projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'topic/usb' into for-linus
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / drivers / staging / vt6655 / dpc.c
1 /*
2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
3 * All rights reserved.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * File: dpc.c
20 *
21 * Purpose: handle dpc rx functions
22 *
23 * Author: Lyndon Chen
24 *
25 * Date: May 20, 2003
26 *
27 * Functions:
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
36 *
37 * Revision History:
38 *
39 */
40
41 #include "device.h"
42 #include "rxtx.h"
43 #include "tether.h"
44 #include "card.h"
45 #include "bssdb.h"
46 #include "mac.h"
47 #include "baseband.h"
48 #include "michael.h"
49 #include "tkip.h"
50 #include "tcrc.h"
51 #include "wctl.h"
52 #include "wroute.h"
53 #include "hostap.h"
54 #include "rf.h"
55 #include "iowpa.h"
56 #include "aes_ccmp.h"
57
58 //#define PLICE_DEBUG
59
60
61 /*--------------------- Static Definitions -------------------------*/
62
63 /*--------------------- Static Classes ----------------------------*/
64
65 /*--------------------- Static Variables --------------------------*/
66 //static int msglevel =MSG_LEVEL_DEBUG;
67 static int msglevel =MSG_LEVEL_INFO;
68
69 const BYTE acbyRxRate[MAX_RATE] =
70 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
71
72
73 /*--------------------- Static Functions --------------------------*/
74
75 /*--------------------- Static Definitions -------------------------*/
76
77 /*--------------------- Static Functions --------------------------*/
78
79 static BYTE s_byGetRateIdx(IN BYTE byRate);
80
81
82 static
83 VOID
84 s_vGetDASA(
85 IN PBYTE pbyRxBufferAddr,
86 OUT PUINT pcbHeaderSize,
87 OUT PSEthernetHeader psEthHeader
88 );
89
90 static
91 VOID
92 s_vProcessRxMACHeader (
93 IN PSDevice pDevice,
94 IN PBYTE pbyRxBufferAddr,
95 IN UINT cbPacketSize,
96 IN BOOL bIsWEP,
97 IN BOOL bExtIV,
98 OUT PUINT pcbHeadSize
99 );
100
101 static BOOL s_bAPModeRxCtl(
102 IN PSDevice pDevice,
103 IN PBYTE pbyFrame,
104 IN INT iSANodeIndex
105 );
106
107
108
109 static BOOL s_bAPModeRxData (
110 IN PSDevice pDevice,
111 IN struct sk_buff* skb,
112 IN UINT FrameSize,
113 IN UINT cbHeaderOffset,
114 IN INT iSANodeIndex,
115 IN INT iDANodeIndex
116 );
117
118
119 static BOOL s_bHandleRxEncryption(
120 IN PSDevice pDevice,
121 IN PBYTE pbyFrame,
122 IN UINT FrameSize,
123 IN PBYTE pbyRsr,
124 OUT PBYTE pbyNewRsr,
125 OUT PSKeyItem *pKeyOut,
126 int * pbExtIV,
127 OUT PWORD pwRxTSC15_0,
128 OUT PDWORD pdwRxTSC47_16
129 );
130
131 static BOOL s_bHostWepRxEncryption(
132
133 IN PSDevice pDevice,
134 IN PBYTE pbyFrame,
135 IN UINT FrameSize,
136 IN PBYTE pbyRsr,
137 IN BOOL bOnFly,
138 IN PSKeyItem pKey,
139 OUT PBYTE pbyNewRsr,
140 int * pbExtIV,
141 OUT PWORD pwRxTSC15_0,
142 OUT PDWORD pdwRxTSC47_16
143
144 );
145
146 /*--------------------- Export Variables --------------------------*/
147
148 /*+
149 *
150 * Description:
151 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
152 *
153 * Parameters:
154 * In:
155 * pDevice
156 * dwRxBufferAddr - Address of Rcv Buffer
157 * cbPacketSize - Rcv Packet size
158 * bIsWEP - If Rcv with WEP
159 * Out:
160 * pcbHeaderSize - 802.11 header size
161 *
162 * Return Value: None
163 *
164 -*/
165 static
166 VOID
167 s_vProcessRxMACHeader (
168 IN PSDevice pDevice,
169 IN PBYTE pbyRxBufferAddr,
170 IN UINT cbPacketSize,
171 IN BOOL bIsWEP,
172 IN BOOL bExtIV,
173 OUT PUINT pcbHeadSize
174 )
175 {
176 PBYTE pbyRxBuffer;
177 UINT cbHeaderSize = 0;
178 PWORD pwType;
179 PS802_11Header pMACHeader;
180 int ii;
181
182
183 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
184
185 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
186
187 if (bIsWEP) {
188 if (bExtIV) {
189 // strip IV&ExtIV , add 8 byte
190 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
191 } else {
192 // strip IV , add 4 byte
193 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
194 }
195 }
196 else {
197 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
198 };
199
200 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
201 if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
202 cbHeaderSize += 6;
203 }
204 else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
205 cbHeaderSize += 6;
206 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
207 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
208 }
209 else {
210 cbHeaderSize -= 8;
211 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
212 if (bIsWEP) {
213 if (bExtIV) {
214 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
215 } else {
216 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
217 }
218 }
219 else {
220 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
