PageRenderTime 71ms CodeModel.GetById 14ms app.highlight 48ms RepoModel.GetById 0ms app.codeStats 0ms

/drivers/staging/vt6656/dpc.c

https://bitbucket.org/cyanogenmod/android_kernel_asus_tf300t
C | 1616 lines | 1210 code | 209 blank | 197 comment | 377 complexity | 4e123381aaf092dc5ae38ce599149f2b MD5 | raw file
Possible License(s): LGPL-2.0, AGPL-1.0, GPL-2.0

Large files files are truncated, but you can click here to view the full file

   1/*
   2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
   3 * All rights reserved.
   4 *
   5 * This program is free software; you can redistribute it and/or modify
   6 * it under the terms of the GNU General Public License as published by
   7 * the Free Software Foundation; either version 2 of the License, or
   8 * (at your option) any later version.
   9 *
  10 * This program is distributed in the hope that it will be useful,
  11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 * GNU General Public License for more details.
  14 *
  15 * You should have received a copy of the GNU General Public License along
  16 * with this program; if not, write to the Free Software Foundation, Inc.,
  17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  18 *
  19 * File: dpc.c
  20 *
  21 * Purpose: handle dpc rx functions
  22 *
  23 * Author: Lyndon Chen
  24 *
  25 * Date: May 20, 2003
  26 *
  27 * Functions:
  28 *      device_receive_frame - Rcv 802.11 frame function
  29 *      s_bAPModeRxCtl- AP Rcv frame filer Ctl.
  30 *      s_bAPModeRxData- AP Rcv data frame handle
  31 *      s_bHandleRxEncryption- Rcv decrypted data via on-fly
  32 *      s_bHostWepRxEncryption- Rcv encrypted data via host
  33 *      s_byGetRateIdx- get rate index
  34 *      s_vGetDASA- get data offset
  35 *      s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
  36 *
  37 * Revision History:
  38 *
  39 */
  40
  41#include "device.h"
  42#include "rxtx.h"
  43#include "tether.h"
  44#include "card.h"
  45#include "bssdb.h"
  46#include "mac.h"
  47#include "baseband.h"
  48#include "michael.h"
  49#include "tkip.h"
  50#include "tcrc.h"
  51#include "wctl.h"
  52#include "hostap.h"
  53#include "rf.h"
  54#include "iowpa.h"
  55#include "aes_ccmp.h"
  56#include "datarate.h"
  57#include "usbpipe.h"
  58
  59/*---------------------  Static Definitions -------------------------*/
  60
  61/*---------------------  Static Classes  ----------------------------*/
  62
  63/*---------------------  Static Variables  --------------------------*/
  64//static int          msglevel                =MSG_LEVEL_DEBUG;
  65static int          msglevel                =MSG_LEVEL_INFO;
  66
  67const BYTE acbyRxRate[MAX_RATE] =
  68{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
  69
  70
  71/*---------------------  Static Functions  --------------------------*/
  72
  73/*---------------------  Static Definitions -------------------------*/
  74
  75/*---------------------  Static Functions  --------------------------*/
  76
  77static BYTE s_byGetRateIdx(BYTE byRate);
  78
  79static
  80void
  81s_vGetDASA(
  82      PBYTE pbyRxBufferAddr,
  83     unsigned int *pcbHeaderSize,
  84     PSEthernetHeader psEthHeader
  85    );
  86
  87static
  88void
  89s_vProcessRxMACHeader (
  90      PSDevice pDevice,
  91      PBYTE pbyRxBufferAddr,
  92      unsigned int cbPacketSize,
  93      BOOL bIsWEP,
  94      BOOL bExtIV,
  95     unsigned int *pcbHeadSize
  96    );
  97
  98static BOOL s_bAPModeRxCtl(
  99     PSDevice pDevice,
 100     PBYTE    pbyFrame,
 101     signed int      iSANodeIndex
 102    );
 103
 104
 105
 106static BOOL s_bAPModeRxData (
 107     PSDevice pDevice,
 108     struct sk_buff *skb,
 109     unsigned int     FrameSize,
 110     unsigned int     cbHeaderOffset,
 111     signed int      iSANodeIndex,
 112     signed int      iDANodeIndex
 113    );
 114
 115
 116static BOOL s_bHandleRxEncryption(
 117     PSDevice     pDevice,
 118     PBYTE        pbyFrame,
 119     unsigned int         FrameSize,
 120     PBYTE        pbyRsr,
 121     PBYTE       pbyNewRsr,
 122     PSKeyItem   * pKeyOut,
 123    int *       pbExtIV,
 124     PWORD       pwRxTSC15_0,
 125     PDWORD      pdwRxTSC47_16
 126    );
 127
 128static BOOL s_bHostWepRxEncryption(
 129
 130     PSDevice     pDevice,
 131     PBYTE        pbyFrame,
 132     unsigned int         FrameSize,
 133     PBYTE        pbyRsr,
 134     BOOL         bOnFly,
 135     PSKeyItem    pKey,
 136     PBYTE       pbyNewRsr,
 137    int *       pbExtIV,
 138     PWORD       pwRxTSC15_0,
 139     PDWORD      pdwRxTSC47_16
 140
 141    );
 142
 143/*---------------------  Export Variables  --------------------------*/
 144
 145/*+
 146 *
 147 * Description:
 148 *    Translate Rcv 802.11 header to 802.3 header with Rx buffer
