tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/*
2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
3 * All rights reserved.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * File: dpc.c
20 *
21 * Purpose: handle dpc rx functions
22 *
23 * Author: Lyndon Chen
24 *
25 * Date: May 20, 2003
26 *
27 * Functions:
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
36 *
37 * Revision History:
38 *
39 */
40
41#include "device.h"
42#include "rxtx.h"
43#include "tether.h"
44#include "card.h"
45#include "bssdb.h"
46#include "mac.h"
47#include "baseband.h"
48#include "michael.h"
49#include "tkip.h"
50#include "tcrc.h"
51#include "wctl.h"
52#include "hostap.h"
53#include "rf.h"
54#include "iowpa.h"
55#include "aes_ccmp.h"
56#include "datarate.h"
57#include "usbpipe.h"
58
59//static int msglevel =MSG_LEVEL_DEBUG;
60static int msglevel =MSG_LEVEL_INFO;
61
62const u8 acbyRxRate[MAX_RATE] =
63{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
64
65static u8 s_byGetRateIdx(u8 byRate);
66
67static
68void
69s_vGetDASA(
70 u8 * pbyRxBufferAddr,
71 unsigned int *pcbHeaderSize,
72 struct ethhdr *psEthHeader
73 );
74
75static void s_vProcessRxMACHeader(struct vnt_private *pDevice,
76 u8 *pbyRxBufferAddr, u32 cbPacketSize, int bIsWEP, int bExtIV,
77 u32 *pcbHeadSize);
78
79static int s_bAPModeRxCtl(struct vnt_private *pDevice, u8 *pbyFrame,
80 s32 iSANodeIndex);
81
82static int s_bAPModeRxData(struct vnt_private *pDevice, struct sk_buff *skb,
83 u32 FrameSize, u32 cbHeaderOffset, s32 iSANodeIndex, s32 iDANodeIndex);
84
85static int s_bHandleRxEncryption(struct vnt_private *pDevice, u8 *pbyFrame,
86 u32 FrameSize, u8 *pbyRsr, u8 *pbyNewRsr, PSKeyItem *pKeyOut,
87 s32 *pbExtIV, u16 *pwRxTSC15_0, u32 *pdwRxTSC47_16);
88
89static int s_bHostWepRxEncryption(struct vnt_private *pDevice, u8 *pbyFrame,
90 u32 FrameSize, u8 *pbyRsr, int bOnFly, PSKeyItem pKey, u8 *pbyNewRsr,
91 s32 *pbExtIV, u16 *pwRxTSC15_0, u32 *pdwRxTSC47_16);
92
93/*+
94 *
95 * Description:
96 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
97 *
98 * Parameters:
99 * In:
100 * pDevice
101 * dwRxBufferAddr - Address of Rcv Buffer
102 * cbPacketSize - Rcv Packet size
103 * bIsWEP - If Rcv with WEP
104 * Out:
105 * pcbHeaderSize - 802.11 header size
106 *
107 * Return Value: None
108 *
109-*/
110
111static void s_vProcessRxMACHeader(struct vnt_private *pDevice,
112 u8 *pbyRxBufferAddr, u32 cbPacketSize, int bIsWEP, int bExtIV,
113 u32 *pcbHeadSize)
114{
115 u8 *pbyRxBuffer;
116 u32 cbHeaderSize = 0;
117 u16 *pwType;
118 struct ieee80211_hdr *pMACHeader;
119 int ii;
120
121 pMACHeader = (struct ieee80211_hdr *) (pbyRxBufferAddr + cbHeaderSize);
122
123 s_vGetDASA((u8 *)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
124
125 if (bIsWEP) {
126 if (bExtIV) {
127 // strip IV&ExtIV , add 8 byte
128 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
129 } else {
130 // strip IV , add 4 byte
131 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
132 }
133 }
134 else {
135 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
136 };
137
138 pbyRxBuffer = (u8 *) (pbyRxBufferAddr + cbHeaderSize);
139 if (ether_addr_equal(pbyRxBuffer, pDevice->abySNAP_Bridgetunnel)) {
140 cbHeaderSize += 6;
141 } else if (ether_addr_equal(pbyRxBuffer, pDevice->abySNAP_RFC1042)) {
142 cbHeaderSize += 6;
143 pwType = (u16 *) (pbyRxBufferAddr + cbHeaderSize);
144 if ((*pwType == cpu_to_be16(ETH_P_IPX)) ||
145 (*pwType == cpu_to_le16(0xF380))) {
146 cbHeaderSize -= 8;
147 pwType = (u16 *) (pbyRxBufferAddr + cbHeaderSize);
148 if (bIsWEP) {
149 if (bExtIV) {
150 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
151 } else {
152 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
153 }
154 }
155 else {
156 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
157 }
158 }
159 }
160 else {
161 cbHeaderSize -= 2;
162 pwType = (u16 *) (pbyRxBufferAddr + cbHeaderSize);
163 if (bIsWEP) {
164 if (bExtIV) {
165 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
166 } else {
