linux/drivers/staging/vt6656/dpc.c
<<
>>
Prefs
   1/*
   2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
   3 * All rights reserved.
   4 *
   5 * This program is free software; you can redistribute it and/or modify
   6 * it under the terms of the GNU General Public License as published by
   7 * the Free Software Foundation; either version 2 of the License, or
   8 * (at your option) any later version.
   9 *
  10 * This program is distributed in the hope that it will be useful,
  11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 * GNU General Public License for more details.
  14 *
  15 * You should have received a copy of the GNU General Public License along
  16 * with this program; if not, write to the Free Software Foundation, Inc.,
  17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  18 *
  19 * File: dpc.c
  20 *
  21 * Purpose: handle dpc rx functions
  22 *
  23 * Author: Lyndon Chen
  24 *
  25 * Date: May 20, 2003
  26 *
  27 * Functions:
  28 *      device_receive_frame - Rcv 802.11 frame function
  29 *      s_bAPModeRxCtl- AP Rcv frame filer Ctl.
  30 *      s_bAPModeRxData- AP Rcv data frame handle
  31 *      s_bHandleRxEncryption- Rcv decrypted data via on-fly
  32 *      s_bHostWepRxEncryption- Rcv encrypted data via host
  33 *      s_byGetRateIdx- get rate index
  34 *      s_vGetDASA- get data offset
  35 *      s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
  36 *
  37 * Revision History:
  38 *
  39 */
  40
  41#include "device.h"
  42#include "rxtx.h"
  43#include "tether.h"
  44#include "card.h"
  45#include "bssdb.h"
  46#include "mac.h"
  47#include "baseband.h"
  48#include "michael.h"
  49#include "tkip.h"
  50#include "tcrc.h"
  51#include "wctl.h"
  52#include "hostap.h"
  53#include "rf.h"
  54#include "iowpa.h"
  55#include "aes_ccmp.h"
  56#include "datarate.h"
  57#include "usbpipe.h"
  58
  59/*---------------------  Static Definitions -------------------------*/
  60
  61/*---------------------  Static Classes  ----------------------------*/
  62
  63/*---------------------  Static Variables  --------------------------*/
  64//static int          msglevel                =MSG_LEVEL_DEBUG;
  65static int          msglevel                =MSG_LEVEL_INFO;
  66
  67const BYTE acbyRxRate[MAX_RATE] =
  68{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
  69
  70
  71/*---------------------  Static Functions  --------------------------*/
  72
  73/*---------------------  Static Definitions -------------------------*/
  74
  75/*---------------------  Static Functions  --------------------------*/
  76
  77static BYTE s_byGetRateIdx(BYTE byRate);
  78
  79static
  80void
  81s_vGetDASA(
  82      PBYTE pbyRxBufferAddr,
  83     unsigned int *pcbHeaderSize,
  84     PSEthernetHeader psEthHeader
  85    );
  86
  87static
  88void
  89s_vProcessRxMACHeader (
  90      PSDevice pDevice,
  91      PBYTE pbyRxBufferAddr,
  92      unsigned int cbPacketSize,
  93      BOOL bIsWEP,
  94      BOOL bExtIV,
  95     unsigned int *pcbHeadSize
  96    );
  97
  98static BOOL s_bAPModeRxCtl(
  99     PSDevice pDevice,
 100     PBYTE    pbyFrame,
 101     signed int      iSANodeIndex
 102    );
 103
 104
 105
 106static BOOL s_bAPModeRxData (
 107     PSDevice pDevice,
 108     struct sk_buff *skb,
 109     unsigned int     FrameSize,
 110     unsigned int     cbHeaderOffset,
 111     signed int      iSANodeIndex,
 112     signed int      iDANodeIndex
 113    );
 114
 115
 116static BOOL s_bHandleRxEncryption(
 117     PSDevice     pDevice,
 118     PBYTE        pbyFrame,
 119     unsigned int         FrameSize,
 120     PBYTE        pbyRsr,
 121     PBYTE       pbyNewRsr,
 122     PSKeyItem   * pKeyOut,
 123    int *       pbExtIV,
 124     PWORD       pwRxTSC15_0,
 125     PDWORD      pdwRxTSC47_16
 126    );
 127
 128static BOOL s_bHostWepRxEncryption(
 129
 130     PSDevice     pDevice,
 131     PBYTE        pbyFrame,
 132     unsigned int         FrameSize,
 133     PBYTE        pbyRsr,
 134     BOOL         bOnFly,
 135     PSKeyItem    pKey,
 136     PBYTE       pbyNewRsr,
 137    int *       pbExtIV,
 138     PWORD       pwRxTSC15_0,
 139     PDWORD      pdwRxTSC47_16
 140
 141    );
 142
 143/*---------------------  Export Variables  --------------------------*/
 144
 145/*+
 146 *
 147 * Description:
 148 *    Translate Rcv 802.11 header to 802.3 header with Rx buffer
 149 *
 150 * Parameters:
 151 *  In:
 152 *      pDevice
 153 *      dwRxBufferAddr  - Address of Rcv Buffer
 154 *      cbPacketSize    - Rcv Packet size
 155 *      bIsWEP          - If Rcv with WEP
 156 *  Out:
 157 *      pcbHeaderSize   - 802.11 header size
 158 *
 159 * Return Value: None
 160 *
 161-*/
 162static
 163void
 164s_vProcessRxMACHeader (
 165      PSDevice pDevice,
 166      PBYTE pbyRxBufferAddr,
 167      unsigned int cbPacketSize,
 168      BOOL bIsWEP,
 169      BOOL bExtIV,
 170     unsigned int *pcbHeadSize
 171    )
 172{
 173    PBYTE           pbyRxBuffer;
 174    unsigned int            cbHeaderSize = 0;
 175    PWORD           pwType;
 176    PS802_11Header  pMACHeader;
 177    int             ii;
 178
 179
 180    pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
 181
 182    s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
 183
 184    if (bIsWEP) {
 185        if (bExtIV) {
 186            // strip IV&ExtIV , add 8 byte
 187            cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
 188        } else {
 189            // strip IV , add 4 byte
 190            cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
 191        }
 192    }
 193    else {
 194        cbHeaderSize += WLAN_HDR_ADDR3_LEN;
 195    };
 196
 197    pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
 198    if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
 199        cbHeaderSize += 6;
 200    } else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
 201        cbHeaderSize += 6;
 202        pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
 203        if ((*pwType == cpu_to_le16(ETH_P_IPX)) ||
 204            (*pwType == cpu_to_le16(0xF380))) {
 205                cbHeaderSize -= 8;
 206            pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
 207            if (bIsWEP) {
 208                if (bExtIV) {
