1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41#include "device.h"
42#include "rxtx.h"
43#include "tether.h"
44#include "card.h"
45#include "bssdb.h"
46#include "mac.h"
47#include "baseband.h"
48#include "michael.h"
49#include "tkip.h"
50#include "tcrc.h"
51#include "wctl.h"
52#include "wroute.h"
53#include "hostap.h"
54#include "rf.h"
55#include "iowpa.h"
56#include "aes_ccmp.h"
57#include "dpc.h"
58
59
60
61
62
63
64static const unsigned char acbyRxRate[MAX_RATE] =
65{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
66
67
68
69
70
71
72
73static unsigned char s_byGetRateIdx(unsigned char byRate);
74
75static void
76s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize,
77 PSEthernetHeader psEthHeader);
78
79static void
80s_vProcessRxMACHeader(struct vnt_private *pDevice, unsigned char *pbyRxBufferAddr,
81 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV,
82 unsigned int *pcbHeadSize);
83
84static bool s_bAPModeRxCtl(
85 struct vnt_private *pDevice,
86 unsigned char *pbyFrame,
87 int iSANodeIndex
88);
89
90static bool s_bAPModeRxData(
91 struct vnt_private *pDevice,
92 struct sk_buff *skb,
93 unsigned int FrameSize,
94 unsigned int cbHeaderOffset,
95 int iSANodeIndex,
96 int iDANodeIndex
97);
98
99static bool s_bHandleRxEncryption(
100 struct vnt_private *pDevice,
101 unsigned char *pbyFrame,
102 unsigned int FrameSize,
103 unsigned char *pbyRsr,
104 unsigned char *pbyNewRsr,
105 PSKeyItem *pKeyOut,
106 bool *pbExtIV,
107 unsigned short *pwRxTSC15_0,
108 unsigned long *pdwRxTSC47_16
109);
110
111static bool s_bHostWepRxEncryption(
112
113 struct vnt_private *pDevice,
114 unsigned char *pbyFrame,
115 unsigned int FrameSize,
116 unsigned char *pbyRsr,
117 bool bOnFly,
118 PSKeyItem pKey,
119 unsigned char *pbyNewRsr,
120 bool *pbExtIV,
121 unsigned short *pwRxTSC15_0,
122 unsigned long *pdwRxTSC47_16
123
124);
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145static void
146s_vProcessRxMACHeader(struct vnt_private *pDevice,
147 unsigned char *pbyRxBufferAddr,
148 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV,
149 unsigned int *pcbHeadSize)
150{
151 unsigned char *pbyRxBuffer;
152 unsigned int cbHeaderSize = 0;
153 unsigned short *pwType;
154 PS802_11Header pMACHeader;
155 int ii;
156
157 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
158
159 s_vGetDASA((unsigned char *)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
160
161 if (bIsWEP) {
162 if (bExtIV) {
163
164 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
165 } else {
166
167 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
168 }
169 } else {
170 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
171 }
172
173 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize);
174 if (ether_addr_equal(pbyRxBuffer, pDevice->abySNAP_Bridgetunnel)) {
175 cbHeaderSize += 6;
176 } else if (ether_addr_equal(pbyRxBuffer, pDevice->abySNAP_RFC1042)) {
177 cbHeaderSize += 6;
178 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize);
179 if ((*pwType != TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
180 } else {
181 cbHeaderSize -= 8;
182 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize);
183 if (bIsWEP) {
184 if (bExtIV)
185 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);
186 else
187 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);
188
189 } else {
190 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
191 }
192 }
193 } else {
194 cbHeaderSize -= 2;
195 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize);
196 if (bIsWEP) {
197 if (bExtIV)
198 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);
199 else
200 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);
201
202 } else {
203 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
204 }
205 }
206
207 cbHeaderSize -= (ETH_ALEN * 2);
208 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize);
209 for (ii = 0; ii < ETH_ALEN; ii++)
210 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
211 for (ii = 0; ii < ETH_ALEN; ii++)
212 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
213
214 *pcbHeadSize = cbHeaderSize;
215}
216
217static unsigned char s_byGetRateIdx(unsigned char byRate)
218{
219 unsigned char byRateIdx;
220
221 for (byRateIdx = 0; byRateIdx < MAX_RATE; byRateIdx++) {
222 if (acbyRxRate[byRateIdx % MAX_RATE] == byRate)
223 return byRateIdx;
224 }
225
226 return 0;
227}
228
229static void
