1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41#include "device.h"
42#include "rxtx.h"
43#include "tether.h"
44#include "card.h"
45#include "bssdb.h"
46#include "mac.h"
47#include "baseband.h"
48#include "michael.h"
49#include "tkip.h"
50#include "tcrc.h"
51#include "wctl.h"
52#include "wroute.h"
53#include "hostap.h"
54#include "rf.h"
55#include "iowpa.h"
56#include "aes_ccmp.h"
57
58
59
60
61
62
63
64
65
66
67static int msglevel =MSG_LEVEL_INFO;
68
69const BYTE acbyRxRate[MAX_RATE] =
70{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
71
72
73
74
75
76
77
78
79static BYTE s_byGetRateIdx(IN BYTE byRate);
80
81
82static
83VOID
84s_vGetDASA(
85 IN PBYTE pbyRxBufferAddr,
86 OUT PUINT pcbHeaderSize,
87 OUT PSEthernetHeader psEthHeader
88 );
89
90static
91VOID
92s_vProcessRxMACHeader (
93 IN PSDevice pDevice,
94 IN PBYTE pbyRxBufferAddr,
95 IN UINT cbPacketSize,
96 IN BOOL bIsWEP,
97 IN BOOL bExtIV,
98 OUT PUINT pcbHeadSize
99 );
100
101static BOOL s_bAPModeRxCtl(
102 IN PSDevice pDevice,
103 IN PBYTE pbyFrame,
104 IN INT iSANodeIndex
105 );
106
107
108
109static BOOL s_bAPModeRxData (
110 IN PSDevice pDevice,
111 IN struct sk_buff* skb,
112 IN UINT FrameSize,
113 IN UINT cbHeaderOffset,
114 IN INT iSANodeIndex,
115 IN INT iDANodeIndex
116 );
117
118
119static BOOL s_bHandleRxEncryption(
120 IN PSDevice pDevice,
121 IN PBYTE pbyFrame,
122 IN UINT FrameSize,
123 IN PBYTE pbyRsr,
124 OUT PBYTE pbyNewRsr,
125 OUT PSKeyItem *pKeyOut,
126 int * pbExtIV,
127 OUT PWORD pwRxTSC15_0,
128 OUT PDWORD pdwRxTSC47_16
129 );
130
131static BOOL s_bHostWepRxEncryption(
132
133 IN PSDevice pDevice,
134 IN PBYTE pbyFrame,
135 IN UINT FrameSize,
136 IN PBYTE pbyRsr,
137 IN BOOL bOnFly,
138 IN PSKeyItem pKey,
139 OUT PBYTE pbyNewRsr,
140 int * pbExtIV,
141 OUT PWORD pwRxTSC15_0,
142 OUT PDWORD pdwRxTSC47_16
143
144 );
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165static
166VOID
167s_vProcessRxMACHeader (
168 IN PSDevice pDevice,
169 IN PBYTE pbyRxBufferAddr,
170 IN UINT cbPacketSize,
171 IN BOOL bIsWEP,
172 IN BOOL bExtIV,
173 OUT PUINT pcbHeadSize
174 )
175{
176 PBYTE pbyRxBuffer;
177 UINT cbHeaderSize = 0;
178 PWORD pwType;
179 PS802_11Header pMACHeader;
180 int ii;
181
182
183 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
184
185 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
186
187 if (bIsWEP) {
188 if (bExtIV) {
189
190 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
191 } else {
192
193 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
194 }
195 }
196 else {
197 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
198 };
199
200 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
201 if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
202 cbHeaderSize += 6;
203 }
204 else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
205 cbHeaderSize += 6;
206 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
207 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
208 }
209 else {
210 cbHeaderSize -= 8;
211 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
212 if (bIsWEP) {
213 if (bExtIV) {
214 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);
215 } else {
216 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);
217 }
218 }
219 else {
220 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
221 }
222 }
223 }
224 else {
225 cbHeaderSize -= 2;
226 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
227 if (bIsWEP) {
228 if (bExtIV) {
229 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);
230 } else {
231 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);
232 }
233 }
234 else {
235 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
236 }
237 }
238
239 cbHeaderSize -= (U_ETHER_ADDR_LEN * 2);
240 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
241 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
242 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
243 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
244 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
245
246 *pcbHeadSize = cbHeaderSize;
247}
248
249
250
251
252static BYTE s_byGetRateIdx (IN BYTE byRate)
253{
254 BYTE byRateIdx;
255
256 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
257 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
258 return byRateIdx;
259 }
260 return 0;
261}
262
263
264static
265VOID
266s_vGetDASA (
267 IN PBYTE pbyRxBufferAddr,
268 OUT PUINT pcbHeaderSize,
269 OUT PSEthernetHeader psEthHeader
270 )
271{
272 UINT cbHeaderSize = 0;
273 PS802_11Header pMACHeader;
274 int ii;
275
276 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
277
278 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
