Commit | Line | Data |
---|---|---|
92b96797 FB |
1 | /* |
2 | * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. | |
3 | * All rights reserved. | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License as published by | |
7 | * the Free Software Foundation; either version 2 of the License, or | |
8 | * (at your option) any later version. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, | |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | * GNU General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU General Public License along | |
16 | * with this program; if not, write to the Free Software Foundation, Inc., | |
17 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
18 | * | |
19 | * File: dpc.c | |
20 | * | |
21 | * Purpose: handle dpc rx functions | |
22 | * | |
23 | * Author: Lyndon Chen | |
24 | * | |
25 | * Date: May 20, 2003 | |
26 | * | |
27 | * Functions: | |
28 | * device_receive_frame - Rcv 802.11 frame function | |
29 | * s_bAPModeRxCtl- AP Rcv frame filer Ctl. | |
30 | * s_bAPModeRxData- AP Rcv data frame handle | |
31 | * s_bHandleRxEncryption- Rcv decrypted data via on-fly | |
32 | * s_bHostWepRxEncryption- Rcv encrypted data via host | |
33 | * s_byGetRateIdx- get rate index | |
34 | * s_vGetDASA- get data offset | |
35 | * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 | |
36 | * | |
37 | * Revision History: | |
38 | * | |
39 | */ | |
40 | ||
92b96797 | 41 | #include "device.h" |
92b96797 | 42 | #include "rxtx.h" |
92b96797 | 43 | #include "tether.h" |
92b96797 | 44 | #include "card.h" |
92b96797 | 45 | #include "bssdb.h" |
92b96797 | 46 | #include "mac.h" |
92b96797 | 47 | #include "baseband.h" |
92b96797 | 48 | #include "michael.h" |
92b96797 | 49 | #include "tkip.h" |
92b96797 | 50 | #include "tcrc.h" |
92b96797 | 51 | #include "wctl.h" |
92b96797 | 52 | #include "hostap.h" |
92b96797 | 53 | #include "rf.h" |
92b96797 | 54 | #include "iowpa.h" |
92b96797 | 55 | #include "aes_ccmp.h" |
92b96797 | 56 | #include "datarate.h" |
92b96797 | 57 | #include "usbpipe.h" |
92b96797 FB |
58 | |
59 | /*--------------------- Static Definitions -------------------------*/ | |
60 | ||
61 | /*--------------------- Static Classes ----------------------------*/ | |
62 | ||
63 | /*--------------------- Static Variables --------------------------*/ | |
64 | //static int msglevel =MSG_LEVEL_DEBUG; | |
65 | static int msglevel =MSG_LEVEL_INFO; | |
66 | ||
67 | const BYTE acbyRxRate[MAX_RATE] = | |
68 | {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; | |
69 | ||
70 | ||
71 | /*--------------------- Static Functions --------------------------*/ | |
72 | ||
73 | /*--------------------- Static Definitions -------------------------*/ | |
74 | ||
75 | /*--------------------- Static Functions --------------------------*/ | |
76 | ||
592ccfeb | 77 | static BYTE s_byGetRateIdx(BYTE byRate); |
92b96797 FB |
78 | |
79 | static | |
8611a29a | 80 | void |
92b96797 | 81 | s_vGetDASA( |
592ccfeb | 82 | PBYTE pbyRxBufferAddr, |
93a94c42 | 83 | unsigned int *pcbHeaderSize, |
6f8c13c7 | 84 | PSEthernetHeader psEthHeader |
92b96797 FB |
85 | ); |
86 | ||
45c73bb1 MP |
87 | static void s_vProcessRxMACHeader(struct vnt_private *pDevice, |
88 | u8 *pbyRxBufferAddr, u32 cbPacketSize, int bIsWEP, int bExtIV, | |
89 | u32 *pcbHeadSize); | |
92b96797 | 90 | |
45c73bb1 MP |
91 | static int s_bAPModeRxCtl(struct vnt_private *pDevice, u8 *pbyFrame, |
92 | s32 iSANodeIndex); | |
92b96797 | 93 | |
45c73bb1 MP |
94 | static int s_bAPModeRxData(struct vnt_private *pDevice, struct sk_buff *skb, |
95 | u32 FrameSize, u32 cbHeaderOffset, s32 iSANodeIndex, s32 iDANodeIndex); | |
92b96797 | 96 | |
45c73bb1 MP |
97 | static int s_bHandleRxEncryption(struct vnt_private *pDevice, u8 *pbyFrame, |
98 | u32 FrameSize, u8 *pbyRsr, u8 *pbyNewRsr, PSKeyItem *pKeyOut, | |
99 | s32 *pbExtIV, u16 *pwRxTSC15_0, u32 *pdwRxTSC47_16); | |
92b96797 | 100 | |
45c73bb1 MP |
101 | static int s_bHostWepRxEncryption(struct vnt_private *pDevice, u8 *pbyFrame, |
102 | u32 FrameSize, u8 *pbyRsr, int bOnFly, PSKeyItem pKey, u8 *pbyNewRsr, | |
103 | s32 *pbExtIV, u16 *pwRxTSC15_0, u32 *pdwRxTSC47_16); | |
92b96797 FB |
104 | |
105 | /*--------------------- Export Variables --------------------------*/ | |
106 | ||
107 | /*+ | |
108 | * | |
109 | * Description: | |
110 | * Translate Rcv 802.11 header to 802.3 header with Rx buffer | |
111 | * | |
112 | * Parameters: | |
113 | * In: | |
114 | * pDevice | |
115 | * dwRxBufferAddr - Address of Rcv Buffer | |
116 | * cbPacketSize - Rcv Packet size | |
117 | * bIsWEP - If Rcv with WEP | |
118 | * Out: | |
119 | * pcbHeaderSize - 802.11 header size | |
120 | * | |
121 | * Return Value: None | |
122 | * | |
123 | -*/ | |
45c73bb1 MP |
124 | |
125 | static void s_vProcessRxMACHeader(struct vnt_private *pDevice, | |
126 | u8 *pbyRxBufferAddr, u32 cbPacketSize, int bIsWEP, int bExtIV, | |
127 | u32 *pcbHeadSize) | |
92b96797 | 128 | { |
45c73bb1 MP |
129 | u8 *pbyRxBuffer; |
130 | u32 cbHeaderSize = 0; | |
131 | u16 *pwType; | |
132 | PS802_11Header pMACHeader; | |
133 | int ii; | |
92b96797 FB |
134 | |
135 | ||
136 | pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); | |
137 | ||
138 | s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); | |
139 | ||
140 | if (bIsWEP) { | |
141 | if (bExtIV) { | |
142 | // strip IV&ExtIV , add 8 byte | |
143 | cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); | |
144 | } else { | |
145 | // strip IV , add 4 byte | |
146 | cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); | |
147 | } | |
148 | } | |
149 | else { | |
150 | cbHeaderSize += WLAN_HDR_ADDR3_LEN; | |
151 | }; | |
152 | ||
153 | pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); | |
4722a26c | 154 | if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) { |
92b96797 | 155 | cbHeaderSize += 6; |
4722a26c | 156 | } else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) { |
92b96797 FB |
157 | cbHeaderSize += 6; |
158 | pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); | |
aa209eef | 159 | if ((*pwType == cpu_to_be16(ETH_P_IPX)) || |
203e4615 AM |
160 | (*pwType == cpu_to_le16(0xF380))) { |
161 | cbHeaderSize -= 8; | |
92b96797 FB |
162 | pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); |
163 | if (bIsWEP) { | |
164 | if (bExtIV) { | |
165 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV | |
166 | } else { | |
167 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV | |
168 | } | |
169 | } | |
170 | else { | |
171 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); | |
172 | } | |
173 | } | |
174 | } | |
175 | else { | |
176 | cbHeaderSize -= 2; | |
177 | pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); | |
178 | if (bIsWEP) { | |
179 | if (bExtIV) { | |
180 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV | |
181 | } else { | |
182 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV | |
183 | } | |
184 | } | |
185 | else { | |
186 | *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); | |
187 | } | |
188 | } | |
189 | ||
9a0e756c | 190 | cbHeaderSize -= (ETH_ALEN * 2); |
