/drivers/staging/vt6656/dpc.c
C | 1616 lines | 1210 code | 209 blank | 197 comment | 377 complexity | 4e123381aaf092dc5ae38ce599149f2b MD5 | raw file
Possible License(s): LGPL-2.0, AGPL-1.0, GPL-2.0
Large files files are truncated, but you can click here to view the full file
1/* 2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. 3 * All rights reserved. 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License along 16 * with this program; if not, write to the Free Software Foundation, Inc., 17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * File: dpc.c 20 * 21 * Purpose: handle dpc rx functions 22 * 23 * Author: Lyndon Chen 24 * 25 * Date: May 20, 2003 26 * 27 * Functions: 28 * device_receive_frame - Rcv 802.11 frame function 29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl. 30 * s_bAPModeRxData- AP Rcv data frame handle 31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly 32 * s_bHostWepRxEncryption- Rcv encrypted data via host 33 * s_byGetRateIdx- get rate index 34 * s_vGetDASA- get data offset 35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 36 * 37 * Revision History: 38 * 39 */ 40 41#include "device.h" 42#include "rxtx.h" 43#include "tether.h" 44#include "card.h" 45#include "bssdb.h" 46#include "mac.h" 47#include "baseband.h" 48#include "michael.h" 49#include "tkip.h" 50#include "tcrc.h" 51#include "wctl.h" 52#include "hostap.h" 53#include "rf.h" 54#include "iowpa.h" 55#include "aes_ccmp.h" 56#include "datarate.h" 57#include "usbpipe.h" 58 59/*--------------------- Static Definitions -------------------------*/ 60 61/*--------------------- Static Classes ----------------------------*/ 62 63/*--------------------- Static Variables --------------------------*/ 64//static int msglevel =MSG_LEVEL_DEBUG; 65static int msglevel =MSG_LEVEL_INFO; 66 67const BYTE acbyRxRate[MAX_RATE] = 68{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; 69 70 71/*--------------------- Static Functions --------------------------*/ 72 73/*--------------------- Static Definitions -------------------------*/ 74 75/*--------------------- Static Functions --------------------------*/ 76 77static BYTE s_byGetRateIdx(BYTE byRate); 78 79static 80void 81s_vGetDASA( 82 PBYTE pbyRxBufferAddr, 83 unsigned int *pcbHeaderSize, 84 PSEthernetHeader psEthHeader 85 ); 86 87static 88void 89s_vProcessRxMACHeader ( 90 PSDevice pDevice, 91 PBYTE pbyRxBufferAddr, 92 unsigned int cbPacketSize, 93 BOOL bIsWEP, 94 BOOL bExtIV, 95 unsigned int *pcbHeadSize 96 ); 97 98static BOOL s_bAPModeRxCtl( 99 PSDevice pDevice, 100 PBYTE pbyFrame, 101 signed int iSANodeIndex 102 ); 103 104 105 106static BOOL s_bAPModeRxData ( 107 PSDevice pDevice, 108 struct sk_buff *skb, 109 unsigned int FrameSize, 110 unsigned int cbHeaderOffset, 111 signed int iSANodeIndex, 112 signed int iDANodeIndex 113 ); 114 115 116static BOOL s_bHandleRxEncryption( 117 PSDevice pDevice, 118 PBYTE pbyFrame, 119 unsigned int FrameSize, 120 PBYTE pbyRsr, 121 PBYTE pbyNewRsr, 122 PSKeyItem * pKeyOut, 123 int * pbExtIV, 124 PWORD pwRxTSC15_0, 125 PDWORD pdwRxTSC47_16 126 ); 127 128static BOOL s_bHostWepRxEncryption( 129 130 PSDevice pDevice, 131 PBYTE pbyFrame, 132 unsigned int FrameSize, 133 PBYTE pbyRsr, 134 BOOL bOnFly, 135 PSKeyItem pKey, 136 PBYTE pbyNewRsr, 137 int * pbExtIV, 138 PWORD pwRxTSC15_0, 139 PDWORD pdwRxTSC47_16 140 141 ); 142 143/*--------------------- Export Variables --------------------------*/ 144 145/*+ 146 * 147 * Description: 148 * Translate Rcv 802.11 header to 802.3 header with Rx buffer 149 * 150 * Parameters: 151 * In: 152 * pDevice 153 * dwRxBufferAddr - Address of Rcv Buffer 154 * cbPacketSize - Rcv Packet size 155 * bIsWEP - If Rcv with WEP 156 * Out: 157 * pcbHeaderSize - 802.11 header size 158 * 159 * Return Value: None 160 * 161-*/ 162static 163void 164s_vProcessRxMACHeader ( 165 PSDevice pDevice, 166 PBYTE pbyRxBufferAddr, 167 unsigned int cbPacketSize, 168 BOOL bIsWEP, 169 BOOL bExtIV, 170 unsigned int *pcbHeadSize 171 ) 172{ 173 PBYTE pbyRxBuffer; 174 unsigned int cbHeaderSize = 0; 175 PWORD pwType; 176 PS802_11Header pMACHeader; 177 int ii; 178 179 180 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 181 182 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); 183 184 if (bIsWEP) { 185 if (bExtIV) { 186 // strip IV&ExtIV , add 8 byte 187 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); 188 } else { 189 // strip IV , add 4 byte 190 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); 191 } 192 } 193 else { 194 cbHeaderSize += WLAN_HDR_ADDR3_LEN; 195 }; 196 197 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); 198 if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) { 199 cbHeaderSize += 6; 200 } else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) { 201 cbHeaderSize += 6; 202 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); 203 if ((*pwType == cpu_to_le16(ETH_P_IPX)) || 204 (*pwType == cpu_to_le16(0xF380))) { 205 cbHeaderSize -= 8; 206 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); 207 if (bIsWEP) { 208 if (bExtIV) { 209 