1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41#include "device.h"
42#include "rxtx.h"
43#include "tether.h"
44#include "card.h"
45#include "bssdb.h"
46#include "mac.h"
47#include "baseband.h"
48#include "michael.h"
49#include "tkip.h"
50#include "tcrc.h"
51#include "wctl.h"
52#include "hostap.h"
53#include "rf.h"
54#include "iowpa.h"
55#include "aes_ccmp.h"
56#include "datarate.h"
57#include "usbpipe.h"
58
59
60
61
62
63
64
65static int msglevel =MSG_LEVEL_INFO;
66
67const BYTE acbyRxRate[MAX_RATE] =
68{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
69
70
71
72
73
74
75
76
77static BYTE s_byGetRateIdx(BYTE byRate);
78
79static
80void
81s_vGetDASA(
82 PBYTE pbyRxBufferAddr,
83 unsigned int *pcbHeaderSize,
84 PSEthernetHeader psEthHeader
85 );
86
87static
88void
89s_vProcessRxMACHeader (
90 PSDevice pDevice,
91 PBYTE pbyRxBufferAddr,
92 unsigned int cbPacketSize,
93 BOOL bIsWEP,
94 BOOL bExtIV,
95 unsigned int *pcbHeadSize
96 );
97
98static BOOL s_bAPModeRxCtl(
99 PSDevice pDevice,
100 PBYTE pbyFrame,
101 signed int iSANodeIndex
102 );
103
104
105
106static BOOL s_bAPModeRxData (
107 PSDevice pDevice,
108 struct sk_buff *skb,
109 unsigned int FrameSize,
110 unsigned int cbHeaderOffset,
111 signed int iSANodeIndex,
112 signed int iDANodeIndex
113 );
114
115
116static BOOL s_bHandleRxEncryption(
117 PSDevice pDevice,
118 PBYTE pbyFrame,
119 unsigned int FrameSize,
120 PBYTE pbyRsr,
121 PBYTE pbyNewRsr,
122 PSKeyItem * pKeyOut,
123 int * pbExtIV,
124 PWORD pwRxTSC15_0,
125 PDWORD pdwRxTSC47_16
126 );
127
128static BOOL s_bHostWepRxEncryption(
129
130 PSDevice pDevice,
131 PBYTE pbyFrame,
132 unsigned int FrameSize,
133 PBYTE pbyRsr,
134 BOOL bOnFly,
135 PSKeyItem pKey,
136 PBYTE pbyNewRsr,
137 int * pbExtIV,
138 PWORD pwRxTSC15_0,
139 PDWORD pdwRxTSC47_16
140
141 );
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162static
163void
164s_vProcessRxMACHeader (
165 PSDevice pDevice,
166 PBYTE pbyRxBufferAddr,
167 unsigned int cbPacketSize,
168 BOOL bIsWEP,
169 BOOL bExtIV,
170 unsigned int *pcbHeadSize
171 )
172{
173 PBYTE pbyRxBuffer;
174 unsigned int cbHeaderSize = 0;
175 PWORD pwType;
176 PS802_11Header pMACHeader;
177 int ii;
178
179
180 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
181
182 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
183
184 if (bIsWEP) {
185 if (bExtIV) {
186
187 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
188 } else {
189
190 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
191 }
192 }
193 else {
194 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
195 };
196
197 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
198 if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
199 cbHeaderSize += 6;
200 } else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
201 cbHeaderSize += 6;
202 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
203 if ((*pwType == cpu_to_le16(ETH_P_IPX)) ||
204 (*pwType == cpu_to_le16(0xF380))) {
205 cbHeaderSize -= 8;
206 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
207 if (bIsWEP) {
208 if (bExtIV) {
209 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);
210 } else {
211 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);
212 }
213 }
214 else {
215 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
216 }
217 }
218 }
219 else {
220 cbHeaderSize -= 2;
221 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
222 if (bIsWEP) {
223 if (bExtIV) {
224 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);
225 } else {
226 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);
227 }
228 }
229 else {
230 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
231 }
232 }
233
234 cbHeaderSize -= (ETH_ALEN * 2);
235 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
236 for (ii = 0; ii < ETH_ALEN; ii++)
237 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
238 for (ii = 0; ii < ETH_ALEN; ii++)
239 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
240
241 *pcbHeadSize = cbHeaderSize;
242}
243
244
245
246
247static BYTE s_byGetRateIdx(BYTE byRate)
248{
249 BYTE byRateIdx;
250
251 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
252 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
253 return byRateIdx;
254 }
255 return 0;
256}
257
258
259static
260void
261s_vGetDASA (
262 PBYTE pbyRxBufferAddr,
263 unsigned int *pcbHeaderSize,
264 PSEthernetHeader psEthHeader
265 )
266{
267 unsigned int cbHeaderSize = 0;
268 PS802_11Header pMACHeader;
269 int ii;
270
271 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
272
273 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
274 if (pMACHeader->wFrameCtl & FC_FROMDS) {
275 for (ii = 0; ii < ETH_ALEN; ii++) {
276 psEthHeader->abyDstAddr[ii] =
277 pMACHeader->abyAddr1[ii];
278 psEthHeader->abySrcAddr[ii] =
279 pMACHeader->abyAddr3[ii];
280 }
281 } else {
282
283 for (ii = 0; ii < ETH_ALEN; ii++) {
284 psEthHeader->abyDstAddr[ii] =
285 pMACHeader->abyAddr1[ii];
286 psEthHeader->abySrcAddr[ii] =
