1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41#include "device.h"
42#include "rxtx.h"
43#include "tether.h"
44#include "card.h"
45#include "bssdb.h"
46#include "mac.h"
47#include "baseband.h"
48#include "michael.h"
49#include "tkip.h"
50#include "tcrc.h"
51#include "wctl.h"
52#include "hostap.h"
53#include "rf.h"
54#include "iowpa.h"
55#include "aes_ccmp.h"
56#include "datarate.h"
57#include "usbpipe.h"
58
59
60
61
62
63
64
65static int msglevel =MSG_LEVEL_INFO;
66
67const BYTE acbyRxRate[MAX_RATE] =
68{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
69
70
71
72
73
74
75
76
77static BYTE s_byGetRateIdx(IN BYTE byRate);
78
79
80static
81VOID
82s_vGetDASA(
83 IN PBYTE pbyRxBufferAddr,
84 OUT PUINT pcbHeaderSize,
85 OUT PSEthernetHeader psEthHeader
86 );
87
88static
89VOID
90s_vProcessRxMACHeader (
91 IN PSDevice pDevice,
92 IN PBYTE pbyRxBufferAddr,
93 IN UINT cbPacketSize,
94 IN BOOL bIsWEP,
95 IN BOOL bExtIV,
96 OUT PUINT pcbHeadSize
97 );
98
99static BOOL s_bAPModeRxCtl(
100 IN PSDevice pDevice,
101 IN PBYTE pbyFrame,
102 IN INT iSANodeIndex
103 );
104
105
106
107static BOOL s_bAPModeRxData (
108 IN PSDevice pDevice,
109 IN struct sk_buff* skb,
110 IN UINT FrameSize,
111 IN UINT cbHeaderOffset,
112 IN INT iSANodeIndex,
113 IN INT iDANodeIndex
114 );
115
116
117static BOOL s_bHandleRxEncryption(
118 IN PSDevice pDevice,
119 IN PBYTE pbyFrame,
120 IN UINT FrameSize,
121 IN PBYTE pbyRsr,
122 OUT PBYTE pbyNewRsr,
123 OUT PSKeyItem *pKeyOut,
124 int * pbExtIV,
125 OUT PWORD pwRxTSC15_0,
126 OUT PDWORD pdwRxTSC47_16
127 );
128
129static BOOL s_bHostWepRxEncryption(
130
131 IN PSDevice pDevice,
132 IN PBYTE pbyFrame,
133 IN UINT FrameSize,
134 IN PBYTE pbyRsr,
135 IN BOOL bOnFly,
136 IN PSKeyItem pKey,
137 OUT PBYTE pbyNewRsr,
138 int * pbExtIV,
139 OUT PWORD pwRxTSC15_0,
140 OUT PDWORD pdwRxTSC47_16
141
142 );
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163static
164VOID
165s_vProcessRxMACHeader (
166 IN PSDevice pDevice,
167 IN PBYTE pbyRxBufferAddr,
168 IN UINT cbPacketSize,
169 IN BOOL bIsWEP,
170 IN BOOL bExtIV,
171 OUT PUINT pcbHeadSize
172 )
173{
174 PBYTE pbyRxBuffer;
175 UINT cbHeaderSize = 0;
176 PWORD pwType;
177 PS802_11Header pMACHeader;
178 int ii;
179
180
181 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
182
183 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
184
185 if (bIsWEP) {
186 if (bExtIV) {
187
188 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
189 } else {
190
191 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
192 }
193 }
194 else {
195 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
196 };
197
198 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
199 if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
200 cbHeaderSize += 6;
201 }
202 else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
203 cbHeaderSize += 6;
204 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
205 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
206 }
207 else {
208 cbHeaderSize -= 8;
209 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
210 if (bIsWEP) {
211 if (bExtIV) {
212 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);
213 } else {
214 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);
215 }
216 }
217 else {
218 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
219 }
220 }
221 }
222 else {
223 cbHeaderSize -= 2;
224 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
225 if (bIsWEP) {
226 if (bExtIV) {
227 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);
228 } else {
229 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);
230 }
231 }
232 else {
233 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
234 }
235 }
236
237 cbHeaderSize -= (U_ETHER_ADDR_LEN * 2);
238 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
239 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
240 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
241 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
242 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
243
244 *pcbHeadSize = cbHeaderSize;
245}
246
247
248
249
250static BYTE s_byGetRateIdx (IN BYTE byRate)
251{
252 BYTE byRateIdx;
253
254 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
255 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
256 return byRateIdx;
257 }
258 return 0;
259}
260
261
262static
263VOID
264s_vGetDASA (
265 IN PBYTE pbyRxBufferAddr,
266 OUT PUINT pcbHeaderSize,
267 OUT PSEthernetHeader psEthHeader
268 )
269{
270 UINT cbHeaderSize = 0;
271 PS802_11Header pMACHeader;
272 int ii;
273
274 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
275
276 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
277 if (pMACHeader->wFrameCtl & FC_FROMDS) {
278 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
279 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
280 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
281 }
282 }
283 else {
284
285 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
286 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
