search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Btrfs: device_list_add() should not update list when mounted
[linux/fpc-iii.git] / drivers / staging / vt6655 / dpc.c
blob7ddaf2603ba6a37a126882e00b8d7b112ac41e31
1 /*
2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
3 * All rights reserved.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * File: dpc.c
20 *
21 * Purpose: handle dpc rx functions
22 *
23 * Author: Lyndon Chen
24 *
25 * Date: May 20, 2003
26 *
27 * Functions:
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
36 *
37 * Revision History:
38 *
39 */
40
41 #include "device.h"
42 #include "rxtx.h"
43 #include "tether.h"
44 #include "card.h"
45 #include "bssdb.h"
46 #include "mac.h"
47 #include "baseband.h"
48 #include "michael.h"
49 #include "tkip.h"
50 #include "tcrc.h"
51 #include "wctl.h"
52 #include "wroute.h"
53 #include "hostap.h"
54 #include "rf.h"
55 #include "iowpa.h"
56 #include "aes_ccmp.h"
57
58 /*--------------------- Static Definitions -------------------------*/
59
60 /*--------------------- Static Classes ----------------------------*/
61
62 /*--------------------- Static Variables --------------------------*/
63 static int msglevel = MSG_LEVEL_INFO;
64
65 const unsigned char acbyRxRate[MAX_RATE] =
66 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
67
68 /*--------------------- Static Functions --------------------------*/
69
70 /*--------------------- Static Definitions -------------------------*/
71
72 /*--------------------- Static Functions --------------------------*/
73
74 static unsigned char s_byGetRateIdx(unsigned char byRate);
75
76 static void
77 s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize,
78 PSEthernetHeader psEthHeader);
79
80 static void
81 s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr,
82 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV,
83 unsigned int *pcbHeadSize);
84
85 static bool s_bAPModeRxCtl(
86 PSDevice pDevice,
87 unsigned char *pbyFrame,
88 int iSANodeIndex
89 );
90
91 static bool s_bAPModeRxData(
92 PSDevice pDevice,
93 struct sk_buff *skb,
94 unsigned int FrameSize,
95 unsigned int cbHeaderOffset,
96 int iSANodeIndex,
97 int iDANodeIndex
98 );
99
100 static bool s_bHandleRxEncryption(
101 PSDevice pDevice,
102 unsigned char *pbyFrame,
103 unsigned int FrameSize,
104 unsigned char *pbyRsr,
105 unsigned char *pbyNewRsr,
106 PSKeyItem *pKeyOut,
107 bool *pbExtIV,
108 unsigned short *pwRxTSC15_0,
109 unsigned long *pdwRxTSC47_16
110 );
111
112 static bool s_bHostWepRxEncryption(
113
114 PSDevice pDevice,
115 unsigned char *pbyFrame,
116 unsigned int FrameSize,
117 unsigned char *pbyRsr,
118 bool bOnFly,
119 PSKeyItem pKey,
120 unsigned char *pbyNewRsr,
121 bool *pbExtIV,
122 unsigned short *pwRxTSC15_0,
123 unsigned long *pdwRxTSC47_16
124
125 );
126
127 /*--------------------- Export Variables --------------------------*/
128
129 /*+
130 *
131 * Description:
132 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
133 *
134 * Parameters:
135 * In:
136 * pDevice
137 * dwRxBufferAddr - Address of Rcv Buffer
138 * cbPacketSize - Rcv Packet size
139 * bIsWEP - If Rcv with WEP
140 * Out:
141 * pcbHeaderSize - 802.11 header size
142 *
143 * Return Value: None
144 *
145 -*/
146 static void
147 s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr,
148 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV,
149 unsigned int *pcbHeadSize)
150 {
151 unsigned char *pbyRxBuffer;
152 unsigned int cbHeaderSize = 0;
153 unsigned short *pwType;
154 PS802_11Header pMACHeader;
155 int ii;
156
157 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
158
159 s_vGetDASA((unsigned char *)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
160
161 if (bIsWEP) {
162 if (bExtIV) {
163 // strip IV&ExtIV , add 8 byte
164 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
165 } else {
166 // strip IV , add 4 byte
167 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
168 }
169 } else {
170 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
171 }
172
173 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize);
174 if (ether_addr_equal(pbyRxBuffer, pDevice->abySNAP_Bridgetunnel)) {
175 cbHeaderSize += 6;
176 } else if (ether_addr_equal(pbyRxBuffer, pDevice->abySNAP_RFC1042)) {
177 cbHeaderSize += 6;
178 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize);
179 if ((*pwType != TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
180 } else {
181 cbHeaderSize -= 8;
182 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize);
183 if (bIsWEP) {
184 if (bExtIV)
