Commit | Line | Data |
---|---|---|
5449c685 FB |
1 | /* |
2 | * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. | |
3 | * All rights reserved. | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License as published by | |
7 | * the Free Software Foundation; either version 2 of the License, or | |
8 | * (at your option) any later version. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, | |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | * GNU General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU General Public License along | |
16 | * with this program; if not, write to the Free Software Foundation, Inc., | |
17 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
18 | * | |
19 | * File: dpc.c | |
20 | * | |
21 | * Purpose: handle dpc rx functions | |
22 | * | |
23 | * Author: Lyndon Chen | |
24 | * | |
25 | * Date: May 20, 2003 | |
26 | * | |
27 | * Functions: | |
28 | * device_receive_frame - Rcv 802.11 frame function | |
29 | * s_bAPModeRxCtl- AP Rcv frame filer Ctl. | |
30 | * s_bAPModeRxData- AP Rcv data frame handle | |
31 | * s_bHandleRxEncryption- Rcv decrypted data via on-fly | |
32 | * s_bHostWepRxEncryption- Rcv encrypted data via host | |
33 | * s_byGetRateIdx- get rate index | |
34 | * s_vGetDASA- get data offset | |
35 | * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 | |
36 | * | |
37 | * Revision History: | |
38 | * | |
39 | */ | |
40 | ||
5449c685 | 41 | #include "device.h" |
5449c685 | 42 | #include "rxtx.h" |
5449c685 | 43 | #include "tether.h" |
5449c685 | 44 | #include "card.h" |
5449c685 | 45 | #include "bssdb.h" |
5449c685 | 46 | #include "mac.h" |
5449c685 | 47 | #include "baseband.h" |
5449c685 | 48 | #include "michael.h" |
5449c685 | 49 | #include "tkip.h" |
5449c685 | 50 | #include "tcrc.h" |
5449c685 | 51 | #include "wctl.h" |
5449c685 | 52 | #include "wroute.h" |
5449c685 | 53 | #include "hostap.h" |
5449c685 | 54 | #include "rf.h" |
5449c685 | 55 | #include "iowpa.h" |
5449c685 | 56 | #include "aes_ccmp.h" |
5449c685 FB |
57 | |
58 | //#define PLICE_DEBUG | |
59 | ||
60 | ||
61 | /*--------------------- Static Definitions -------------------------*/ | |
62 | ||
63 | /*--------------------- Static Classes ----------------------------*/ | |
64 | ||
65 | /*--------------------- Static Variables --------------------------*/ | |
66 | //static int msglevel =MSG_LEVEL_DEBUG; | |
67 | static int msglevel =MSG_LEVEL_INFO; | |
68 | ||
69 | const BYTE acbyRxRate[MAX_RATE] = | |
70 | {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; | |
71 | ||
72 | ||
73 | /*--------------------- Static Functions --------------------------*/ | |
74 | ||
75 | /*--------------------- Static Definitions -------------------------*/ | |
76 | ||
77 | /*--------------------- Static Functions --------------------------*/ | |
78 | ||
3a215e0f | 79 | static BYTE s_byGetRateIdx(BYTE byRate); |
5449c685 FB |
80 | |
81 | ||
82 | static | |
6b35b7b3 | 83 | void |
5449c685 | 84 | s_vGetDASA( |
3a215e0f | 85 | PBYTE pbyRxBufferAddr, |
3cdec554 CC |
86 | PUINT pcbHeaderSize, |
87 | PSEthernetHeader psEthHeader | |
5449c685 FB |
88 | ); |
89 | ||
90 | static | |
6b35b7b3 | 91 | void |
5449c685 | 92 | s_vProcessRxMACHeader ( |
3a215e0f CC |
93 | PSDevice pDevice, |
94 | PBYTE pbyRxBufferAddr, | |
95 | UINT cbPacketSize, | |
96 | BOOL bIsWEP, | |
97 | BOOL bExtIV, | |
3cdec554 | 98 | PUINT pcbHeadSize |
5449c685 FB |
99 | ); |
100 | ||
101 | static BOOL s_bAPModeRxCtl( | |
3a215e0f CC |
102 | PSDevice pDevice, |
103 | PBYTE pbyFrame, | |
104 | INT iSANodeIndex | |
5449c685 FB |
105 | ); |
106 | ||
5449c685 | 107 | |
612822f5 | 108 | |
5449c685 | 109 | static BOOL s_bAPModeRxData ( |
3a215e0f CC |
110 | PSDevice pDevice, |
111 | struct sk_buff* skb, | |
112 | UINT FrameSize, | |
113 | UINT cbHeaderOffset, | |
114 | INT iSANodeIndex, | |
115 | INT iDANodeIndex | |
5449c685 | 116 | ); |
5449c685 FB |
117 | |
118 | ||
119 | static BOOL s_bHandleRxEncryption( | |
3a215e0f CC |
120 | PSDevice pDevice, |
121 | PBYTE pbyFrame, | |
122 | UINT FrameSize, | |
123 | PBYTE pbyRsr, | |
3cdec554 CC |
124 | PBYTE pbyNewRsr, |
125 | PSKeyItem *pKeyOut, | |
a884847a | 126 | int * pbExtIV, |
3cdec554 CC |
127 | PWORD pwRxTSC15_0, |
128 | PDWORD pdwRxTSC47_16 | |
5449c685 FB |
129 | ); |
130 | ||
131 | static BOOL s_bHostWepRxEncryption( | |
132 | ||
3a215e0f CC |
133 | PSDevice pDevice, |
134 | PBYTE pbyFrame, | |
135 | UINT FrameSize, | |
136 | PBYTE pbyRsr, | |
137 | BOOL bOnFly, | |
138 | PSKeyItem pKey, | |
3cdec554 | 139 | PBYTE pbyNewRsr, |
a884847a | 140 | int * pbExtIV, |
3cdec554 CC |
141 | PWORD pwRxTSC15_0, |
142 | PDWORD pdwRxTSC47_16 | |
5449c685 FB |
143 | |
144 | ); | |
145 | ||
146 | /*--------------------- Export Variables --------------------------*/ | |
147 | ||
148 | /*+ | |
149 | * | |
150 | * Description: | |
151 | * Translate Rcv 802.11 header to 802.3 header with Rx buffer | |
152 | * | |
153 | * Parameters: | |
154 | * In: | |
155 | * pDevice | |
156 | * dwRxBufferAddr - Address of Rcv Buffer | |
157 | * cbPacketSize - Rcv Packet size | |
158 | * bIsWEP - If Rcv with WEP | |
159 | * Out: | |
160 | * pcbHeaderSize - 802.11 header size | |
161 | * | |
162 | * Return Value: None | |
163 | * | |
164 | -*/ | |
165 | static | |
6b35b7b3 | 166 | void |
5449c685 | 167 | s_vProcessRxMACHeader ( |
3a215e0f CC |
168 | PSDevice pDevice, |
169 | PBYTE pbyRxBufferAddr, | |
170 | UINT cbPacketSize, | |
171 | BOOL bIsWEP, | |
172 | BOOL bExtIV, | |
3cdec554 | 173 | PUINT pcbHeadSize |
5449c685 FB |
174 | ) |
175 | { | |
176 | PBYTE pbyRxBuffer; | |
177 | UINT cbHeaderSize = 0; | |
178 | PWORD pwType; | |
179 | PS802_11Header pMACHeader; | |
180 | int ii; | |
181 | ||
182 | ||
183 | pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); | |
184 | ||
185 | s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); | |
186 | ||
187 | if (bIsWEP) { | |
188 | if (bExtIV) { | |
189 | // strip IV&ExtIV , add 8 byte | |
190 | cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); | |
191 | } else { | |
192 | // strip IV , add 4 byte | |
193 | cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); | |
194 | } | |
195 | } | |
196 | else { | |
197 | cbHeaderSize += WLAN_HDR_ADDR3_LEN; | |
198 | }; | |
199 | ||
200 | pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); | |
201 | if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) { | |
202 | cbHeaderSize += 6; | |
203 | } | |
204 | else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) { | |
205 | cbHeaderSize += 6; | |
206 | pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); | |
207 | if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) { | |
208 | } | |
209 | else { | |
210 | cbHeaderSize -= 8; | |
211 | pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); | |
212 | if (bIsWEP) { | |
213 | if (bExtIV) { | |
214 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV | |
215 | } else { | |
216 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV | |
217 | } | |
218 | } | |
219 | else { | |
220 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); | |