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 210 } else { 211 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 212 } 213 } 214 else { 215 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 216 } 217 } 218 } 219 else { 220 cbHeaderSize -= 2; 221 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); 222 if (bIsWEP) { 223 if (bExtIV) { 224 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 225 } else { 226 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 227 } 228 } 229 else { 230 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 231 } 232 } 233 234 cbHeaderSize -= (ETH_ALEN * 2); 235 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); 236 for (ii = 0; ii < ETH_ALEN; ii++) 237 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; 238 for (ii = 0; ii < ETH_ALEN; ii++) 239 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; 240 241 *pcbHeadSize = cbHeaderSize; 242} 243 244 245 246 247static BYTE s_byGetRateIdx(BYTE byRate) 248{ 249 BYTE byRateIdx; 250 251 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) { 252 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate) 253 return byRateIdx; 254 } 255 return 0; 256} 257 258 259static 260void 261s_vGetDASA ( 262 PBYTE pbyRxBufferAddr, 263 unsigned int *pcbHeaderSize, 264 PSEthernetHeader psEthHeader 265 ) 266{ 267 unsigned int cbHeaderSize = 0; 268 PS802_11Header pMACHeader; 269 int ii; 270 271 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 272 273 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { 274 if (pMACHeader->wFrameCtl & FC_FROMDS) { 275 for (ii = 0; ii < ETH_ALEN; ii++) { 276 psEthHeader->abyDstAddr[ii] = 277 pMACHeader->abyAddr1[ii]; 278 psEthHeader->abySrcAddr[ii] = 279 pMACHeader->abyAddr3[ii]; 280 } 281 } else { 282 /* IBSS mode */ 283 for (ii = 0; ii < ETH_ALEN; ii++) { 284 psEthHeader->abyDstAddr[ii] = 285 pMACHeader->abyAddr1[ii]; 286 psEthHeader->abySrcAddr[ii] = 287 pMACHeader->abyAddr2[ii]; 288 } 289 } 290 } else { 291 /* Is AP mode.. */ 292 if (pMACHeader->wFrameCtl & FC_FROMDS) { 293 for (ii = 0; ii < ETH_ALEN; ii++) { 294 psEthHeader->abyDstAddr[ii] = 295 pMACHeader->abyAddr3[ii]; 296 psEthHeader->abySrcAddr[ii] = 297 pMACHeader->abyAddr4[ii]; 298 cbHeaderSize += 6; 299 } 300 } else { 301 for (ii = 0; ii < ETH_ALEN; ii++) { 302 psEthHeader->abyDstAddr[ii] = 303 pMACHeader->abyAddr3[ii]; 304 psEthHeader->abySrcAddr[ii] = 305 pMACHeader->abyAddr2[ii]; 306 } 307 } 308 }; 309 *pcbHeaderSize = cbHeaderSize; 310} 311 312 313 314 315BOOL 316RXbBulkInProcessData ( 317 PSDevice pDevice, 318 PRCB pRCB, 319 unsigned long BytesToIndicate 320 ) 321{ 322 323 struct net_device_stats* pStats=&pDevice->stats; 324 struct sk_buff* skb; 325 PSMgmtObject pMgmt = &(pDevice->sMgmtObj); 326 PSRxMgmtPacket pRxPacket = &(pMgmt->sRxPacket); 327 PS802_11Header p802_11Header; 328 PBYTE pbyRsr; 329 PBYTE pbyNewRsr; 330 PBYTE pbyRSSI; 331 PQWORD pqwTSFTime; 332 PBYTE pbyFrame; 333 BOOL bDeFragRx = FALSE; 334 unsigned int cbHeaderOffset; 335 unsigned int FrameSize; 336 WORD wEtherType = 0; 337 signed int iSANodeIndex = -1; 338 signed int iDANodeIndex = -1; 339 unsigned int ii; 340 unsigned int cbIVOffset; 341 PBYTE pbyRxSts; 342 PBYTE pbyRxRate; 343 PBYTE pbySQ; 344 PBYTE pby3SQ; 345 unsigned int cbHeaderSize; 346 PSKeyItem pKey = NULL; 347 WORD wRxTSC15_0 = 0; 348 DWORD dwRxTSC47_16 = 0; 349 SKeyItem STempKey; 350 // 802.11h RPI 351 /* signed long ldBm = 0; */ 352 BOOL bIsWEP = FALSE; 353 BOOL bExtIV = FALSE; 354 DWORD dwWbkStatus; 355 PRCB pRCBIndicate = pRCB; 356 PBYTE pbyDAddress; 357 PWORD pwPLCP_Length; 358 BYTE abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108}; 359 WORD wPLCPwithPadding; 360 PS802_11Header pMACHeader; 361 BOOL bRxeapol_key = FALSE; 362 363 364 365 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n"); 366 367 skb = pRCB->skb; 368 369 //[31:16]RcvByteCount ( not include 4-byte Status ) 370 dwWbkStatus = *( (PDWORD)(skb->data) ); 371 FrameSize = (unsigned int)(dwWbkStatus >> 16); 372 FrameSize += 4; 373 374 if (BytesToIndicate != FrameSize) { 375 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n"); 376 return FALSE; 377 } 378 379 if ((BytesToIndicate > 2372) || (BytesToIndicate <= 40)) { 380 // Frame Size error drop this packet. 381 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2\n"); 382 return FALSE; 383 } 384 385 pbyDAddress = (PBYTE)(skb->data); 386 pbyRxSts = pbyDAddress+4; 387 pbyRxRate = pbyDAddress+5; 388 389 //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding 390 //if SQ3 the range is 24~27, if no SQ3 the range is 20~23 391 //real Frame size in PLCPLength field. 