Commit | Line | Data |
---|---|---|
92b96797 FB |
1 | /* |
2 | * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. | |
3 | * All rights reserved. | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License as published by | |
7 | * the Free Software Foundation; either version 2 of the License, or | |
8 | * (at your option) any later version. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, | |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | * GNU General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU General Public License along | |
16 | * with this program; if not, write to the Free Software Foundation, Inc., | |
17 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
18 | * | |
19 | * File: dpc.c | |
20 | * | |
21 | * Purpose: handle dpc rx functions | |
22 | * | |
23 | * Author: Lyndon Chen | |
24 | * | |
25 | * Date: May 20, 2003 | |
26 | * | |
27 | * Functions: | |
28 | * device_receive_frame - Rcv 802.11 frame function | |
29 | * s_bAPModeRxCtl- AP Rcv frame filer Ctl. | |
30 | * s_bAPModeRxData- AP Rcv data frame handle | |
31 | * s_bHandleRxEncryption- Rcv decrypted data via on-fly | |
32 | * s_bHostWepRxEncryption- Rcv encrypted data via host | |
33 | * s_byGetRateIdx- get rate index | |
34 | * s_vGetDASA- get data offset | |
35 | * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 | |
36 | * | |
37 | * Revision History: | |
38 | * | |
39 | */ | |
40 | ||
92b96797 | 41 | #include "device.h" |
92b96797 | 42 | #include "rxtx.h" |
92b96797 | 43 | #include "tether.h" |
92b96797 | 44 | #include "card.h" |
92b96797 | 45 | #include "bssdb.h" |
92b96797 | 46 | #include "mac.h" |
92b96797 | 47 | #include "baseband.h" |
92b96797 | 48 | #include "michael.h" |
92b96797 | 49 | #include "tkip.h" |
92b96797 | 50 | #include "tcrc.h" |
92b96797 | 51 | #include "wctl.h" |
92b96797 | 52 | #include "hostap.h" |
92b96797 | 53 | #include "rf.h" |
92b96797 | 54 | #include "iowpa.h" |
92b96797 | 55 | #include "aes_ccmp.h" |
92b96797 | 56 | #include "datarate.h" |
92b96797 | 57 | #include "usbpipe.h" |
92b96797 FB |
58 | |
59 | /*--------------------- Static Definitions -------------------------*/ | |
60 | ||
61 | /*--------------------- Static Classes ----------------------------*/ | |
62 | ||
63 | /*--------------------- Static Variables --------------------------*/ | |
64 | //static int msglevel =MSG_LEVEL_DEBUG; | |
65 | static int msglevel =MSG_LEVEL_INFO; | |
66 | ||
67 | const BYTE acbyRxRate[MAX_RATE] = | |
68 | {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; | |
69 | ||
70 | ||
71 | /*--------------------- Static Functions --------------------------*/ | |
72 | ||
73 | /*--------------------- Static Definitions -------------------------*/ | |
74 | ||
75 | /*--------------------- Static Functions --------------------------*/ | |
76 | ||
592ccfeb | 77 | static BYTE s_byGetRateIdx(BYTE byRate); |
92b96797 FB |
78 | |
79 | static | |
8611a29a | 80 | void |
92b96797 | 81 | s_vGetDASA( |
592ccfeb | 82 | PBYTE pbyRxBufferAddr, |
6f8c13c7 AM |
83 | PUINT pcbHeaderSize, |
84 | PSEthernetHeader psEthHeader | |
92b96797 FB |
85 | ); |
86 | ||
87 | static | |
8611a29a | 88 | void |
92b96797 | 89 | s_vProcessRxMACHeader ( |
592ccfeb AM |
90 | PSDevice pDevice, |
91 | PBYTE pbyRxBufferAddr, | |
cc856e61 | 92 | unsigned int cbPacketSize, |
592ccfeb AM |
93 | BOOL bIsWEP, |
94 | BOOL bExtIV, | |
6f8c13c7 | 95 | PUINT pcbHeadSize |
92b96797 FB |
96 | ); |
97 | ||
98 | static BOOL s_bAPModeRxCtl( | |
592ccfeb AM |
99 | PSDevice pDevice, |
100 | PBYTE pbyFrame, | |
213d2e93 | 101 | signed int iSANodeIndex |
92b96797 FB |
102 | ); |
103 | ||
104 | ||
105 | ||
106 | static BOOL s_bAPModeRxData ( | |
592ccfeb AM |
107 | PSDevice pDevice, |
108 | struct sk_buff *skb, | |
cc856e61 AM |
109 | unsigned int FrameSize, |
110 | unsigned int cbHeaderOffset, | |
213d2e93 AM |
111 | signed int iSANodeIndex, |
112 | signed int iDANodeIndex | |
92b96797 FB |
113 | ); |
114 | ||
115 | ||
116 | static BOOL s_bHandleRxEncryption( | |
592ccfeb AM |
117 | PSDevice pDevice, |
118 | PBYTE pbyFrame, | |
cc856e61 | 119 | unsigned int FrameSize, |
592ccfeb | 120 | PBYTE pbyRsr, |
6f8c13c7 AM |
121 | PBYTE pbyNewRsr, |
122 | PSKeyItem * pKeyOut, | |
193a823c | 123 | int * pbExtIV, |
6f8c13c7 AM |
124 | PWORD pwRxTSC15_0, |
125 | PDWORD pdwRxTSC47_16 | |
92b96797 FB |
126 | ); |
127 | ||
128 | static BOOL s_bHostWepRxEncryption( | |
129 | ||
592ccfeb AM |
130 | PSDevice pDevice, |
131 | PBYTE pbyFrame, | |
cc856e61 | 132 | unsigned int FrameSize, |
592ccfeb AM |
133 | PBYTE pbyRsr, |
134 | BOOL bOnFly, | |
135 | PSKeyItem pKey, | |
6f8c13c7 | 136 | PBYTE pbyNewRsr, |
193a823c | 137 | int * pbExtIV, |
6f8c13c7 AM |
138 | PWORD pwRxTSC15_0, |
139 | PDWORD pdwRxTSC47_16 | |
92b96797 FB |
140 | |
141 | ); | |
142 | ||
143 | /*--------------------- Export Variables --------------------------*/ | |
144 | ||
145 | /*+ | |
146 | * | |
147 | * Description: | |
148 | * Translate Rcv 802.11 header to 802.3 header with Rx buffer | |
149 | * | |
150 | * Parameters: | |
151 | * In: | |
152 | * pDevice | |
153 | * dwRxBufferAddr - Address of Rcv Buffer | |
154 | * cbPacketSize - Rcv Packet size | |
155 | * bIsWEP - If Rcv with WEP | |
156 | * Out: | |
157 | * pcbHeaderSize - 802.11 header size | |
158 | * | |
159 | * Return Value: None | |
160 | * | |
161 | -*/ | |
162 | static | |
8611a29a | 163 | void |
92b96797 | 164 | s_vProcessRxMACHeader ( |
592ccfeb AM |
165 | PSDevice pDevice, |
166 | PBYTE pbyRxBufferAddr, | |
cc856e61 | 167 | unsigned int cbPacketSize, |
592ccfeb AM |
168 | BOOL bIsWEP, |
169 | BOOL bExtIV, | |
6f8c13c7 | 170 | PUINT pcbHeadSize |
92b96797 FB |
171 | ) |
172 | { | |
173 | PBYTE pbyRxBuffer; | |
cc856e61 | 174 | unsigned int cbHeaderSize = 0; |
92b96797 FB |
175 | PWORD pwType; |
176 | PS802_11Header pMACHeader; | |
177 | int ii; | |
178 | ||
179 | ||
180 | pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); | |
181 | ||
182 | s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); | |
183 | ||
184 | if (bIsWEP) { | |
185 | if (bExtIV) { | |
186 | // strip IV&ExtIV , add 8 byte | |
187 | cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); | |
188 | } else { | |
189 | // strip IV , add 4 byte | |
190 | cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); | |
191 | } | |
192 | } | |
193 | else { | |
194 | cbHeaderSize += WLAN_HDR_ADDR3_LEN; | |
195 | }; | |
196 | ||
197 | pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); | |
198 | if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) { | |
199 | cbHeaderSize += 6; | |
200 | } | |
201 | else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) { | |
202 | cbHeaderSize += 6; | |
203 | pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); | |
204 | if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) { | |
205 | } | |
206 | else { | |
207 | cbHeaderSize -= 8; | |
208 | pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); | |
209 | if (bIsWEP) { | |
210 | if (bExtIV) { | |
211 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV | |
212 | } else { | |
213 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV | |
214 | } | |
215 | } | |
216 | else { | |
217 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); | |
218 | } | |
219 | } | |
220 | } | |