92b96797 | 191 | pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); |
9a0e756c | 192 | for (ii = 0; ii < ETH_ALEN; ii++) |
92b96797 | 193 | *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; |
9a0e756c | 194 | for (ii = 0; ii < ETH_ALEN; ii++) |
92b96797 FB |
195 | *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; |
196 | ||
197 | *pcbHeadSize = cbHeaderSize; | |
198 | } | |
199 | ||
200 | ||
201 | ||
202 | ||
592ccfeb | 203 | static BYTE s_byGetRateIdx(BYTE byRate) |
92b96797 FB |
204 | { |
205 | BYTE byRateIdx; | |
206 | ||
207 | for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) { | |
208 | if (acbyRxRate[byRateIdx%MAX_RATE] == byRate) | |
209 | return byRateIdx; | |
210 | } | |
211 | return 0; | |
212 | } | |
213 | ||
214 | ||
215 | static | |
8611a29a | 216 | void |
92b96797 | 217 | s_vGetDASA ( |
592ccfeb | 218 | PBYTE pbyRxBufferAddr, |
93a94c42 | 219 | unsigned int *pcbHeaderSize, |
6f8c13c7 | 220 | PSEthernetHeader psEthHeader |
92b96797 FB |
221 | ) |
222 | { | |
cc856e61 | 223 | unsigned int cbHeaderSize = 0; |
9a0e756c AM |
224 | PS802_11Header pMACHeader; |
225 | int ii; | |
226 | ||
227 | pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); | |
228 | ||
229 | if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { | |
230 | if (pMACHeader->wFrameCtl & FC_FROMDS) { | |
231 | for (ii = 0; ii < ETH_ALEN; ii++) { | |
232 | psEthHeader->abyDstAddr[ii] = | |
233 | pMACHeader->abyAddr1[ii]; | |
234 | psEthHeader->abySrcAddr[ii] = | |
235 | pMACHeader->abyAddr3[ii]; | |
236 | } | |
237 | } else { | |
238 | /* IBSS mode */ | |
239 | for (ii = 0; ii < ETH_ALEN; ii++) { | |
240 | psEthHeader->abyDstAddr[ii] = | |
241 | pMACHeader->abyAddr1[ii]; | |
242 | psEthHeader->abySrcAddr[ii] = | |
243 | pMACHeader->abyAddr2[ii]; | |
244 | } | |
245 | } | |
246 | } else { | |
247 | /* Is AP mode.. */ | |
248 | if (pMACHeader->wFrameCtl & FC_FROMDS) { | |
249 | for (ii = 0; ii < ETH_ALEN; ii++) { | |
250 | psEthHeader->abyDstAddr[ii] = | |
251 | pMACHeader->abyAddr3[ii]; | |
252 | psEthHeader->abySrcAddr[ii] = | |
253 | pMACHeader->abyAddr4[ii]; | |
254 | cbHeaderSize += 6; | |
255 | } | |
256 | } else { | |
257 | for (ii = 0; ii < ETH_ALEN; ii++) { | |
258 | psEthHeader->abyDstAddr[ii] = | |
259 | pMACHeader->abyAddr3[ii]; | |
260 | psEthHeader->abySrcAddr[ii] = | |
261 | pMACHeader->abyAddr2[ii]; | |
262 | } | |
263 | } | |
264 | }; | |
92b96797 FB |
265 | *pcbHeaderSize = cbHeaderSize; |
266 | } | |
267 | ||
268 | ||
45c73bb1 MP |
269 | int RXbBulkInProcessData(struct vnt_private *pDevice, PRCB pRCB, |
270 | unsigned long BytesToIndicate) | |
92b96797 | 271 | { |
45c73bb1 MP |
272 | struct net_device_stats *pStats = &pDevice->stats; |
273 | struct sk_buff *skb; | |
274 | struct vnt_manager *pMgmt = &pDevice->vnt_mgmt; | |
275 | struct vnt_rx_mgmt *pRxPacket = &pMgmt->sRxPacket; | |
276 | PS802_11Header p802_11Header; | |
277 | u8 *pbyRsr, *pbyNewRsr, *pbyRSSI, *pbyFrame; | |
7c65fa2a | 278 | u64 *pqwTSFTime; |
e269fc2d | 279 | u32 bDeFragRx = false; |
45c73bb1 | 280 | u32 cbHeaderOffset, cbIVOffset; |
cf5d170e | 281 | u32 FrameSize; |
45c73bb1 MP |
282 | u16 wEtherType = 0; |
283 | s32 iSANodeIndex = -1, iDANodeIndex = -1; | |
284 | int ii; | |
285 | u8 *pbyRxSts, *pbyRxRate, *pbySQ, *pby3SQ; | |
286 | u32 cbHeaderSize; | |
287 | PSKeyItem pKey = NULL; | |
288 | u16 wRxTSC15_0 = 0; | |
289 | u32 dwRxTSC47_16 = 0; | |
290 | SKeyItem STempKey; | |
291 | /* signed long ldBm = 0; */ | |
e269fc2d | 292 | int bIsWEP = false; int bExtIV = false; |
cf5d170e | 293 | u32 dwWbkStatus; |
45c73bb1 MP |
294 | PRCB pRCBIndicate = pRCB; |
295 | u8 *pbyDAddress; | |
296 | u16 *pwPLCP_Length; | |
297 | u8 abyVaildRate[MAX_RATE] | |
298 | = {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; | |
299 | u16 wPLCPwithPadding; | |
300 | PS802_11Header pMACHeader; | |
e269fc2d | 301 | int bRxeapol_key = false; |
92b96797 FB |
302 | |
303 | ||
304 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n"); | |
305 | ||
306 | skb = pRCB->skb; | |
307 | ||
cf5d170e MP |
308 | /* [31:16]RcvByteCount ( not include 4-byte Status ) */ |
309 | dwWbkStatus = *((u32 *)(skb->data)); | |
310 | FrameSize = dwWbkStatus >> 16; | |
311 | FrameSize += 4; | |
92b96797 | 312 | |
cf5d170e MP |
313 | if (BytesToIndicate != FrameSize) { |
314 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"------- WRONG Length 1\n"); | |
e269fc2d | 315 | return false; |
cf5d170e | 316 | } |
92b96797 | 317 | |
bd2bc4c7 | 318 | if ((BytesToIndicate > 2372) || (BytesToIndicate <= 40)) { |
92b96797 | 319 | // Frame Size error drop this packet. |
bd2bc4c7 | 320 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2\n"); |
e269fc2d | 321 | return false; |
92b96797 FB |
322 | } |
323 | ||
324 | pbyDAddress = (PBYTE)(skb->data); | |
325 | pbyRxSts = pbyDAddress+4; | |
326 | pbyRxRate = pbyDAddress+5; | |
327 | ||
328 | //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding | |
329 | //if SQ3 the range is 24~27, if no SQ3 the range is 20~23 | |
330 | //real Frame size in PLCPLength field. | |
331 | pwPLCP_Length = (PWORD) (pbyDAddress + 6); | |
332 | //Fix hardware bug => PLCP_Length error | |
333 | if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) || | |
334 | ((BytesToIndicate - (*pwPLCP_Length)) < 24) || | |
335 | (BytesToIndicate < (*pwPLCP_Length)) ) { | |
336 | ||
337 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length); | |
338 | ASSERT(0); | |
e269fc2d | 339 | return false; |
92b96797 FB |
340 | } |
341 | for ( ii=RATE_1M;ii<MAX_RATE;ii++) { | |
342 | if ( *pbyRxRate == abyVaildRate[ii] ) { | |
343 | break; | |
344 | } | |
345 | } | |
346 | if ( ii==MAX_RATE ) { | |
347 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate); | |
e269fc2d | 348 | return false; |
92b96797 FB |
349 | } |
350 | ||
351 | wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4; | |
352 | ||
7c65fa2a | 353 | pqwTSFTime = (u64 *)(pbyDAddress + 8 + wPLCPwithPadding); |
92b96797 FB |
354 | if(pDevice->byBBType == BB_TYPE_11G) { |
355 | pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12; | |
356 | pbySQ = pby3SQ; | |
357 | } | |
358 | else { | |
359 | pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8; | |
360 | pby3SQ = pbySQ; | |
361 | } | |
92b96797 FB |
362 | pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9; |
363 | pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10; | |
364 | pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11; | |
365 | ||
366 | FrameSize = *pwPLCP_Length; | |
367 | ||
368 | pbyFrame = pbyDAddress + 8; | |
369 | // update receive statistic counter | |
370 | ||
371 | STAvUpdateRDStatCounter(&pDevice->scStatistic, | |
372 | *pbyRsr, | |
373 | *pbyNewRsr, | |
374 | *pbyRxSts, | |
375 | *pbyRxRate, | |
376 | pbyFrame, | |
377 | FrameSize | |
378 | ); | |
379 | ||
380 | ||
381 | pMACHeader = (PS802_11Header) pbyFrame; | |
382 | ||
383 | //mike add: to judge if current AP is activated? | |
384 | if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) || | |
385 | (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) { | |
386 | if (pMgmt->sNodeDBTable[0].bActive) { | |
