ) | |
1194 | { | |
1195 | UINT PayloadLen = FrameSize; | |
1196 | PBYTE pbyIV; | |
1197 | BYTE byKeyIdx; | |
1198 | PSKeyItem pKey = NULL; | |
1199 | BYTE byDecMode = KEY_CTL_WEP; | |
1200 | PSMgmtObject pMgmt = &(pDevice->sMgmtObj); | |
1201 | ||
1202 | ||
1203 | *pwRxTSC15_0 = 0; | |
1204 | *pdwRxTSC47_16 = 0; | |
1205 | ||
1206 | pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; | |
1207 | if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && | |
1208 | WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { | |
1209 | pbyIV += 6; // 6 is 802.11 address4 | |
1210 | PayloadLen -= 6; | |
1211 | } | |
1212 | byKeyIdx = (*(pbyIV+3) & 0xc0); | |
1213 | byKeyIdx >>= 6; | |
1214 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); | |
1215 | ||
1216 | if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || | |
1217 | (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || | |
1218 | (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || | |
1219 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || | |
1220 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { | |
1221 | if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && | |
1222 | (pMgmt->byCSSPK != KEY_CTL_NONE)) { | |
1223 | // unicast pkt use pairwise key | |
1224 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n"); | |
1225 | if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) { | |
1226 | if (pMgmt->byCSSPK == KEY_CTL_TKIP) | |
1227 | byDecMode = KEY_CTL_TKIP; | |
1228 | else if (pMgmt->byCSSPK == KEY_CTL_CCMP) | |
1229 | byDecMode = KEY_CTL_CCMP; | |
1230 | } | |
1231 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey); | |
1232 | } else { | |
1233 | // use group key | |
1234 | KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); | |
1235 | if (pMgmt->byCSSGK == KEY_CTL_TKIP) | |
1236 | byDecMode = KEY_CTL_TKIP; | |
1237 | else if (pMgmt->byCSSGK == KEY_CTL_CCMP) | |
1238 | byDecMode = KEY_CTL_CCMP; | |
1239 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); | |
1240 | } | |
1241 | } | |
1242 | // our WEP only support Default Key | |
1243 | if (pKey == NULL) { | |
1244 | // use default group key | |
1245 | KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); | |
1246 | if (pMgmt->byCSSGK == KEY_CTL_TKIP) | |
1247 | byDecMode = KEY_CTL_TKIP; | |
1248 | else if (pMgmt->byCSSGK == KEY_CTL_CCMP) | |
1249 | byDecMode = KEY_CTL_CCMP; | |
1250 | } | |
1251 | *pKeyOut = pKey; | |
1252 | ||
1253 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode); | |
1254 | ||
1255 | if (pKey == NULL) { | |
1256 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n"); | |
1257 | if (byDecMode == KEY_CTL_WEP) { | |
1258 | // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; | |
1259 | } else if (pDevice->bLinkPass == TRUE) { | |
1260 | // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; | |
1261 | } | |
1262 | return FALSE; | |
1263 | } | |
1264 | if (byDecMode != pKey->byCipherSuite) { | |
1265 | if (byDecMode == KEY_CTL_WEP) { | |
1266 | // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; | |
1267 | } else if (pDevice->bLinkPass == TRUE) { | |
1268 | // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; | |
1269 | } | |
1270 | *pKeyOut = NULL; | |
1271 | return FALSE; | |
1272 | } | |
1273 | if (byDecMode == KEY_CTL_WEP) { | |
1274 | // handle WEP | |
1275 | if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || | |
1276 | (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) { | |
1277 | // Software WEP | |
1278 | // 1. 3253A | |
1279 | // 2. WEP 256 | |
1280 | ||
1281 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc | |
1282 | MEMvCopy(pDevice->abyPRNG, pbyIV, 3); | |
1283 | MEMvCopy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); | |
1284 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); | |
1285 | rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); | |
1286 | ||
1287 | if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { | |
1288 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1289 | } | |
1290 | } | |
1291 | } else if ((byDecMode == KEY_CTL_TKIP) || | |
1292 | (byDecMode == KEY_CTL_CCMP)) { | |
1293 | // TKIP/AES | |
1294 | ||
1295 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc | |
1296 | *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); | |