221 | else { | |
222 | cbHeaderSize -= 2; | |
223 | pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); | |
224 | if (bIsWEP) { | |
225 | if (bExtIV) { | |
226 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV | |
227 | } else { | |
228 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV | |
229 | } | |
230 | } | |
231 | else { | |
232 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); | |
233 | } | |
234 | } | |
235 | ||
9a0e756c | 236 | cbHeaderSize -= (ETH_ALEN * 2); |
92b96797 | 237 | pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); |
9a0e756c | 238 | for (ii = 0; ii < ETH_ALEN; ii++) |
92b96797 | 239 | *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; |
9a0e756c | 240 | for (ii = 0; ii < ETH_ALEN; ii++) |
92b96797 FB |
241 | *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; |
242 | ||
243 | *pcbHeadSize = cbHeaderSize; | |
244 | } | |
245 | ||
246 | ||
247 | ||
248 | ||
592ccfeb | 249 | static BYTE s_byGetRateIdx(BYTE byRate) |
92b96797 FB |
250 | { |
251 | BYTE byRateIdx; | |
252 | ||
253 | for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) { | |
254 | if (acbyRxRate[byRateIdx%MAX_RATE] == byRate) | |
255 | return byRateIdx; | |
256 | } | |
257 | return 0; | |
258 | } | |
259 | ||
260 | ||
261 | static | |
8611a29a | 262 | void |
92b96797 | 263 | s_vGetDASA ( |
592ccfeb | 264 | PBYTE pbyRxBufferAddr, |
6f8c13c7 AM |
265 | PUINT pcbHeaderSize, |
266 | PSEthernetHeader psEthHeader | |
92b96797 FB |
267 | ) |
268 | { | |
cc856e61 | 269 | unsigned int cbHeaderSize = 0; |
9a0e756c AM |
270 | PS802_11Header pMACHeader; |
271 | int ii; | |
272 | ||
273 | pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); | |
274 | ||
275 | if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { | |
276 | if (pMACHeader->wFrameCtl & FC_FROMDS) { | |
277 | for (ii = 0; ii < ETH_ALEN; ii++) { | |
278 | psEthHeader->abyDstAddr[ii] = | |
279 | pMACHeader->abyAddr1[ii]; | |
280 | psEthHeader->abySrcAddr[ii] = | |
281 | pMACHeader->abyAddr3[ii]; | |
282 | } | |
283 | } else { | |
284 | /* IBSS mode */ | |
285 | for (ii = 0; ii < ETH_ALEN; ii++) { | |
286 | psEthHeader->abyDstAddr[ii] = | |
287 | pMACHeader->abyAddr1[ii]; | |
288 | psEthHeader->abySrcAddr[ii] = | |
289 | pMACHeader->abyAddr2[ii]; | |
290 | } | |
291 | } | |
292 | } else { | |
293 | /* Is AP mode.. */ | |
294 | if (pMACHeader->wFrameCtl & FC_FROMDS) { | |
295 | for (ii = 0; ii < ETH_ALEN; ii++) { | |
296 | psEthHeader->abyDstAddr[ii] = | |
297 | pMACHeader->abyAddr3[ii]; | |
298 | psEthHeader->abySrcAddr[ii] = | |
299 | pMACHeader->abyAddr4[ii]; | |
300 | cbHeaderSize += 6; | |
301 | } | |
302 | } else { | |
303 | for (ii = 0; ii < ETH_ALEN; ii++) { | |
304 | psEthHeader->abyDstAddr[ii] = | |
305 | pMACHeader->abyAddr3[ii]; | |
306 | psEthHeader->abySrcAddr[ii] = | |
307 | pMACHeader->abyAddr2[ii]; | |
308 | } | |
309 | } | |
310 | }; | |
92b96797 FB |
311 | *pcbHeaderSize = cbHeaderSize; |
312 | } | |
313 | ||
314 | ||
315 | ||
316 | ||
317 | BOOL | |
318 | RXbBulkInProcessData ( | |
592ccfeb AM |
319 | PSDevice pDevice, |
320 | PRCB pRCB, | |
cc856e61 | 321 | unsigned long BytesToIndicate |
92b96797 FB |
322 | ) |
323 | { | |
324 | ||
325 | struct net_device_stats* pStats=&pDevice->stats; | |
326 | struct sk_buff* skb; | |
327 | PSMgmtObject pMgmt = &(pDevice->sMgmtObj); | |
328 | PSRxMgmtPacket pRxPacket = &(pMgmt->sRxPacket); | |
329 | PS802_11Header p802_11Header; | |
330 | PBYTE pbyRsr; | |
331 | PBYTE pbyNewRsr; | |
332 | PBYTE pbyRSSI; | |
333 | PQWORD pqwTSFTime; | |
334 | PBYTE pbyFrame; | |
335 | BOOL bDeFragRx = FALSE; | |
cc856e61 AM |
336 | unsigned int cbHeaderOffset; |
337 | unsigned int FrameSize; | |
92b96797 | 338 | WORD wEtherType = 0; |
213d2e93 AM |
339 | signed int iSANodeIndex = -1; |
340 | signed int iDANodeIndex = -1; | |
cc856e61 AM |
341 | unsigned int ii; |
342 | unsigned int cbIVOffset; | |
92b96797 FB |
343 | PBYTE pbyRxSts; |
344 | PBYTE pbyRxRate; | |
345 | PBYTE pbySQ; | |
346 | #ifdef Calcu_LinkQual | |
347 | PBYTE pby3SQ; | |
348 | #endif | |
cc856e61 | 349 | unsigned int cbHeaderSize; |
92b96797 FB |
350 | PSKeyItem pKey = NULL; |
351 | WORD wRxTSC15_0 = 0; | |
352 | DWORD dwRxTSC47_16 = 0; | |
353 | SKeyItem STempKey; | |
354 | // 802.11h RPI | |
213d2e93 | 355 | /* signed long ldBm = 0; */ |
92b96797 FB |
356 | BOOL bIsWEP = FALSE; |
357 | BOOL bExtIV = FALSE; | |
358 | DWORD dwWbkStatus; | |
359 | PRCB pRCBIndicate = pRCB; | |
360 | PBYTE pbyDAddress; | |
361 | PWORD pwPLCP_Length; | |
362 | BYTE abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108}; | |
363 | WORD wPLCPwithPadding; | |
364 | PS802_11Header pMACHeader; | |
365 | BOOL bRxeapol_key = FALSE; | |
366 | ||
367 | ||
368 | ||
369 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n"); | |
370 | ||
371 | skb = pRCB->skb; | |
372 | ||
373 | //[31:16]RcvByteCount ( not include 4-byte Status ) | |
374 | dwWbkStatus = *( (PDWORD)(skb->data) ); | |
cc856e61 | 375 | FrameSize = (unsigned int)(dwWbkStatus >> 16); |
92b96797 FB |
376 | FrameSize += 4; |
377 | ||
378 | if (BytesToIndicate != FrameSize) { | |
379 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n"); | |
380 | return FALSE; | |
381 | } | |
382 | ||
383 | if ((BytesToIndicate > 2372)||(BytesToIndicate <= 40)) { | |
384 | // Frame Size error drop this packet. | |
385 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n"); | |
386 | return FALSE; | |
387 | } | |
388 | ||
389 | pbyDAddress = (PBYTE)(skb->data); | |
390 | pbyRxSts = pbyDAddress+4; | |
391 | pbyRxRate = pbyDAddress+5; | |
392 | ||
393 | //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding | |
394 | //if SQ3 the range is 24~27, if no SQ3 the range is 20~23 | |
395 | //real Frame size in PLCPLength field. | |
396 | pwPLCP_Length = (PWORD) (pbyDAddress + 6); | |
397 | //Fix hardware bug => PLCP_Length error | |
398 | if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) || | |
399 | ((BytesToIndicate - (*pwPLCP_Length)) < 24) || | |
400 | (BytesToIndicate < (*pwPLCP_Length)) ) { | |
401 | ||
402 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length); | |
403 | ASSERT(0); | |
404 | return FALSE; | |
405 | } | |
406 | for ( ii=RATE_1M;ii<MAX_RATE;ii++) { | |
407 | if ( *pbyRxRate == abyVaildRate[ii] ) { | |
408 | break; | |
409 | } | |
410 | } | |
411 | if ( ii==MAX_RATE ) { | |
412 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate); | |
413 | return FALSE; | |
414 | } | |
415 | ||
416 | wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4; | |
417 | ||
418 | pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding); | |
419 | #ifdef Calcu_LinkQual | |
420 | if(pDevice->byBBType == BB_TYPE_11G) { | |
421 | pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12; | |
422 | pbySQ = pby3SQ; | |
423 | } | |
424 | else { | |
425 | pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8; | |
426 | pby3SQ = pbySQ; | |
427 | } | |
428 | #else | |
429 | pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8; | |
430 | #endif | |
431 | pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9; | |
432 | pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10; | |
433 | pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11; | |
434 | ||
435 | FrameSize = *pwPLCP_Length; | |
436 | ||