185 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
186 else
187 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
188
189 } else {
190 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
191 }
192 }
193 } else {
194 cbHeaderSize -= 2;
195 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize);
196 if (bIsWEP) {
197 if (bExtIV)
198 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
199 else
200 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
201
202 } else {
203 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
204 }
205 }
206
207 cbHeaderSize -= (ETH_ALEN * 2);
208 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize);
209 for (ii = 0; ii < ETH_ALEN; ii++)
210 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
211 for (ii = 0; ii < ETH_ALEN; ii++)
212 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
213
214 *pcbHeadSize = cbHeaderSize;
215 }
216
217 static unsigned char s_byGetRateIdx(unsigned char byRate)
218 {
219 unsigned char byRateIdx;
220
221 for (byRateIdx = 0; byRateIdx < MAX_RATE; byRateIdx++) {
222 if (acbyRxRate[byRateIdx % MAX_RATE] == byRate)
223 return byRateIdx;
224 }
225
226 return 0;
227 }
228
229 static void
230 s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize,
231 PSEthernetHeader psEthHeader)
232 {
233 unsigned int cbHeaderSize = 0;
234 PS802_11Header pMACHeader;
235 int ii;
236
237 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
238
239 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
240 if (pMACHeader->wFrameCtl & FC_FROMDS) {
241 for (ii = 0; ii < ETH_ALEN; ii++) {
242 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
243 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
244 }
245 } else {
246 // IBSS mode
247 for (ii = 0; ii < ETH_ALEN; ii++) {
248 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
249 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
250 }
251 }
252 } else {
253 // Is AP mode..
254 if (pMACHeader->wFrameCtl & FC_FROMDS) {
255 for (ii = 0; ii < ETH_ALEN; ii++) {
256 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
257 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
258 cbHeaderSize += 6;
259 }
260 } else {
261 for (ii = 0; ii < ETH_ALEN; ii++) {
262 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
263 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
264 }
265 }
266 }
267 *pcbHeaderSize = cbHeaderSize;
268 }
269
270 //PLICE_DEBUG ->
271
272 void MngWorkItem(void *Context)
273 {
274 PSRxMgmtPacket pRxMgmtPacket;
275 PSDevice pDevice = (PSDevice) Context;
276
277 spin_lock_irq(&pDevice->lock);
278 while (pDevice->rxManeQueue.packet_num != 0) {
279 pRxMgmtPacket = DeQueue(pDevice);
280 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket);
281 }
282 spin_unlock_irq(&pDevice->lock);
283 }
284
285 //PLICE_DEBUG<-
286
287 bool
288 device_receive_frame(
289 PSDevice pDevice,
290 PSRxDesc pCurrRD
291 )
292 {
293 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo;
294 struct net_device_stats *pStats = &pDevice->stats;
295 struct sk_buff *skb;
296 PSMgmtObject pMgmt = pDevice->pMgmt;
297 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket);
298 PS802_11Header p802_11Header;
299 unsigned char *pbyRsr;
300 unsigned char *pbyNewRsr;
301 unsigned char *pbyRSSI;
302 PQWORD pqwTSFTime;
303 unsigned short *pwFrameSize;
304 unsigned char *pbyFrame;
305 bool bDeFragRx = false;
306 bool bIsWEP = false;
307 unsigned int cbHeaderOffset;
308 unsigned int FrameSize;
309 unsigned short wEtherType = 0;
310 int iSANodeIndex = -1;
311 int iDANodeIndex = -1;
312 unsigned int ii;
313 unsigned int cbIVOffset;
314 bool bExtIV = false;
315 unsigned char *pbyRxSts;
316 unsigned char *pbyRxRate;
317 unsigned char *pbySQ;
318 unsigned int cbHeaderSize;
319 PSKeyItem pKey = NULL;
320 unsigned short wRxTSC15_0 = 0;
321 unsigned long dwRxTSC47_16 = 0;
322 SKeyItem STempKey;
323 // 802.11h RPI
324 unsigned long dwDuration = 0;
325 long ldBm = 0;
326 long ldBmThreshold = 0;
327 PS802_11Header pMACHeader;
328 bool bRxeapol_key = false;
329
330 skb = pRDInfo->skb;
331
332 //PLICE_DEBUG->
333 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma,
334 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE);
335 //PLICE_DEBUG<-
336 pwFrameSize = (unsigned short *)(skb->data + 2);
337 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount);
338
339 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
340 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
341 if ((FrameSize > 2364) || (FrameSize <= 32)) {
342 // Frame Size error drop this packet.