287 pMACHeader->abyAddr2[ii];
288 }
289 }
290 } else {
291
292 if (pMACHeader->wFrameCtl & FC_FROMDS) {
293 for (ii = 0; ii < ETH_ALEN; ii++) {
294 psEthHeader->abyDstAddr[ii] =
295 pMACHeader->abyAddr3[ii];
296 psEthHeader->abySrcAddr[ii] =
297 pMACHeader->abyAddr4[ii];
298 cbHeaderSize += 6;
299 }
300 } else {
301 for (ii = 0; ii < ETH_ALEN; ii++) {
302 psEthHeader->abyDstAddr[ii] =
303 pMACHeader->abyAddr3[ii];
304 psEthHeader->abySrcAddr[ii] =
305 pMACHeader->abyAddr2[ii];
306 }
307 }
308 };
309 *pcbHeaderSize = cbHeaderSize;
310}
311
312
313
314
315BOOL
316RXbBulkInProcessData (
317 PSDevice pDevice,
318 PRCB pRCB,
319 unsigned long BytesToIndicate
320 )
321{
322
323 struct net_device_stats* pStats=&pDevice->stats;
324 struct sk_buff* skb;
325 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
326 PSRxMgmtPacket pRxPacket = &(pMgmt->sRxPacket);
327 PS802_11Header p802_11Header;
328 PBYTE pbyRsr;
329 PBYTE pbyNewRsr;
330 PBYTE pbyRSSI;
331 PQWORD pqwTSFTime;
332 PBYTE pbyFrame;
333 BOOL bDeFragRx = FALSE;
334 unsigned int cbHeaderOffset;
335 unsigned int FrameSize;
336 WORD wEtherType = 0;
337 signed int iSANodeIndex = -1;
338 signed int iDANodeIndex = -1;
339 unsigned int ii;
340 unsigned int cbIVOffset;
341 PBYTE pbyRxSts;
342 PBYTE pbyRxRate;
343 PBYTE pbySQ;
344 PBYTE pby3SQ;
345 unsigned int cbHeaderSize;
346 PSKeyItem pKey = NULL;
347 WORD wRxTSC15_0 = 0;
348 DWORD dwRxTSC47_16 = 0;
349 SKeyItem STempKey;
350
351
352 BOOL bIsWEP = FALSE;
353 BOOL bExtIV = FALSE;
354 DWORD dwWbkStatus;
355 PRCB pRCBIndicate = pRCB;
356 PBYTE pbyDAddress;
357 PWORD pwPLCP_Length;
358 BYTE abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108};
359 WORD wPLCPwithPadding;
360 PS802_11Header pMACHeader;
361 BOOL bRxeapol_key = FALSE;
362
363
364
365 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n");
366
367 skb = pRCB->skb;
368
369
370 dwWbkStatus = *( (PDWORD)(skb->data) );
371 FrameSize = (unsigned int)(dwWbkStatus >> 16);
372 FrameSize += 4;
373
374 if (BytesToIndicate != FrameSize) {
375 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
376 return FALSE;
377 }
378
379 if ((BytesToIndicate > 2372) || (BytesToIndicate <= 40)) {
380
381 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2\n");
382 return FALSE;
383 }
384
385 pbyDAddress = (PBYTE)(skb->data);
386 pbyRxSts = pbyDAddress+4;
387 pbyRxRate = pbyDAddress+5;
388
389
390
391
392 pwPLCP_Length = (PWORD) (pbyDAddress + 6);
393
394 if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) ||
395 ((BytesToIndicate - (*pwPLCP_Length)) < 24) ||
396 (BytesToIndicate < (*pwPLCP_Length)) ) {
397
398 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length);
399 ASSERT(0);
400 return FALSE;
401 }
402 for ( ii=RATE_1M;ii<MAX_RATE;ii++) {
403 if ( *pbyRxRate == abyVaildRate[ii] ) {
404 break;
405 }
406 }
407 if ( ii==MAX_RATE ) {
408 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate);
409 return FALSE;
410 }
411
412 wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4;
413
414 pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding);
415 if(pDevice->byBBType == BB_TYPE_11G) {
416 pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12;
417 pbySQ = pby3SQ;
418 }
419 else {
420 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
421 pby3SQ = pbySQ;
422 }
423 pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9;
424 pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10;
425 pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11;
426
427 FrameSize = *pwPLCP_Length;
428
429 pbyFrame = pbyDAddress + 8;
430
431
432 STAvUpdateRDStatCounter(&pDevice->scStatistic,
433 *pbyRsr,
434 *pbyNewRsr,
435 *pbyRxSts,
436 *pbyRxRate,
437 pbyFrame,
438 FrameSize
439 );
440
441
442 pMACHeader = (PS802_11Header) pbyFrame;
443
444
445 if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) ||
446 (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) {
447 if (pMgmt->sNodeDBTable[0].bActive) {
448 if (!compare_ether_addr(pMgmt->abyCurrBSSID, pMACHeader->abyAddr2)) {
449 if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
450 pMgmt->sNodeDBTable[0].uInActiveCount = 0;
451 }
452 }
453 }
454
455 if (!is_multicast_ether_addr(pMACHeader->abyAddr1) && !is_broadcast_ether_addr(pMACHeader->abyAddr1)) {
456 if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) {
457 pDevice->s802_11Counter.FrameDuplicateCount++;
458 return FALSE;
459 }
460
461 if (compare_ether_addr(pDevice->abyCurrentNetAddr,
462 pMACHeader->abyAddr1)) {
463 return FALSE;
464 }
465 }
466
467
468
469 s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader);
470
471 if (!compare_ether_addr((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]),
472 pDevice->abyCurrentNetAddr))
473 return FALSE;
474
475 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
476 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
477 p802_11Header = (PS802_11Header) (pbyFrame);
478
479 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