230s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize,
231 PSEthernetHeader psEthHeader)
232{
233 unsigned int cbHeaderSize = 0;
234 PS802_11Header pMACHeader;
235 int ii;
236
237 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
238
239 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
240 if (pMACHeader->wFrameCtl & FC_FROMDS) {
241 for (ii = 0; ii < ETH_ALEN; ii++) {
242 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
243 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
244 }
245 } else {
246
247 for (ii = 0; ii < ETH_ALEN; ii++) {
248 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
249 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
250 }
251 }
252 } else {
253
254 if (pMACHeader->wFrameCtl & FC_FROMDS) {
255 for (ii = 0; ii < ETH_ALEN; ii++) {
256 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
257 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
258 cbHeaderSize += 6;
259 }
260 } else {
261 for (ii = 0; ii < ETH_ALEN; ii++) {
262 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
263 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
264 }
265 }
266 }
267 *pcbHeaderSize = cbHeaderSize;
268}
269
270bool
271device_receive_frame(
272 struct vnt_private *pDevice,
273 PSRxDesc pCurrRD
274)
275{
276 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo;
277 struct net_device_stats *pStats = &pDevice->dev->stats;
278 struct sk_buff *skb;
279 PSMgmtObject pMgmt = pDevice->pMgmt;
280 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket);
281 PS802_11Header p802_11Header;
282 unsigned char *pbyRsr;
283 unsigned char *pbyNewRsr;
284 unsigned char *pbyRSSI;
285 __le64 *pqwTSFTime;
286 unsigned short *pwFrameSize;
287 unsigned char *pbyFrame;
288 bool bDeFragRx = false;
289 bool bIsWEP = false;
290 unsigned int cbHeaderOffset;
291 unsigned int FrameSize;
292 unsigned short wEtherType = 0;
293 int iSANodeIndex = -1;
294 int iDANodeIndex = -1;
295 unsigned int ii;
296 unsigned int cbIVOffset;
297 bool bExtIV = false;
298 unsigned char *pbyRxSts;
299 unsigned char *pbyRxRate;
300 unsigned char *pbySQ;
301 unsigned int cbHeaderSize;
302 PSKeyItem pKey = NULL;
303 unsigned short wRxTSC15_0 = 0;
304 unsigned long dwRxTSC47_16 = 0;
305 SKeyItem STempKey;
306
307 unsigned long dwDuration = 0;
308 long ldBm = 0;
309 long ldBmThreshold = 0;
310 PS802_11Header pMACHeader;
311 bool bRxeapol_key = false;
312
313 skb = pRDInfo->skb;
314
315 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma,
316 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE);
317
318 pwFrameSize = (unsigned short *)(skb->data + 2);
319 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount);
320
321
322
323 if ((FrameSize > 2364) || (FrameSize <= 32)) {
324
325 pr_debug("---------- WRONG Length 1\n");
326 return false;
327 }
328
329 pbyRxSts = (unsigned char *)(skb->data);
330 pbyRxRate = (unsigned char *)(skb->data + 1);
331 pbyRsr = (unsigned char *)(skb->data + FrameSize - 1);
332 pbyRSSI = (unsigned char *)(skb->data + FrameSize - 2);
333 pbyNewRsr = (unsigned char *)(skb->data + FrameSize - 3);
334 pbySQ = (unsigned char *)(skb->data + FrameSize - 4);
335 pqwTSFTime = (__le64 *)(skb->data + FrameSize - 12);
336 pbyFrame = (unsigned char *)(skb->data + 4);
337
338
339 FrameSize = cpu_to_le16(*pwFrameSize);
340
341 if ((FrameSize > 2346)|(FrameSize < 14)) {
342
343 pr_debug("---------- WRONG Length 2\n");
344 return false;
345 }
346
347
348 STAvUpdateRDStatCounter(&pDevice->scStatistic,
349 *pbyRsr,
350 *pbyNewRsr,
351 *pbyRxRate,
352 pbyFrame,
353 FrameSize);
354
355 pMACHeader = (PS802_11Header)((unsigned char *)(skb->data) + 8);
356
357 if (pDevice->bMeasureInProgress) {
358 if ((*pbyRsr & RSR_CRCOK) != 0)
359 pDevice->byBasicMap |= 0x01;
360
361 dwDuration = (FrameSize << 4);
362 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE];
363 if (*pbyRxRate <= RATE_11M) {
364 if (*pbyRxSts & 0x01) {
365
366 dwDuration += 192;
367 } else {
368
369 dwDuration += 96;
370 }
371 } else {
372 dwDuration += 16;
373 }
374 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
375 ldBmThreshold = -57;
376 for (ii = 7; ii > 0;) {
377 if (ldBm > ldBmThreshold)
378 break;
379
380 ldBmThreshold -= 5;
381 ii--;
382 }
383 pDevice->dwRPIs[ii] += dwDuration;
384 return false;
385 }
386
387 if (!is_multicast_ether_addr(pbyFrame)) {
388 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header)(skb->data + 4))) {