221 }
222 }
223 }
224 else {
225 cbHeaderSize -= 2;
226 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
227 if (bIsWEP) {
228 if (bExtIV) {
229 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
230 } else {
231 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
232 }
233 }
234 else {
235 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
236 }
237 }
238
239 cbHeaderSize -= (U_ETHER_ADDR_LEN * 2);
240 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
241 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
242 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
243 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
244 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
245
246 *pcbHeadSize = cbHeaderSize;
247 }
248
249
250
251
252 static BYTE s_byGetRateIdx (IN BYTE byRate)
253 {
254 BYTE byRateIdx;
255
256 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
257 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
258 return byRateIdx;
259 }
260 return 0;
261 }
262
263
264 static
265 VOID
266 s_vGetDASA (
267 IN PBYTE pbyRxBufferAddr,
268 OUT PUINT pcbHeaderSize,
269 OUT PSEthernetHeader psEthHeader
270 )
271 {
272 UINT cbHeaderSize = 0;
273 PS802_11Header pMACHeader;
274 int ii;
275
276 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
277
278 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
279 if (pMACHeader->wFrameCtl & FC_FROMDS) {
280 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
281 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
282 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
283 }
284 }
285 else {
286 // IBSS mode
287 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
288 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
289 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
290 }
291 }
292 }
293 else {
294 // Is AP mode..
295 if (pMACHeader->wFrameCtl & FC_FROMDS) {
296 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
297 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
298 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
299 cbHeaderSize += 6;
300 }
301 }
302 else {
303 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
304 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
305 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
306 }
307 }
308 };
309 *pcbHeaderSize = cbHeaderSize;
310 }
311
312
313
314
315 //PLICE_DEBUG ->
316
317 VOID MngWorkItem(PVOID Context)
318 {
319 PSRxMgmtPacket pRxMgmtPacket;
320 PSDevice pDevice = (PSDevice) Context;
321 //printk("Enter MngWorkItem,Queue packet num is %d\n",pDevice->rxManeQueue.packet_num);
322 spin_lock_irq(&pDevice->lock);
323 while(pDevice->rxManeQueue.packet_num != 0)
324 {
325 pRxMgmtPacket = DeQueue(pDevice);
326 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket);
327 }
328 spin_unlock_irq(&pDevice->lock);
329 }
330
331
332 //PLICE_DEBUG<-
333
334
335
336 BOOL
337 device_receive_frame (
338 IN PSDevice pDevice,
339 IN PSRxDesc pCurrRD
340 )
341 {
342
343 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo;
344 #ifdef PLICE_DEBUG
345 //printk("device_receive_frame:pCurrRD is %x,pRDInfo is %x\n",pCurrRD,pCurrRD->pRDInfo);
346 #endif
347 struct net_device_stats* pStats=&pDevice->stats;
348 struct sk_buff* skb;
349 PSMgmtObject pMgmt = pDevice->pMgmt;
350 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket);
351 PS802_11Header p802_11Header;
352 PBYTE pbyRsr;
353 PBYTE pbyNewRsr;
354 PBYTE pbyRSSI;
355 PQWORD pqwTSFTime;
356 PWORD pwFrameSize;
357 PBYTE pbyFrame;
358 BOOL bDeFragRx = FALSE;
359 BOOL bIsWEP = FALSE;
360 UINT cbHeaderOffset;
361 UINT FrameSize;
362 WORD wEtherType = 0;
363 INT iSANodeIndex = -1;
364 INT iDANodeIndex = -1;
365 UINT ii;
366 UINT cbIVOffset;
367 BOOL bExtIV = FALSE;
368 PBYTE pbyRxSts;
369 PBYTE pbyRxRate;
370 PBYTE pbySQ;
371 UINT cbHeaderSize;
372 PSKeyItem pKey = NULL;
373 WORD wRxTSC15_0 = 0;
374 DWORD dwRxTSC47_16 = 0;
375 SKeyItem STempKey;
376 // 802.11h RPI
377 DWORD dwDuration = 0;
378 LONG ldBm = 0;
379 LONG ldBmThreshold = 0;
380 PS802_11Header pMACHeader;
381 BOOL bRxeapol_key = FALSE;
382
383 // DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- device_receive_frame---\n");
384
385 skb = pRDInfo->skb;
386
387
388 //PLICE_DEBUG->
389 #if 1
390 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma,
391 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE);
392 #endif
393 //PLICE_DEBUG<-
394 pwFrameSize = (PWORD)(skb->data + 2);
395 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount);
396
397 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
398 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
399 if ((FrameSize > 2364)||(FrameSize <= 32)) {
400 // Frame Size error drop this packet.
