1/* 2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. 3 * All rights reserved. 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License along 16 * with this program; if not, write to the Free Software Foundation, Inc., 17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * File: dpc.c 20 * 21 * Purpose: handle dpc rx functions 22 * 23 * Author: Lyndon Chen 24 * 25 * Date: May 20, 2003 26 * 27 * Functions: 28 * device_receive_frame - Rcv 802.11 frame function 29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl. 30 * s_bAPModeRxData- AP Rcv data frame handle 31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly 32 * s_bHostWepRxEncryption- Rcv encrypted data via host 33 * s_byGetRateIdx- get rate index 34 * s_vGetDASA- get data offset 35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 36 * 37 * Revision History: 38 * 39 */ 40 41#include "device.h" 42#include "rxtx.h" 43#include "tether.h" 44#include "card.h" 45#include "bssdb.h" 46#include "mac.h" 47#include "baseband.h" 48#include "michael.h" 49#include "tkip.h" 50#include "tcrc.h" 51#include "wctl.h" 52#include "hostap.h" 53#include "rf.h" 54#include "iowpa.h" 55#include "aes_ccmp.h" 56#include "datarate.h" 57#include "usbpipe.h" 58 59/*--------------------- Static Definitions -------------------------*/ 60 61/*--------------------- Static Classes ----------------------------*/ 62 63/*--------------------- Static Variables --------------------------*/ 64//static int msglevel =MSG_LEVEL_DEBUG; 65static int msglevel =MSG_LEVEL_INFO; 66 67const BYTE acbyRxRate[MAX_RATE] = 68{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; 69 70 71/*--------------------- Static Functions --------------------------*/ 72 73/*--------------------- Static Definitions -------------------------*/ 74 75/*--------------------- Static Functions --------------------------*/ 76 77static BYTE s_byGetRateIdx(BYTE byRate); 78 79static 80void 81s_vGetDASA( 82 PBYTE pbyRxBufferAddr, 83 unsigned int *pcbHeaderSize, 84 PSEthernetHeader psEthHeader 85 ); 86 87static 88void 89s_vProcessRxMACHeader ( 90 PSDevice pDevice, 91 PBYTE pbyRxBufferAddr, 92 unsigned int cbPacketSize, 93 BOOL bIsWEP, 94 BOOL bExtIV, 95 unsigned int *pcbHeadSize 96 ); 97 98static BOOL s_bAPModeRxCtl( 99 PSDevice pDevice, 100 PBYTE pbyFrame, 101 signed int iSANodeIndex 102 ); 103 104 105 106static BOOL s_bAPModeRxData ( 107 PSDevice pDevice, 108 struct sk_buff *skb, 109 unsigned int FrameSize, 110 unsigned int cbHeaderOffset, 111 signed int iSANodeIndex, 112 signed int iDANodeIndex 113 ); 114 115 116static BOOL s_bHandleRxEncryption( 117 PSDevice pDevice, 118 PBYTE pbyFrame, 119 unsigned int FrameSize, 120 PBYTE pbyRsr, 121 PBYTE pbyNewRsr, 122 PSKeyItem * pKeyOut, 123 int * pbExtIV, 124 PWORD pwRxTSC15_0, 125 PDWORD pdwRxTSC47_16 126 ); 127 128static BOOL s_bHostWepRxEncryption( 129 130 PSDevice pDevice, 131 PBYTE pbyFrame, 132 unsigned int FrameSize, 133 PBYTE pbyRsr, 134 BOOL bOnFly, 135 PSKeyItem pKey, 136 PBYTE pbyNewRsr, 137 int * pbExtIV, 138 PWORD pwRxTSC15_0, 139 PDWORD pdwRxTSC47_16 140 141 ); 142 143/*--------------------- Export Variables --------------------------*/ 144 145/*+ 146 * 147 * Description: 148 * Translate Rcv 802.11 header to 802.3 header with Rx buffer 149 * 150 * Parameters: 151 * In: 152 * pDevice 153 * dwRxBufferAddr - Address of Rcv Buffer 154 * cbPacketSize - Rcv Packet size 155 * bIsWEP - If Rcv with WEP 156 * Out: 157 * pcbHeaderSize - 802.11 header size 158 * 159 * Return Value: None 160 * 161-*/ 162static 163void 164s_vProcessRxMACHeader ( 165 PSDevice pDevice, 166 PBYTE pbyRxBufferAddr, 167 unsigned int cbPacketSize, 168 BOOL bIsWEP, 169 BOOL bExtIV, 170 unsigned int *pcbHeadSize 171 ) 172{ 173 PBYTE pbyRxBuffer; 174 unsigned int cbHeaderSize = 0; 175 PWORD pwType; 176 PS802_11Header pMACHeader; 177 int ii; 178 179 180 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 181 182 s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); 183 184 if (bIsWEP) { 185 if (bExtIV) { 186 // strip IV&ExtIV , add 8 byte 187 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); 188 } else { 189 // strip IV , add 4 byte 190 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); 191 } 192 } 193 else { 194 cbHeaderSize += WLAN_HDR_ADDR3_LEN; 195 }; 196 197 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); 198 if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) { 199 cbHeaderSize += 6; 200 } else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) { 201 cbHeaderSize += 6; 202 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); 203 if ((*pwType!= TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) { 204 } 205 else { 206 cbHeaderSize -= 8; 207 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); 208 if (bIsWEP) { 209 if (bExtIV) { 210 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 211 } else { 212 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 213 } 214 } 215 else { 216 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 217 } 218 } 219 } 220 else { 221 cbHeaderSize -= 2; 222 pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); 223 if (bIsWEP) { 224 if (bExtIV) { 225 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 226 } else { 227 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 228 } 229 } 230 else { 231 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 232 } 233 } 234 235 cbHeaderSize -= (ETH_ALEN * 2); 236 pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); 237 for (ii = 0; ii < ETH_ALEN; ii++) 238 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; 239 for (ii = 0; ii < ETH_ALEN; ii++) 240 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; 241 242 *pcbHeadSize = cbHeaderSize; 243} 244 245 246 247 248static BYTE s_byGetRateIdx(BYTE byRate) 249{ 250 BYTE byRateIdx; 251 252 for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) { 253 if (acbyRxRate[byRateIdx%MAX_RATE] == byRate) 254 return byRateIdx; 255 } 256 return 0; 257} 258 259 260static 261void 262s_vGetDASA ( 263 PBYTE pbyRxBufferAddr, 264 unsigned int *pcbHeaderSize, 265 PSEthernetHeader psEthHeader 266 ) 267{ 268 unsigned int cbHeaderSize = 0; 269 PS802_11Header pMACHeader; 270 int ii; 271 272 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 273 274 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { 275 if (pMACHeader->wFrameCtl & FC_FROMDS) { 276 for (ii = 0; ii < ETH_ALEN; ii++) { 277 psEthHeader->abyDstAddr[ii] = 278 pMACHeader->abyAddr1[ii]; 279 psEthHeader->abySrcAddr[ii] = 280 pMACHeader->abyAddr3[ii]; 281 } 282 } else { 283 /* IBSS mode */ 284 for (ii = 0; ii < ETH_ALEN; ii++) { 285 psEthHeader->abyDstAddr[ii] = 286 pMACHeader->abyAddr1[ii]; 287 psEthHeader->abySrcAddr[ii] = 288 pMACHeader->abyAddr2[ii]; 289 } 290 } 291 } else { 292 /* Is AP mode.. */ 293 if (pMACHeader->wFrameCtl & FC_FROMDS) { 294 for (ii = 0; ii < ETH_ALEN; ii++) { 295 psEthHeader->abyDstAddr[ii] = 296 pMACHeader->abyAddr3[ii]; 297 psEthHeader->abySrcAddr[ii] = 298 pMACHeader->abyAddr4[ii]; 299 cbHeaderSize += 6; 300 } 301 } else { 302 for (ii = 0; ii < ETH_ALEN; ii++) { 303 psEthHeader->abyDstAddr[ii] = 304 pMACHeader->abyAddr3[ii]; 305 psEthHeader->abySrcAddr[ii] = 306 pMACHeader->abyAddr2[ii]; 307 } 308 } 309 }; 310 *pcbHeaderSize = cbHeaderSize; 311} 312 313 314 315 316BOOL 317RXbBulkInProcessData ( 318 PSDevice pDevice, 319 PRCB pRCB, 320 unsigned long BytesToIndicate 321 ) 322{ 323 324 struct net_device_stats* pStats=&pDevice->stats; 325 struct sk_buff* skb; 326 PSMgmtObject pMgmt = &(pDevice->sMgmtObj); 327 PSRxMgmtPacket pRxPacket = &(pMgmt->sRxPacket); 328 PS802_11Header p802_11Header; 329 PBYTE pbyRsr; 330 PBYTE pbyNewRsr; 331 PBYTE pbyRSSI; 332 PQWORD pqwTSFTime; 333 PBYTE pbyFrame; 334 BOOL bDeFragRx = FALSE; 335 unsigned int cbHeaderOffset; 336 unsigned int FrameSize; 337 WORD wEtherType = 0; 338 signed int iSANodeIndex = -1; 339 signed int iDANodeIndex = -1; 340 unsigned int ii; 341 unsigned int cbIVOffset; 342 PBYTE pbyRxSts; 343 PBYTE pbyRxRate; 344 PBYTE pbySQ; 345 PBYTE pby3SQ; 346 unsigned int cbHeaderSize; 347 PSKeyItem pKey = NULL; 348 WORD wRxTSC15_0 = 0; 349 DWORD dwRxTSC47_16 = 0; 350 SKeyItem STempKey; 351 // 802.11h RPI 352 /* signed long ldBm = 0; */ 353 BOOL bIsWEP = FALSE; 354 BOOL bExtIV = FALSE; 355 DWORD dwWbkStatus; 356 PRCB pRCBIndicate = pRCB; 357 PBYTE pbyDAddress; 358 PWORD pwPLCP_Length; 359 BYTE abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108}; 360 WORD wPLCPwithPadding; 361 PS802_11Header pMACHeader; 362 BOOL bRxeapol_key = FALSE; 363 364 365 366 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n"); 367 368 skb = pRCB->skb; 369 370 //[31:16]RcvByteCount ( not include 4-byte Status ) 371 dwWbkStatus = *( (PDWORD)(skb->data) ); 372 FrameSize = (unsigned int)(dwWbkStatus >> 16); 373 FrameSize += 4; 374 375 if (BytesToIndicate != FrameSize) { 376 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n"); 377 return FALSE; 378 } 379 380 if ((BytesToIndicate > 2372)||(BytesToIndicate <= 40)) { 381 // Frame Size error drop this packet. 382 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 2 \n"); 383 return FALSE; 384 } 385 386 pbyDAddress = (PBYTE)(skb->data); 387 pbyRxSts = pbyDAddress+4; 388 pbyRxRate = pbyDAddress+5; 389 390 //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding 391 //if SQ3 the range is 24~27, if no SQ3 the range is 20~23 392 //real Frame size in PLCPLength field. 