389 pDevice->s802_11Counter.FrameDuplicateCount++;
390 return false;
391 }
392 }
393
394
395 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader);
396
397
398 if (ether_addr_equal(pDevice->sRxEthHeader.abySrcAddr,
399 pDevice->abyCurrentNetAddr))
400 return false;
401
402 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
403 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
404 p802_11Header = (PS802_11Header)(pbyFrame);
405
406 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(p802_11Header->abyAddr2), &iSANodeIndex)) {
407 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
408 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
409 }
410 }
411 }
412
413 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
414 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex))
415 return false;
416 }
417
418 if (IS_FC_WEP(pbyFrame)) {
419 bool bRxDecryOK = false;
420
421 pr_debug("rx WEP pkt\n");
422 bIsWEP = true;
423 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
424 pKey = &STempKey;
425 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
426 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
427 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
428 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
429 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
430 memcpy(pKey->abyKey,
431 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
432 pKey->uKeyLength
433);
434
435 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
436 pbyFrame,
437 FrameSize,
438 pbyRsr,
439 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
440 pKey,
441 pbyNewRsr,
442 &bExtIV,
443 &wRxTSC15_0,
444 &dwRxTSC47_16);
445 } else {
446 bRxDecryOK = s_bHandleRxEncryption(pDevice,
447 pbyFrame,
448 FrameSize,
449 pbyRsr,
450 pbyNewRsr,
451 &pKey,
452 &bExtIV,
453 &wRxTSC15_0,
454 &dwRxTSC47_16);
455 }
456
457 if (bRxDecryOK) {
458 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
459 pr_debug("ICV Fail\n");
460 if ((pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
461 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
462 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
463 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
464 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
465 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP))
466 pDevice->s802_11Counter.TKIPICVErrors++;
467 else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
468 pDevice->s802_11Counter.CCMPDecryptErrors++;
469 }
470 return false;
471 }
472 } else {
473 pr_debug("WEP Func Fail\n");
474 return false;
475 }
476 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
477 FrameSize -= 8;
478 else
479 FrameSize -= 4;
480 }
481
482
483
484
485
486 FrameSize -= ETH_FCS_LEN;
487
488 if ((!(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) &&
489 (IS_FRAGMENT_PKT((skb->data+4)))
490) {
491
492 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header)(skb->data+4), FrameSize, bIsWEP, bExtIV);
493 pDevice->s802_11Counter.ReceivedFragmentCount++;
494 if (bDeFragRx) {
495
496 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
497 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
498
499 } else {
500 return false;
501 }
502 }
503
504
505 if ((IS_TYPE_DATA((skb->data+4))) == false) {
506
507
508 if (IS_TYPE_MGMT((skb->data+4))) {
509 unsigned char *pbyData1;
510 unsigned char *pbyData2;
511
512 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4);
513 pRxPacket->cbMPDULen = FrameSize;
514 pRxPacket->uRSSI = *pbyRSSI;
515 pRxPacket->bySQ = *pbySQ;
516 pRxPacket->qwLocalTSF = le64_to_cpu(*pqwTSFTime);
517 if (bIsWEP) {
518
519 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4);
520 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4;
521 for (ii = 0; ii < (FrameSize - 4); ii++) {
522 *pbyData1 = *pbyData2;
523 pbyData1++;
524 pbyData2++;
525 }
526 }
527 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
528 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
529
530 vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket);
531
532
533 if (pDevice->bEnableHostapd) {
534 skb->dev = pDevice->apdev;
535 skb->data += 4;
536 skb->tail += 4;
537 skb_put(skb, FrameSize);
538 skb_reset_mac_header(skb);
539 skb->pkt_type = PACKET_OTHERHOST;
540 skb->protocol = htons(ETH_P_802_2);
541 memset(skb->cb, 0, sizeof(skb->cb));
542 netif_rx(skb);
543 return true;
544 }
545 }
546
547 return false;
548 } else {