 209                    *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);    // 8 is IV&ExtIV
 210                } else {
 211                    *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);    // 4 is IV
 212                }
 213            }
 214            else {
 215                *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
 216            }
 217        }
 218    }
 219    else {
 220        cbHeaderSize -= 2;
 221        pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
 222        if (bIsWEP) {
 223            if (bExtIV) {
 224                *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);    // 8 is IV&ExtIV
 225            } else {
 226                *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);    // 4 is IV
 227            }
 228        }
 229        else {
 230            *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
 231        }
 232    }
 233
 234    cbHeaderSize -= (ETH_ALEN * 2);
 235    pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
 236    for (ii = 0; ii < ETH_ALEN; ii++)
 237        *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
 238    for (ii = 0; ii < ETH_ALEN; ii++)
 239        *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
 240
 241    *pcbHeadSize = cbHeaderSize;
 242}
 243
 244
 245
 246
 247static BYTE s_byGetRateIdx(BYTE byRate)
 248{
 249    BYTE    byRateIdx;
 250
 251    for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
 252        if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
 253            return byRateIdx;
 254    }
 255    return 0;
 256}
 257
 258
 259static
 260void
 261s_vGetDASA (
 262      PBYTE pbyRxBufferAddr,
 263     unsigned int *pcbHeaderSize,
 264     PSEthernetHeader psEthHeader
 265    )
 266{
 267        unsigned int            cbHeaderSize = 0;
 268        PS802_11Header  pMACHeader;
 269        int             ii;
 270
 271        pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
 272
 273        if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
 274                if (pMACHeader->wFrameCtl & FC_FROMDS) {
 275                        for (ii = 0; ii < ETH_ALEN; ii++) {
 276                                psEthHeader->abyDstAddr[ii] =
 277                                        pMACHeader->abyAddr1[ii];
 278                                psEthHeader->abySrcAddr[ii] =
 279                                        pMACHeader->abyAddr3[ii];
 280                        }
 281                } else {
 282                        /* IBSS mode */
 283                        for (ii = 0; ii < ETH_ALEN; ii++) {
 284                                psEthHeader->abyDstAddr[ii] =
 285                                        pMACHeader->abyAddr1[ii];
 286                                psEthHeader->abySrcAddr[ii] =
 287                                        pMACHeader->abyAddr2[ii];
 288                        }
 289                }
 290        } else {
 291                /* Is AP mode.. */
 292                if (pMACHeader->wFrameCtl & FC_FROMDS) {
 293                        for (ii = 0; ii < ETH_ALEN; ii++) {
 294                                psEthHeader->abyDstAddr[ii] =
 295                                        pMACHeader->abyAddr3[ii];
 296                                psEthHeader->abySrcAddr[ii] =
 297                                        pMACHeader->abyAddr4[ii];
 298                                cbHeaderSize += 6;
 299                        }
 300                } else {
 301                        for (ii = 0; ii < ETH_ALEN; ii++) {
 302                                psEthHeader->abyDstAddr[ii] =
 303                                        pMACHeader->abyAddr3[ii];
 304                                psEthHeader->abySrcAddr[ii] =
 305                                        pMACHeader->abyAddr2[ii];
 306                        }
 307                }
 308        };
 309    *pcbHeaderSize = cbHeaderSize;
 310}
 311
 312
 313
 314
 315BOOL
 316RXbBulkInProcessData (
 317     PSDevice         pDevice,
 318     PRCB             pRCB,
 319     unsigned long            BytesToIndicate
 320    )
 321{
 322
 323    struct net_device_stats* pStats=&pDevice->stats;
 324    struct sk_buff* skb;
 325    PSMgmtObject    pMgmt = &(pDevice->sMgmtObj);
 326    PSRxMgmtPacket  pRxPacket = &(pMgmt->sRxPacket);
 327    PS802_11Header  p802_11Header;
 328    PBYTE           pbyRsr;
 329    PBYTE           pbyNewRsr;
 330    PBYTE           pbyRSSI;
 331    PQWORD          pqwTSFTime;
 332    PBYTE           pbyFrame;
 333    BOOL            bDeFragRx = FALSE;
 334    unsigned int            cbHeaderOffset;
 335    unsigned int            FrameSize;
 336    WORD            wEtherType = 0;
 337    signed int             iSANodeIndex = -1;
 338    signed int             iDANodeIndex = -1;
 339    unsigned int            ii;
 340    unsigned int            cbIVOffset;
 341    PBYTE           pbyRxSts;
 342    PBYTE           pbyRxRate;
 343    PBYTE           pbySQ;
 344    PBYTE           pby3SQ;
 345    unsigned int            cbHeaderSize;
 346    PSKeyItem       pKey = NULL;
 347    WORD            wRxTSC15_0 = 0;
 348    DWORD           dwRxTSC47_16 = 0;
 349    SKeyItem        STempKey;
 350    // 802.11h RPI
 351    /* signed long ldBm = 0; */
 352    BOOL            bIsWEP = FALSE;
 353    BOOL            bExtIV = FALSE;
 354    DWORD           dwWbkStatus;
 355    PRCB            pRCBIndicate = pRCB;
 356    PBYTE           pbyDAddress;
 357    PWORD           pwPLCP_Length;
 358    BYTE            abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108};
 359    WORD            wPLCPwithPadding;
 360    PS802_11Header  pMACHeader;
 361    BOOL            bRxeapol_key = FALSE;
 362
 363
 364
 365    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n");
 366
 367    skb = pRCB->skb;
 368
 369    //[31:16]RcvByteCount ( not include 4-byte Status )
 370    dwWbkStatus =  *( (PDWORD)(skb->data) );
 371    FrameSize = (unsigned int)(dwWbkStatus >> 16);
 372    FrameSize += 4;
 373
 374    if (BytesToIndicate != FrameSize) {
 375        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
 376        return FALSE;
 377    }
 378
 379    if ((BytesToIndicate > 2372) || (BytesToIndicate <= 40)) {
 380        // Frame Size error drop this packet.
