2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * Purpose: handle dpc rx functions
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
63 /*--------------------- Static Definitions -------------------------*/
65 /*--------------------- Static Classes ----------------------------*/
67 /*--------------------- Static Variables --------------------------*/
68 //static int msglevel =MSG_LEVEL_DEBUG;
69 static int msglevel =MSG_LEVEL_INFO;
71 const BYTE acbyRxRate[MAX_RATE] =
72 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
75 /*--------------------- Static Functions --------------------------*/
77 /*--------------------- Static Definitions -------------------------*/
79 /*--------------------- Static Functions --------------------------*/
81 static BYTE s_byGetRateIdx(IN BYTE byRate);
87 IN PBYTE pbyRxBufferAddr,
88 OUT PUINT pcbHeaderSize,
89 OUT PSEthernetHeader psEthHeader
94 s_vProcessRxMACHeader (
96 IN PBYTE pbyRxBufferAddr,
100 OUT PUINT pcbHeadSize
103 static BOOL s_bAPModeRxCtl(
111 static BOOL s_bAPModeRxData (
113 IN struct sk_buff* skb,
115 IN UINT cbHeaderOffset,
121 static BOOL s_bHandleRxEncryption(
127 OUT PSKeyItem *pKeyOut,
129 OUT PWORD pwRxTSC15_0,
130 OUT PDWORD pdwRxTSC47_16
133 static BOOL s_bHostWepRxEncryption(
143 OUT PWORD pwRxTSC15_0,
144 OUT PDWORD pdwRxTSC47_16
148 /*--------------------- Export Variables --------------------------*/
153 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
158 * dwRxBufferAddr - Address of Rcv Buffer
159 * cbPacketSize - Rcv Packet size
160 * bIsWEP - If Rcv with WEP
162 * pcbHeaderSize - 802.11 header size
169 s_vProcessRxMACHeader (
171 IN PBYTE pbyRxBufferAddr,
172 IN UINT cbPacketSize,
175 OUT PUINT pcbHeadSize
179 UINT cbHeaderSize = 0;
181 PS802_11Header pMACHeader;
185 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
187 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
191 // strip IV&ExtIV , add 8 byte
192 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
194 // strip IV , add 4 byte
195 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
199 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
202 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
203 if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
206 else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
208 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
209 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
213 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
216 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
218 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
222 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
228 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
231 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
233 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
237 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
241 cbHeaderSize -= (U_ETHER_ADDR_LEN * 2);
242 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
243 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
244 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
245 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++)
246 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
248 *pcbHeadSize = cbHeaderSize;
254 static BYTE s_byGetRateIdx (IN BYTE byRate)
258 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
259 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
269 IN PBYTE pbyRxBufferAddr,
270 OUT PUINT pcbHeaderSize,
271 OUT PSEthernetHeader psEthHeader
274 UINT cbHeaderSize = 0;
275 PS802_11Header pMACHeader;
278 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
280 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
281 if (pMACHeader->wFrameCtl & FC_FROMDS) {
282 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
283 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
284 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
289 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
290 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
291 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
297 if (pMACHeader->wFrameCtl & FC_FROMDS) {
298 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
299 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
300 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
305 for(ii=0;ii<U_ETHER_ADDR_LEN;ii++) {
306 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
307 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
311 *pcbHeaderSize = cbHeaderSize;
319 VOID MngWorkItem(PVOID Context)
321 PSRxMgmtPacket pRxMgmtPacket;
322 PSDevice pDevice = (PSDevice) Context;
323 //printk("Enter MngWorkItem,Queue packet num is %d\n",pDevice->rxManeQueue.packet_num);
324 spin_lock_irq(&pDevice->lock);
325 while(pDevice->rxManeQueue.packet_num != 0)
327 pRxMgmtPacket = DeQueue(pDevice);
328 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket);
330 spin_unlock_irq(&pDevice->lock);
339 device_receive_frame (
345 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo;
347 //printk("device_receive_frame:pCurrRD is %x,pRDInfo is %x\n",pCurrRD,pCurrRD->pRDInfo);
349 struct net_device_stats* pStats=&pDevice->stats;
351 PSMgmtObject pMgmt = pDevice->pMgmt;
352 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket);
353 PS802_11Header p802_11Header;
360 BOOL bDeFragRx = FALSE;
365 INT iSANodeIndex = -1;
366 INT iDANodeIndex = -1;
374 PSKeyItem pKey = NULL;
376 DWORD dwRxTSC47_16 = 0;
379 DWORD dwDuration = 0;
381 LONG ldBmThreshold = 0;
382 PS802_11Header pMACHeader;
383 BOOL bRxeapol_key = FALSE;
385 // DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- device_receive_frame---\n");
392 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma,
393 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE);
396 pwFrameSize = (PWORD)(skb->data + 2);
397 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount);
399 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
400 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
401 if ((FrameSize > 2364)||(FrameSize <= 32)) {
402 // Frame Size error drop this packet.