167 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
168 }
169 }
170 else {
171 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
172 }
173 }
174
175 cbHeaderSize -= (ETH_ALEN * 2);
176 pbyRxBuffer = (u8 *) (pbyRxBufferAddr + cbHeaderSize);
177 for (ii = 0; ii < ETH_ALEN; ii++)
178 *pbyRxBuffer++ = pDevice->sRxEthHeader.h_dest[ii];
179 for (ii = 0; ii < ETH_ALEN; ii++)
180 *pbyRxBuffer++ = pDevice->sRxEthHeader.h_source[ii];
181
182 *pcbHeadSize = cbHeaderSize;
183}
184
185static u8 s_byGetRateIdx(u8 byRate)
186{
187 u8 byRateIdx;
188
189 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
190 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
191 return byRateIdx;
192 }
193 return 0;
194}
195
196static
197void
198s_vGetDASA (
199 u8 * pbyRxBufferAddr,
200 unsigned int *pcbHeaderSize,
201 struct ethhdr *psEthHeader
202 )
203{
204 unsigned int cbHeaderSize = 0;
205 struct ieee80211_hdr *pMACHeader;
206 int ii;
207
208 pMACHeader = (struct ieee80211_hdr *) (pbyRxBufferAddr + cbHeaderSize);
209
210 if ((pMACHeader->frame_control & FC_TODS) == 0) {
211 if (pMACHeader->frame_control & FC_FROMDS) {
212 for (ii = 0; ii < ETH_ALEN; ii++) {
213 psEthHeader->h_dest[ii] =
214 pMACHeader->addr1[ii];
215 psEthHeader->h_source[ii] =
216 pMACHeader->addr3[ii];
217 }
218 } else {
219 /* IBSS mode */
220 for (ii = 0; ii < ETH_ALEN; ii++) {
221 psEthHeader->h_dest[ii] =
222 pMACHeader->addr1[ii];
223 psEthHeader->h_source[ii] =
224 pMACHeader->addr2[ii];
225 }
226 }
227 } else {
228 /* Is AP mode.. */
229 if (pMACHeader->frame_control & FC_FROMDS) {
230 for (ii = 0; ii < ETH_ALEN; ii++) {
231 psEthHeader->h_dest[ii] =
232 pMACHeader->addr3[ii];
233 psEthHeader->h_source[ii] =
234 pMACHeader->addr4[ii];
235 cbHeaderSize += 6;
236 }
237 } else {
238 for (ii = 0; ii < ETH_ALEN; ii++) {
239 psEthHeader->h_dest[ii] =
240 pMACHeader->addr3[ii];
241 psEthHeader->h_source[ii] =
242 pMACHeader->addr2[ii];
243 }
244 }
245 };
246 *pcbHeaderSize = cbHeaderSize;
247}
248
249int RXbBulkInProcessData(struct vnt_private *pDevice, struct vnt_rcb *pRCB,
250 unsigned long BytesToIndicate)
251{
252 struct net_device_stats *pStats = &pDevice->stats;
253 struct sk_buff *skb;
254 struct vnt_manager *pMgmt = &pDevice->vnt_mgmt;
255 struct vnt_rx_mgmt *pRxPacket = &pMgmt->sRxPacket;
256 struct ieee80211_hdr *p802_11Header;
257 u8 *pbyRsr, *pbyNewRsr, *pbyRSSI, *pbyFrame;
258 u64 *pqwTSFTime;
259 u32 bDeFragRx = false;
260 u32 cbHeaderOffset, cbIVOffset;
261 u32 FrameSize;
262 u16 wEtherType = 0;
263 s32 iSANodeIndex = -1, iDANodeIndex = -1;
264 int ii;
265 u8 *pbyRxSts, *pbyRxRate, *pbySQ, *pby3SQ;
266 u32 cbHeaderSize;
267 PSKeyItem pKey = NULL;
268 u16 wRxTSC15_0 = 0;
269 u32 dwRxTSC47_16 = 0;
270 SKeyItem STempKey;
271 /* signed long ldBm = 0; */
272 int bIsWEP = false; int bExtIV = false;
273 u32 dwWbkStatus;
274 struct vnt_rcb *pRCBIndicate = pRCB;
275 u8 *pbyDAddress;
276 u16 *pwPLCP_Length;
277 u8 abyVaildRate[MAX_RATE]
278 = {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
279 u16 wPLCPwithPadding;
280 struct ieee80211_hdr *pMACHeader;
281 int bRxeapol_key = false;
282
283 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n");
284
285 skb = pRCB->skb;
286
287 /* [31:16]RcvByteCount ( not include 4-byte Status ) */
288 dwWbkStatus = *((u32 *)(skb->data));
289 FrameSize = dwWbkStatus >> 16;
290 FrameSize += 4;
291
292 if (BytesToIndicate != FrameSize) {
293 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"------- WRONG Length 1\n");
294 return false;
295 }
296
297 if ((BytesToIndicate > 2372) || (BytesToIndicate <= 40)) {
298 // Frame Size error drop this packet.
299 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2\n");
300 return false;
301 }
302
303 pbyDAddress = (u8 *)(skb->data);
304 pbyRxSts = pbyDAddress+4;
305 pbyRxRate = pbyDAddress+5;
306
307 //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding
308 //if SQ3 the range is 24~27, if no SQ3 the range is 20~23
309 //real Frame size in PLCPLength field.