 381        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2\n");
 382        return FALSE;
 383    }
 384
 385    pbyDAddress = (PBYTE)(skb->data);
 386    pbyRxSts = pbyDAddress+4;
 387    pbyRxRate = pbyDAddress+5;
 388
 389    //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding
 390    //if SQ3 the range is 24~27, if no SQ3 the range is 20~23
 391    //real Frame size in PLCPLength field.
 392    pwPLCP_Length = (PWORD) (pbyDAddress + 6);
 393    //Fix hardware bug => PLCP_Length error
 394    if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) ||
 395         ((BytesToIndicate - (*pwPLCP_Length)) < 24) ||
 396         (BytesToIndicate < (*pwPLCP_Length)) ) {
 397
 398        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length);
 399        ASSERT(0);
 400        return FALSE;
 401    }
 402    for ( ii=RATE_1M;ii<MAX_RATE;ii++) {
 403        if ( *pbyRxRate == abyVaildRate[ii] ) {
 404            break;
 405        }
 406    }
 407    if ( ii==MAX_RATE ) {
 408        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate);
 409        return FALSE;
 410    }
 411
 412    wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4;
 413
 414    pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding);
 415  if(pDevice->byBBType == BB_TYPE_11G)  {
 416      pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12;
 417      pbySQ = pby3SQ;
 418    }
 419  else {
 420   pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
 421   pby3SQ = pbySQ;
 422  }
 423    pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9;
 424    pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10;
 425    pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11;
 426
 427    FrameSize = *pwPLCP_Length;
 428
 429    pbyFrame = pbyDAddress + 8;
 430    // update receive statistic counter
 431
 432    STAvUpdateRDStatCounter(&pDevice->scStatistic,
 433                            *pbyRsr,
 434                            *pbyNewRsr,
 435                            *pbyRxSts,
 436                            *pbyRxRate,
 437                            pbyFrame,
 438                            FrameSize
 439                            );
 440
 441
 442    pMACHeader = (PS802_11Header) pbyFrame;
 443
 444//mike add: to judge if current AP is activated?
 445    if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) ||
 446        (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) {
 447       if (pMgmt->sNodeDBTable[0].bActive) {
 448         if (!compare_ether_addr(pMgmt->abyCurrBSSID, pMACHeader->abyAddr2)) {
 449            if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
 450                  pMgmt->sNodeDBTable[0].uInActiveCount = 0;
 451           }
 452       }
 453    }
 454
 455    if (!is_multicast_ether_addr(pMACHeader->abyAddr1) && !is_broadcast_ether_addr(pMACHeader->abyAddr1)) {
 456        if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) {
 457            pDevice->s802_11Counter.FrameDuplicateCount++;
 458            return FALSE;
 459        }
 460
 461        if (compare_ether_addr(pDevice->abyCurrentNetAddr,
 462                               pMACHeader->abyAddr1)) {
 463                return FALSE;
 464        }
 465    }
 466
 467
 468    // Use for TKIP MIC
 469    s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader);
 470
 471    if (!compare_ether_addr((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]),
 472                            pDevice->abyCurrentNetAddr))
 473        return FALSE;
 474
 475    if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
 476        if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
 477            p802_11Header = (PS802_11Header) (pbyFrame);
 478            // get SA NodeIndex
 479            if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
 480                pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
 481                pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
 482            }
 483        }
 484    }
 485
 486    if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 487        if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
 488            return FALSE;
 489        }
 490    }
 491
 492
 493    if (IS_FC_WEP(pbyFrame)) {
 494        BOOL     bRxDecryOK = FALSE;
 495
 496        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
 497        bIsWEP = TRUE;
 498        if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
 499            pKey = &STempKey;
 500            pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
 501            pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
 502            pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
 503            pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
 504            pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
 505            memcpy(pKey->abyKey,
 506                &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
 507                pKey->uKeyLength
 508                );
 509
 510            bRxDecryOK = s_bHostWepRxEncryption(pDevice,
 511                                                pbyFrame,
 512                                                FrameSize,
 513                                                pbyRsr,
 514                                                pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
 515                                                pKey,
 516                                                pbyNewRsr,
 517                                                &bExtIV,
 518                                                &wRxTSC15_0,
 519                                                &dwRxTSC47_16);
 520        } else {
 521            bRxDecryOK = s_bHandleRxEncryption(pDevice,
 522                                                pbyFrame,
 523                                                FrameSize,
 524                                                pbyRsr,
 525                                                pbyNewRsr,
 526                                                &pKey,
 527                                                &bExtIV,
 528                                                &wRxTSC15_0,
 529                                                &dwRxTSC47_16);
 530        }
 531
 532        if (bRxDecryOK) {
 533            if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
 534                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
 535                if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
 536                    (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
 537                    (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
 538                    (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
 539                    (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
 540
 541                    if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
 542                        pDevice->s802_11Counter.TKIPICVErrors++;
 543                    } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
 544                        pDevice->s802_11Counter.CCMPDecryptErrors++;
 545                    } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
 546//                      pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
 547                    }
 548                }
 549                return FALSE;
 550            }
 551        } else {
 552            DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
 553            return FALSE;
 554        }
 555        if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
 556            FrameSize -= 8;         // Message Integrity Code