403 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
407 pbyRxSts = (PBYTE) (skb->data);
408 pbyRxRate = (PBYTE) (skb->data + 1);
409 pbyRsr = (PBYTE) (skb->data + FrameSize - 1);
410 pbyRSSI = (PBYTE) (skb->data + FrameSize - 2);
411 pbyNewRsr = (PBYTE) (skb->data + FrameSize - 3);
412 pbySQ = (PBYTE) (skb->data + FrameSize - 4);
413 pqwTSFTime = (PQWORD) (skb->data + FrameSize - 12);
414 pbyFrame = (PBYTE)(skb->data + 4);
417 FrameSize = cpu_to_le16(*pwFrameSize);
419 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC
421 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n");
426 // update receive statistic counter
427 STAvUpdateRDStatCounter(&pDevice->scStatistic,
436 pMACHeader=(PS802_11Header)((PBYTE) (skb->data)+8);
438 if (pDevice->bMeasureInProgress == TRUE) {
439 if ((*pbyRsr & RSR_CRCOK) != 0) {
440 pDevice->byBasicMap |= 0x01;
442 dwDuration = (FrameSize << 4);
443 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE];
444 if (*pbyRxRate <= RATE_11M) {
445 if (BITbIsBitOn(*pbyRxSts, 0x01)) {
455 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
457 for (ii = 7; ii > 0;) {
458 if (ldBm > ldBmThreshold) {
464 pDevice->dwRPIs[ii] += dwDuration;
468 if (!IS_MULTICAST_ADDRESS(pbyFrame) && !IS_BROADCAST_ADDRESS(pbyFrame)) {
469 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) (skb->data + 4))) {
470 pDevice->s802_11Counter.FrameDuplicateCount++;
477 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader);
479 // filter packet send from myself
480 if (IS_ETH_ADDRESS_EQUAL((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr))
483 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
484 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
485 p802_11Header = (PS802_11Header) (pbyFrame);
487 if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
488 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
489 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
494 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
495 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
501 if (IS_FC_WEP(pbyFrame)) {
502 BOOL bRxDecryOK = FALSE;
504 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
506 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
508 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
509 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
510 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
511 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
512 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
514 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
518 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
522 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
529 bRxDecryOK = s_bHandleRxEncryption(pDevice,
541 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
542 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
543 if ( (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
544 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
545 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
546 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
547 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
549 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
550 pDevice->s802_11Counter.TKIPICVErrors++;
551 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
552 pDevice->s802_11Counter.CCMPDecryptErrors++;
553 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
554 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
560 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
563 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
564 FrameSize -= 8; // Message Integrity Code
566 FrameSize -= 4; // 4 is ICV
573 //remove the CRC length
574 FrameSize -= U_CRC_LEN;
576 if ((BITbIsAllBitsOff(*pbyRsr, (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address
577 (IS_FRAGMENT_PKT((skb->data+4)))
580 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (skb->data+4), FrameSize, bIsWEP, bExtIV);
581 pDevice->s802_11Counter.ReceivedFragmentCount++;
584 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
585 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
594 // Management & Control frame Handle
595 if ((IS_TYPE_DATA((skb->data+4))) == FALSE) {
596 // Handle Control & Manage Frame
598 if (IS_TYPE_MGMT((skb->data+4))) {
602 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4);
603 pRxPacket->cbMPDULen = FrameSize;
604 pRxPacket->uRSSI = *pbyRSSI;
605 pRxPacket->bySQ = *pbySQ;
606 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
607 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
610 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4);
611 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4;
612 for (ii = 0; ii < (FrameSize - 4); ii++) {
613 *pbyData1 = *pbyData2;
618 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
619 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
621 //EnQueue(pDevice,pRxPacket);
624 EnQueue(pDevice,pRxPacket);
626 //printk("enque time is %x\n",jiffies);
627 //up(&pDevice->mlme_semaphore);
628 //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt);
632 EnQueue(pDevice,pRxPacket);
633 tasklet_schedule(&pDevice->RxMngWorkItem);
636 vMgrRxManagePacket((HANDLE)pDevice, pDevice->pMgmt, pRxPacket);
637 //tasklet_schedule(&pDevice->RxMngWorkItem);
642 //vMgrRxManagePacket((HANDLE)pDevice, pDevice->pMgmt, pRxPacket);
643 // hostap Deamon handle 802.11 management
644 if (pDevice->bEnableHostapd) {
645 skb->dev = pDevice->apdev;
648 skb_put(skb, FrameSize);
649 skb_reset_mac_header(skb);
650 skb->pkt_type = PACKET_OTHERHOST;
651 skb->protocol = htons(ETH_P_802_2);
652 memset(skb->cb, 0, sizeof(skb->cb));