4722a26c | 387 | if (!compare_ether_addr(pMgmt->abyCurrBSSID, pMACHeader->abyAddr2)) { |
92b96797 FB |
388 | if (pMgmt->sNodeDBTable[0].uInActiveCount != 0) |
389 | pMgmt->sNodeDBTable[0].uInActiveCount = 0; | |
390 | } | |
391 | } | |
392 | } | |
393 | ||
14fc4235 | 394 | if (!is_multicast_ether_addr(pMACHeader->abyAddr1)) { |
92b96797 FB |
395 | if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) { |
396 | pDevice->s802_11Counter.FrameDuplicateCount++; | |
e269fc2d | 397 | return false; |
92b96797 FB |
398 | } |
399 | ||
4722a26c AM |
400 | if (compare_ether_addr(pDevice->abyCurrentNetAddr, |
401 | pMACHeader->abyAddr1)) { | |
e269fc2d | 402 | return false; |
92b96797 FB |
403 | } |
404 | } | |
405 | ||
406 | ||
407 | // Use for TKIP MIC | |
408 | s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader); | |
409 | ||
4722a26c AM |
410 | if (!compare_ether_addr((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), |
411 | pDevice->abyCurrentNetAddr)) | |
e269fc2d | 412 | return false; |
92b96797 FB |
413 | |
414 | if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { | |
415 | if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { | |
416 | p802_11Header = (PS802_11Header) (pbyFrame); | |
417 | // get SA NodeIndex | |
418 | if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) { | |
419 | pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; | |
420 | pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; | |
421 | } | |
422 | } | |
423 | } | |
424 | ||
425 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
4e9b5e2b | 426 | if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == true) { |
e269fc2d | 427 | return false; |
92b96797 FB |
428 | } |
429 | } | |
430 | ||
431 | ||
432 | if (IS_FC_WEP(pbyFrame)) { | |
e269fc2d | 433 | bool bRxDecryOK = false; |
92b96797 FB |
434 | |
435 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n"); | |
4e9b5e2b | 436 | bIsWEP = true; |
92b96797 FB |
437 | if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { |
438 | pKey = &STempKey; | |
439 | pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; | |
440 | pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; | |
441 | pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; | |
442 | pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; | |
443 | pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; | |
444 | memcpy(pKey->abyKey, | |
445 | &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], | |
446 | pKey->uKeyLength | |
447 | ); | |
448 | ||
449 | bRxDecryOK = s_bHostWepRxEncryption(pDevice, | |
450 | pbyFrame, | |
451 | FrameSize, | |
452 | pbyRsr, | |
453 | pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, | |
454 | pKey, | |
455 | pbyNewRsr, | |
456 | &bExtIV, | |
457 | &wRxTSC15_0, | |
458 | &dwRxTSC47_16); | |
459 | } else { | |
460 | bRxDecryOK = s_bHandleRxEncryption(pDevice, | |
461 | pbyFrame, | |
462 | FrameSize, | |
463 | pbyRsr, | |
464 | pbyNewRsr, | |
465 | &pKey, | |
466 | &bExtIV, | |
467 | &wRxTSC15_0, | |
468 | &dwRxTSC47_16); | |
469 | } | |
470 | ||
471 | if (bRxDecryOK) { | |
472 | if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { | |
473 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n"); | |
474 | if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) || | |
475 | (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || | |
476 | (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || | |
477 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || | |
478 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { | |
479 | ||
480 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { | |
481 | pDevice->s802_11Counter.TKIPICVErrors++; | |
482 | } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) { | |
483 | pDevice->s802_11Counter.CCMPDecryptErrors++; | |
484 | } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) { | |
485 | // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++; | |
486 | } | |
487 | } | |
e269fc2d | 488 | return false; |
92b96797 FB |
489 | } |
490 | } else { | |
491 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n"); | |
e269fc2d | 492 | return false; |
92b96797 FB |
493 | } |
494 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) | |
495 | FrameSize -= 8; // Message Integrity Code | |
496 | else | |
497 | FrameSize -= 4; // 4 is ICV | |
498 | } | |
499 | ||
500 | ||
501 | // | |
502 | // RX OK | |
503 | // | |
abad19d0 AM |
504 | /* remove the FCS/CRC length */ |
505 | FrameSize -= ETH_FCS_LEN; | |
92b96797 | 506 | |
8a3d91b0 | 507 | if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) && // unicast address |
92b96797 FB |
508 | (IS_FRAGMENT_PKT((pbyFrame))) |
509 | ) { | |
510 | // defragment | |
511 | bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV); | |
512 | pDevice->s802_11Counter.ReceivedFragmentCount++; | |
513 | if (bDeFragRx) { | |
514 | // defrag complete | |
515 | // TODO skb, pbyFrame | |
516 | skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; | |
517 | FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; | |
518 | pbyFrame = skb->data + 8; | |
519 | } | |
520 | else { | |
e269fc2d | 521 | return false; |
92b96797 FB |
522 | } |
523 | } | |
524 | ||
525 | // | |
526 | // Management & Control frame Handle | |
527 | // | |
e269fc2d | 528 | if ((IS_TYPE_DATA((pbyFrame))) == false) { |
92b96797 FB |
529 | // Handle Control & Manage Frame |
530 | ||
531 | if (IS_TYPE_MGMT((pbyFrame))) { | |
532 | PBYTE pbyData1; | |
533 | PBYTE pbyData2; | |
534 | ||
535 | pRxPacket = &(pRCB->sMngPacket); | |
536 | pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame); | |
537 | pRxPacket->cbMPDULen = FrameSize; | |
538 | pRxPacket->uRSSI = *pbyRSSI; | |
539 | pRxPacket->bySQ = *pbySQ; | |
7c65fa2a | 540 | pRxPacket->qwLocalTSF = cpu_to_le64(*pqwTSFTime); |
92b96797 FB |
541 | if (bIsWEP) { |
542 | // strip IV | |
543 | pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame); | |
544 | pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4; | |
545 | for (ii = 0; ii < (FrameSize - 4); ii++) { | |
546 | *pbyData1 = *pbyData2; | |
547 | pbyData1++; | |
548 | pbyData2++; | |
549 | } | |
550 | } | |
551 | ||
552 | pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); | |
553 | ||
554 | if ( *pbyRxSts == 0 ) { | |
555 | //Discard beacon packet which channel is 0 | |
556 | if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) || | |
557 | (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) { | |
e269fc2d | 558 | return false; |
92b96797 FB |
559 | } |
560 | } | |
561 | pRxPacket->byRxChannel = (*pbyRxSts) >> 2; | |
562 | ||
563 | // hostap Deamon handle 802.11 management | |
564 | if (pDevice->bEnableHostapd) { | |
565 | skb->dev = pDevice->apdev; | |
566 | //skb->data += 4; | |
567 | //skb->tail += 4; | |
568 | skb->data += 8; | |
569 | skb->tail += 8; | |
570 | skb_put(skb, FrameSize); | |
d899d403 | 571 | skb_reset_mac_header(skb); |
92b96797 FB |
572 | skb->pkt_type = PACKET_OTHERHOST; |
573 | skb->protocol = htons(ETH_P_802_2); | |
574 | memset(skb->cb, 0, sizeof(skb->cb)); | |
575 | netif_rx(skb); | |