 557        else
 558            FrameSize -= 4;         // 4 is ICV
 559    }
 560
 561
 562    //
 563    // RX OK
 564    //
 565    /* remove the FCS/CRC length */
 566    FrameSize -= ETH_FCS_LEN;
 567
 568    if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) && // unicast address
 569        (IS_FRAGMENT_PKT((pbyFrame)))
 570        ) {
 571        // defragment
 572        bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV);
 573        pDevice->s802_11Counter.ReceivedFragmentCount++;
 574        if (bDeFragRx) {
 575            // defrag complete
 576            // TODO skb, pbyFrame
 577            skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
 578            FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
 579            pbyFrame = skb->data + 8;
 580        }
 581        else {
 582            return FALSE;
 583        }
 584    }
 585
 586    //
 587    // Management & Control frame Handle
 588    //
 589    if ((IS_TYPE_DATA((pbyFrame))) == FALSE) {
 590        // Handle Control & Manage Frame
 591
 592        if (IS_TYPE_MGMT((pbyFrame))) {
 593            PBYTE pbyData1;
 594            PBYTE pbyData2;
 595
 596            pRxPacket = &(pRCB->sMngPacket);
 597            pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame);
 598            pRxPacket->cbMPDULen = FrameSize;
 599            pRxPacket->uRSSI = *pbyRSSI;
 600            pRxPacket->bySQ = *pbySQ;
 601            HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
 602            LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
 603            if (bIsWEP) {
 604                // strip IV
 605                pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame);
 606                pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4;
 607                for (ii = 0; ii < (FrameSize - 4); ii++) {
 608                    *pbyData1 = *pbyData2;
 609                     pbyData1++;
 610                     pbyData2++;
 611                }
 612            }
 613
 614            pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
 615
 616            if ( *pbyRxSts == 0 ) {
 617                //Discard beacon packet which channel is 0
 618                if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) ||
 619                     (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) {
 620                    return TRUE;
 621                }
 622            }
 623            pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
 624
 625            // hostap Deamon handle 802.11 management
 626            if (pDevice->bEnableHostapd) {
 627                    skb->dev = pDevice->apdev;
 628                    //skb->data += 4;
 629                    //skb->tail += 4;
 630                    skb->data += 8;
 631                    skb->tail += 8;
 632                skb_put(skb, FrameSize);
 633                skb_reset_mac_header(skb);
 634                    skb->pkt_type = PACKET_OTHERHOST;
 635                skb->protocol = htons(ETH_P_802_2);
 636                    memset(skb->cb, 0, sizeof(skb->cb));
 637                    netif_rx(skb);
 638                return TRUE;
 639                }
 640
 641            //
 642            // Insert the RCB in the Recv Mng list
 643            //
 644            EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate);
 645            pDevice->NumRecvMngList++;
 646            if ( bDeFragRx == FALSE) {
 647                pRCB->Ref++;
 648            }
 649            if (pDevice->bIsRxMngWorkItemQueued == FALSE) {
 650                pDevice->bIsRxMngWorkItemQueued = TRUE;
 651                tasklet_schedule(&pDevice->RxMngWorkItem);
 652            }
 653
 654        }
 655        else {
 656            // Control Frame
 657        };
 658        return FALSE;
 659    }
 660    else {
 661        if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 662            //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
 663            if ( !(*pbyRsr & RSR_BSSIDOK)) {
 664                if (bDeFragRx) {
 665                    if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 666                        DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
 667                        pDevice->dev->name);
 668                    }
 669                }
 670                return FALSE;
 671            }
 672        }
 673        else {
 674            // discard DATA packet while not associate || BSSID error
 675            if ((pDevice->bLinkPass == FALSE) ||
 676                !(*pbyRsr & RSR_BSSIDOK)) {
 677                if (bDeFragRx) {
 678                    if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 679                        DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
 680                        pDevice->dev->name);
 681                    }
 682                }
 683                return FALSE;
 684            }
 685   //mike add:station mode check eapol-key challenge--->
 686          {
 687            BYTE  Protocol_Version;    //802.1x Authentication
 688            BYTE  Packet_Type;           //802.1x Authentication
 689            BYTE  Descriptor_type;
 690             WORD Key_info;
 691              if (bIsWEP)
 692                  cbIVOffset = 8;
 693              else
 694                  cbIVOffset = 0;
 695              wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
 696                          skb->data[cbIVOffset + 8 + 24 + 6 + 1];
 697              Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
 698              Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
 699             if (wEtherType == ETH_P_PAE) {         //Protocol Type in LLC-Header
 700                  if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
 701                     (Packet_Type==3)) {  //802.1x OR eapol-key challenge frame receive
 702                        bRxeapol_key = TRUE;
 703                      Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2];
 704                      Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ;
 705                      if(Descriptor_type==2) {    //RSN
 706                         //  printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info);
 707                      }
 708                     else  if(Descriptor_type==254) {
 709                        //  printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info);
 710                     }
 711                  }
 712              }
 713          }
 714    //mike add:station mode check eapol-key challenge<---
 715        }
 716    }
 717
 718
 719// Data frame Handle
 720
 721
 722    if (pDevice->bEnablePSMode) {
 723        if (IS_FC_MOREDATA((pbyFrame))) {
 724            if (*pbyRsr & RSR_ADDROK) {
 725                //PSbSendPSPOLL((PSDevice)pDevice);
 726            }
 727        }
 728        else {
 729            if (pMgmt->bInTIMWake == TRUE) {
 730                pMgmt->bInTIMWake = FALSE;
 731            }
 732        }
 733    }
 734
 735    // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
 736    if (pDevice->bDiversityEnable && (FrameSize>50) &&
 737       (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
 738       (pDevice->bLinkPass == TRUE)) {
 739        BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
 740    }
 741
 742    // ++++++++ For BaseBand Algorithm +++++++++++++++
 743    pDevice->uCurrRSSI = *pbyRSSI;
 744    pDevice->byCurrSQ = *pbySQ;
 745
 746    // todo
 747/*
 748    if ((*pbyRSSI != 0) &&
 749        (pMgmt->pCurrBSS!=NULL)) {
 750        RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
 751        // Moniter if RSSI is too strong.