392 pwPLCP_Length = (PWORD) (pbyDAddress + 6); 393 //Fix hardware bug => PLCP_Length error 394 if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) || 395 ((BytesToIndicate - (*pwPLCP_Length)) < 24) || 396 (BytesToIndicate < (*pwPLCP_Length)) ) { 397 398 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length); 399 ASSERT(0); 400 return FALSE; 401 } 402 for ( ii=RATE_1M;ii<MAX_RATE;ii++) { 403 if ( *pbyRxRate == abyVaildRate[ii] ) { 404 break; 405 } 406 } 407 if ( ii==MAX_RATE ) { 408 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate); 409 return FALSE; 410 } 411 412 wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4; 413 414 pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding); 415 if(pDevice->byBBType == BB_TYPE_11G) { 416 pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12; 417 pbySQ = pby3SQ; 418 } 419 else { 420 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8; 421 pby3SQ = pbySQ; 422 } 423 pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9; 424 pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10; 425 pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11; 426 427 FrameSize = *pwPLCP_Length; 428 429 pbyFrame = pbyDAddress + 8; 430 // update receive statistic counter 431 432 STAvUpdateRDStatCounter(&pDevice->scStatistic, 433 *pbyRsr, 434 *pbyNewRsr, 435 *pbyRxSts, 436 *pbyRxRate, 437 pbyFrame, 438 FrameSize 439 ); 440 441 442 pMACHeader = (PS802_11Header) pbyFrame; 443 444//mike add: to judge if current AP is activated? 445 if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) || 446 (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) { 447 if (pMgmt->sNodeDBTable[0].bActive) { 448 if (!compare_ether_addr(pMgmt->abyCurrBSSID, pMACHeader->abyAddr2)) { 449 if (pMgmt->sNodeDBTable[0].uInActiveCount != 0) 450 pMgmt->sNodeDBTable[0].uInActiveCount = 0; 451 } 452 } 453 } 454 455 if (!is_multicast_ether_addr(pMACHeader->abyAddr1) && !is_broadcast_ether_addr(pMACHeader->abyAddr1)) { 456 if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) { 457 pDevice->s802_11Counter.FrameDuplicateCount++; 458 return FALSE; 459 } 460 461 if (compare_ether_addr(pDevice->abyCurrentNetAddr, 462 pMACHeader->abyAddr1)) { 463 return FALSE; 464 } 465 } 466 467 468 // Use for TKIP MIC 469 s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader); 470 471 if (!compare_ether_addr((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), 472 pDevice->abyCurrentNetAddr)) 473 return FALSE; 474 475 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { 476 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 477 p802_11Header = (PS802_11Header) (pbyFrame); 478 // get SA NodeIndex 479 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) { 480 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; 481 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; 482 } 483 } 484 } 485 486 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 487 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) { 488 return FALSE; 489 } 490 } 491 492 493 if (IS_FC_WEP(pbyFrame)) { 494 BOOL bRxDecryOK = FALSE; 495 496 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n"); 497 bIsWEP = TRUE; 498 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { 499 pKey = &STempKey; 500 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; 501 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; 502 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; 503 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; 504 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; 505 memcpy(pKey->abyKey, 506 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], 507 pKey->uKeyLength 508 ); 509 510 bRxDecryOK = s_bHostWepRxEncryption(pDevice, 511 pbyFrame, 512 FrameSize, 513 pbyRsr, 514 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, 515 pKey, 516 pbyNewRsr, 517 &bExtIV, 518 &wRxTSC15_0, 519 &dwRxTSC47_16); 520 } else { 521 bRxDecryOK = s_bHandleRxEncryption(pDevice, 522 pbyFrame, 523 FrameSize, 524 pbyRsr, 525 pbyNewRsr, 526 &pKey, 527 &bExtIV, 528 &wRxTSC15_0, 529 &dwRxTSC47_16); 530 } 531 532 if (bRxDecryOK) { 533 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { 534 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n"); 535 if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 536 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 537 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 538 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 539 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 540 541 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 542 pDevice->s802_11Counter.TKIPICVErrors++; 543 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) { 544 pDevice->s802_11Counter.CCMPDecryptErrors++; 545 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) { 546// pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++; 547 } 548 } 549 return FALSE; 550 } 551 } else { 552 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n"); 553 return FALSE; 554 } 555 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) 556 FrameSize -= 8; // Message Integrity Code 557 else 558 FrameSize -= 4; // 4 is ICV 559 } 560 561 562 // 563 // RX OK 564 // 565 /* remove the FCS/CRC length */ 566 FrameSize -= ETH_FCS_LEN; 567 568 if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) && // unicast address 569 (IS_FRAGMENT_PKT((pbyFrame))) 570 ) { 571 // defragment 572 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV); 573 pDevice->s802_11Counter.ReceivedFragmentCount++; 574 if (bDeFragRx) { 575 // defrag complete 