437 | pbyFrame = pbyDAddress + 8; | |
438 | // update receive statistic counter | |
439 | ||
440 | STAvUpdateRDStatCounter(&pDevice->scStatistic, | |
441 | *pbyRsr, | |
442 | *pbyNewRsr, | |
443 | *pbyRxSts, | |
444 | *pbyRxRate, | |
445 | pbyFrame, | |
446 | FrameSize | |
447 | ); | |
448 | ||
449 | ||
450 | pMACHeader = (PS802_11Header) pbyFrame; | |
451 | ||
452 | //mike add: to judge if current AP is activated? | |
453 | if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) || | |
454 | (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) { | |
455 | if (pMgmt->sNodeDBTable[0].bActive) { | |
456 | if(IS_ETH_ADDRESS_EQUAL (pMgmt->abyCurrBSSID, pMACHeader->abyAddr2) ) { | |
457 | if (pMgmt->sNodeDBTable[0].uInActiveCount != 0) | |
458 | pMgmt->sNodeDBTable[0].uInActiveCount = 0; | |
459 | } | |
460 | } | |
461 | } | |
462 | ||
463 | if (!IS_MULTICAST_ADDRESS(pMACHeader->abyAddr1) && !IS_BROADCAST_ADDRESS(pMACHeader->abyAddr1)) { | |
464 | if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) { | |
465 | pDevice->s802_11Counter.FrameDuplicateCount++; | |
466 | return FALSE; | |
467 | } | |
468 | ||
469 | if ( !IS_ETH_ADDRESS_EQUAL (pDevice->abyCurrentNetAddr, pMACHeader->abyAddr1) ) { | |
470 | return FALSE; | |
471 | } | |
472 | } | |
473 | ||
474 | ||
475 | // Use for TKIP MIC | |
476 | s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader); | |
477 | ||
478 | if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr)) | |
479 | return FALSE; | |
480 | ||
481 | if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { | |
482 | if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { | |
483 | p802_11Header = (PS802_11Header) (pbyFrame); | |
484 | // get SA NodeIndex | |
485 | if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) { | |
486 | pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; | |
487 | pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; | |
488 | } | |
489 | } | |
490 | } | |
491 | ||
492 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
493 | if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) { | |
494 | return FALSE; | |
495 | } | |
496 | } | |
497 | ||
498 | ||
499 | if (IS_FC_WEP(pbyFrame)) { | |
500 | BOOL bRxDecryOK = FALSE; | |
501 | ||
502 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n"); | |
503 | bIsWEP = TRUE; | |
504 | if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { | |
505 | pKey = &STempKey; | |
506 | pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; | |
507 | pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; | |
508 | pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; | |
509 | pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; | |
510 | pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; | |
511 | memcpy(pKey->abyKey, | |
512 | &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], | |
513 | pKey->uKeyLength | |
514 | ); | |
515 | ||
516 | bRxDecryOK = s_bHostWepRxEncryption(pDevice, | |
517 | pbyFrame, | |
518 | FrameSize, | |
519 | pbyRsr, | |
520 | pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, | |
521 | pKey, | |
522 | pbyNewRsr, | |
523 | &bExtIV, | |
524 | &wRxTSC15_0, | |
525 | &dwRxTSC47_16); | |
526 | } else { | |
527 | bRxDecryOK = s_bHandleRxEncryption(pDevice, | |
528 | pbyFrame, | |
529 | FrameSize, | |
530 | pbyRsr, | |
531 | pbyNewRsr, | |
532 | &pKey, | |
533 | &bExtIV, | |
534 | &wRxTSC15_0, | |
535 | &dwRxTSC47_16); | |
536 | } | |
537 | ||
538 | if (bRxDecryOK) { | |
539 | if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { | |
540 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n"); | |
541 | if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) || | |
542 | (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || | |
543 | (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || | |
544 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || | |
545 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { | |
546 | ||
547 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { | |
548 | pDevice->s802_11Counter.TKIPICVErrors++; | |
549 | } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) { | |
550 | pDevice->s802_11Counter.CCMPDecryptErrors++; | |
551 | } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) { | |
552 | // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++; | |
553 | } | |
554 | } | |
555 | return FALSE; | |
556 | } | |
557 | } else { | |
558 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n"); | |
559 | return FALSE; | |
560 | } | |
561 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) | |
562 | FrameSize -= 8; // Message Integrity Code | |
563 | else | |
564 | FrameSize -= 4; // 4 is ICV | |
565 | } | |
566 | ||
567 | ||
568 | // | |
569 | // RX OK | |
570 | // | |
571 | //remove the CRC length | |
572 | FrameSize -= U_CRC_LEN; | |
573 | ||
8a3d91b0 | 574 | if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) && // unicast address |
92b96797 FB |
575 | (IS_FRAGMENT_PKT((pbyFrame))) |
576 | ) { | |
577 | // defragment | |
578 | bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV); | |
579 | pDevice->s802_11Counter.ReceivedFragmentCount++; | |
580 | if (bDeFragRx) { | |
581 | // defrag complete | |
582 | // TODO skb, pbyFrame | |
583 | skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; | |
584 | FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; | |
585 | pbyFrame = skb->data + 8; | |
586 | } | |
587 | else { | |
588 | return FALSE; | |
589 | } | |
590 | } | |
591 | ||
592 | // | |
593 | // Management & Control frame Handle | |
594 | // | |
595 | if ((IS_TYPE_DATA((pbyFrame))) == FALSE) { | |
596 | // Handle Control & Manage Frame | |
597 | ||
598 | if (IS_TYPE_MGMT((pbyFrame))) { | |
599 | PBYTE pbyData1; | |
600 | PBYTE pbyData2; | |
601 | ||
602 | pRxPacket = &(pRCB->sMngPacket); | |
603 | pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame); | |
604 | pRxPacket->cbMPDULen = FrameSize; | |
605 | pRxPacket->uRSSI = *pbyRSSI; | |
606 | pRxPacket->bySQ = *pbySQ; | |
607 | HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime)); | |
608 | LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime)); | |
609 | if (bIsWEP) { | |
610 | // strip IV | |
611 | pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame); | |
612 | pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4; | |
613 | for (ii = 0; ii < (FrameSize - 4); ii++) { | |
614 | *pbyData1 = *pbyData2; | |
615 | pbyData1++; | |
616 | pbyData2++; | |
617 | } | |
618 | } | |
619 | ||
620 | pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); | |
621 | ||
622 | if ( *pbyRxSts == 0 ) { | |
623 | //Discard beacon packet which channel is 0 | |
624 | if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) || | |
625 | (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) { | |
626 | return TRUE; | |
627 | } | |
628 | } | |
629 | pRxPacket->byRxChannel = (*pbyRxSts) >> 2; | |
630 | ||
631 | // hostap Deamon handle 802.11 management | |
632 | if (pDevice->bEnableHostapd) { | |
633 | skb->dev = pDevice->apdev; | |
634 | //skb->data += 4; | |
635 | //skb->tail += 4; | |
636 | skb->data += 8; | |
637 | skb->tail += 8; | |
638 | skb_put(skb, FrameSize); | |
d899d403 | 639 | skb_reset_mac_header(skb); |
92b96797 FB |
640 | skb->pkt_type = PACKET_OTHERHOST; |