221 | } | |
222 | } | |
223 | } | |
224 | else { | |
225 | cbHeaderSize -= 2; | |
226 | pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); | |
227 | if (bIsWEP) { | |
228 | if (bExtIV) { | |
229 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV | |
230 | } else { | |
231 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV | |
232 | } | |
233 | } | |
234 | else { | |
235 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); | |
236 | } | |
237 | } | |
238 | ||
078b078f | 239 | cbHeaderSize -= (ETH_ALEN * 2); |
5449c685 | 240 | pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); |
078b078f | 241 | for(ii=0;ii<ETH_ALEN;ii++) |
5449c685 | 242 | *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; |
078b078f | 243 | for(ii=0;ii<ETH_ALEN;ii++) |
5449c685 FB |
244 | *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; |
245 | ||
246 | *pcbHeadSize = cbHeaderSize; | |
247 | } | |
248 | ||
249 | ||
250 | ||
251 | ||
3a215e0f | 252 | static BYTE s_byGetRateIdx (BYTE byRate) |
5449c685 FB |
253 | { |
254 | BYTE byRateIdx; | |
255 | ||
256 | for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) { | |
257 | if (acbyRxRate[byRateIdx%MAX_RATE] == byRate) | |
258 | return byRateIdx; | |
259 | } | |
260 | return 0; | |
261 | } | |
262 | ||
263 | ||
264 | static | |
6b35b7b3 | 265 | void |
5449c685 | 266 | s_vGetDASA ( |
3a215e0f | 267 | PBYTE pbyRxBufferAddr, |
3cdec554 CC |
268 | PUINT pcbHeaderSize, |
269 | PSEthernetHeader psEthHeader | |
5449c685 FB |
270 | ) |
271 | { | |
272 | UINT cbHeaderSize = 0; | |
273 | PS802_11Header pMACHeader; | |
274 | int ii; | |
275 | ||
276 | pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); | |
277 | ||
278 | if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { | |
279 | if (pMACHeader->wFrameCtl & FC_FROMDS) { | |
078b078f | 280 | for(ii=0;ii<ETH_ALEN;ii++) { |
5449c685 FB |
281 | psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; |
282 | psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii]; | |
283 | } | |
284 | } | |
285 | else { | |
286 | // IBSS mode | |
078b078f | 287 | for(ii=0;ii<ETH_ALEN;ii++) { |
5449c685 FB |
288 | psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; |
289 | psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; | |
290 | } | |
291 | } | |
292 | } | |
293 | else { | |
294 | // Is AP mode.. | |
295 | if (pMACHeader->wFrameCtl & FC_FROMDS) { | |
078b078f | 296 | for(ii=0;ii<ETH_ALEN;ii++) { |
5449c685 FB |
297 | psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; |
298 | psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii]; | |
299 | cbHeaderSize += 6; | |
300 | } | |
301 | } | |
302 | else { | |
078b078f | 303 | for(ii=0;ii<ETH_ALEN;ii++) { |
5449c685 FB |
304 | psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; |
305 | psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; | |
306 | } | |
307 | } | |
308 | }; | |
309 | *pcbHeaderSize = cbHeaderSize; | |
310 | } | |
311 | ||
312 | ||
313 | ||
314 | ||
315 | //PLICE_DEBUG -> | |
316 | ||
830a619c | 317 | void MngWorkItem(void *Context) |
5449c685 FB |
318 | { |
319 | PSRxMgmtPacket pRxMgmtPacket; | |
320 | PSDevice pDevice = (PSDevice) Context; | |
321 | //printk("Enter MngWorkItem,Queue packet num is %d\n",pDevice->rxManeQueue.packet_num); | |
322 | spin_lock_irq(&pDevice->lock); | |
323 | while(pDevice->rxManeQueue.packet_num != 0) | |
324 | { | |
325 | pRxMgmtPacket = DeQueue(pDevice); | |
326 | vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket); | |
327 | } | |
328 | spin_unlock_irq(&pDevice->lock); | |
329 | } | |
330 | ||
331 | ||
332 | //PLICE_DEBUG<- | |
333 | ||
334 | ||
335 | ||
336 | BOOL | |
337 | device_receive_frame ( | |
3a215e0f CC |
338 | PSDevice pDevice, |
339 | PSRxDesc pCurrRD | |
5449c685 FB |
340 | ) |
341 | { | |
342 | ||
343 | PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo; | |
344 | #ifdef PLICE_DEBUG | |
345 | //printk("device_receive_frame:pCurrRD is %x,pRDInfo is %x\n",pCurrRD,pCurrRD->pRDInfo); | |
346 | #endif | |
347 | struct net_device_stats* pStats=&pDevice->stats; | |
5449c685 | 348 | struct sk_buff* skb; |
5449c685 FB |
349 | PSMgmtObject pMgmt = pDevice->pMgmt; |
350 | PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket); | |
351 | PS802_11Header p802_11Header; | |
352 | PBYTE pbyRsr; | |
353 | PBYTE pbyNewRsr; | |
354 | PBYTE pbyRSSI; | |
355 | PQWORD pqwTSFTime; | |
356 | PWORD pwFrameSize; | |
357 | PBYTE pbyFrame; | |
358 | BOOL bDeFragRx = FALSE; | |
359 | BOOL bIsWEP = FALSE; | |
360 | UINT cbHeaderOffset; | |
361 | UINT FrameSize; | |
362 | WORD wEtherType = 0; | |
363 | INT iSANodeIndex = -1; | |
364 | INT iDANodeIndex = -1; | |
365 | UINT ii; | |
366 | UINT cbIVOffset; | |
367 | BOOL bExtIV = FALSE; | |
368 | PBYTE pbyRxSts; | |
369 | PBYTE pbyRxRate; | |
370 | PBYTE pbySQ; | |
371 | UINT cbHeaderSize; | |
372 | PSKeyItem pKey = NULL; | |
373 | WORD wRxTSC15_0 = 0; | |
374 | DWORD dwRxTSC47_16 = 0; | |
375 | SKeyItem STempKey; | |
376 | // 802.11h RPI | |
377 | DWORD dwDuration = 0; | |
378 | LONG ldBm = 0; | |
379 | LONG ldBmThreshold = 0; | |
380 | PS802_11Header pMACHeader; | |
381 | BOOL bRxeapol_key = FALSE; | |
382 | ||
7e809a9b | 383 | // DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- device_receive_frame---\n"); |
5449c685 FB |
384 | |
385 | skb = pRDInfo->skb; | |
5449c685 FB |
386 | |
387 | ||
388 | //PLICE_DEBUG-> | |
389 | #if 1 | |
390 | pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma, | |
391 | pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE); | |
392 | #endif | |
393 | //PLICE_DEBUG<- | |
394 | pwFrameSize = (PWORD)(skb->data + 2); | |
395 | FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount); | |
396 | ||
397 | // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR | |
398 | // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR | |
399 | if ((FrameSize > 2364)||(FrameSize <= 32)) { | |
400 | // Frame Size error drop this packet. | |
7e809a9b | 401 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n"); |
5449c685 FB |
402 | return FALSE; |
403 | } | |
404 | ||
405 | pbyRxSts = (PBYTE) (skb->data); | |
406 | pbyRxRate = (PBYTE) (skb->data + 1); | |
407 | pbyRsr = (PBYTE) (skb->data + FrameSize - 1); | |
408 | pbyRSSI = (PBYTE) (skb->data + FrameSize - 2); | |
409 | pbyNewRsr = (PBYTE) (skb->data + FrameSize - 3); | |
410 | pbySQ = (PBYTE) (skb->data + FrameSize - 4); | |
411 | pqwTSFTime = (PQWORD) (skb->data + FrameSize - 12); | |
412 | pbyFrame = (PBYTE)(skb->data + 4); | |
413 | ||
414 | // get packet size | |
415 | FrameSize = cpu_to_le16(*pwFrameSize); | |
416 | ||
417 | if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC | |
418 | // Min: 14 bytes ACK | |
7e809a9b | 419 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n"); |
5449c685 FB |
420 | return FALSE; |
421 | } | |
422 | //PLICE_DEBUG-> | |
423 | #if 1 | |
424 | // update receive statistic counter | |
425 | STAvUpdateRDStatCounter(&pDevice->scStatistic, | |
426 | *pbyRsr, | |
427 | *pbyNewRsr, | |
428 | *pbyRxRate, | |