576 // TODO skb, pbyFrame 577 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; 578 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; 579 pbyFrame = skb->data + 8; 580 } 581 else { 582 return FALSE; 583 } 584 } 585 586 // 587 // Management & Control frame Handle 588 // 589 if ((IS_TYPE_DATA((pbyFrame))) == FALSE) { 590 // Handle Control & Manage Frame 591 592 if (IS_TYPE_MGMT((pbyFrame))) { 593 PBYTE pbyData1; 594 PBYTE pbyData2; 595 596 pRxPacket = &(pRCB->sMngPacket); 597 pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame); 598 pRxPacket->cbMPDULen = FrameSize; 599 pRxPacket->uRSSI = *pbyRSSI; 600 pRxPacket->bySQ = *pbySQ; 601 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime)); 602 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime)); 603 if (bIsWEP) { 604 // strip IV 605 pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame); 606 pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4; 607 for (ii = 0; ii < (FrameSize - 4); ii++) { 608 *pbyData1 = *pbyData2; 609 pbyData1++; 610 pbyData2++; 611 } 612 } 613 614 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); 615 616 if ( *pbyRxSts == 0 ) { 617 //Discard beacon packet which channel is 0 618 if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) || 619 (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) { 620 return TRUE; 621 } 622 } 623 pRxPacket->byRxChannel = (*pbyRxSts) >> 2; 624 625 // hostap Deamon handle 802.11 management 626 if (pDevice->bEnableHostapd) { 627 skb->dev = pDevice->apdev; 628 //skb->data += 4; 629 //skb->tail += 4; 630 skb->data += 8; 631 skb->tail += 8; 632 skb_put(skb, FrameSize); 633 skb_reset_mac_header(skb); 634 skb->pkt_type = PACKET_OTHERHOST; 635 skb->protocol = htons(ETH_P_802_2); 636 memset(skb->cb, 0, sizeof(skb->cb)); 637 netif_rx(skb); 638 return TRUE; 639 } 640 641 // 642 // Insert the RCB in the Recv Mng list 643 // 644 EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate); 645 pDevice->NumRecvMngList++; 646 if ( bDeFragRx == FALSE) { 647 pRCB->Ref++; 648 } 649 if (pDevice->bIsRxMngWorkItemQueued == FALSE) { 650 pDevice->bIsRxMngWorkItemQueued = TRUE; 651 tasklet_schedule(&pDevice->RxMngWorkItem); 652 } 653 654 } 655 else { 656 // Control Frame 657 }; 658 return FALSE; 659 } 660 else { 661 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 662 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. 663 if ( !(*pbyRsr & RSR_BSSIDOK)) { 664 if (bDeFragRx) { 665 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 666 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 667 pDevice->dev->name); 668 } 669 } 670 return FALSE; 671 } 672 } 673 else { 674 // discard DATA packet while not associate || BSSID error 675 if ((pDevice->bLinkPass == FALSE) || 676 !(*pbyRsr & RSR_BSSIDOK)) { 677 if (bDeFragRx) { 678 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 679 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 680 pDevice->dev->name); 681 } 682 } 683 return FALSE; 684 } 685 //mike add:station mode check eapol-key challenge---> 686 { 687 BYTE Protocol_Version; //802.1x Authentication 688 BYTE Packet_Type; //802.1x Authentication 689 BYTE Descriptor_type; 690 WORD Key_info; 691 if (bIsWEP) 692 cbIVOffset = 8; 693 else 694 cbIVOffset = 0; 695 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | 696 skb->data[cbIVOffset + 8 + 24 + 6 + 1]; 697 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1]; 698 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1]; 699 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header 700 if(((Protocol_Version==1) ||(Protocol_Version==2)) && 701 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive 702 bRxeapol_key = TRUE; 703 Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2]; 704 Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ; 705 if(Descriptor_type==2) { //RSN 706 // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info); 707 } 708 else if(Descriptor_type==254) { 709 // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info); 710 } 711 } 712 } 713 } 714 //mike add:station mode check eapol-key challenge<--- 715 } 716 } 717 718 719// Data frame Handle 720 721 722 if (pDevice->bEnablePSMode) { 723 if (IS_FC_MOREDATA((pbyFrame))) { 724 if (*pbyRsr & RSR_ADDROK) { 725 //PSbSendPSPOLL((PSDevice)pDevice); 726 } 727 } 728 else { 729 if (pMgmt->bInTIMWake == TRUE) { 730 pMgmt->bInTIMWake = FALSE; 731 } 732 } 733 } 734 735 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps 736 if (pDevice->bDiversityEnable && (FrameSize>50) && 737 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) && 738 (pDevice->bLinkPass == TRUE)) { 739 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); 740 } 741 742 // ++++++++ For BaseBand Algorithm +++++++++++++++ 743 pDevice->uCurrRSSI = *pbyRSSI; 744 pDevice->byCurrSQ = *pbySQ; 745 746 // todo 747/* 748 if ((*pbyRSSI != 0) && 749 (pMgmt->pCurrBSS!=NULL)) { 750 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 751 // Moniter if RSSI is too strong. 