 149 *
 150 * Parameters:
 151 *  In:
 152 *      pDevice
 153 *      dwRxBufferAddr  - Address of Rcv Buffer
 154 *      cbPacketSize    - Rcv Packet size
 155 *      bIsWEP          - If Rcv with WEP
 156 *  Out:
 157 *      pcbHeaderSize   - 802.11 header size
 158 *
 159 * Return Value: None
 160 *
 161-*/
 162static
 163void
 164s_vProcessRxMACHeader (
 165      PSDevice pDevice,
 166      PBYTE pbyRxBufferAddr,
 167      unsigned int cbPacketSize,
 168      BOOL bIsWEP,
 169      BOOL bExtIV,
 170     unsigned int *pcbHeadSize
 171    )
 172{
 173    PBYTE           pbyRxBuffer;
 174    unsigned int            cbHeaderSize = 0;
 175    PWORD           pwType;
 176    PS802_11Header  pMACHeader;
 177    int             ii;
 178
 179
 180    pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
 181
 182    s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
 183
 184    if (bIsWEP) {
 185        if (bExtIV) {
 186            // strip IV&ExtIV , add 8 byte
 187            cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
 188        } else {
 189            // strip IV , add 4 byte
 190            cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
 191        }
 192    }
 193    else {
 194        cbHeaderSize += WLAN_HDR_ADDR3_LEN;
 195    };
 196
 197    pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
 198    if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
 199        cbHeaderSize += 6;
 200    } else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
 201        cbHeaderSize += 6;
 202        pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
 203	if ((*pwType == cpu_to_le16(ETH_P_IPX)) ||
 204	    (*pwType == cpu_to_le16(0xF380))) {
 205		cbHeaderSize -= 8;
 206            pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
 207            if (bIsWEP) {
 208                if (bExtIV) {
 209                    *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);    // 8 is IV&ExtIV
 210                } else {
 211                    *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);    // 4 is IV
 212                }
 213            }
 214            else {
 215                *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
 216            }
 217        }
 218    }
 219    else {
 220        cbHeaderSize -= 2;
 221        pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
 222        if (bIsWEP) {
 223            if (bExtIV) {
 224                *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);    // 8 is IV&ExtIV
 225            } else {
 226                *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);    // 4 is IV
 227            }
 228        }
 229        else {
 230            *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
 231        }
 232    }
 233
 234    cbHeaderSize -= (ETH_ALEN * 2);
 235    pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
 236    for (ii = 0; ii < ETH_ALEN; ii++)
 237        *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
 238    for (ii = 0; ii < ETH_ALEN; ii++)
 239        *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
 240
 241    *pcbHeadSize = cbHeaderSize;
 242}
 243
 244
 245
 246
 247static BYTE s_byGetRateIdx(BYTE byRate)
 248{
 249    BYTE    byRateIdx;
 250
 251    for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
 252        if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
 253            return byRateIdx;
 254    }
 255    return 0;
 256}
 257
 258
 259static
 260void
 261s_vGetDASA (
 262      PBYTE pbyRxBufferAddr,
 263     unsigned int *pcbHeaderSize,
 264     PSEthernetHeader psEthHeader
 265    )
 266{
 267	unsigned int            cbHeaderSize = 0;
 268	PS802_11Header  pMACHeader;
 269	int             ii;
 270
 271	pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
 272
 273	if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
 274		if (pMACHeader->wFrameCtl & FC_FROMDS) {
 275			for (ii = 0; ii < ETH_ALEN; ii++) {
 276				psEthHeader->abyDstAddr[ii] =
 277					pMACHeader->abyAddr1[ii];
 278				psEthHeader->abySrcAddr[ii] =
 279					pMACHeader->abyAddr3[ii];
 280			}
 281		} else {
 282			/* IBSS mode */
 283			for (ii = 0; ii < ETH_ALEN; ii++) {
 284				psEthHeader->abyDstAddr[ii] =
 285					pMACHeader->abyAddr1[ii];
 286				psEthHeader->abySrcAddr[ii] =
 287					pMACHeader->abyAddr2[ii];
 288			}
 289		}
 290	} else {
 291		/* Is AP mode.. */
 292		if (pMACHeader->wFrameCtl & FC_FROMDS) {
 293			for (ii = 0; ii < ETH_ALEN; ii++) {
 294				psEthHeader->abyDstAddr[ii] =
 295					pMACHeader->abyAddr3[ii];
 296				psEthHeader->abySrcAddr[ii] =
 297					pMACHeader->abyAddr4[ii];
 298				cbHeaderSize += 6;
 299			}
 300		} else {
 301			for (ii = 0; ii < ETH_ALEN; ii++) {
 302				psEthHeader->abyDstAddr[ii] =
 303					pMACHeader->abyAddr3[ii];