4e9b5e2b | 576 | return true; |
92b96797 FB |
577 | } |
578 | ||
579 | // | |
580 | // Insert the RCB in the Recv Mng list | |
581 | // | |
582 | EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate); | |
583 | pDevice->NumRecvMngList++; | |
e269fc2d | 584 | if ( bDeFragRx == false) { |
92b96797 FB |
585 | pRCB->Ref++; |
586 | } | |
e269fc2d | 587 | if (pDevice->bIsRxMngWorkItemQueued == false) { |
4e9b5e2b | 588 | pDevice->bIsRxMngWorkItemQueued = true; |
92b96797 FB |
589 | tasklet_schedule(&pDevice->RxMngWorkItem); |
590 | } | |
591 | ||
592 | } | |
593 | else { | |
594 | // Control Frame | |
595 | }; | |
e269fc2d | 596 | return false; |
92b96797 FB |
597 | } |
598 | else { | |
599 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
600 | //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. | |
8a3d91b0 | 601 | if ( !(*pbyRsr & RSR_BSSIDOK)) { |
92b96797 FB |
602 | if (bDeFragRx) { |
603 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
604 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
605 | pDevice->dev->name); | |
606 | } | |
607 | } | |
e269fc2d | 608 | return false; |
92b96797 FB |
609 | } |
610 | } | |
611 | else { | |
612 | // discard DATA packet while not associate || BSSID error | |
e269fc2d | 613 | if ((pDevice->bLinkPass == false) || |
8a3d91b0 | 614 | !(*pbyRsr & RSR_BSSIDOK)) { |
92b96797 FB |
615 | if (bDeFragRx) { |
616 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
617 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
618 | pDevice->dev->name); | |
619 | } | |
620 | } | |
e269fc2d | 621 | return false; |
92b96797 FB |
622 | } |
623 | //mike add:station mode check eapol-key challenge---> | |
624 | { | |
625 | BYTE Protocol_Version; //802.1x Authentication | |
626 | BYTE Packet_Type; //802.1x Authentication | |
627 | BYTE Descriptor_type; | |
628 | WORD Key_info; | |
629 | if (bIsWEP) | |
630 | cbIVOffset = 8; | |
631 | else | |
632 | cbIVOffset = 0; | |
633 | wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | | |
634 | skb->data[cbIVOffset + 8 + 24 + 6 + 1]; | |
635 | Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1]; | |
636 | Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1]; | |
637 | if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header | |
638 | if(((Protocol_Version==1) ||(Protocol_Version==2)) && | |
639 | (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive | |
4e9b5e2b | 640 | bRxeapol_key = true; |
92b96797 FB |
641 | Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2]; |
642 | Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ; | |
643 | if(Descriptor_type==2) { //RSN | |
644 | // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info); | |
645 | } | |
646 | else if(Descriptor_type==254) { | |
647 | // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info); | |
648 | } | |
649 | } | |
650 | } | |
651 | } | |
652 | //mike add:station mode check eapol-key challenge<--- | |
653 | } | |
654 | } | |
655 | ||
656 | ||
657 | // Data frame Handle | |
658 | ||
659 | ||
660 | if (pDevice->bEnablePSMode) { | |
661 | if (IS_FC_MOREDATA((pbyFrame))) { | |
8a3d91b0 | 662 | if (*pbyRsr & RSR_ADDROK) { |
92b96797 FB |
663 | //PSbSendPSPOLL((PSDevice)pDevice); |
664 | } | |
665 | } | |
666 | else { | |
4e9b5e2b | 667 | if (pMgmt->bInTIMWake == true) { |
e269fc2d | 668 | pMgmt->bInTIMWake = false; |
92b96797 FB |
669 | } |
670 | } | |
9fc86028 | 671 | } |
92b96797 FB |
672 | |
673 | // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps | |
674 | if (pDevice->bDiversityEnable && (FrameSize>50) && | |
675 | (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) && | |
4e9b5e2b | 676 | (pDevice->bLinkPass == true)) { |
92b96797 FB |
677 | BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); |
678 | } | |
679 | ||
680 | // ++++++++ For BaseBand Algorithm +++++++++++++++ | |
681 | pDevice->uCurrRSSI = *pbyRSSI; | |
682 | pDevice->byCurrSQ = *pbySQ; | |
683 | ||
684 | // todo | |
685 | /* | |
686 | if ((*pbyRSSI != 0) && | |
687 | (pMgmt->pCurrBSS!=NULL)) { | |
688 | RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); | |
a0a1f61a | 689 | // Monitor if RSSI is too strong. |
92b96797 FB |
690 | pMgmt->pCurrBSS->byRSSIStatCnt++; |
691 | pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; | |
692 | pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; | |
33d33e42 AM |
693 | for (ii = 0; ii < RSSI_STAT_COUNT; ii++) { |
694 | if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) { | |
695 | pMgmt->pCurrBSS->ldBmMAX = | |
696 | max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); | |
697 | } | |
92b96797 FB |
698 | } |
699 | } | |
700 | */ | |
701 | ||
702 | ||
703 | // ----------------------------------------------- | |
704 | ||
4e9b5e2b | 705 | if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == true)){ |
92b96797 FB |
706 | BYTE abyMacHdr[24]; |
707 | ||
708 | // Only 802.1x packet incoming allowed | |
709 | if (bIsWEP) | |
710 | cbIVOffset = 8; | |
711 | else | |
712 | cbIVOffset = 0; | |
713 | wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | | |
714 | skb->data[cbIVOffset + 8 + 24 + 6 + 1]; | |
715 | ||
716 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType); | |
717 | if (wEtherType == ETH_P_PAE) { | |
718 | skb->dev = pDevice->apdev; | |
719 | ||
4e9b5e2b | 720 | if (bIsWEP == true) { |
92b96797 FB |
721 | // strip IV header(8) |
722 | memcpy(&abyMacHdr[0], (skb->data + 8), 24); | |
723 | memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24); | |
724 | } | |
725 | ||
726 | skb->data += (cbIVOffset + 8); | |
727 | skb->tail += (cbIVOffset + 8); | |
728 | skb_put(skb, FrameSize); | |
d899d403 | 729 | skb_reset_mac_header(skb); |
92b96797 FB |
730 | skb->pkt_type = PACKET_OTHERHOST; |
731 | skb->protocol = htons(ETH_P_802_2); | |
732 | memset(skb->cb, 0, sizeof(skb->cb)); | |
733 | netif_rx(skb); | |
4e9b5e2b | 734 | return true; |
92b96797 FB |
735 | |
736 | } | |
737 | // check if 802.1x authorized | |
738 | if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) | |
e269fc2d | 739 | return false; |
92b96797 FB |
740 | } |
741 | ||
742 | ||
743 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { | |
744 | if (bIsWEP) { | |
745 | FrameSize -= 8; //MIC | |
746 | } | |
747 | } | |
748 | ||
749 | //-------------------------------------------------------------------------------- | |
750 | // Soft MIC | |
751 | if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { | |
752 | if (bIsWEP) { | |
753 | PDWORD pdwMIC_L; | |
754 | PDWORD pdwMIC_R; | |
755 | DWORD dwMIC_Priority; | |
756 | DWORD dwMICKey0 = 0, dwMICKey1 = 0; | |
757 | DWORD dwLocalMIC_L = 0; | |
758 | DWORD dwLocalMIC_R = 0; | |
92b96797 FB |
759 | |
760 | ||
761 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
762 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); | |
763 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); | |
764 | } | |
765 | else { | |
766 | if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { | |
767 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); | |
768 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); | |