401 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
402 return FALSE;
403 }
404
405 pbyRxSts = (PBYTE) (skb->data);
406 pbyRxRate = (PBYTE) (skb->data + 1);
407 pbyRsr = (PBYTE) (skb->data + FrameSize - 1);
408 pbyRSSI = (PBYTE) (skb->data + FrameSize - 2);
409 pbyNewRsr = (PBYTE) (skb->data + FrameSize - 3);
410 pbySQ = (PBYTE) (skb->data + FrameSize - 4);
411 pqwTSFTime = (PQWORD) (skb->data + FrameSize - 12);
412 pbyFrame = (PBYTE)(skb->data + 4);
413
414 // get packet size
415 FrameSize = cpu_to_le16(*pwFrameSize);
416
417 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC
418 // Min: 14 bytes ACK
419 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n");
420 return FALSE;
421 }
422 //PLICE_DEBUG->
423 #if 1
424 // update receive statistic counter
425 STAvUpdateRDStatCounter(&pDevice->scStatistic,
426 *pbyRsr,
427 *pbyNewRsr,
428 *pbyRxRate,
429 pbyFrame,
430 FrameSize);
431
432 #endif
433
434 pMACHeader=(PS802_11Header)((PBYTE) (skb->data)+8);
435 //PLICE_DEBUG<-
436 if (pDevice->bMeasureInProgress == TRUE) {
437 if ((*pbyRsr & RSR_CRCOK) != 0) {
438 pDevice->byBasicMap |= 0x01;
439 }
440 dwDuration = (FrameSize << 4);
441 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE];
442 if (*pbyRxRate <= RATE_11M) {
443 if (*pbyRxSts & 0x01) {
444 // long preamble
445 dwDuration += 192;
446 } else {
447 // short preamble
448 dwDuration += 96;
449 }
450 } else {
451 dwDuration += 16;
452 }
453 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
454 ldBmThreshold = -57;
455 for (ii = 7; ii > 0;) {
456 if (ldBm > ldBmThreshold) {
457 break;
458 }
459 ldBmThreshold -= 5;
460 ii--;
461 }
462 pDevice->dwRPIs[ii] += dwDuration;
463 return FALSE;
464 }
465
466 if (!IS_MULTICAST_ADDRESS(pbyFrame) && !IS_BROADCAST_ADDRESS(pbyFrame)) {
467 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) (skb->data + 4))) {
468 pDevice->s802_11Counter.FrameDuplicateCount++;
469 return FALSE;
470 }
471 }
472
473
474 // Use for TKIP MIC
475 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader);
476
477 // filter packet send from myself
478 if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr))
479 return FALSE;
480
481 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
482 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
483 p802_11Header = (PS802_11Header) (pbyFrame);
484 // get SA NodeIndex
485 if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
486 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
487 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
488 }
489 }
490 }
491
492 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
493 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
494 return FALSE;
495 }
496 }
497
498
499 if (IS_FC_WEP(pbyFrame)) {
500 BOOL bRxDecryOK = FALSE;
501
502 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
503 bIsWEP = TRUE;
504 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
505 pKey = &STempKey;
506 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
507 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
508 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
509 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
510 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
511 memcpy(pKey->abyKey,
512 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
513 pKey->uKeyLength
514 );
515
516 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
517 pbyFrame,
518 FrameSize,
519 pbyRsr,
520 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
521 pKey,
522 pbyNewRsr,
523 &bExtIV,
524 &wRxTSC15_0,
525 &dwRxTSC47_16);
526 } else {
527 bRxDecryOK = s_bHandleRxEncryption(pDevice,
528 pbyFrame,
529 FrameSize,
530 pbyRsr,
531 pbyNewRsr,
532 &pKey,
533 &bExtIV,
534 &wRxTSC15_0,
535 &dwRxTSC47_16);
536 }
537
538 if (bRxDecryOK) {
539 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
540 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
541 if ( (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
542 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
543 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
544 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
545 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
546
547 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
548 pDevice->s802_11Counter.TKIPICVErrors++;
549 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
550 pDevice->s802_11Counter.CCMPDecryptErrors++;
551 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
552 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
553 }
554 }
555 return FALSE;
556 }
557 } else {
558 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
559 return FALSE;
560 }
561 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
562 FrameSize -= 8; // Message Integrity Code
563 else
564 FrameSize -= 4; // 4 is ICV
565 }
566
567
568 //
569 // RX OK
570 //
571 //remove the CRC length
572 FrameSize -= U_CRC_LEN;