480 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
481 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
482 }
483 }
484 }
485
486 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
487 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
488 return FALSE;
489 }
490 }
491
492
493 if (IS_FC_WEP(pbyFrame)) {
494 BOOL bRxDecryOK = FALSE;
495
496 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
497 bIsWEP = TRUE;
498 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
499 pKey = &STempKey;
500 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
501 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
502 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
503 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
504 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
505 memcpy(pKey->abyKey,
506 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
507 pKey->uKeyLength
508 );
509
510 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
511 pbyFrame,
512 FrameSize,
513 pbyRsr,
514 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
515 pKey,
516 pbyNewRsr,
517 &bExtIV,
518 &wRxTSC15_0,
519 &dwRxTSC47_16);
520 } else {
521 bRxDecryOK = s_bHandleRxEncryption(pDevice,
522 pbyFrame,
523 FrameSize,
524 pbyRsr,
525 pbyNewRsr,
526 &pKey,
527 &bExtIV,
528 &wRxTSC15_0,
529 &dwRxTSC47_16);
530 }
531
532 if (bRxDecryOK) {
533 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
534 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
535 if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
536 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
537 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
538 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
539 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
540
541 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
542 pDevice->s802_11Counter.TKIPICVErrors++;
543 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
544 pDevice->s802_11Counter.CCMPDecryptErrors++;
545 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
546
547 }
548 }
549 return FALSE;
550 }
551 } else {
552 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
553 return FALSE;
554 }
555 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
556 FrameSize -= 8;
557 else
558 FrameSize -= 4;
559 }
560
561
562
563
564
565
566 FrameSize -= ETH_FCS_LEN;
567
568 if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) &&
569 (IS_FRAGMENT_PKT((pbyFrame)))
570 ) {
571
572 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV);
573 pDevice->s802_11Counter.ReceivedFragmentCount++;
574 if (bDeFragRx) {
575
576
577 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
578 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
579 pbyFrame = skb->data + 8;
580 }
581 else {
582 return FALSE;
583 }
584 }
585
586
587
588
589 if ((IS_TYPE_DATA((pbyFrame))) == FALSE) {
590
591
592 if (IS_TYPE_MGMT((pbyFrame))) {
593 PBYTE pbyData1;
594 PBYTE pbyData2;
595
596 pRxPacket = &(pRCB->sMngPacket);
597 pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame);
598 pRxPacket->cbMPDULen = FrameSize;
599 pRxPacket->uRSSI = *pbyRSSI;
600 pRxPacket->bySQ = *pbySQ;
601 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
602 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
603 if (bIsWEP) {
604
605 pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame);
606 pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4;
607 for (ii = 0; ii < (FrameSize - 4); ii++) {
608 *pbyData1 = *pbyData2;
609 pbyData1++;
610 pbyData2++;
611 }
612 }
613
614 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
615
616 if ( *pbyRxSts == 0 ) {
617
618 if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) ||
619 (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) {
620 return TRUE;
621 }
622 }
623 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
624
625
626 if (pDevice->bEnableHostapd) {
627 skb->dev = pDevice->apdev;
628
629
630 skb->data += 8;
631 skb->tail += 8;
632 skb_put(skb, FrameSize);
633 skb_reset_mac_header(skb);
634 skb->pkt_type = PACKET_OTHERHOST;
635 skb->protocol = htons(ETH_P_802_2);
636 memset(skb->cb, 0, sizeof(skb->cb));
637 netif_rx(skb);
638 return TRUE;
639 }
640
641
642
643
644 EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate);
645 pDevice->NumRecvMngList++;
646 if ( bDeFragRx == FALSE) {
647 pRCB->Ref++;
648 }
649 if (pDevice->bIsRxMngWorkItemQueued == FALSE) {
650 pDevice->bIsRxMngWorkItemQueued = TRUE;
651 tasklet_schedule(&pDevice->RxMngWorkItem);
652 }
653
654 }
655 else {
656
657 };
658 return FALSE;
659 }
660 else {
661 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
662
663 if ( !(*pbyRsr & RSR_BSSIDOK)) {
664 if (bDeFragRx) {
665 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
666 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
667 pDevice->dev->name);
668 }
669 }
670 return FALSE;
671 }
672 }
673 else {
674
675 if ((pDevice->bLinkPass == FALSE) ||