393 pwPLCP_Length = (PWORD) (pbyDAddress + 6); 394 //Fix hardware bug => PLCP_Length error 395 if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) || 396 ((BytesToIndicate - (*pwPLCP_Length)) < 24) || 397 (BytesToIndicate < (*pwPLCP_Length)) ) { 398 399 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length); 400 ASSERT(0); 401 return FALSE; 402 } 403 for ( ii=RATE_1M;ii<MAX_RATE;ii++) { 404 if ( *pbyRxRate == abyVaildRate[ii] ) { 405 break; 406 } 407 } 408 if ( ii==MAX_RATE ) { 409 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate); 410 return FALSE; 411 } 412 413 wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4; 414 415 pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding); 416 if(pDevice->byBBType == BB_TYPE_11G) { 417 pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12; 418 pbySQ = pby3SQ; 419 } 420 else { 421 pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8; 422 pby3SQ = pbySQ; 423 } 424 pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9; 425 pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10; 426 pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11; 427 428 FrameSize = *pwPLCP_Length; 429 430 pbyFrame = pbyDAddress + 8; 431 // update receive statistic counter 432 433 STAvUpdateRDStatCounter(&pDevice->scStatistic, 434 *pbyRsr, 435 *pbyNewRsr, 436 *pbyRxSts, 437 *pbyRxRate, 438 pbyFrame, 439 FrameSize 440 ); 441 442 443 pMACHeader = (PS802_11Header) pbyFrame; 444 445//mike add: to judge if current AP is activated? 446 if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) || 447 (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) { 448 if (pMgmt->sNodeDBTable[0].bActive) { 449 if (!compare_ether_addr(pMgmt->abyCurrBSSID, pMACHeader->abyAddr2)) { 450 if (pMgmt->sNodeDBTable[0].uInActiveCount != 0) 451 pMgmt->sNodeDBTable[0].uInActiveCount = 0; 452 } 453 } 454 } 455 456 if (!is_multicast_ether_addr(pMACHeader->abyAddr1) && !is_broadcast_ether_addr(pMACHeader->abyAddr1)) { 457 if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) { 458 pDevice->s802_11Counter.FrameDuplicateCount++; 459 return FALSE; 460 } 461 462 if (compare_ether_addr(pDevice->abyCurrentNetAddr, 463 pMACHeader->abyAddr1)) { 464 return FALSE; 465 } 466 } 467 468 469 // Use for TKIP MIC 470 s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader); 471 472 if (!compare_ether_addr((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), 473 pDevice->abyCurrentNetAddr)) 474 return FALSE; 475 476 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { 477 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 478 p802_11Header = (PS802_11Header) (pbyFrame); 479 // get SA NodeIndex 480 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) { 481 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; 482 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; 483 } 484 } 485 } 486 487 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 488 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) { 489 return FALSE; 490 } 491 } 492 493 494 if (IS_FC_WEP(pbyFrame)) { 495 BOOL bRxDecryOK = FALSE; 496 497 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n"); 498 bIsWEP = TRUE; 499 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { 500 pKey = &STempKey; 501 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; 502 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; 503 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; 504 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; 505 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; 506 memcpy(pKey->abyKey, 507 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], 508 pKey->uKeyLength 509 ); 510 511 bRxDecryOK = s_bHostWepRxEncryption(pDevice, 512 pbyFrame, 513 FrameSize, 514 pbyRsr, 515 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, 516 pKey, 517 pbyNewRsr, 518 &bExtIV, 519 &wRxTSC15_0, 520 &dwRxTSC47_16); 521 } else { 522 bRxDecryOK = s_bHandleRxEncryption(pDevice, 523 pbyFrame, 524 FrameSize, 525 pbyRsr, 526 pbyNewRsr, 527 &pKey, 528 &bExtIV, 529 &wRxTSC15_0, 530 &dwRxTSC47_16); 531 } 532 533 if (bRxDecryOK) { 534 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { 535 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n"); 536 if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 537 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 538 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 539 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 540 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 541 542 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 543 pDevice->s802_11Counter.TKIPICVErrors++; 