429 | pbyFrame, | |
430 | FrameSize); | |
431 | ||
432 | #endif | |
433 | ||
434 | pMACHeader=(PS802_11Header)((PBYTE) (skb->data)+8); | |
435 | //PLICE_DEBUG<- | |
436 | if (pDevice->bMeasureInProgress == TRUE) { | |
437 | if ((*pbyRsr & RSR_CRCOK) != 0) { | |
438 | pDevice->byBasicMap |= 0x01; | |
439 | } | |
440 | dwDuration = (FrameSize << 4); | |
441 | dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE]; | |
442 | if (*pbyRxRate <= RATE_11M) { | |
256a816b | 443 | if (*pbyRxSts & 0x01) { |
5449c685 FB |
444 | // long preamble |
445 | dwDuration += 192; | |
446 | } else { | |
447 | // short preamble | |
448 | dwDuration += 96; | |
449 | } | |
450 | } else { | |
451 | dwDuration += 16; | |
452 | } | |
453 | RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); | |
454 | ldBmThreshold = -57; | |
455 | for (ii = 7; ii > 0;) { | |
456 | if (ldBm > ldBmThreshold) { | |
457 | break; | |
458 | } | |
459 | ldBmThreshold -= 5; | |
460 | ii--; | |
461 | } | |
462 | pDevice->dwRPIs[ii] += dwDuration; | |
463 | return FALSE; | |
464 | } | |
465 | ||
466 | if (!IS_MULTICAST_ADDRESS(pbyFrame) && !IS_BROADCAST_ADDRESS(pbyFrame)) { | |
467 | if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) (skb->data + 4))) { | |
468 | pDevice->s802_11Counter.FrameDuplicateCount++; | |
469 | return FALSE; | |
470 | } | |
471 | } | |
472 | ||
473 | ||
474 | // Use for TKIP MIC | |
475 | s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader); | |
476 | ||
477 | // filter packet send from myself | |
478 | if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr)) | |
479 | return FALSE; | |
480 | ||
481 | if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { | |
482 | if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { | |
483 | p802_11Header = (PS802_11Header) (pbyFrame); | |
484 | // get SA NodeIndex | |
485 | if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) { | |
5449c685 | 486 | pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; |
5449c685 FB |
487 | pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; |
488 | } | |
489 | } | |
490 | } | |
491 | ||
492 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
493 | if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) { | |
494 | return FALSE; | |
495 | } | |
496 | } | |
612822f5 JL |
497 | |
498 | ||
5449c685 FB |
499 | if (IS_FC_WEP(pbyFrame)) { |
500 | BOOL bRxDecryOK = FALSE; | |
501 | ||
7e809a9b | 502 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n"); |
5449c685 FB |
503 | bIsWEP = TRUE; |
504 | if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { | |
505 | pKey = &STempKey; | |
506 | pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; | |
507 | pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; | |
508 | pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; | |
509 | pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; | |
510 | pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; | |
511 | memcpy(pKey->abyKey, | |
512 | &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], | |
513 | pKey->uKeyLength | |
514 | ); | |
515 | ||
516 | bRxDecryOK = s_bHostWepRxEncryption(pDevice, | |
517 | pbyFrame, | |
518 | FrameSize, | |
519 | pbyRsr, | |
520 | pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, | |
521 | pKey, | |
522 | pbyNewRsr, | |
523 | &bExtIV, | |
524 | &wRxTSC15_0, | |
525 | &dwRxTSC47_16); | |
526 | } else { | |
527 | bRxDecryOK = s_bHandleRxEncryption(pDevice, | |
528 | pbyFrame, | |
529 | FrameSize, | |
530 | pbyRsr, | |
531 | pbyNewRsr, | |
532 | &pKey, | |
533 | &bExtIV, | |
534 | &wRxTSC15_0, | |
535 | &dwRxTSC47_16); | |
536 | } | |
537 | ||
538 | if (bRxDecryOK) { | |
539 | if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { | |
7e809a9b | 540 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n"); |
5449c685 FB |
541 | if ( (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) || |
542 | (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || | |
543 | (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || | |
544 | (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || | |
545 | (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { | |
546 | ||
547 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { | |
548 | pDevice->s802_11Counter.TKIPICVErrors++; | |
549 | } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) { | |
550 | pDevice->s802_11Counter.CCMPDecryptErrors++; | |
551 | } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) { | |
552 | // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++; | |
553 | } | |
554 | } | |
555 | return FALSE; | |
556 | } | |
557 | } else { | |
7e809a9b | 558 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n"); |
5449c685 FB |
559 | return FALSE; |
560 | } | |
561 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) | |
562 | FrameSize -= 8; // Message Integrity Code | |
563 | else | |
564 | FrameSize -= 4; // 4 is ICV | |
565 | } | |
566 | ||
567 | ||
568 | // | |
569 | // RX OK | |
570 | // | |
571 | //remove the CRC length | |
855181f5 | 572 | FrameSize -= ETH_FCS_LEN; |
5449c685 | 573 | |
256a816b | 574 | if (( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address |
5449c685 FB |
575 | (IS_FRAGMENT_PKT((skb->data+4))) |
576 | ) { | |
577 | // defragment | |
578 | bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (skb->data+4), FrameSize, bIsWEP, bExtIV); | |
579 | pDevice->s802_11Counter.ReceivedFragmentCount++; | |
580 | if (bDeFragRx) { | |
581 | // defrag complete | |
5449c685 | 582 | skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; |
5449c685 FB |
583 | FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; |
584 | ||
585 | } | |
586 | else { | |
587 | return FALSE; | |
588 | } | |
589 | } | |
590 | ||
591 | ||
592 | // Management & Control frame Handle | |
593 | if ((IS_TYPE_DATA((skb->data+4))) == FALSE) { | |
594 | // Handle Control & Manage Frame | |
595 | ||
596 | if (IS_TYPE_MGMT((skb->data+4))) { | |
597 | PBYTE pbyData1; | |
598 | PBYTE pbyData2; | |
599 | ||
600 | pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4); | |
601 | pRxPacket->cbMPDULen = FrameSize; | |
602 | pRxPacket->uRSSI = *pbyRSSI; | |
603 | pRxPacket->bySQ = *pbySQ; | |
604 | HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime)); | |
605 | LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime)); | |
606 | if (bIsWEP) { | |
607 | // strip IV | |
608 | pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4); | |
609 | pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4; | |
610 | for (ii = 0; ii < (FrameSize - 4); ii++) { | |
611 | *pbyData1 = *pbyData2; | |
612 | pbyData1++; | |
613 | pbyData2++; | |
614 | } | |
615 | } | |
616 | pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); | |
617 | pRxPacket->byRxChannel = (*pbyRxSts) >> 2; | |
618 | //PLICE_DEBUG-> | |
619 | //EnQueue(pDevice,pRxPacket); | |
620 | ||
621 | #ifdef THREAD | |
622 | EnQueue(pDevice,pRxPacket); | |
623 | ||
624 | //printk("enque time is %x\n",jiffies); | |
625 | //up(&pDevice->mlme_semaphore); | |