676 !(*pbyRsr & RSR_BSSIDOK)) {
677 if (bDeFragRx) {
678 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
679 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
680 pDevice->dev->name);
681 }
682 }
683 return FALSE;
684 }
685
686 {
687 BYTE Protocol_Version;
688 BYTE Packet_Type;
689 BYTE Descriptor_type;
690 WORD Key_info;
691 if (bIsWEP)
692 cbIVOffset = 8;
693 else
694 cbIVOffset = 0;
695 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
696 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
697 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
698 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
699 if (wEtherType == ETH_P_PAE) {
700 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
701 (Packet_Type==3)) {
702 bRxeapol_key = TRUE;
703 Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2];
704 Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ;
705 if(Descriptor_type==2) {
706
707 }
708 else if(Descriptor_type==254) {
709
710 }
711 }
712 }
713 }
714
715 }
716 }
717
718
719
720
721
722 if (pDevice->bEnablePSMode) {
723 if (IS_FC_MOREDATA((pbyFrame))) {
724 if (*pbyRsr & RSR_ADDROK) {
725
726 }
727 }
728 else {
729 if (pMgmt->bInTIMWake == TRUE) {
730 pMgmt->bInTIMWake = FALSE;
731 }
732 }
733 }
734
735
736 if (pDevice->bDiversityEnable && (FrameSize>50) &&
737 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
738 (pDevice->bLinkPass == TRUE)) {
739 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
740 }
741
742
743 pDevice->uCurrRSSI = *pbyRSSI;
744 pDevice->byCurrSQ = *pbySQ;
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
768 BYTE abyMacHdr[24];
769
770
771 if (bIsWEP)
772 cbIVOffset = 8;
773 else
774 cbIVOffset = 0;
775 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
776 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
777
778 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
779 if (wEtherType == ETH_P_PAE) {
780 skb->dev = pDevice->apdev;
781
782 if (bIsWEP == TRUE) {
783
784 memcpy(&abyMacHdr[0], (skb->data + 8), 24);
785 memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24);
786 }
787
788 skb->data += (cbIVOffset + 8);
789 skb->tail += (cbIVOffset + 8);
790 skb_put(skb, FrameSize);
791 skb_reset_mac_header(skb);
792 skb->pkt_type = PACKET_OTHERHOST;
793 skb->protocol = htons(ETH_P_802_2);
794 memset(skb->cb, 0, sizeof(skb->cb));
795 netif_rx(skb);
796 return TRUE;
797
798 }
799
800 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
801 return FALSE;
802 }
803
804
805 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
806 if (bIsWEP) {
807 FrameSize -= 8;
808 }
809 }
810
811
812
813 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
814 if (bIsWEP) {
815 PDWORD pdwMIC_L;
816 PDWORD pdwMIC_R;
817 DWORD dwMIC_Priority;
818 DWORD dwMICKey0 = 0, dwMICKey1 = 0;
819 DWORD dwLocalMIC_L = 0;
820 DWORD dwLocalMIC_R = 0;
821 viawget_wpa_header *wpahdr;
822
823
824 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
825 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
826 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
827 }
828 else {
829 if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
830 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
831 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
832 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
833 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
834 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
835 } else {
836 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
837 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
838 }
839 }
840
841 MIC_vInit(dwMICKey0, dwMICKey1);
842 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
843 dwMIC_Priority = 0;
844 MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
845
846 MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8),
847 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
848 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
849 MIC_vUnInit();
850
851 pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize);
852 pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4);
853
854
855 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
856 (pDevice->bRxMICFail == TRUE)) {
857 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
858 pDevice->bRxMICFail = FALSE;
859
860 pDevice->s802_11Counter.TKIPLocalMICFailures++;
861 if (bDeFragRx) {
862 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
863 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
864 pDevice->dev->name);
865 }
866 }
867 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
868
869
870 {
871 union iwreq_data wrqu;
872 struct iw_michaelmicfailure ev;
873 int keyidx = pbyFrame[cbHeaderSize+3] >> 6;
874 memset(&ev, 0, sizeof(ev));
875 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
876 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
877 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
878 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