549 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
550
551 if (!(*pbyRsr & RSR_BSSIDOK)) {
552 if (bDeFragRx) {
553 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
554 pr_err("%s: can not alloc more frag bufs\n",
555 pDevice->dev->name);
556 }
557 }
558 return false;
559 }
560 } else {
561
562 if (!pDevice->bLinkPass || !(*pbyRsr & RSR_BSSIDOK)) {
563 if (bDeFragRx) {
564 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
565 pr_err("%s: can not alloc more frag bufs\n",
566 pDevice->dev->name);
567 }
568 }
569 return false;
570 }
571
572 {
573 unsigned char Protocol_Version;
574 unsigned char Packet_Type;
575
576 if (bIsWEP)
577 cbIVOffset = 8;
578 else
579 cbIVOffset = 0;
580 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
581 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
582 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1];
583 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1 + 1];
584 if (wEtherType == ETH_P_PAE) {
585 if (((Protocol_Version == 1) || (Protocol_Version == 2)) &&
586 (Packet_Type == 3)) {
587 bRxeapol_key = true;
588 }
589 }
590 }
591
592 }
593 }
594
595
596
597 if (pDevice->bEnablePSMode) {
598 if (!IS_FC_MOREDATA((skb->data+4))) {
599 if (pDevice->pMgmt->bInTIMWake == true)
600 pDevice->pMgmt->bInTIMWake = false;
601 }
602 }
603
604
605 if (pDevice->bDiversityEnable && (FrameSize > 50) &&
606 (pDevice->op_mode == NL80211_IFTYPE_STATION) &&
607 pDevice->bLinkPass) {
608 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
609 }
610
611 if (pDevice->byLocalID != REV_ID_VT3253_B1)
612 pDevice->uCurrRSSI = *pbyRSSI;
613
614 pDevice->byCurrSQ = *pbySQ;
615
616 if ((*pbyRSSI != 0) &&
617 (pMgmt->pCurrBSS != NULL)) {
618 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
619
620 pMgmt->pCurrBSS->byRSSIStatCnt++;
621 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
622 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
623 for (ii = 0; ii < RSSI_STAT_COUNT; ii++)
624 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0)
625 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
626
627 }
628
629
630
631 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && pDevice->bEnable8021x) {
632 unsigned char abyMacHdr[24];
633
634
635 if (bIsWEP)
636 cbIVOffset = 8;
637 else
638 cbIVOffset = 0;
639 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) |
640 skb->data[cbIVOffset + 4 + 24 + 6 + 1];
641
642 pr_debug("wEtherType = %04x\n", wEtherType);
643 if (wEtherType == ETH_P_PAE) {
644 skb->dev = pDevice->apdev;
645
646 if (bIsWEP) {
647
648 memcpy(&abyMacHdr[0], (skb->data + 4), 24);
649 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24);
650 }
651 skb->data += (cbIVOffset + 4);
652 skb->tail += (cbIVOffset + 4);
653 skb_put(skb, FrameSize);
654 skb_reset_mac_header(skb);
655
656 skb->pkt_type = PACKET_OTHERHOST;
657 skb->protocol = htons(ETH_P_802_2);
658 memset(skb->cb, 0, sizeof(skb->cb));
659 netif_rx(skb);
660 return true;
661
662 }
663
664 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
665 return false;
666 }
667
668 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
669 if (bIsWEP)
670 FrameSize -= 8;
671 }
672
673
674
675 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
676 if (bIsWEP) {
677 __le32 *pdwMIC_L;
678 __le32 *pdwMIC_R;
679 __le32 dwMIC_Priority;
680 __le32 dwMICKey0 = 0, dwMICKey1 = 0;
681 u32 dwLocalMIC_L = 0;
682 u32 dwLocalMIC_R = 0;
683 viawget_wpa_header *wpahdr;
684
685 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
686 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[24]));
687 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[28]));
688 } else {
689 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
690 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[16]));
691 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[20]));
692 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
693 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[16]));
694 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[20]));
695 } else {
696 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[24]));
697 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[28]));
698 }
699 }
700
701 MIC_vInit(dwMICKey0, dwMICKey1);
702 MIC_vAppend((unsigned char *)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
703 dwMIC_Priority = 0;
704 MIC_vAppend((unsigned char *)&dwMIC_Priority, 4);
705
706 MIC_vAppend((unsigned char *)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8),