310 pwPLCP_Length = (u16 *) (pbyDAddress + 6);
311 //Fix hardware bug => PLCP_Length error
312 if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) ||
313 ((BytesToIndicate - (*pwPLCP_Length)) < 24) ||
314 (BytesToIndicate < (*pwPLCP_Length)) ) {
315
316 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length);
317 return false;
318 }
319 for ( ii=RATE_1M;ii<MAX_RATE;ii++) {
320 if ( *pbyRxRate == abyVaildRate[ii] ) {
321 break;
322 }
323 }
324 if ( ii==MAX_RATE ) {
325 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate);
326 return false;
327 }
328
329 wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4;
330
331 pqwTSFTime = (u64 *)(pbyDAddress + 8 + wPLCPwithPadding);
332 if(pDevice->byBBType == BB_TYPE_11G) {
333 pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12;
334 pbySQ = pby3SQ;
335 }
336 else {
337 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
338 pby3SQ = pbySQ;
339 }
340 pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9;
341 pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10;
342 pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11;
343
344 FrameSize = *pwPLCP_Length;
345
346 pbyFrame = pbyDAddress + 8;
347 // update receive statistic counter
348
349 STAvUpdateRDStatCounter(&pDevice->scStatistic,
350 *pbyRsr,
351 *pbyNewRsr,
352 *pbyRxSts,
353 *pbyRxRate,
354 pbyFrame,
355 FrameSize
356 );
357
358 pMACHeader = (struct ieee80211_hdr *) pbyFrame;
359
360//mike add: to judge if current AP is activated?
361 if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) ||
362 (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) {
363 if (pMgmt->sNodeDBTable[0].bActive) {
364 if (ether_addr_equal(pMgmt->abyCurrBSSID, pMACHeader->addr2)) {
365 if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
366 pMgmt->sNodeDBTable[0].uInActiveCount = 0;
367 }
368 }
369 }
370
371 if (!is_multicast_ether_addr(pMACHeader->addr1)) {
372 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (struct ieee80211_hdr *) pbyFrame)) {
373 pDevice->s802_11Counter.FrameDuplicateCount++;
374 return false;
375 }
376
377 if (!ether_addr_equal(pDevice->abyCurrentNetAddr, pMACHeader->addr1)) {
378 return false;
379 }
380 }
381
382 // Use for TKIP MIC
383 s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader);
384
385 if (ether_addr_equal((u8 *)pDevice->sRxEthHeader.h_source,
386 pDevice->abyCurrentNetAddr))
387 return false;
388
389 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
390 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
391 p802_11Header = (struct ieee80211_hdr *) (pbyFrame);
392 // get SA NodeIndex
393 if (BSSbIsSTAInNodeDB(pDevice, (u8 *)(p802_11Header->addr2), &iSANodeIndex)) {
394 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
395 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
396 }
397 }
398 }
399
400 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
401 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == true) {
402 return false;
403 }
404 }
405
406 if (IS_FC_WEP(pbyFrame)) {
407 bool bRxDecryOK = false;
408
409 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
410 bIsWEP = true;
411 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
412 pKey = &STempKey;
413 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
414 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
415 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
416 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
417 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
418 memcpy(pKey->abyKey,
419 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
420 pKey->uKeyLength
421 );
422
423 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
424 pbyFrame,
425 FrameSize,
426 pbyRsr,
427 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
428 pKey,
429 pbyNewRsr,
430 &bExtIV,
431 &wRxTSC15_0,
432 &dwRxTSC47_16);
433 } else {
434 bRxDecryOK = s_bHandleRxEncryption(pDevice,
435 pbyFrame,
436 FrameSize,
437 pbyRsr,
438 pbyNewRsr,
439 &pKey,
440 &bExtIV,
441 &wRxTSC15_0,
442 &dwRxTSC47_16);
443 }
444
445 if (bRxDecryOK) {
446 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
447 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
448 if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
449 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
450 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
451 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
452 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
453
454 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
455 pDevice->s802_11Counter.TKIPICVErrors++;
456 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
457 pDevice->s802_11Counter.CCMPDecryptErrors++;
458 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
459// pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
460 }
461 }
462 return false;
463 }
464 } else {
465 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
466 return false;
467 }
468 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
469 FrameSize -= 8; // Message Integrity Code
470 else
471 FrameSize -= 4; // 4 is ICV
472 }
473
474 //
475 // RX OK
476 //
477 /* remove the FCS/CRC length */
478 FrameSize -= ETH_FCS_LEN;
479