879 ev.flags |= IW_MICFAILURE_PAIRWISE;
880 } else {
881 ev.flags |= IW_MICFAILURE_GROUP;
882 }
883
884 ev.src_addr.sa_family = ARPHRD_ETHER;
885 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
886 memset(&wrqu, 0, sizeof(wrqu));
887 wrqu.data.length = sizeof(ev);
888 PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
889 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
890
891 }
892 #endif
893
894
895 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
896 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
897 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
898 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
899 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
900
901 wpahdr->type = VIAWGET_PTK_MIC_MSG;
902 } else {
903
904 wpahdr->type = VIAWGET_GTK_MIC_MSG;
905 }
906 wpahdr->resp_ie_len = 0;
907 wpahdr->req_ie_len = 0;
908 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
909 pDevice->skb->dev = pDevice->wpadev;
910 skb_reset_mac_header(pDevice->skb);
911 pDevice->skb->pkt_type = PACKET_HOST;
912 pDevice->skb->protocol = htons(ETH_P_802_2);
913 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
914 netif_rx(pDevice->skb);
915 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
916 }
917
918 return FALSE;
919
920 }
921 }
922 }
923
924
925
926 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
927 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
928 if (bIsWEP) {
929 WORD wLocalTSC15_0 = 0;
930 DWORD dwLocalTSC47_16 = 0;
931 unsigned long long RSC = 0;
932
933 RSC = *((unsigned long long *) &(pKey->KeyRSC));
934 wLocalTSC15_0 = (WORD) RSC;
935 dwLocalTSC47_16 = (DWORD) (RSC>>16);
936
937 RSC = dwRxTSC47_16;
938 RSC <<= 16;
939 RSC += wRxTSC15_0;
940 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
941
942 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
943 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
944
945 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
946 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
947 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
948 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
949 if (pKey->byCipherSuite == KEY_CTL_TKIP)
950
951 pDevice->s802_11Counter.TKIPReplays++;
952 else
953
954 pDevice->s802_11Counter.CCMPReplays++;
955
956 if (bDeFragRx) {
957 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
958 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
959 pDevice->dev->name);
960 }
961 }
962 return FALSE;
963 }
964 }
965 }
966 }
967
968
969 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
970 FrameSize -= cbHeaderOffset;
971 cbHeaderOffset += 8;
972
973
974 if (FrameSize < 12)
975 return FALSE;
976
977 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
978 if (s_bAPModeRxData(pDevice,
979 skb,
980 FrameSize,
981 cbHeaderOffset,
982 iSANodeIndex,
983 iDANodeIndex
984 ) == FALSE) {
985
986 if (bDeFragRx) {
987 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
988 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
989 pDevice->dev->name);
990 }
991 }
992 return FALSE;
993 }
994
995 }
996
997 skb->data += cbHeaderOffset;
998 skb->tail += cbHeaderOffset;
999 skb_put(skb, FrameSize);
1000 skb->protocol=eth_type_trans(skb, skb->dev);
1001 skb->ip_summed=CHECKSUM_NONE;
1002 pStats->rx_bytes +=skb->len;
1003 pStats->rx_packets++;
1004 netif_rx(skb);
1005 if (bDeFragRx) {
1006 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1007 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1008 pDevice->dev->name);
1009 }
1010 return FALSE;
1011 }
1012
1013 return TRUE;
1014}
1015
1016
1017static BOOL s_bAPModeRxCtl (
1018 PSDevice pDevice,
1019 PBYTE pbyFrame,
1020 signed int iSANodeIndex
1021 )
1022{
1023 PS802_11Header p802_11Header;
1024 CMD_STATUS Status;
1025 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1026
1027
1028 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1029
1030 p802_11Header = (PS802_11Header) (pbyFrame);
1031 if (!IS_TYPE_MGMT(pbyFrame)) {
1032
1033
1034
1035 if (iSANodeIndex > 0) {
1036
1037 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1038
1039
1040 vMgrDeAuthenBeginSta(pDevice,
1041 pMgmt,
1042 (PBYTE)(p802_11Header->abyAddr2),
1043 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1044 &Status
1045 );
1046 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1047 return TRUE;
1048 }
1049 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1050
1051
1052 vMgrDisassocBeginSta(pDevice,
1053 pMgmt,
1054 (PBYTE)(p802_11Header->abyAddr2),
1055 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1056 &Status
1057 );
1058 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1059 return TRUE;
1060 }
1061
1062 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1063
1064 if (IS_CTL_PSPOLL(pbyFrame)) {
1065 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1066 bScheduleCommand((void *) pDevice,
1067 WLAN_CMD_RX_PSPOLL,
1068 NULL);
1069 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1070 }