343 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 1 \n");
344 return false;
345 }
346
347 pbyRxSts = (unsigned char *)(skb->data);
348 pbyRxRate = (unsigned char *)(skb->data + 1);
349 pbyRsr = (unsigned char *)(skb->data + FrameSize - 1);
350 pbyRSSI = (unsigned char *)(skb->data + FrameSize - 2);
351 pbyNewRsr = (unsigned char *)(skb->data + FrameSize - 3);
352 pbySQ = (unsigned char *)(skb->data + FrameSize - 4);
353 pqwTSFTime = (PQWORD)(skb->data + FrameSize - 12);
354 pbyFrame = (unsigned char *)(skb->data + 4);
355
356 // get packet size
357 FrameSize = cpu_to_le16(*pwFrameSize);
358
359 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC
360 // Min: 14 bytes ACK
361 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2 \n");
362 return false;
363 }
364 //PLICE_DEBUG->
365 // update receive statistic counter
366 STAvUpdateRDStatCounter(&pDevice->scStatistic,
367 *pbyRsr,
368 *pbyNewRsr,
369 *pbyRxRate,
370 pbyFrame,
371 FrameSize);
372
373 pMACHeader = (PS802_11Header)((unsigned char *)(skb->data) + 8);
374 //PLICE_DEBUG<-
375 if (pDevice->bMeasureInProgress) {
376 if ((*pbyRsr & RSR_CRCOK) != 0)
377 pDevice->byBasicMap |= 0x01;
378
379 dwDuration = (FrameSize << 4);
380 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE];
381 if (*pbyRxRate <= RATE_11M) {
382 if (*pbyRxSts & 0x01) {
383 // long preamble
384 dwDuration += 192;
385 } else {
386 // short preamble
387 dwDuration += 96;
388 }
389 } else {
390 dwDuration += 16;
391 }
392 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
393 ldBmThreshold = -57;
394 for (ii = 7; ii > 0;) {
395 if (ldBm > ldBmThreshold)
396 break;
397
398 ldBmThreshold -= 5;
399 ii--;
400 }
401 pDevice->dwRPIs[ii] += dwDuration;
402 return false;
403 }
404
405 if (!is_multicast_ether_addr(pbyFrame)) {
406 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header)(skb->data + 4))) {
407 pDevice->s802_11Counter.FrameDuplicateCount++;
408 return false;
409 }
410 }
411
412 // Use for TKIP MIC
413 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader);
414
415 // filter packet send from myself
416 if (ether_addr_equal(pDevice->sRxEthHeader.abySrcAddr,
417 pDevice->abyCurrentNetAddr))
418 return false;
419
420 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
421 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
422 p802_11Header = (PS802_11Header)(pbyFrame);
423 // get SA NodeIndex
424 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(p802_11Header->abyAddr2), &iSANodeIndex)) {
425 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
426 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
427 }
428 }
429 }
430
431 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
432 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex))
433 return false;
434 }
435
436 if (IS_FC_WEP(pbyFrame)) {
437 bool bRxDecryOK = false;
438
439 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx WEP pkt\n");
440 bIsWEP = true;
441 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
442 pKey = &STempKey;
443 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
444 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
445 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
446 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
447 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
448 memcpy(pKey->abyKey,
449 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
450 pKey->uKeyLength
451 );
452
453 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
454 pbyFrame,
455 FrameSize,
456 pbyRsr,
457 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
458 pKey,
459 pbyNewRsr,
460 &bExtIV,
461 &wRxTSC15_0,
462 &dwRxTSC47_16);
463 } else {
464 bRxDecryOK = s_bHandleRxEncryption(pDevice,
465 pbyFrame,
466 FrameSize,
467 pbyRsr,
468 pbyNewRsr,
469 &pKey,
470 &bExtIV,
471 &wRxTSC15_0,
472 &dwRxTSC47_16);
473 }
474
475 if (bRxDecryOK) {
476 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
477 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV Fail\n");
478 if ((pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
479 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
480 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
481 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
482 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
483 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP))
484 pDevice->s802_11Counter.TKIPICVErrors++;
485 else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
486 pDevice->s802_11Counter.CCMPDecryptErrors++;
487 }
488 return false;
489 }
490 } else {
491 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "WEP Func Fail\n");