663 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
664 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
665 if (BITbIsBitOff(*pbyRsr, RSR_BSSIDOK)) {
667 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
668 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
676 // discard DATA packet while not associate || BSSID error
677 if ((pDevice->bLinkPass == FALSE) ||
678 BITbIsBitOff(*pbyRsr, RSR_BSSIDOK)) {
680 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
681 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
687 //mike add:station mode check eapol-key challenge--->
689 BYTE Protocol_Version; //802.1x Authentication
690 BYTE Packet_Type; //802.1x Authentication
695 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
696 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
697 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
698 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
699 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
700 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
701 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive
706 //mike add:station mode check eapol-key challenge<---
714 if (pDevice->bEnablePSMode) {
715 if (IS_FC_MOREDATA((skb->data+4))) {
716 if (BITbIsBitOn(*pbyRsr, RSR_ADDROK)) {
717 //PSbSendPSPOLL((PSDevice)pDevice);
721 if (pDevice->pMgmt->bInTIMWake == TRUE) {
722 pDevice->pMgmt->bInTIMWake = FALSE;
727 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
728 if (pDevice->bDiversityEnable && (FrameSize>50) &&
729 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
730 (pDevice->bLinkPass == TRUE)) {
731 //printk("device_receive_frame: RxRate is %d\n",*pbyRxRate);
732 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
736 if (pDevice->byLocalID != REV_ID_VT3253_B1) {
737 pDevice->uCurrRSSI = *pbyRSSI;
739 pDevice->byCurrSQ = *pbySQ;
741 if ((*pbyRSSI != 0) &&
742 (pMgmt->pCurrBSS!=NULL)) {
743 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
744 // Moniter if RSSI is too strong.
745 pMgmt->pCurrBSS->byRSSIStatCnt++;
746 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
747 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
748 for(ii=0;ii<RSSI_STAT_COUNT;ii++) {
749 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
750 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
755 // -----------------------------------------------
757 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
760 // Only 802.1x packet incoming allowed
765 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) |
766 skb->data[cbIVOffset + 4 + 24 + 6 + 1];
768 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
769 if (wEtherType == ETH_P_PAE) {
770 skb->dev = pDevice->apdev;
772 if (bIsWEP == TRUE) {
773 // strip IV header(8)
774 memcpy(&abyMacHdr[0], (skb->data + 4), 24);
775 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24);
777 skb->data += (cbIVOffset + 4);
778 skb->tail += (cbIVOffset + 4);
779 skb_put(skb, FrameSize);
780 skb_reset_mac_header(skb);
782 skb->pkt_type = PACKET_OTHERHOST;
783 skb->protocol = htons(ETH_P_802_2);
784 memset(skb->cb, 0, sizeof(skb->cb));
789 // check if 802.1x authorized
790 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
795 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
797 FrameSize -= 8; //MIC
801 //--------------------------------------------------------------------------------
803 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
807 DWORD dwMIC_Priority;
808 DWORD dwMICKey0 = 0, dwMICKey1 = 0;
809 DWORD dwLocalMIC_L = 0;
810 DWORD dwLocalMIC_R = 0;
811 viawget_wpa_header *wpahdr;
814 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
815 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
816 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
819 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
820 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
821 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
822 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
823 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
824 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
826 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
827 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
831 MIC_vInit(dwMICKey0, dwMICKey1);
832 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
834 MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
835 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
836 MIC_vAppend((PBYTE)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8),
837 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
838 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
841 pdwMIC_L = (PDWORD)(skb->data + 4 + FrameSize);
842 pdwMIC_R = (PDWORD)(skb->data + 4 + FrameSize + 4);
843 //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R));
844 //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R));
845 //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1);
848 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
849 (pDevice->bRxMICFail == TRUE)) {
850 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
851 pDevice->bRxMICFail = FALSE;
852 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
853 pDevice->s802_11Counter.TKIPLocalMICFailures++;
855 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
856 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
860 //2008-0409-07, <Add> by Einsn Liu
861 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
862 //send event to wpa_supplicant
863 //if(pDevice->bWPADevEnable == TRUE)
865 union iwreq_data wrqu;
866 struct iw_michaelmicfailure ev;
867 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