480 if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) && // unicast address
481 (IS_FRAGMENT_PKT((pbyFrame)))
482 ) {
483 // defragment
484 bDeFragRx = WCTLbHandleFragment(pDevice, (struct ieee80211_hdr *) (pbyFrame), FrameSize, bIsWEP, bExtIV);
485 pDevice->s802_11Counter.ReceivedFragmentCount++;
486 if (bDeFragRx) {
487 // defrag complete
488 // TODO skb, pbyFrame
489 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
490 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
491 pbyFrame = skb->data + 8;
492 }
493 else {
494 return false;
495 }
496 }
497
498 //
499 // Management & Control frame Handle
500 //
501 if ((IS_TYPE_DATA((pbyFrame))) == false) {
502 // Handle Control & Manage Frame
503
504 if (IS_TYPE_MGMT((pbyFrame))) {
505 u8 * pbyData1;
506 u8 * pbyData2;
507
508 pRxPacket = &(pRCB->sMngPacket);
509 pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame);
510 pRxPacket->cbMPDULen = FrameSize;
511 pRxPacket->uRSSI = *pbyRSSI;
512 pRxPacket->bySQ = *pbySQ;
513 pRxPacket->qwLocalTSF = cpu_to_le64(*pqwTSFTime);
514 if (bIsWEP) {
515 // strip IV
516 pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame);
517 pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4;
518 for (ii = 0; ii < (FrameSize - 4); ii++) {
519 *pbyData1 = *pbyData2;
520 pbyData1++;
521 pbyData2++;
522 }
523 }
524
525 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
526
527 if ( *pbyRxSts == 0 ) {
528 //Discard beacon packet which channel is 0
529 if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) ||
530 (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) {
531 return false;
532 }
533 }
534 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
535
536 // hostap Deamon handle 802.11 management
537 if (pDevice->bEnableHostapd) {
538 skb->dev = pDevice->apdev;
539 //skb->data += 4;
540 //skb->tail += 4;
541 skb->data += 8;
542 skb->tail += 8;
543 skb_put(skb, FrameSize);
544 skb_reset_mac_header(skb);
545 skb->pkt_type = PACKET_OTHERHOST;
546 skb->protocol = htons(ETH_P_802_2);
547 memset(skb->cb, 0, sizeof(skb->cb));
548 netif_rx(skb);
549 return true;
550 }
551
552 //
553 // Insert the RCB in the Recv Mng list
554 //
555 EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate);
556 pDevice->NumRecvMngList++;
557 if ( bDeFragRx == false) {
558 pRCB->Ref++;
559 }
560 if (pDevice->bIsRxMngWorkItemQueued == false) {
561 pDevice->bIsRxMngWorkItemQueued = true;
562 schedule_work(&pDevice->rx_mng_work_item);
563 }
564
565 }
566 else {
567 // Control Frame
568 };
569 return false;
570 }
571 else {
572 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
573 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
574 if ( !(*pbyRsr & RSR_BSSIDOK)) {
575 if (bDeFragRx) {
576 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
577 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
578 pDevice->dev->name);
579 }
580 }
581 return false;
582 }
583 }
584 else {
585 // discard DATA packet while not associate || BSSID error
586 if ((pDevice->bLinkPass == false) ||
587 !(*pbyRsr & RSR_BSSIDOK)) {
588 if (bDeFragRx) {
589 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
590 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
591 pDevice->dev->name);
592 }
593 }
594 return false;
595 }
596 //mike add:station mode check eapol-key challenge--->
597 {
598 u8 Protocol_Version; //802.1x Authentication
599 u8 Packet_Type; //802.1x Authentication
600 u8 Descriptor_type;
601 u16 Key_info;
602 if (bIsWEP)
603 cbIVOffset = 8;
604 else
605 cbIVOffset = 0;
606 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
607 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
608 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
609 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
610 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
611 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
612 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive
613 bRxeapol_key = true;
614 Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2];
615 Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ;
616 if(Descriptor_type==2) { //RSN
617 // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info);
618 }
619 else if(Descriptor_type==254) {
620 // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info);
621 }
622 }
623 }
624 }
625 //mike add:station mode check eapol-key challenge<---
626 }
627 }
628
629// Data frame Handle
630
631 if (pDevice->bEnablePSMode) {
632 if (IS_FC_MOREDATA((pbyFrame))) {
633 if (*pbyRsr & RSR_ADDROK) {
634 //PSbSendPSPOLL((PSDevice)pDevice);
635 }
636 }
637 else {
638 if (pMgmt->bInTIMWake == true) {
639 pMgmt->bInTIMWake = false;
640 }
641 }
642 }
643
644 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
645 if (pDevice->bDiversityEnable && (FrameSize>50) &&
646 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
647 (pDevice->bLinkPass == true)) {
648 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
649 }
650
651 // ++++++++ For BaseBand Algorithm +++++++++++++++
652 pDevice->uCurrRSSI = *pbyRSSI;
653 pDevice->byCurrSQ = *pbySQ;
654
655 // todo
656/*
657 if ((*pbyRSSI != 0) &&
658 (pMgmt->pCurrBSS!=NULL)) {
659 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
660 // Monitor if RSSI is too strong.