 304				psEthHeader->abySrcAddr[ii] =
 305					pMACHeader->abyAddr2[ii];
 306			}
 307		}
 308	};
 309    *pcbHeaderSize = cbHeaderSize;
 310}
 311
 312
 313
 314
 315BOOL
 316RXbBulkInProcessData (
 317     PSDevice         pDevice,
 318     PRCB             pRCB,
 319     unsigned long            BytesToIndicate
 320    )
 321{
 322
 323    struct net_device_stats* pStats=&pDevice->stats;
 324    struct sk_buff* skb;
 325    PSMgmtObject    pMgmt = &(pDevice->sMgmtObj);
 326    PSRxMgmtPacket  pRxPacket = &(pMgmt->sRxPacket);
 327    PS802_11Header  p802_11Header;
 328    PBYTE           pbyRsr;
 329    PBYTE           pbyNewRsr;
 330    PBYTE           pbyRSSI;
 331    PQWORD          pqwTSFTime;
 332    PBYTE           pbyFrame;
 333    BOOL            bDeFragRx = FALSE;
 334    unsigned int            cbHeaderOffset;
 335    unsigned int            FrameSize;
 336    WORD            wEtherType = 0;
 337    signed int             iSANodeIndex = -1;
 338    signed int             iDANodeIndex = -1;
 339    unsigned int            ii;
 340    unsigned int            cbIVOffset;
 341    PBYTE           pbyRxSts;
 342    PBYTE           pbyRxRate;
 343    PBYTE           pbySQ;
 344    PBYTE           pby3SQ;
 345    unsigned int            cbHeaderSize;
 346    PSKeyItem       pKey = NULL;
 347    WORD            wRxTSC15_0 = 0;
 348    DWORD           dwRxTSC47_16 = 0;
 349    SKeyItem        STempKey;
 350    // 802.11h RPI
 351    /* signed long ldBm = 0; */
 352    BOOL            bIsWEP = FALSE;
 353    BOOL            bExtIV = FALSE;
 354    DWORD           dwWbkStatus;
 355    PRCB            pRCBIndicate = pRCB;
 356    PBYTE           pbyDAddress;
 357    PWORD           pwPLCP_Length;
 358    BYTE            abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108};
 359    WORD            wPLCPwithPadding;
 360    PS802_11Header  pMACHeader;
 361    BOOL            bRxeapol_key = FALSE;
 362
 363
 364
 365    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n");
 366
 367    skb = pRCB->skb;
 368
 369    //[31:16]RcvByteCount ( not include 4-byte Status )
 370    dwWbkStatus =  *( (PDWORD)(skb->data) );
 371    FrameSize = (unsigned int)(dwWbkStatus >> 16);
 372    FrameSize += 4;
 373
 374    if (BytesToIndicate != FrameSize) {
 375        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
 376        return FALSE;
 377    }
 378
 379    if ((BytesToIndicate > 2372) || (BytesToIndicate <= 40)) {
 380        // Frame Size error drop this packet.
 381	DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2\n");
 382        return FALSE;
 383    }
 384
 385    pbyDAddress = (PBYTE)(skb->data);
 386    pbyRxSts = pbyDAddress+4;
 387    pbyRxRate = pbyDAddress+5;
 388
 389    //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding
 390    //if SQ3 the range is 24~27, if no SQ3 the range is 20~23
 391    //real Frame size in PLCPLength field.
 392    pwPLCP_Length = (PWORD) (pbyDAddress + 6);
 393    //Fix hardware bug => PLCP_Length error
 394    if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) ||
 395         ((BytesToIndicate - (*pwPLCP_Length)) < 24) ||
 396         (BytesToIndicate < (*pwPLCP_Length)) ) {
 397
 398        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length);
 399        ASSERT(0);
 400        return FALSE;
 401    }
 402    for ( ii=RATE_1M;ii<MAX_RATE;ii++) {
 403        if ( *pbyRxRate == abyVaildRate[ii] ) {
 404            break;
 405        }
 406    }
 407    if ( ii==MAX_RATE ) {
 408        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate);
 409        return FALSE;
 410    }
 411
 412    wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4;
 413
 414    pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding);
 415  if(pDevice->byBBType == BB_TYPE_11G)  {
 416      pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12;
 417      pbySQ = pby3SQ;
 418    }
 419  else {
 420   pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
 421   pby3SQ = pbySQ;
 422  }
 423    pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9;
 424    pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10;
 425    pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11;
 426
 427    FrameSize = *pwPLCP_Length;
 428
 429    pbyFrame = pbyDAddress + 8;
 430    // update receive statistic counter
 431
 432    STAvUpdateRDStatCounter(&pDevice->scStatistic,
 433                            *pbyRsr,
 434                            *pbyNewRsr,
 435                            *pbyRxSts,
 436                            *pbyRxRate,
 437                            pbyFrame,
 438                            FrameSize
 439                            );
 440
 441
 442    pMACHeader = (PS802_11Header) pbyFrame;
 443
 444//mike add: to judge if current AP is activated?