287 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
288 }
289 }
290 }
291 else {
292
293 if (pMACHeader->wFrameCtl & FC_FROMDS) {
294 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
295 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
296 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
297 cbHeaderSize += 6;
298 }
299 }
300 else {
301 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
302 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
303 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
304 }
305 }
306 };
307 *pcbHeaderSize = cbHeaderSize;
308}
309
310
311
312
313BOOL
314RXbBulkInProcessData (
315 IN PSDevice pDevice,
316 IN PRCB pRCB,
317 IN ULONG BytesToIndicate
318 )
319{
320
321 struct net_device_stats* pStats=&pDevice->stats;
322 struct sk_buff* skb;
323 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
324 PSRxMgmtPacket pRxPacket = &(pMgmt->sRxPacket);
325 PS802_11Header p802_11Header;
326 PBYTE pbyRsr;
327 PBYTE pbyNewRsr;
328 PBYTE pbyRSSI;
329 PQWORD pqwTSFTime;
330 PBYTE pbyFrame;
331 BOOL bDeFragRx = FALSE;
332 UINT cbHeaderOffset;
333 UINT FrameSize;
334 WORD wEtherType = 0;
335 INT iSANodeIndex = -1;
336 INT iDANodeIndex = -1;
337 UINT ii;
338 UINT cbIVOffset;
339 PBYTE pbyRxSts;
340 PBYTE pbyRxRate;
341 PBYTE pbySQ;
342#ifdef Calcu_LinkQual
343 PBYTE pby3SQ;
344#endif
345 UINT cbHeaderSize;
346 PSKeyItem pKey = NULL;
347 WORD wRxTSC15_0 = 0;
348 DWORD dwRxTSC47_16 = 0;
349 SKeyItem STempKey;
350
351
352 BOOL bIsWEP = FALSE;
353 BOOL bExtIV = FALSE;
354 DWORD dwWbkStatus;
355 PRCB pRCBIndicate = pRCB;
356 PBYTE pbyDAddress;
357 PWORD pwPLCP_Length;
358 BYTE abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108};
359 WORD wPLCPwithPadding;
360 PS802_11Header pMACHeader;
361 BOOL bRxeapol_key = FALSE;
362
363
364
365 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n");
366
367 skb = pRCB->skb;
368
369
370 dwWbkStatus = *( (PDWORD)(skb->data) );
371 FrameSize = (UINT)(dwWbkStatus >> 16);
372 FrameSize += 4;
373
374 if (BytesToIndicate != FrameSize) {
375 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
376 return FALSE;
377 }
378
379 if ((BytesToIndicate > 2372)||(BytesToIndicate <= 40)) {
380
381 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n");
382 return FALSE;
383 }
384
385 pbyDAddress = (PBYTE)(skb->data);
386 pbyRxSts = pbyDAddress+4;
387 pbyRxRate = pbyDAddress+5;
388
389
390
391
392 pwPLCP_Length = (PWORD) (pbyDAddress + 6);
393
394 if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) ||
395 ((BytesToIndicate - (*pwPLCP_Length)) < 24) ||
396 (BytesToIndicate < (*pwPLCP_Length)) ) {
397
398 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length);
399 ASSERT(0);
400 return FALSE;
401 }
402 for ( ii=RATE_1M;ii<MAX_RATE;ii++) {
403 if ( *pbyRxRate == abyVaildRate[ii] ) {
404 break;
405 }
406 }
407 if ( ii==MAX_RATE ) {
408 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate);
409 return FALSE;
410 }
411
412 wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4;
413
414 pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding);
415#ifdef Calcu_LinkQual
416 if(pDevice->byBBType == BB_TYPE_11G) {
417 pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12;
418 pbySQ = pby3SQ;
419 }
420 else {
421 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
422 pby3SQ = pbySQ;
423 }
424#else
425 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
426#endif
427 pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9;
428 pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10;
429 pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11;
430
431 FrameSize = *pwPLCP_Length;
432
433 pbyFrame = pbyDAddress + 8;
434
435
436 STAvUpdateRDStatCounter(&pDevice->scStatistic,
437 *pbyRsr,
438 *pbyNewRsr,
439 *pbyRxSts,
440 *pbyRxRate,
441 pbyFrame,
442 FrameSize
443 );
444
445
446 pMACHeader = (PS802_11Header) pbyFrame;
447
448
449 if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) ||
450 (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) {
451 if (pMgmt->sNodeDBTable[0].bActive) {
452 if(IS_ETH_ADDRESS_EQUAL (pMgmt->abyCurrBSSID, pMACHeader->abyAddr2) ) {
453 if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
454 pMgmt->sNodeDBTable[0].uInActiveCount = 0;
455 }
456 }
457 }
458
459 if (!IS_MULTICAST_ADDRESS(pMACHeader->abyAddr1) && !IS_BROADCAST_ADDRESS(pMACHeader->abyAddr1)) {
460 if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) {
461 pDevice->s802_11Counter.FrameDuplicateCount++;
462 return FALSE;
463 }
464
465 if ( !IS_ETH_ADDRESS_EQUAL (pDevice->abyCurrentNetAddr, pMACHeader->abyAddr1) ) {
466 return FALSE;
467 }
468 }
469
470
471
472 s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader);
473
474 if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr))
475 return FALSE;
476
477 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
478 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
479 p802_11Header = (PS802_11Header) (pbyFrame);
480
481 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
