2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * Purpose: handle dpc rx functions
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
59 /*--------------------- Static Definitions -------------------------*/
61 /*--------------------- Static Classes ----------------------------*/
63 /*--------------------- Static Variables --------------------------*/
64 //static int msglevel =MSG_LEVEL_DEBUG;
65 static int msglevel =MSG_LEVEL_INFO;
67 const BYTE acbyRxRate[MAX_RATE] =
68 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
71 /*--------------------- Static Functions --------------------------*/
73 /*--------------------- Static Definitions -------------------------*/
75 /*--------------------- Static Functions --------------------------*/
77 static BYTE s_byGetRateIdx(BYTE byRate);
82 PBYTE pbyRxBufferAddr,
83 unsigned int *pcbHeaderSize,
84 PSEthernetHeader psEthHeader
87 static void s_vProcessRxMACHeader(struct vnt_private *pDevice,
88 u8 *pbyRxBufferAddr, u32 cbPacketSize, int bIsWEP, int bExtIV,
91 static int s_bAPModeRxCtl(struct vnt_private *pDevice, u8 *pbyFrame,
94 static int s_bAPModeRxData(struct vnt_private *pDevice, struct sk_buff *skb,
95 u32 FrameSize, u32 cbHeaderOffset, s32 iSANodeIndex, s32 iDANodeIndex);
97 static int s_bHandleRxEncryption(struct vnt_private *pDevice, u8 *pbyFrame,
98 u32 FrameSize, u8 *pbyRsr, u8 *pbyNewRsr, PSKeyItem *pKeyOut,
99 s32 *pbExtIV, u16 *pwRxTSC15_0, u32 *pdwRxTSC47_16);
101 static int s_bHostWepRxEncryption(struct vnt_private *pDevice, u8 *pbyFrame,
102 u32 FrameSize, u8 *pbyRsr, int bOnFly, PSKeyItem pKey, u8 *pbyNewRsr,
103 s32 *pbExtIV, u16 *pwRxTSC15_0, u32 *pdwRxTSC47_16);
105 /*--------------------- Export Variables --------------------------*/
110 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
115 * dwRxBufferAddr - Address of Rcv Buffer
116 * cbPacketSize - Rcv Packet size
117 * bIsWEP - If Rcv with WEP
119 * pcbHeaderSize - 802.11 header size
125 static void s_vProcessRxMACHeader(struct vnt_private *pDevice,
126 u8 *pbyRxBufferAddr, u32 cbPacketSize, int bIsWEP, int bExtIV,
130 u32 cbHeaderSize = 0;
132 PS802_11Header pMACHeader;
136 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
138 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
142 // strip IV&ExtIV , add 8 byte
143 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
145 // strip IV , add 4 byte
146 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
150 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
153 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
154 if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
156 } else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
158 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
159 if ((*pwType == cpu_to_be16(ETH_P_IPX)) ||
160 (*pwType == cpu_to_le16(0xF380))) {
162 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
165 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
167 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
171 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
177 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
180 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
182 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
186 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
190 cbHeaderSize -= (ETH_ALEN * 2);
191 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
192 for (ii = 0; ii < ETH_ALEN; ii++)
193 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
194 for (ii = 0; ii < ETH_ALEN; ii++)
195 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
197 *pcbHeadSize = cbHeaderSize;
203 static BYTE s_byGetRateIdx(BYTE byRate)
207 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
208 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
218 PBYTE pbyRxBufferAddr,
219 unsigned int *pcbHeaderSize,