573
574 if (( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address
575 (IS_FRAGMENT_PKT((skb->data+4)))
576 ) {
577 // defragment
578 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (skb->data+4), FrameSize, bIsWEP, bExtIV);
579 pDevice->s802_11Counter.ReceivedFragmentCount++;
580 if (bDeFragRx) {
581 // defrag complete
582 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
583 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
584
585 }
586 else {
587 return FALSE;
588 }
589 }
590
591
592 // Management & Control frame Handle
593 if ((IS_TYPE_DATA((skb->data+4))) == FALSE) {
594 // Handle Control & Manage Frame
595
596 if (IS_TYPE_MGMT((skb->data+4))) {
597 PBYTE pbyData1;
598 PBYTE pbyData2;
599
600 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4);
601 pRxPacket->cbMPDULen = FrameSize;
602 pRxPacket->uRSSI = *pbyRSSI;
603 pRxPacket->bySQ = *pbySQ;
604 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
605 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
606 if (bIsWEP) {
607 // strip IV
608 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4);
609 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4;
610 for (ii = 0; ii < (FrameSize - 4); ii++) {
611 *pbyData1 = *pbyData2;
612 pbyData1++;
613 pbyData2++;
614 }
615 }
616 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
617 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
618 //PLICE_DEBUG->
619 //EnQueue(pDevice,pRxPacket);
620
621 #ifdef THREAD
622 EnQueue(pDevice,pRxPacket);
623
624 //printk("enque time is %x\n",jiffies);
625 //up(&pDevice->mlme_semaphore);
626 //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt);
627 #else
628
629 #ifdef TASK_LET
630 EnQueue(pDevice,pRxPacket);
631 tasklet_schedule(&pDevice->RxMngWorkItem);
632 #else
633 //printk("RxMan\n");
634 vMgrRxManagePacket((HANDLE)pDevice, pDevice->pMgmt, pRxPacket);
635 //tasklet_schedule(&pDevice->RxMngWorkItem);
636 #endif
637
638 #endif
639 //PLICE_DEBUG<-
640 //vMgrRxManagePacket((HANDLE)pDevice, pDevice->pMgmt, pRxPacket);
641 // hostap Deamon handle 802.11 management
642 if (pDevice->bEnableHostapd) {
643 skb->dev = pDevice->apdev;
644 skb->data += 4;
645 skb->tail += 4;
646 skb_put(skb, FrameSize);
647 skb_reset_mac_header(skb);
648 skb->pkt_type = PACKET_OTHERHOST;
649 skb->protocol = htons(ETH_P_802_2);
650 memset(skb->cb, 0, sizeof(skb->cb));
651 netif_rx(skb);
652 return TRUE;
653 }
654 }
655 else {
656 // Control Frame
657 };
658 return FALSE;
659 }
660 else {
661 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
662 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
663 if ( !(*pbyRsr & RSR_BSSIDOK)) {
664 if (bDeFragRx) {
665 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
666 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
667 pDevice->dev->name);
668 }
669 }
670 return FALSE;
671 }
672 }
673 else {
674 // discard DATA packet while not associate || BSSID error
675 if ((pDevice->bLinkPass == FALSE) ||
676 !(*pbyRsr & RSR_BSSIDOK)) {
677 if (bDeFragRx) {
678 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
679 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
680 pDevice->dev->name);
681 }
682 }
683 return FALSE;
684 }
685 //mike add:station mode check eapol-key challenge--->
686 {
687 BYTE Protocol_Version; //802.1x Authentication
688 BYTE Packet_Type; //802.1x Authentication
689 if (bIsWEP)
690 cbIVOffset = 8;
691 else
692 cbIVOffset = 0;
693 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
694 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
695 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
696 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
697 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
698 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
699 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive
700 bRxeapol_key = TRUE;
701 }
702 }
703 }
704 //mike add:station mode check eapol-key challenge<---
705 }
706 }
707
708
709 // Data frame Handle
710
711
712 if (pDevice->bEnablePSMode) {
713 if (IS_FC_MOREDATA((skb->data+4))) {
714 if (*pbyRsr & RSR_ADDROK) {
715 //PSbSendPSPOLL((PSDevice)pDevice);
716 }
717 }
718 else {
719 if (pDevice->pMgmt->bInTIMWake == TRUE) {
720 pDevice->pMgmt->bInTIMWake = FALSE;
721 }
722 }
723 };
724
725 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
726 if (pDevice->bDiversityEnable && (FrameSize>50) &&
727 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
728 (pDevice->bLinkPass == TRUE)) {
729 //printk("device_receive_frame: RxRate is %d\n",*pbyRxRate);
730 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
731 }
732
733
734 if (pDevice->byLocalID != REV_ID_VT3253_B1) {
735 pDevice->uCurrRSSI = *pbyRSSI;
736 }
737 pDevice->byCurrSQ = *pbySQ;
738
739 if ((*pbyRSSI != 0) &&
740 (pMgmt->pCurrBSS!=NULL)) {
741 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
742 // Moniter if RSSI is too strong.