 445    if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) ||
 446        (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) {
 447       if (pMgmt->sNodeDBTable[0].bActive) {
 448	 if (!compare_ether_addr(pMgmt->abyCurrBSSID, pMACHeader->abyAddr2)) {
 449	    if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
 450                  pMgmt->sNodeDBTable[0].uInActiveCount = 0;
 451           }
 452       }
 453    }
 454
 455    if (!is_multicast_ether_addr(pMACHeader->abyAddr1) && !is_broadcast_ether_addr(pMACHeader->abyAddr1)) {
 456        if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) {
 457            pDevice->s802_11Counter.FrameDuplicateCount++;
 458            return FALSE;
 459        }
 460
 461	if (compare_ether_addr(pDevice->abyCurrentNetAddr,
 462			       pMACHeader->abyAddr1)) {
 463		return FALSE;
 464        }
 465    }
 466
 467
 468    // Use for TKIP MIC
 469    s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader);
 470
 471    if (!compare_ether_addr((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]),
 472			    pDevice->abyCurrentNetAddr))
 473        return FALSE;
 474
 475    if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
 476        if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
 477            p802_11Header = (PS802_11Header) (pbyFrame);
 478            // get SA NodeIndex
 479            if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
 480                pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
 481                pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
 482            }
 483        }
 484    }
 485
 486    if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 487        if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
 488            return FALSE;
 489        }
 490    }
 491
 492
 493    if (IS_FC_WEP(pbyFrame)) {
 494        BOOL     bRxDecryOK = FALSE;
 495
 496        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
 497        bIsWEP = TRUE;
 498        if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
 499            pKey = &STempKey;
 500            pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
 501            pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
 502            pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
 503            pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
 504            pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
 505            memcpy(pKey->abyKey,
 506                &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
 507                pKey->uKeyLength
 508                );
 509
 510            bRxDecryOK = s_bHostWepRxEncryption(pDevice,
 511                                                pbyFrame,
 512                                                FrameSize,
 513                                                pbyRsr,
 514                                                pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
 515                                                pKey,
 516                                                pbyNewRsr,
 517                                                &bExtIV,
 518                                                &wRxTSC15_0,
 519                                                &dwRxTSC47_16);
 520        } else {
 521            bRxDecryOK = s_bHandleRxEncryption(pDevice,
 522                                                pbyFrame,
 523                                                FrameSize,
 524                                                pbyRsr,
 525                                                pbyNewRsr,
 526                                                &pKey,
 527                                                &bExtIV,
 528                                                &wRxTSC15_0,
 529                                                &dwRxTSC47_16);
 530        }
 531
 532        if (bRxDecryOK) {
 533            if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
 534                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
 535                if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
 536                    (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
 537                    (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
 538                    (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
 539                    (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
 540
 541                    if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
 542                        pDevice->s802_11Counter.TKIPICVErrors++;
 543                    } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
 544                        pDevice->s802_11Counter.CCMPDecryptErrors++;
 545                    } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
 546//                      pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
 547                    }
 548                }
 549                return FALSE;
 550            }
 551        } else {
 552            DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
 553            return FALSE;
 554        }
 555        if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
 556            FrameSize -= 8;         // Message Integrity Code
 557        else
 558            FrameSize -= 4;         // 4 is ICV
 559    }
 560
 561
 562    //
 563    // RX OK
 564    //
 565    /* remove the FCS/CRC length */
 566    FrameSize -= ETH_FCS_LEN;
 567
 568    if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) && // unicast address
 569        (IS_FRAGMENT_PKT((pbyFrame)))
 570        ) {
 571        // defragment
 572        bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV);
 573        pDevice->s802_11Counter.ReceivedFragmentCount++;
 574        if (bDeFragRx) {
 575            // defrag complete
 576            // TODO skb, pbyFrame
 577            skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
 578            FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
 579            pbyFrame = skb->data + 8;
 580        }
 581        else {
 582            return FALSE;
 583        }
 584    }
 585
 586    //
 587    // Management & Control frame Handle
 588    //
 589    if ((IS_TYPE_DATA((pbyFrame))) == FALSE) {
 590        // Handle Control & Manage Frame
 591
 592        if (IS_TYPE_MGMT((pbyFrame))) {
 593            PBYTE pbyData1;
 594            PBYTE pbyData2;
 595
 596            pRxPacket = &(pRCB->sMngPacket);
 597            pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame);
 598            pRxPacket->cbMPDULen = FrameSize;
 599            pRxPacket->uRSSI = *pbyRSSI;
 600            pRxPacket->bySQ = *pbySQ;
 601            HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
 602            LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
 603            if (bIsWEP) {
 604                // strip IV
 605                pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame);
 606                pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4;
 607                for (ii = 0; ii < (FrameSize - 4); ii++) {
 608                    *pbyData1 = *pbyData2;
 609                     pbyData1++;
 610                     pbyData2++;
 611                }
 612            }
 613
 614            pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
 615
 616            if ( *pbyRxSts == 0 ) {
 617                //Discard beacon packet which channel is 0
 618                if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) ||
 619                     (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) {
 620                    return TRUE;
 621                }
 622            }
 623            pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
 624
 625            // hostap Deamon handle 802.11 management
 626            if (pDevice->bEnableHostapd) {
 627	            skb->dev = pDevice->apdev;
 628	            //skb->data += 4;
 629	            //skb->tail += 4;
 630	            skb->data += 8;
 631	            skb->tail += 8;
 632                skb_put(skb, FrameSize);
 633		skb_reset_mac_header(skb);
 634	            skb->pkt_type = PACKET_OTHERHOST;
 635    	        skb->protocol = htons(ETH_P_802_2);
 636	            memset(skb->cb, 0, sizeof(skb->cb));
 637	            netif_rx(skb);
 638                return TRUE;
 639	        }
 640
 641            //
 642            // Insert the RCB in the Recv Mng list
 643            //
 644            EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate);
 645            pDevice->NumRecvMngList++;
 646            if ( bDeFragRx == FALSE) {
 647                pRCB->Ref++;
 648            }
 649            if (pDevice->bIsRxMngWorkItemQueued == FALSE) {
 650                pDevice->bIsRxMngWorkItemQueued = TRUE;
 651                tasklet_schedule(&pDevice->RxMngWorkItem);