752 pMgmt->pCurrBSS->byRSSIStatCnt++; 753 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; 754 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; 755 for (ii = 0; ii < RSSI_STAT_COUNT; ii++) { 756 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) { 757 pMgmt->pCurrBSS->ldBmMAX = 758 max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); 759 } 760 } 761 } 762*/ 763 764 765 // ----------------------------------------------- 766 767 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){ 768 BYTE abyMacHdr[24]; 769 770 // Only 802.1x packet incoming allowed 771 if (bIsWEP) 772 cbIVOffset = 8; 773 else 774 cbIVOffset = 0; 775 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | 776 skb->data[cbIVOffset + 8 + 24 + 6 + 1]; 777 778 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType); 779 if (wEtherType == ETH_P_PAE) { 780 skb->dev = pDevice->apdev; 781 782 if (bIsWEP == TRUE) { 783 // strip IV header(8) 784 memcpy(&abyMacHdr[0], (skb->data + 8), 24); 785 memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24); 786 } 787 788 skb->data += (cbIVOffset + 8); 789 skb->tail += (cbIVOffset + 8); 790 skb_put(skb, FrameSize); 791 skb_reset_mac_header(skb); 792 skb->pkt_type = PACKET_OTHERHOST; 793 skb->protocol = htons(ETH_P_802_2); 794 memset(skb->cb, 0, sizeof(skb->cb)); 795 netif_rx(skb); 796 return TRUE; 797 798 } 799 // check if 802.1x authorized 800 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) 801 return FALSE; 802 } 803 804 805 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 806 if (bIsWEP) { 807 FrameSize -= 8; //MIC 808 } 809 } 810 811 //-------------------------------------------------------------------------------- 812 // Soft MIC 813 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 814 if (bIsWEP) { 815 PDWORD pdwMIC_L; 816 PDWORD pdwMIC_R; 817 DWORD dwMIC_Priority; 818 DWORD dwMICKey0 = 0, dwMICKey1 = 0; 819 DWORD dwLocalMIC_L = 0; 820 DWORD dwLocalMIC_R = 0; 821 viawget_wpa_header *wpahdr; 822 823 824 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 825 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); 826 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); 827 } 828 else { 829 if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { 830 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); 831 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); 832 } else if ((pKey->dwKeyIndex & BIT28) == 0) { 833 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); 834 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); 835 } else { 836 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); 837 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); 838 } 839 } 840 841 MIC_vInit(dwMICKey0, dwMICKey1); 842 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); 843 dwMIC_Priority = 0; 844 MIC_vAppend((PBYTE)&dwMIC_Priority, 4); 845 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. 846 MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8), 847 FrameSize - WLAN_HDR_ADDR3_LEN - 8); 848 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); 849 MIC_vUnInit(); 850 851 pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize); 852 pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4); 853 854 855 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || 856 (pDevice->bRxMICFail == TRUE)) { 857 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n"); 858 pDevice->bRxMICFail = FALSE; 859 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; 860 pDevice->s802_11Counter.TKIPLocalMICFailures++; 861 if (bDeFragRx) { 862 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 863 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 864 pDevice->dev->name); 865 } 866 } 867 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT 868 //send event to wpa_supplicant 869 //if(pDevice->bWPASuppWextEnabled == TRUE) 870 { 871 union iwreq_data wrqu; 872 struct iw_michaelmicfailure ev; 873 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits 874 memset(&ev, 0, sizeof(ev)); 875 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 876 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 877 (pMgmt->eCurrState == WMAC_STATE_ASSOC) && 878 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 879 ev.flags |= IW_MICFAILURE_PAIRWISE; 880 } else { 881 ev.flags |= IW_MICFAILURE_GROUP; 882 } 883 884 ev.src_addr.sa_family = ARPHRD_ETHER; 885 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); 886 memset(&wrqu, 0, sizeof(wrqu)); 887 wrqu.data.length = sizeof(ev); 888 PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n"); 889 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); 890 891 } 892 #endif 893 894 895 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) { 896 wpahdr = (viawget_wpa_header *)pDevice->skb->data; 897 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 898 (pMgmt->eCurrState == WMAC_STATE_ASSOC) && 899 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 900 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR; 901 wpahdr->type = VIAWGET_PTK_MIC_MSG; 902 } else { 903 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR; 904 wpahdr->type = VIAWGET_GTK_MIC_MSG; 905 } 906 