743 pMgmt->pCurrBSS->byRSSIStatCnt++;
744 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
745 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
746 for(ii=0;ii<RSSI_STAT_COUNT;ii++) {
747 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
748 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
749 }
750 }
751 }
752
753 // -----------------------------------------------
754
755 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
756 BYTE abyMacHdr[24];
757
758 // Only 802.1x packet incoming allowed
759 if (bIsWEP)
760 cbIVOffset = 8;
761 else
762 cbIVOffset = 0;
763 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) |
764 skb->data[cbIVOffset + 4 + 24 + 6 + 1];
765
766 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
767 if (wEtherType == ETH_P_PAE) {
768 skb->dev = pDevice->apdev;
769
770 if (bIsWEP == TRUE) {
771 // strip IV header(8)
772 memcpy(&abyMacHdr[0], (skb->data + 4), 24);
773 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24);
774 }
775 skb->data += (cbIVOffset + 4);
776 skb->tail += (cbIVOffset + 4);
777 skb_put(skb, FrameSize);
778 skb_reset_mac_header(skb);
779
780 skb->pkt_type = PACKET_OTHERHOST;
781 skb->protocol = htons(ETH_P_802_2);
782 memset(skb->cb, 0, sizeof(skb->cb));
783 netif_rx(skb);
784 return TRUE;
785
786 }
787 // check if 802.1x authorized
788 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
789 return FALSE;
790 }
791
792
793 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
794 if (bIsWEP) {
795 FrameSize -= 8; //MIC
796 }
797 }
798
799 //--------------------------------------------------------------------------------
800 // Soft MIC
801 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
802 if (bIsWEP) {
803 PDWORD pdwMIC_L;
804 PDWORD pdwMIC_R;
805 DWORD dwMIC_Priority;
806 DWORD dwMICKey0 = 0, dwMICKey1 = 0;
807 DWORD dwLocalMIC_L = 0;
808 DWORD dwLocalMIC_R = 0;
809 viawget_wpa_header *wpahdr;
810
811
812 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
813 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
814 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
815 }
816 else {
817 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
818 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
819 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
820 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
821 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
822 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
823 } else {
824 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
825 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
826 }
827 }
828
829 MIC_vInit(dwMICKey0, dwMICKey1);
830 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
831 dwMIC_Priority = 0;
832 MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
833 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
834 MIC_vAppend((PBYTE)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8),
835 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
836 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
837 MIC_vUnInit();
838
839 pdwMIC_L = (PDWORD)(skb->data + 4 + FrameSize);
840 pdwMIC_R = (PDWORD)(skb->data + 4 + FrameSize + 4);
841 //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R));
842 //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R));
843 //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1);
844
845
846 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
847 (pDevice->bRxMICFail == TRUE)) {
848 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
849 pDevice->bRxMICFail = FALSE;
850 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
851 pDevice->s802_11Counter.TKIPLocalMICFailures++;
852 if (bDeFragRx) {
853 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
854 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
855 pDevice->dev->name);
856 }
857 }
858 //2008-0409-07, <Add> by Einsn Liu
859 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
860 //send event to wpa_supplicant
861 //if(pDevice->bWPADevEnable == TRUE)
862 {
863 union iwreq_data wrqu;
864 struct iw_michaelmicfailure ev;
865 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
866 memset(&ev, 0, sizeof(ev));
867 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
868 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
869 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
870 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
871 ev.flags |= IW_MICFAILURE_PAIRWISE;
872 } else {
873 ev.flags |= IW_MICFAILURE_GROUP;
874 }
875
876 ev.src_addr.sa_family = ARPHRD_ETHER;
877 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
878 memset(&wrqu, 0, sizeof(wrqu));
879 wrqu.data.length = sizeof(ev);
880 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
881
882 }
883 #endif
884
885
886 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
887 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
888 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
889 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
890 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
891 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
892 wpahdr->type = VIAWGET_PTK_MIC_MSG;
893 } else {
894 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
895 wpahdr->type = VIAWGET_GTK_MIC_MSG;
896 }
897 wpahdr->resp_ie_len = 0;
898 wpahdr->req_ie_len = 0;
899 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
900 pDevice->skb->dev = pDevice->wpadev;
901 skb_reset_mac_header(pDevice->skb);
902 pDevice->skb->pkt_type = PACKET_HOST;
903 pDevice->skb->protocol = htons(ETH_P_802_2);
904 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
905 netif_rx(pDevice->skb);
906 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
907 };
908
909 return FALSE;
910
911 }
912 }