492 return false;
493 }
494 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
495 FrameSize -= 8; // Message Integrity Code
496 else
497 FrameSize -= 4; // 4 is ICV
498 }
499
500 //
501 // RX OK
502 //
503 //remove the CRC length
504 FrameSize -= ETH_FCS_LEN;
505
506 if ((!(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address
507 (IS_FRAGMENT_PKT((skb->data+4)))
508 ) {
509 // defragment
510 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header)(skb->data+4), FrameSize, bIsWEP, bExtIV);
511 pDevice->s802_11Counter.ReceivedFragmentCount++;
512 if (bDeFragRx) {
513 // defrag complete
514 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
515 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
516
517 } else {
518 return false;
519 }
520 }
521
522 // Management & Control frame Handle
523 if ((IS_TYPE_DATA((skb->data+4))) == false) {
524 // Handle Control & Manage Frame
525
526 if (IS_TYPE_MGMT((skb->data+4))) {
527 unsigned char *pbyData1;
528 unsigned char *pbyData2;
529
530 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4);
531 pRxPacket->cbMPDULen = FrameSize;
532 pRxPacket->uRSSI = *pbyRSSI;
533 pRxPacket->bySQ = *pbySQ;
534 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
535 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
536 if (bIsWEP) {
537 // strip IV
538 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4);
539 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4;
540 for (ii = 0; ii < (FrameSize - 4); ii++) {
541 *pbyData1 = *pbyData2;
542 pbyData1++;
543 pbyData2++;
544 }
545 }
546 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
547 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
548 //PLICE_DEBUG->
549
550 #ifdef THREAD
551 EnQueue(pDevice, pRxPacket);
552 #else
553
554 #ifdef TASK_LET
555 EnQueue(pDevice, pRxPacket);
556 tasklet_schedule(&pDevice->RxMngWorkItem);
557 #else
558 vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket);
559 #endif
560
561 #endif
562 //PLICE_DEBUG<-
563 // hostap Deamon handle 802.11 management
564 if (pDevice->bEnableHostapd) {
565 skb->dev = pDevice->apdev;
566 skb->data += 4;
567 skb->tail += 4;
568 skb_put(skb, FrameSize);
569 skb_reset_mac_header(skb);
570 skb->pkt_type = PACKET_OTHERHOST;
571 skb->protocol = htons(ETH_P_802_2);
572 memset(skb->cb, 0, sizeof(skb->cb));
573 netif_rx(skb);
574 return true;
575 }
576 }
577
578 return false;
579 } else {
580 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
581 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
582 if (!(*pbyRsr & RSR_BSSIDOK)) {
583 if (bDeFragRx) {
584 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
585 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
586 pDevice->dev->name);
587 }
588 }
589 return false;
590 }
591 } else {
592 // discard DATA packet while not associate || BSSID error
593 if (!pDevice->bLinkPass || !(*pbyRsr & RSR_BSSIDOK)) {
594 if (bDeFragRx) {
595 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
596 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
597 pDevice->dev->name);
598 }
599 }
600 return false;
601 }
602 //mike add:station mode check eapol-key challenge--->
603 {
604 unsigned char Protocol_Version; //802.1x Authentication
605 unsigned char Packet_Type; //802.1x Authentication
606 if (bIsWEP)
607 cbIVOffset = 8;
608 else
609 cbIVOffset = 0;
610 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
611 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
612 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1];
613 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1 + 1];
614 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
615 if (((Protocol_Version == 1) || (Protocol_Version == 2)) &&
616 (Packet_Type == 3)) { //802.1x OR eapol-key challenge frame receive
617 bRxeapol_key = true;
618 }
619 }
620 }
621 //mike add:station mode check eapol-key challenge<---
622 }
623 }
624
625 // Data frame Handle
626
627 if (pDevice->bEnablePSMode) {
628 if (!IS_FC_MOREDATA((skb->data+4))) {
629 if (pDevice->pMgmt->bInTIMWake == true)
630 pDevice->pMgmt->bInTIMWake = false;
631 }
632 }
633
634 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
635 if (pDevice->bDiversityEnable && (FrameSize > 50) &&
636 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
637 pDevice->bLinkPass) {
638 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
639 }
640
641 if (pDevice->byLocalID != REV_ID_VT3253_B1)
642 pDevice->uCurrRSSI = *pbyRSSI;
643
644 pDevice->byCurrSQ = *pbySQ;
645
646 if ((*pbyRSSI != 0) &&
647 (pMgmt->pCurrBSS != NULL)) {
648 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
649 // Monitor if RSSI is too strong.