279 if (pMACHeader->wFrameCtl & FC_FROMDS) {
280 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
281 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
282 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
283 }
284 }
285 else {
286
287 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
288 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
289 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
290 }
291 }
292 }
293 else {
294
295 if (pMACHeader->wFrameCtl & FC_FROMDS) {
296 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
297 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
298 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
299 cbHeaderSize += 6;
300 }
301 }
302 else {
303 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
304 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
305 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
306 }
307 }
308 };
309 *pcbHeaderSize = cbHeaderSize;
310}
311
312
313
314
315
316
317VOID MngWorkItem(PVOID Context)
318{
319 PSRxMgmtPacket pRxMgmtPacket;
320 PSDevice pDevice = (PSDevice) Context;
321
322 spin_lock_irq(&pDevice->lock);
323 while(pDevice->rxManeQueue.packet_num != 0)
324 {
325 pRxMgmtPacket = DeQueue(pDevice);
326 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket);
327 }
328 spin_unlock_irq(&pDevice->lock);
329}
330
331
332
333
334
335
336BOOL
337device_receive_frame (
338 IN PSDevice pDevice,
339 IN PSRxDesc pCurrRD
340 )
341{
342
343 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo;
344#ifdef PLICE_DEBUG
345
346#endif
347 struct net_device_stats* pStats=&pDevice->stats;
348 struct sk_buff* skb;
349 PSMgmtObject pMgmt = pDevice->pMgmt;
350 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket);
351 PS802_11Header p802_11Header;
352 PBYTE pbyRsr;
353 PBYTE pbyNewRsr;
354 PBYTE pbyRSSI;
355 PQWORD pqwTSFTime;
356 PWORD pwFrameSize;
357 PBYTE pbyFrame;
358 BOOL bDeFragRx = FALSE;
359 BOOL bIsWEP = FALSE;
360 UINT cbHeaderOffset;
361 UINT FrameSize;
362 WORD wEtherType = 0;
363 INT iSANodeIndex = -1;
364 INT iDANodeIndex = -1;
365 UINT ii;
366 UINT cbIVOffset;
367 BOOL bExtIV = FALSE;
368 PBYTE pbyRxSts;
369 PBYTE pbyRxRate;
370 PBYTE pbySQ;
371 UINT cbHeaderSize;
372 PSKeyItem pKey = NULL;
373 WORD wRxTSC15_0 = 0;
374 DWORD dwRxTSC47_16 = 0;
375 SKeyItem STempKey;
376
377 DWORD dwDuration = 0;
378 LONG ldBm = 0;
379 LONG ldBmThreshold = 0;
380 PS802_11Header pMACHeader;
381 BOOL bRxeapol_key = FALSE;
382
383
384
385 skb = pRDInfo->skb;
386
387
388
389#if 1
390 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma,
391 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE);
392#endif
393
394 pwFrameSize = (PWORD)(skb->data + 2);
395 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount);
396
397
398
399 if ((FrameSize > 2364)||(FrameSize <= 32)) {
400
401 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
402 return FALSE;
403 }
404
405 pbyRxSts = (PBYTE) (skb->data);
406 pbyRxRate = (PBYTE) (skb->data + 1);
407 pbyRsr = (PBYTE) (skb->data + FrameSize - 1);
408 pbyRSSI = (PBYTE) (skb->data + FrameSize - 2);
409 pbyNewRsr = (PBYTE) (skb->data + FrameSize - 3);
410 pbySQ = (PBYTE) (skb->data + FrameSize - 4);
411 pqwTSFTime = (PQWORD) (skb->data + FrameSize - 12);
412 pbyFrame = (PBYTE)(skb->data + 4);
413
414
415 FrameSize = cpu_to_le16(*pwFrameSize);
416
417 if ((FrameSize > 2346)|(FrameSize < 14)) {
418
419 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n");
420 return FALSE;
421 }
422
423#if 1
424
425 STAvUpdateRDStatCounter(&pDevice->scStatistic,
426 *pbyRsr,
427 *pbyNewRsr,
428 *pbyRxRate,
429 pbyFrame,
430 FrameSize);
431
432#endif
433
434 pMACHeader=(PS802_11Header)((PBYTE) (skb->data)+8);
435
436 if (pDevice->bMeasureInProgress == TRUE) {
437 if ((*pbyRsr & RSR_CRCOK) != 0) {
438 pDevice->byBasicMap |= 0x01;
439 }
440 dwDuration = (FrameSize << 4);
441 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE];
442 if (*pbyRxRate <= RATE_11M) {
443 if (*pbyRxSts & 0x01) {
444
445 dwDuration += 192;
446 } else {
447
448 dwDuration += 96;
449 }
450 } else {
451 dwDuration += 16;
452 }
453 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
454 ldBmThreshold = -57;
455 for (ii = 7; ii > 0;) {
456 if (ldBm > ldBmThreshold) {
457 break;
458 }
459 ldBmThreshold -= 5;
460 ii--;
461 }
462 pDevice->dwRPIs[ii] += dwDuration;
463 return FALSE;
464 }
465
466 if (!IS_MULTICAST_ADDRESS(pbyFrame) && !IS_BROADCAST_ADDRESS(pbyFrame)) {
467 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) (skb->data + 4))) {
468 pDevice->s802_11Counter.FrameDuplicateCount++;
469 return FALSE;
470 }
471 }
472
473
474
475 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader);
476
477