626 | //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt); | |
627 | #else | |
628 | ||
629 | #ifdef TASK_LET | |
630 | EnQueue(pDevice,pRxPacket); | |
631 | tasklet_schedule(&pDevice->RxMngWorkItem); | |
632 | #else | |
633 | //printk("RxMan\n"); | |
e64354c0 | 634 | vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); |
5449c685 FB |
635 | //tasklet_schedule(&pDevice->RxMngWorkItem); |
636 | #endif | |
637 | ||
638 | #endif | |
639 | //PLICE_DEBUG<- | |
e64354c0 | 640 | //vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); |
5449c685 FB |
641 | // hostap Deamon handle 802.11 management |
642 | if (pDevice->bEnableHostapd) { | |
643 | skb->dev = pDevice->apdev; | |
5449c685 FB |
644 | skb->data += 4; |
645 | skb->tail += 4; | |
646 | skb_put(skb, FrameSize); | |
db6cb903 | 647 | skb_reset_mac_header(skb); |
5449c685 FB |
648 | skb->pkt_type = PACKET_OTHERHOST; |
649 | skb->protocol = htons(ETH_P_802_2); | |
650 | memset(skb->cb, 0, sizeof(skb->cb)); | |
651 | netif_rx(skb); | |
5449c685 FB |
652 | return TRUE; |
653 | } | |
654 | } | |
655 | else { | |
656 | // Control Frame | |
657 | }; | |
658 | return FALSE; | |
659 | } | |
660 | else { | |
661 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
662 | //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. | |
256a816b | 663 | if ( !(*pbyRsr & RSR_BSSIDOK)) { |
5449c685 FB |
664 | if (bDeFragRx) { |
665 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
7e809a9b | 666 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", |
5449c685 FB |
667 | pDevice->dev->name); |
668 | } | |
669 | } | |
670 | return FALSE; | |
671 | } | |
672 | } | |
673 | else { | |
674 | // discard DATA packet while not associate || BSSID error | |
675 | if ((pDevice->bLinkPass == FALSE) || | |
256a816b | 676 | !(*pbyRsr & RSR_BSSIDOK)) { |
5449c685 FB |
677 | if (bDeFragRx) { |
678 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
7e809a9b | 679 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", |
5449c685 FB |
680 | pDevice->dev->name); |
681 | } | |
682 | } | |
683 | return FALSE; | |
684 | } | |
5449c685 FB |
685 | //mike add:station mode check eapol-key challenge---> |
686 | { | |
687 | BYTE Protocol_Version; //802.1x Authentication | |
688 | BYTE Packet_Type; //802.1x Authentication | |
689 | if (bIsWEP) | |
690 | cbIVOffset = 8; | |
691 | else | |
692 | cbIVOffset = 0; | |
693 | wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | | |
694 | skb->data[cbIVOffset + 8 + 24 + 6 + 1]; | |
695 | Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1]; | |
696 | Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1]; | |
697 | if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header | |
698 | if(((Protocol_Version==1) ||(Protocol_Version==2)) && | |
699 | (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive | |
700 | bRxeapol_key = TRUE; | |
701 | } | |
702 | } | |
703 | } | |
704 | //mike add:station mode check eapol-key challenge<--- | |
705 | } | |
706 | } | |
707 | ||
612822f5 | 708 | |
5449c685 FB |
709 | // Data frame Handle |
710 | ||
612822f5 | 711 | |
5449c685 FB |
712 | if (pDevice->bEnablePSMode) { |
713 | if (IS_FC_MOREDATA((skb->data+4))) { | |
256a816b | 714 | if (*pbyRsr & RSR_ADDROK) { |
5449c685 FB |
715 | //PSbSendPSPOLL((PSDevice)pDevice); |
716 | } | |
717 | } | |
718 | else { | |
719 | if (pDevice->pMgmt->bInTIMWake == TRUE) { | |
720 | pDevice->pMgmt->bInTIMWake = FALSE; | |
721 | } | |
722 | } | |
723 | }; | |
724 | ||
725 | // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps | |
726 | if (pDevice->bDiversityEnable && (FrameSize>50) && | |
727 | (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) && | |
728 | (pDevice->bLinkPass == TRUE)) { | |
729 | //printk("device_receive_frame: RxRate is %d\n",*pbyRxRate); | |
730 | BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); | |
731 | } | |
732 | ||
733 | ||
734 | if (pDevice->byLocalID != REV_ID_VT3253_B1) { | |
735 | pDevice->uCurrRSSI = *pbyRSSI; | |
736 | } | |
737 | pDevice->byCurrSQ = *pbySQ; | |
738 | ||
739 | if ((*pbyRSSI != 0) && | |
740 | (pMgmt->pCurrBSS!=NULL)) { | |
741 | RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); | |
742 | // Moniter if RSSI is too strong. | |
743 | pMgmt->pCurrBSS->byRSSIStatCnt++; | |
744 | pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; | |
745 | pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; | |
746 | for(ii=0;ii<RSSI_STAT_COUNT;ii++) { | |
747 | if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) { | |
748 | pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); | |
749 | } | |
750 | } | |
751 | } | |
752 | ||
753 | // ----------------------------------------------- | |
754 | ||
755 | if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){ | |
756 | BYTE abyMacHdr[24]; | |
757 | ||
758 | // Only 802.1x packet incoming allowed | |
759 | if (bIsWEP) | |
760 | cbIVOffset = 8; | |
761 | else | |
762 | cbIVOffset = 0; | |
763 | wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) | | |
764 | skb->data[cbIVOffset + 4 + 24 + 6 + 1]; | |
765 | ||
7e809a9b | 766 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType); |
5449c685 FB |
767 | if (wEtherType == ETH_P_PAE) { |
768 | skb->dev = pDevice->apdev; | |
769 | ||
770 | if (bIsWEP == TRUE) { | |
771 | // strip IV header(8) | |
772 | memcpy(&abyMacHdr[0], (skb->data + 4), 24); | |
773 | memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24); | |
774 | } | |
5449c685 FB |
775 | skb->data += (cbIVOffset + 4); |
776 | skb->tail += (cbIVOffset + 4); | |
777 | skb_put(skb, FrameSize); | |
db6cb903 | 778 | skb_reset_mac_header(skb); |
5449c685 FB |
779 | |
780 | skb->pkt_type = PACKET_OTHERHOST; | |
781 | skb->protocol = htons(ETH_P_802_2); | |
782 | memset(skb->cb, 0, sizeof(skb->cb)); | |
783 | netif_rx(skb); | |
5449c685 FB |
784 | return TRUE; |
785 | ||
786 | } | |
787 | // check if 802.1x authorized | |
788 | if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) | |
789 | return FALSE; | |
790 | } | |
791 | ||
792 | ||
793 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { | |
794 | if (bIsWEP) { | |
795 | FrameSize -= 8; //MIC | |
796 | } | |
797 | } | |
798 | ||
799 | //-------------------------------------------------------------------------------- | |
800 | // Soft MIC | |
801 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { | |
802 | if (bIsWEP) { | |
803 | PDWORD pdwMIC_L; | |
804 | PDWORD pdwMIC_R; | |
805 | DWORD dwMIC_Priority; | |
806 | DWORD dwMICKey0 = 0, dwMICKey1 = 0; | |
807 | DWORD dwLocalMIC_L = 0; | |
808 | DWORD dwLocalMIC_R = 0; | |
809 | viawget_wpa_header *wpahdr; | |
810 | ||
811 | ||
812 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
813 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); | |
814 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); | |
815 | } | |
816 | else { | |
817 | if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { | |
818 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); | |
819 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); | |
820 | } else if ((pKey->dwKeyIndex & BIT28) == 0) { | |