220 PSEthernetHeader psEthHeader
223 unsigned int cbHeaderSize = 0;
224 PS802_11Header pMACHeader;
227 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
229 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
230 if (pMACHeader->wFrameCtl & FC_FROMDS) {
231 for (ii = 0; ii < ETH_ALEN; ii++) {
232 psEthHeader->abyDstAddr[ii] =
233 pMACHeader->abyAddr1[ii];
234 psEthHeader->abySrcAddr[ii] =
235 pMACHeader->abyAddr3[ii];
239 for (ii = 0; ii < ETH_ALEN; ii++) {
240 psEthHeader->abyDstAddr[ii] =
241 pMACHeader->abyAddr1[ii];
242 psEthHeader->abySrcAddr[ii] =
243 pMACHeader->abyAddr2[ii];
248 if (pMACHeader->wFrameCtl & FC_FROMDS) {
249 for (ii = 0; ii < ETH_ALEN; ii++) {
250 psEthHeader->abyDstAddr[ii] =
251 pMACHeader->abyAddr3[ii];
252 psEthHeader->abySrcAddr[ii] =
253 pMACHeader->abyAddr4[ii];
257 for (ii = 0; ii < ETH_ALEN; ii++) {
258 psEthHeader->abyDstAddr[ii] =
259 pMACHeader->abyAddr3[ii];
260 psEthHeader->abySrcAddr[ii] =
261 pMACHeader->abyAddr2[ii];
265 *pcbHeaderSize = cbHeaderSize;
269 int RXbBulkInProcessData(struct vnt_private *pDevice, PRCB pRCB,
270 unsigned long BytesToIndicate)
272 struct net_device_stats *pStats = &pDevice->stats;
274 struct vnt_manager *pMgmt = &pDevice->vnt_mgmt;
275 struct vnt_rx_mgmt *pRxPacket = &pMgmt->sRxPacket;
276 PS802_11Header p802_11Header;
277 u8 *pbyRsr, *pbyNewRsr, *pbyRSSI, *pbyFrame;
279 u32 bDeFragRx = false;
280 u32 cbHeaderOffset, cbIVOffset;
283 s32 iSANodeIndex = -1, iDANodeIndex = -1;
285 u8 *pbyRxSts, *pbyRxRate, *pbySQ, *pby3SQ;
287 PSKeyItem pKey = NULL;
289 u32 dwRxTSC47_16 = 0;
291 /* signed long ldBm = 0; */
292 int bIsWEP = false; int bExtIV = false;
294 PRCB pRCBIndicate = pRCB;
297 u8 abyVaildRate[MAX_RATE]
298 = {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
299 u16 wPLCPwithPadding;
300 PS802_11Header pMACHeader;
301 int bRxeapol_key = false;
304 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n");
308 /* [31:16]RcvByteCount ( not include 4-byte Status ) */
309 dwWbkStatus = *((u32 *)(skb->data));
310 FrameSize = dwWbkStatus >> 16;
313 if (BytesToIndicate != FrameSize) {
314 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"------- WRONG Length 1\n");
318 if ((BytesToIndicate > 2372) || (BytesToIndicate <= 40)) {
319 // Frame Size error drop this packet.
320 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2\n");
324 pbyDAddress = (PBYTE)(skb->data);
325 pbyRxSts = pbyDAddress+4;
326 pbyRxRate = pbyDAddress+5;
328 //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding
329 //if SQ3 the range is 24~27, if no SQ3 the range is 20~23
330 //real Frame size in PLCPLength field.
331 pwPLCP_Length = (PWORD) (pbyDAddress + 6);
332 //Fix hardware bug => PLCP_Length error
333 if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) ||
334 ((BytesToIndicate - (*pwPLCP_Length)) < 24) ||
335 (BytesToIndicate < (*pwPLCP_Length)) ) {
337 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length);
341 for ( ii=RATE_1M;ii<MAX_RATE;ii++) {
342 if ( *pbyRxRate == abyVaildRate[ii] ) {
346 if ( ii==MAX_RATE ) {
347 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate);
351 wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4;
353 pqwTSFTime = (u64 *)(pbyDAddress + 8 + wPLCPwithPadding);
354 if(pDevice->byBBType == BB_TYPE_11G) {
355 pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12;
359 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
362 pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9;
363 pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10;
364 pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11;
366 FrameSize = *pwPLCP_Length;
368 pbyFrame = pbyDAddress + 8;
369 // update receive statistic counter
371 STAvUpdateRDStatCounter(&pDevice->scStatistic,
381 pMACHeader = (PS802_11Header) pbyFrame;
383 //mike add: to judge if current AP is activated?