769 | } else if ((pKey->dwKeyIndex & BIT28) == 0) { | |
770 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); | |
771 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); | |
772 | } else { | |
773 | dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); | |
774 | dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); | |
775 | } | |
776 | } | |
777 | ||
778 | MIC_vInit(dwMICKey0, dwMICKey1); | |
779 | MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); | |
780 | dwMIC_Priority = 0; | |
781 | MIC_vAppend((PBYTE)&dwMIC_Priority, 4); | |
782 | // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. | |
783 | MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8), | |
784 | FrameSize - WLAN_HDR_ADDR3_LEN - 8); | |
785 | MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); | |
786 | MIC_vUnInit(); | |
787 | ||
788 | pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize); | |
789 | pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4); | |
790 | ||
791 | ||
792 | if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || | |
4e9b5e2b | 793 | (pDevice->bRxMICFail == true)) { |
92b96797 | 794 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n"); |
e269fc2d | 795 | pDevice->bRxMICFail = false; |
92b96797 FB |
796 | //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; |
797 | pDevice->s802_11Counter.TKIPLocalMICFailures++; | |
798 | if (bDeFragRx) { | |
799 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
800 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
801 | pDevice->dev->name); | |
802 | } | |
803 | } | |
92b96797 | 804 | //send event to wpa_supplicant |
4e9b5e2b | 805 | //if(pDevice->bWPASuppWextEnabled == true) |
92b96797 FB |
806 | { |
807 | union iwreq_data wrqu; | |
808 | struct iw_michaelmicfailure ev; | |
809 | int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits | |
810 | memset(&ev, 0, sizeof(ev)); | |
811 | ev.flags = keyidx & IW_MICFAILURE_KEY_ID; | |
812 | if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && | |
813 | (pMgmt->eCurrState == WMAC_STATE_ASSOC) && | |
814 | (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { | |
815 | ev.flags |= IW_MICFAILURE_PAIRWISE; | |
816 | } else { | |
817 | ev.flags |= IW_MICFAILURE_GROUP; | |
818 | } | |
819 | ||
820 | ev.src_addr.sa_family = ARPHRD_ETHER; | |
821 | memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); | |
822 | memset(&wrqu, 0, sizeof(wrqu)); | |
823 | wrqu.data.length = sizeof(ev); | |
824 | PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n"); | |
825 | wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); | |
826 | ||
827 | } | |
92b96797 | 828 | |
e269fc2d | 829 | return false; |
92b96797 FB |
830 | |
831 | } | |
832 | } | |
833 | } //---end of SOFT MIC----------------------------------------------------------------------- | |
834 | ||
835 | // ++++++++++ Reply Counter Check +++++++++++++ | |
836 | ||
837 | if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || | |
838 | (pKey->byCipherSuite == KEY_CTL_CCMP))) { | |
839 | if (bIsWEP) { | |
840 | WORD wLocalTSC15_0 = 0; | |
841 | DWORD dwLocalTSC47_16 = 0; | |
cc856e61 | 842 | unsigned long long RSC = 0; |
92b96797 | 843 | // endian issues |
cc856e61 | 844 | RSC = *((unsigned long long *) &(pKey->KeyRSC)); |
92b96797 FB |
845 | wLocalTSC15_0 = (WORD) RSC; |
846 | dwLocalTSC47_16 = (DWORD) (RSC>>16); | |
847 | ||
848 | RSC = dwRxTSC47_16; | |
849 | RSC <<= 16; | |
850 | RSC += wRxTSC15_0; | |
7c65fa2a | 851 | memcpy(&(pKey->KeyRSC), &RSC, sizeof(u64)); |
92b96797 | 852 | |
14c5ef57 MP |
853 | if (pDevice->vnt_mgmt.eCurrMode == WMAC_MODE_ESS_STA && |
854 | pDevice->vnt_mgmt.eCurrState == WMAC_STATE_ASSOC) { | |
855 | /* check RSC */ | |
92b96797 FB |
856 | if ( (wRxTSC15_0 < wLocalTSC15_0) && |
857 | (dwRxTSC47_16 <= dwLocalTSC47_16) && | |
858 | !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { | |
859 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n "); | |
860 | if (pKey->byCipherSuite == KEY_CTL_TKIP) | |
861 | //pDevice->s802_11Counter.TKIPReplays.QuadPart++; | |
862 | pDevice->s802_11Counter.TKIPReplays++; | |
863 | else | |
864 | //pDevice->s802_11Counter.CCMPReplays.QuadPart++; | |
865 | pDevice->s802_11Counter.CCMPReplays++; | |
866 | ||
867 | if (bDeFragRx) { | |
868 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
869 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
870 | pDevice->dev->name); | |
871 | } | |
872 | } | |
e269fc2d | 873 | return false; |
92b96797 FB |
874 | } |
875 | } | |
876 | } | |
877 | } // ----- End of Reply Counter Check -------------------------- | |
878 | ||
879 | ||
880 | s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); | |
881 | FrameSize -= cbHeaderOffset; | |
882 | cbHeaderOffset += 8; // 8 is Rcv buffer header | |
883 | ||
884 | // Null data, framesize = 12 | |
885 | if (FrameSize < 12) | |
e269fc2d | 886 | return false; |
92b96797 FB |
887 | |
888 | if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { | |
889 | if (s_bAPModeRxData(pDevice, | |
890 | skb, | |
891 | FrameSize, | |
892 | cbHeaderOffset, | |
893 | iSANodeIndex, | |
894 | iDANodeIndex | |
e269fc2d | 895 | ) == false) { |
92b96797 FB |
896 | |
897 | if (bDeFragRx) { | |
898 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
899 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
900 | pDevice->dev->name); | |
901 | } | |
902 | } | |
e269fc2d | 903 | return false; |
92b96797 FB |
904 | } |
905 | ||
906 | } | |
907 | ||
908 | skb->data += cbHeaderOffset; | |
909 | skb->tail += cbHeaderOffset; | |
910 | skb_put(skb, FrameSize); | |
911 | skb->protocol=eth_type_trans(skb, skb->dev); | |
912 | skb->ip_summed=CHECKSUM_NONE; | |
913 | pStats->rx_bytes +=skb->len; | |
914 | pStats->rx_packets++; | |
915 | netif_rx(skb); | |
916 | if (bDeFragRx) { | |
917 | if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { | |
918 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", | |
919 | pDevice->dev->name); | |
920 | } | |
e269fc2d | 921 | return false; |
92b96797 FB |
922 | } |
923 | ||
4e9b5e2b | 924 | return true; |
92b96797 FB |
925 | } |
926 | ||
45c73bb1 MP |
927 | static int s_bAPModeRxCtl(struct vnt_private *pDevice, u8 *pbyFrame, |
928 | s32 iSANodeIndex) | |
92b96797 | 929 | { |
14c5ef57 | 930 | struct vnt_manager *pMgmt = &pDevice->vnt_mgmt; |
45c73bb1 MP |
931 | PS802_11Header p802_11Header; |
932 | CMD_STATUS Status; | |
92b96797 FB |
933 | |
934 | ||
935 | if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { | |
936 | ||
937 | p802_11Header = (PS802_11Header) (pbyFrame); | |
938 | if (!IS_TYPE_MGMT(pbyFrame)) { | |
939 | ||
940 | // Data & PS-Poll packet | |
941 | // check frame class | |
942 | if (iSANodeIndex > 0) { | |
943 | // frame class 3 fliter & checking | |
944 | if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { | |
945 | // send deauth notification | |
946 | // reason = (6) class 2 received from nonauth sta | |
947 | vMgrDeAuthenBeginSta(pDevice, | |
948 | pMgmt, | |
949 | (PBYTE)(p802_11Header->abyAddr2), | |
950 | (WLAN_MGMT_REASON_CLASS2_NONAUTH), | |
951 | &Status | |
952 | ); | |
953 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); | |