544 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) { 545 pDevice->s802_11Counter.CCMPDecryptErrors++; 546 } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) { 547// pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++; 548 } 549 } 550 return FALSE; 551 } 552 } else { 553 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n"); 554 return FALSE; 555 } 556 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) 557 FrameSize -= 8; // Message Integrity Code 558 else 559 FrameSize -= 4; // 4 is ICV 560 } 561 562 563 // 564 // RX OK 565 // 566 /* remove the FCS/CRC length */ 567 FrameSize -= ETH_FCS_LEN; 568 569 if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) && // unicast address 570 (IS_FRAGMENT_PKT((pbyFrame))) 571 ) { 572 // defragment 573 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV); 574 pDevice->s802_11Counter.ReceivedFragmentCount++; 575 if (bDeFragRx) { 576 // defrag complete 577 // TODO skb, pbyFrame 578 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; 579 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; 580 pbyFrame = skb->data + 8; 581 } 582 else { 583 return FALSE; 584 } 585 } 586 587 // 588 // Management & Control frame Handle 589 // 590 if ((IS_TYPE_DATA((pbyFrame))) == FALSE) { 591 // Handle Control & Manage Frame 592 593 if (IS_TYPE_MGMT((pbyFrame))) { 594 PBYTE pbyData1; 595 PBYTE pbyData2; 596 597 pRxPacket = &(pRCB->sMngPacket); 598 pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame); 599 pRxPacket->cbMPDULen = FrameSize; 600 pRxPacket->uRSSI = *pbyRSSI; 601 pRxPacket->bySQ = *pbySQ; 602 HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime)); 603 LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime)); 604 if (bIsWEP) { 605 // strip IV 606 pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame); 607 pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4; 608 for (ii = 0; ii < (FrameSize - 4); ii++) { 609 *pbyData1 = *pbyData2; 610 pbyData1++; 611 pbyData2++; 612 } 613 } 614 615 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); 616 617 if ( *pbyRxSts == 0 ) { 618 //Discard beacon packet which channel is 0 619 if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) || 620 (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) { 621 return TRUE; 622 } 623 } 624 pRxPacket->byRxChannel = (*pbyRxSts) >> 2; 625 626 // hostap Deamon handle 802.11 management 627 if (pDevice->bEnableHostapd) { 628 skb->dev = pDevice->apdev; 629 //skb->data += 4; 630 //skb->tail += 4; 631 skb->data += 8; 632 skb->tail += 8; 633 skb_put(skb, FrameSize); 634 skb_reset_mac_header(skb); 635 skb->pkt_type = PACKET_OTHERHOST; 636 skb->protocol = htons(ETH_P_802_2); 637 memset(skb->cb, 0, sizeof(skb->cb)); 638 netif_rx(skb); 639 return TRUE; 640 } 641 642 // 643 // Insert the RCB in the Recv Mng list 644 // 645 EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate); 646 pDevice->NumRecvMngList++; 647 if ( bDeFragRx == FALSE) { 648 pRCB->Ref++; 649 } 650 if (pDevice->bIsRxMngWorkItemQueued == FALSE) { 651 pDevice->bIsRxMngWorkItemQueued = TRUE; 652 tasklet_schedule(&pDevice->RxMngWorkItem); 653 } 654 655 } 656 else { 657 // Control Frame 658 }; 659 return FALSE; 660 } 661 else { 662 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 663 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. 664 if ( !(*pbyRsr & RSR_BSSIDOK)) { 665 if (bDeFragRx) { 666 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 667 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 668 pDevice->dev->name); 669 } 670 } 671 return FALSE; 672 } 673 } 674 else { 675 // discard DATA packet while not associate || BSSID error 676 if ((pDevice->bLinkPass == FALSE) || 677 !(*pbyRsr & RSR_BSSIDOK)) { 678 if (bDeFragRx) { 679 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 680 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 681 pDevice->dev->name); 682 } 683 } 684 return FALSE; 685 } 686 //mike add:station mode check eapol-key challenge---> 687 { 688 BYTE Protocol_Version; //802.1x Authentication 689 BYTE Packet_Type; //802.1x Authentication 690 BYTE Descriptor_type; 691 WORD Key_info; 692 if (bIsWEP) 693 cbIVOffset = 8; 694 else 695 cbIVOffset = 0; 696 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | 697 skb->data[cbIVOffset + 8 + 24 + 6 + 1]; 698 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1]; 699 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1]; 700 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header 701 if(((Protocol_Version==1) ||(Protocol_Version==2)) && 702 (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive 703 bRxeapol_key = TRUE; 704 Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2]; 