641 | skb->protocol = htons(ETH_P_802_2); | |
642 | memset(skb->cb, 0, sizeof(skb->cb)); | |
643 | netif_rx(skb); | |
644 | return TRUE; | |
645 | } | |
646 | ||
647 | // | |
648 | // Insert the RCB in the Recv Mng list | |
649 | // | |
650 | EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate); | |
651 | pDevice->NumRecvMngList++; | |
652 | if ( bDeFragRx == FALSE) { | |
653 | pRCB->Ref++; | |
654 | } | |
655 | if (pDevice->bIsRxMngWorkItemQueued == FALSE) { | |
656 | pDevice->bIsRxMngWorkItemQueued = TRUE; | |
657 | tasklet_schedule(&pDevice->RxMngWorkItem); | |
658 | } | |
659 | ||
660 | } | |
661 | else { | |
662 | // Control Frame | |
663 | }; | |
664 | return FALSE; | |
665 | } | |
666 | else { | |
667 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
668 | //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. | |
8a3d91b0 | 669 | if ( !(*pbyRsr & RSR_BSSIDOK)) { |
92b96797 FB |
670 | if (bDeFragRx) { |
671 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
672 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
673 | pDevice->dev->name); | |
674 | } | |
675 | } | |
676 | return FALSE; | |
677 | } | |
678 | } | |
679 | else { | |
680 | // discard DATA packet while not associate || BSSID error | |
681 | if ((pDevice->bLinkPass == FALSE) || | |
8a3d91b0 | 682 | !(*pbyRsr & RSR_BSSIDOK)) { |
92b96797 FB |
683 | if (bDeFragRx) { |
684 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
685 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
686 | pDevice->dev->name); | |
687 | } | |
688 | } | |
689 | return FALSE; | |
690 | } | |
691 | //mike add:station mode check eapol-key challenge---> | |
692 | { | |
693 | BYTE Protocol_Version; //802.1x Authentication | |
694 | BYTE Packet_Type; //802.1x Authentication | |
695 | BYTE Descriptor_type; | |
696 | WORD Key_info; | |
697 | if (bIsWEP) | |
698 | cbIVOffset = 8; | |
699 | else | |
700 | cbIVOffset = 0; | |
701 | wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | | |
702 | skb->data[cbIVOffset + 8 + 24 + 6 + 1]; | |
703 | Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1]; | |
704 | Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1]; | |
705 | if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header | |
706 | if(((Protocol_Version==1) ||(Protocol_Version==2)) && | |
707 | (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive | |
708 | bRxeapol_key = TRUE; | |
709 | Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2]; | |
710 | Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ; | |
711 | if(Descriptor_type==2) { //RSN | |
712 | // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info); | |
713 | } | |
714 | else if(Descriptor_type==254) { | |
715 | // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info); | |
716 | } | |
717 | } | |
718 | } | |
719 | } | |
720 | //mike add:station mode check eapol-key challenge<--- | |
721 | } | |
722 | } | |
723 | ||
724 | ||
725 | // Data frame Handle | |
726 | ||
727 | ||
728 | if (pDevice->bEnablePSMode) { | |
729 | if (IS_FC_MOREDATA((pbyFrame))) { | |
8a3d91b0 | 730 | if (*pbyRsr & RSR_ADDROK) { |
92b96797 FB |
731 | //PSbSendPSPOLL((PSDevice)pDevice); |
732 | } | |
733 | } | |
734 | else { | |
735 | if (pMgmt->bInTIMWake == TRUE) { | |
736 | pMgmt->bInTIMWake = FALSE; | |
737 | } | |
738 | } | |
739 | }; | |
740 | ||
741 | // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps | |
742 | if (pDevice->bDiversityEnable && (FrameSize>50) && | |
743 | (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) && | |
744 | (pDevice->bLinkPass == TRUE)) { | |
745 | BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); | |
746 | } | |
747 | ||
748 | // ++++++++ For BaseBand Algorithm +++++++++++++++ | |
749 | pDevice->uCurrRSSI = *pbyRSSI; | |
750 | pDevice->byCurrSQ = *pbySQ; | |
751 | ||
752 | // todo | |
753 | /* | |
754 | if ((*pbyRSSI != 0) && | |
755 | (pMgmt->pCurrBSS!=NULL)) { | |
756 | RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); | |
757 | // Moniter if RSSI is too strong. | |
758 | pMgmt->pCurrBSS->byRSSIStatCnt++; | |
759 | pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; | |
760 | pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; | |
761 | for(ii=0;ii<RSSI_STAT_COUNT;ii++) { | |
762 | if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) { | |
763 | pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); | |
764 | } | |
765 | } | |
766 | } | |
767 | */ | |
768 | ||
769 | ||
770 | // ----------------------------------------------- | |
771 | ||
772 | if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){ | |
773 | BYTE abyMacHdr[24]; | |
774 | ||
775 | // Only 802.1x packet incoming allowed | |
776 | if (bIsWEP) | |
777 | cbIVOffset = 8; | |
778 | else | |
779 | cbIVOffset = 0; | |
780 | wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | | |
781 | skb->data[cbIVOffset + 8 + 24 + 6 + 1]; | |
782 | ||
783 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType); | |
784 | if (wEtherType == ETH_P_PAE) { | |
785 | skb->dev = pDevice->apdev; | |
786 | ||
787 | if (bIsWEP == TRUE) { | |
788 | // strip IV header(8) | |
789 | memcpy(&abyMacHdr[0], (skb->data + 8), 24); | |
790 | memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24); | |
791 | } | |
792 | ||
793 | skb->data += (cbIVOffset + 8); | |
794 | skb->tail += (cbIVOffset + 8); | |
795 | skb_put(skb, FrameSize); | |
d899d403 | 796 | skb_reset_mac_header(skb); |
92b96797 FB |
797 | skb->pkt_type = PACKET_OTHERHOST; |
798 | skb->protocol = htons(ETH_P_802_2); | |
799 | memset(skb->cb, 0, sizeof(skb->cb)); | |
800 | netif_rx(skb); | |
801 | return TRUE; | |
802 | ||
803 | } | |
804 | // check if 802.1x authorized | |
805 | if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) | |
806 | return FALSE; | |
807 | } | |
808 | ||
809 | ||
810 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { | |
811 | if (bIsWEP) { | |
812 | FrameSize -= 8; //MIC | |
813 | } | |
814 | } | |
815 | ||
816 | //-------------------------------------------------------------------------------- | |
817 | // Soft MIC | |
818 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { | |
819 | if (bIsWEP) { | |
820 | PDWORD pdwMIC_L; | |
821 | PDWORD pdwMIC_R; | |
822 | DWORD dwMIC_Priority; | |
823 | DWORD dwMICKey0 = 0, dwMICKey1 = 0; | |
824 | DWORD dwLocalMIC_L = 0; | |
825 | DWORD dwLocalMIC_R = 0; | |
826 | viawget_wpa_header *wpahdr; | |
827 | ||
828 | ||
829 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
830 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); | |
831 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); | |
832 | } | |
833 | else { | |
834 | if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { | |
835 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); | |
836 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); | |
837 | } else if ((pKey->dwKeyIndex & BIT28) == 0) { | |
838 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); | |
839 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); | |
840 | } else { | |
841 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); | |
842 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); | |
843 | } | |
844 | } | |
845 | ||
846 | MIC_vInit(dwMICKey0, dwMICKey1); | |
847 | MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); | |