478 if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr))
479 return FALSE;
480
481 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
482 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
483 p802_11Header = (PS802_11Header) (pbyFrame);
484
485 if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
486 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
487 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
488 }
489 }
490 }
491
492 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
493 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
494 return FALSE;
495 }
496 }
497
498
499 if (IS_FC_WEP(pbyFrame)) {
500 BOOL bRxDecryOK = FALSE;
501
502 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
503 bIsWEP = TRUE;
504 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
505 pKey = &STempKey;
506 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
507 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
508 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
509 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
510 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
511 memcpy(pKey->abyKey,
512 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
513 pKey->uKeyLength
514 );
515
516 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
517 pbyFrame,
518 FrameSize,
519 pbyRsr,
520 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
521 pKey,
522 pbyNewRsr,
523 &bExtIV,
524 &wRxTSC15_0,
525 &dwRxTSC47_16);
526 } else {
527 bRxDecryOK = s_bHandleRxEncryption(pDevice,
528 pbyFrame,
529 FrameSize,
530 pbyRsr,
531 pbyNewRsr,
532 &pKey,
533 &bExtIV,
534 &wRxTSC15_0,
535 &dwRxTSC47_16);
536 }
537
538 if (bRxDecryOK) {
539 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
540 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
541 if ( (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
542 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
543 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
544 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
545 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
546
547 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
548 pDevice->s802_11Counter.TKIPICVErrors++;
549 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
550 pDevice->s802_11Counter.CCMPDecryptErrors++;
551 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
552
553 }
554 }
555 return FALSE;
556 }
557 } else {
558 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
559 return FALSE;
560 }
561 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
562 FrameSize -= 8;
563 else
564 FrameSize -= 4;
565 }
566
567
568
569
570
571
572 FrameSize -= U_CRC_LEN;
573
574 if (( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) &&
575 (IS_FRAGMENT_PKT((skb->data+4)))
576 ) {
577
578 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (skb->data+4), FrameSize, bIsWEP, bExtIV);
579 pDevice->s802_11Counter.ReceivedFragmentCount++;
580 if (bDeFragRx) {
581
582 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
583 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
584
585 }
586 else {
587 return FALSE;
588 }
589 }
590
591
592
593 if ((IS_TYPE_DATA((skb->data+4))) == FALSE) {
594
595
596 if (IS_TYPE_MGMT((skb->data+4))) {
597 PBYTE pbyData1;
598 PBYTE pbyData2;
599
600 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4);
601 pRxPacket->cbMPDULen = FrameSize;
602 pRxPacket->uRSSI = *pbyRSSI;
603 pRxPacket->bySQ = *pbySQ;
604 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
605 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
606 if (bIsWEP) {
607
608 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4);
609 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4;
610 for (ii = 0; ii < (FrameSize - 4); ii++) {
611 *pbyData1 = *pbyData2;
612 pbyData1++;
613 pbyData2++;
614 }
615 }
616 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
617 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
618
619
620
621#ifdef THREAD
622 EnQueue(pDevice,pRxPacket);
623
624
625
626
627#else
628
629#ifdef TASK_LET
630 EnQueue(pDevice,pRxPacket);
631 tasklet_schedule(&pDevice->RxMngWorkItem);
632#else
633
634 vMgrRxManagePacket((HANDLE)pDevice, pDevice->pMgmt, pRxPacket);
635
636#endif
637
638#endif
639
640
641
642 if (pDevice->bEnableHostapd) {
643 skb->dev = pDevice->apdev;
644 skb->data += 4;
645 skb->tail += 4;
646 skb_put(skb, FrameSize);
647 skb_reset_mac_header(skb);
648 skb->pkt_type = PACKET_OTHERHOST;
649 skb->protocol = htons(ETH_P_802_2);
650 memset(skb->cb, 0, sizeof(skb->cb));
651 netif_rx(skb);
652 return TRUE;
653 }
654 }
655 else {
656
657 };
658 return FALSE;
659 }
660 else {
661 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