705 Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ; 706 if(Descriptor_type==2) { //RSN 707 // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info); 708 } 709 else if(Descriptor_type==254) { 710 // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info); 711 } 712 } 713 } 714 } 715 //mike add:station mode check eapol-key challenge<--- 716 } 717 } 718 719 720// Data frame Handle 721 722 723 if (pDevice->bEnablePSMode) { 724 if (IS_FC_MOREDATA((pbyFrame))) { 725 if (*pbyRsr & RSR_ADDROK) { 726 //PSbSendPSPOLL((PSDevice)pDevice); 727 } 728 } 729 else { 730 if (pMgmt->bInTIMWake == TRUE) { 731 pMgmt->bInTIMWake = FALSE; 732 } 733 } 734 }; 735 736 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps 737 if (pDevice->bDiversityEnable && (FrameSize>50) && 738 (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) && 739 (pDevice->bLinkPass == TRUE)) { 740 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); 741 } 742 743 // ++++++++ For BaseBand Algorithm +++++++++++++++ 744 pDevice->uCurrRSSI = *pbyRSSI; 745 pDevice->byCurrSQ = *pbySQ; 746 747 // todo 748/* 749 if ((*pbyRSSI != 0) && 750 (pMgmt->pCurrBSS!=NULL)) { 751 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 752 // Moniter if RSSI is too strong. 753 pMgmt->pCurrBSS->byRSSIStatCnt++; 754 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; 755 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; 756 for (ii = 0; ii < RSSI_STAT_COUNT; ii++) { 757 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) { 758 pMgmt->pCurrBSS->ldBmMAX = 759 max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); 760 } 761 } 762 } 763*/ 764 765 766 // ----------------------------------------------- 767 768 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){ 769 BYTE abyMacHdr[24]; 770 771 // Only 802.1x packet incoming allowed 772 if (bIsWEP) 773 cbIVOffset = 8; 774 else 775 cbIVOffset = 0; 776 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | 777 skb->data[cbIVOffset + 8 + 24 + 6 + 1]; 778 779 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType); 780 if (wEtherType == ETH_P_PAE) { 781 skb->dev = pDevice->apdev; 782 783 if (bIsWEP == TRUE) { 784 // strip IV header(8) 785 memcpy(&abyMacHdr[0], (skb->data + 8), 24); 786 memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24); 787 } 788 789 skb->data += (cbIVOffset + 8); 790 skb->tail += (cbIVOffset + 8); 791 skb_put(skb, FrameSize); 792 skb_reset_mac_header(skb); 793 skb->pkt_type = PACKET_OTHERHOST; 794 skb->protocol = htons(ETH_P_802_2); 795 memset(skb->cb, 0, sizeof(skb->cb)); 796 netif_rx(skb); 797 return TRUE; 798 799 } 800 // check if 802.1x authorized 801 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) 802 return FALSE; 803 } 804 805 806 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 807 if (bIsWEP) { 808 FrameSize -= 8; //MIC 809 } 810 } 811 812 //-------------------------------------------------------------------------------- 813 // Soft MIC 814 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 815 if (bIsWEP) { 816 PDWORD pdwMIC_L; 817 PDWORD pdwMIC_R; 818 DWORD dwMIC_Priority; 819 DWORD dwMICKey0 = 0, dwMICKey1 = 0; 820 DWORD dwLocalMIC_L = 0; 821 DWORD dwLocalMIC_R = 0; 822 viawget_wpa_header *wpahdr; 823 824 825 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 826 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); 827 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); 828 } 829 else { 830 if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { 831 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); 832 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); 833 } else if ((pKey->dwKeyIndex & BIT28) == 0) { 834 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); 835 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); 836 } else { 837 dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); 838 dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); 839 } 840 } 841 842 MIC_vInit(dwMICKey0, dwMICKey1); 843 MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); 844 dwMIC_Priority = 0; 845 MIC_vAppend((PBYTE)&dwMIC_Priority, 4); 846 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. 