482 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
483 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
484 }
485 }
486 }
487
488 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
489 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
490 return FALSE;
491 }
492 }
493
494
495 if (IS_FC_WEP(pbyFrame)) {
496 BOOL bRxDecryOK = FALSE;
497
498 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
499 bIsWEP = TRUE;
500 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
501 pKey = &STempKey;
502 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
503 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
504 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
505 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
506 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
507 memcpy(pKey->abyKey,
508 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
509 pKey->uKeyLength
510 );
511
512 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
513 pbyFrame,
514 FrameSize,
515 pbyRsr,
516 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
517 pKey,
518 pbyNewRsr,
519 &bExtIV,
520 &wRxTSC15_0,
521 &dwRxTSC47_16);
522 } else {
523 bRxDecryOK = s_bHandleRxEncryption(pDevice,
524 pbyFrame,
525 FrameSize,
526 pbyRsr,
527 pbyNewRsr,
528 &pKey,
529 &bExtIV,
530 &wRxTSC15_0,
531 &dwRxTSC47_16);
532 }
533
534 if (bRxDecryOK) {
535 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
536 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
537 if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
538 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
539 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
540 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
541 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
542
543 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
544 pDevice->s802_11Counter.TKIPICVErrors++;
545 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
546 pDevice->s802_11Counter.CCMPDecryptErrors++;
547 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
548
549 }
550 }
551 return FALSE;
552 }
553 } else {
554 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
555 return FALSE;
556 }
557 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
558 FrameSize -= 8;
559 else
560 FrameSize -= 4;
561 }
562
563
564
565
566
567
568 FrameSize -= U_CRC_LEN;
569
570 if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) &&
571 (IS_FRAGMENT_PKT((pbyFrame)))
572 ) {
573
574 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV);
575 pDevice->s802_11Counter.ReceivedFragmentCount++;
576 if (bDeFragRx) {
577
578
579 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
580 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
581 pbyFrame = skb->data + 8;
582 }
583 else {
584 return FALSE;
585 }
586 }
587
588
589
590
591 if ((IS_TYPE_DATA((pbyFrame))) == FALSE) {
592
593
594 if (IS_TYPE_MGMT((pbyFrame))) {
595 PBYTE pbyData1;
596 PBYTE pbyData2;
597
598 pRxPacket = &(pRCB->sMngPacket);
599 pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame);
600 pRxPacket->cbMPDULen = FrameSize;
601 pRxPacket->uRSSI = *pbyRSSI;
602 pRxPacket->bySQ = *pbySQ;
603 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
604 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
605 if (bIsWEP) {
606
607 pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame);
608 pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4;
609 for (ii = 0; ii < (FrameSize - 4); ii++) {
610 *pbyData1 = *pbyData2;
611 pbyData1++;
612 pbyData2++;
613 }
614 }
615
616 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
617
618 if ( *pbyRxSts == 0 ) {
619
620 if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) ||
621 (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) {
622 return TRUE;
623 }
624 }
625 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
626
627
628 if (pDevice->bEnableHostapd) {
629 skb->dev = pDevice->apdev;
630
631
632 skb->data += 8;
633 skb->tail += 8;
634 skb_put(skb, FrameSize);
635 skb_reset_mac_header(skb);
636 skb->pkt_type = PACKET_OTHERHOST;
637 skb->protocol = htons(ETH_P_802_2);
638 memset(skb->cb, 0, sizeof(skb->cb));
639 netif_rx(skb);
640 return TRUE;
641 }
642
643
644
645
646 EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate);
647 pDevice->NumRecvMngList++;
648 if ( bDeFragRx == FALSE) {
649 pRCB->Ref++;
650 }
651 if (pDevice->bIsRxMngWorkItemQueued == FALSE) {
652 pDevice->bIsRxMngWorkItemQueued = TRUE;
653 tasklet_schedule(&pDevice->RxMngWorkItem);
654 }
655
656 }
657 else {
658
659 };
660 return FALSE;
661 }
662 else {
663 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
664
665 if ( !(*pbyRsr & RSR_BSSIDOK)) {
666 if (bDeFragRx) {
667 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
668 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
669 pDevice->dev->name);
670 }
671 }
672 return FALSE;
673 }
674 }
675 else {
676
677 if ((pDevice->bLinkPass == FALSE) ||
678 !(*pbyRsr & RSR_BSSIDOK)) {
679 if (bDeFragRx) {
680 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