wpahdr->resp_ie_len = 0; 907 wpahdr->req_ie_len = 0; 908 skb_put(pDevice->skb, sizeof(viawget_wpa_header)); 909 pDevice->skb->dev = pDevice->wpadev; 910 skb_reset_mac_header(pDevice->skb); 911 pDevice->skb->pkt_type = PACKET_HOST; 912 pDevice->skb->protocol = htons(ETH_P_802_2); 913 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); 914 netif_rx(pDevice->skb); 915 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); 916 } 917 918 return FALSE; 919 920 } 921 } 922 } //---end of SOFT MIC----------------------------------------------------------------------- 923 924 // ++++++++++ Reply Counter Check +++++++++++++ 925 926 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || 927 (pKey->byCipherSuite == KEY_CTL_CCMP))) { 928 if (bIsWEP) { 929 WORD wLocalTSC15_0 = 0; 930 DWORD dwLocalTSC47_16 = 0; 931 unsigned long long RSC = 0; 932 // endian issues 933 RSC = *((unsigned long long *) &(pKey->KeyRSC)); 934 wLocalTSC15_0 = (WORD) RSC; 935 dwLocalTSC47_16 = (DWORD) (RSC>>16); 936 937 RSC = dwRxTSC47_16; 938 RSC <<= 16; 939 RSC += wRxTSC15_0; 940 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD)); 941 942 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && 943 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { 944 // check RSC 945 if ( (wRxTSC15_0 < wLocalTSC15_0) && 946 (dwRxTSC47_16 <= dwLocalTSC47_16) && 947 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { 948 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n "); 949 if (pKey->byCipherSuite == KEY_CTL_TKIP) 950 //pDevice->s802_11Counter.TKIPReplays.QuadPart++; 951 pDevice->s802_11Counter.TKIPReplays++; 952 else 953 //pDevice->s802_11Counter.CCMPReplays.QuadPart++; 954 pDevice->s802_11Counter.CCMPReplays++; 955 956 if (bDeFragRx) { 957 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 958 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 959 pDevice->dev->name); 960 } 961 } 962 return FALSE; 963 } 964 } 965 } 966 } // ----- End of Reply Counter Check -------------------------- 967 968 969 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); 970 FrameSize -= cbHeaderOffset; 971 cbHeaderOffset += 8; // 8 is Rcv buffer header 972 973 // Null data, framesize = 12 974 if (FrameSize < 12) 975 return FALSE; 976 977 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 978 if (s_bAPModeRxData(pDevice, 979 skb, 980 FrameSize, 981 cbHeaderOffset, 982 iSANodeIndex, 983 iDANodeIndex 984 ) == FALSE) { 985 986 if (bDeFragRx) { 987 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 988 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 989 pDevice->dev->name); 990 } 991 } 992 return FALSE; 993 } 994 995 } 996 997 skb->data += cbHeaderOffset; 998 skb->tail += cbHeaderOffset; 999 skb_put(skb, FrameSize); 1000 skb->protocol=eth_type_trans(skb, skb->dev); 1001 skb->ip_summed=CHECKSUM_NONE; 1002 pStats->rx_bytes +=skb->len; 1003 pStats->rx_packets++; 1004 netif_rx(skb); 1005 if (bDeFragRx) { 1006 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 1007 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 1008 pDevice->dev->name); 1009 } 1010 return FALSE; 1011 } 1012 1013 return TRUE; 1014} 1015 1016 1017static BOOL s_bAPModeRxCtl ( 1018 PSDevice pDevice, 1019 PBYTE pbyFrame, 1020 signed int iSANodeIndex 1021 ) 1022{ 1023 PS802_11Header p802_11Header; 1024 CMD_STATUS Status; 1025 PSMgmtObject pMgmt = &(pDevice->sMgmtObj); 1026 1027 1028 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 1029 1030 p802_11Header = (PS802_11Header) (pbyFrame); 1031 if (!IS_TYPE_MGMT(pbyFrame)) { 1032 1033 // Data & PS-Poll packet 1034 // check frame class 1035 if (iSANodeIndex > 0) { 1036 // frame class 3 fliter & checking 1037 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { 1038 // send deauth notification 1039 // reason = (6) class 2 received from nonauth sta 1040 vMgrDeAuthenBeginSta(pDevice, 1041 pMgmt, 1042 (PBYTE)(p802_11Header->abyAddr2), 1043 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1044 &Status 1045 ); 1046 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); 1047 return TRUE; 1048 } 1049 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { 1050 // send deassoc notification 1051 // reason = (7) class 3 received from nonassoc sta 1052 vMgrDisassocBeginSta(pDevice, 1053 pMgmt, 1054 (PBYTE)(p802_11Header->abyAddr2), 1055 (WLAN_MGMT_REASON_CLASS3_NONASSOC), 1056 &Status 1057 ); 1058 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); 1059 return TRUE; 1060 } 1061 1062 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { 1063 // delcare received ps-poll event 1064 if (IS_CTL_PSPOLL(pbyFrame)) { 1065 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1066 bScheduleCommand((void *) pDevice, 1067 WLAN_CMD_RX_PSPOLL, 1068 NULL); 1069 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); 1070 } 1071 else { 1072 // check Data PS state 1073 // if PW bit off, send out all PS bufferring packets. 