661 pMgmt->pCurrBSS->byRSSIStatCnt++;
662 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
663 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
664 for (ii = 0; ii < RSSI_STAT_COUNT; ii++) {
665 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
666 pMgmt->pCurrBSS->ldBmMAX =
667 max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
668 }
669 }
670 }
671*/
672
673 // -----------------------------------------------
674
675 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == true)){
676 u8 abyMacHdr[24];
677
678 // Only 802.1x packet incoming allowed
679 if (bIsWEP)
680 cbIVOffset = 8;
681 else
682 cbIVOffset = 0;
683 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
684 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
685
686 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
687 if (wEtherType == ETH_P_PAE) {
688 skb->dev = pDevice->apdev;
689
690 if (bIsWEP == true) {
691 // strip IV header(8)
692 memcpy(&abyMacHdr[0], (skb->data + 8), 24);
693 memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24);
694 }
695
696 skb->data += (cbIVOffset + 8);
697 skb->tail += (cbIVOffset + 8);
698 skb_put(skb, FrameSize);
699 skb_reset_mac_header(skb);
700 skb->pkt_type = PACKET_OTHERHOST;
701 skb->protocol = htons(ETH_P_802_2);
702 memset(skb->cb, 0, sizeof(skb->cb));
703 netif_rx(skb);
704 return true;
705
706 }
707 // check if 802.1x authorized
708 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
709 return false;
710 }
711
712 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
713 if (bIsWEP) {
714 FrameSize -= 8; //MIC
715 }
716 }
717
718 //--------------------------------------------------------------------------------
719 // Soft MIC
720 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
721 if (bIsWEP) {
722 u32 * pdwMIC_L;
723 u32 * pdwMIC_R;
724 u32 dwMIC_Priority;
725 u32 dwMICKey0 = 0, dwMICKey1 = 0;
726 u32 dwLocalMIC_L = 0;
727 u32 dwLocalMIC_R = 0;
728
729 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
730 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[24]));
731 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[28]));
732 }
733 else {
734 if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
735 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[16]));
736 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[20]));
737 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
738 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[16]));
739 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[20]));
740 } else {
741 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[24]));
742 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[28]));
743 }
744 }
745
746 MIC_vInit(dwMICKey0, dwMICKey1);
747 MIC_vAppend((u8 *)&(pDevice->sRxEthHeader.h_dest[0]), 12);
748 dwMIC_Priority = 0;
749 MIC_vAppend((u8 *)&dwMIC_Priority, 4);
750 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
751 MIC_vAppend((u8 *)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8),
752 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
753 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
754 MIC_vUnInit();
755
756 pdwMIC_L = (u32 *)(skb->data + 8 + FrameSize);
757 pdwMIC_R = (u32 *)(skb->data + 8 + FrameSize + 4);
758
759 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
760 (pDevice->bRxMICFail == true)) {
761 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
762 pDevice->bRxMICFail = false;
763 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
764 pDevice->s802_11Counter.TKIPLocalMICFailures++;
765 if (bDeFragRx) {
766 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
767 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
768 pDevice->dev->name);
769 }
770 }
771 //send event to wpa_supplicant
772 //if(pDevice->bWPASuppWextEnabled == true)
773 {
774 union iwreq_data wrqu;
775 struct iw_michaelmicfailure ev;
776 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
777 memset(&ev, 0, sizeof(ev));
778 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
779 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
780 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
781 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
782 ev.flags |= IW_MICFAILURE_PAIRWISE;
783 } else {
784 ev.flags |= IW_MICFAILURE_GROUP;
785 }
786
787 ev.src_addr.sa_family = ARPHRD_ETHER;
788 memcpy(ev.src_addr.sa_data, pMACHeader->addr2, ETH_ALEN);
789 memset(&wrqu, 0, sizeof(wrqu));
790 wrqu.data.length = sizeof(ev);
791 PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
792 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
793
794 }
795
796 return false;
797
798 }
799 }
800 } //---end of SOFT MIC-----------------------------------------------------------------------
801
802 // ++++++++++ Reply Counter Check +++++++++++++
803
804 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
805 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
806 if (bIsWEP) {
807 u16 wLocalTSC15_0 = 0;
808 u32 dwLocalTSC47_16 = 0;
809 unsigned long long RSC = 0;
810 // endian issues
811 RSC = *((unsigned long long *) &(pKey->KeyRSC));
812 wLocalTSC15_0 = (u16) RSC;
813 dwLocalTSC47_16 = (u32) (RSC>>16);
814
815 RSC = dwRxTSC47_16;
816 RSC <<= 16;
817 RSC += wRxTSC15_0;
818 memcpy(&(pKey->KeyRSC), &RSC, sizeof(u64));
819
820 if (pDevice->vnt_mgmt.eCurrMode == WMAC_MODE_ESS_STA &&
821 pDevice->vnt_mgmt.eCurrState == WMAC_STATE_ASSOC) {
822 /* check RSC */
823 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
824 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
825 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
826 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
827 if (pKey->byCipherSuite == KEY_CTL_TKIP)
828 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
829 pDevice->s802_11Counter.TKIPReplays++;
830 else
831 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
832 pDevice->s802_11Counter.CCMPReplays++;
833
834 if (bDeFragRx) {
835 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
836 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
837 pDevice->dev->name);
838 }
839 }
840 return false;
841 }
842 }
843 }
844 } // ----- End of Reply Counter Check --------------------------
845
846 s_vProcessRxMACHeader(pDevice, (u8 *)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
847 FrameSize -= cbHeaderOffset;
848 cbHeaderOffset += 8; // 8 is Rcv buffer header
849
850 // Null data, framesize = 12
851 if (FrameSize < 12)
852 return false;
853
854 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
855 if (s_bAPModeRxData(pDevice,
856 skb,
857 FrameSize,
858 cbHeaderOffset,
859 iSANodeIndex,
860 iDANodeIndex
861 ) == false) {
862
863 if (bDeFragRx) {
864 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
865 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
866 pDevice->dev->name);
867 }
868 }
869 return false;
870 }
871
872 }
873
874 skb->data += cbHeaderOffset;
875 skb->tail += cbHeaderOffset;
876 skb_put(skb, FrameSize);
877 skb->protocol=eth_type_trans(skb, skb->dev);
878 skb->ip_summed=CHECKSUM_NONE;
879 pStats->rx_bytes +=skb->len;
880 pStats->rx_packets++;
881 netif_rx(skb);
882 if (bDeFragRx) {
883 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
884 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
885 pDevice->dev->name);
886 }
887 return false;
888 }
889
890 return true;
891}
892
893static int s_bAPModeRxCtl(struct vnt_private *pDevice, u8 *pbyFrame,
894 s32 iSANodeIndex)
895{
896 struct vnt_manager *pMgmt = &pDevice->vnt_mgmt;
897 struct ieee80211_hdr *p802_11Header;
898 CMD_STATUS Status;
899
900 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
901
902 p802_11Header = (struct ieee80211_hdr *) (pbyFrame);
903 if (!IS_TYPE_MGMT(pbyFrame)) {
904
905 // Data & PS-Poll packet
906 // check frame class
907 if (iSANodeIndex > 0) {
908 // frame class 3 fliter & checking
909 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
910 // send deauth notification
911 // reason = (6) class 2 received from nonauth sta
912 vMgrDeAuthenBeginSta(pDevice,
913 pMgmt,
914 (u8 *)(p802_11Header->addr2),
915 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
916 &Status
917 );
918 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
919 return true;
920 }
921 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
922 // send deassoc notification
923 // reason = (7) class 3 received from nonassoc sta
924 vMgrDisassocBeginSta(pDevice,
925 pMgmt,
926 (u8 *)(p802_11Header->addr2),
927 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
928 &Status
929 );
930 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
931 return true;
932 }
933
934 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
935 // delcare received ps-poll event
936 if (IS_CTL_PSPOLL(pbyFrame)) {
937 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
938 bScheduleCommand((void *) pDevice,
939 WLAN_CMD_RX_PSPOLL,
940 NULL);
941 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
942 }
943 else {
944 // check Data PS state
945 // if PW bit off, send out all PS bufferring packets.