868 memset(&ev, 0, sizeof(ev));
869 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
870 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
871 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
872 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
873 ev.flags |= IW_MICFAILURE_PAIRWISE;
875 ev.flags |= IW_MICFAILURE_GROUP;
878 ev.src_addr.sa_family = ARPHRD_ETHER;
879 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
880 memset(&wrqu, 0, sizeof(wrqu));
881 wrqu.data.length = sizeof(ev);
882 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
888 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
889 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
890 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
891 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
892 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
893 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
894 wpahdr->type = VIAWGET_PTK_MIC_MSG;
896 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
897 wpahdr->type = VIAWGET_GTK_MIC_MSG;
899 wpahdr->resp_ie_len = 0;
900 wpahdr->req_ie_len = 0;
901 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
902 pDevice->skb->dev = pDevice->wpadev;
903 skb_reset_mac_header(pDevice->skb);
904 pDevice->skb->pkt_type = PACKET_HOST;
905 pDevice->skb->protocol = htons(ETH_P_802_2);
906 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
907 netif_rx(pDevice->skb);
908 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
915 } //---end of SOFT MIC-----------------------------------------------------------------------
917 // ++++++++++ Reply Counter Check +++++++++++++
919 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
920 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
922 WORD wLocalTSC15_0 = 0;
923 DWORD dwLocalTSC47_16 = 0;
926 RSC = *((ULONGLONG *) &(pKey->KeyRSC));
927 wLocalTSC15_0 = (WORD) RSC;
928 dwLocalTSC47_16 = (DWORD) (RSC>>16);
933 MEMvCopy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
935 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
936 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
938 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
939 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
940 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
941 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
942 if (pKey->byCipherSuite == KEY_CTL_TKIP)
943 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
944 pDevice->s802_11Counter.TKIPReplays++;
946 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
947 pDevice->s802_11Counter.CCMPReplays++;
950 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
951 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
959 } // ----- End of Reply Counter Check --------------------------
963 if ((pKey != NULL) && (bIsWEP)) {
964 // pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++;
968 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
969 FrameSize -= cbHeaderOffset;
970 cbHeaderOffset += 4; // 4 is Rcv buffer header
972 // Null data, framesize = 14
976 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
977 if (s_bAPModeRxData(pDevice,
986 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
987 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
994 // if(pDevice->bRxMICFail == FALSE) {
995 // for (ii =0; ii < 100; ii++)
996 // printk(" %02x", *(skb->data + ii));
1002 skb->data += cbHeaderOffset;
1003 skb->tail += cbHeaderOffset;
1004 skb_put(skb, FrameSize);
1005 skb->protocol=eth_type_trans(skb, skb->dev);
1008 //drop frame not met IEEE 802.3
1010 if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) {
1011 if ((skb->protocol==htons(ETH_P_802_3)) &&
1012 (skb->len!=htons(skb->mac.ethernet->h_proto))) {
1013 pStats->rx_length_errors++;
1014 pStats->rx_dropped++;
1016 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1017 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1018 pDevice->dev->name);
1026 skb->ip_summed=CHECKSUM_NONE;
1027 pStats->rx_bytes +=skb->len;
1028 pStats->rx_packets++;
1032 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1033 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1034 pDevice->dev->name);
1043 static BOOL s_bAPModeRxCtl (
1044 IN PSDevice pDevice,
1049 PS802_11Header p802_11Header;
1051 PSMgmtObject pMgmt = pDevice->pMgmt;
1054 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1056 p802_11Header = (PS802_11Header) (pbyFrame);
1057 if (!IS_TYPE_MGMT(pbyFrame)) {
1059 // Data & PS-Poll packet
1060 // check frame class
1061 if (iSANodeIndex > 0) {
1062 // frame class 3 fliter & checking
1063 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1064 // send deauth notification
1065 // reason = (6) class 2 received from nonauth sta
1066 vMgrDeAuthenBeginSta(pDevice,
1068 (PBYTE)(p802_11Header->abyAddr2),
1069 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1072 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1075 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1076 // send deassoc notification
1077 // reason = (7) class 3 received from nonassoc sta
1078 vMgrDisassocBeginSta(pDevice,
1080 (PBYTE)(p802_11Header->abyAddr2),
1081 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1084 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1088 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1089 // delcare received ps-poll event
1090 if (IS_CTL_PSPOLL(pbyFrame)) {
1091 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1092 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1093 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1096 // check Data PS state
1097 // if PW bit off, send out all PS bufferring packets.