707 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
708 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
709 MIC_vUnInit();
710
711 pdwMIC_L = (__le32 *)(skb->data + 4 + FrameSize);
712 pdwMIC_R = (__le32 *)(skb->data + 4 + FrameSize + 4);
713
714 if ((le32_to_cpu(*pdwMIC_L) != dwLocalMIC_L) ||
715 (le32_to_cpu(*pdwMIC_R) != dwLocalMIC_R) ||
716 pDevice->bRxMICFail) {
717 pr_debug("MIC comparison is fail!\n");
718 pDevice->bRxMICFail = false;
719 pDevice->s802_11Counter.TKIPLocalMICFailures++;
720 if (bDeFragRx) {
721 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
722 pr_err("%s: can not alloc more frag bufs\n",
723 pDevice->dev->name);
724 }
725 }
726
727#ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
728
729 {
730 union iwreq_data wrqu;
731 struct iw_michaelmicfailure ev;
732 int keyidx = pbyFrame[cbHeaderSize+3] >> 6;
733
734 memset(&ev, 0, sizeof(ev));
735 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
736 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
737 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
738 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
739 ev.flags |= IW_MICFAILURE_PAIRWISE;
740 } else {
741 ev.flags |= IW_MICFAILURE_GROUP;
742 }
743
744 ev.src_addr.sa_family = ARPHRD_ETHER;
745 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
746 memset(&wrqu, 0, sizeof(wrqu));
747 wrqu.data.length = sizeof(ev);
748 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
749
750 }
751#endif
752
753 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
754 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
755 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
756 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
757 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
758 wpahdr->type = VIAWGET_PTK_MIC_MSG;
759 } else {
760 wpahdr->type = VIAWGET_GTK_MIC_MSG;
761 }
762 wpahdr->resp_ie_len = 0;
763 wpahdr->req_ie_len = 0;
764 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
765 pDevice->skb->dev = pDevice->wpadev;
766 skb_reset_mac_header(pDevice->skb);
767 pDevice->skb->pkt_type = PACKET_HOST;
768 pDevice->skb->protocol = htons(ETH_P_802_2);
769 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
770 netif_rx(pDevice->skb);
771 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
772 }
773
774 return false;
775
776 }
777 }
778 }
779
780
781
782 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
783 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
784 if (bIsWEP) {
785 unsigned short wLocalTSC15_0 = 0;
786 unsigned long dwLocalTSC47_16 = 0;
787 unsigned long long RSC = 0;
788
789 RSC = *((unsigned long long *)&(pKey->KeyRSC));
790 wLocalTSC15_0 = (unsigned short)RSC;
791 dwLocalTSC47_16 = (unsigned long)(RSC>>16);
792
793 RSC = dwRxTSC47_16;
794 RSC <<= 16;
795 RSC += wRxTSC15_0;
796 pKey->KeyRSC = RSC;
797
798 if ((pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
799 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
800
801 if ((wRxTSC15_0 < wLocalTSC15_0) &&
802 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
803 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
804 pr_debug("TSC is illegal~~!\n ");
805 if (pKey->byCipherSuite == KEY_CTL_TKIP)
806 pDevice->s802_11Counter.TKIPReplays++;
807 else
808 pDevice->s802_11Counter.CCMPReplays++;
809
810 if (bDeFragRx) {
811 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
812 pr_err("%s: can not alloc more frag bufs\n",
813 pDevice->dev->name);
814 }
815 }
816 return false;
817 }
818 }
819 }
820 }
821
822 s_vProcessRxMACHeader(pDevice, (unsigned char *)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
823 FrameSize -= cbHeaderOffset;
824 cbHeaderOffset += 4;
825
826
827 if (FrameSize < 15)
828 return false;
829
830 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
831 if (!s_bAPModeRxData(pDevice,
832 skb,
833 FrameSize,
834 cbHeaderOffset,
835 iSANodeIndex,
836 iDANodeIndex
837)) {
838 if (bDeFragRx) {
839 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
840 pr_err("%s: can not alloc more frag bufs\n",
841 pDevice->dev->name);
842 }
843 }
844 return false;
845 }
846 }
847
848 skb->data += cbHeaderOffset;
849 skb->tail += cbHeaderOffset;
850 skb_put(skb, FrameSize);
851 skb->protocol = eth_type_trans(skb, skb->dev);
852
853
854
855 skb->ip_summed = CHECKSUM_NONE;
856 pStats->rx_bytes += skb->len;
857 pStats->rx_packets++;