847 MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8), 848 FrameSize - WLAN_HDR_ADDR3_LEN - 8); 849 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); 850 MIC_vUnInit(); 851 852 pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize); 853 pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4); 854 855 856 if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || 857 (pDevice->bRxMICFail == TRUE)) { 858 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n"); 859 pDevice->bRxMICFail = FALSE; 860 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; 861 pDevice->s802_11Counter.TKIPLocalMICFailures++; 862 if (bDeFragRx) { 863 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 864 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 865 pDevice->dev->name); 866 } 867 } 868 //2008-0409-07, <Add> by Einsn Liu 869 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT 870 //send event to wpa_supplicant 871 //if(pDevice->bWPASuppWextEnabled == TRUE) 872 { 873 union iwreq_data wrqu; 874 struct iw_michaelmicfailure ev; 875 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits 876 memset(&ev, 0, sizeof(ev)); 877 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 878 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 879 (pMgmt->eCurrState == WMAC_STATE_ASSOC) && 880 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 881 ev.flags |= IW_MICFAILURE_PAIRWISE; 882 } else { 883 ev.flags |= IW_MICFAILURE_GROUP; 884 } 885 886 ev.src_addr.sa_family = ARPHRD_ETHER; 887 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); 888 memset(&wrqu, 0, sizeof(wrqu)); 889 wrqu.data.length = sizeof(ev); 890 PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n"); 891 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); 892 893 } 894 #endif 895 896 897 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) { 898 wpahdr = (viawget_wpa_header *)pDevice->skb->data; 899 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 900 (pMgmt->eCurrState == WMAC_STATE_ASSOC) && 901 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 902 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR; 903 wpahdr->type = VIAWGET_PTK_MIC_MSG; 904 } else { 905 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR; 906 wpahdr->type = VIAWGET_GTK_MIC_MSG; 907 } 908 wpahdr->resp_ie_len = 0; 909 wpahdr->req_ie_len = 0; 910 skb_put(pDevice->skb, sizeof(viawget_wpa_header)); 911 pDevice->skb->dev = pDevice->wpadev; 912 skb_reset_mac_header(pDevice->skb); 913 pDevice->skb->pkt_type = PACKET_HOST; 914 pDevice->skb->protocol = htons(ETH_P_802_2); 915 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); 916 netif_rx(pDevice->skb); 917 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); 918 }; 919 920 return FALSE; 921 922 } 923 } 924 } //---end of SOFT MIC----------------------------------------------------------------------- 925 926 // ++++++++++ Reply Counter Check +++++++++++++ 927 928 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || 929 (pKey->byCipherSuite == KEY_CTL_CCMP))) { 930 if (bIsWEP) { 931 WORD wLocalTSC15_0 = 0; 932 DWORD dwLocalTSC47_16 = 0; 933 unsigned long long RSC = 0; 934 // endian issues 935 RSC = *((unsigned long long *) &(pKey->KeyRSC)); 936 wLocalTSC15_0 = (WORD) RSC; 937 dwLocalTSC47_16 = (DWORD) (RSC>>16); 938 939 RSC = dwRxTSC47_16; 940 RSC <<= 16; 941 RSC += wRxTSC15_0; 942 memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD)); 943 944 if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && 945 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { 946 // check RSC 947 if ( (wRxTSC15_0 < wLocalTSC15_0) && 948 (dwRxTSC47_16 <= dwLocalTSC47_16) && 949 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { 950 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n "); 951 if (pKey->byCipherSuite == KEY_CTL_TKIP) 952 //pDevice->s802_11Counter.TKIPReplays.QuadPart++; 953 pDevice->s802_11Counter.TKIPReplays++; 954 else 955 //pDevice->s802_11Counter.CCMPReplays.QuadPart++; 956 pDevice->s802_11Counter.CCMPReplays++; 957 958 if (bDeFragRx) { 959 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 960 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 961 pDevice->dev->name); 962 } 963 } 964 return FALSE; 965 } 966 } 967 } 968 } // ----- End of Reply Counter Check -------------------------- 969 970 971 s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); 972 FrameSize -= cbHeaderOffset; 973 cbHeaderOffset += 8; // 8 is Rcv buffer header 974 975 // Null data, framesize = 12 976 if (FrameSize < 12) 977 return FALSE; 978 979 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 980 if (s_bAPModeRxData(pDevice, 981 skb, 982 FrameSize, 983 cbHeaderOffset, 984 iSANodeIndex, 985 iDANodeIndex 986 ) == FALSE) { 987 988 if (bDeFragRx) { 989 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 990 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 991 pDevice->dev->name); 992 } 993 } 994 return FALSE; 995 } 996 997 } 998 999 skb->data += cbHeaderOffset; 1000 skb->tail += cbHeaderOffset; 1001 skb_put(skb, FrameSize); 1002 skb->protocol=eth_type_trans(skb, skb->dev); 1003 skb->ip_summed=CHECKSUM_NONE; 1004 pStats->rx_bytes +=skb->len; 