848 | dwMIC_Priority = 0; | |
849 | MIC_vAppend((PBYTE)&dwMIC_Priority, 4); | |
850 | // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. | |
851 | MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8), | |
852 | FrameSize - WLAN_HDR_ADDR3_LEN - 8); | |
853 | MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); | |
854 | MIC_vUnInit(); | |
855 | ||
856 | pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize); | |
857 | pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4); | |
858 | ||
859 | ||
860 | if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || | |
861 | (pDevice->bRxMICFail == TRUE)) { | |
862 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n"); | |
863 | pDevice->bRxMICFail = FALSE; | |
864 | //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; | |
865 | pDevice->s802_11Counter.TKIPLocalMICFailures++; | |
866 | if (bDeFragRx) { | |
867 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
868 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
869 | pDevice->dev->name); | |
870 | } | |
871 | } | |
872 | //2008-0409-07, <Add> by Einsn Liu | |
873 | #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT | |
874 | //send event to wpa_supplicant | |
875 | //if(pDevice->bWPASuppWextEnabled == TRUE) | |
876 | { | |
877 | union iwreq_data wrqu; | |
878 | struct iw_michaelmicfailure ev; | |
879 | int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits | |
880 | memset(&ev, 0, sizeof(ev)); | |
881 | ev.flags = keyidx & IW_MICFAILURE_KEY_ID; | |
882 | if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && | |
883 | (pMgmt->eCurrState == WMAC_STATE_ASSOC) && | |
884 | (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { | |
885 | ev.flags |= IW_MICFAILURE_PAIRWISE; | |
886 | } else { | |
887 | ev.flags |= IW_MICFAILURE_GROUP; | |
888 | } | |
889 | ||
890 | ev.src_addr.sa_family = ARPHRD_ETHER; | |
891 | memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); | |
892 | memset(&wrqu, 0, sizeof(wrqu)); | |
893 | wrqu.data.length = sizeof(ev); | |
894 | PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n"); | |
895 | wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); | |
896 | ||
897 | } | |
898 | #endif | |
899 | ||
900 | ||
901 | if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) { | |
902 | wpahdr = (viawget_wpa_header *)pDevice->skb->data; | |
903 | if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && | |
904 | (pMgmt->eCurrState == WMAC_STATE_ASSOC) && | |
905 | (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { | |
906 | //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR; | |
907 | wpahdr->type = VIAWGET_PTK_MIC_MSG; | |
908 | } else { | |
909 | //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR; | |
910 | wpahdr->type = VIAWGET_GTK_MIC_MSG; | |
911 | } | |
912 | wpahdr->resp_ie_len = 0; | |
913 | wpahdr->req_ie_len = 0; | |
914 | skb_put(pDevice->skb, sizeof(viawget_wpa_header)); | |
915 | pDevice->skb->dev = pDevice->wpadev; | |
d899d403 | 916 | skb_reset_mac_header(pDevice->skb); |
92b96797 FB |
917 | pDevice->skb->pkt_type = PACKET_HOST; |
918 | pDevice->skb->protocol = htons(ETH_P_802_2); | |
919 | memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); | |
920 | netif_rx(pDevice->skb); | |
921 | pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); | |
922 | }; | |
923 | ||
924 | return FALSE; | |
925 | ||
926 | } | |
927 | } | |
928 | } //---end of SOFT MIC----------------------------------------------------------------------- | |
929 | ||
930 | // ++++++++++ Reply Counter Check +++++++++++++ | |
931 | ||
932 | if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || | |
933 | (pKey->byCipherSuite == KEY_CTL_CCMP))) { | |
934 | if (bIsWEP) { | |
935 | WORD wLocalTSC15_0 = 0; | |
936 | DWORD dwLocalTSC47_16 = 0; | |
cc856e61 | 937 | unsigned long long RSC = 0; |
92b96797 | 938 | // endian issues |
cc856e61 | 939 | RSC = *((unsigned long long *) &(pKey->KeyRSC)); |
92b96797 FB |
940 | wLocalTSC15_0 = (WORD) RSC; |
941 | dwLocalTSC47_16 = (DWORD) (RSC>>16); | |
942 | ||
943 | RSC = dwRxTSC47_16; | |
944 | RSC <<= 16; | |
945 | RSC += wRxTSC15_0; | |
3e362598 | 946 | memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD)); |
92b96797 FB |
947 | |
948 | if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && | |
949 | (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { | |
950 | // check RSC | |
951 | if ( (wRxTSC15_0 < wLocalTSC15_0) && | |
952 | (dwRxTSC47_16 <= dwLocalTSC47_16) && | |
953 | !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { | |
954 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n "); | |
955 | if (pKey->byCipherSuite == KEY_CTL_TKIP) | |
956 | //pDevice->s802_11Counter.TKIPReplays.QuadPart++; | |
957 | pDevice->s802_11Counter.TKIPReplays++; | |
958 | else | |
959 | //pDevice->s802_11Counter.CCMPReplays.QuadPart++; | |
960 | pDevice->s802_11Counter.CCMPReplays++; | |
961 | ||
962 | if (bDeFragRx) { | |
963 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
964 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
965 | pDevice->dev->name); | |
966 | } | |
967 | } | |
968 | return FALSE; | |
969 | } | |
970 | } | |
971 | } | |
972 | } // ----- End of Reply Counter Check -------------------------- | |
973 | ||
974 | ||
975 | s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); | |
976 | FrameSize -= cbHeaderOffset; | |
977 | cbHeaderOffset += 8; // 8 is Rcv buffer header | |
978 | ||
979 | // Null data, framesize = 12 | |
980 | if (FrameSize < 12) | |
981 | return FALSE; | |
982 | ||
983 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
984 | if (s_bAPModeRxData(pDevice, | |
985 | skb, | |
986 | FrameSize, | |
987 | cbHeaderOffset, | |
988 | iSANodeIndex, | |
989 | iDANodeIndex | |
990 | ) == FALSE) { | |
991 | ||
992 | if (bDeFragRx) { | |
993 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
994 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
995 | pDevice->dev->name); | |
996 | } | |
997 | } | |
998 | return FALSE; | |
999 | } | |
1000 | ||
1001 | } | |
1002 | ||
1003 | skb->data += cbHeaderOffset; | |
1004 | skb->tail += cbHeaderOffset; | |
1005 | skb_put(skb, FrameSize); | |
1006 | skb->protocol=eth_type_trans(skb, skb->dev); | |
1007 | skb->ip_summed=CHECKSUM_NONE; | |
1008 | pStats->rx_bytes +=skb->len; | |
1009 | pStats->rx_packets++; | |
1010 | netif_rx(skb); | |
1011 | if (bDeFragRx) { | |
1012 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
1013 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
1014 | pDevice->dev->name); | |
1015 | } | |
1016 | return FALSE; | |
1017 | } | |
1018 | ||
1019 | return TRUE; | |
1020 | } | |
1021 | ||
1022 | ||
1023 | static BOOL s_bAPModeRxCtl ( | |
592ccfeb AM |
1024 | PSDevice pDevice, |
1025 | PBYTE pbyFrame, | |
213d2e93 | 1026 | signed int iSANodeIndex |
92b96797 FB |
1027 | ) |
1028 | { | |
1029 | PS802_11Header p802_11Header; | |
1030 | CMD_STATUS Status; | |
1031 | PSMgmtObject pMgmt = &(pDevice->sMgmtObj); | |
1032 | ||
1033 | ||
1034 | if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { | |
1035 | ||
1036 | p802_11Header = (PS802_11Header) (pbyFrame); | |
1037 | if (!IS_TYPE_MGMT(pbyFrame)) { | |
1038 | ||
1039 | // Data & PS-Poll packet | |
1040 | // check frame class | |
1041 | if (iSANodeIndex > 0) { | |