858 netif_rx(skb);
859
860 if (bDeFragRx) {
861 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
862 pr_err("%s: can not alloc more frag bufs\n",
863 pDevice->dev->name);
864 }
865 return false;
866 }
867
868 return true;
869}
870
871static bool s_bAPModeRxCtl(
872 struct vnt_private *pDevice,
873 unsigned char *pbyFrame,
874 int iSANodeIndex
875)
876{
877 PS802_11Header p802_11Header;
878 CMD_STATUS Status;
879 PSMgmtObject pMgmt = pDevice->pMgmt;
880
881 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
882 p802_11Header = (PS802_11Header)(pbyFrame);
883 if (!IS_TYPE_MGMT(pbyFrame)) {
884
885
886 if (iSANodeIndex > 0) {
887
888 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
889
890
891 vMgrDeAuthenBeginSta(pDevice,
892 pMgmt,
893 (unsigned char *)(p802_11Header->abyAddr2),
894 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
895 &Status
896);
897 pr_debug("dpc: send vMgrDeAuthenBeginSta 1\n");
898 return true;
899 }
900 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
901
902
903 vMgrDisassocBeginSta(pDevice,
904 pMgmt,
905 (unsigned char *)(p802_11Header->abyAddr2),
906 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
907 &Status
908);
909 pr_debug("dpc: send vMgrDisassocBeginSta 2\n");
910 return true;
911 }
912
913 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
914
915 if (IS_CTL_PSPOLL(pbyFrame)) {
916 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
917 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
918 pr_debug("dpc: WLAN_CMD_RX_PSPOLL 1\n");
919 } else {
920
921
922 if (!IS_FC_POWERMGT(pbyFrame)) {
923 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false;
924 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
925 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
926 pr_debug("dpc: WLAN_CMD_RX_PSPOLL 2\n");
927 }
928 }
929 } else {
930 if (IS_FC_POWERMGT(pbyFrame)) {
931 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = true;
932
933 pMgmt->sNodeDBTable[0].bPSEnable = true;
934 } else {
935
936 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
937 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false;
938 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
939 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
940 pr_debug("dpc: WLAN_CMD_RX_PSPOLL 3\n");
941
942 }
943 }
944 }
945 } else {
946 vMgrDeAuthenBeginSta(pDevice,
947 pMgmt,
948 (unsigned char *)(p802_11Header->abyAddr2),
949 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
950 &Status
951);
952 pr_debug("dpc: send vMgrDeAuthenBeginSta 3\n");
953 pr_debug("BSSID:%pM\n",
954 p802_11Header->abyAddr3);
955 pr_debug("ADDR2:%pM\n",
956 p802_11Header->abyAddr2);
957 pr_debug("ADDR1:%pM\n",
958 p802_11Header->abyAddr1);
959 pr_debug("dpc: wFrameCtl= %x\n",
960 p802_11Header->wFrameCtl);
961 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode));
962 pr_debug("dpc:pDevice->byRxMode = %x\n",
963 pDevice->byRxMode);
964 return true;
965 }
966 }
967 }
968 return false;
969}
970
971static bool s_bHandleRxEncryption(
972 struct vnt_private *pDevice,
973 unsigned char *pbyFrame,
974 unsigned int FrameSize,
975 unsigned char *pbyRsr,
976 unsigned char *pbyNewRsr,
977 PSKeyItem *pKeyOut,
978 bool *pbExtIV,
979 unsigned short *pwRxTSC15_0,
980 unsigned long *pdwRxTSC47_16
981)
982{
983 unsigned int PayloadLen = FrameSize;
984 unsigned char *pbyIV;
985 unsigned char byKeyIdx;
986 PSKeyItem pKey = NULL;
987 unsigned char byDecMode = KEY_CTL_WEP;
988 PSMgmtObject pMgmt = pDevice->pMgmt;
989
990 *pwRxTSC15_0 = 0;
991 *pdwRxTSC47_16 = 0;
992
993 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
994 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) &&
995 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) {
996 pbyIV += 6;
997 PayloadLen -= 6;
998 }
999 byKeyIdx = (*(pbyIV+3) & 0xc0);
1000 byKeyIdx >>= 6;
1001 pr_debug("\nKeyIdx: %d\n", byKeyIdx);
1002
1003 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1004 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1005 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1006 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1007 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1008 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1009 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) {
1010
1011 pr_debug("unicast pkt\n");
1012 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == true) {