 652            }
 653
 654        }
 655        else {
 656            // Control Frame
 657        };
 658        return FALSE;
 659    }
 660    else {
 661        if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 662            //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
 663            if ( !(*pbyRsr & RSR_BSSIDOK)) {
 664                if (bDeFragRx) {
 665                    if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 666                        DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
 667                        pDevice->dev->name);
 668                    }
 669                }
 670                return FALSE;
 671            }
 672        }
 673        else {
 674            // discard DATA packet while not associate || BSSID error
 675            if ((pDevice->bLinkPass == FALSE) ||
 676                !(*pbyRsr & RSR_BSSIDOK)) {
 677                if (bDeFragRx) {
 678                    if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 679                        DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
 680                        pDevice->dev->name);
 681                    }
 682                }
 683                return FALSE;
 684            }
 685   //mike add:station mode check eapol-key challenge--->
 686   	  {
 687   	    BYTE  Protocol_Version;    //802.1x Authentication
 688	    BYTE  Packet_Type;           //802.1x Authentication
 689	    BYTE  Descriptor_type;
 690             WORD Key_info;
 691              if (bIsWEP)
 692                  cbIVOffset = 8;
 693              else
 694                  cbIVOffset = 0;
 695              wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
 696                          skb->data[cbIVOffset + 8 + 24 + 6 + 1];
 697	      Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
 698	      Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
 699	     if (wEtherType == ETH_P_PAE) {         //Protocol Type in LLC-Header
 700                  if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
 701		     (Packet_Type==3)) {  //802.1x OR eapol-key challenge frame receive
 702                        bRxeapol_key = TRUE;
 703		      Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2];
 704		      Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ;
 705		      if(Descriptor_type==2) {    //RSN
 706                         //  printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info);
 707		      }
 708		     else  if(Descriptor_type==254) {
 709                        //  printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info);
 710		     }
 711                  }
 712	      }
 713   	  }
 714    //mike add:station mode check eapol-key challenge<---
 715        }
 716    }
 717
 718
 719// Data frame Handle
 720
 721
 722    if (pDevice->bEnablePSMode) {
 723        if (IS_FC_MOREDATA((pbyFrame))) {
 724            if (*pbyRsr & RSR_ADDROK) {
 725                //PSbSendPSPOLL((PSDevice)pDevice);
 726            }
 727        }
 728        else {
 729            if (pMgmt->bInTIMWake == TRUE) {
 730                pMgmt->bInTIMWake = FALSE;
 731            }
 732        }
 733    }
 734
 735    // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
 736    if (pDevice->bDiversityEnable && (FrameSize>50) &&
 737       (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
 738       (pDevice->bLinkPass == TRUE)) {
 739        BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
 740    }
 741
 742    // ++++++++ For BaseBand Algorithm +++++++++++++++
 743    pDevice->uCurrRSSI = *pbyRSSI;
 744    pDevice->byCurrSQ = *pbySQ;
 745
 746    // todo
 747/*
 748    if ((*pbyRSSI != 0) &&
 749        (pMgmt->pCurrBSS!=NULL)) {
 750        RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
 751        // Moniter if RSSI is too strong.
 752        pMgmt->pCurrBSS->byRSSIStatCnt++;
 753        pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
 754        pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
 755	for (ii = 0; ii < RSSI_STAT_COUNT; ii++) {
 756		if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
 757			pMgmt->pCurrBSS->ldBmMAX =
 758				max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
 759		}
 760        }
 761    }
 762*/
 763
 764
 765    // -----------------------------------------------
 766
 767    if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
 768        BYTE    abyMacHdr[24];
 769
 770        // Only 802.1x packet incoming allowed
 771        if (bIsWEP)
 772            cbIVOffset = 8;
 773        else
 774            cbIVOffset = 0;
 775        wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
 776                    skb->data[cbIVOffset + 8 + 24 + 6 + 1];
 777
 778	    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
 779        if (wEtherType == ETH_P_PAE) {
 780            skb->dev = pDevice->apdev;
 781
 782            if (bIsWEP == TRUE) {
 783                // strip IV header(8)
 784                memcpy(&abyMacHdr[0], (skb->data + 8), 24);
 785                memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24);
 786            }
 787
 788            skb->data +=  (cbIVOffset + 8);
 789            skb->tail +=  (cbIVOffset + 8);
 790            skb_put(skb, FrameSize);
 791	    skb_reset_mac_header(skb);
 792            skb->pkt_type = PACKET_OTHERHOST;
 793            skb->protocol = htons(ETH_P_802_2);
 794            memset(skb->cb, 0, sizeof(skb->cb));
 795            netif_rx(skb);
 796            return TRUE;
 797
 798        }
 799        // check if 802.1x authorized
 800        if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
 801            return FALSE;
 802    }
 803
 804
 805    if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
 806        if (bIsWEP) {
 807            FrameSize -= 8;  //MIC
 808        }
 809    }
 810
 811    //--------------------------------------------------------------------------------
 812    // Soft MIC
 813    if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
 814        if (bIsWEP) {
 815            PDWORD          pdwMIC_L;
 816            PDWORD          pdwMIC_R;
 817            DWORD           dwMIC_Priority;
 818            DWORD           dwMICKey0 = 0, dwMICKey1 = 0;
 819            DWORD           dwLocalMIC_L = 0;
 820            DWORD           dwLocalMIC_R = 0;
 821            viawget_wpa_header *wpahdr;
 822
 823
 824            if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 825                dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
 826                dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
 827            }
 828            else {
 829                if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
 830                    dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
 831                    dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
 832                } else if ((pKey->dwKeyIndex & BIT28) == 0) {
 833                    dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
 834                    dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
 835                } else {
 836                    dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
 837                    dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
 838                }
 839            }
 840
 841            MIC_vInit(dwMICKey0, dwMICKey1);
 842            MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
 843            dwMIC_Priority = 0;
 844            MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
 845            // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
 846            MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8),
 847                        FrameSize - WLAN_HDR_ADDR3_LEN - 8);
 848            MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
 849            MIC_vUnInit();
 850
 851            pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize);
 852            pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4);
 853
 854
 855            if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
 856                (pDevice->bRxMICFail == TRUE)) {
 857                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
 858                pDevice->bRxMICFail = FALSE;
 859                //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
 860                pDevice->s802_11Counter.TKIPLocalMICFailures++;
 861                if (bDeFragRx) {
 862                    if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 863                        DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
 864                            pDevice->dev->name);
 865                    }
 866                }
 867       #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
 868				//send event to wpa_supplicant