681 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
682 pDevice->dev->name);
683 }
684 }
685 return FALSE;
686 }
687
688 {
689 BYTE Protocol_Version;
690 BYTE Packet_Type;
691 BYTE Descriptor_type;
692 WORD Key_info;
693 if (bIsWEP)
694 cbIVOffset = 8;
695 else
696 cbIVOffset = 0;
697 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
698 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
699 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
700 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
701 if (wEtherType == ETH_P_PAE) {
702 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
703 (Packet_Type==3)) {
704 bRxeapol_key = TRUE;
705 Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2];
706 Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ;
707 if(Descriptor_type==2) {
708
709 }
710 else if(Descriptor_type==254) {
711
712 }
713 }
714 }
715 }
716
717 }
718 }
719
720
721
722
723
724 if (pDevice->bEnablePSMode) {
725 if (IS_FC_MOREDATA((pbyFrame))) {
726 if (*pbyRsr & RSR_ADDROK) {
727
728 }
729 }
730 else {
731 if (pMgmt->bInTIMWake == TRUE) {
732 pMgmt->bInTIMWake = FALSE;
733 }
734 }
735 };
736
737
738 if (pDevice->bDiversityEnable && (FrameSize>50) &&
739 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
740 (pDevice->bLinkPass == TRUE)) {
741 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
742 }
743
744
745 pDevice->uCurrRSSI = *pbyRSSI;
746 pDevice->byCurrSQ = *pbySQ;
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
769 BYTE abyMacHdr[24];
770
771
772 if (bIsWEP)
773 cbIVOffset = 8;
774 else
775 cbIVOffset = 0;
776 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
777 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
778
779 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
780 if (wEtherType == ETH_P_PAE) {
781 skb->dev = pDevice->apdev;
782
783 if (bIsWEP == TRUE) {
784
785 memcpy(&abyMacHdr[0], (skb->data + 8), 24);
786 memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24);
787 }
788
789 skb->data += (cbIVOffset + 8);
790 skb->tail += (cbIVOffset + 8);
791 skb_put(skb, FrameSize);
792 skb_reset_mac_header(skb);
793 skb->pkt_type = PACKET_OTHERHOST;
794 skb->protocol = htons(ETH_P_802_2);
795 memset(skb->cb, 0, sizeof(skb->cb));
796 netif_rx(skb);
797 return TRUE;
798
799 }
800
801 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
802 return FALSE;
803 }
804
805
806 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
807 if (bIsWEP) {
808 FrameSize -= 8;
809 }
810 }
811
812
813
814 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
815 if (bIsWEP) {
816 PDWORD pdwMIC_L;
817 PDWORD pdwMIC_R;
818 DWORD dwMIC_Priority;
819 DWORD dwMICKey0 = 0, dwMICKey1 = 0;
820 DWORD dwLocalMIC_L = 0;
821 DWORD dwLocalMIC_R = 0;
822 viawget_wpa_header *wpahdr;
823
824
825 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
826 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
827 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
828 }
829 else {
830 if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
831 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
832 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
833 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
834 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
835 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
836 } else {
837 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
838 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
839 }
840 }
841
842 MIC_vInit(dwMICKey0, dwMICKey1);
843 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
844 dwMIC_Priority = 0;
845 MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
846
847 MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8),
848 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
849 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
850 MIC_vUnInit();
851
852 pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize);
853 pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4);
854
855
856 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
857 (pDevice->bRxMICFail == TRUE)) {
858 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
859 pDevice->bRxMICFail = FALSE;
860
861 pDevice->s802_11Counter.TKIPLocalMICFailures++;
862 if (bDeFragRx) {
863 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
864 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
865 pDevice->dev->name);
866 }
867 }
868
869 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
870
871
872 {
873 union iwreq_data wrqu;
874 struct iw_michaelmicfailure ev;
875 int keyidx = pbyFrame[cbHeaderSize+3] >> 6;
876 memset(&ev, 0, sizeof(ev));
877 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
878 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
879 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
880 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
881 ev.flags |= IW_MICFAILURE_PAIRWISE;
882 } else {
883 ev.flags |= IW_MICFAILURE_GROUP;
884 }
885
886 ev.src_addr.sa_family = ARPHRD_ETHER;