1297 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); | |
1298 | if (byDecMode == KEY_CTL_TKIP) { | |
1299 | *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); | |
1300 | } else { | |
1301 | *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); | |
1302 | } | |
1303 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); | |
1304 | ||
1305 | if ((byDecMode == KEY_CTL_TKIP) && | |
1306 | (pDevice->byLocalID <= REV_ID_VT3253_A1)) { | |
1307 | // Software TKIP | |
1308 | // 1. 3253 A | |
1309 | PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame); | |
1310 | TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); | |
1311 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); | |
1312 | rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); | |
1313 | if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { | |
1314 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1315 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); | |
1316 | } else { | |
1317 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); | |
1318 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); | |
1319 | } | |
1320 | } | |
1321 | }// end of TKIP/AES | |
1322 | ||
1323 | if ((*(pbyIV+3) & 0x20) != 0) | |
1324 | *pbExtIV = TRUE; | |
1325 | return TRUE; | |
1326 | } | |
1327 | ||
1328 | ||
1329 | static BOOL s_bHostWepRxEncryption ( | |
1330 | IN PSDevice pDevice, | |
1331 | IN PBYTE pbyFrame, | |
1332 | IN UINT FrameSize, | |
1333 | IN PBYTE pbyRsr, | |
1334 | IN BOOL bOnFly, | |
1335 | IN PSKeyItem pKey, | |
1336 | OUT PBYTE pbyNewRsr, | |
193a823c | 1337 | int * pbExtIV, |
92b96797 FB |
1338 | OUT PWORD pwRxTSC15_0, |
1339 | OUT PDWORD pdwRxTSC47_16 | |
1340 | ) | |
1341 | { | |
1342 | PSMgmtObject pMgmt = &(pDevice->sMgmtObj); | |
1343 | UINT PayloadLen = FrameSize; | |
1344 | PBYTE pbyIV; | |
1345 | BYTE byKeyIdx; | |
1346 | BYTE byDecMode = KEY_CTL_WEP; | |
1347 | PS802_11Header pMACHeader; | |
1348 | ||
1349 | ||
1350 | ||
1351 | *pwRxTSC15_0 = 0; | |
1352 | *pdwRxTSC47_16 = 0; | |
1353 | ||
1354 | pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; | |
1355 | if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && | |
1356 | WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { | |
1357 | pbyIV += 6; // 6 is 802.11 address4 | |
1358 | PayloadLen -= 6; | |
1359 | } | |
1360 | byKeyIdx = (*(pbyIV+3) & 0xc0); | |
1361 | byKeyIdx >>= 6; | |
1362 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); | |
1363 | ||
1364 | ||
1365 | if (pMgmt->byCSSGK == KEY_CTL_TKIP) | |
1366 | byDecMode = KEY_CTL_TKIP; | |
1367 | else if (pMgmt->byCSSGK == KEY_CTL_CCMP) | |
1368 | byDecMode = KEY_CTL_CCMP; | |
1369 | ||
1370 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode); | |
1371 | ||
1372 | if (byDecMode != pKey->byCipherSuite) { | |
1373 | if (byDecMode == KEY_CTL_WEP) { | |
1374 | // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; | |
1375 | } else if (pDevice->bLinkPass == TRUE) { | |
1376 | // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; | |
1377 | } | |
1378 | return FALSE; | |
1379 | } | |
1380 | ||
1381 | if (byDecMode == KEY_CTL_WEP) { | |
1382 | // handle WEP | |
1383 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n"); | |
1384 | if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || | |
1385 | (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) || | |
1386 | (bOnFly == FALSE)) { | |
1387 | // Software WEP | |
1388 | // 1. 3253A | |
1389 | // 2. WEP 256 | |
1390 | // 3. NotOnFly | |
1391 | ||
1392 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc | |
1393 | MEMvCopy(pDevice->abyPRNG, pbyIV, 3); | |
1394 | MEMvCopy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); | |
1395 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); | |
1396 | rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); | |
1397 | ||
1398 | if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { | |
1399 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1400 | } | |
1401 | } | |
1402 | } else if ((byDecMode == KEY_CTL_TKIP) || | |
1403 | (byDecMode == KEY_CTL_CCMP)) { | |
1404 | // TKIP/AES | |
1405 | ||
1406 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc | |
1407 | *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); | |