946 if (!IS_FC_POWERMGT(pbyFrame)) {
947 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false;
948 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
949 bScheduleCommand((void *) pDevice,
950 WLAN_CMD_RX_PSPOLL,
951 NULL);
952 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
953 }
954 }
955 }
956 else {
957 if (IS_FC_POWERMGT(pbyFrame)) {
958 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = true;
959 // Once if STA in PS state, enable multicast bufferring
960 pMgmt->sNodeDBTable[0].bPSEnable = true;
961 }
962 else {
963 // clear all pending PS frame.
964 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
965 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false;
966 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
967 bScheduleCommand((void *) pDevice,
968 WLAN_CMD_RX_PSPOLL,
969 NULL);
970 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
971
972 }
973 }
974 }
975 }
976 else {
977 vMgrDeAuthenBeginSta(pDevice,
978 pMgmt,
979 (u8 *)(p802_11Header->addr2),
980 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
981 &Status
982 );
983 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
984 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%pM\n",
985 p802_11Header->addr3);
986 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%pM\n",
987 p802_11Header->addr2);
988 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%pM\n",
989 p802_11Header->addr1);
990 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: frame_control= %x\n", p802_11Header->frame_control);
991 return true;
992 }
993 }
994 }
995 return false;
996
997}
998
999static int s_bHandleRxEncryption(struct vnt_private *pDevice, u8 *pbyFrame,
1000 u32 FrameSize, u8 *pbyRsr, u8 *pbyNewRsr, PSKeyItem *pKeyOut,
1001 s32 *pbExtIV, u16 *pwRxTSC15_0, u32 *pdwRxTSC47_16)
1002{
1003 struct vnt_manager *pMgmt = &pDevice->vnt_mgmt;
1004 u32 PayloadLen = FrameSize;
1005 u8 *pbyIV;
1006 u8 byKeyIdx;
1007 PSKeyItem pKey = NULL;
1008 u8 byDecMode = KEY_CTL_WEP;
1009
1010 *pwRxTSC15_0 = 0;
1011 *pdwRxTSC47_16 = 0;
1012
1013 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1014 if ( WLAN_GET_FC_TODS(*(u16 *)pbyFrame) &&
1015 WLAN_GET_FC_FROMDS(*(u16 *)pbyFrame) ) {
1016 pbyIV += 6; // 6 is 802.11 address4
1017 PayloadLen -= 6;
1018 }
1019 byKeyIdx = (*(pbyIV+3) & 0xc0);
1020 byKeyIdx >>= 6;
1021 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1022
1023 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1024 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1025 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1026 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1027 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1028 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1029 (pMgmt->byCSSPK != KEY_CTL_NONE)) {
1030 // unicast pkt use pairwise key
1031 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1032 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == true) {
1033 if (pMgmt->byCSSPK == KEY_CTL_TKIP)
1034 byDecMode = KEY_CTL_TKIP;
1035 else if (pMgmt->byCSSPK == KEY_CTL_CCMP)
1036 byDecMode = KEY_CTL_CCMP;
1037 }
1038 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1039 } else {
1040 // use group key
1041 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1042 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1043 byDecMode = KEY_CTL_TKIP;
1044 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1045 byDecMode = KEY_CTL_CCMP;
1046 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1047 }
1048 }
1049 // our WEP only support Default Key
1050 if (pKey == NULL) {
1051 // use default group key
1052 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1053 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1054 byDecMode = KEY_CTL_TKIP;
1055 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1056 byDecMode = KEY_CTL_CCMP;
1057 }
1058 *pKeyOut = pKey;
1059
1060 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1061
1062 if (pKey == NULL) {
1063 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1064 if (byDecMode == KEY_CTL_WEP) {
1065// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1066 } else if (pDevice->bLinkPass == true) {
1067// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1068 }
1069 return false;
1070 }
1071 if (byDecMode != pKey->byCipherSuite) {
1072 if (byDecMode == KEY_CTL_WEP) {
1073// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1074 } else if (pDevice->bLinkPass == true) {
1075// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1076 }
1077 *pKeyOut = NULL;
1078 return false;
1079 }
1080 if (byDecMode == KEY_CTL_WEP) {
1081 // handle WEP
1082 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1083 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true)) {
1084 // Software WEP
1085 // 1. 3253A
1086 // 2. WEP 256
1087
1088 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1089 memcpy(pDevice->abyPRNG, pbyIV, 3);
1090 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1091 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1092 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1093
1094 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1095 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1096 }
1097 }
1098 } else if ((byDecMode == KEY_CTL_TKIP) ||
1099 (byDecMode == KEY_CTL_CCMP)) {
1100 // TKIP/AES
1101
1102 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1103 *pdwRxTSC47_16 = cpu_to_le32(*(u32 *)(pbyIV + 4));
1104 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %x\n", *pdwRxTSC47_16);
1105 if (byDecMode == KEY_CTL_TKIP) {
1106 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1107 } else {
1108 *pwRxTSC15_0 = cpu_to_le16(*(u16 *)pbyIV);
1109 }