887 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
888 memset(&wrqu, 0, sizeof(wrqu));
889 wrqu.data.length = sizeof(ev);
890 PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
891 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
892
893 }
894 #endif
895
896
897 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
898 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
899 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
900 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
901 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
902
903 wpahdr->type = VIAWGET_PTK_MIC_MSG;
904 } else {
905
906 wpahdr->type = VIAWGET_GTK_MIC_MSG;
907 }
908 wpahdr->resp_ie_len = 0;
909 wpahdr->req_ie_len = 0;
910 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
911 pDevice->skb->dev = pDevice->wpadev;
912 skb_reset_mac_header(pDevice->skb);
913 pDevice->skb->pkt_type = PACKET_HOST;
914 pDevice->skb->protocol = htons(ETH_P_802_2);
915 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
916 netif_rx(pDevice->skb);
917 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
918 };
919
920 return FALSE;
921
922 }
923 }
924 }
925
926
927
928 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
929 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
930 if (bIsWEP) {
931 WORD wLocalTSC15_0 = 0;
932 DWORD dwLocalTSC47_16 = 0;
933 ULONGLONG RSC = 0;
934
935 RSC = *((ULONGLONG *) &(pKey->KeyRSC));
936 wLocalTSC15_0 = (WORD) RSC;
937 dwLocalTSC47_16 = (DWORD) (RSC>>16);
938
939 RSC = dwRxTSC47_16;
940 RSC <<= 16;
941 RSC += wRxTSC15_0;
942 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
943
944 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
945 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
946
947 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
948 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
949 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
950 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
951 if (pKey->byCipherSuite == KEY_CTL_TKIP)
952
953 pDevice->s802_11Counter.TKIPReplays++;
954 else
955
956 pDevice->s802_11Counter.CCMPReplays++;
957
958 if (bDeFragRx) {
959 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
960 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
961 pDevice->dev->name);
962 }
963 }
964 return FALSE;
965 }
966 }
967 }
968 }
969
970
971 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
972 FrameSize -= cbHeaderOffset;
973 cbHeaderOffset += 8;
974
975
976 if (FrameSize < 12)
977 return FALSE;
978
979 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
980 if (s_bAPModeRxData(pDevice,
981 skb,
982 FrameSize,
983 cbHeaderOffset,
984 iSANodeIndex,
985 iDANodeIndex
986 ) == FALSE) {
987
988 if (bDeFragRx) {
989 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
990 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
991 pDevice->dev->name);
992 }
993 }
994 return FALSE;
995 }
996
997 }
998
999 skb->data += cbHeaderOffset;
1000 skb->tail += cbHeaderOffset;
1001 skb_put(skb, FrameSize);
1002 skb->protocol=eth_type_trans(skb, skb->dev);
1003 skb->ip_summed=CHECKSUM_NONE;
1004 pStats->rx_bytes +=skb->len;
1005 pStats->rx_packets++;
1006 netif_rx(skb);
1007 if (bDeFragRx) {
1008 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1009 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1010 pDevice->dev->name);
1011 }
1012 return FALSE;
1013 }
1014
1015 return TRUE;
1016}
1017
1018
1019static BOOL s_bAPModeRxCtl (
1020 IN PSDevice pDevice,
1021 IN PBYTE pbyFrame,
1022 IN INT iSANodeIndex
1023 )
1024{
1025 PS802_11Header p802_11Header;
1026 CMD_STATUS Status;
1027 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1028
1029
1030 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1031
1032 p802_11Header = (PS802_11Header) (pbyFrame);
1033 if (!IS_TYPE_MGMT(pbyFrame)) {
1034
1035
1036
1037 if (iSANodeIndex > 0) {
1038
1039 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1040
1041
1042 vMgrDeAuthenBeginSta(pDevice,
1043 pMgmt,
1044 (PBYTE)(p802_11Header->abyAddr2),
1045 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1046 &Status
1047 );
1048 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1049 return TRUE;
1050 };
1051 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1052
1053
1054 vMgrDisassocBeginSta(pDevice,
1055 pMgmt,
1056 (PBYTE)(p802_11Header->abyAddr2),
1057 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1058 &Status
1059 );
1060 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1061 return TRUE;
1062 };
1063
1064 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1065
1066 if (IS_CTL_PSPOLL(pbyFrame)) {
1067 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1068 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1069 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1070 }
1071 else {
1072
1073
1074 if (!IS_FC_POWERMGT(pbyFrame)) {
1075 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1076 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1077 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1078 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1079 }