1042 | // frame class 3 fliter & checking | |
1043 | if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { | |
1044 | // send deauth notification | |
1045 | // reason = (6) class 2 received from nonauth sta | |
1046 | vMgrDeAuthenBeginSta(pDevice, | |
1047 | pMgmt, | |
1048 | (PBYTE)(p802_11Header->abyAddr2), | |
1049 | (WLAN_MGMT_REASON_CLASS2_NONAUTH), | |
1050 | &Status | |
1051 | ); | |
1052 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); | |
1053 | return TRUE; | |
1054 | }; | |
1055 | if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { | |
1056 | // send deassoc notification | |
1057 | // reason = (7) class 3 received from nonassoc sta | |
1058 | vMgrDisassocBeginSta(pDevice, | |
1059 | pMgmt, | |
1060 | (PBYTE)(p802_11Header->abyAddr2), | |
1061 | (WLAN_MGMT_REASON_CLASS3_NONASSOC), | |
1062 | &Status | |
1063 | ); | |
1064 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); | |
1065 | return TRUE; | |
1066 | }; | |
1067 | ||
1068 | if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { | |
1069 | // delcare received ps-poll event | |
1070 | if (IS_CTL_PSPOLL(pbyFrame)) { | |
1071 | pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; | |
0cbd8d98 AM |
1072 | bScheduleCommand((void *) pDevice, |
1073 | WLAN_CMD_RX_PSPOLL, | |
1074 | NULL); | |
92b96797 FB |
1075 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); |
1076 | } | |
1077 | else { | |
1078 | // check Data PS state | |
1079 | // if PW bit off, send out all PS bufferring packets. | |
1080 | if (!IS_FC_POWERMGT(pbyFrame)) { | |
1081 | pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; | |
1082 | pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; | |
0cbd8d98 AM |
1083 | bScheduleCommand((void *) pDevice, |
1084 | WLAN_CMD_RX_PSPOLL, | |
1085 | NULL); | |
92b96797 FB |
1086 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); |
1087 | } | |
1088 | } | |
1089 | } | |
1090 | else { | |
1091 | if (IS_FC_POWERMGT(pbyFrame)) { | |
1092 | pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE; | |
1093 | // Once if STA in PS state, enable multicast bufferring | |
1094 | pMgmt->sNodeDBTable[0].bPSEnable = TRUE; | |
1095 | } | |
1096 | else { | |
1097 | // clear all pending PS frame. | |
1098 | if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { | |
1099 | pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; | |
1100 | pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; | |
0cbd8d98 AM |
1101 | bScheduleCommand((void *) pDevice, |
1102 | WLAN_CMD_RX_PSPOLL, | |
1103 | NULL); | |
92b96797 FB |
1104 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); |
1105 | ||
1106 | } | |
1107 | } | |
1108 | } | |
1109 | } | |
1110 | else { | |
1111 | vMgrDeAuthenBeginSta(pDevice, | |
1112 | pMgmt, | |
1113 | (PBYTE)(p802_11Header->abyAddr2), | |
1114 | (WLAN_MGMT_REASON_CLASS2_NONAUTH), | |
1115 | &Status | |
1116 | ); | |
1117 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); | |
1118 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n", | |
1119 | p802_11Header->abyAddr3[0], | |
1120 | p802_11Header->abyAddr3[1], | |
1121 | p802_11Header->abyAddr3[2], | |
1122 | p802_11Header->abyAddr3[3], | |
1123 | p802_11Header->abyAddr3[4], | |
1124 | p802_11Header->abyAddr3[5] | |
1125 | ); | |
1126 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n", | |
1127 | p802_11Header->abyAddr2[0], | |
1128 | p802_11Header->abyAddr2[1], | |
1129 | p802_11Header->abyAddr2[2], | |
1130 | p802_11Header->abyAddr2[3], | |
1131 | p802_11Header->abyAddr2[4], | |
1132 | p802_11Header->abyAddr2[5] | |
1133 | ); | |
1134 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n", | |
1135 | p802_11Header->abyAddr1[0], | |
1136 | p802_11Header->abyAddr1[1], | |
1137 | p802_11Header->abyAddr1[2], | |
1138 | p802_11Header->abyAddr1[3], | |
1139 | p802_11Header->abyAddr1[4], | |
1140 | p802_11Header->abyAddr1[5] | |
1141 | ); | |
1142 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl ); | |
1143 | return TRUE; | |
1144 | } | |
1145 | } | |
1146 | } | |
1147 | return FALSE; | |
1148 | ||
1149 | } | |
1150 | ||
1151 | static BOOL s_bHandleRxEncryption ( | |
592ccfeb AM |
1152 | PSDevice pDevice, |
1153 | PBYTE pbyFrame, | |
cc856e61 | 1154 | unsigned int FrameSize, |
592ccfeb | 1155 | PBYTE pbyRsr, |
6f8c13c7 AM |
1156 | PBYTE pbyNewRsr, |
1157 | PSKeyItem * pKeyOut, | |
193a823c | 1158 | int * pbExtIV, |
6f8c13c7 AM |
1159 | PWORD pwRxTSC15_0, |
1160 | PDWORD pdwRxTSC47_16 | |
92b96797 FB |
1161 | ) |
1162 | { | |
cc856e61 | 1163 | unsigned int PayloadLen = FrameSize; |
92b96797 FB |
1164 | PBYTE pbyIV; |
1165 | BYTE byKeyIdx; | |
1166 | PSKeyItem pKey = NULL; | |
1167 | BYTE byDecMode = KEY_CTL_WEP; | |
1168 | PSMgmtObject pMgmt = &(pDevice->sMgmtObj); | |
1169 | ||
1170 | ||
1171 | *pwRxTSC15_0 = 0; | |
1172 | *pdwRxTSC47_16 = 0; | |
1173 | ||
1174 | pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; | |
1175 | if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && | |
1176 | WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { | |
1177 | pbyIV += 6; // 6 is 802.11 address4 | |
1178 | PayloadLen -= 6; | |
1179 | } | |
1180 | byKeyIdx = (*(pbyIV+3) & 0xc0); | |
1181 | byKeyIdx >>= 6; | |
1182 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); | |
1183 | ||
1184 | if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || | |
1185 | (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || | |
1186 | (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || | |
1187 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || | |
1188 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { | |
1189 | if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && | |
1190 | (pMgmt->byCSSPK != KEY_CTL_NONE)) { | |
1191 | // unicast pkt use pairwise key | |
1192 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n"); | |
1193 | if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) { | |
1194 | if (pMgmt->byCSSPK == KEY_CTL_TKIP) | |
1195 | byDecMode = KEY_CTL_TKIP; | |
1196 | else if (pMgmt->byCSSPK == KEY_CTL_CCMP) | |
1197 | byDecMode = KEY_CTL_CCMP; | |
1198 | } | |
1199 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey); | |
1200 | } else { | |
1201 | // use group key | |
1202 | KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); | |
1203 | if (pMgmt->byCSSGK == KEY_CTL_TKIP) | |
1204 | byDecMode = KEY_CTL_TKIP; | |
1205 | else if (pMgmt->byCSSGK == KEY_CTL_CCMP) | |
1206 | byDecMode = KEY_CTL_CCMP; | |
1207 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); | |
1208 | } | |
1209 | } | |
1210 | // our WEP only support Default Key | |
1211 | if (pKey == NULL) { | |
1212 | // use default group key | |
1213 | KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); | |
1214 | if (pMgmt->byCSSGK == KEY_CTL_TKIP) | |
1215 | byDecMode = KEY_CTL_TKIP; | |
1216 | else if (pMgmt->byCSSGK == KEY_CTL_CCMP) | |
1217 | byDecMode = KEY_CTL_CCMP; | |
1218 | } | |
1219 | *pKeyOut = pKey; | |
1220 | ||
1221 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode); | |
1222 | ||
1223 | if (pKey == NULL) { | |
1224 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n"); | |
1225 | if (byDecMode == KEY_CTL_WEP) { | |
1226 | // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; | |
1227 | } else if (pDevice->bLinkPass == TRUE) { | |