384 if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) ||
385 (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) {
386 if (pMgmt->sNodeDBTable[0].bActive) {
387 if (!compare_ether_addr(pMgmt->abyCurrBSSID, pMACHeader->abyAddr2)) {
388 if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
389 pMgmt->sNodeDBTable[0].uInActiveCount = 0;
394 if (!is_multicast_ether_addr(pMACHeader->abyAddr1)) {
395 if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) {
396 pDevice->s802_11Counter.FrameDuplicateCount++;
400 if (compare_ether_addr(pDevice->abyCurrentNetAddr,
401 pMACHeader->abyAddr1)) {
408 s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader);
410 if (!compare_ether_addr((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]),
411 pDevice->abyCurrentNetAddr))
414 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
415 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
416 p802_11Header = (PS802_11Header) (pbyFrame);
418 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
419 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
420 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
425 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
426 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == true) {
432 if (IS_FC_WEP(pbyFrame)) {
433 bool bRxDecryOK = false;
435 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
437 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
439 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
440 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
441 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
442 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
443 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
445 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
449 bRxDecryOK = s_bHostWepRxEncryption(pDevice,
453 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
460 bRxDecryOK = s_bHandleRxEncryption(pDevice,
472 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
473 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
474 if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
475 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
476 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
477 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
478 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
480 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
481 pDevice->s802_11Counter.TKIPICVErrors++;
482 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
483 pDevice->s802_11Counter.CCMPDecryptErrors++;
484 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
485 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
491 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
494 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
495 FrameSize -= 8; // Message Integrity Code
497 FrameSize -= 4; // 4 is ICV
504 /* remove the FCS/CRC length */
505 FrameSize -= ETH_FCS_LEN;
507 if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) && // unicast address
508 (IS_FRAGMENT_PKT((pbyFrame)))
511 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV);
512 pDevice->s802_11Counter.ReceivedFragmentCount++;
515 // TODO skb, pbyFrame
516 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
517 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
518 pbyFrame = skb->data + 8;
526 // Management & Control frame Handle
528 if ((IS_TYPE_DATA((pbyFrame))) == false) {
529 // Handle Control & Manage Frame
531 if (IS_TYPE_MGMT((pbyFrame))) {
535 pRxPacket = &(pRCB->sMngPacket);
536 pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame);
537 pRxPacket->cbMPDULen = FrameSize;
538 pRxPacket->uRSSI = *pbyRSSI;
539 pRxPacket->bySQ = *pbySQ;
540 pRxPacket->qwLocalTSF = cpu_to_le64(*pqwTSFTime);
543 pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame);
544 pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4;
545 for (ii = 0; ii < (FrameSize - 4); ii++) {
546 *pbyData1 = *pbyData2;
552 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
554 if ( *pbyRxSts == 0 ) {
555 //Discard beacon packet which channel is 0
556 if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) ||
557 (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) {
561 pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
563 // hostap Deamon handle 802.11 management
564 if (pDevice->bEnableHostapd) {
565 skb->dev = pDevice->apdev;
570 skb_put(skb, FrameSize);
571 skb_reset_mac_header(skb);
572 skb->pkt_type = PACKET_OTHERHOST;
573 skb->protocol = htons(ETH_P_802_2);
574 memset(skb->cb, 0, sizeof(skb->cb));
580 // Insert the RCB in the Recv Mng list
582 EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate);
583 pDevice->NumRecvMngList++;
584 if ( bDeFragRx == false) {
587 if (pDevice->bIsRxMngWorkItemQueued == false) {
588 pDevice->bIsRxMngWorkItemQueued = true;
589 tasklet_schedule(&pDevice->RxMngWorkItem);
599 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
600 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
601 if ( !(*pbyRsr & RSR_BSSIDOK)) {
603 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
604 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
612 // discard DATA packet while not associate || BSSID error
613 if ((pDevice->bLinkPass == false) ||
614 !(*pbyRsr & RSR_BSSIDOK)) {
616 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
617 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
623 //mike add:station mode check eapol-key challenge--->
625 BYTE Protocol_Version; //802.1x Authentication
626 BYTE Packet_Type; //802.1x Authentication
627 BYTE Descriptor_type;
633 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
634 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
635 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
636 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
637 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
638 if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
639 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive
641 Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2];
642 Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ;
643 if(Descriptor_type==2) { //RSN
644 // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info);
646 else if(Descriptor_type==254) {
647 // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info);
652 //mike add:station mode check eapol-key challenge<---
660 if (pDevice->bEnablePSMode) {
661 if (IS_FC_MOREDATA((pbyFrame))) {
662 if (*pbyRsr & RSR_ADDROK) {
663 //PSbSendPSPOLL((PSDevice)pDevice);
667 if (pMgmt->bInTIMWake == true) {
668 pMgmt->bInTIMWake = false;
673 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
674 if (pDevice->bDiversityEnable && (FrameSize>50) &&
675 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
676 (pDevice->bLinkPass == true)) {
677 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
680 // ++++++++ For BaseBand Algorithm +++++++++++++++
681 pDevice->uCurrRSSI = *pbyRSSI;
682 pDevice->byCurrSQ = *pbySQ;
686 if ((*pbyRSSI != 0) &&
687 (pMgmt->pCurrBSS!=NULL)) {
688 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
689 // Monitor if RSSI is too strong.