1408 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); | |
1409 | ||
1410 | if (byDecMode == KEY_CTL_TKIP) { | |
1411 | *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); | |
1412 | } else { | |
1413 | *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); | |
1414 | } | |
1415 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); | |
1416 | ||
1417 | if (byDecMode == KEY_CTL_TKIP) { | |
1418 | ||
1419 | if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) { | |
1420 | // Software TKIP | |
1421 | // 1. 3253 A | |
1422 | // 2. NotOnFly | |
1423 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n"); | |
1424 | pMACHeader = (PS802_11Header) (pbyFrame); | |
1425 | TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); | |
1426 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); | |
1427 | rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); | |
1428 | if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { | |
1429 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1430 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); | |
1431 | } else { | |
1432 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); | |
1433 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); | |
1434 | } | |
1435 | } | |
1436 | } | |
1437 | ||
1438 | if (byDecMode == KEY_CTL_CCMP) { | |
1439 | if (bOnFly == FALSE) { | |
1440 | // Software CCMP | |
1441 | // NotOnFly | |
1442 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n"); | |
1443 | if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) { | |
1444 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1445 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n"); | |
1446 | } else { | |
1447 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n"); | |
1448 | } | |
1449 | } | |
1450 | } | |
1451 | ||
1452 | }// end of TKIP/AES | |
1453 | ||
1454 | if ((*(pbyIV+3) & 0x20) != 0) | |
1455 | *pbExtIV = TRUE; | |
1456 | return TRUE; | |
1457 | } | |
1458 | ||
1459 | ||
1460 | ||
1461 | static BOOL s_bAPModeRxData ( | |
1462 | IN PSDevice pDevice, | |
1463 | IN struct sk_buff* skb, | |
1464 | IN UINT FrameSize, | |
1465 | IN UINT cbHeaderOffset, | |
1466 | IN INT iSANodeIndex, | |
1467 | IN INT iDANodeIndex | |
1468 | ) | |
1469 | ||
1470 | { | |
1471 | PSMgmtObject pMgmt = &(pDevice->sMgmtObj); | |
1472 | BOOL bRelayAndForward = FALSE; | |
1473 | BOOL bRelayOnly = FALSE; | |
1474 | BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80}; | |
1475 | WORD wAID; | |
1476 | ||
1477 | ||
1478 | struct sk_buff* skbcpy = NULL; | |
1479 | ||
1480 | if (FrameSize > CB_MAX_BUF_SIZE) | |
1481 | return FALSE; | |
1482 | // check DA | |
1483 | if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) { | |
1484 | if (pMgmt->sNodeDBTable[0].bPSEnable) { | |
1485 | ||
1486 | skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz); | |
1487 | ||
1488 | // if any node in PS mode, buffer packet until DTIM. | |
1489 | if (skbcpy == NULL) { | |
1490 | DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n"); | |
1491 | } | |
1492 | else { | |
1493 | skbcpy->dev = pDevice->dev; | |
1494 | skbcpy->len = FrameSize; | |
1495 | memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize); | |
1496 | skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy); | |
1497 | pMgmt->sNodeDBTable[0].wEnQueueCnt++; | |
1498 | // set tx map | |
1499 | pMgmt->abyPSTxMap[0] |= byMask[0]; | |
1500 | } | |
1501 | } | |
1502 | else { | |
1503 | bRelayAndForward = TRUE; | |
1504 | } | |
1505 | } | |
1506 | else { | |
1507 | // check if relay | |
1508 | if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) { | |
1509 | if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) { | |
1510 | if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) { | |
1511 | // queue this skb until next PS tx, and then release. | |
1512 | ||
1513 | skb->data += cbHeaderOffset; | |
1514 | skb->tail += cbHeaderOffset; | |
1515 | skb_put(skb, FrameSize); | |
1516 | skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb); | |
1517 | ||
1518 | pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++; | |
1519 | wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID; | |
1520 | pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7]; | |