821 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); | |
822 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); | |
823 | } else { | |
824 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); | |
825 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); | |
826 | } | |
827 | } | |
828 | ||
829 | MIC_vInit(dwMICKey0, dwMICKey1); | |
830 | MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); | |
831 | dwMIC_Priority = 0; | |
832 | MIC_vAppend((PBYTE)&dwMIC_Priority, 4); | |
833 | // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. | |
834 | MIC_vAppend((PBYTE)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8), | |
835 | FrameSize - WLAN_HDR_ADDR3_LEN - 8); | |
836 | MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); | |
837 | MIC_vUnInit(); | |
838 | ||
839 | pdwMIC_L = (PDWORD)(skb->data + 4 + FrameSize); | |
840 | pdwMIC_R = (PDWORD)(skb->data + 4 + FrameSize + 4); | |
841 | //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R)); | |
842 | //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R)); | |
7e809a9b | 843 | //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1); |
5449c685 FB |
844 | |
845 | ||
846 | if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || | |
847 | (pDevice->bRxMICFail == TRUE)) { | |
7e809a9b | 848 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n"); |
5449c685 FB |
849 | pDevice->bRxMICFail = FALSE; |
850 | //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; | |
851 | pDevice->s802_11Counter.TKIPLocalMICFailures++; | |
852 | if (bDeFragRx) { | |
853 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
7e809a9b | 854 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", |
5449c685 FB |
855 | pDevice->dev->name); |
856 | } | |
857 | } | |
612822f5 | 858 | //2008-0409-07, <Add> by Einsn Liu |
5449c685 FB |
859 | #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT |
860 | //send event to wpa_supplicant | |
861 | //if(pDevice->bWPADevEnable == TRUE) | |
612822f5 | 862 | { |
5449c685 FB |
863 | union iwreq_data wrqu; |
864 | struct iw_michaelmicfailure ev; | |
865 | int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits | |
866 | memset(&ev, 0, sizeof(ev)); | |
867 | ev.flags = keyidx & IW_MICFAILURE_KEY_ID; | |
868 | if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && | |
869 | (pMgmt->eCurrState == WMAC_STATE_ASSOC) && | |
870 | (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { | |
871 | ev.flags |= IW_MICFAILURE_PAIRWISE; | |
872 | } else { | |
873 | ev.flags |= IW_MICFAILURE_GROUP; | |
874 | } | |
875 | ||
876 | ev.src_addr.sa_family = ARPHRD_ETHER; | |
877 | memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); | |
878 | memset(&wrqu, 0, sizeof(wrqu)); | |
879 | wrqu.data.length = sizeof(ev); | |
880 | wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); | |
881 | ||
882 | } | |
883 | #endif | |
612822f5 JL |
884 | |
885 | ||
5449c685 FB |
886 | if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) { |
887 | wpahdr = (viawget_wpa_header *)pDevice->skb->data; | |
888 | if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && | |
889 | (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) && | |
890 | (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { | |
891 | //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR; | |
892 | wpahdr->type = VIAWGET_PTK_MIC_MSG; | |
893 | } else { | |
894 | //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR; | |
895 | wpahdr->type = VIAWGET_GTK_MIC_MSG; | |
896 | } | |
897 | wpahdr->resp_ie_len = 0; | |
898 | wpahdr->req_ie_len = 0; | |
899 | skb_put(pDevice->skb, sizeof(viawget_wpa_header)); | |
900 | pDevice->skb->dev = pDevice->wpadev; | |
db6cb903 | 901 | skb_reset_mac_header(pDevice->skb); |
7bb8dc2d | 902 | pDevice->skb->pkt_type = PACKET_HOST; |
5449c685 FB |
903 | pDevice->skb->protocol = htons(ETH_P_802_2); |
904 | memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); | |
905 | netif_rx(pDevice->skb); | |
906 | pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); | |
907 | }; | |
908 | ||
909 | return FALSE; | |
910 | ||
911 | } | |
912 | } | |
913 | } //---end of SOFT MIC----------------------------------------------------------------------- | |
914 | ||
915 | // ++++++++++ Reply Counter Check +++++++++++++ | |
916 | ||
917 | if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || | |
918 | (pKey->byCipherSuite == KEY_CTL_CCMP))) { | |
919 | if (bIsWEP) { | |
920 | WORD wLocalTSC15_0 = 0; | |
921 | DWORD dwLocalTSC47_16 = 0; | |
922 | ULONGLONG RSC = 0; | |
923 | // endian issues | |
924 | RSC = *((ULONGLONG *) &(pKey->KeyRSC)); | |
925 | wLocalTSC15_0 = (WORD) RSC; | |
926 | dwLocalTSC47_16 = (DWORD) (RSC>>16); | |
927 | ||
928 | RSC = dwRxTSC47_16; | |
929 | RSC <<= 16; | |
930 | RSC += wRxTSC15_0; | |
51b6d9c2 | 931 | memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD)); |
5449c685 FB |
932 | |
933 | if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && | |
934 | (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { | |
935 | // check RSC | |
936 | if ( (wRxTSC15_0 < wLocalTSC15_0) && | |
937 | (dwRxTSC47_16 <= dwLocalTSC47_16) && | |
938 | !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { | |
7e809a9b | 939 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n "); |
5449c685 FB |
940 | if (pKey->byCipherSuite == KEY_CTL_TKIP) |
941 | //pDevice->s802_11Counter.TKIPReplays.QuadPart++; | |
942 | pDevice->s802_11Counter.TKIPReplays++; | |
943 | else | |
944 | //pDevice->s802_11Counter.CCMPReplays.QuadPart++; | |
945 | pDevice->s802_11Counter.CCMPReplays++; | |
946 | ||
947 | if (bDeFragRx) { | |
948 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
7e809a9b | 949 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", |
5449c685 FB |
950 | pDevice->dev->name); |
951 | } | |
952 | } | |
953 | return FALSE; | |
954 | } | |
955 | } | |
956 | } | |
957 | } // ----- End of Reply Counter Check -------------------------- | |
958 | ||
959 | ||
960 | ||
961 | if ((pKey != NULL) && (bIsWEP)) { | |
962 | // pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++; | |
963 | } | |
964 | ||
965 | ||
966 | s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); | |
967 | FrameSize -= cbHeaderOffset; | |
968 | cbHeaderOffset += 4; // 4 is Rcv buffer header | |
969 | ||
970 | // Null data, framesize = 14 | |
971 | if (FrameSize < 15) | |
972 | return FALSE; | |
973 | ||
974 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
975 | if (s_bAPModeRxData(pDevice, | |
976 | skb, | |
977 | FrameSize, | |
978 | cbHeaderOffset, | |
979 | iSANodeIndex, | |
980 | iDANodeIndex | |
981 | ) == FALSE) { | |
982 | ||
983 | if (bDeFragRx) { | |
984 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
7e809a9b | 985 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", |
5449c685 FB |
986 | pDevice->dev->name); |
987 | } | |
988 | } | |
989 | return FALSE; | |
990 | } | |
991 | ||
992 | // if(pDevice->bRxMICFail == FALSE) { | |
993 | // for (ii =0; ii < 100; ii++) | |
994 | // printk(" %02x", *(skb->data + ii)); | |