690 pMgmt->pCurrBSS->byRSSIStatCnt++;
691 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
692 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
693 for (ii = 0; ii < RSSI_STAT_COUNT; ii++) {
694 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
695 pMgmt->pCurrBSS->ldBmMAX =
696 max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
703 // -----------------------------------------------
705 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == true)){
708 // Only 802.1x packet incoming allowed
713 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
714 skb->data[cbIVOffset + 8 + 24 + 6 + 1];
716 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
717 if (wEtherType == ETH_P_PAE) {
718 skb->dev = pDevice->apdev;
720 if (bIsWEP == true) {
721 // strip IV header(8)
722 memcpy(&abyMacHdr[0], (skb->data + 8), 24);
723 memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24);
726 skb->data += (cbIVOffset + 8);
727 skb->tail += (cbIVOffset + 8);
728 skb_put(skb, FrameSize);
729 skb_reset_mac_header(skb);
730 skb->pkt_type = PACKET_OTHERHOST;
731 skb->protocol = htons(ETH_P_802_2);
732 memset(skb->cb, 0, sizeof(skb->cb));
737 // check if 802.1x authorized
738 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
743 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
745 FrameSize -= 8; //MIC
749 //--------------------------------------------------------------------------------
751 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
755 DWORD dwMIC_Priority;
756 DWORD dwMICKey0 = 0, dwMICKey1 = 0;
757 DWORD dwLocalMIC_L = 0;
758 DWORD dwLocalMIC_R = 0;
761 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
762 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
763 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
766 if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
767 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
768 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
769 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
770 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
771 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
773 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
774 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
778 MIC_vInit(dwMICKey0, dwMICKey1);
779 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
781 MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
782 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
783 MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8),
784 FrameSize - WLAN_HDR_ADDR3_LEN - 8);
785 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
788 pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize);
789 pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4);
792 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
793 (pDevice->bRxMICFail == true)) {
794 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
795 pDevice->bRxMICFail = false;
796 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
797 pDevice->s802_11Counter.TKIPLocalMICFailures++;
799 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
800 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
804 //send event to wpa_supplicant
805 //if(pDevice->bWPASuppWextEnabled == true)
807 union iwreq_data wrqu;
808 struct iw_michaelmicfailure ev;
809 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
810 memset(&ev, 0, sizeof(ev));
811 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
812 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
813 (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
814 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
815 ev.flags |= IW_MICFAILURE_PAIRWISE;
817 ev.flags |= IW_MICFAILURE_GROUP;
820 ev.src_addr.sa_family = ARPHRD_ETHER;
821 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
822 memset(&wrqu, 0, sizeof(wrqu));
823 wrqu.data.length = sizeof(ev);
824 PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
825 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
833 } //---end of SOFT MIC-----------------------------------------------------------------------
835 // ++++++++++ Reply Counter Check +++++++++++++
837 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
838 (pKey->byCipherSuite == KEY_CTL_CCMP))) {
840 WORD wLocalTSC15_0 = 0;
841 DWORD dwLocalTSC47_16 = 0;
842 unsigned long long RSC = 0;
844 RSC = *((unsigned long long *) &(pKey->KeyRSC));
845 wLocalTSC15_0 = (WORD) RSC;
846 dwLocalTSC47_16 = (DWORD) (RSC>>16);
851 memcpy(&(pKey->KeyRSC), &RSC, sizeof(u64));
853 if (pDevice->vnt_mgmt.eCurrMode == WMAC_MODE_ESS_STA &&
854 pDevice->vnt_mgmt.eCurrState == WMAC_STATE_ASSOC) {
856 if ( (wRxTSC15_0 < wLocalTSC15_0) &&
857 (dwRxTSC47_16 <= dwLocalTSC47_16) &&
858 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
859 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
860 if (pKey->byCipherSuite == KEY_CTL_TKIP)
861 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
862 pDevice->s802_11Counter.TKIPReplays++;
864 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
865 pDevice->s802_11Counter.CCMPReplays++;
868 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
869 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
877 } // ----- End of Reply Counter Check --------------------------
880 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
881 FrameSize -= cbHeaderOffset;
882 cbHeaderOffset += 8; // 8 is Rcv buffer header
884 // Null data, framesize = 12
888 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
889 if (s_bAPModeRxData(pDevice,
898 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
899 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
908 skb->data += cbHeaderOffset;