 752        pMgmt->pCurrBSS->byRSSIStatCnt++;
 753        pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
 754        pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
 755        for (ii = 0; ii < RSSI_STAT_COUNT; ii++) {
 756                if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
 757                        pMgmt->pCurrBSS->ldBmMAX =
 758                                max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
 759                }
 760        }
 761    }
 762*/
 763
 764
 765    // -----------------------------------------------
 766
 767    if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
 768        BYTE    abyMacHdr[24];
 769
 770        // Only 802.1x packet incoming allowed
 771        if (bIsWEP)
 772            cbIVOffset = 8;
 773        else
 774            cbIVOffset = 0;
 775        wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
 776                    skb->data[cbIVOffset + 8 + 24 + 6 + 1];
 777
 778            DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
 779        if (wEtherType == ETH_P_PAE) {
 780            skb->dev = pDevice->apdev;
 781
 782            if (bIsWEP == TRUE) {
 783                // strip IV header(8)
 784                memcpy(&abyMacHdr[0], (skb->data + 8), 24);
 785                memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24);
 786            }
 787
 788            skb->data +=  (cbIVOffset + 8);
 789            skb->tail +=  (cbIVOffset + 8);
 790            skb_put(skb, FrameSize);
 791            skb_reset_mac_header(skb);
 792            skb->pkt_type = PACKET_OTHERHOST;
 793            skb->protocol = htons(ETH_P_802_2);
 794            memset(skb->cb, 0, sizeof(skb->cb));
 795            netif_rx(skb);
 796            return TRUE;
 797
 798        }
 799        // check if 802.1x authorized
 800        if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
 801            return FALSE;
 802    }
 803
 804
 805    if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
 806        if (bIsWEP) {
 807            FrameSize -= 8;  //MIC
 808        }
 809    }
 810
 811    //--------------------------------------------------------------------------------
 812    // Soft MIC
 813    if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
 814        if (bIsWEP) {
 815            PDWORD          pdwMIC_L;
 816            PDWORD          pdwMIC_R;
 817            DWORD           dwMIC_Priority;
 818            DWORD           dwMICKey0 = 0, dwMICKey1 = 0;
 819            DWORD           dwLocalMIC_L = 0;
 820            DWORD           dwLocalMIC_R = 0;
 821            viawget_wpa_header *wpahdr;
 822
 823
 824            if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 825                dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
 826                dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
 827            }
 828            else {
 829                if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
 830                    dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
 831                    dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
 832                } else if ((pKey->dwKeyIndex & BIT28) == 0) {
 833                    dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
 834                    dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
 835                } else {
 836                    dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
 837                    dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
 838                }
 839            }
 840
 841            MIC_vInit(dwMICKey0, dwMICKey1);
 842            MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
 843            dwMIC_Priority = 0;
 844            MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
 845            // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
 846            MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8),
 847                        FrameSize - WLAN_HDR_ADDR3_LEN - 8);
 848            MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
 849            MIC_vUnInit();
 850
 851            pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize);
 852            pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4);
 853
 854
 855            if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
 856                (pDevice->bRxMICFail == TRUE)) {
 857                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
 858                pDevice->bRxMICFail = FALSE;
 859                //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
 860                pDevice->s802_11Counter.TKIPLocalMICFailures++;
 861                if (bDeFragRx) {
 862                    if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 863                        DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
 864                            pDevice->dev->name);
 865                    }
 866                }
 867       #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
 868                                //send event to wpa_supplicant
 869                                //if(pDevice->bWPASuppWextEnabled == TRUE)
 870                                {
 871                                        union iwreq_data wrqu;
 872                                        struct iw_michaelmicfailure ev;
 873                                        int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
 874                                        memset(&ev, 0, sizeof(ev));
 875                                        ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
 876                                        if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
 877                                                        (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
 878                                                                (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
 879                                                ev.flags |= IW_MICFAILURE_PAIRWISE;
 880                                        } else {
 881                                                ev.flags |= IW_MICFAILURE_GROUP;
 882                                        }
 883
 884                                        ev.src_addr.sa_family = ARPHRD_ETHER;
 885                                        memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
 886                                        memset(&wrqu, 0, sizeof(wrqu));
 887                                        wrqu.data.length = sizeof(ev);
 888                        PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
 889                                        wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
 890
 891                                }
 892         #endif
 893
 894
 895                if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
 896                     wpahdr = (viawget_wpa_header *)pDevice->skb->data;
 897                     if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
 898                         (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
 899                         (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
 900                         //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
 901                         wpahdr->type = VIAWGET_PTK_MIC_MSG;
 902                     } else {
 903                         //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
 904                         wpahdr->type = VIAWGET_GTK_MIC_MSG;
 905                     }
 906                     wpahdr->resp_ie_len = 0;
 907                     wpahdr->req_ie_len = 0;
 908                     skb_put(pDevice->skb, sizeof(viawget_wpa_header));
 909                     pDevice->skb->dev = pDevice->wpadev;
 910                     skb_reset_mac_header(pDevice->skb);
 911                     pDevice->skb->pkt_type = PACKET_HOST;
 912                     pDevice->skb->protocol = htons(ETH_P_802_2);
 913                     memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
 914                     netif_rx(pDevice->skb);
 915                     pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
 916                 }
 917
 918                return FALSE;
 919
 920            }
 921        }
 922    } //---end of SOFT MIC-----------------------------------------------------------------------
 923
 924    // ++++++++++ Reply Counter Check +++++++++++++
 925
 926    if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
 927                           (pKey->byCipherSuite == KEY_CTL_CCMP))) {
 928        if (bIsWEP) {
 929            WORD        wLocalTSC15_0 = 0;
 930            DWORD       dwLocalTSC47_16 = 0;
 931            unsigned long long       RSC = 0;
 932            // endian issues
 933            RSC = *((unsigned long long *) &(pKey->KeyRSC));
 934            wLocalTSC15_0 = (WORD) RSC;
 935            dwLocalTSC47_16 = (DWORD) (RSC>>16);
 936
 937            RSC = dwRxTSC47_16;
 938            RSC <<= 16;
 939            RSC += wRxTSC15_0;
 940            memcpy(&(pKey->KeyRSC), &RSC,  sizeof(QWORD));
 941
 942            if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
 943                 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
 944                // check RSC
 945                if ( (wRxTSC15_0 < wLocalTSC15_0) &&
 946                     (dwRxTSC47_16 <= dwLocalTSC47_16) &&
 947                     !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
 948                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
 949                    if (pKey->byCipherSuite == KEY_CTL_TKIP)
 950                        //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
 951                        pDevice->s802_11Counter.TKIPReplays++;
 952                    else