1071 else {
1072
1073
1074 if (!IS_FC_POWERMGT(pbyFrame)) {
1075 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1076 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1077 bScheduleCommand((void *) pDevice,
1078 WLAN_CMD_RX_PSPOLL,
1079 NULL);
1080 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1081 }
1082 }
1083 }
1084 else {
1085 if (IS_FC_POWERMGT(pbyFrame)) {
1086 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1087
1088 pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1089 }
1090 else {
1091
1092 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1093 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1094 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1095 bScheduleCommand((void *) pDevice,
1096 WLAN_CMD_RX_PSPOLL,
1097 NULL);
1098 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1099
1100 }
1101 }
1102 }
1103 }
1104 else {
1105 vMgrDeAuthenBeginSta(pDevice,
1106 pMgmt,
1107 (PBYTE)(p802_11Header->abyAddr2),
1108 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1109 &Status
1110 );
1111 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1112 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%pM\n",
1113 p802_11Header->abyAddr3);
1114 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%pM\n",
1115 p802_11Header->abyAddr2);
1116 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%pM\n",
1117 p802_11Header->abyAddr1);
1118 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1119 return TRUE;
1120 }
1121 }
1122 }
1123 return FALSE;
1124
1125}
1126
1127static BOOL s_bHandleRxEncryption (
1128 PSDevice pDevice,
1129 PBYTE pbyFrame,
1130 unsigned int FrameSize,
1131 PBYTE pbyRsr,
1132 PBYTE pbyNewRsr,
1133 PSKeyItem * pKeyOut,
1134 int * pbExtIV,
1135 PWORD pwRxTSC15_0,
1136 PDWORD pdwRxTSC47_16
1137 )
1138{
1139 unsigned int PayloadLen = FrameSize;
1140 PBYTE pbyIV;
1141 BYTE byKeyIdx;
1142 PSKeyItem pKey = NULL;
1143 BYTE byDecMode = KEY_CTL_WEP;
1144 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1145
1146
1147 *pwRxTSC15_0 = 0;
1148 *pdwRxTSC47_16 = 0;
1149
1150 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1151 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1152 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1153 pbyIV += 6;
1154 PayloadLen -= 6;
1155 }
1156 byKeyIdx = (*(pbyIV+3) & 0xc0);
1157 byKeyIdx >>= 6;
1158 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1159
1160 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1161 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1162 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1163 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1164 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1165 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1166 (pMgmt->byCSSPK != KEY_CTL_NONE)) {
1167
1168 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1169 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1170 if (pMgmt->byCSSPK == KEY_CTL_TKIP)
1171 byDecMode = KEY_CTL_TKIP;
1172 else if (pMgmt->byCSSPK == KEY_CTL_CCMP)
1173 byDecMode = KEY_CTL_CCMP;
1174 }
1175 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1176 } else {
1177
1178 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1179 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1180 byDecMode = KEY_CTL_TKIP;
1181 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1182 byDecMode = KEY_CTL_CCMP;
1183 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1184 }
1185 }
1186
1187 if (pKey == NULL) {
1188
1189 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1190 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1191 byDecMode = KEY_CTL_TKIP;
1192 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1193 byDecMode = KEY_CTL_CCMP;
1194 }
1195 *pKeyOut = pKey;
1196
1197 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1198
1199 if (pKey == NULL) {
1200 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1201 if (byDecMode == KEY_CTL_WEP) {
1202
1203 } else if (pDevice->bLinkPass == TRUE) {
1204
1205 }
1206 return FALSE;
1207 }
1208 if (byDecMode != pKey->byCipherSuite) {
1209 if (byDecMode == KEY_CTL_WEP) {
1210
1211 } else if (pDevice->bLinkPass == TRUE) {
1212
1213 }
1214 *pKeyOut = NULL;
1215 return FALSE;
1216 }
1217 if (byDecMode == KEY_CTL_WEP) {
1218
1219 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1220 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1221
1222
1223
1224
1225 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4);
1226 memcpy(pDevice->abyPRNG, pbyIV, 3);
1227 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1228 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1229 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1230
1231 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1232 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1233 }
1234 }
1235 } else if ((byDecMode == KEY_CTL_TKIP) ||
1236 (byDecMode == KEY_CTL_CCMP)) {
1237
1238