913 } //---end of SOFT MIC-----------------------------------------------------------------------
914
915 // ++++++++++ Reply Counter Check +++++++++++++
916
917 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
918 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
919 if (bIsWEP) {
920 WORD wLocalTSC15_0 = 0;
921 DWORD dwLocalTSC47_16 = 0;
922 ULONGLONG RSC = 0;
923 // endian issues
924 RSC = *((ULONGLONG *) &(pKey->KeyRSC));
925 wLocalTSC15_0 = (WORD) RSC;
926 dwLocalTSC47_16 = (DWORD) (RSC>>16);
927
928 RSC = dwRxTSC47_16;
929 RSC <<= 16;
930 RSC += wRxTSC15_0;
931 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
932
933 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
934 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
935 // check RSC
936 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
937 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
938 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
939 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
940 if (pKey->byCipherSuite == KEY_CTL_TKIP)
941 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
942 pDevice->s802_11Counter.TKIPReplays++;
943 else
944 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
945 pDevice->s802_11Counter.CCMPReplays++;
946
947 if (bDeFragRx) {
948 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
949 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
950 pDevice->dev->name);
951 }
952 }
953 return FALSE;
954 }
955 }
956 }
957 } // ----- End of Reply Counter Check --------------------------
958
959
960
961 if ((pKey != NULL) && (bIsWEP)) {
962 // pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++;
963 }
964
965
966 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
967 FrameSize -= cbHeaderOffset;
968 cbHeaderOffset += 4; // 4 is Rcv buffer header
969
970 // Null data, framesize = 14
971 if (FrameSize < 15)
972 return FALSE;
973
974 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
975 if (s_bAPModeRxData(pDevice,
976 skb,
977 FrameSize,
978 cbHeaderOffset,
979 iSANodeIndex,
980 iDANodeIndex
981 ) == FALSE) {
982
983 if (bDeFragRx) {
984 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
985 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
986 pDevice->dev->name);
987 }
988 }
989 return FALSE;
990 }
991
992 // if(pDevice->bRxMICFail == FALSE) {
993 // for (ii =0; ii < 100; ii++)
994 // printk(" %02x", *(skb->data + ii));
995 // printk("\n");
996 // }
997
998 }
999
1000 skb->data += cbHeaderOffset;
1001 skb->tail += cbHeaderOffset;
1002 skb_put(skb, FrameSize);
1003 skb->protocol=eth_type_trans(skb, skb->dev);
1004
1005
1006 //drop frame not met IEEE 802.3
1007 /*
1008 if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) {
1009 if ((skb->protocol==htons(ETH_P_802_3)) &&
1010 (skb->len!=htons(skb->mac.ethernet->h_proto))) {
1011 pStats->rx_length_errors++;
1012 pStats->rx_dropped++;
1013 if (bDeFragRx) {
1014 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1015 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1016 pDevice->dev->name);
1017 }
1018 }
1019 return FALSE;
1020 }
1021 }
1022 */
1023
1024 skb->ip_summed=CHECKSUM_NONE;
1025 pStats->rx_bytes +=skb->len;
1026 pStats->rx_packets++;
1027 netif_rx(skb);
1028
1029 if (bDeFragRx) {
1030 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1031 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1032 pDevice->dev->name);
1033 }
1034 return FALSE;
1035 }
1036
1037 return TRUE;
1038 }
1039
1040
1041 static BOOL s_bAPModeRxCtl (
1042 IN PSDevice pDevice,
1043 IN PBYTE pbyFrame,
1044 IN INT iSANodeIndex
1045 )
1046 {
1047 PS802_11Header p802_11Header;
1048 CMD_STATUS Status;
1049 PSMgmtObject pMgmt = pDevice->pMgmt;
1050
1051
1052 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1053
1054 p802_11Header = (PS802_11Header) (pbyFrame);
1055 if (!IS_TYPE_MGMT(pbyFrame)) {
1056
1057 // Data & PS-Poll packet
1058 // check frame class
1059 if (iSANodeIndex > 0) {
1060 // frame class 3 fliter & checking
1061 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1062 // send deauth notification
1063 // reason = (6) class 2 received from nonauth sta
1064 vMgrDeAuthenBeginSta(pDevice,
1065 pMgmt,
1066 (PBYTE)(p802_11Header->abyAddr2),
1067 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1068 &Status
1069 );
1070 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1071 return TRUE;
1072 };
1073 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1074 // send deassoc notification
1075 // reason = (7) class 3 received from nonassoc sta
1076 vMgrDisassocBeginSta(pDevice,
1077 pMgmt,
1078 (PBYTE)(p802_11Header->abyAddr2),
1079 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1080 &Status
1081 );
1082 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1083 return TRUE;
1084 };
1085
1086 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1087 // delcare received ps-poll event
1088 if (IS_CTL_PSPOLL(pbyFrame)) {
1089 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1090 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1091 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1092 }
1093 else {
1094 // check Data PS state
1095 // if PW bit off, send out all PS bufferring packets.
1096 if (!IS_FC_POWERMGT(pbyFrame)) {
1097 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1098 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1099 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1100 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1101 }
1102 }
1103 }
1104 else {
1105 if (IS_FC_POWERMGT(pbyFrame)) {
1106 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1107 // Once if STA in PS state, enable multicast bufferring
1108 pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1109 }
1110 else {
1111 // clear all pending PS frame.