 869				//if(pDevice->bWPASuppWextEnabled == TRUE)
 870				{
 871					union iwreq_data wrqu;
 872					struct iw_michaelmicfailure ev;
 873					int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
 874					memset(&ev, 0, sizeof(ev));
 875					ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
 876					if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
 877							(pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
 878								(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
 879						ev.flags |= IW_MICFAILURE_PAIRWISE;
 880					} else {
 881						ev.flags |= IW_MICFAILURE_GROUP;
 882					}
 883
 884					ev.src_addr.sa_family = ARPHRD_ETHER;
 885					memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
 886					memset(&wrqu, 0, sizeof(wrqu));
 887					wrqu.data.length = sizeof(ev);
 888			PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
 889					wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
 890
 891				}
 892         #endif
 893
 894
 895                if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
 896                     wpahdr = (viawget_wpa_header *)pDevice->skb->data;
 897                     if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
 898                         (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
 899                         (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
 900                         //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
 901                         wpahdr->type = VIAWGET_PTK_MIC_MSG;
 902                     } else {
 903                         //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
 904                         wpahdr->type = VIAWGET_GTK_MIC_MSG;
 905                     }
 906                     wpahdr->resp_ie_len = 0;
 907                     wpahdr->req_ie_len = 0;
 908                     skb_put(pDevice->skb, sizeof(viawget_wpa_header));
 909                     pDevice->skb->dev = pDevice->wpadev;
 910		     skb_reset_mac_header(pDevice->skb);
 911                     pDevice->skb->pkt_type = PACKET_HOST;
 912                     pDevice->skb->protocol = htons(ETH_P_802_2);
 913                     memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
 914                     netif_rx(pDevice->skb);
 915                     pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
 916                 }
 917
 918                return FALSE;
 919
 920            }
 921        }
 922    } //---end of SOFT MIC-----------------------------------------------------------------------
 923
 924    // ++++++++++ Reply Counter Check +++++++++++++
 925
 926    if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
 927                           (pKey->byCipherSuite == KEY_CTL_CCMP))) {
 928        if (bIsWEP) {
 929            WORD        wLocalTSC15_0 = 0;
 930            DWORD       dwLocalTSC47_16 = 0;
 931	    unsigned long long       RSC = 0;
 932            // endian issues
 933	    RSC = *((unsigned long long *) &(pKey->KeyRSC));
 934            wLocalTSC15_0 = (WORD) RSC;
 935            dwLocalTSC47_16 = (DWORD) (RSC>>16);
 936
 937            RSC = dwRxTSC47_16;
 938            RSC <<= 16;
 939            RSC += wRxTSC15_0;
 940            memcpy(&(pKey->KeyRSC), &RSC,  sizeof(QWORD));
 941
 942            if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
 943                 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
 944                // check RSC
 945                if ( (wRxTSC15_0 < wLocalTSC15_0) &&
 946                     (dwRxTSC47_16 <= dwLocalTSC47_16) &&
 947                     !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
 948                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
 949                    if (pKey->byCipherSuite == KEY_CTL_TKIP)
 950                        //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
 951                        pDevice->s802_11Counter.TKIPReplays++;
 952                    else
 953                        //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
 954                        pDevice->s802_11Counter.CCMPReplays++;
 955
 956                    if (bDeFragRx) {
 957                        if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 958                            DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
 959                                pDevice->dev->name);
 960                        }
 961                    }
 962                    return FALSE;
 963                }
 964            }
 965        }
 966    } // ----- End of Reply Counter Check --------------------------
 967
 968
 969    s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
 970    FrameSize -= cbHeaderOffset;
 971    cbHeaderOffset += 8;        // 8 is Rcv buffer header
 972
 973    // Null data, framesize = 12
 974    if (FrameSize < 12)
 975        return FALSE;
 976
 977    if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 978        if (s_bAPModeRxData(pDevice,
 979                            skb,
 980                            FrameSize,
 981                            cbHeaderOffset,
 982                            iSANodeIndex,
 983                            iDANodeIndex
 984                            ) == FALSE) {
 985
 986            if (bDeFragRx) {
 987                if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 988                    DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
 989                    pDevice->dev->name);
 990                }
 991            }
 992            return FALSE;
 993        }
 994
 995    }
 996
 997	skb->data += cbHeaderOffset;
 998	skb->tail += cbHeaderOffset;
 999    skb_put(skb, FrameSize);
1000    skb->protocol=eth_type_trans(skb, skb->dev);
1001    skb->ip_summed=CHECKSUM_NONE;
1002    pStats->rx_bytes +=skb->len;
1003    pStats->rx_packets++;
1004    netif_rx(skb);
1005    if (bDeFragRx) {
1006        if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1007            DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1008                pDevice->dev->name);
1009        }
1010        return FALSE;
1011    }
1012
1013    return TRUE;
1014}
1015
1016
1017static BOOL s_bAPModeRxCtl (
1018     PSDevice pDevice,
1019     PBYTE    pbyFrame,
1020     signed int      iSANodeIndex
1021    )
1022{
1023    PS802_11Header      p802_11Header;
1024    CMD_STATUS          Status;
1025    PSMgmtObject        pMgmt = &(pDevice->sMgmtObj);
1026
1027
1028    if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1029
1030        p802_11Header = (PS802_11Header) (pbyFrame);
1031        if (!IS_TYPE_MGMT(pbyFrame)) {
1032
1033            // Data & PS-Poll packet
1034            // check frame class
1035            if (iSANodeIndex > 0) {
1036                // frame class 3 fliter & checking
1037                if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1038                    // send deauth notification
1039                    // reason = (6) class 2 received from nonauth sta
1040                    vMgrDeAuthenBeginSta(pDevice,
1041                                         pMgmt,
1042                                         (PBYTE)(p802_11Header->abyAddr2),
1043                                         (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1044                                         &Status
1045                                         );
1046                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1047                    return TRUE;
1048                }
1049                if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1050                    // send deassoc notification
1051                    // reason = (7) class 3 received from nonassoc sta
1052                    vMgrDisassocBeginSta(pDevice,
1053                                         pMgmt,
1054                                         (PBYTE)(p802_11Header->abyAddr2),
1055                                         (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1056                                         &Status
1057                                         );
1058                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1059                    return TRUE;
1060                }
1061
1062                if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1063                    // delcare received ps-poll event
1064                    if (IS_CTL_PSPOLL(pbyFrame)) {
1065                        pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1066			bScheduleCommand((void *) pDevice,
1067					 WLAN_CMD_RX_PSPOLL,
1068					 NULL);
1069                        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1070                    }
1071                    else {
1072                        // check Data PS state
1073                        // if PW bit off, send out all PS bufferring packets.