662
663 if ( !(*pbyRsr & RSR_BSSIDOK)) {
664 if (bDeFragRx) {
665 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
666 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
667 pDevice->dev->name);
668 }
669 }
670 return FALSE;
671 }
672 }
673 else {
674
675 if ((pDevice->bLinkPass == FALSE) ||
676 !(*pbyRsr & RSR_BSSIDOK)) {
677 if (bDeFragRx) {
678 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
679 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
680 pDevice->dev->name);
681 }
682 }
683 return FALSE;
684 }
685
686 {
687 BYTE Protocol_Version;
688 BYTE Packet_Type;
689 if (bIsWEP)
690 cbIVOffset = 8;
691 else
692 cbIVOffset = 0;
693 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
694 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
695 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
696 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
697 if (wEtherType == ETH_P_PAE) {
698 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
699 (Packet_Type==3)) {
700 bRxeapol_key = TRUE;
701 }
702 }
703 }
704
705 }
706 }
707
708
709
710
711
712 if (pDevice->bEnablePSMode) {
713 if (IS_FC_MOREDATA((skb->data+4))) {
714 if (*pbyRsr & RSR_ADDROK) {
715
716 }
717 }
718 else {
719 if (pDevice->pMgmt->bInTIMWake == TRUE) {
720 pDevice->pMgmt->bInTIMWake = FALSE;
721 }
722 }
723 };
724
725
726 if (pDevice->bDiversityEnable && (FrameSize>50) &&
727 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
728 (pDevice->bLinkPass == TRUE)) {
729
730 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
731 }
732
733
734 if (pDevice->byLocalID != REV_ID_VT3253_B1) {
735 pDevice->uCurrRSSI = *pbyRSSI;
736 }
737 pDevice->byCurrSQ = *pbySQ;
738
739 if ((*pbyRSSI != 0) &&
740 (pMgmt->pCurrBSS!=NULL)) {
741 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
742
743 pMgmt->pCurrBSS->byRSSIStatCnt++;
744 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
745 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
746 for(ii=0;ii<RSSI_STAT_COUNT;ii++) {
747 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
748 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
749 }
750 }
751 }
752
753
754
755 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
756 BYTE abyMacHdr[24];
757
758
759 if (bIsWEP)
760 cbIVOffset = 8;
761 else
762 cbIVOffset = 0;
763 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) |
764 skb->data[cbIVOffset + 4 + 24 + 6 + 1];
765
766 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
767 if (wEtherType == ETH_P_PAE) {
768 skb->dev = pDevice->apdev;
769
770 if (bIsWEP == TRUE) {
771
772 memcpy(&abyMacHdr[0], (skb->data + 4), 24);
773 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24);
774 }
775 skb->data += (cbIVOffset + 4);
776 skb->tail += (cbIVOffset + 4);
777 skb_put(skb, FrameSize);
778 skb_reset_mac_header(skb);
779
780 skb->pkt_type = PACKET_OTHERHOST;
781 skb->protocol = htons(ETH_P_802_2);
782 memset(skb->cb, 0, sizeof(skb->cb));
783 netif_rx(skb);
784 return TRUE;
785
786}
787
788 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
789 return FALSE;
790 }
791
792
793 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
794 if (bIsWEP) {
795 FrameSize -= 8;
796 }
797 }
798
799
800
801 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
802 if (bIsWEP) {
803 PDWORD pdwMIC_L;
804 PDWORD pdwMIC_R;
805 DWORD dwMIC_Priority;
806 DWORD dwMICKey0 = 0, dwMICKey1 = 0;
807 DWORD dwLocalMIC_L = 0;
808 DWORD dwLocalMIC_R = 0;
809 viawget_wpa_header *wpahdr;
810
811
812 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
813 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
814 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
815 }
816 else {
817 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
818 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
819 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
820 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
821 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
822 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
823 } else {
824 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
825 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
826 }
827 }
828
829 MIC_vInit(dwMICKey0, dwMICKey1);
830 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
831 dwMIC_Priority = 0;
832 MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
833
834 MIC_vAppend((PBYTE)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8),
835 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
836 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
837 MIC_vUnInit();
838
839 pdwMIC_L = (PDWORD)(skb->data + 4 + FrameSize);