1110 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1111
1112 if ((byDecMode == KEY_CTL_TKIP) &&
1113 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1114 // Software TKIP
1115 // 1. 3253 A
1116 struct ieee80211_hdr *pMACHeader = (struct ieee80211_hdr *) (pbyFrame);
1117 TKIPvMixKey(pKey->abyKey, pMACHeader->addr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1118 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1119 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1120 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1121 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1122 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1123 } else {
1124 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1125 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1126 }
1127 }
1128 }// end of TKIP/AES
1129
1130 if ((*(pbyIV+3) & 0x20) != 0)
1131 *pbExtIV = true;
1132 return true;
1133}
1134
1135static int s_bHostWepRxEncryption(struct vnt_private *pDevice, u8 *pbyFrame,
1136 u32 FrameSize, u8 *pbyRsr, int bOnFly, PSKeyItem pKey, u8 *pbyNewRsr,
1137 s32 *pbExtIV, u16 *pwRxTSC15_0, u32 *pdwRxTSC47_16)
1138{
1139 struct vnt_manager *pMgmt = &pDevice->vnt_mgmt;
1140 struct ieee80211_hdr *pMACHeader;
1141 u32 PayloadLen = FrameSize;
1142 u8 *pbyIV;
1143 u8 byKeyIdx;
1144 u8 byDecMode = KEY_CTL_WEP;
1145
1146 *pwRxTSC15_0 = 0;
1147 *pdwRxTSC47_16 = 0;
1148
1149 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1150 if ( WLAN_GET_FC_TODS(*(u16 *)pbyFrame) &&
1151 WLAN_GET_FC_FROMDS(*(u16 *)pbyFrame) ) {
1152 pbyIV += 6; // 6 is 802.11 address4
1153 PayloadLen -= 6;
1154 }
1155 byKeyIdx = (*(pbyIV+3) & 0xc0);
1156 byKeyIdx >>= 6;
1157 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1158
1159 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1160 byDecMode = KEY_CTL_TKIP;
1161 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1162 byDecMode = KEY_CTL_CCMP;
1163
1164 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1165
1166 if (byDecMode != pKey->byCipherSuite) {
1167 if (byDecMode == KEY_CTL_WEP) {
1168// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1169 } else if (pDevice->bLinkPass == true) {
1170// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1171 }
1172 return false;
1173 }
1174
1175 if (byDecMode == KEY_CTL_WEP) {
1176 // handle WEP
1177 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP\n");
1178 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1179 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true) ||
1180 (bOnFly == false)) {
1181 // Software WEP
1182 // 1. 3253A
1183 // 2. WEP 256
1184 // 3. NotOnFly
1185
1186 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1187 memcpy(pDevice->abyPRNG, pbyIV, 3);
1188 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1189 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1190 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1191
1192 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1193 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1194 }
1195 }
1196 } else if ((byDecMode == KEY_CTL_TKIP) ||
1197 (byDecMode == KEY_CTL_CCMP)) {
1198 // TKIP/AES
1199
1200 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1201 *pdwRxTSC47_16 = cpu_to_le32(*(u32 *)(pbyIV + 4));
1202 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %x\n", *pdwRxTSC47_16);
1203
1204 if (byDecMode == KEY_CTL_TKIP) {
1205 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1206 } else {
1207 *pwRxTSC15_0 = cpu_to_le16(*(u16 *)pbyIV);
1208 }
1209 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1210
1211 if (byDecMode == KEY_CTL_TKIP) {
1212
1213 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == false)) {
1214 // Software TKIP
1215 // 1. 3253 A
1216 // 2. NotOnFly
1217 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1218 pMACHeader = (struct ieee80211_hdr *) (pbyFrame);
1219 TKIPvMixKey(pKey->abyKey, pMACHeader->addr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1220 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1221 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1222 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1223 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1224 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1225 } else {
1226 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1227 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1228 }
1229 }
1230 }
1231
1232 if (byDecMode == KEY_CTL_CCMP) {
1233 if (bOnFly == false) {
1234 // Software CCMP
1235 // NotOnFly
1236 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1237 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1238 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1239 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1240 } else {
1241 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1242 }
1243 }
1244 }
1245
1246 }// end of TKIP/AES
1247
1248 if ((*(pbyIV+3) & 0x20) != 0)
1249 *pbExtIV = true;
1250 return true;
1251}
1252
1253static int s_bAPModeRxData(struct vnt_private *pDevice, struct sk_buff *skb,
1254 u32 FrameSize, u32 cbHeaderOffset, s32 iSANodeIndex, s32 iDANodeIndex)
1255{
1256 struct sk_buff *skbcpy;
1257 struct vnt_manager *pMgmt = &pDevice->vnt_mgmt;
1258 int bRelayAndForward = false;
1259 int bRelayOnly = false;
1260 u8 byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1261 u16 wAID;
1262
1263 if (FrameSize > CB_MAX_BUF_SIZE)
1264 return false;
1265 // check DA
1266 if (is_multicast_ether_addr((u8 *)(skb->data+cbHeaderOffset))) {
1267 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1268
1269 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1270
1271 // if any node in PS mode, buffer packet until DTIM.