 953                        //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
 954                        pDevice->s802_11Counter.CCMPReplays++;
 955
 956                    if (bDeFragRx) {
 957                        if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 958                            DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
 959                                pDevice->dev->name);
 960                        }
 961                    }
 962                    return FALSE;
 963                }
 964            }
 965        }
 966    } // ----- End of Reply Counter Check --------------------------
 967
 968
 969    s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
 970    FrameSize -= cbHeaderOffset;
 971    cbHeaderOffset += 8;        // 8 is Rcv buffer header
 972
 973    // Null data, framesize = 12
 974    if (FrameSize < 12)
 975        return FALSE;
 976
 977    if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 978        if (s_bAPModeRxData(pDevice,
 979                            skb,
 980                            FrameSize,
 981                            cbHeaderOffset,
 982                            iSANodeIndex,
 983                            iDANodeIndex
 984                            ) == FALSE) {
 985
 986            if (bDeFragRx) {
 987                if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 988                    DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
 989                    pDevice->dev->name);
 990                }
 991            }
 992            return FALSE;
 993        }
 994
 995    }
 996
 997        skb->data += cbHeaderOffset;
 998        skb->tail += cbHeaderOffset;
 999    skb_put(skb, FrameSize);
1000    skb->protocol=eth_type_trans(skb, skb->dev);
1001    skb->ip_summed=CHECKSUM_NONE;
1002    pStats->rx_bytes +=skb->len;
1003    pStats->rx_packets++;
1004    netif_rx(skb);
1005    if (bDeFragRx) {
1006        if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1007            DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1008                pDevice->dev->name);
1009        }
1010        return FALSE;
1011    }
1012
1013    return TRUE;
1014}
1015
1016
1017static BOOL s_bAPModeRxCtl (
1018     PSDevice pDevice,
1019     PBYTE    pbyFrame,
1020     signed int      iSANodeIndex
1021    )
1022{
1023    PS802_11Header      p802_11Header;
1024    CMD_STATUS          Status;
1025    PSMgmtObject        pMgmt = &(pDevice->sMgmtObj);
1026
1027
1028    if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1029
1030        p802_11Header = (PS802_11Header) (pbyFrame);
1031        if (!IS_TYPE_MGMT(pbyFrame)) {
1032
1033            // Data & PS-Poll packet
1034            // check frame class
1035            if (iSANodeIndex > 0) {
1036                // frame class 3 fliter & checking
1037                if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1038                    // send deauth notification
1039                    // reason = (6) class 2 received from nonauth sta
1040                    vMgrDeAuthenBeginSta(pDevice,
1041                                         pMgmt,
1042                                         (PBYTE)(p802_11Header->abyAddr2),
1043                                         (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1044                                         &Status
1045                                         );
1046                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1047                    return TRUE;
1048                }
1049                if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1050                    // send deassoc notification
1051                    // reason = (7) class 3 received from nonassoc sta
1052                    vMgrDisassocBeginSta(pDevice,
1053                                         pMgmt,
1054                                         (PBYTE)(p802_11Header->abyAddr2),
1055                                         (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1056                                         &Status
1057                                         );
1058                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1059                    return TRUE;
1060                }
1061
1062                if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1063                    // delcare received ps-poll event
1064                    if (IS_CTL_PSPOLL(pbyFrame)) {
1065                        pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1066                        bScheduleCommand((void *) pDevice,
1067                                         WLAN_CMD_RX_PSPOLL,
1068                                         NULL);
1069                        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1070                    }
1071                    else {
1072                        // check Data PS state
1073                        // if PW bit off, send out all PS bufferring packets.
1074                        if (!IS_FC_POWERMGT(pbyFrame)) {
1075                            pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1076                            pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1077                                bScheduleCommand((void *) pDevice,
1078                                                 WLAN_CMD_RX_PSPOLL,
1079                                                 NULL);
1080                            DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1081                        }
1082                    }
1083                }
1084                else {
1085                   if (IS_FC_POWERMGT(pbyFrame)) {
1086                       pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1087                       // Once if STA in PS state, enable multicast bufferring
1088                       pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1089                   }
1090                   else {
1091                      // clear all pending PS frame.
1092                      if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1093                          pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1094                          pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1095                        bScheduleCommand((void *) pDevice,
1096                                         WLAN_CMD_RX_PSPOLL,
1097                                         NULL);
1098                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1099
1100                      }
1101                   }
1102                }
1103            }
1104            else {
1105                  vMgrDeAuthenBeginSta(pDevice,
1106                                       pMgmt,
1107                                       (PBYTE)(p802_11Header->abyAddr2),
1108                                       (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1109                                       &Status
1110                                       );
1111                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1112                        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%pM\n",
1113                                p802_11Header->abyAddr3);
1114                        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%pM\n",
1115                                p802_11Header->abyAddr2);
1116                        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%pM\n",
1117                                p802_11Header->abyAddr1);
1118                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1119                    return TRUE;
1120            }
1121        }
1122    }
1123    return FALSE;
1124
1125}
1126
1127static BOOL s_bHandleRxEncryption (
1128     PSDevice     pDevice,
1129     PBYTE        pbyFrame,
1130     unsigned int         FrameSize,
1131     PBYTE        pbyRsr,
1132     PBYTE       pbyNewRsr,
1133     PSKeyItem   * pKeyOut,
1134    int *       pbExtIV,
1135     PWORD       pwRxTSC15_0,
1136     PDWORD      pdwRxTSC47_16
1137    )
1138{
1139    unsigned int            PayloadLen = FrameSize;
1140    PBYTE           pbyIV;
1141    BYTE            byKeyIdx;
1142    PSKeyItem       pKey = NULL;
1143    BYTE            byDecMode = KEY_CTL_WEP;
1144    PSMgmtObject    pMgmt = &(pDevice->sMgmtObj);
1145
1146
1147    *pwRxTSC15_0 = 0;
1148    *pdwRxTSC47_16 = 0;
1149
1150    pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1151    if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1152         WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1153         pbyIV += 6;             // 6 is 802.11 address4
1154         PayloadLen -= 6;
1155    }
1156    byKeyIdx = (*(pbyIV+3) & 0xc0);
1157    byKeyIdx >>= 6;
1158    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1159
1160    if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1161        (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1162        (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1163        (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1164        (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1165        if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1166            (pMgmt->byCSSPK != KEY_CTL_NONE)) {
1167            // unicast pkt use pairwise key
1168            DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1169            if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1170                if (pMgmt->byCSSPK == KEY_CTL_TKIP)
1171                    byDecMode = KEY_CTL_TKIP;
1172                else if (pMgmt->byCSSPK == KEY_CTL_CCMP)
1173                    byDecMode = KEY_CTL_CCMP;
1174            }
1175            DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1176        } else {
1177            // use group key
1178            KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1179            if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1180                byDecMode = KEY_CTL_TKIP;