650 pMgmt->pCurrBSS->byRSSIStatCnt++;
651 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
652 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
653 for (ii = 0; ii < RSSI_STAT_COUNT; ii++)
654 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0)
655 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
656
657 }
658
659 // -----------------------------------------------
660
661 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && pDevice->bEnable8021x) {
662 unsigned char abyMacHdr[24];
663
664 // Only 802.1x packet incoming allowed
665 if (bIsWEP)
666 cbIVOffset = 8;
667 else
668 cbIVOffset = 0;
669 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) |
670 skb->data[cbIVOffset + 4 + 24 + 6 + 1];
671
672 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wEtherType = %04x \n", wEtherType);
673 if (wEtherType == ETH_P_PAE) {
674 skb->dev = pDevice->apdev;
675
676 if (bIsWEP) {
677 // strip IV header(8)
678 memcpy(&abyMacHdr[0], (skb->data + 4), 24);
679 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24);
680 }
681 skb->data += (cbIVOffset + 4);
682 skb->tail += (cbIVOffset + 4);
683 skb_put(skb, FrameSize);
684 skb_reset_mac_header(skb);
685
686 skb->pkt_type = PACKET_OTHERHOST;
687 skb->protocol = htons(ETH_P_802_2);
688 memset(skb->cb, 0, sizeof(skb->cb));
689 netif_rx(skb);
690 return true;
691
692 }
693 // check if 802.1x authorized
694 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
695 return false;
696 }
697
698 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
699 if (bIsWEP)
700 FrameSize -= 8; //MIC
701 }
702
703 //--------------------------------------------------------------------------------
704 // Soft MIC
705 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
706 if (bIsWEP) {
707 __le32 *pdwMIC_L;
708 __le32 *pdwMIC_R;
709 __le32 dwMIC_Priority;
710 __le32 dwMICKey0 = 0, dwMICKey1 = 0;
711 u32 dwLocalMIC_L = 0;
712 u32 dwLocalMIC_R = 0;
713 viawget_wpa_header *wpahdr;
714
715 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
716 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[24]));
717 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[28]));
718 } else {
719 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
720 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[16]));
721 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[20]));
722 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
723 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[16]));
724 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[20]));
725 } else {
726 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[24]));
727 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[28]));
728 }
729 }
730
731 MIC_vInit(dwMICKey0, dwMICKey1);
732 MIC_vAppend((unsigned char *)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
733 dwMIC_Priority = 0;
734 MIC_vAppend((unsigned char *)&dwMIC_Priority, 4);
735 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
736 MIC_vAppend((unsigned char *)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8),
737 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
738 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
739 MIC_vUnInit();
740
741 pdwMIC_L = (__le32 *)(skb->data + 4 + FrameSize);
742 pdwMIC_R = (__le32 *)(skb->data + 4 + FrameSize + 4);
743
744 if ((le32_to_cpu(*pdwMIC_L) != dwLocalMIC_L) ||
745 (le32_to_cpu(*pdwMIC_R) != dwLocalMIC_R) ||
746 pDevice->bRxMICFail) {
747 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "MIC comparison is fail!\n");
748 pDevice->bRxMICFail = false;
749 pDevice->s802_11Counter.TKIPLocalMICFailures++;
750 if (bDeFragRx) {
751 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
752 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
753 pDevice->dev->name);
754 }
755 }
756 //2008-0409-07, <Add> by Einsn Liu
757 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
758 //send event to wpa_supplicant
759 {
760 union iwreq_data wrqu;
761 struct iw_michaelmicfailure ev;
762 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
763 memset(&ev, 0, sizeof(ev));
764 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
765 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
766 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
767 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
768 ev.flags |= IW_MICFAILURE_PAIRWISE;
769 } else {
770 ev.flags |= IW_MICFAILURE_GROUP;
771 }
772
773 ev.src_addr.sa_family = ARPHRD_ETHER;
774 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
775 memset(&wrqu, 0, sizeof(wrqu));
776 wrqu.data.length = sizeof(ev);
777 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
778
779 }
780 #endif
781
782 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
783 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
784 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
785 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
786 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
787 wpahdr->type = VIAWGET_PTK_MIC_MSG;
788 } else {
789 wpahdr->type = VIAWGET_GTK_MIC_MSG;
790 }
791 wpahdr->resp_ie_len = 0;
792 wpahdr->req_ie_len = 0;
793 skb_put(pDevice->skb, sizeof(viawget_wpa_header));
794 pDevice->skb->dev = pDevice->wpadev;
795 skb_reset_mac_header(pDevice->skb);