909 skb->tail += cbHeaderOffset;
910 skb_put(skb, FrameSize);
911 skb->protocol=eth_type_trans(skb, skb->dev);
912 skb->ip_summed=CHECKSUM_NONE;
913 pStats->rx_bytes +=skb->len;
914 pStats->rx_packets++;
917 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
918 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
927 static int s_bAPModeRxCtl(struct vnt_private *pDevice, u8 *pbyFrame,
930 struct vnt_manager *pMgmt = &pDevice->vnt_mgmt;
931 PS802_11Header p802_11Header;
935 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
937 p802_11Header = (PS802_11Header) (pbyFrame);
938 if (!IS_TYPE_MGMT(pbyFrame)) {
940 // Data & PS-Poll packet
942 if (iSANodeIndex > 0) {
943 // frame class 3 fliter & checking
944 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
945 // send deauth notification
946 // reason = (6) class 2 received from nonauth sta
947 vMgrDeAuthenBeginSta(pDevice,
949 (PBYTE)(p802_11Header->abyAddr2),
950 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
953 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
956 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
957 // send deassoc notification
958 // reason = (7) class 3 received from nonassoc sta
959 vMgrDisassocBeginSta(pDevice,
961 (PBYTE)(p802_11Header->abyAddr2),
962 (WLAN_MGMT_REASON_CLASS3_NONASSOC),
965 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
969 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
970 // delcare received ps-poll event
971 if (IS_CTL_PSPOLL(pbyFrame)) {
972 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
973 bScheduleCommand((void *) pDevice,
976 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
979 // check Data PS state
980 // if PW bit off, send out all PS bufferring packets.
981 if (!IS_FC_POWERMGT(pbyFrame)) {
982 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false;
983 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
984 bScheduleCommand((void *) pDevice,
987 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
992 if (IS_FC_POWERMGT(pbyFrame)) {
993 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = true;
994 // Once if STA in PS state, enable multicast bufferring
995 pMgmt->sNodeDBTable[0].bPSEnable = true;
998 // clear all pending PS frame.
999 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1000 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false;
1001 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
1002 bScheduleCommand((void *) pDevice,
1005 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1012 vMgrDeAuthenBeginSta(pDevice,
1014 (PBYTE)(p802_11Header->abyAddr2),
1015 (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1018 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1019 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%pM\n",
1020 p802_11Header->abyAddr3);
1021 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%pM\n",
1022 p802_11Header->abyAddr2);
1023 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%pM\n",
1024 p802_11Header->abyAddr1);
1025 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1034 static int s_bHandleRxEncryption(struct vnt_private *pDevice, u8 *pbyFrame,
1035 u32 FrameSize, u8 *pbyRsr, u8 *pbyNewRsr, PSKeyItem *pKeyOut,
1036 s32 *pbExtIV, u16 *pwRxTSC15_0, u32 *pdwRxTSC47_16)
1038 struct vnt_manager *pMgmt = &pDevice->vnt_mgmt;
1039 u32 PayloadLen = FrameSize;
1042 PSKeyItem pKey = NULL;
1043 u8 byDecMode = KEY_CTL_WEP;
1049 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1050 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1051 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1052 pbyIV += 6; // 6 is 802.11 address4
1055 byKeyIdx = (*(pbyIV+3) & 0xc0);
1057 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1059 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1060 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1061 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1062 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1063 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1064 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1065 (pMgmt->byCSSPK != KEY_CTL_NONE)) {
1066 // unicast pkt use pairwise key
1067 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1068 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == true) {
1069 if (pMgmt->byCSSPK == KEY_CTL_TKIP)
1070 byDecMode = KEY_CTL_TKIP;
1071 else if (pMgmt->byCSSPK == KEY_CTL_CCMP)
1072 byDecMode = KEY_CTL_CCMP;
1074 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1077 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1078 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1079 byDecMode = KEY_CTL_TKIP;
1080 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1081 byDecMode = KEY_CTL_CCMP;
1082 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1085 // our WEP only support Default Key
1087 // use default group key
1088 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1089 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1090 byDecMode = KEY_CTL_TKIP;
1091 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1092 byDecMode = KEY_CTL_CCMP;
1096 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1099 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1100 if (byDecMode == KEY_CTL_WEP) {
1101 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1102 } else if (pDevice->bLinkPass == true) {
1103 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1107 if (byDecMode != pKey->byCipherSuite) {
1108 if (byDecMode == KEY_CTL_WEP) {
1109 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1110 } else if (pDevice->bLinkPass == true) {
1111 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1116 if (byDecMode == KEY_CTL_WEP) {