1074 if (!IS_FC_POWERMGT(pbyFrame)) { 1075 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; 1076 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1077 bScheduleCommand((void *) pDevice, 1078 WLAN_CMD_RX_PSPOLL, 1079 NULL); 1080 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); 1081 } 1082 } 1083 } 1084 else { 1085 if (IS_FC_POWERMGT(pbyFrame)) { 1086 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE; 1087 // Once if STA in PS state, enable multicast bufferring 1088 pMgmt->sNodeDBTable[0].bPSEnable = TRUE; 1089 } 1090 else { 1091 // clear all pending PS frame. 1092 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { 1093 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; 1094 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1095 bScheduleCommand((void *) pDevice, 1096 WLAN_CMD_RX_PSPOLL, 1097 NULL); 1098 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); 1099 1100 } 1101 } 1102 } 1103 } 1104 else { 1105 vMgrDeAuthenBeginSta(pDevice, 1106 pMgmt, 1107 (PBYTE)(p802_11Header->abyAddr2), 1108 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1109 &Status 1110 ); 1111 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); 1112 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n", 1113 p802_11Header->abyAddr3[0], 1114 p802_11Header->abyAddr3[1], 1115 p802_11Header->abyAddr3[2], 1116 p802_11Header->abyAddr3[3], 1117 p802_11Header->abyAddr3[4], 1118 p802_11Header->abyAddr3[5] 1119 ); 1120 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n", 1121 p802_11Header->abyAddr2[0], 1122 p802_11Header->abyAddr2[1], 1123 p802_11Header->abyAddr2[2], 1124 p802_11Header->abyAddr2[3], 1125 p802_11Header->abyAddr2[4], 1126 p802_11Header->abyAddr2[5] 1127 ); 1128 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n", 1129 p802_11Header->abyAddr1[0], 1130 p802_11Header->abyAddr1[1], 1131 p802_11Header->abyAddr1[2], 1132 p802_11Header->abyAddr1[3], 1133 p802_11Header->abyAddr1[4], 1134 p802_11Header->abyAddr1[5] 1135 ); 1136 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl ); 1137 return TRUE; 1138 } 1139 } 1140 } 1141 return FALSE; 1142 1143} 1144 1145static BOOL s_bHandleRxEncryption ( 1146 PSDevice pDevice, 1147 PBYTE pbyFrame, 1148 unsigned int FrameSize, 1149 PBYTE pbyRsr, 1150 PBYTE pbyNewRsr, 1151 PSKeyItem * pKeyOut, 1152 int * pbExtIV, 1153 PWORD pwRxTSC15_0, 1154 PDWORD pdwRxTSC47_16 1155 ) 1156{ 1157 unsigned int PayloadLen = FrameSize; 1158 PBYTE pbyIV; 1159 BYTE byKeyIdx; 1160 PSKeyItem pKey = NULL; 1161 BYTE byDecMode = KEY_CTL_WEP; 1162 PSMgmtObject pMgmt = &(pDevice->sMgmtObj); 1163 1164 1165 *pwRxTSC15_0 = 0; 1166 *pdwRxTSC47_16 = 0; 1167 1168 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1169 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && 1170 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { 1171 pbyIV += 6; // 6 is 802.11 address4 1172 PayloadLen -= 6; 1173 } 1174 byKeyIdx = (*(pbyIV+3) & 0xc0); 1175 byKeyIdx >>= 6; 1176 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); 1177 1178 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 1179 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 1180 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 1181 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 1182 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 1183 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && 1184 (pMgmt->byCSSPK != KEY_CTL_NONE)) { 1185 // unicast pkt use pairwise key 1186 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n"); 1187 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) { 1188 if (pMgmt->byCSSPK == KEY_CTL_TKIP) 1189 byDecMode = KEY_CTL_TKIP; 1190 else if (pMgmt->byCSSPK == KEY_CTL_CCMP) 1191 byDecMode = KEY_CTL_CCMP; 1192 } 1193 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey); 1194 } else { 1195 // use group key 1196 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); 1197 if (pMgmt->byCSSGK == KEY_CTL_TKIP) 1198 byDecMode = KEY_CTL_TKIP; 1199 else if (pMgmt->byCSSGK == KEY_CTL_CCMP) 1200 byDecMode = KEY_CTL_CCMP; 1201 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); 1202 } 1203 } 1204 // our WEP only support Default Key 1205 if (pKey == NULL) { 1206 // use default group key 1207 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); 1208 if (pMgmt->byCSSGK == KEY_CTL_TKIP) 1209 byDecMode = KEY_CTL_TKIP; 1210 else if (pMgmt->byCSSGK == KEY_CTL_CCMP) 1211 byDecMode = KEY_CTL_CCMP; 1212 } 1213 *pKeyOut = pKey; 1214 1215 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode); 1216 1217 if (pKey == NULL) { 1218 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n"); 1219 if (byDecMode == KEY_CTL_WEP) { 1220// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1221 } else if (pDevice->bLinkPass == TRUE) { 1222// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1223 } 1224 return FALSE; 1225 } 1226 if (byDecMode != pKey->byCipherSuite) { 1227 if (byDecMode == KEY_CTL_WEP) { 1228// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1229 } else if (pDevice->bLinkPass == TRUE) { 1230// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1231 } 1232 *pKeyOut = NULL; 1233 return FALSE; 1234 } 1235 if (byDecMode == KEY_CTL_WEP) { 1236 // handle WEP 1237 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1238 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) { 1239 // Software WEP 1240 // 1. 