1112 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1113 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1114 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1115 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1116 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1117
1118 }
1119 }
1120 }
1121 }
1122 else {
1123 vMgrDeAuthenBeginSta(pDevice,
1124 pMgmt,
1125 (PBYTE)(p802_11Header->abyAddr2),
1126 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1127 &Status
1128 );
1129 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1130 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1131 p802_11Header->abyAddr3[0],
1132 p802_11Header->abyAddr3[1],
1133 p802_11Header->abyAddr3[2],
1134 p802_11Header->abyAddr3[3],
1135 p802_11Header->abyAddr3[4],
1136 p802_11Header->abyAddr3[5]
1137 );
1138 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1139 p802_11Header->abyAddr2[0],
1140 p802_11Header->abyAddr2[1],
1141 p802_11Header->abyAddr2[2],
1142 p802_11Header->abyAddr2[3],
1143 p802_11Header->abyAddr2[4],
1144 p802_11Header->abyAddr2[5]
1145 );
1146 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1147 p802_11Header->abyAddr1[0],
1148 p802_11Header->abyAddr1[1],
1149 p802_11Header->abyAddr1[2],
1150 p802_11Header->abyAddr1[3],
1151 p802_11Header->abyAddr1[4],
1152 p802_11Header->abyAddr1[5]
1153 );
1154 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1155 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode));
1156 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode );
1157 return TRUE;
1158 }
1159 }
1160 }
1161 return FALSE;
1162
1163 }
1164
1165 static BOOL s_bHandleRxEncryption (
1166 IN PSDevice pDevice,
1167 IN PBYTE pbyFrame,
1168 IN UINT FrameSize,
1169 IN PBYTE pbyRsr,
1170 OUT PBYTE pbyNewRsr,
1171 OUT PSKeyItem *pKeyOut,
1172 int * pbExtIV,
1173 OUT PWORD pwRxTSC15_0,
1174 OUT PDWORD pdwRxTSC47_16
1175 )
1176 {
1177 UINT PayloadLen = FrameSize;
1178 PBYTE pbyIV;
1179 BYTE byKeyIdx;
1180 PSKeyItem pKey = NULL;
1181 BYTE byDecMode = KEY_CTL_WEP;
1182 PSMgmtObject pMgmt = pDevice->pMgmt;
1183
1184
1185 *pwRxTSC15_0 = 0;
1186 *pdwRxTSC47_16 = 0;
1187
1188 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1189 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1190 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1191 pbyIV += 6; // 6 is 802.11 address4
1192 PayloadLen -= 6;
1193 }
1194 byKeyIdx = (*(pbyIV+3) & 0xc0);
1195 byKeyIdx >>= 6;
1196 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1197
1198 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1199 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1200 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1201 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1202 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1203 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1204 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) {
1205 // unicast pkt use pairwise key
1206 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1207 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1208 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP)
1209 byDecMode = KEY_CTL_TKIP;
1210 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP)
1211 byDecMode = KEY_CTL_CCMP;
1212 }
1213 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1214 } else {
1215 // use group key
1216 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1217 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1218 byDecMode = KEY_CTL_TKIP;
1219 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1220 byDecMode = KEY_CTL_CCMP;
1221 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1222 }
1223 }
1224 // our WEP only support Default Key
1225 if (pKey == NULL) {
1226 // use default group key
1227 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1228 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1229 byDecMode = KEY_CTL_TKIP;
1230 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1231 byDecMode = KEY_CTL_CCMP;
1232 }
1233 *pKeyOut = pKey;
1234
1235 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1236
1237 if (pKey == NULL) {
1238 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1239 if (byDecMode == KEY_CTL_WEP) {
1240 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1241 } else if (pDevice->bLinkPass == TRUE) {
1242 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1243 }
1244 return FALSE;
1245 }
1246 if (byDecMode != pKey->byCipherSuite) {
1247 if (byDecMode == KEY_CTL_WEP) {
1248 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1249 } else if (pDevice->bLinkPass == TRUE) {
1250 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1251 }
1252 *pKeyOut = NULL;
1253 return FALSE;
1254 }
1255 if (byDecMode == KEY_CTL_WEP) {
1256 // handle WEP
1257 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1258 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1259 // Software WEP
1260 // 1. 3253A
1261 // 2. WEP 256
1262
1263 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1264 memcpy(pDevice->abyPRNG, pbyIV, 3);
1265 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1266 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1267 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1268
1269 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1270 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1271 }
1272 }
1273 } else if ((byDecMode == KEY_CTL_TKIP) ||
1274 (byDecMode == KEY_CTL_CCMP)) {
1275 // TKIP/AES
1276
1277 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1278 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1279 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1280 if (byDecMode == KEY_CTL_TKIP) {
1281 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1282 } else {
1283 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1284 }
1285 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1286
1287 if ((byDecMode == KEY_CTL_TKIP) &&
1288 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1289 // Software TKIP
1290 // 1. 3253 A
1291 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1292 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1293 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1294 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1295 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1296 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1297 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1298 } else {
1299 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1300 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1301 }
1302 }
1303 }// end of TKIP/AES
1304
1305 if ((*(pbyIV+3) & 0x20) != 0)