1013 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP)
1014 byDecMode = KEY_CTL_TKIP;
1015 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP)
1016 byDecMode = KEY_CTL_CCMP;
1017 }
1018 pr_debug("unicast pkt: %d, %p\n", byDecMode, pKey);
1019 } else {
1020
1021 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1022 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1023 byDecMode = KEY_CTL_TKIP;
1024 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1025 byDecMode = KEY_CTL_CCMP;
1026 pr_debug("group pkt: %d, %d, %p\n",
1027 byKeyIdx, byDecMode, pKey);
1028 }
1029 }
1030
1031 if (pKey == NULL) {
1032
1033 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1034 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1035 byDecMode = KEY_CTL_TKIP;
1036 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1037 byDecMode = KEY_CTL_CCMP;
1038 }
1039 *pKeyOut = pKey;
1040
1041 pr_debug("AES:%d %d %d\n",
1042 pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1043
1044 if (pKey == NULL) {
1045 pr_debug("pKey == NULL\n");
1046
1047 return false;
1048 }
1049 if (byDecMode != pKey->byCipherSuite) {
1050
1051 *pKeyOut = NULL;
1052 return false;
1053 }
1054 if (byDecMode == KEY_CTL_WEP) {
1055
1056 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1057 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true)) {
1058
1059
1060
1061
1062 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4);
1063 memcpy(pDevice->abyPRNG, pbyIV, 3);
1064 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1065 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1066 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1067
1068 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen))
1069 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1070
1071 }
1072 } else if ((byDecMode == KEY_CTL_TKIP) ||
1073 (byDecMode == KEY_CTL_CCMP)) {
1074
1075
1076 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4);
1077 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4));
1078 pr_debug("ExtIV: %lx\n", *pdwRxTSC47_16);
1079 if (byDecMode == KEY_CTL_TKIP)
1080 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV + 2), *pbyIV));
1081 else
1082 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV);
1083
1084 pr_debug("TSC0_15: %x\n", *pwRxTSC15_0);
1085
1086 if ((byDecMode == KEY_CTL_TKIP) &&
1087 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1088
1089
1090 PS802_11Header pMACHeader = (PS802_11Header)(pbyFrame);
1091
1092 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1093 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1094 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1095 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1096 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1097 pr_debug("ICV OK!\n");
1098 } else {
1099 pr_debug("ICV FAIL!!!\n");
1100 pr_debug("PayloadLen = %d\n", PayloadLen);
1101 }
1102 }
1103 }
1104
1105 if ((*(pbyIV+3) & 0x20) != 0)
1106 *pbExtIV = true;
1107 return true;
1108}
1109
1110static bool s_bHostWepRxEncryption(
1111 struct vnt_private *pDevice,
1112 unsigned char *pbyFrame,
1113 unsigned int FrameSize,
1114 unsigned char *pbyRsr,
1115 bool bOnFly,
1116 PSKeyItem pKey,
1117 unsigned char *pbyNewRsr,
1118 bool *pbExtIV,
1119 unsigned short *pwRxTSC15_0,
1120 unsigned long *pdwRxTSC47_16
1121)
1122{
1123 unsigned int PayloadLen = FrameSize;
1124 unsigned char *pbyIV;
1125 unsigned char byKeyIdx;
1126 unsigned char byDecMode = KEY_CTL_WEP;
1127 PS802_11Header pMACHeader;
1128
1129 *pwRxTSC15_0 = 0;
1130 *pdwRxTSC47_16 = 0;
1131
1132 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1133 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) &&
1134 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) {
1135 pbyIV += 6;
1136 PayloadLen -= 6;
1137 }
1138 byKeyIdx = (*(pbyIV+3) & 0xc0);
1139 byKeyIdx >>= 6;
1140 pr_debug("\nKeyIdx: %d\n", byKeyIdx);
1141
1142 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1143 byDecMode = KEY_CTL_TKIP;
1144 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1145 byDecMode = KEY_CTL_CCMP;
1146
1147 pr_debug("AES:%d %d %d\n",
1148 pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1149
1150 if (byDecMode != pKey->byCipherSuite)
1151 return false;
1152
1153 if (byDecMode == KEY_CTL_WEP) {
1154
1155 pr_debug("byDecMode == KEY_CTL_WEP\n");
1156
1157 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1158 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true) ||