840 pdwMIC_R = (PDWORD)(skb->data + 4 + FrameSize + 4);
841
842
843
844
845
846 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
847 (pDevice->bRxMICFail == TRUE)) {
848 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
849 pDevice->bRxMICFail = FALSE;
850
851 pDevice->s802_11Counter.TKIPLocalMICFailures++;
852 if (bDeFragRx) {
853 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
854 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
855 pDevice->dev->name);
856 }
857 }
858
859 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
860
861
862 {
863 union iwreq_data wrqu;
864 struct iw_michaelmicfailure ev;
865 int keyidx = pbyFrame[cbHeaderSize+3] >> 6;
866 memset(&ev, 0, sizeof(ev));
867 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
868 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
869 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
870 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
871 ev.flags |= IW_MICFAILURE_PAIRWISE;
872 } else {
873 ev.flags |= IW_MICFAILURE_GROUP;
874 }
875
876 ev.src_addr.sa_family = ARPHRD_ETHER;
877 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
878 memset(&wrqu, 0, sizeof(wrqu));
879 wrqu.data.length = sizeof(ev);
880 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
881
882 }
883 #endif
884
885
886 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
887 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
888 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
889 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
890 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
891
892 wpahdr->type = VIAWGET_PTK_MIC_MSG;
893 } else {
894
895 wpahdr->type = VIAWGET_GTK_MIC_MSG;
896 }
897 wpahdr->resp_ie_len = 0;
898 wpahdr->req_ie_len = 0;
899 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
900 pDevice->skb->dev = pDevice->wpadev;
901 skb_reset_mac_header(pDevice->skb);
902 pDevice->skb->pkt_type = PACKET_HOST;
903 pDevice->skb->protocol = htons(ETH_P_802_2);
904 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
905 netif_rx(pDevice->skb);
906 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
907 };
908
909 return FALSE;
910
911 }
912 }
913 }
914
915
916
917 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
918 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
919 if (bIsWEP) {
920 WORD wLocalTSC15_0 = 0;
921 DWORD dwLocalTSC47_16 = 0;
922 ULONGLONG RSC = 0;
923
924 RSC = *((ULONGLONG *) &(pKey->KeyRSC));
925 wLocalTSC15_0 = (WORD) RSC;
926 dwLocalTSC47_16 = (DWORD) (RSC>>16);
927
928 RSC = dwRxTSC47_16;
929 RSC <<= 16;
930 RSC += wRxTSC15_0;
931 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
932
933 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
934 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
935
936 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
937 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
938 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
939 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
940 if (pKey->byCipherSuite == KEY_CTL_TKIP)
941
942 pDevice->s802_11Counter.TKIPReplays++;
943 else
944
945 pDevice->s802_11Counter.CCMPReplays++;
946
947 if (bDeFragRx) {
948 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
949 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
950 pDevice->dev->name);
951 }
952 }
953 return FALSE;
954 }
955 }
956 }
957 }
958
959
960
961 if ((pKey != NULL) && (bIsWEP)) {
962
963 }
964
965
966 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
967 FrameSize -= cbHeaderOffset;
968 cbHeaderOffset += 4;
969
970
971 if (FrameSize < 15)
972 return FALSE;
973
974 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
975 if (s_bAPModeRxData(pDevice,
976 skb,
977 FrameSize,
978 cbHeaderOffset,
979 iSANodeIndex,
980 iDANodeIndex
981 ) == FALSE) {
982
983 if (bDeFragRx) {
984 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
985 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
986 pDevice->dev->name);
987 }
988 }
989 return FALSE;
990 }
991
992
993
994
995
996
997
998 }
999
1000 skb->data += cbHeaderOffset;
1001 skb->tail += cbHeaderOffset;
1002 skb_put(skb, FrameSize);
1003 skb->protocol=eth_type_trans(skb, skb->dev);
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024 skb->ip_summed=CHECKSUM_NONE;
1025 pStats->rx_bytes +=skb->len;
1026 pStats->rx_packets++;
1027 netif_rx(skb);
1028
1029 if (bDeFragRx) {
1030 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1031 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1032 pDevice->dev->name);
1033 }
1034 return FALSE;
1035 }
1036
1037 return TRUE;
1038}
1039
1040
1041static BOOL s_bAPModeRxCtl (
1042 IN PSDevice pDevice,
1043 IN PBYTE pbyFrame,