1306 *pbExtIV = TRUE;
1307 return TRUE;
1308 }
1309
1310
1311 static BOOL s_bHostWepRxEncryption (
1312 IN PSDevice pDevice,
1313 IN PBYTE pbyFrame,
1314 IN UINT FrameSize,
1315 IN PBYTE pbyRsr,
1316 IN BOOL bOnFly,
1317 IN PSKeyItem pKey,
1318 OUT PBYTE pbyNewRsr,
1319 int * pbExtIV,
1320 OUT PWORD pwRxTSC15_0,
1321 OUT PDWORD pdwRxTSC47_16
1322 )
1323 {
1324 UINT PayloadLen = FrameSize;
1325 PBYTE pbyIV;
1326 BYTE byKeyIdx;
1327 BYTE byDecMode = KEY_CTL_WEP;
1328 PS802_11Header pMACHeader;
1329
1330
1331
1332 *pwRxTSC15_0 = 0;
1333 *pdwRxTSC47_16 = 0;
1334
1335 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1336 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1337 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1338 pbyIV += 6; // 6 is 802.11 address4
1339 PayloadLen -= 6;
1340 }
1341 byKeyIdx = (*(pbyIV+3) & 0xc0);
1342 byKeyIdx >>= 6;
1343 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1344
1345
1346 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1347 byDecMode = KEY_CTL_TKIP;
1348 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1349 byDecMode = KEY_CTL_CCMP;
1350
1351 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1352
1353 if (byDecMode != pKey->byCipherSuite) {
1354 if (byDecMode == KEY_CTL_WEP) {
1355 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1356 } else if (pDevice->bLinkPass == TRUE) {
1357 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1358 }
1359 return FALSE;
1360 }
1361
1362 if (byDecMode == KEY_CTL_WEP) {
1363 // handle WEP
1364 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1365 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1366 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1367 (bOnFly == FALSE)) {
1368 // Software WEP
1369 // 1. 3253A
1370 // 2. WEP 256
1371 // 3. NotOnFly
1372
1373 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1374 memcpy(pDevice->abyPRNG, pbyIV, 3);
1375 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1376 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1377 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1378
1379 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1380 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1381 }
1382 }
1383 } else if ((byDecMode == KEY_CTL_TKIP) ||
1384 (byDecMode == KEY_CTL_CCMP)) {
1385 // TKIP/AES
1386
1387 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1388 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1389 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1390
1391 if (byDecMode == KEY_CTL_TKIP) {
1392 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1393 } else {
1394 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1395 }
1396 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1397
1398 if (byDecMode == KEY_CTL_TKIP) {
1399
1400 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1401 // Software TKIP
1402 // 1. 3253 A
1403 // 2. NotOnFly
1404 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1405 pMACHeader = (PS802_11Header) (pbyFrame);
1406 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1407 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1408 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1409 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1410 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1411 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1412 } else {
1413 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1414 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1415 }
1416 }
1417 }
1418
1419 if (byDecMode == KEY_CTL_CCMP) {
1420 if (bOnFly == FALSE) {
1421 // Software CCMP
1422 // NotOnFly
1423 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1424 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1425 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1426 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1427 } else {
1428 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1429 }
1430 }
1431 }
1432
1433 }// end of TKIP/AES
1434
1435 if ((*(pbyIV+3) & 0x20) != 0)
1436 *pbExtIV = TRUE;
1437 return TRUE;
1438 }
1439
1440
1441
1442 static BOOL s_bAPModeRxData (
1443 IN PSDevice pDevice,
1444 IN struct sk_buff* skb,
1445 IN UINT FrameSize,
1446 IN UINT cbHeaderOffset,
1447 IN INT iSANodeIndex,
1448 IN INT iDANodeIndex
1449 )
1450 {
1451 PSMgmtObject pMgmt = pDevice->pMgmt;
1452 BOOL bRelayAndForward = FALSE;
1453 BOOL bRelayOnly = FALSE;
1454 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1455 WORD wAID;
1456
1457
1458 struct sk_buff* skbcpy = NULL;
1459
1460 if (FrameSize > CB_MAX_BUF_SIZE)
1461 return FALSE;
1462 // check DA
1463 if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) {
1464 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1465
1466 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1467
1468 // if any node in PS mode, buffer packet until DTIM.
1469 if (skbcpy == NULL) {
1470 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1471 }
1472 else {
1473 skbcpy->dev = pDevice->dev;
1474 skbcpy->len = FrameSize;
1475 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1476 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1477
1478 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1479 // set tx map
1480 pMgmt->abyPSTxMap[0] |= byMask[0];
1481 }
1482 }
1483 else {
1484 bRelayAndForward = TRUE;
1485 }
1486 }
1487 else {
1488 // check if relay
1489 if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1490 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1491 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1492 // queue this skb until next PS tx, and then release.
1493
1494 skb->data += cbHeaderOffset;
1495 skb->tail += cbHeaderOffset;
1496 skb_put(skb, FrameSize);
1497 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1498 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1499 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1500 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1501 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1502 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1503 return TRUE;
1504 }
1505 else {
1506 bRelayOnly = TRUE;
1507 }
1508 }
1509 };
1510 }
1511
1512 if (bRelayOnly || bRelayAndForward) {
1513 // relay this packet right now
1514 if (bRelayAndForward)
1515 iDANodeIndex = 0;
1516
1517 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1518 ROUTEbRelay(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex);
1519 }
1520
1521 if (bRelayOnly)
1522 return FALSE;
1523 }
1524 // none associate, don't forward
1525 if (pDevice->uAssocCount == 0)
1526 return FALSE;
1527
1528 return TRUE;
1529 }
1530
kernel source for telekom puls (alcatel/mediatek)