995 | // printk("\n"); | |
996 | // } | |
997 | ||
998 | } | |
999 | ||
5449c685 FB |
1000 | skb->data += cbHeaderOffset; |
1001 | skb->tail += cbHeaderOffset; | |
1002 | skb_put(skb, FrameSize); | |
1003 | skb->protocol=eth_type_trans(skb, skb->dev); | |
5449c685 FB |
1004 | |
1005 | ||
1006 | //drop frame not met IEEE 802.3 | |
1007 | /* | |
1008 | if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) { | |
5449c685 FB |
1009 | if ((skb->protocol==htons(ETH_P_802_3)) && |
1010 | (skb->len!=htons(skb->mac.ethernet->h_proto))) { | |
5449c685 FB |
1011 | pStats->rx_length_errors++; |
1012 | pStats->rx_dropped++; | |
1013 | if (bDeFragRx) { | |
1014 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
7e809a9b | 1015 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", |
5449c685 FB |
1016 | pDevice->dev->name); |
1017 | } | |
1018 | } | |
1019 | return FALSE; | |
1020 | } | |
1021 | } | |
1022 | */ | |
1023 | ||
5449c685 FB |
1024 | skb->ip_summed=CHECKSUM_NONE; |
1025 | pStats->rx_bytes +=skb->len; | |
1026 | pStats->rx_packets++; | |
1027 | netif_rx(skb); | |
5449c685 FB |
1028 | |
1029 | if (bDeFragRx) { | |
1030 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
7e809a9b | 1031 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", |
5449c685 FB |
1032 | pDevice->dev->name); |
1033 | } | |
1034 | return FALSE; | |
1035 | } | |
612822f5 | 1036 | |
5449c685 FB |
1037 | return TRUE; |
1038 | } | |
1039 | ||
1040 | ||
1041 | static BOOL s_bAPModeRxCtl ( | |
3a215e0f CC |
1042 | PSDevice pDevice, |
1043 | PBYTE pbyFrame, | |
1044 | INT iSANodeIndex | |
5449c685 FB |
1045 | ) |
1046 | { | |
1047 | PS802_11Header p802_11Header; | |
1048 | CMD_STATUS Status; | |
1049 | PSMgmtObject pMgmt = pDevice->pMgmt; | |
1050 | ||
1051 | ||
1052 | if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { | |
1053 | ||
1054 | p802_11Header = (PS802_11Header) (pbyFrame); | |
1055 | if (!IS_TYPE_MGMT(pbyFrame)) { | |
1056 | ||
1057 | // Data & PS-Poll packet | |
1058 | // check frame class | |
1059 | if (iSANodeIndex > 0) { | |
1060 | // frame class 3 fliter & checking | |
1061 | if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { | |
1062 | // send deauth notification | |
1063 | // reason = (6) class 2 received from nonauth sta | |
1064 | vMgrDeAuthenBeginSta(pDevice, | |
1065 | pMgmt, | |
1066 | (PBYTE)(p802_11Header->abyAddr2), | |
1067 | (WLAN_MGMT_REASON_CLASS2_NONAUTH), | |
1068 | &Status | |
1069 | ); | |
7e809a9b | 1070 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); |
5449c685 FB |
1071 | return TRUE; |
1072 | }; | |
1073 | if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { | |
1074 | // send deassoc notification | |
1075 | // reason = (7) class 3 received from nonassoc sta | |
1076 | vMgrDisassocBeginSta(pDevice, | |
1077 | pMgmt, | |
1078 | (PBYTE)(p802_11Header->abyAddr2), | |
1079 | (WLAN_MGMT_REASON_CLASS3_NONASSOC), | |
1080 | &Status | |
1081 | ); | |
7e809a9b | 1082 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); |
5449c685 FB |
1083 | return TRUE; |
1084 | }; | |
1085 | ||
1086 | if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { | |
1087 | // delcare received ps-poll event | |
1088 | if (IS_CTL_PSPOLL(pbyFrame)) { | |
1089 | pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; | |
e64354c0 | 1090 | bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); |
7e809a9b | 1091 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); |
5449c685 FB |
1092 | } |
1093 | else { | |
1094 | // check Data PS state | |
1095 | // if PW bit off, send out all PS bufferring packets. | |
1096 | if (!IS_FC_POWERMGT(pbyFrame)) { | |
1097 | pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; | |
1098 | pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; | |
e64354c0 | 1099 | bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); |
7e809a9b | 1100 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); |
5449c685 FB |
1101 | } |
1102 | } | |
1103 | } | |
1104 | else { | |
1105 | if (IS_FC_POWERMGT(pbyFrame)) { | |
1106 | pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE; | |
1107 | // Once if STA in PS state, enable multicast bufferring | |
1108 | pMgmt->sNodeDBTable[0].bPSEnable = TRUE; | |
1109 | } | |
1110 | else { | |
1111 | // clear all pending PS frame. | |
1112 | if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { | |
1113 | pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; | |
1114 | pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; | |
e64354c0 | 1115 | bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); |
7e809a9b | 1116 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); |
5449c685 FB |
1117 | |
1118 | } | |
1119 | } | |
1120 | } | |
1121 | } | |
1122 | else { | |
1123 | vMgrDeAuthenBeginSta(pDevice, | |
1124 | pMgmt, | |
1125 | (PBYTE)(p802_11Header->abyAddr2), | |
1126 | (WLAN_MGMT_REASON_CLASS2_NONAUTH), | |
1127 | &Status | |
1128 | ); | |
7e809a9b JL |
1129 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); |
1130 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n", | |
5449c685 FB |
1131 | p802_11Header->abyAddr3[0], |
1132 | p802_11Header->abyAddr3[1], | |
1133 | p802_11Header->abyAddr3[2], | |
1134 | p802_11Header->abyAddr3[3], | |
1135 | p802_11Header->abyAddr3[4], | |
1136 | p802_11Header->abyAddr3[5] | |
1137 | ); | |
7e809a9b | 1138 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n", |
5449c685 FB |
1139 | p802_11Header->abyAddr2[0], |
1140 | p802_11Header->abyAddr2[1], | |
1141 | p802_11Header->abyAddr2[2], | |
1142 | p802_11Header->abyAddr2[3], | |
1143 | p802_11Header->abyAddr2[4], | |
1144 | p802_11Header->abyAddr2[5] | |
1145 | ); | |
7e809a9b | 1146 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n", |
5449c685 FB |
1147 | p802_11Header->abyAddr1[0], |
1148 | p802_11Header->abyAddr1[1], | |
1149 | p802_11Header->abyAddr1[2], | |
1150 | p802_11Header->abyAddr1[3], | |
1151 | p802_11Header->abyAddr1[4], | |
1152 | p802_11Header->abyAddr1[5] | |
1153 | ); | |
7e809a9b | 1154 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl ); |
5449c685 | 1155 | VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode)); |
7e809a9b | 1156 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode ); |
5449c685 FB |
1157 | return TRUE; |
1158 | } | |
1159 | } | |
1160 | } | |
1161 | return FALSE; | |
1162 | ||
1163 | } | |
1164 | ||
1165 | static BOOL s_bHandleRxEncryption ( | |
3a215e0f CC |
1166 | PSDevice pDevice, |
1167 | PBYTE pbyFrame, | |
1168 | UINT FrameSize, | |
1169 | PBYTE pbyRsr, | |
3cdec554 CC |
1170 | PBYTE pbyNewRsr, |
1171 | PSKeyItem *pKeyOut, | |
a884847a | 1172 | int * pbExtIV, |
3cdec554 CC |
1173 | PWORD pwRxTSC15_0, |
1174 | PDWORD pdwRxTSC47_16 | |
5449c685 FB |
1175 | ) |
1176 | { | |
1177 | UINT PayloadLen = FrameSize; | |
1178 | PBYTE pbyIV; | |
1179 | BYTE byKeyIdx; | |
1180 | PSKeyItem pKey = NULL; | |
1181 | BYTE byDecMode = KEY_CTL_WEP; | |
1182 | PSMgmtObject pMgmt = pDevice->pMgmt; | |
1183 | ||
1184 | ||
1185 | *pwRxTSC15_0 = 0; | |
1186 | *pdwRxTSC47_16 = 0; | |