1044 IN INT iSANodeIndex
1045 )
1046{
1047 PS802_11Header p802_11Header;
1048 CMD_STATUS Status;
1049 PSMgmtObject pMgmt = pDevice->pMgmt;
1050
1051
1052 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1053
1054 p802_11Header = (PS802_11Header) (pbyFrame);
1055 if (!IS_TYPE_MGMT(pbyFrame)) {
1056
1057
1058
1059 if (iSANodeIndex > 0) {
1060
1061 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1062
1063
1064 vMgrDeAuthenBeginSta(pDevice,
1065 pMgmt,
1066 (PBYTE)(p802_11Header->abyAddr2),
1067 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1068 &Status
1069 );
1070 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1071 return TRUE;
1072 };
1073 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1074
1075
1076 vMgrDisassocBeginSta(pDevice,
1077 pMgmt,
1078 (PBYTE)(p802_11Header->abyAddr2),
1079 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1080 &Status
1081 );
1082 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1083 return TRUE;
1084 };
1085
1086 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1087
1088 if (IS_CTL_PSPOLL(pbyFrame)) {
1089 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1090 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1091 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1092 }
1093 else {
1094
1095
1096 if (!IS_FC_POWERMGT(pbyFrame)) {
1097 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1098 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1099 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1100 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1101 }
1102 }
1103 }
1104 else {
1105 if (IS_FC_POWERMGT(pbyFrame)) {
1106 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1107
1108 pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1109 }
1110 else {
1111
1112 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1113 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1114 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1115 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1116 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1117
1118 }
1119 }
1120 }
1121 }
1122 else {
1123 vMgrDeAuthenBeginSta(pDevice,
1124 pMgmt,
1125 (PBYTE)(p802_11Header->abyAddr2),
1126 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1127 &Status
1128 );
1129 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1130 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1131 p802_11Header->abyAddr3[0],
1132 p802_11Header->abyAddr3[1],
1133 p802_11Header->abyAddr3[2],
1134 p802_11Header->abyAddr3[3],
1135 p802_11Header->abyAddr3[4],
1136 p802_11Header->abyAddr3[5]
1137 );
1138 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1139 p802_11Header->abyAddr2[0],
1140 p802_11Header->abyAddr2[1],
1141 p802_11Header->abyAddr2[2],
1142 p802_11Header->abyAddr2[3],
1143 p802_11Header->abyAddr2[4],
1144 p802_11Header->abyAddr2[5]
1145 );
1146 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1147 p802_11Header->abyAddr1[0],
1148 p802_11Header->abyAddr1[1],
1149 p802_11Header->abyAddr1[2],
1150 p802_11Header->abyAddr1[3],
1151 p802_11Header->abyAddr1[4],
1152 p802_11Header->abyAddr1[5]
1153 );
1154 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1155 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode));
1156 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode );
1157 return TRUE;
1158 }
1159 }
1160 }
1161 return FALSE;
1162
1163}
1164
1165static BOOL s_bHandleRxEncryption (
1166 IN PSDevice pDevice,
1167 IN PBYTE pbyFrame,
1168 IN UINT FrameSize,
1169 IN PBYTE pbyRsr,
1170 OUT PBYTE pbyNewRsr,
1171 OUT PSKeyItem *pKeyOut,
1172 int * pbExtIV,
1173 OUT PWORD pwRxTSC15_0,
1174 OUT PDWORD pdwRxTSC47_16
1175 )
1176{
1177 UINT PayloadLen = FrameSize;
1178 PBYTE pbyIV;
1179 BYTE byKeyIdx;
1180 PSKeyItem pKey = NULL;
1181 BYTE byDecMode = KEY_CTL_WEP;
1182 PSMgmtObject pMgmt = pDevice->pMgmt;
1183
1184
1185 *pwRxTSC15_0 = 0;
1186 *pdwRxTSC47_16 = 0;
1187
1188 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1189 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1190 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1191 pbyIV += 6;
1192 PayloadLen -= 6;
1193 }
1194 byKeyIdx = (*(pbyIV+3) & 0xc0);
1195 byKeyIdx >>= 6;
1196 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1197
1198 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1199 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1200 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1201 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1202 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1203 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1204 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) {
1205