1118 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1119 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true)) {
1124 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1125 memcpy(pDevice->abyPRNG, pbyIV, 3);
1126 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1127 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1128 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1130 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1131 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1134 } else if ((byDecMode == KEY_CTL_TKIP) ||
1135 (byDecMode == KEY_CTL_CCMP)) {
1138 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1139 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1140 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %x\n", *pdwRxTSC47_16);
1141 if (byDecMode == KEY_CTL_TKIP) {
1142 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1144 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1146 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1148 if ((byDecMode == KEY_CTL_TKIP) &&
1149 (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1152 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1153 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1154 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1155 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1156 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1157 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1158 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1160 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1161 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1166 if ((*(pbyIV+3) & 0x20) != 0)
1171 static int s_bHostWepRxEncryption(struct vnt_private *pDevice, u8 *pbyFrame,
1172 u32 FrameSize, u8 *pbyRsr, int bOnFly, PSKeyItem pKey, u8 *pbyNewRsr,
1173 s32 *pbExtIV, u16 *pwRxTSC15_0, u32 *pdwRxTSC47_16)
1175 struct vnt_manager *pMgmt = &pDevice->vnt_mgmt;
1176 PS802_11Header pMACHeader;
1177 u32 PayloadLen = FrameSize;
1180 u8 byDecMode = KEY_CTL_WEP;
1185 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1186 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1187 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1188 pbyIV += 6; // 6 is 802.11 address4
1191 byKeyIdx = (*(pbyIV+3) & 0xc0);
1193 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1196 if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1197 byDecMode = KEY_CTL_TKIP;
1198 else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1199 byDecMode = KEY_CTL_CCMP;
1201 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1203 if (byDecMode != pKey->byCipherSuite) {
1204 if (byDecMode == KEY_CTL_WEP) {
1205 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1206 } else if (pDevice->bLinkPass == true) {
1207 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1212 if (byDecMode == KEY_CTL_WEP) {
1214 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP\n");
1215 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1216 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true) ||
1217 (bOnFly == false)) {
1223 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1224 memcpy(pDevice->abyPRNG, pbyIV, 3);
1225 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1226 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1227 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1229 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1230 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1233 } else if ((byDecMode == KEY_CTL_TKIP) ||
1234 (byDecMode == KEY_CTL_CCMP)) {
1237 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1238 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1239 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %x\n", *pdwRxTSC47_16);
1241 if (byDecMode == KEY_CTL_TKIP) {
1242 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1244 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1246 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1248 if (byDecMode == KEY_CTL_TKIP) {
1250 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == false)) {
1254 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1255 pMACHeader = (PS802_11Header) (pbyFrame);
1256 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1257 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1258 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1259 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1260 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1261 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1263 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1264 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1269 if (byDecMode == KEY_CTL_CCMP) {
1270 if (bOnFly == false) {
1273 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1274 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1275 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1276 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1278 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1285 if ((*(pbyIV+3) & 0x20) != 0)
1290 static int s_bAPModeRxData(struct vnt_private *pDevice, struct sk_buff *skb,
1291 u32 FrameSize, u32 cbHeaderOffset, s32 iSANodeIndex, s32 iDANodeIndex)
1293 struct sk_buff *skbcpy;
1294 struct vnt_manager *pMgmt = &pDevice->vnt_mgmt;
1295 int bRelayAndForward = false;
1296 int bRelayOnly = false;
1297 u8 byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1301 if (FrameSize > CB_MAX_BUF_SIZE)
1304 if (is_multicast_ether_addr((PBYTE)(skb->data+cbHeaderOffset))) {
1305 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1307 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1309 // if any node in PS mode, buffer packet until DTIM.