1074                        if (!IS_FC_POWERMGT(pbyFrame)) {
1075                            pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1076                            pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1077				bScheduleCommand((void *) pDevice,
1078						 WLAN_CMD_RX_PSPOLL,
1079						 NULL);
1080                            DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1081                        }
1082                    }
1083                }
1084                else {
1085                   if (IS_FC_POWERMGT(pbyFrame)) {
1086                       pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1087                       // Once if STA in PS state, enable multicast bufferring
1088                       pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1089                   }
1090                   else {
1091                      // clear all pending PS frame.
1092                      if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1093                          pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1094                          pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1095			bScheduleCommand((void *) pDevice,
1096					 WLAN_CMD_RX_PSPOLL,
1097					 NULL);
1098                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1099
1100                      }
1101                   }
1102                }
1103            }
1104            else {
1105                  vMgrDeAuthenBeginSta(pDevice,
1106                                       pMgmt,
1107                                       (PBYTE)(p802_11Header->abyAddr2),
1108                                       (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1109                                       &Status
1110                                       );
1111                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1112                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1113                                p802_11Header->abyAddr3[0],
1114                                p802_11Header->abyAddr3[1],
1115                                p802_11Header->abyAddr3[2],
1116                                p802_11Header->abyAddr3[3],
1117                                p802_11Header->abyAddr3[4],
1118                                p802_11Header->abyAddr3[5]
1119                               );
1120                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1121                                p802_11Header->abyAddr2[0],
1122                                p802_11Header->abyAddr2[1],
1123                                p802_11Header->abyAddr2[2],
1124                                p802_11Header->abyAddr2[3],
1125                                p802_11Header->abyAddr2[4],
1126                                p802_11Header->abyAddr2[5]
1127                               );
1128                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1129                                p802_11Header->abyAddr1[0],
1130                                p802_11Header->abyAddr1[1],
1131                                p802_11Header->abyAddr1[2],
1132                                p802_11Header->abyAddr1[3],
1133                                p802_11Header->abyAddr1[4],
1134                                p802_11Header->abyAddr1[5]
1135                               );
1136                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1137                    return TRUE;
1138            }
1139        }
1140    }
1141    return FALSE;
1142
1143}
1144
1145static BOOL s_bHandleRxEncryption (
1146     PSDevice     pDevice,
1147     PBYTE        pbyFrame,
1148     unsigned int         FrameSize,
1149     PBYTE        pbyRsr,
1150     PBYTE       pbyNewRsr,
1151     PSKeyItem   * pKeyOut,
1152    int *       pbExtIV,
1153     PWORD       pwRxTSC15_0,
1154     PDWORD      pdwRxTSC47_16
1155    )
1156{
1157    unsigned int            PayloadLen = FrameSize;
1158    PBYTE           pbyIV;
1159    BYTE            byKeyIdx;
1160    PSKeyItem       pKey = NULL;
1161    BYTE            byDecMode = KEY_CTL_WEP;
1162    PSMgmtObject    pMgmt = &(pDevice->sMgmtObj);
1163
1164
1165    *pwRxTSC15_0 = 0;
1166    *pdwRxTSC47_16 = 0;
1167
1168    pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1169    if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1170         WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1171         pbyIV += 6;             // 6 is 802.11 address4
1172         PayloadLen -= 6;
1173    }
1174    byKeyIdx = (*(pbyIV+3) & 0xc0);
1175    byKeyIdx >>= 6;
1176    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1177
1178    if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1179        (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1180        (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1181        (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1182        (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1183        if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1184            (pMgmt->byCSSPK != KEY_CTL_NONE)) {
1185            // unicast pkt use pairwise key
1186            DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1187            if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1188                if (pMgmt->byCSSPK == KEY_CTL_TKIP)
1189                    byDecMode = KEY_CTL_TKIP;
1190                else if (pMgmt->byCSSPK == KEY_CTL_CCMP)
1191                    byDecMode = KEY_CTL_CCMP;
1192            }
1193            DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1194        } else {
1195            // use group key
1196            KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1197            if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1198                byDecMode = KEY_CTL_TKIP;
1199            else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1200                byDecMode = KEY_CTL_CCMP;
1201            DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1202        }
1203    }
1204    // our WEP only support Default Key
1205    if (pKey == NULL) {
1206        // use default group key
1207        KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1208        if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1209            byDecMode = KEY_CTL_TKIP;
1210        else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1211            byDecMode = KEY_CTL_CCMP;
1212    }
1213    *pKeyOut = pKey;
1214
1215    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1216
1217    if (pKey == NULL) {
1218        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1219        if (byDecMode == KEY_CTL_WEP) {
1220//            pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1221        } else if (pDevice->bLinkPass == TRUE) {