1228 | // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; | |
1229 | } | |
1230 | return FALSE; | |
1231 | } | |
1232 | if (byDecMode != pKey->byCipherSuite) { | |
1233 | if (byDecMode == KEY_CTL_WEP) { | |
1234 | // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; | |
1235 | } else if (pDevice->bLinkPass == TRUE) { | |
1236 | // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; | |
1237 | } | |
1238 | *pKeyOut = NULL; | |
1239 | return FALSE; | |
1240 | } | |
1241 | if (byDecMode == KEY_CTL_WEP) { | |
1242 | // handle WEP | |
1243 | if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || | |
1244 | (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) { | |
1245 | // Software WEP | |
1246 | // 1. 3253A | |
1247 | // 2. WEP 256 | |
1248 | ||
1249 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc | |
3e362598 JL |
1250 | memcpy(pDevice->abyPRNG, pbyIV, 3); |
1251 | memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); | |
92b96797 FB |
1252 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); |
1253 | rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); | |
1254 | ||
1255 | if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { | |
1256 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1257 | } | |
1258 | } | |
1259 | } else if ((byDecMode == KEY_CTL_TKIP) || | |
1260 | (byDecMode == KEY_CTL_CCMP)) { | |
1261 | // TKIP/AES | |
1262 | ||
1263 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc | |
1264 | *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); | |
1265 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); | |
1266 | if (byDecMode == KEY_CTL_TKIP) { | |
1267 | *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); | |
1268 | } else { | |
1269 | *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); | |
1270 | } | |
1271 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); | |
1272 | ||
1273 | if ((byDecMode == KEY_CTL_TKIP) && | |
1274 | (pDevice->byLocalID <= REV_ID_VT3253_A1)) { | |
1275 | // Software TKIP | |
1276 | // 1. 3253 A | |
1277 | PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame); | |
1278 | TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); | |
1279 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); | |
1280 | rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); | |
1281 | if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { | |
1282 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1283 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); | |
1284 | } else { | |
1285 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); | |
1286 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); | |
1287 | } | |
1288 | } | |
1289 | }// end of TKIP/AES | |
1290 | ||
1291 | if ((*(pbyIV+3) & 0x20) != 0) | |
1292 | *pbExtIV = TRUE; | |
1293 | return TRUE; | |
1294 | } | |
1295 | ||
1296 | ||
1297 | static BOOL s_bHostWepRxEncryption ( | |
592ccfeb AM |
1298 | PSDevice pDevice, |
1299 | PBYTE pbyFrame, | |
cc856e61 | 1300 | unsigned int FrameSize, |
592ccfeb AM |
1301 | PBYTE pbyRsr, |
1302 | BOOL bOnFly, | |
1303 | PSKeyItem pKey, | |
6f8c13c7 | 1304 | PBYTE pbyNewRsr, |
193a823c | 1305 | int * pbExtIV, |
6f8c13c7 AM |
1306 | PWORD pwRxTSC15_0, |
1307 | PDWORD pdwRxTSC47_16 | |
92b96797 FB |
1308 | ) |
1309 | { | |
1310 | PSMgmtObject pMgmt = &(pDevice->sMgmtObj); | |
cc856e61 | 1311 | unsigned int PayloadLen = FrameSize; |
92b96797 FB |
1312 | PBYTE pbyIV; |
1313 | BYTE byKeyIdx; | |
1314 | BYTE byDecMode = KEY_CTL_WEP; | |
1315 | PS802_11Header pMACHeader; | |
1316 | ||
1317 | ||
1318 | ||
1319 | *pwRxTSC15_0 = 0; | |
1320 | *pdwRxTSC47_16 = 0; | |
1321 | ||
1322 | pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; | |
1323 | if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && | |
1324 | WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { | |
1325 | pbyIV += 6; // 6 is 802.11 address4 | |
1326 | PayloadLen -= 6; | |
1327 | } | |
1328 | byKeyIdx = (*(pbyIV+3) & 0xc0); | |
1329 | byKeyIdx >>= 6; | |
1330 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); | |
1331 | ||
1332 | ||
1333 | if (pMgmt->byCSSGK == KEY_CTL_TKIP) | |
1334 | byDecMode = KEY_CTL_TKIP; | |
1335 | else if (pMgmt->byCSSGK == KEY_CTL_CCMP) | |
1336 | byDecMode = KEY_CTL_CCMP; | |
1337 | ||
1338 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode); | |
1339 | ||
1340 | if (byDecMode != pKey->byCipherSuite) { | |
1341 | if (byDecMode == KEY_CTL_WEP) { | |
1342 | // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; | |
1343 | } else if (pDevice->bLinkPass == TRUE) { | |
1344 | // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; | |
1345 | } | |
1346 | return FALSE; | |
1347 | } | |
1348 | ||
1349 | if (byDecMode == KEY_CTL_WEP) { | |
1350 | // handle WEP | |
1351 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n"); | |
1352 | if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || | |
1353 | (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) || | |
1354 | (bOnFly == FALSE)) { | |
1355 | // Software WEP | |
1356 | // 1. 3253A | |
1357 | // 2. WEP 256 | |
1358 | // 3. NotOnFly | |
1359 | ||
1360 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc | |
3e362598 JL |
1361 | memcpy(pDevice->abyPRNG, pbyIV, 3); |
1362 | memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); | |
92b96797 FB |
1363 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); |
1364 | rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); | |
1365 | ||
1366 | if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { | |
1367 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1368 | } | |
1369 | } | |
1370 | } else if ((byDecMode == KEY_CTL_TKIP) || | |
1371 | (byDecMode == KEY_CTL_CCMP)) { | |
1372 | // TKIP/AES | |
1373 | ||
1374 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc | |
1375 | *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); | |
1376 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); | |
1377 | ||
1378 | if (byDecMode == KEY_CTL_TKIP) { | |
1379 | *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); | |
1380 | } else { | |
1381 | *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); | |
1382 | } | |
1383 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); | |
1384 | ||
1385 | if (byDecMode == KEY_CTL_TKIP) { | |
1386 | ||
1387 | if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) { | |
1388 | // Software TKIP | |
1389 | // 1. 3253 A | |
1390 | // 2. NotOnFly | |
1391 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n"); | |
1392 | pMACHeader = (PS802_11Header) (pbyFrame); | |
1393 | TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); | |
1394 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); | |
1395 | rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); | |
1396 | if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { | |
1397 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1398 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); | |
1399 | } else { | |
1400 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); | |
1401 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); | |
1402 | } | |
1403 | } | |
1404 | } | |
1405 | ||
1406 | if (byDecMode == KEY_CTL_CCMP) { | |
1407 | if (bOnFly == FALSE) { | |
1408 | // Software CCMP | |
1409 | // NotOnFly | |