3253A 1241 // 2. WEP 256 1242 1243 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1244 memcpy(pDevice->abyPRNG, pbyIV, 3); 1245 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1246 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1247 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1248 1249 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1250 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1251 } 1252 } 1253 } else if ((byDecMode == KEY_CTL_TKIP) || 1254 (byDecMode == KEY_CTL_CCMP)) { 1255 // TKIP/AES 1256 1257 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1258 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); 1259 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); 1260 if (byDecMode == KEY_CTL_TKIP) { 1261 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1262 } else { 1263 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); 1264 } 1265 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); 1266 1267 if ((byDecMode == KEY_CTL_TKIP) && 1268 (pDevice->byLocalID <= REV_ID_VT3253_A1)) { 1269 // Software TKIP 1270 // 1. 3253 A 1271 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame); 1272 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1273 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1274 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1275 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1276 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1277 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); 1278 } else { 1279 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); 1280 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); 1281 } 1282 } 1283 }// end of TKIP/AES 1284 1285 if ((*(pbyIV+3) & 0x20) != 0) 1286 *pbExtIV = TRUE; 1287 return TRUE; 1288} 1289 1290 1291static BOOL s_bHostWepRxEncryption ( 1292 PSDevice pDevice, 1293 PBYTE pbyFrame, 1294 unsigned int FrameSize, 1295 PBYTE pbyRsr, 1296 BOOL bOnFly, 1297 PSKeyItem pKey, 1298 PBYTE pbyNewRsr, 1299 int * pbExtIV, 1300 PWORD pwRxTSC15_0, 1301 PDWORD pdwRxTSC47_16 1302 ) 1303{ 1304 PSMgmtObject pMgmt = &(pDevice->sMgmtObj); 1305 unsigned int PayloadLen = FrameSize; 1306 PBYTE pbyIV; 1307 BYTE byKeyIdx; 1308 BYTE byDecMode = KEY_CTL_WEP; 1309 PS802_11Header pMACHeader; 1310 1311 1312 1313 *pwRxTSC15_0 = 0; 1314 *pdwRxTSC47_16 = 0; 1315 1316 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1317 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && 1318 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { 1319 pbyIV += 6; // 6 is 802.11 address4 1320 PayloadLen -= 6; 1321 } 1322 byKeyIdx = (*(pbyIV+3) & 0xc0); 1323 byKeyIdx >>= 6; 1324 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); 1325 1326 1327 if (pMgmt->byCSSGK == KEY_CTL_TKIP) 1328 byDecMode = KEY_CTL_TKIP; 1329 else if (pMgmt->byCSSGK == KEY_CTL_CCMP) 1330 byDecMode = KEY_CTL_CCMP; 1331 1332 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode); 1333 1334 if (byDecMode != pKey->byCipherSuite) { 1335 if (byDecMode == KEY_CTL_WEP) { 1336// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1337 } else if (pDevice->bLinkPass == TRUE) { 1338// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1339 } 1340 return FALSE; 1341 } 1342 1343 if (byDecMode == KEY_CTL_WEP) { 1344 // handle WEP 1345 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n"); 1346 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1347 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) || 1348 (bOnFly == FALSE)) { 1349 // Software WEP 1350 // 1. 3253A 1351 // 2. WEP 256 1352 // 3. NotOnFly 1353 1354 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1355 memcpy(pDevice->abyPRNG, pbyIV, 3); 1356 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1357 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1358 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1359 1360 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1361 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1362 } 1363 } 1364 } else if ((byDecMode == KEY_CTL_TKIP) || 1365 (byDecMode == KEY_CTL_CCMP)) { 1366 // TKIP/AES 1367 1368 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1369 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); 1370 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); 1371 1372 if (byDecMode == KEY_CTL_TKIP) { 1373 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1374 } else { 1375 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); 1376 } 1377 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); 1378 1379 if (byDecMode == KEY_CTL_TKIP) { 1380 1381 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) { 1382 // Software TKIP 1383 // 1. 3253 A 1384 // 2. NotOnFly 1385 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n"); 1386 pMACHeader = (PS802_11Header) (pbyFrame); 1387 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1388 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1389 …
Large files files are truncated, but you can click here to view the full file