1080 }
1081 }
1082 else {
1083 if (IS_FC_POWERMGT(pbyFrame)) {
1084 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1085
1086 pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1087 }
1088 else {
1089
1090 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1091 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1092 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1093 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1094 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1095
1096 }
1097 }
1098 }
1099 }
1100 else {
1101 vMgrDeAuthenBeginSta(pDevice,
1102 pMgmt,
1103 (PBYTE)(p802_11Header->abyAddr2),
1104 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1105 &Status
1106 );
1107 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1108 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1109 p802_11Header->abyAddr3[0],
1110 p802_11Header->abyAddr3[1],
1111 p802_11Header->abyAddr3[2],
1112 p802_11Header->abyAddr3[3],
1113 p802_11Header->abyAddr3[4],
1114 p802_11Header->abyAddr3[5]
1115 );
1116 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1117 p802_11Header->abyAddr2[0],
1118 p802_11Header->abyAddr2[1],
1119 p802_11Header->abyAddr2[2],
1120 p802_11Header->abyAddr2[3],
1121 p802_11Header->abyAddr2[4],
1122 p802_11Header->abyAddr2[5]
1123 );
1124 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1125 p802_11Header->abyAddr1[0],
1126 p802_11Header->abyAddr1[1],
1127 p802_11Header->abyAddr1[2],
1128 p802_11Header->abyAddr1[3],
1129 p802_11Header->abyAddr1[4],
1130 p802_11Header->abyAddr1[5]
1131 );
1132 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1133 return TRUE;
1134 }
1135 }
1136 }
1137 return FALSE;
1138
1139}
1140
1141static BOOL s_bHandleRxEncryption (
1142 IN PSDevice pDevice,
1143 IN PBYTE pbyFrame,
1144 IN UINT FrameSize,
1145 IN PBYTE pbyRsr,
1146 OUT PBYTE pbyNewRsr,
1147 OUT PSKeyItem *pKeyOut,
1148 int * pbExtIV,
1149 OUT PWORD pwRxTSC15_0,
1150 OUT PDWORD pdwRxTSC47_16
1151 )
1152{
1153 UINT PayloadLen = FrameSize;
1154 PBYTE pbyIV;
1155 BYTE byKeyIdx;
1156 PSKeyItem pKey = NULL;
1157 BYTE byDecMode = KEY_CTL_WEP;
1158 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1159
1160
1161 *pwRxTSC15_0 = 0;
1162 *pdwRxTSC47_16 = 0;
1163
1164 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1165 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1166 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1167 pbyIV += 6;
1168 PayloadLen -= 6;
1169 }
1170 byKeyIdx = (*(pbyIV+3) & 0xc0);
1171 byKeyIdx >>= 6;
1172 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1173
1174 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1175 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1176 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1177 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1178 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1179 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1180 (pMgmt->byCSSPK != KEY_CTL_NONE)) {
1181
1182 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1183 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1184 if (pMgmt->byCSSPK == KEY_CTL_TKIP)
1185 byDecMode = KEY_CTL_TKIP;
1186 else if (pMgmt->byCSSPK == KEY_CTL_CCMP)
1187 byDecMode = KEY_CTL_CCMP;
1188 }
1189 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1190 } else {
1191
1192 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1193 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1194 byDecMode = KEY_CTL_TKIP;
1195 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1196 byDecMode = KEY_CTL_CCMP;
1197 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1198 }
1199 }
1200
1201 if (pKey == NULL) {
1202
1203 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1204 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1205 byDecMode = KEY_CTL_TKIP;
1206 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1207 byDecMode = KEY_CTL_CCMP;
1208 }
1209 *pKeyOut = pKey;
1210
1211 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1212
1213 if (pKey == NULL) {
1214 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1215 if (byDecMode == KEY_CTL_WEP) {
1216
1217 } else if (pDevice->bLinkPass == TRUE) {
1218
1219 }
1220 return FALSE;
1221 }
1222 if (byDecMode != pKey->byCipherSuite) {
1223 if (byDecMode == KEY_CTL_WEP) {
1224
1225 } else if (pDevice->bLinkPass == TRUE) {
1226
1227 }
1228 *pKeyOut = NULL;
1229 return FALSE;
1230 }
1231 if (byDecMode == KEY_CTL_WEP) {
1232
1233 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1234 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1235
1236
1237
1238
1239 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4);
1240 memcpy(pDevice->abyPRNG, pbyIV, 3);
1241 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1242 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1243 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1244
1245 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1246 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1247 }