1310 if (skbcpy == NULL) {
1311 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1314 skbcpy->dev = pDevice->dev;
1315 skbcpy->len = FrameSize;
1316 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1317 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1318 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1320 pMgmt->abyPSTxMap[0] |= byMask[0];
1324 bRelayAndForward = true;
1329 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1330 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1331 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1332 // queue this skb until next PS tx, and then release.
1334 skb->data += cbHeaderOffset;
1335 skb->tail += cbHeaderOffset;
1336 skb_put(skb, FrameSize);
1337 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1339 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1340 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1341 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1342 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1343 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1353 if (bRelayOnly || bRelayAndForward) {
1354 // relay this packet right now
1355 if (bRelayAndForward)
1358 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1359 bRelayPacketSend(pDevice, (PBYTE) (skb->data + cbHeaderOffset),
1360 FrameSize, (unsigned int) iDANodeIndex);
1366 // none associate, don't forward
1367 if (pDevice->uAssocCount == 0)
1376 void RXvWorkItem(struct vnt_private *pDevice)
1381 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n");
1382 spin_lock_irq(&pDevice->lock);
1384 while ((pDevice->Flags & fMP_POST_READS) &&
1385 MP_IS_READY(pDevice) &&
1386 (pDevice->NumRecvFreeList != 0) ) {
1387 pRCB = pDevice->FirstRecvFreeList;
1388 pDevice->NumRecvFreeList--;
1389 ASSERT(pRCB);// cannot be NULL
1390 DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList);
1391 ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB);
1393 pDevice->bIsRxWorkItemQueued = false;
1394 spin_unlock_irq(&pDevice->lock);
1399 void RXvFreeRCB(PRCB pRCB, int bReAllocSkb)
1401 struct vnt_private *pDevice = pRCB->pDevice;
1404 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n");
1406 ASSERT(!pRCB->Ref); // should be 0
1407 ASSERT(pRCB->pDevice); // shouldn't be NULL
1409 if (bReAllocSkb == false) {
1410 kfree_skb(pRCB->skb);
1414 if (bReAllocSkb == true) {
1415 pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1416 // todo error handling
1417 if (pRCB->skb == NULL) {
1418 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n");
1420 pRCB->skb->dev = pDevice->dev;
1424 // Insert the RCB back in the Recv free list
1426 EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB);
1427 pDevice->NumRecvFreeList++;
1430 if ((pDevice->Flags & fMP_POST_READS) && MP_IS_READY(pDevice) &&
1431 (pDevice->bIsRxWorkItemQueued == false) ) {
1433 pDevice->bIsRxWorkItemQueued = true;
1434 tasklet_schedule(&pDevice->ReadWorkItem);
1436 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1440 void RXvMngWorkItem(struct vnt_private *pDevice)
1443 struct vnt_rx_mgmt *pRxPacket;
1444 int bReAllocSkb = false;
1446 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n");
1448 spin_lock_irq(&pDevice->lock);
1449 while (pDevice->NumRecvMngList!=0)
1451 pRCB = pDevice->FirstRecvMngList;
1452 pDevice->NumRecvMngList--;
1453 DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList);
1457 ASSERT(pRCB);// cannot be NULL
1458 pRxPacket = &(pRCB->sMngPacket);
1459 vMgrRxManagePacket(pDevice, &pDevice->vnt_mgmt, pRxPacket);
1461 if(pRCB->Ref == 0) {
1462 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1463 RXvFreeRCB(pRCB, bReAllocSkb);
1465 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n");
1469 pDevice->bIsRxMngWorkItemQueued = false;
1470 spin_unlock_irq(&pDevice->lock);