1098 if (!IS_FC_POWERMGT(pbyFrame)) {
1099 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1100 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1101 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1102 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1107 if (IS_FC_POWERMGT(pbyFrame)) {
1108 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1109 // Once if STA in PS state, enable multicast bufferring
1110 pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1113 // clear all pending PS frame.
1114 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1115 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1116 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1117 bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1118 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1125 vMgrDeAuthenBeginSta(pDevice,
1127 (PBYTE)(p802_11Header->abyAddr2),
1128 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1131 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1132 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1133 p802_11Header->abyAddr3[0],
1134 p802_11Header->abyAddr3[1],
1135 p802_11Header->abyAddr3[2],
1136 p802_11Header->abyAddr3[3],
1137 p802_11Header->abyAddr3[4],
1138 p802_11Header->abyAddr3[5]
1140 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1141 p802_11Header->abyAddr2[0],
1142 p802_11Header->abyAddr2[1],
1143 p802_11Header->abyAddr2[2],
1144 p802_11Header->abyAddr2[3],
1145 p802_11Header->abyAddr2[4],
1146 p802_11Header->abyAddr2[5]
1148 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1149 p802_11Header->abyAddr1[0],
1150 p802_11Header->abyAddr1[1],
1151 p802_11Header->abyAddr1[2],
1152 p802_11Header->abyAddr1[3],
1153 p802_11Header->abyAddr1[4],
1154 p802_11Header->abyAddr1[5]
1156 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1157 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode));
1158 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode );
1167 static BOOL s_bHandleRxEncryption (
1168 IN PSDevice pDevice,
1172 OUT PBYTE pbyNewRsr,
1173 OUT PSKeyItem *pKeyOut,
1175 OUT PWORD pwRxTSC15_0,
1176 OUT PDWORD pdwRxTSC47_16
1179 UINT PayloadLen = FrameSize;
1182 PSKeyItem pKey = NULL;
1183 BYTE byDecMode = KEY_CTL_WEP;
1184 PSMgmtObject pMgmt = pDevice->pMgmt;
1190 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1191 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1192 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1193 pbyIV += 6; // 6 is 802.11 address4
1196 byKeyIdx = (*(pbyIV+3) & 0xc0);
1198 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1200 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1201 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1202 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1203 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1204 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1205 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1206 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) {
1207 // unicast pkt use pairwise key
1208 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1209 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1210 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP)
1211 byDecMode = KEY_CTL_TKIP;
1212 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP)
1213 byDecMode = KEY_CTL_CCMP;
1215 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1218 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1219 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1220 byDecMode = KEY_CTL_TKIP;
1221 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1222 byDecMode = KEY_CTL_CCMP;
1223 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1226 // our WEP only support Default Key
1228 // use default group key
1229 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1230 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1231 byDecMode = KEY_CTL_TKIP;
1232 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1233 byDecMode = KEY_CTL_CCMP;
1237 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1240 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1241 if (byDecMode == KEY_CTL_WEP) {
1242 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1243 } else if (pDevice->bLinkPass == TRUE) {
1244 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1248 if (byDecMode != pKey->byCipherSuite) {
1249 if (byDecMode == KEY_CTL_WEP) {
1250 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1251 } else if (pDevice->bLinkPass == TRUE) {
1252 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1257 if (byDecMode == KEY_CTL_WEP) {
1259 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1260 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1265 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1266 MEMvCopy(pDevice->abyPRNG, pbyIV, 3);
1267 MEMvCopy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1268 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1269 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1271 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1272 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1275 } else if ((byDecMode == KEY_CTL_TKIP) ||
1276 (byDecMode == KEY_CTL_CCMP)) {
1279 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1280 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1281 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1282 if (byDecMode == KEY_CTL_TKIP) {
1283 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1285 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1287 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1289 if ((byDecMode == KEY_CTL_TKIP) &&