1206 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1207 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1208 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP)
1209 byDecMode = KEY_CTL_TKIP;
1210 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP)
1211 byDecMode = KEY_CTL_CCMP;
1212 }
1213 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1214 } else {
1215
1216 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1217 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1218 byDecMode = KEY_CTL_TKIP;
1219 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1220 byDecMode = KEY_CTL_CCMP;
1221 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1222 }
1223 }
1224
1225 if (pKey == NULL) {
1226
1227 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1228 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1229 byDecMode = KEY_CTL_TKIP;
1230 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1231 byDecMode = KEY_CTL_CCMP;
1232 }
1233 *pKeyOut = pKey;
1234
1235 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1236
1237 if (pKey == NULL) {
1238 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1239 if (byDecMode == KEY_CTL_WEP) {
1240
1241 } else if (pDevice->bLinkPass == TRUE) {
1242
1243 }
1244 return FALSE;
1245 }
1246 if (byDecMode != pKey->byCipherSuite) {
1247 if (byDecMode == KEY_CTL_WEP) {
1248
1249 } else if (pDevice->bLinkPass == TRUE) {
1250
1251 }
1252 *pKeyOut = NULL;
1253 return FALSE;
1254 }
1255 if (byDecMode == KEY_CTL_WEP) {
1256
1257 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1258 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1259
1260
1261
1262
1263 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4);
1264 memcpy(pDevice->abyPRNG, pbyIV, 3);
1265 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1266 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1267 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1268
1269 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1270 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1271 }
1272 }
1273 } else if ((byDecMode == KEY_CTL_TKIP) ||
1274 (byDecMode == KEY_CTL_CCMP)) {
1275
1276
1277 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4);
1278 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1279 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1280 if (byDecMode == KEY_CTL_TKIP) {
1281 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1282 } else {
1283 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1284 }
1285 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1286
1287 if ((byDecMode == KEY_CTL_TKIP) &&
1288 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1289
1290
1291 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1292 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1293 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1294 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1295 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1296 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1297 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1298 } else {
1299 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1300 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1301 }
1302 }
1303 }
1304
1305 if ((*(pbyIV+3) & 0x20) != 0)
1306 *pbExtIV = TRUE;
1307 return TRUE;
1308}
1309
1310
1311static BOOL s_bHostWepRxEncryption (
1312 IN PSDevice pDevice,
1313 IN PBYTE pbyFrame,
1314 IN UINT FrameSize,
1315 IN PBYTE pbyRsr,
1316 IN BOOL bOnFly,
1317 IN PSKeyItem pKey,
1318 OUT PBYTE pbyNewRsr,
1319 int * pbExtIV,
1320 OUT PWORD pwRxTSC15_0,
1321 OUT PDWORD pdwRxTSC47_16
1322 )
1323{
1324 UINT PayloadLen = FrameSize;
1325 PBYTE pbyIV;
1326 BYTE byKeyIdx;
1327 BYTE byDecMode = KEY_CTL_WEP;
1328 PS802_11Header pMACHeader;
1329
1330
1331
1332 *pwRxTSC15_0 = 0;
1333 *pdwRxTSC47_16 = 0;
1334
1335 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1336 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1337 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1338 pbyIV += 6;
1339 PayloadLen -= 6;
1340 }
1341 byKeyIdx = (*(pbyIV+3) & 0xc0);
1342 byKeyIdx >>= 6;
1343 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1344
1345
1346 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1347 byDecMode = KEY_CTL_TKIP;
1348 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1349 byDecMode = KEY_CTL_CCMP;
1350
1351 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1352
1353 if (byDecMode != pKey->byCipherSuite) {
1354 if (byDecMode == KEY_CTL_WEP) {
1355
1356 } else if (pDevice->bLinkPass == TRUE) {
1357
1358 }
1359 return FALSE;
1360 }
1361
1362 if (byDecMode == KEY_CTL_WEP) {
1363