1181            else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1182                byDecMode = KEY_CTL_CCMP;
1183            DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1184        }
1185    }
1186    // our WEP only support Default Key
1187    if (pKey == NULL) {
1188        // use default group key
1189        KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1190        if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1191            byDecMode = KEY_CTL_TKIP;
1192        else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1193            byDecMode = KEY_CTL_CCMP;
1194    }
1195    *pKeyOut = pKey;
1196
1197    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1198
1199    if (pKey == NULL) {
1200        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1201        if (byDecMode == KEY_CTL_WEP) {
1202//            pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1203        } else if (pDevice->bLinkPass == TRUE) {
1204//            pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1205        }
1206        return FALSE;
1207    }
1208    if (byDecMode != pKey->byCipherSuite) {
1209        if (byDecMode == KEY_CTL_WEP) {
1210//            pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1211        } else if (pDevice->bLinkPass == TRUE) {
1212//            pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1213        }
1214        *pKeyOut = NULL;
1215        return FALSE;
1216    }
1217    if (byDecMode == KEY_CTL_WEP) {
1218        // handle WEP
1219        if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1220            (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1221            // Software WEP
1222            // 1. 3253A
1223            // 2. WEP 256
1224
1225            PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1226            memcpy(pDevice->abyPRNG, pbyIV, 3);
1227            memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1228            rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1229            rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1230
1231            if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1232                *pbyNewRsr |= NEWRSR_DECRYPTOK;
1233            }
1234        }
1235    } else if ((byDecMode == KEY_CTL_TKIP) ||
1236               (byDecMode == KEY_CTL_CCMP)) {
1237        // TKIP/AES
1238
1239        PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1240        *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1241        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1242        if (byDecMode == KEY_CTL_TKIP) {
1243            *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1244        } else {
1245            *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1246        }
1247        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1248
1249        if ((byDecMode == KEY_CTL_TKIP) &&
1250            (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1251            // Software TKIP
1252            // 1. 3253 A
1253            PS802_11Header  pMACHeader = (PS802_11Header) (pbyFrame);
1254            TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1255            rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1256            rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1257            if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1258                *pbyNewRsr |= NEWRSR_DECRYPTOK;
1259                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1260            } else {
1261                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1262                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1263            }
1264        }
1265    }// end of TKIP/AES
1266
1267    if ((*(pbyIV+3) & 0x20) != 0)
1268        *pbExtIV = TRUE;
1269    return TRUE;
1270}
1271
1272
1273static BOOL s_bHostWepRxEncryption (
1274     PSDevice     pDevice,
1275     PBYTE        pbyFrame,
1276     unsigned int         FrameSize,
1277     PBYTE        pbyRsr,
1278     BOOL         bOnFly,
1279     PSKeyItem    pKey,
1280     PBYTE       pbyNewRsr,
1281    int *       pbExtIV,
1282     PWORD       pwRxTSC15_0,
1283     PDWORD      pdwRxTSC47_16
1284    )
1285{
1286    PSMgmtObject    pMgmt = &(pDevice->sMgmtObj);
1287    unsigned int            PayloadLen = FrameSize;
1288    PBYTE           pbyIV;
1289    BYTE            byKeyIdx;
1290    BYTE            byDecMode = KEY_CTL_WEP;
1291    PS802_11Header  pMACHeader;
1292
1293
1294
1295    *pwRxTSC15_0 = 0;
1296    *pdwRxTSC47_16 = 0;
1297
1298    pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1299    if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1300         WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1301         pbyIV += 6;             // 6 is 802.11 address4
1302         PayloadLen -= 6;
1303    }
1304    byKeyIdx = (*(pbyIV+3) & 0xc0);
1305    byKeyIdx >>= 6;
1306    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1307
1308
1309    if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1310        byDecMode = KEY_CTL_TKIP;
1311    else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1312        byDecMode = KEY_CTL_CCMP;
1313
1314    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1315
1316    if (byDecMode != pKey->byCipherSuite) {
1317        if (byDecMode == KEY_CTL_WEP) {
1318//            pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1319        } else if (pDevice->bLinkPass == TRUE) {
1320//            pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1321        }
1322        return FALSE;
1323    }
1324
1325    if (byDecMode == KEY_CTL_WEP) {
1326        // handle WEP
1327        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1328        if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1329            (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1330            (bOnFly == FALSE)) {
1331            // Software WEP
1332            // 1. 3253A
1333            // 2. WEP 256
1334            // 3. NotOnFly
1335
1336            PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1337            memcpy(pDevice->abyPRNG, pbyIV, 3);
1338            memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1339            rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1340            rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1341
1342            if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1343                *pbyNewRsr |= NEWRSR_DECRYPTOK;
1344            }
1345        }
1346    } else if ((byDecMode == KEY_CTL_TKIP) ||
1347               (byDecMode == KEY_CTL_CCMP)) {
1348        // TKIP/AES
1349
1350        PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1351        *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1352        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1353
1354        if (byDecMode == KEY_CTL_TKIP) {
1355            *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1356        } else {
1357            *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1358        }
1359        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1360
1361        if (byDecMode == KEY_CTL_TKIP) {
1362
1363            if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1364                // Software TKIP
1365                // 1. 3253 A
1366                // 2. NotOnFly
1367                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1368                pMACHeader = (PS802_11Header) (pbyFrame);
1369                TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1370                rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1371                rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1372                if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1373                    *pbyNewRsr |= NEWRSR_DECRYPTOK;
1374                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1375                } else {
1376                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1377                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1378                }
1379            }
1380        }
1381
1382        if (byDecMode == KEY_CTL_CCMP) {
1383            if (bOnFly == FALSE) {
1384                // Software CCMP
1385                // NotOnFly
1386                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1387                if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1388                    *pbyNewRsr |= NEWRSR_DECRYPTOK;
1389                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1390                } else {
1391                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1392                }
1393            }
1394        }
1395
1396    }// end of TKIP/AES
1397
1398    if ((*(pbyIV+3) & 0x20) != 0)
1399        *pbExtIV = TRUE;
1400    return TRUE;
1401}
1402
1403
1404
1405static BOOL s_bAPModeRxData (
1406     PSDevice pDevice,
1407     struct sk_buff *skb,
1408     unsigned int     FrameSize,
1409     unsigned int     cbHeaderOffset,
1410     signed int      iSANodeIndex,
1411     signed int      iDANodeIndex
1412    )
1413
1414{
1415    PSMgmtObject        pMgmt = &(pDevice->sMgmtObj);
1416    BOOL                bRelayAndForward = FALSE;
1417    BOOL                bRelayOnly = FALSE;
1418    BYTE                byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1419    WORD                wAID;
1420
1421
1422    struct sk_buff* skbcpy = NULL;
1423
1424    if (FrameSize > CB_MAX_BUF_SIZE)
1425        return FALSE;
1426    // check DA
1427    if (is_multicast_ether_addr((PBYTE)(skb->data+cbHeaderOffset))) {
1428       if (pMgmt->sNodeDBTable[0].bPSEnable) {
1429
1430           skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1431
1432        // if any node in PS mode, buffer packet until DTIM.