796 pDevice->skb->pkt_type = PACKET_HOST;
797 pDevice->skb->protocol = htons(ETH_P_802_2);
798 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
799 netif_rx(pDevice->skb);
800 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
801 }
802
803 return false;
804
805 }
806 }
807 } //---end of SOFT MIC-----------------------------------------------------------------------
808
809 // ++++++++++ Reply Counter Check +++++++++++++
810
811 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
812 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
813 if (bIsWEP) {
814 unsigned short wLocalTSC15_0 = 0;
815 unsigned long dwLocalTSC47_16 = 0;
816 unsigned long long RSC = 0;
817 // endian issues
818 RSC = *((unsigned long long *)&(pKey->KeyRSC));
819 wLocalTSC15_0 = (unsigned short)RSC;
820 dwLocalTSC47_16 = (unsigned long)(RSC>>16);
821
822 RSC = dwRxTSC47_16;
823 RSC <<= 16;
824 RSC += wRxTSC15_0;
825 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
826
827 if ((pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
828 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
829 // check RSC
830 if ((wRxTSC15_0 < wLocalTSC15_0) &&
831 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
832 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
833 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC is illegal~~!\n ");
834 if (pKey->byCipherSuite == KEY_CTL_TKIP)
835 pDevice->s802_11Counter.TKIPReplays++;
836 else
837 pDevice->s802_11Counter.CCMPReplays++;
838
839 if (bDeFragRx) {
840 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
841 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
842 pDevice->dev->name);
843 }
844 }
845 return false;
846 }
847 }
848 }
849 } // ----- End of Reply Counter Check --------------------------
850
851 s_vProcessRxMACHeader(pDevice, (unsigned char *)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
852 FrameSize -= cbHeaderOffset;
853 cbHeaderOffset += 4; // 4 is Rcv buffer header
854
855 // Null data, framesize = 14
856 if (FrameSize < 15)
857 return false;
858
859 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
860 if (!s_bAPModeRxData(pDevice,
861 skb,
862 FrameSize,
863 cbHeaderOffset,
864 iSANodeIndex,
865 iDANodeIndex
866 )) {
867 if (bDeFragRx) {
868 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
869 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
870 pDevice->dev->name);
871 }
872 }
873 return false;
874 }
875 }
876
877 skb->data += cbHeaderOffset;
878 skb->tail += cbHeaderOffset;
879 skb_put(skb, FrameSize);
880 skb->protocol = eth_type_trans(skb, skb->dev);
881
882 //drop frame not met IEEE 802.3
883
884 skb->ip_summed = CHECKSUM_NONE;
885 pStats->rx_bytes += skb->len;
886 pStats->rx_packets++;
887 netif_rx(skb);
888
889 if (bDeFragRx) {
890 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
891 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
892 pDevice->dev->name);
893 }
894 return false;
895 }
896
897 return true;
898 }
899
900 static bool s_bAPModeRxCtl(
901 PSDevice pDevice,
902 unsigned char *pbyFrame,
903 int iSANodeIndex
904 )
905 {
906 PS802_11Header p802_11Header;
907 CMD_STATUS Status;
908 PSMgmtObject pMgmt = pDevice->pMgmt;
909
910 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
911 p802_11Header = (PS802_11Header)(pbyFrame);
912 if (!IS_TYPE_MGMT(pbyFrame)) {
913 // Data & PS-Poll packet
914 // check frame class
915 if (iSANodeIndex > 0) {
916 // frame class 3 fliter & checking
917 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
918 // send deauth notification
919 // reason = (6) class 2 received from nonauth sta
920 vMgrDeAuthenBeginSta(pDevice,
921 pMgmt,
922 (unsigned char *)(p802_11Header->abyAddr2),
923 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
924 &Status
925 );
926 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
927 return true;
928 }
929 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
930 // send deassoc notification
931 // reason = (7) class 3 received from nonassoc sta
932 vMgrDisassocBeginSta(pDevice,
933 pMgmt,
934 (unsigned char *)(p802_11Header->abyAddr2),
935 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
936 &Status
937 );
938 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
939 return true;
940 }
941
942 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
943 // delcare received ps-poll event
944 if (IS_CTL_PSPOLL(pbyFrame)) {
945 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
946 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
947 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
948 } else {
949 // check Data PS state
950 // if PW bit off, send out all PS bufferring packets.
951 if (!IS_FC_POWERMGT(pbyFrame)) {
952 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false;
953 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
954 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
955 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
956 }
957 }
958 } else {
959 if (IS_FC_POWERMGT(pbyFrame)) {
960 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = true;
961 // Once if STA in PS state, enable multicast bufferring
962 pMgmt->sNodeDBTable[0].bPSEnable = true;
963 } else {
964 // clear all pending PS frame.