1364 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1365 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1366 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1367 (bOnFly == FALSE)) {
1368
1369
1370
1371
1372
1373 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4);
1374 memcpy(pDevice->abyPRNG, pbyIV, 3);
1375 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1376 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1377 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1378
1379 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1380 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1381 }
1382 }
1383 } else if ((byDecMode == KEY_CTL_TKIP) ||
1384 (byDecMode == KEY_CTL_CCMP)) {
1385
1386
1387 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4);
1388 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1389 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1390
1391 if (byDecMode == KEY_CTL_TKIP) {
1392 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1393 } else {
1394 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1395 }
1396 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1397
1398 if (byDecMode == KEY_CTL_TKIP) {
1399
1400 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1401
1402
1403
1404 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1405 pMACHeader = (PS802_11Header) (pbyFrame);
1406 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1407 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1408 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1409 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1410 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1411 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1412 } else {
1413 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1414 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1415 }
1416 }
1417 }
1418
1419 if (byDecMode == KEY_CTL_CCMP) {
1420 if (bOnFly == FALSE) {
1421
1422
1423 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1424 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1425 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1426 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1427 } else {
1428 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1429 }
1430 }
1431 }
1432
1433 }
1434
1435 if ((*(pbyIV+3) & 0x20) != 0)
1436 *pbExtIV = TRUE;
1437 return TRUE;
1438}
1439
1440
1441
1442static BOOL s_bAPModeRxData (
1443 IN PSDevice pDevice,
1444 IN struct sk_buff* skb,
1445 IN UINT FrameSize,
1446 IN UINT cbHeaderOffset,
1447 IN INT iSANodeIndex,
1448 IN INT iDANodeIndex
1449 )
1450{
1451 PSMgmtObject pMgmt = pDevice->pMgmt;
1452 BOOL bRelayAndForward = FALSE;
1453 BOOL bRelayOnly = FALSE;
1454 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1455 WORD wAID;
1456
1457
1458 struct sk_buff* skbcpy = NULL;
1459
1460 if (FrameSize > CB_MAX_BUF_SIZE)
1461 return FALSE;
1462
1463 if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) {
1464 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1465
1466 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1467
1468
1469 if (skbcpy == NULL) {
1470 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1471 }
1472 else {
1473 skbcpy->dev = pDevice->dev;
1474 skbcpy->len = FrameSize;
1475 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1476 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1477
1478 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1479
1480 pMgmt->abyPSTxMap[0] |= byMask[0];
1481 }
1482 }
1483 else {
1484 bRelayAndForward = TRUE;
1485 }
1486 }
1487 else {
1488
1489 if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1490 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1491 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1492
1493
1494 skb->data += cbHeaderOffset;
1495 skb->tail += cbHeaderOffset;
1496 skb_put(skb, FrameSize);
1497 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1498 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1499 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1500 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1501 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1502 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1503 return TRUE;
1504 }
1505 else {
1506 bRelayOnly = TRUE;
1507 }
1508 }
1509 };
1510 }
1511
1512 if (bRelayOnly || bRelayAndForward) {
1513
1514 if (bRelayAndForward)
1515 iDANodeIndex = 0;
1516
1517 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1518 ROUTEbRelay(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex);
1519 }
1520
1521 if (bRelayOnly)
1522 return FALSE;
1523 }
1524
1525 if (pDevice->uAssocCount == 0)
1526 return FALSE;
1527
1528 return TRUE;
1529}
1530
1531