1239 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4);
1240 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1241 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1242 if (byDecMode == KEY_CTL_TKIP) {
1243 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1244 } else {
1245 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1246 }
1247 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1248
1249 if ((byDecMode == KEY_CTL_TKIP) &&
1250 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1251
1252
1253 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1254 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1255 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1256 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1257 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1258 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1259 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1260 } else {
1261 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1262 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1263 }
1264 }
1265 }
1266
1267 if ((*(pbyIV+3) & 0x20) != 0)
1268 *pbExtIV = TRUE;
1269 return TRUE;
1270}
1271
1272
1273static BOOL s_bHostWepRxEncryption (
1274 PSDevice pDevice,
1275 PBYTE pbyFrame,
1276 unsigned int FrameSize,
1277 PBYTE pbyRsr,
1278 BOOL bOnFly,
1279 PSKeyItem pKey,
1280 PBYTE pbyNewRsr,
1281 int * pbExtIV,
1282 PWORD pwRxTSC15_0,
1283 PDWORD pdwRxTSC47_16
1284 )
1285{
1286 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1287 unsigned int PayloadLen = FrameSize;
1288 PBYTE pbyIV;
1289 BYTE byKeyIdx;
1290 BYTE byDecMode = KEY_CTL_WEP;
1291 PS802_11Header pMACHeader;
1292
1293
1294
1295 *pwRxTSC15_0 = 0;
1296 *pdwRxTSC47_16 = 0;
1297
1298 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1299 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1300 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1301 pbyIV += 6;
1302 PayloadLen -= 6;
1303 }
1304 byKeyIdx = (*(pbyIV+3) & 0xc0);
1305 byKeyIdx >>= 6;
1306 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1307
1308
1309 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1310 byDecMode = KEY_CTL_TKIP;
1311 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1312 byDecMode = KEY_CTL_CCMP;
1313
1314 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1315
1316 if (byDecMode != pKey->byCipherSuite) {
1317 if (byDecMode == KEY_CTL_WEP) {
1318
1319 } else if (pDevice->bLinkPass == TRUE) {
1320
1321 }
1322 return FALSE;
1323 }
1324
1325 if (byDecMode == KEY_CTL_WEP) {
1326
1327 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1328 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1329 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1330 (bOnFly == FALSE)) {
1331
1332
1333
1334
1335
1336 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4);
1337 memcpy(pDevice->abyPRNG, pbyIV, 3);
1338 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1339 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1340 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1341
1342 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1343 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1344 }
1345 }
1346 } else if ((byDecMode == KEY_CTL_TKIP) ||
1347 (byDecMode == KEY_CTL_CCMP)) {
1348
1349
1350 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4);
1351 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1352 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1353
1354 if (byDecMode == KEY_CTL_TKIP) {
1355 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1356 } else {
1357 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1358 }
1359 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1360
1361 if (byDecMode == KEY_CTL_TKIP) {
1362
1363 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1364
1365
1366
1367 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1368 pMACHeader = (PS802_11Header) (pbyFrame);
1369 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1370 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1371 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1372 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1373 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1374 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1375 } else {
1376 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1377 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1378 }
1379 }
1380 }
1381
1382 if (byDecMode == KEY_CTL_CCMP) {
1383 if (bOnFly == FALSE) {
1384
1385
1386 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1387 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1388 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1389 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1390 } else {
1391 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1392 }
1393 }
1394 }
1395
1396 }
1397
1398 if ((*(pbyIV+3) & 0x20) != 0)
1399 *pbExtIV = TRUE;
1400 return TRUE;
1401}
1402
1403
1404
1405static BOOL s_bAPModeRxData (