965 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
966 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false;
967 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
968 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
969 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
970
971 }
972 }
973 }
974 } else {
975 vMgrDeAuthenBeginSta(pDevice,
976 pMgmt,
977 (unsigned char *)(p802_11Header->abyAddr2),
978 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
979 &Status
980 );
981 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
982 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%pM\n",
983 p802_11Header->abyAddr3);
984 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%pM\n",
985 p802_11Header->abyAddr2);
986 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%pM\n",
987 p802_11Header->abyAddr1);
988 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl);
989 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode));
990 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode);
991 return true;
992 }
993 }
994 }
995 return false;
996 }
997
998 static bool s_bHandleRxEncryption(
999 PSDevice pDevice,
1000 unsigned char *pbyFrame,
1001 unsigned int FrameSize,
1002 unsigned char *pbyRsr,
1003 unsigned char *pbyNewRsr,
1004 PSKeyItem *pKeyOut,
1005 bool *pbExtIV,
1006 unsigned short *pwRxTSC15_0,
1007 unsigned long *pdwRxTSC47_16
1008 )
1009 {
1010 unsigned int PayloadLen = FrameSize;
1011 unsigned char *pbyIV;
1012 unsigned char byKeyIdx;
1013 PSKeyItem pKey = NULL;
1014 unsigned char byDecMode = KEY_CTL_WEP;
1015 PSMgmtObject pMgmt = pDevice->pMgmt;
1016
1017 *pwRxTSC15_0 = 0;
1018 *pdwRxTSC47_16 = 0;
1019
1020 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1021 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) &&
1022 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) {
1023 pbyIV += 6; // 6 is 802.11 address4
1024 PayloadLen -= 6;
1025 }
1026 byKeyIdx = (*(pbyIV+3) & 0xc0);
1027 byKeyIdx >>= 6;
1028 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "\nKeyIdx: %d\n", byKeyIdx);
1029
1030 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1031 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1032 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1033 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1034 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1035 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1036 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) {
1037 // unicast pkt use pairwise key
1038 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "unicast pkt\n");
1039 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == true) {
1040 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP)
1041 byDecMode = KEY_CTL_TKIP;
1042 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP)
1043 byDecMode = KEY_CTL_CCMP;
1044 }
1045 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "unicast pkt: %d, %p\n", byDecMode, pKey);
1046 } else {
1047 // use group key
1048 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1049 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1050 byDecMode = KEY_CTL_TKIP;
1051 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1052 byDecMode = KEY_CTL_CCMP;
1053 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1054 }
1055 }
1056 // our WEP only support Default Key
1057 if (pKey == NULL) {
1058 // use default group key
1059 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1060 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1061 byDecMode = KEY_CTL_TKIP;
1062 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1063 byDecMode = KEY_CTL_CCMP;
1064 }
1065 *pKeyOut = pKey;
1066
1067 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1068
1069 if (pKey == NULL) {
1070 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "pKey == NULL\n");
1071
1072 return false;
1073 }
1074 if (byDecMode != pKey->byCipherSuite) {
1075
1076 *pKeyOut = NULL;
1077 return false;
1078 }
1079 if (byDecMode == KEY_CTL_WEP) {
1080 // handle WEP
1081 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1082 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true)) {
1083 // Software WEP
1084 // 1. 3253A
1085 // 2. WEP 256
1086
1087 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1088 memcpy(pDevice->abyPRNG, pbyIV, 3);
1089 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1090 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1091 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1092
1093 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen))
1094 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1095
1096 }
1097 } else if ((byDecMode == KEY_CTL_TKIP) ||
1098 (byDecMode == KEY_CTL_CCMP)) {
1099 // TKIP/AES
1100
1101 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1102 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4));
1103 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ExtIV: %lx\n", *pdwRxTSC47_16);
1104 if (byDecMode == KEY_CTL_TKIP)
1105 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV + 2), *pbyIV));
1106 else
1107 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV);
1108
1109 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC0_15: %x\n", *pwRxTSC15_0);
1110
1111 if ((byDecMode == KEY_CTL_TKIP) &&
1112 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1113 // Software TKIP
1114 // 1. 3253 A
1115 PS802_11Header pMACHeader = (PS802_11Header)(pbyFrame);
1116 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1117 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1118 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1119 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1120 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1121 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV OK!\n");
1122 } else {
1123 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV FAIL!!!\n");
1124 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "PayloadLen = %d\n", PayloadLen);
1125 }
1126 }
1127 }// end of TKIP/AES
1128
1129 if ((*(pbyIV+3) & 0x20) != 0)
1130 *pbExtIV = true;
1131 return true;
1132 }
1133
1134 static bool s_bHostWepRxEncryption(
1135 PSDevice pDevice,
1136 unsigned char *pbyFrame,
1137 unsigned int FrameSize,
1138 unsigned char *pbyRsr,
1139 bool bOnFly,
1140 PSKeyItem pKey,
1141 unsigned char *pbyNewRsr,
1142 bool *pbExtIV,
1143 unsigned short *pwRxTSC15_0,
1144 unsigned long *pdwRxTSC47_16