4e9b5e2b | 954 | return true; |
9fc86028 | 955 | } |
92b96797 FB |
956 | if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { |
957 | // send deassoc notification | |
958 | // reason = (7) class 3 received from nonassoc sta | |
959 | vMgrDisassocBeginSta(pDevice, | |
960 | pMgmt, | |
961 | (PBYTE)(p802_11Header->abyAddr2), | |
962 | (WLAN_MGMT_REASON_CLASS3_NONASSOC), | |
963 | &Status | |
964 | ); | |
965 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); | |
4e9b5e2b | 966 | return true; |
9fc86028 | 967 | } |
92b96797 FB |
968 | |
969 | if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { | |
970 | // delcare received ps-poll event | |
971 | if (IS_CTL_PSPOLL(pbyFrame)) { | |
4e9b5e2b | 972 | pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; |
0cbd8d98 AM |
973 | bScheduleCommand((void *) pDevice, |
974 | WLAN_CMD_RX_PSPOLL, | |
975 | NULL); | |
92b96797 FB |
976 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); |
977 | } | |
978 | else { | |
979 | // check Data PS state | |
980 | // if PW bit off, send out all PS bufferring packets. | |
981 | if (!IS_FC_POWERMGT(pbyFrame)) { | |
e269fc2d | 982 | pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false; |
4e9b5e2b | 983 | pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; |
0cbd8d98 AM |
984 | bScheduleCommand((void *) pDevice, |
985 | WLAN_CMD_RX_PSPOLL, | |
986 | NULL); | |
92b96797 FB |
987 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); |
988 | } | |
989 | } | |
990 | } | |
991 | else { | |
992 | if (IS_FC_POWERMGT(pbyFrame)) { | |
4e9b5e2b | 993 | pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = true; |
92b96797 | 994 | // Once if STA in PS state, enable multicast bufferring |
4e9b5e2b | 995 | pMgmt->sNodeDBTable[0].bPSEnable = true; |
92b96797 FB |
996 | } |
997 | else { | |
998 | // clear all pending PS frame. | |
999 | if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { | |
e269fc2d | 1000 | pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false; |
4e9b5e2b | 1001 | pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; |
0cbd8d98 AM |
1002 | bScheduleCommand((void *) pDevice, |
1003 | WLAN_CMD_RX_PSPOLL, | |
1004 | NULL); | |
92b96797 FB |
1005 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); |
1006 | ||
1007 | } | |
1008 | } | |
1009 | } | |
1010 | } | |
1011 | else { | |
1012 | vMgrDeAuthenBeginSta(pDevice, | |
1013 | pMgmt, | |
1014 | (PBYTE)(p802_11Header->abyAddr2), | |
1015 | (WLAN_MGMT_REASON_CLASS2_NONAUTH), | |
1016 | &Status | |
1017 | ); | |
1018 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); | |
d6a32aa1 AS |
1019 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%pM\n", |
1020 | p802_11Header->abyAddr3); | |
1021 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%pM\n", | |
1022 | p802_11Header->abyAddr2); | |
1023 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%pM\n", | |
1024 | p802_11Header->abyAddr1); | |
92b96797 | 1025 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl ); |
4e9b5e2b | 1026 | return true; |
92b96797 FB |
1027 | } |
1028 | } | |
1029 | } | |
e269fc2d | 1030 | return false; |
92b96797 FB |
1031 | |
1032 | } | |
1033 | ||
45c73bb1 MP |
1034 | static int s_bHandleRxEncryption(struct vnt_private *pDevice, u8 *pbyFrame, |
1035 | u32 FrameSize, u8 *pbyRsr, u8 *pbyNewRsr, PSKeyItem *pKeyOut, | |
1036 | s32 *pbExtIV, u16 *pwRxTSC15_0, u32 *pdwRxTSC47_16) | |
92b96797 | 1037 | { |
45c73bb1 MP |
1038 | struct vnt_manager *pMgmt = &pDevice->vnt_mgmt; |
1039 | u32 PayloadLen = FrameSize; | |
1040 | u8 *pbyIV; | |
1041 | u8 byKeyIdx; | |
1042 | PSKeyItem pKey = NULL; | |
1043 | u8 byDecMode = KEY_CTL_WEP; | |
92b96797 FB |
1044 | |
1045 | ||
1046 | *pwRxTSC15_0 = 0; | |
1047 | *pdwRxTSC47_16 = 0; | |
1048 | ||
1049 | pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; | |
1050 | if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && | |
1051 | WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { | |
1052 | pbyIV += 6; // 6 is 802.11 address4 | |
1053 | PayloadLen -= 6; | |
1054 | } | |
1055 | byKeyIdx = (*(pbyIV+3) & 0xc0); | |
1056 | byKeyIdx >>= 6; | |
1057 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); | |
1058 | ||
1059 | if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || | |
1060 | (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || | |
1061 | (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || | |
1062 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || | |
1063 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { | |
1064 | if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && | |
1065 | (pMgmt->byCSSPK != KEY_CTL_NONE)) { | |
1066 | // unicast pkt use pairwise key | |
1067 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n"); | |
4e9b5e2b | 1068 | if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == true) { |
92b96797 FB |
1069 | if (pMgmt->byCSSPK == KEY_CTL_TKIP) |
1070 | byDecMode = KEY_CTL_TKIP; | |
1071 | else if (pMgmt->byCSSPK == KEY_CTL_CCMP) | |
1072 | byDecMode = KEY_CTL_CCMP; | |
1073 | } | |
1074 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey); | |
1075 | } else { | |
1076 | // use group key | |
1077 | KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); | |
1078 | if (pMgmt->byCSSGK == KEY_CTL_TKIP) | |
1079 | byDecMode = KEY_CTL_TKIP; | |
1080 | else if (pMgmt->byCSSGK == KEY_CTL_CCMP) | |
1081 | byDecMode = KEY_CTL_CCMP; | |
1082 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); | |
1083 | } | |
1084 | } | |
1085 | // our WEP only support Default Key | |
1086 | if (pKey == NULL) { | |
1087 | // use default group key | |
1088 | KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); | |
1089 | if (pMgmt->byCSSGK == KEY_CTL_TKIP) | |
1090 | byDecMode = KEY_CTL_TKIP; | |
1091 | else if (pMgmt->byCSSGK == KEY_CTL_CCMP) | |
1092 | byDecMode = KEY_CTL_CCMP; | |
1093 | } | |
1094 | *pKeyOut = pKey; | |
1095 | ||
1096 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode); | |
1097 | ||
1098 | if (pKey == NULL) { | |
1099 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n"); | |
1100 | if (byDecMode == KEY_CTL_WEP) { | |
1101 | // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; | |
4e9b5e2b | 1102 | } else if (pDevice->bLinkPass == true) { |
92b96797 FB |
1103 | // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; |
1104 | } | |
e269fc2d | 1105 | return false; |
92b96797 FB |
1106 | } |
1107 | if (byDecMode != pKey->byCipherSuite) { | |
1108 | if (byDecMode == KEY_CTL_WEP) { | |
1109 | // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; | |
4e9b5e2b | 1110 | } else if (pDevice->bLinkPass == true) { |
92b96797 FB |
1111 | // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; |
1112 | } | |
1113 | *pKeyOut = NULL; | |
e269fc2d | 1114 | return false; |
92b96797 FB |
1115 | } |
1116 | if (byDecMode == KEY_CTL_WEP) { | |
1117 | // handle WEP | |
1118 | if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || | |
4e9b5e2b | 1119 | (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true)) { |
92b96797 FB |
1120 | // Software WEP |
1121 | // 1. 3253A | |