1521 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n", | |
1522 | iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]); | |
1523 | return TRUE; | |
1524 | } | |
1525 | else { | |
1526 | bRelayOnly = TRUE; | |
1527 | } | |
1528 | } | |
1529 | }; | |
1530 | } | |
1531 | ||
1532 | if (bRelayOnly || bRelayAndForward) { | |
1533 | // relay this packet right now | |
1534 | if (bRelayAndForward) | |
1535 | iDANodeIndex = 0; | |
1536 | ||
1537 | if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) { | |
1538 | bRelayPacketSend(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex); | |
1539 | } | |
1540 | ||
1541 | if (bRelayOnly) | |
1542 | return FALSE; | |
1543 | } | |
1544 | // none associate, don't forward | |
1545 | if (pDevice->uAssocCount == 0) | |
1546 | return FALSE; | |
1547 | ||
1548 | return TRUE; | |
1549 | } | |
1550 | ||
1551 | ||
1552 | ||
1553 | ||
1554 | VOID | |
1555 | RXvWorkItem( | |
1556 | PVOID Context | |
1557 | ) | |
1558 | { | |
1559 | PSDevice pDevice = (PSDevice) Context; | |
1560 | NTSTATUS ntStatus; | |
1561 | PRCB pRCB=NULL; | |
1562 | ||
1563 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n"); | |
1564 | spin_lock_irq(&pDevice->lock); | |
1565 | while ( MP_TEST_FLAG(pDevice, fMP_POST_READS) && | |
1566 | MP_IS_READY(pDevice) && | |
1567 | (pDevice->NumRecvFreeList != 0) ) { | |
1568 | pRCB = pDevice->FirstRecvFreeList; | |
1569 | pDevice->NumRecvFreeList--; | |
1570 | ASSERT(pRCB);// cannot be NULL | |
1571 | DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList); | |
1572 | ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB); | |
1573 | } | |
1574 | pDevice->bIsRxWorkItemQueued = FALSE; | |
1575 | spin_unlock_irq(&pDevice->lock); | |
1576 | ||
1577 | } | |
1578 | ||
1579 | ||
1580 | VOID | |
1581 | RXvFreeRCB( | |
1582 | IN PRCB pRCB, | |
1583 | IN BOOL bReAllocSkb | |
1584 | ) | |
1585 | { | |
1586 | PSDevice pDevice = (PSDevice)pRCB->pDevice; | |
1587 | ||
1588 | ||
1589 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n"); | |
1590 | ||
1591 | ASSERT(!pRCB->Ref); // should be 0 | |
1592 | ASSERT(pRCB->pDevice); // shouldn't be NULL | |
1593 | ||
1594 | if (bReAllocSkb == TRUE) { | |
1595 | pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); | |
1596 | // todo error handling | |
1597 | if (pRCB->skb == NULL) { | |
1598 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n"); | |
1599 | }else { | |
1600 | pRCB->skb->dev = pDevice->dev; | |
1601 | } | |
1602 | } | |
1603 | // | |
1604 | // Insert the RCB back in the Recv free list | |
1605 | // | |
1606 | EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB); | |
1607 | pDevice->NumRecvFreeList++; | |
1608 | ||
1609 | ||
1610 | if (MP_TEST_FLAG(pDevice, fMP_POST_READS) && MP_IS_READY(pDevice) && | |
1611 | (pDevice->bIsRxWorkItemQueued == FALSE) ) { | |
1612 | ||
1613 | pDevice->bIsRxWorkItemQueued = TRUE; | |
1614 | tasklet_schedule(&pDevice->ReadWorkItem); | |
1615 | } | |
1616 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList); | |
1617 | } | |
1618 | ||
1619 | ||
1620 | VOID | |
1621 | RXvMngWorkItem( | |
1622 | PVOID Context | |
1623 | ) | |
1624 | { | |
1625 | PSDevice pDevice = (PSDevice) Context; | |
1626 | PRCB pRCB=NULL; | |
1627 | PSRxMgmtPacket pRxPacket; | |
1628 | BOOL bReAllocSkb = FALSE; | |
1629 | ||
1630 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n"); | |
1631 | ||
1632 | spin_lock_irq(&pDevice->lock); | |
1633 | while (pDevice->NumRecvMngList!=0) | |
1634 | { | |
1635 | pRCB = pDevice->FirstRecvMngList; | |
1636 | pDevice->NumRecvMngList--; | |
1637 | DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList); | |
1638 | if(!pRCB){ | |
1639 | break; | |
1640 | } | |
1641 | ASSERT(pRCB);// cannot be NULL | |
1642 | pRxPacket = &(pRCB->sMngPacket); | |
1643 | vMgrRxManagePacket((HANDLE)pDevice, &(pDevice->sMgmtObj), pRxPacket); | |
1644 | pRCB->Ref--; | |
1645 | if(pRCB->Ref == 0) { | |
1646 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList); | |
1647 | RXvFreeRCB(pRCB, bReAllocSkb); | |
1648 | } else { | |
1649 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n"); | |
1650 | } | |
1651 | } | |
1652 | ||
1653 | pDevice->bIsRxMngWorkItemQueued = FALSE; | |
1654 | spin_unlock_irq(&pDevice->lock); | |
1655 | ||
1656 | } | |
1657 | ||
1658 |