1145 )
1146 {
1147 unsigned int PayloadLen = FrameSize;
1148 unsigned char *pbyIV;
1149 unsigned char byKeyIdx;
1150 unsigned char byDecMode = KEY_CTL_WEP;
1151 PS802_11Header pMACHeader;
1152
1153 *pwRxTSC15_0 = 0;
1154 *pdwRxTSC47_16 = 0;
1155
1156 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1157 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) &&
1158 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) {
1159 pbyIV += 6; // 6 is 802.11 address4
1160 PayloadLen -= 6;
1161 }
1162 byKeyIdx = (*(pbyIV+3) & 0xc0);
1163 byKeyIdx >>= 6;
1164 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "\nKeyIdx: %d\n", byKeyIdx);
1165
1166 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1167 byDecMode = KEY_CTL_TKIP;
1168 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1169 byDecMode = KEY_CTL_CCMP;
1170
1171 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1172
1173 if (byDecMode != pKey->byCipherSuite)
1174 return false;
1175
1176 if (byDecMode == KEY_CTL_WEP) {
1177 // handle WEP
1178 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "byDecMode == KEY_CTL_WEP \n");
1179 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1180 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true) ||
1181 !bOnFly) {
1182 // Software WEP
1183 // 1. 3253A
1184 // 2. WEP 256
1185 // 3. NotOnFly
1186
1187 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1188 memcpy(pDevice->abyPRNG, pbyIV, 3);
1189 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1190 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1191 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1192
1193 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen))
1194 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1195
1196 }
1197 } else if ((byDecMode == KEY_CTL_TKIP) ||
1198 (byDecMode == KEY_CTL_CCMP)) {
1199 // TKIP/AES
1200
1201 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1202 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4));
1203 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ExtIV: %lx\n", *pdwRxTSC47_16);
1204
1205 if (byDecMode == KEY_CTL_TKIP)
1206 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1207 else
1208 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV);
1209
1210 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC0_15: %x\n", *pwRxTSC15_0);
1211
1212 if (byDecMode == KEY_CTL_TKIP) {
1213 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || !bOnFly) {
1214 // Software TKIP
1215 // 1. 3253 A
1216 // 2. NotOnFly
1217 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "soft KEY_CTL_TKIP \n");
1218 pMACHeader = (PS802_11Header)(pbyFrame);
1219 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1220 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1221 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1222 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1223 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1224 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV OK!\n");
1225 } else {
1226 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV FAIL!!!\n");
1227 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "PayloadLen = %d\n", PayloadLen);
1228 }
1229 }
1230 }
1231
1232 if (byDecMode == KEY_CTL_CCMP) {
1233 if (!bOnFly) {
1234 // Software CCMP
1235 // NotOnFly
1236 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "soft KEY_CTL_CCMP\n");
1237 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1238 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1239 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "CCMP MIC compare OK!\n");
1240 } else {
1241 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "CCMP MIC fail!\n");
1242 }
1243 }
1244 }
1245
1246 }// end of TKIP/AES
1247
1248 if ((*(pbyIV+3) & 0x20) != 0)
1249 *pbExtIV = true;
1250 return true;
1251 }
1252
1253 static bool s_bAPModeRxData(
1254 PSDevice pDevice,
1255 struct sk_buff *skb,
1256 unsigned int FrameSize,
1257 unsigned int cbHeaderOffset,
1258 int iSANodeIndex,
1259 int iDANodeIndex
1260 )
1261 {
1262 PSMgmtObject pMgmt = pDevice->pMgmt;
1263 bool bRelayAndForward = false;
1264 bool bRelayOnly = false;
1265 unsigned char byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1266 unsigned short wAID;
1267
1268 struct sk_buff *skbcpy = NULL;
1269
1270 if (FrameSize > CB_MAX_BUF_SIZE)
1271 return false;
1272 // check DA
1273 if (is_multicast_ether_addr((unsigned char *)(skb->data+cbHeaderOffset))) {
1274 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1275 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1276
1277 // if any node in PS mode, buffer packet until DTIM.
1278 if (skbcpy == NULL) {
1279 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1280 } else {
1281 skbcpy->dev = pDevice->dev;
1282 skbcpy->len = FrameSize;
1283 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1284 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1285
1286 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1287 // set tx map
1288 pMgmt->abyPSTxMap[0] |= byMask[0];
1289 }
1290 } else {
1291 bRelayAndForward = true;
1292 }
1293 } else {
1294 // check if relay
1295 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1296 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1297 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1298 // queue this skb until next PS tx, and then release.
1299
1300 skb->data += cbHeaderOffset;
1301 skb->tail += cbHeaderOffset;
1302 skb_put(skb, FrameSize);
1303 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1304 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1305 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1306 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1307 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1308 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1309 return true;
1310 } else {
1311 bRelayOnly = true;
1312 }
1313 }
1314 }
1315 }
1316
1317 if (bRelayOnly || bRelayAndForward) {
1318 // relay this packet right now
1319 if (bRelayAndForward)
1320 iDANodeIndex = 0;
1321
1322 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0))
1323 ROUTEbRelay(pDevice, (unsigned char *)(skb->data + cbHeaderOffset), FrameSize, (unsigned int)iDANodeIndex);
1324
1325 if (bRelayOnly)
1326 return false;
1327 }
1328 // none associate, don't forward
1329 if (pDevice->uAssocCount == 0)
1330 return false;
1331
1332 return true;
1333 }
Linux with added FPC-III support