1272 if (skbcpy == NULL) {
1273 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1274 }
1275 else {
1276 skbcpy->dev = pDevice->dev;
1277 skbcpy->len = FrameSize;
1278 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1279 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1280 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1281 // set tx map
1282 pMgmt->abyPSTxMap[0] |= byMask[0];
1283 }
1284 }
1285 else {
1286 bRelayAndForward = true;
1287 }
1288 }
1289 else {
1290 // check if relay
1291 if (BSSbIsSTAInNodeDB(pDevice, (u8 *)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1292 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1293 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1294 // queue this skb until next PS tx, and then release.
1295
1296 skb->data += cbHeaderOffset;
1297 skb->tail += cbHeaderOffset;
1298 skb_put(skb, FrameSize);
1299 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1300
1301 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1302 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1303 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1304 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1305 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1306 return true;
1307 }
1308 else {
1309 bRelayOnly = true;
1310 }
1311 }
1312 }
1313 }
1314
1315 if (bRelayOnly || bRelayAndForward) {
1316 // relay this packet right now
1317 if (bRelayAndForward)
1318 iDANodeIndex = 0;
1319
1320 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1321 bRelayPacketSend(pDevice, (u8 *) (skb->data + cbHeaderOffset),
1322 FrameSize, (unsigned int) iDANodeIndex);
1323 }
1324
1325 if (bRelayOnly)
1326 return false;
1327 }
1328 // none associate, don't forward
1329 if (pDevice->uAssocCount == 0)
1330 return false;
1331
1332 return true;
1333}
1334
1335void RXvWorkItem(struct work_struct *work)
1336{
1337 struct vnt_private *pDevice =
1338 container_of(work, struct vnt_private, read_work_item);
1339 int ntStatus;
1340 struct vnt_rcb *pRCB = NULL;
1341
1342 if (pDevice->Flags & fMP_DISCONNECTED)
1343 return;
1344
1345 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n");
1346 spin_lock_irq(&pDevice->lock);
1347
1348 while ((pDevice->Flags & fMP_POST_READS) &&
1349 MP_IS_READY(pDevice) &&
1350 (pDevice->NumRecvFreeList != 0) ) {
1351 pRCB = pDevice->FirstRecvFreeList;
1352 pDevice->NumRecvFreeList--;
1353 DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList);
1354 ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB);
1355 }
1356 pDevice->bIsRxWorkItemQueued = false;
1357 spin_unlock_irq(&pDevice->lock);
1358
1359}
1360
1361void RXvFreeRCB(struct vnt_rcb *pRCB, int bReAllocSkb)
1362{
1363 struct vnt_private *pDevice = pRCB->pDevice;
1364
1365 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n");
1366
1367 if (bReAllocSkb == false) {
1368 kfree_skb(pRCB->skb);
1369 bReAllocSkb = true;
1370 }
1371
1372 if (bReAllocSkb == true) {
1373 pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1374 // todo error handling
1375 if (pRCB->skb == NULL) {
1376 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n");
1377 }else {
1378 pRCB->skb->dev = pDevice->dev;
1379 }
1380 }
1381 //
1382 // Insert the RCB back in the Recv free list
1383 //
1384 EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB);
1385 pDevice->NumRecvFreeList++;
1386
1387 if ((pDevice->Flags & fMP_POST_READS) && MP_IS_READY(pDevice) &&
1388 (pDevice->bIsRxWorkItemQueued == false) ) {
1389
1390 pDevice->bIsRxWorkItemQueued = true;
1391 schedule_work(&pDevice->read_work_item);
1392 }
1393 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1394}
1395
1396void RXvMngWorkItem(struct work_struct *work)
1397{
1398 struct vnt_private *pDevice =
1399 container_of(work, struct vnt_private, rx_mng_work_item);
1400 struct vnt_rcb *pRCB = NULL;
1401 struct vnt_rx_mgmt *pRxPacket;
1402 int bReAllocSkb = false;
1403
1404 if (pDevice->Flags & fMP_DISCONNECTED)
1405 return;
1406
1407 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n");
1408
1409 spin_lock_irq(&pDevice->lock);
1410 while (pDevice->NumRecvMngList!=0)
1411 {
1412 pRCB = pDevice->FirstRecvMngList;
1413 pDevice->NumRecvMngList--;
1414 DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList);
1415 if(!pRCB){
1416 break;
1417 }
1418 pRxPacket = &(pRCB->sMngPacket);
1419 vMgrRxManagePacket(pDevice, &pDevice->vnt_mgmt, pRxPacket);
1420 pRCB->Ref--;
1421 if(pRCB->Ref == 0) {
1422 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1423 RXvFreeRCB(pRCB, bReAllocSkb);
1424 } else {
1425 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n");
1426 }
1427 }
1428
1429 pDevice->bIsRxMngWorkItemQueued = false;
1430 spin_unlock_irq(&pDevice->lock);
1431
1432}
1433