1122 | // 2. WEP 256 | |
1123 | ||
1124 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc | |
3e362598 JL |
1125 | memcpy(pDevice->abyPRNG, pbyIV, 3); |
1126 | memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); | |
92b96797 FB |
1127 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); |
1128 | rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); | |
1129 | ||
1130 | if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { | |
1131 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1132 | } | |
1133 | } | |
1134 | } else if ((byDecMode == KEY_CTL_TKIP) || | |
1135 | (byDecMode == KEY_CTL_CCMP)) { | |
1136 | // TKIP/AES | |
1137 | ||
1138 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc | |
1139 | *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); | |
b4dc03af | 1140 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %x\n", *pdwRxTSC47_16); |
92b96797 FB |
1141 | if (byDecMode == KEY_CTL_TKIP) { |
1142 | *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); | |
1143 | } else { | |
1144 | *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); | |
1145 | } | |
1146 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); | |
1147 | ||
1148 | if ((byDecMode == KEY_CTL_TKIP) && | |
1149 | (pDevice->byLocalID <= REV_ID_VT3253_A1)) { | |
1150 | // Software TKIP | |
1151 | // 1. 3253 A | |
1152 | PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame); | |
1153 | TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); | |
1154 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); | |
1155 | rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); | |
1156 | if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { | |
1157 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1158 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); | |
1159 | } else { | |
1160 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); | |
1161 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); | |
1162 | } | |
1163 | } | |
1164 | }// end of TKIP/AES | |
1165 | ||
1166 | if ((*(pbyIV+3) & 0x20) != 0) | |
4e9b5e2b AM |
1167 | *pbExtIV = true; |
1168 | return true; | |
92b96797 FB |
1169 | } |
1170 | ||
45c73bb1 MP |
1171 | static int s_bHostWepRxEncryption(struct vnt_private *pDevice, u8 *pbyFrame, |
1172 | u32 FrameSize, u8 *pbyRsr, int bOnFly, PSKeyItem pKey, u8 *pbyNewRsr, | |
1173 | s32 *pbExtIV, u16 *pwRxTSC15_0, u32 *pdwRxTSC47_16) | |
92b96797 | 1174 | { |
45c73bb1 MP |
1175 | struct vnt_manager *pMgmt = &pDevice->vnt_mgmt; |
1176 | PS802_11Header pMACHeader; | |
1177 | u32 PayloadLen = FrameSize; | |
1178 | u8 *pbyIV; | |
1179 | u8 byKeyIdx; | |
1180 | u8 byDecMode = KEY_CTL_WEP; | |
92b96797 | 1181 | |
45c73bb1 MP |
1182 | *pwRxTSC15_0 = 0; |
1183 | *pdwRxTSC47_16 = 0; | |
92b96797 FB |
1184 | |
1185 | pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; | |
1186 | if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && | |
1187 | WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { | |
1188 | pbyIV += 6; // 6 is 802.11 address4 | |
1189 | PayloadLen -= 6; | |
1190 | } | |
1191 | byKeyIdx = (*(pbyIV+3) & 0xc0); | |
1192 | byKeyIdx >>= 6; | |
1193 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); | |
1194 | ||
1195 | ||
1196 | if (pMgmt->byCSSGK == KEY_CTL_TKIP) | |
1197 | byDecMode = KEY_CTL_TKIP; | |
1198 | else if (pMgmt->byCSSGK == KEY_CTL_CCMP) | |
1199 | byDecMode = KEY_CTL_CCMP; | |
1200 | ||
1201 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode); | |
1202 | ||
1203 | if (byDecMode != pKey->byCipherSuite) { | |
1204 | if (byDecMode == KEY_CTL_WEP) { | |
1205 | // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; | |
4e9b5e2b | 1206 | } else if (pDevice->bLinkPass == true) { |
92b96797 FB |
1207 | // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; |
1208 | } | |
e269fc2d | 1209 | return false; |
92b96797 FB |
1210 | } |
1211 | ||
1212 | if (byDecMode == KEY_CTL_WEP) { | |
1213 | // handle WEP | |
eb304bdd | 1214 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP\n"); |
92b96797 | 1215 | if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || |
4e9b5e2b | 1216 | (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true) || |
e269fc2d | 1217 | (bOnFly == false)) { |
92b96797 FB |
1218 | // Software WEP |
1219 | // 1. 3253A | |
1220 | // 2. WEP 256 | |
1221 | // 3. NotOnFly | |
1222 | ||
1223 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc | |
3e362598 JL |
1224 | memcpy(pDevice->abyPRNG, pbyIV, 3); |
1225 | memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); | |
92b96797 FB |
1226 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); |
1227 | rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); | |
1228 | ||
1229 | if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { | |
1230 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1231 | } | |
1232 | } | |
1233 | } else if ((byDecMode == KEY_CTL_TKIP) || | |
1234 | (byDecMode == KEY_CTL_CCMP)) { | |
1235 | // TKIP/AES | |
1236 | ||
1237 | PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc | |
1238 | *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); | |
b4dc03af | 1239 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %x\n", *pdwRxTSC47_16); |
92b96797 FB |
1240 | |
1241 | if (byDecMode == KEY_CTL_TKIP) { | |
1242 | *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); | |
1243 | } else { | |
1244 | *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); | |
1245 | } | |
1246 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); | |
1247 | ||
1248 | if (byDecMode == KEY_CTL_TKIP) { | |
1249 | ||
e269fc2d | 1250 | if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == false)) { |
92b96797 FB |
1251 | // Software TKIP |
1252 | // 1. 3253 A | |
1253 | // 2. NotOnFly | |
1254 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n"); | |
1255 | pMACHeader = (PS802_11Header) (pbyFrame); | |
1256 | TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); | |
1257 | rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); | |
1258 | rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); | |
1259 | if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { | |
1260 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1261 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); | |
1262 | } else { | |
1263 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); | |
1264 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); | |
1265 | } | |
1266 | } | |
1267 | } | |
1268 | ||
1269 | if (byDecMode == KEY_CTL_CCMP) { | |
e269fc2d | 1270 | if (bOnFly == false) { |
92b96797 FB |
1271 | // Software CCMP |
1272 | // NotOnFly | |
1273 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n"); | |
1274 | if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) { | |
1275 | *pbyNewRsr |= NEWRSR_DECRYPTOK; | |
1276 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n"); | |
1277 | } else { | |
1278 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n"); | |
1279 | } | |
1280 | } | |
1281 | } | |
1282 | ||
1283 | }// end of TKIP/AES | |
1284 | ||
1285 | if ((*(pbyIV+3) & 0x20) != 0) | |
4e9b5e2b AM |
1286 | *pbExtIV = true; |