1248 }
1249 } else if ((byDecMode == KEY_CTL_TKIP) ||
1250 (byDecMode == KEY_CTL_CCMP)) {
1251
1252
1253 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4);
1254 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1255 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1256 if (byDecMode == KEY_CTL_TKIP) {
1257 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1258 } else {
1259 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1260 }
1261 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1262
1263 if ((byDecMode == KEY_CTL_TKIP) &&
1264 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1265
1266
1267 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1268 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1269 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1270 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1271 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1272 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1273 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1274 } else {
1275 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1276 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1277 }
1278 }
1279 }
1280
1281 if ((*(pbyIV+3) & 0x20) != 0)
1282 *pbExtIV = TRUE;
1283 return TRUE;
1284}
1285
1286
1287static BOOL s_bHostWepRxEncryption (
1288 IN PSDevice pDevice,
1289 IN PBYTE pbyFrame,
1290 IN UINT FrameSize,
1291 IN PBYTE pbyRsr,
1292 IN BOOL bOnFly,
1293 IN PSKeyItem pKey,
1294 OUT PBYTE pbyNewRsr,
1295 int * pbExtIV,
1296 OUT PWORD pwRxTSC15_0,
1297 OUT PDWORD pdwRxTSC47_16
1298 )
1299{
1300 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1301 UINT PayloadLen = FrameSize;
1302 PBYTE pbyIV;
1303 BYTE byKeyIdx;
1304 BYTE byDecMode = KEY_CTL_WEP;
1305 PS802_11Header pMACHeader;
1306
1307
1308
1309 *pwRxTSC15_0 = 0;
1310 *pdwRxTSC47_16 = 0;
1311
1312 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1313 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1314 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1315 pbyIV += 6;
1316 PayloadLen -= 6;
1317 }
1318 byKeyIdx = (*(pbyIV+3) & 0xc0);
1319 byKeyIdx >>= 6;
1320 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1321
1322
1323 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1324 byDecMode = KEY_CTL_TKIP;
1325 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1326 byDecMode = KEY_CTL_CCMP;
1327
1328 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1329
1330 if (byDecMode != pKey->byCipherSuite) {
1331 if (byDecMode == KEY_CTL_WEP) {
1332
1333 } else if (pDevice->bLinkPass == TRUE) {
1334
1335 }
1336 return FALSE;
1337 }
1338
1339 if (byDecMode == KEY_CTL_WEP) {
1340
1341 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1342 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1343 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1344 (bOnFly == FALSE)) {
1345
1346
1347
1348
1349
1350 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4);
1351 memcpy(pDevice->abyPRNG, pbyIV, 3);
1352 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1353 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1354 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1355
1356 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1357 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1358 }
1359 }
1360 } else if ((byDecMode == KEY_CTL_TKIP) ||
1361 (byDecMode == KEY_CTL_CCMP)) {
1362
1363
1364 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4);
1365 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1366 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1367
1368 if (byDecMode == KEY_CTL_TKIP) {
1369 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1370 } else {
1371 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1372 }
1373 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1374
1375 if (byDecMode == KEY_CTL_TKIP) {
1376
1377 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1378
1379
1380
1381 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1382 pMACHeader = (PS802_11Header) (pbyFrame);
1383 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1384 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1385 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1386 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1387 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1388 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1389 } else {
1390 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1391 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1392 }
1393 }
1394 }
1395
1396 if (byDecMode == KEY_CTL_CCMP) {
1397 if (bOnFly == FALSE) {
1398
1399
1400 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1401 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1402 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1403 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1404 } else {
1405 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1406 }
1407 }
1408 }
1409
1410 }
1411
1412 if ((*(pbyIV+3) & 0x20) != 0)