1406 PSDevice pDevice,
1407 struct sk_buff *skb,
1408 unsigned int FrameSize,
1409 unsigned int cbHeaderOffset,
1410 signed int iSANodeIndex,
1411 signed int iDANodeIndex
1412 )
1413
1414{
1415 PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1416 BOOL bRelayAndForward = FALSE;
1417 BOOL bRelayOnly = FALSE;
1418 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1419 WORD wAID;
1420
1421
1422 struct sk_buff* skbcpy = NULL;
1423
1424 if (FrameSize > CB_MAX_BUF_SIZE)
1425 return FALSE;
1426
1427 if (is_multicast_ether_addr((PBYTE)(skb->data+cbHeaderOffset))) {
1428 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1429
1430 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1431
1432
1433 if (skbcpy == NULL) {
1434 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1435 }
1436 else {
1437 skbcpy->dev = pDevice->dev;
1438 skbcpy->len = FrameSize;
1439 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1440 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1441 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1442
1443 pMgmt->abyPSTxMap[0] |= byMask[0];
1444 }
1445 }
1446 else {
1447 bRelayAndForward = TRUE;
1448 }
1449 }
1450 else {
1451
1452 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1453 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1454 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1455
1456
1457 skb->data += cbHeaderOffset;
1458 skb->tail += cbHeaderOffset;
1459 skb_put(skb, FrameSize);
1460 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1461
1462 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1463 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1464 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1465 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1466 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1467 return TRUE;
1468 }
1469 else {
1470 bRelayOnly = TRUE;
1471 }
1472 }
1473 }
1474 }
1475
1476 if (bRelayOnly || bRelayAndForward) {
1477
1478 if (bRelayAndForward)
1479 iDANodeIndex = 0;
1480
1481 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1482 bRelayPacketSend(pDevice, (PBYTE) (skb->data + cbHeaderOffset),
1483 FrameSize, (unsigned int) iDANodeIndex);
1484 }
1485
1486 if (bRelayOnly)
1487 return FALSE;
1488 }
1489
1490 if (pDevice->uAssocCount == 0)
1491 return FALSE;
1492
1493 return TRUE;
1494}
1495
1496
1497
1498
1499void RXvWorkItem(void *Context)
1500{
1501 PSDevice pDevice = (PSDevice) Context;
1502 int ntStatus;
1503 PRCB pRCB=NULL;
1504
1505 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n");
1506 spin_lock_irq(&pDevice->lock);
1507
1508 while ((pDevice->Flags & fMP_POST_READS) &&
1509 MP_IS_READY(pDevice) &&
1510 (pDevice->NumRecvFreeList != 0) ) {
1511 pRCB = pDevice->FirstRecvFreeList;
1512 pDevice->NumRecvFreeList--;
1513 ASSERT(pRCB);
1514 DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList);
1515 ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB);
1516 }
1517 pDevice->bIsRxWorkItemQueued = FALSE;
1518 spin_unlock_irq(&pDevice->lock);
1519
1520}
1521
1522
1523void
1524RXvFreeRCB(
1525 PRCB pRCB,
1526 BOOL bReAllocSkb
1527 )
1528{
1529 PSDevice pDevice = (PSDevice)pRCB->pDevice;
1530
1531
1532 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n");
1533
1534 ASSERT(!pRCB->Ref);
1535 ASSERT(pRCB->pDevice);
1536
1537 if (bReAllocSkb == TRUE) {
1538 pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1539
1540 if (pRCB->skb == NULL) {
1541 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n");
1542 }else {
1543 pRCB->skb->dev = pDevice->dev;
1544 }
1545 }
1546
1547
1548
1549 EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB);
1550 pDevice->NumRecvFreeList++;
1551
1552
1553 if ((pDevice->Flags & fMP_POST_READS) && MP_IS_READY(pDevice) &&
1554 (pDevice->bIsRxWorkItemQueued == FALSE) ) {
1555
1556 pDevice->bIsRxWorkItemQueued = TRUE;
1557 tasklet_schedule(&pDevice->ReadWorkItem);
1558 }
1559 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1560}
1561
1562
1563void RXvMngWorkItem(void *Context)
1564{
1565 PSDevice pDevice = (PSDevice) Context;
1566 PRCB pRCB=NULL;
1567 PSRxMgmtPacket pRxPacket;
1568 BOOL bReAllocSkb = FALSE;
1569
1570 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n");
1571
1572 spin_lock_irq(&pDevice->lock);
1573 while (pDevice->NumRecvMngList!=0)
1574 {
1575 pRCB = pDevice->FirstRecvMngList;
1576 pDevice->NumRecvMngList--;
1577 DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList);
1578 if(!pRCB){
1579 break;
1580 }
1581 ASSERT(pRCB);
1582 pRxPacket = &(pRCB->sMngPacket);
1583 vMgrRxManagePacket((void *) pDevice, &(pDevice->sMgmtObj), pRxPacket);
1584 pRCB->Ref--;
1585 if(pRCB->Ref == 0) {
1586 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1587 RXvFreeRCB(pRCB, bReAllocSkb);
1588 } else {
1589 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n");
1590 }
1591 }
1592
1593 pDevice->bIsRxMngWorkItemQueued = FALSE;
1594 spin_unlock_irq(&pDevice->lock);
1595
1596}
1597
1598
1599