1287 | return true; | |
92b96797 FB |
1288 | } |
1289 | ||
45c73bb1 MP |
1290 | static int s_bAPModeRxData(struct vnt_private *pDevice, struct sk_buff *skb, |
1291 | u32 FrameSize, u32 cbHeaderOffset, s32 iSANodeIndex, s32 iDANodeIndex) | |
92b96797 | 1292 | { |
45c73bb1 MP |
1293 | struct sk_buff *skbcpy; |
1294 | struct vnt_manager *pMgmt = &pDevice->vnt_mgmt; | |
e269fc2d AM |
1295 | int bRelayAndForward = false; |
1296 | int bRelayOnly = false; | |
45c73bb1 MP |
1297 | u8 byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80}; |
1298 | u16 wAID; | |
92b96797 | 1299 | |
92b96797 FB |
1300 | |
1301 | if (FrameSize > CB_MAX_BUF_SIZE) | |
e269fc2d | 1302 | return false; |
92b96797 | 1303 | // check DA |
4b50fb40 | 1304 | if (is_multicast_ether_addr((PBYTE)(skb->data+cbHeaderOffset))) { |
92b96797 FB |
1305 | if (pMgmt->sNodeDBTable[0].bPSEnable) { |
1306 | ||
1307 | skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz); | |
1308 | ||
1309 | // if any node in PS mode, buffer packet until DTIM. | |
1310 | if (skbcpy == NULL) { | |
1311 | DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n"); | |
1312 | } | |
1313 | else { | |
1314 | skbcpy->dev = pDevice->dev; | |
1315 | skbcpy->len = FrameSize; | |
1316 | memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize); | |
1317 | skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy); | |
1318 | pMgmt->sNodeDBTable[0].wEnQueueCnt++; | |
1319 | // set tx map | |
1320 | pMgmt->abyPSTxMap[0] |= byMask[0]; | |
1321 | } | |
1322 | } | |
1323 | else { | |
4e9b5e2b | 1324 | bRelayAndForward = true; |
92b96797 FB |
1325 | } |
1326 | } | |
1327 | else { | |
1328 | // check if relay | |
1329 | if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) { | |
1330 | if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) { | |
1331 | if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) { | |
1332 | // queue this skb until next PS tx, and then release. | |
1333 | ||
1334 | skb->data += cbHeaderOffset; | |
1335 | skb->tail += cbHeaderOffset; | |
1336 | skb_put(skb, FrameSize); | |
1337 | skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb); | |
1338 | ||
1339 | pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++; | |
1340 | wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID; | |
1341 | pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7]; | |
1342 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n", | |
1343 | iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]); | |
4e9b5e2b | 1344 | return true; |
92b96797 FB |
1345 | } |
1346 | else { | |
4e9b5e2b | 1347 | bRelayOnly = true; |
92b96797 FB |
1348 | } |
1349 | } | |
9fc86028 | 1350 | } |
92b96797 FB |
1351 | } |
1352 | ||
1353 | if (bRelayOnly || bRelayAndForward) { | |
1354 | // relay this packet right now | |
1355 | if (bRelayAndForward) | |
1356 | iDANodeIndex = 0; | |
1357 | ||
1358 | if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) { | |
cc856e61 AM |
1359 | bRelayPacketSend(pDevice, (PBYTE) (skb->data + cbHeaderOffset), |
1360 | FrameSize, (unsigned int) iDANodeIndex); | |
92b96797 FB |
1361 | } |
1362 | ||
1363 | if (bRelayOnly) | |
e269fc2d | 1364 | return false; |
92b96797 FB |
1365 | } |
1366 | // none associate, don't forward | |
1367 | if (pDevice->uAssocCount == 0) | |
e269fc2d | 1368 | return false; |
92b96797 | 1369 | |
4e9b5e2b | 1370 | return true; |
92b96797 FB |
1371 | } |
1372 | ||
1373 | ||
1374 | ||
1375 | ||
45c73bb1 | 1376 | void RXvWorkItem(struct vnt_private *pDevice) |
92b96797 | 1377 | { |
45c73bb1 MP |
1378 | int ntStatus; |
1379 | PRCB pRCB = NULL; | |
92b96797 FB |
1380 | |
1381 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n"); | |
1382 | spin_lock_irq(&pDevice->lock); | |
731047f9 AM |
1383 | |
1384 | while ((pDevice->Flags & fMP_POST_READS) && | |
92b96797 FB |
1385 | MP_IS_READY(pDevice) && |
1386 | (pDevice->NumRecvFreeList != 0) ) { | |
1387 | pRCB = pDevice->FirstRecvFreeList; | |
1388 | pDevice->NumRecvFreeList--; | |
1389 | ASSERT(pRCB);// cannot be NULL | |
1390 | DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList); | |
1391 | ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB); | |
1392 | } | |
e269fc2d | 1393 | pDevice->bIsRxWorkItemQueued = false; |
92b96797 FB |
1394 | spin_unlock_irq(&pDevice->lock); |
1395 | ||
1396 | } | |
1397 | ||
1398 | ||
45c73bb1 | 1399 | void RXvFreeRCB(PRCB pRCB, int bReAllocSkb) |
92b96797 | 1400 | { |
45c73bb1 | 1401 | struct vnt_private *pDevice = pRCB->pDevice; |
92b96797 FB |
1402 | |
1403 | ||
1404 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n"); | |
1405 | ||
1406 | ASSERT(!pRCB->Ref); // should be 0 | |
1407 | ASSERT(pRCB->pDevice); // shouldn't be NULL | |
1408 | ||
e269fc2d | 1409 | if (bReAllocSkb == false) { |
28044e01 | 1410 | kfree_skb(pRCB->skb); |
4e9b5e2b | 1411 | bReAllocSkb = true; |
28044e01 MP |
1412 | } |
1413 | ||
4e9b5e2b | 1414 | if (bReAllocSkb == true) { |
92b96797 FB |
1415 | pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); |
1416 | // todo error handling | |
1417 | if (pRCB->skb == NULL) { | |
1418 | DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n"); | |
1419 | }else { | |
1420 | pRCB->skb->dev = pDevice->dev; | |
1421 | } | |
1422 | } | |
1423 | // | |
1424 | // Insert the RCB back in the Recv free list | |
1425 | // | |
1426 | EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB); | |
1427 | pDevice->NumRecvFreeList++; | |
1428 | ||
1429 | ||
731047f9 | 1430 | if ((pDevice->Flags & fMP_POST_READS) && MP_IS_READY(pDevice) && |
e269fc2d | 1431 | (pDevice->bIsRxWorkItemQueued == false) ) { |
92b96797 | 1432 | |
4e9b5e2b | 1433 | pDevice->bIsRxWorkItemQueued = true; |
92b96797 FB |
1434 | tasklet_schedule(&pDevice->ReadWorkItem); |
1435 | } | |
1436 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList); | |
1437 | } | |
1438 | ||
1439 | ||
45c73bb1 | 1440 | void RXvMngWorkItem(struct vnt_private *pDevice) |
92b96797 | 1441 | { |
45c73bb1 MP |
1442 | PRCB pRCB = NULL; |
1443 | struct vnt_rx_mgmt *pRxPacket; | |
e269fc2d | 1444 | int bReAllocSkb = false; |
92b96797 FB |
1445 | |
1446 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n"); | |
1447 | ||
1448 | spin_lock_irq(&pDevice->lock); | |
1449 | while (pDevice->NumRecvMngList!=0) | |
1450 | { | |
1451 | pRCB = pDevice->FirstRecvMngList; | |
1452 | pDevice->NumRecvMngList--; | |
1453 | DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList); | |
1454 | if(!pRCB){ | |
1455 | break; | |
1456 | } | |
1457 | ASSERT(pRCB);// cannot be NULL | |
1458 | pRxPacket = &(pRCB->sMngPacket); | |
14c5ef57 | 1459 | vMgrRxManagePacket(pDevice, &pDevice->vnt_mgmt, pRxPacket); |
92b96797 FB |
1460 | pRCB->Ref--; |
1461 | if(pRCB->Ref == 0) { | |
1462 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList); | |
1463 | RXvFreeRCB(pRCB, bReAllocSkb); | |
1464 | } else { | |
1465 | DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n"); | |
1466 | } | |
1467 | } | |
1468 | ||
e269fc2d | 1469 | pDevice->bIsRxMngWorkItemQueued = false; |
ba5c2b3d | 1470 | spin_unlock_irq(&pDevice->lock); |
92b96797 FB |
1471 | |
1472 | } | |
1473 | ||
1474 |