1290 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1293 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1294 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1295 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1296 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1297 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1298 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1299 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1301 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1302 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1307 if ((*(pbyIV+3) & 0x20) != 0)
1313 static BOOL s_bHostWepRxEncryption (
1314 IN PSDevice pDevice,
1320 OUT PBYTE pbyNewRsr,
1322 OUT PWORD pwRxTSC15_0,
1323 OUT PDWORD pdwRxTSC47_16
1326 UINT PayloadLen = FrameSize;
1329 BYTE byDecMode = KEY_CTL_WEP;
1330 PS802_11Header pMACHeader;
1337 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1338 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1339 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1340 pbyIV += 6; // 6 is 802.11 address4
1343 byKeyIdx = (*(pbyIV+3) & 0xc0);
1345 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1348 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1349 byDecMode = KEY_CTL_TKIP;
1350 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1351 byDecMode = KEY_CTL_CCMP;
1353 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1355 if (byDecMode != pKey->byCipherSuite) {
1356 if (byDecMode == KEY_CTL_WEP) {
1357 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1358 } else if (pDevice->bLinkPass == TRUE) {
1359 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1364 if (byDecMode == KEY_CTL_WEP) {
1366 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1367 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1368 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1369 (bOnFly == FALSE)) {
1375 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1376 MEMvCopy(pDevice->abyPRNG, pbyIV, 3);
1377 MEMvCopy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1378 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1379 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1381 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1382 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1385 } else if ((byDecMode == KEY_CTL_TKIP) ||
1386 (byDecMode == KEY_CTL_CCMP)) {
1389 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1390 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1391 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1393 if (byDecMode == KEY_CTL_TKIP) {
1394 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1396 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1398 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1400 if (byDecMode == KEY_CTL_TKIP) {
1402 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1406 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1407 pMACHeader = (PS802_11Header) (pbyFrame);
1408 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1409 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1410 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1411 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1412 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1413 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1415 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1416 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1421 if (byDecMode == KEY_CTL_CCMP) {
1422 if (bOnFly == FALSE) {
1425 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1426 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1427 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1428 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1430 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1437 if ((*(pbyIV+3) & 0x20) != 0)
1444 static BOOL s_bAPModeRxData (
1445 IN PSDevice pDevice,
1446 IN struct sk_buff* skb,
1448 IN UINT cbHeaderOffset,
1449 IN INT iSANodeIndex,
1453 PSMgmtObject pMgmt = pDevice->pMgmt;
1454 BOOL bRelayAndForward = FALSE;
1455 BOOL bRelayOnly = FALSE;
1456 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1460 struct sk_buff* skbcpy = NULL;
1462 if (FrameSize > CB_MAX_BUF_SIZE)
1465 if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) {
1466 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1468 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1470 // if any node in PS mode, buffer packet until DTIM.
1471 if (skbcpy == NULL) {
1472 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1475 skbcpy->dev = pDevice->dev;
1476 skbcpy->len = FrameSize;
1477 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1478 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1480 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1482 pMgmt->abyPSTxMap[0] |= byMask[0];
1486 bRelayAndForward = TRUE;
1491 if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1492 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1493 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1494 // queue this skb until next PS tx, and then release.
1496 skb->data += cbHeaderOffset;
1497 skb->tail += cbHeaderOffset;
1498 skb_put(skb, FrameSize);
1499 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1500 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1501 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1502 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1503 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1504 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1514 if (bRelayOnly || bRelayAndForward) {
1515 // relay this packet right now
1516 if (bRelayAndForward)
1519 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1520 ROUTEbRelay(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex);
1526 // none associate, don't forward
1527 if (pDevice->uAssocCount == 0)