1159 !bOnFly) {
1160
1161
1162
1163
1164
1165 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4);
1166 memcpy(pDevice->abyPRNG, pbyIV, 3);
1167 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1168 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1169 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1170
1171 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen))
1172 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1173
1174 }
1175 } else if ((byDecMode == KEY_CTL_TKIP) ||
1176 (byDecMode == KEY_CTL_CCMP)) {
1177
1178
1179 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4);
1180 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4));
1181 pr_debug("ExtIV: %lx\n", *pdwRxTSC47_16);
1182
1183 if (byDecMode == KEY_CTL_TKIP)
1184 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1185 else
1186 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV);
1187
1188 pr_debug("TSC0_15: %x\n", *pwRxTSC15_0);
1189
1190 if (byDecMode == KEY_CTL_TKIP) {
1191 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || !bOnFly) {
1192
1193
1194
1195 pr_debug("soft KEY_CTL_TKIP\n");
1196 pMACHeader = (PS802_11Header)(pbyFrame);
1197 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1198 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1199 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1200 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1201 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1202 pr_debug("ICV OK!\n");
1203 } else {
1204 pr_debug("ICV FAIL!!!\n");
1205 pr_debug("PayloadLen = %d\n",
1206 PayloadLen);
1207 }
1208 }
1209 }
1210
1211 if (byDecMode == KEY_CTL_CCMP) {
1212 if (!bOnFly) {
1213
1214
1215 pr_debug("soft KEY_CTL_CCMP\n");
1216 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1217 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1218 pr_debug("CCMP MIC compare OK!\n");
1219 } else {
1220 pr_debug("CCMP MIC fail!\n");
1221 }
1222 }
1223 }
1224
1225 }
1226
1227 if ((*(pbyIV+3) & 0x20) != 0)
1228 *pbExtIV = true;
1229 return true;
1230}
1231
1232static bool s_bAPModeRxData(
1233 struct vnt_private *pDevice,
1234 struct sk_buff *skb,
1235 unsigned int FrameSize,
1236 unsigned int cbHeaderOffset,
1237 int iSANodeIndex,
1238 int iDANodeIndex
1239)
1240{
1241 PSMgmtObject pMgmt = pDevice->pMgmt;
1242 bool bRelayAndForward = false;
1243 bool bRelayOnly = false;
1244 unsigned char byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1245 unsigned short wAID;
1246
1247 struct sk_buff *skbcpy = NULL;
1248
1249 if (FrameSize > CB_MAX_BUF_SIZE)
1250 return false;
1251
1252 if (is_multicast_ether_addr((unsigned char *)(skb->data+cbHeaderOffset))) {
1253 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1254 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1255
1256
1257 if (skbcpy == NULL) {
1258 pr_info("relay multicast no skb available\n");
1259 } else {
1260 skbcpy->dev = pDevice->dev;
1261 skbcpy->len = FrameSize;
1262 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1263 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1264
1265 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1266
1267 pMgmt->abyPSTxMap[0] |= byMask[0];
1268 }
1269 } else {
1270 bRelayAndForward = true;
1271 }
1272 } else {
1273
1274 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1275 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1276 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1277
1278
1279 skb->data += cbHeaderOffset;
1280 skb->tail += cbHeaderOffset;
1281 skb_put(skb, FrameSize);
1282 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1283 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1284 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1285 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1286 pr_debug("relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1287 iDANodeIndex, (wAID >> 3),
1288 pMgmt->abyPSTxMap[wAID >> 3]);
1289 return true;
1290 } else {
1291 bRelayOnly = true;
1292 }
1293 }
1294 }
1295 }
1296
1297 if (bRelayOnly || bRelayAndForward) {
1298
1299 if (bRelayAndForward)
1300 iDANodeIndex = 0;
1301
1302 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0))
1303 ROUTEbRelay(pDevice, (unsigned char *)(skb->data + cbHeaderOffset), FrameSize, (unsigned int)iDANodeIndex);
1304
1305 if (bRelayOnly)
1306 return false;
1307 }
1308
1309 if (pDevice->uAssocCount == 0)
1310 return false;
1311
1312 return true;
1313}
1314