1222//            pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1223        }
1224        return FALSE;
1225    }
1226    if (byDecMode != pKey->byCipherSuite) {
1227        if (byDecMode == KEY_CTL_WEP) {
1228//            pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1229        } else if (pDevice->bLinkPass == TRUE) {
1230//            pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1231        }
1232        *pKeyOut = NULL;
1233        return FALSE;
1234    }
1235    if (byDecMode == KEY_CTL_WEP) {
1236        // handle WEP
1237        if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1238            (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1239            // Software WEP
1240            // 1. 3253A
1241            // 2. WEP 256
1242
1243            PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1244            memcpy(pDevice->abyPRNG, pbyIV, 3);
1245            memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1246            rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1247            rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1248
1249            if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1250                *pbyNewRsr |= NEWRSR_DECRYPTOK;
1251            }
1252        }
1253    } else if ((byDecMode == KEY_CTL_TKIP) ||
1254               (byDecMode == KEY_CTL_CCMP)) {
1255        // TKIP/AES
1256
1257        PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1258        *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1259        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1260        if (byDecMode == KEY_CTL_TKIP) {
1261            *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1262        } else {
1263            *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1264        }
1265        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1266
1267        if ((byDecMode == KEY_CTL_TKIP) &&
1268            (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1269            // Software TKIP
1270            // 1. 3253 A
1271            PS802_11Header  pMACHeader = (PS802_11Header) (pbyFrame);
1272            TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1273            rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1274            rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1275            if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1276                *pbyNewRsr |= NEWRSR_DECRYPTOK;
1277                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1278            } else {
1279                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1280                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1281            }
1282        }
1283    }// end of TKIP/AES
1284
1285    if ((*(pbyIV+3) & 0x20) != 0)
1286        *pbExtIV = TRUE;
1287    return TRUE;
1288}
1289
1290
1291static BOOL s_bHostWepRxEncryption (
1292     PSDevice     pDevice,
1293     PBYTE        pbyFrame,
1294     unsigned int         FrameSize,
1295     PBYTE        pbyRsr,
1296     BOOL         bOnFly,
1297     PSKeyItem    pKey,
1298     PBYTE       pbyNewRsr,
1299    int *       pbExtIV,
1300     PWORD       pwRxTSC15_0,
1301     PDWORD      pdwRxTSC47_16
1302    )
1303{
1304    PSMgmtObject    pMgmt = &(pDevice->sMgmtObj);
1305    unsigned int            PayloadLen = FrameSize;
1306    PBYTE           pbyIV;
1307    BYTE            byKeyIdx;
1308    BYTE            byDecMode = KEY_CTL_WEP;
1309    PS802_11Header  pMACHeader;
1310
1311
1312
1313    *pwRxTSC15_0 = 0;
1314    *pdwRxTSC47_16 = 0;
1315
1316    pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1317    if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1318         WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1319         pbyIV += 6;             // 6 is 802.11 address4
1320         PayloadLen -= 6;
1321    }
1322    byKeyIdx = (*(pbyIV+3) & 0xc0);
1323    byKeyIdx >>= 6;
1324    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1325
1326
1327    if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1328        byDecMode = KEY_CTL_TKIP;
1329    else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1330        byDecMode = KEY_CTL_CCMP;
1331
1332    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1333
1334    if (byDecMode != pKey->byCipherSuite) {
1335        if (byDecMode == KEY_CTL_WEP) {
1336//            pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1337        } else if (pDevice->bLinkPass == TRUE) {
1338//            pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1339        }
1340        return FALSE;
1341    }
1342
1343    if (byDecMode == KEY_CTL_WEP) {
1344        // handle WEP
1345        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1346        if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1347            (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1348            (bOnFly == FALSE)) {
1349            // Software WEP
1350            // 1. 3253A
1351            // 2. WEP 256
1352            // 3. NotOnFly
1353
1354            PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1355            memcpy(pDevice->abyPRNG, pbyIV, 3);
1356            memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1357            rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1358            rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1359
1360            if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1361                *pbyNewRsr |= NEWRSR_DECRYPTOK;
1362            }
1363        }
1364    } else if ((byDecMode == KEY_CTL_TKIP) ||
1365               (byDecMode == KEY_CTL_CCMP)) {
1366        // TKIP/AES
1367
1368        PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1369        *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1370        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1371
1372        if (byDecMode == KEY_CTL_TKIP) {
1373            *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1374        } else {
1375            *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1376        }
1377        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1378
1379        if (byDecMode == KEY_CTL_TKIP) {
1380
1381            if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1382                // Software TKIP
1383                // 1. 3253 A
1384                // 2. NotOnFly
1385                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1386                pMACHeader = (PS802_11Header) (pbyFrame);
1387                TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1388                rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1389       

Large files files are truncated, but you can click here to view the full file