1187 | ||
1188 | pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; | |
1189 | if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && | |
1190 | WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { | |
1191 | pbyIV += 6; // 6 is 802.11 address4 | |
1192 | PayloadLen -= 6; | |
1193 | } | |
1194 | byKeyIdx = (*(pbyIV+3) & 0xc0); | |
1195 | byKeyIdx >>= 6; | |
7e809a9b | 1196 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); |
5449c685 FB |
1197 | |
1198 | if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || | |
1199 | (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || | |
1200 | (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || | |
1201 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || | |
1202 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { | |
1203 | if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && | |
1204 | (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) { | |
1205 | // unicast pkt use pairwise key | |
7e809a9b | 1206 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n"); |
5449c685 FB |
1207 | if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) { |
1208 | if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP) | |
1209 | byDecMode = KEY_CTL_TKIP; | |
1210 | else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP) | |
1211 | byDecMode = KEY_CTL_CCMP; | |
1212 | } | |
7e809a9b | 1213 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey); |
5449c685 FB |
1214 | } else { |
1215 | // use group key | |
1216 | KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); | |
1217 | if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) | |
1218 | byDecMode = KEY_CTL_TKIP; | |
1219 | else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) | |
1220 | byDecMode = KEY_CTL_CCMP; | |
7e809a9b | 1221 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); |
5449c685 FB |
1222 | } |
1223 | } | |
1224 | // our WEP only support Default Key | |
1225 | if (pKey == NULL) { | |
1226 | // use default group key | |
1227 | KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); | |
1228 | if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) | |
1229 | byDecMode = KEY_CTL_TKIP; | |
1230 | else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) | |
1231 | byDecMode = KEY_CTL_CCMP; | |
1232 | } | |
1233 | *pKeyOut = pKey; | |
1234 | ||
7e809a9b | 1235 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); |
5449c685 FB |
1236 | |
1237 | if (pKey == NULL) { | |
7e809a9b | 1238 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n"); |
5449c685 FB |
1239 | if (byDecMode == KEY_CTL_WEP) { |
1240 | // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; | |
1241 | } else if (pDevice->bLinkPass == TRUE) { | |
1242 | // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; | |
1243 | } | |
1244 | return FALSE; | |
1245 | } | |
1246 | if (byDecMode != pKey->byCipherSuite) { | |
1247 | if (byDecMode == KEY_CTL_WEP) { | |
1248 | // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; | |
1249 | } else if (pDevice->bLinkPass == TRUE) { | |
1250 | // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; | |
1251 | } | |
1252 | *pKeyOut = NULL; | |
1253 | return FALSE; | |
1254 | } | |
1255 | if (byDecMode == KEY_CTL_WEP) { | |
1256 | // handle WEP | |
1257 | if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || | |
1258 | (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) { | |
1259 | // Software WEP | |
1260 | // 1. 3253A | |
1261 | // 2. WEP 256 | |
1262 | ||
1263 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc | |
51b6d9c2 JL |
1264 | memcpy(pDevice->abyPRNG, pbyIV, 3); |
1265 | memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); | |
5449c685 FB |
1266 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); |
1267 | rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); | |
1268 | ||
1269 | if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { | |
1270 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1271 | } | |
1272 | } | |
1273 | } else if ((byDecMode == KEY_CTL_TKIP) || | |
1274 | (byDecMode == KEY_CTL_CCMP)) { | |
1275 | // TKIP/AES | |
1276 | ||
1277 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc | |
1278 | *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); | |
7e809a9b | 1279 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); |
5449c685 FB |
1280 | if (byDecMode == KEY_CTL_TKIP) { |
1281 | *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); | |
1282 | } else { | |
1283 | *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); | |
1284 | } | |
7e809a9b | 1285 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); |
5449c685 FB |
1286 | |
1287 | if ((byDecMode == KEY_CTL_TKIP) && | |
1288 | (pDevice->byLocalID <= REV_ID_VT3253_A1)) { | |
1289 | // Software TKIP | |
1290 | // 1. 3253 A | |
1291 | PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame); | |
1292 | TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); | |
1293 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); | |
1294 | rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); | |
1295 | if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { | |
1296 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
7e809a9b | 1297 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); |
5449c685 | 1298 | } else { |
7e809a9b JL |
1299 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); |
1300 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); | |
5449c685 FB |
1301 | } |
1302 | } | |
1303 | }// end of TKIP/AES | |
1304 | ||
1305 | if ((*(pbyIV+3) & 0x20) != 0) | |
1306 | *pbExtIV = TRUE; | |
1307 | return TRUE; | |
1308 | } | |
1309 | ||
1310 | ||
1311 | static BOOL s_bHostWepRxEncryption ( | |
3a215e0f CC |
1312 | PSDevice pDevice, |
1313 | PBYTE pbyFrame, | |
1314 | UINT FrameSize, | |
1315 | PBYTE pbyRsr, | |
1316 | BOOL bOnFly, | |
1317 | PSKeyItem pKey, | |
3cdec554 | 1318 | PBYTE pbyNewRsr, |
a884847a | 1319 | int * pbExtIV, |
3cdec554 CC |
1320 | PWORD pwRxTSC15_0, |
1321 | PDWORD pdwRxTSC47_16 | |
5449c685 FB |
1322 | ) |
1323 | { | |
1324 | UINT PayloadLen = FrameSize; | |
1325 | PBYTE pbyIV; | |
1326 | BYTE byKeyIdx; | |
1327 | BYTE byDecMode = KEY_CTL_WEP; | |
1328 | PS802_11Header pMACHeader; | |
1329 | ||
1330 | ||
1331 | ||
1332 | *pwRxTSC15_0 = 0; | |
1333 | *pdwRxTSC47_16 = 0; | |
1334 | ||
1335 | pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; | |
1336 | if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && | |
1337 | WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { | |
1338 | pbyIV += 6; // 6 is 802.11 address4 | |
1339 | PayloadLen -= 6; | |
1340 | } | |
1341 | byKeyIdx = (*(pbyIV+3) & 0xc0); | |
1342 | byKeyIdx >>= 6; | |
7e809a9b | 1343 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); |
5449c685 FB |
1344 | |
1345 | ||
1346 | if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) | |
1347 | byDecMode = KEY_CTL_TKIP; | |
1348 | else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) | |
1349 | byDecMode = KEY_CTL_CCMP; | |
1350 | ||