1433           if (skbcpy == NULL) {
1434               DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1435           }
1436           else {
1437               skbcpy->dev = pDevice->dev;
1438               skbcpy->len = FrameSize;
1439               memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1440               skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1441               pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1442               // set tx map
1443               pMgmt->abyPSTxMap[0] |= byMask[0];
1444           }
1445       }
1446       else {
1447           bRelayAndForward = TRUE;
1448       }
1449    }
1450    else {
1451        // check if relay
1452        if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1453            if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1454                if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1455                    // queue this skb until next PS tx, and then release.
1456
1457                        skb->data += cbHeaderOffset;
1458                        skb->tail += cbHeaderOffset;
1459                    skb_put(skb, FrameSize);
1460                    skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1461
1462                    pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1463                    wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1464                    pMgmt->abyPSTxMap[wAID >> 3] |=  byMask[wAID & 7];
1465                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1466                               iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1467                    return TRUE;
1468                }
1469                else {
1470                    bRelayOnly = TRUE;
1471                }
1472            }
1473        }
1474    }
1475
1476    if (bRelayOnly || bRelayAndForward) {
1477        // relay this packet right now
1478        if (bRelayAndForward)
1479            iDANodeIndex = 0;
1480
1481        if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1482                bRelayPacketSend(pDevice, (PBYTE) (skb->data + cbHeaderOffset),
1483                                 FrameSize, (unsigned int) iDANodeIndex);
1484        }
1485
1486        if (bRelayOnly)
1487            return FALSE;
1488    }
1489    // none associate, don't forward
1490    if (pDevice->uAssocCount == 0)
1491        return FALSE;
1492
1493    return TRUE;
1494}
1495
1496
1497
1498
1499void RXvWorkItem(void *Context)
1500{
1501    PSDevice pDevice = (PSDevice) Context;
1502    int ntStatus;
1503    PRCB            pRCB=NULL;
1504
1505    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n");
1506    spin_lock_irq(&pDevice->lock);
1507
1508    while ((pDevice->Flags & fMP_POST_READS) &&
1509            MP_IS_READY(pDevice) &&
1510            (pDevice->NumRecvFreeList != 0) ) {
1511        pRCB = pDevice->FirstRecvFreeList;
1512        pDevice->NumRecvFreeList--;
1513        ASSERT(pRCB);// cannot be NULL
1514        DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList);
1515        ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB);
1516    }
1517    pDevice->bIsRxWorkItemQueued = FALSE;
1518    spin_unlock_irq(&pDevice->lock);
1519
1520}
1521
1522
1523void
1524RXvFreeRCB(
1525     PRCB pRCB,
1526     BOOL bReAllocSkb
1527    )
1528{
1529    PSDevice pDevice = (PSDevice)pRCB->pDevice;
1530
1531
1532    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n");
1533
1534    ASSERT(!pRCB->Ref);     // should be 0
1535    ASSERT(pRCB->pDevice);  // shouldn't be NULL
1536
1537    if (bReAllocSkb == TRUE) {
1538        pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1539        // todo error handling
1540        if (pRCB->skb == NULL) {
1541            DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n");
1542        }else {
1543            pRCB->skb->dev = pDevice->dev;
1544        }
1545    }
1546    //
1547    // Insert the RCB back in the Recv free list
1548    //
1549    EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB);
1550    pDevice->NumRecvFreeList++;
1551
1552
1553    if ((pDevice->Flags & fMP_POST_READS) && MP_IS_READY(pDevice) &&
1554        (pDevice->bIsRxWorkItemQueued == FALSE) ) {
1555
1556        pDevice->bIsRxWorkItemQueued = TRUE;
1557        tasklet_schedule(&pDevice->ReadWorkItem);
1558    }
1559    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1560}
1561
1562
1563void RXvMngWorkItem(void *Context)
1564{
1565    PSDevice pDevice = (PSDevice) Context;
1566    PRCB            pRCB=NULL;
1567    PSRxMgmtPacket  pRxPacket;
1568    BOOL            bReAllocSkb = FALSE;
1569
1570    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n");
1571
1572    spin_lock_irq(&pDevice->lock);
1573    while (pDevice->NumRecvMngList!=0)
1574    {
1575        pRCB = pDevice->FirstRecvMngList;
1576        pDevice->NumRecvMngList--;
1577        DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList);
1578        if(!pRCB){
1579            break;
1580        }
1581        ASSERT(pRCB);// cannot be NULL
1582        pRxPacket = &(pRCB->sMngPacket);
1583        vMgrRxManagePacket((void *) pDevice, &(pDevice->sMgmtObj), pRxPacket);
1584        pRCB->Ref--;
1585        if(pRCB->Ref == 0) {
1586            DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1587            RXvFreeRCB(pRCB, bReAllocSkb);
1588        } else {
1589            DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n");
1590        }
1591    }
1592
1593        pDevice->bIsRxMngWorkItemQueued = FALSE;
1594        spin_unlock_irq(&pDevice->lock);
1595
1596}
1597
1598
1599