1410 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n"); | |
1411 | if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) { | |
1412 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1413 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n"); | |
1414 | } else { | |
1415 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n"); | |
1416 | } | |
1417 | } | |
1418 | } | |
1419 | ||
1420 | }// end of TKIP/AES | |
1421 | ||
1422 | if ((*(pbyIV+3) & 0x20) != 0) | |
1423 | *pbExtIV = TRUE; | |
1424 | return TRUE; | |
1425 | } | |
1426 | ||
1427 | ||
1428 | ||
1429 | static BOOL s_bAPModeRxData ( | |
592ccfeb AM |
1430 | PSDevice pDevice, |
1431 | struct sk_buff *skb, | |
cc856e61 AM |
1432 | unsigned int FrameSize, |
1433 | unsigned int cbHeaderOffset, | |
213d2e93 AM |
1434 | signed int iSANodeIndex, |
1435 | signed int iDANodeIndex | |
92b96797 FB |
1436 | ) |
1437 | ||
1438 | { | |
1439 | PSMgmtObject pMgmt = &(pDevice->sMgmtObj); | |
1440 | BOOL bRelayAndForward = FALSE; | |
1441 | BOOL bRelayOnly = FALSE; | |
1442 | BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80}; | |
1443 | WORD wAID; | |
1444 | ||
1445 | ||
1446 | struct sk_buff* skbcpy = NULL; | |
1447 | ||
1448 | if (FrameSize > CB_MAX_BUF_SIZE) | |
1449 | return FALSE; | |
1450 | // check DA | |
1451 | if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) { | |
1452 | if (pMgmt->sNodeDBTable[0].bPSEnable) { | |
1453 | ||
1454 | skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz); | |
1455 | ||
1456 | // if any node in PS mode, buffer packet until DTIM. | |
1457 | if (skbcpy == NULL) { | |
1458 | DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n"); | |
1459 | } | |
1460 | else { | |
1461 | skbcpy->dev = pDevice->dev; | |
1462 | skbcpy->len = FrameSize; | |
1463 | memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize); | |
1464 | skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy); | |
1465 | pMgmt->sNodeDBTable[0].wEnQueueCnt++; | |
1466 | // set tx map | |
1467 | pMgmt->abyPSTxMap[0] |= byMask[0]; | |
1468 | } | |
1469 | } | |
1470 | else { | |
1471 | bRelayAndForward = TRUE; | |
1472 | } | |
1473 | } | |
1474 | else { | |
1475 | // check if relay | |
1476 | if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) { | |
1477 | if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) { | |
1478 | if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) { | |
1479 | // queue this skb until next PS tx, and then release. | |
1480 | ||
1481 | skb->data += cbHeaderOffset; | |
1482 | skb->tail += cbHeaderOffset; | |
1483 | skb_put(skb, FrameSize); | |
1484 | skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb); | |
1485 | ||
1486 | pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++; | |
1487 | wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID; | |
1488 | pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7]; | |
1489 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n", | |
1490 | iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]); | |
1491 | return TRUE; | |
1492 | } | |
1493 | else { | |
1494 | bRelayOnly = TRUE; | |
1495 | } | |
1496 | } | |
1497 | }; | |
1498 | } | |
1499 | ||
1500 | if (bRelayOnly || bRelayAndForward) { | |
1501 | // relay this packet right now | |
1502 | if (bRelayAndForward) | |
1503 | iDANodeIndex = 0; | |
1504 | ||
1505 | if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) { | |
cc856e61 AM |
1506 | bRelayPacketSend(pDevice, (PBYTE) (skb->data + cbHeaderOffset), |
1507 | FrameSize, (unsigned int) iDANodeIndex); | |
92b96797 FB |
1508 | } |
1509 | ||
1510 | if (bRelayOnly) | |
1511 | return FALSE; | |
1512 | } | |
1513 | // none associate, don't forward | |
1514 | if (pDevice->uAssocCount == 0) | |
1515 | return FALSE; | |
1516 | ||
1517 | return TRUE; | |
1518 | } | |
1519 | ||
1520 | ||
1521 | ||
1522 | ||
8611a29a | 1523 | void RXvWorkItem(void *Context) |
92b96797 FB |
1524 | { |
1525 | PSDevice pDevice = (PSDevice) Context; | |
1526 | NTSTATUS ntStatus; | |
1527 | PRCB pRCB=NULL; | |
1528 | ||
1529 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n"); | |
1530 | spin_lock_irq(&pDevice->lock); | |
1531 | while ( MP_TEST_FLAG(pDevice, fMP_POST_READS) && | |
1532 | MP_IS_READY(pDevice) && | |
1533 | (pDevice->NumRecvFreeList != 0) ) { | |
1534 | pRCB = pDevice->FirstRecvFreeList; | |
1535 | pDevice->NumRecvFreeList--; | |
1536 | ASSERT(pRCB);// cannot be NULL | |
1537 | DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList); | |
1538 | ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB); | |
1539 | } | |
1540 | pDevice->bIsRxWorkItemQueued = FALSE; | |
1541 | spin_unlock_irq(&pDevice->lock); | |
1542 | ||
1543 | } | |
1544 | ||
1545 | ||
8611a29a | 1546 | void |
92b96797 | 1547 | RXvFreeRCB( |
592ccfeb AM |
1548 | PRCB pRCB, |
1549 | BOOL bReAllocSkb | |
92b96797 FB |
1550 | ) |
1551 | { | |
1552 | PSDevice pDevice = (PSDevice)pRCB->pDevice; | |
1553 | ||
1554 | ||
1555 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n"); | |
1556 | ||
1557 | ASSERT(!pRCB->Ref); // should be 0 | |
1558 | ASSERT(pRCB->pDevice); // shouldn't be NULL | |
1559 | ||
1560 | if (bReAllocSkb == TRUE) { | |
1561 | pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); | |
1562 | // todo error handling | |
1563 | if (pRCB->skb == NULL) { | |
1564 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n"); | |
1565 | }else { | |
1566 | pRCB->skb->dev = pDevice->dev; | |
1567 | } | |
1568 | } | |
1569 | // | |
1570 | // Insert the RCB back in the Recv free list | |
1571 | // | |
1572 | EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB); | |
1573 | pDevice->NumRecvFreeList++; | |
1574 | ||
1575 | ||
1576 | if (MP_TEST_FLAG(pDevice, fMP_POST_READS) && MP_IS_READY(pDevice) && | |
1577 | (pDevice->bIsRxWorkItemQueued == FALSE) ) { | |
1578 | ||
1579 | pDevice->bIsRxWorkItemQueued = TRUE; | |
1580 | tasklet_schedule(&pDevice->ReadWorkItem); | |
1581 | } | |
1582 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList); | |
1583 | } | |
1584 | ||
1585 | ||
8611a29a | 1586 | void RXvMngWorkItem(void *Context) |
92b96797 FB |
1587 | { |
1588 | PSDevice pDevice = (PSDevice) Context; | |
1589 | PRCB pRCB=NULL; | |
1590 | PSRxMgmtPacket pRxPacket; | |
1591 | BOOL bReAllocSkb = FALSE; | |
1592 | ||
1593 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n"); | |
1594 | ||
1595 | spin_lock_irq(&pDevice->lock); | |
1596 | while (pDevice->NumRecvMngList!=0) | |
1597 | { | |
1598 | pRCB = pDevice->FirstRecvMngList; | |
1599 | pDevice->NumRecvMngList--; | |
1600 | DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList); | |
1601 | if(!pRCB){ | |
1602 | break; | |
1603 | } | |
1604 | ASSERT(pRCB);// cannot be NULL | |
1605 | pRxPacket = &(pRCB->sMngPacket); | |
0cbd8d98 | 1606 | vMgrRxManagePacket((void *) pDevice, &(pDevice->sMgmtObj), pRxPacket); |
92b96797 FB |
1607 | pRCB->Ref--; |
1608 | if(pRCB->Ref == 0) { | |
1609 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList); | |
1610 | RXvFreeRCB(pRCB, bReAllocSkb); | |
1611 | } else { | |
1612 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n"); | |
1613 | } | |
1614 | } | |
1615 | ||
1616 | pDevice->bIsRxMngWorkItemQueued = FALSE; | |
1617 | spin_unlock_irq(&pDevice->lock); | |
1618 | ||
1619 | } | |
1620 | ||
1621 |