7e809a9b | 1351 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); |
5449c685 FB |
1352 | |
1353 | if (byDecMode != pKey->byCipherSuite) { | |
1354 | if (byDecMode == KEY_CTL_WEP) { | |
1355 | // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; | |
1356 | } else if (pDevice->bLinkPass == TRUE) { | |
1357 | // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; | |
1358 | } | |
1359 | return FALSE; | |
1360 | } | |
1361 | ||
1362 | if (byDecMode == KEY_CTL_WEP) { | |
1363 | // handle WEP | |
7e809a9b | 1364 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n"); |
5449c685 FB |
1365 | if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || |
1366 | (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) || | |
1367 | (bOnFly == FALSE)) { | |
1368 | // Software WEP | |
1369 | // 1. 3253A | |
1370 | // 2. WEP 256 | |
1371 | // 3. NotOnFly | |
1372 | ||
1373 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc | |
51b6d9c2 JL |
1374 | memcpy(pDevice->abyPRNG, pbyIV, 3); |
1375 | memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); | |
5449c685 FB |
1376 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); |
1377 | rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); | |
1378 | ||
1379 | if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { | |
1380 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1381 | } | |
1382 | } | |
1383 | } else if ((byDecMode == KEY_CTL_TKIP) || | |
1384 | (byDecMode == KEY_CTL_CCMP)) { | |
1385 | // TKIP/AES | |
1386 | ||
1387 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc | |
1388 | *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); | |
7e809a9b | 1389 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); |
5449c685 FB |
1390 | |
1391 | if (byDecMode == KEY_CTL_TKIP) { | |
1392 | *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); | |
1393 | } else { | |
1394 | *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); | |
1395 | } | |
7e809a9b | 1396 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); |
5449c685 FB |
1397 | |
1398 | if (byDecMode == KEY_CTL_TKIP) { | |
612822f5 | 1399 | |
5449c685 FB |
1400 | if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) { |
1401 | // Software TKIP | |
1402 | // 1. 3253 A | |
1403 | // 2. NotOnFly | |
7e809a9b | 1404 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n"); |
5449c685 FB |
1405 | pMACHeader = (PS802_11Header) (pbyFrame); |
1406 | TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); | |
1407 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); | |
1408 | rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); | |
1409 | if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { | |
1410 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
7e809a9b | 1411 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); |
5449c685 | 1412 | } else { |
7e809a9b JL |
1413 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); |
1414 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); | |
5449c685 FB |
1415 | } |
1416 | } | |
1417 | } | |
1418 | ||
1419 | if (byDecMode == KEY_CTL_CCMP) { | |
1420 | if (bOnFly == FALSE) { | |
1421 | // Software CCMP | |
1422 | // NotOnFly | |
7e809a9b | 1423 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n"); |
5449c685 FB |
1424 | if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) { |
1425 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
7e809a9b | 1426 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n"); |
5449c685 | 1427 | } else { |
7e809a9b | 1428 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n"); |
5449c685 FB |
1429 | } |
1430 | } | |
1431 | } | |
1432 | ||
1433 | }// end of TKIP/AES | |
1434 | ||
1435 | if ((*(pbyIV+3) & 0x20) != 0) | |
1436 | *pbExtIV = TRUE; | |
1437 | return TRUE; | |
1438 | } | |
1439 | ||
1440 | ||
1441 | ||
5449c685 | 1442 | static BOOL s_bAPModeRxData ( |
3a215e0f CC |
1443 | PSDevice pDevice, |
1444 | struct sk_buff* skb, | |
1445 | UINT FrameSize, | |
1446 | UINT cbHeaderOffset, | |
1447 | INT iSANodeIndex, | |
1448 | INT iDANodeIndex | |
5449c685 | 1449 | ) |
5449c685 FB |
1450 | { |
1451 | PSMgmtObject pMgmt = pDevice->pMgmt; | |
1452 | BOOL bRelayAndForward = FALSE; | |
1453 | BOOL bRelayOnly = FALSE; | |
1454 | BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80}; | |
1455 | WORD wAID; | |
5449c685 FB |
1456 | |
1457 | ||
612822f5 | 1458 | struct sk_buff* skbcpy = NULL; |
5449c685 FB |
1459 | |
1460 | if (FrameSize > CB_MAX_BUF_SIZE) | |
1461 | return FALSE; | |
1462 | // check DA | |
1463 | if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) { | |
1464 | if (pMgmt->sNodeDBTable[0].bPSEnable) { | |
1465 | ||
5449c685 | 1466 | skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz); |
612822f5 | 1467 | |
5449c685 FB |
1468 | // if any node in PS mode, buffer packet until DTIM. |
1469 | if (skbcpy == NULL) { | |
7e809a9b | 1470 | DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n"); |
5449c685 FB |
1471 | } |
1472 | else { | |
1473 | skbcpy->dev = pDevice->dev; | |
5449c685 FB |
1474 | skbcpy->len = FrameSize; |
1475 | memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize); | |
1476 | skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy); | |
612822f5 | 1477 | |
5449c685 FB |
1478 | pMgmt->sNodeDBTable[0].wEnQueueCnt++; |
1479 | // set tx map | |
1480 | pMgmt->abyPSTxMap[0] |= byMask[0]; | |
1481 | } | |
1482 | } | |
1483 | else { | |
1484 | bRelayAndForward = TRUE; | |
1485 | } | |
1486 | } | |
1487 | else { | |
1488 | // check if relay | |
1489 | if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) { | |
1490 | if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) { | |
1491 | if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) { | |
1492 | // queue this skb until next PS tx, and then release. | |
1493 | ||
5449c685 FB |
1494 | skb->data += cbHeaderOffset; |
1495 | skb->tail += cbHeaderOffset; | |
1496 | skb_put(skb, FrameSize); | |
1497 | skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb); | |
5449c685 FB |
1498 | pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++; |
1499 | wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID; | |
1500 | pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7]; | |
7e809a9b | 1501 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n", |
5449c685 FB |
1502 | iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]); |
1503 | return TRUE; | |
1504 | } | |
1505 | else { | |
1506 | bRelayOnly = TRUE; | |
1507 | } | |
1508 | } | |
1509 | }; | |
1510 | } | |
1511 | ||
1512 | if (bRelayOnly || bRelayAndForward) { | |
1513 | // relay this packet right now | |
1514 | if (bRelayAndForward) | |
1515 | iDANodeIndex = 0; | |
1516 | ||
1517 | if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) { | |
1518 | ROUTEbRelay(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex); | |
1519 | } | |
1520 | ||
1521 | if (bRelayOnly) | |
1522 | return FALSE; | |
1523 | } | |
1524 | // none associate, don't forward | |
1525 | if (pDevice->uAssocCount == 0) | |
1526 | return FALSE; | |
1527 | ||
1528 | return TRUE; | |
1529 | } | |
1530 |