1413 *pbExtIV = TRUE;
1414 return TRUE;
1415}
1416
1417
1418
1419static BOOL s_bAPModeRxData (
1420 IN PSDevice pDevice,
1421 IN struct sk_buff* skb,
1422 IN UINT FrameSize,
1423 IN UINT cbHeaderOffset,
1424 IN INT iSANodeIndex,
1425 IN INT iDANodeIndex
1426 )
1427
1428{
1429 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1430 BOOL bRelayAndForward = FALSE;
1431 BOOL bRelayOnly = FALSE;
1432 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1433 WORD wAID;
1434
1435
1436 struct sk_buff* skbcpy = NULL;
1437
1438 if (FrameSize > CB_MAX_BUF_SIZE)
1439 return FALSE;
1440
1441 if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) {
1442 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1443
1444 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1445
1446
1447 if (skbcpy == NULL) {
1448 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1449 }
1450 else {
1451 skbcpy->dev = pDevice->dev;
1452 skbcpy->len = FrameSize;
1453 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1454 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1455 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1456
1457 pMgmt->abyPSTxMap[0] |= byMask[0];
1458 }
1459 }
1460 else {
1461 bRelayAndForward = TRUE;
1462 }
1463 }
1464 else {
1465
1466 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1467 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1468 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1469
1470
1471 skb->data += cbHeaderOffset;
1472 skb->tail += cbHeaderOffset;
1473 skb_put(skb, FrameSize);
1474 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1475
1476 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1477 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1478 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1479 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1480 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1481 return TRUE;
1482 }
1483 else {
1484 bRelayOnly = TRUE;
1485 }
1486 }
1487 };
1488 }
1489
1490 if (bRelayOnly || bRelayAndForward) {
1491
1492 if (bRelayAndForward)
1493 iDANodeIndex = 0;
1494
1495 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1496 bRelayPacketSend(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex);
1497 }
1498
1499 if (bRelayOnly)
1500 return FALSE;
1501 }
1502
1503 if (pDevice->uAssocCount == 0)
1504 return FALSE;
1505
1506 return TRUE;
1507}
1508
1509
1510
1511
1512VOID
1513RXvWorkItem(
1514 PVOID Context
1515 )
1516{
1517 PSDevice pDevice = (PSDevice) Context;
1518 NTSTATUS ntStatus;
1519 PRCB pRCB=NULL;
1520
1521 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n");
1522 spin_lock_irq(&pDevice->lock);
1523 while ( MP_TEST_FLAG(pDevice, fMP_POST_READS) &&
1524 MP_IS_READY(pDevice) &&
1525 (pDevice->NumRecvFreeList != 0) ) {
1526 pRCB = pDevice->FirstRecvFreeList;
1527 pDevice->NumRecvFreeList--;
1528 ASSERT(pRCB);
1529 DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList);
1530 ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB);
1531 }
1532 pDevice->bIsRxWorkItemQueued = FALSE;
1533 spin_unlock_irq(&pDevice->lock);
1534
1535}
1536
1537
1538VOID
1539RXvFreeRCB(
1540 IN PRCB pRCB,
1541 IN BOOL bReAllocSkb
1542 )
1543{
1544 PSDevice pDevice = (PSDevice)pRCB->pDevice;
1545
1546
1547 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n");
1548
1549 ASSERT(!pRCB->Ref);
1550 ASSERT(pRCB->pDevice);
1551
1552 if (bReAllocSkb == TRUE) {
1553 pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1554
1555 if (pRCB->skb == NULL) {
1556 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n");
1557 }else {
1558 pRCB->skb->dev = pDevice->dev;
1559 }
1560 }
1561
1562
1563
1564 EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB);
1565 pDevice->NumRecvFreeList++;
1566
1567
1568 if (MP_TEST_FLAG(pDevice, fMP_POST_READS) && MP_IS_READY(pDevice) &&
1569 (pDevice->bIsRxWorkItemQueued == FALSE) ) {
1570
1571 pDevice->bIsRxWorkItemQueued = TRUE;
1572 tasklet_schedule(&pDevice->ReadWorkItem);
1573 }
1574 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1575}
1576
1577
1578VOID
1579RXvMngWorkItem(
1580 PVOID Context
1581 )
1582{
1583 PSDevice pDevice = (PSDevice) Context;
1584 PRCB pRCB=NULL;
1585 PSRxMgmtPacket pRxPacket;
1586 BOOL bReAllocSkb = FALSE;
1587
1588 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n");
1589
1590 spin_lock_irq(&pDevice->lock);
1591 while (pDevice->NumRecvMngList!=0)
1592 {
1593 pRCB = pDevice->FirstRecvMngList;
1594 pDevice->NumRecvMngList--;
1595 DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList);
1596 if(!pRCB){
1597 break;
1598 }
1599 ASSERT(pRCB);
1600 pRxPacket = &(pRCB->sMngPacket);
1601 vMgrRxManagePacket((HANDLE)pDevice, &(pDevice->sMgmtObj), pRxPacket);
1602 pRCB->Ref--;
1603 if(pRCB->Ref == 0) {
1604 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1605 RXvFreeRCB(pRCB, bReAllocSkb);
1606 } else {
1607 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n");
1608 }
1609 }
1610
1611 pDevice->bIsRxMngWorkItemQueued = FALSE;
1612 spin_unlock_irq(&pDevice->lock);
1613
1614}
1615
1616
1617