1005 pStats->rx_packets++; 1006 netif_rx(skb); 1007 if (bDeFragRx) { 1008 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 1009 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", 1010 pDevice->dev->name); 1011 } 1012 return FALSE; 1013 } 1014 1015 return TRUE; 1016} 1017 1018 1019static BOOL s_bAPModeRxCtl ( 1020 PSDevice pDevice, 1021 PBYTE pbyFrame, 1022 signed int iSANodeIndex 1023 ) 1024{ 1025 PS802_11Header p802_11Header; 1026 CMD_STATUS Status; 1027 PSMgmtObject pMgmt = &(pDevice->sMgmtObj); 1028 1029 1030 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 1031 1032 p802_11Header = (PS802_11Header) (pbyFrame); 1033 if (!IS_TYPE_MGMT(pbyFrame)) { 1034 1035 // Data & PS-Poll packet 1036 // check frame class 1037 if (iSANodeIndex > 0) { 1038 // frame class 3 fliter & checking 1039 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { 1040 // send deauth notification 1041 // reason = (6) class 2 received from nonauth sta 1042 vMgrDeAuthenBeginSta(pDevice, 1043 pMgmt, 1044 (PBYTE)(p802_11Header->abyAddr2), 1045 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1046 &Status 1047 ); 1048 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); 1049 return TRUE; 1050 }; 1051 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { 1052 // send deassoc notification 1053 // reason = (7) class 3 received from nonassoc sta 1054 vMgrDisassocBeginSta(pDevice, 1055 pMgmt, 1056 (PBYTE)(p802_11Header->abyAddr2), 1057 (WLAN_MGMT_REASON_CLASS3_NONASSOC), 1058 &Status 1059 ); 1060 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); 1061 return TRUE; 1062 }; 1063 1064 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { 1065 // delcare received ps-poll event 1066 if (IS_CTL_PSPOLL(pbyFrame)) { 1067 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1068 bScheduleCommand((void *) pDevice, 1069 WLAN_CMD_RX_PSPOLL, 1070 NULL); 1071 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); 1072 } 1073 else { 1074 // check Data PS state 1075 // if PW bit off, send out all PS bufferring packets. 1076 if (!IS_FC_POWERMGT(pbyFrame)) { 1077 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; 1078 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1079 bScheduleCommand((void *) pDevice, 1080 WLAN_CMD_RX_PSPOLL, 1081 NULL); 1082 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); 1083 } 1084 } 1085 } 1086 else { 1087 if (IS_FC_POWERMGT(pbyFrame)) { 1088 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE; 1089 // Once if STA in PS state, enable multicast bufferring 1090 pMgmt->sNodeDBTable[0].bPSEnable = TRUE; 1091 } 1092 else { 1093 // clear all pending PS frame. 1094 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { 1095 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; 1096 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; 1097 bScheduleCommand((void *) pDevice, 1098 WLAN_CMD_RX_PSPOLL, 1099 NULL); 1100 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); 1101 1102 } 1103 } 1104 } 1105 } 1106 else { 1107 vMgrDeAuthenBeginSta(pDevice, 1108 pMgmt, 1109 (PBYTE)(p802_11Header->abyAddr2), 1110 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 1111 &Status 1112 ); 1113 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); 1114 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n", 1115 p802_11Header->abyAddr3[0], 1116 p802_11Header->abyAddr3[1], 1117 p802_11Header->abyAddr3[2], 1118 p802_11Header->abyAddr3[3], 1119 p802_11Header->abyAddr3[4], 1120 p802_11Header->abyAddr3[5] 1121 ); 1122 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n", 1123 p802_11Header->abyAddr2[0], 1124 p802_11Header->abyAddr2[1], 1125 p802_11Header->abyAddr2[2], 1126 p802_11Header->abyAddr2[3], 1127 p802_11Header->abyAddr2[4], 1128 p802_11Header->abyAddr2[5] 1129 ); 1130 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n", 1131 p802_11Header->abyAddr1[0], 1132 p802_11Header->abyAddr1[1], 1133 p802_11Header->abyAddr1[2], 1134 p802_11Header->abyAddr1[3], 1135 p802_11Header->abyAddr1[4], 1136 p802_11Header->abyAddr1[5] 1137 ); 1138 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl ); 1139 return TRUE; 1140 } 1141 } 1142 } 1143 return FALSE; 1144 1145} 1146 1147static BOOL s_bHandleRxEncryption ( 1148 PSDevice pDevice, 1149 PBYTE pbyFrame, 1150 unsigned int FrameSize, 1151 PBYTE pbyRsr, 1152 PBYTE pbyNewRsr, 1153 PSKeyItem * pKeyOut, 1154 int * pbExtIV, 1155 PWORD pwRxTSC15_0, 1156 PDWORD pdwRxTSC47_16 1157 ) 1158{ 1159 unsigned int PayloadLen = FrameSize; 1160 PBYTE pbyIV; 1161 BYTE byKeyIdx; 1162 PSKeyItem pKey = NULL; 1163 BYTE byDecMode = KEY_CTL_WEP; 1164 PSMgmtObject pMgmt = &(pDevice->sMgmtObj); 1165 1166 1167 *pwRxTSC15_0 = 0; 1168 *pdwRxTSC47_16 = 0; 1169 1170 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1171 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && 1172 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { 1173 pbyIV += 6; // 6 is 802.11 address4 1174 PayloadLen -= 6; 1175 } 1176 byKeyIdx = (*(pbyIV+3) & 0xc0); 1177 byKeyIdx >>= 6; 1178 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); 1179 1180 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 1181 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 1182 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 1183 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 1184 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 1185 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && 1186 (pMgmt->byCSSPK != KEY_CTL_NONE)) { 1187 // unicast pkt use pairwise key 1188 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n"); 1189 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) { 1190 if (pMgmt->byCSSPK == KEY_CTL_TKIP) 1191 byDecMode = KEY_CTL_TKIP; 1192 else if (pMgmt->byCSSPK == KEY_CTL_CCMP) 1193 byDecMode = KEY_CTL_CCMP; 1194 } 1195 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey); 1196 } else { 1197 // use group key 1198 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); 1199 if (pMgmt->byCSSGK == KEY_CTL_TKIP) 1200 byDecMode = KEY_CTL_TKIP; 1201 else if (pMgmt->byCSSGK == KEY_CTL_CCMP) 1202 byDecMode = KEY_CTL_CCMP; 1203 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); 1204 } 1205 } 1206 // our WEP only support Default Key 1207 if (pKey == NULL) { 1208 // use default group key 1209 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); 1210 if (pMgmt->byCSSGK == KEY_CTL_TKIP) 1211 byDecMode = KEY_CTL_TKIP; 1212 else if (pMgmt->byCSSGK == KEY_CTL_CCMP) 1213 byDecMode = KEY_CTL_CCMP; 1214 } 1215 *pKeyOut = pKey; 1216 1217 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode); 1218 1219 if (pKey == NULL) { 1220 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n"); 1221 if (byDecMode == KEY_CTL_WEP) { 1222// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1223 } else if (pDevice->bLinkPass == TRUE) { 1224// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1225 } 1226 return FALSE; 1227 } 1228 if (byDecMode != pKey->byCipherSuite) { 1229 if (byDecMode == KEY_CTL_WEP) { 1230// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1231 } else if (pDevice->bLinkPass == TRUE) { 1232// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1233 } 1234 *pKeyOut = NULL; 1235 return FALSE; 1236 } 1237 if (byDecMode == KEY_CTL_WEP) { 1238 // handle WEP 1239 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1240 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) { 1241 // Software WEP 1242 // 1. 3253A 1243 // 2. WEP 256 1244 1245 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1246 memcpy(pDevice->abyPRNG, pbyIV, 3); 1247 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1248 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1249 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1250 1251 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1252 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1253 } 1254 } 1255 } else if ((byDecMode == KEY_CTL_TKIP) || 1256 (byDecMode == KEY_CTL_CCMP)) { 1257 // TKIP/AES 1258 1259 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1260 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); 1261 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); 1262 if (byDecMode == KEY_CTL_TKIP) { 1263 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1264 } else { 1265 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); 1266 } 1267 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); 1268 1269 if ((byDecMode == KEY_CTL_TKIP) && 1270 (pDevice->byLocalID <= REV_ID_VT3253_A1)) { 1271 // Software TKIP 1272 // 1. 3253 A 1273 PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame); 1274 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1275 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1276 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1277 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1278 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1279 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); 1280 } else { 1281 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); 1282 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); 1283 } 1284 } 1285 }// end of TKIP/AES 1286 1287 if ((*(pbyIV+3) & 0x20) != 0) 1288 *pbExtIV = TRUE; 1289 return TRUE; 1290} 1291 1292 1293static BOOL s_bHostWepRxEncryption ( 1294 PSDevice pDevice, 1295 PBYTE pbyFrame, 1296 unsigned int FrameSize, 1297 PBYTE pbyRsr, 1298 BOOL bOnFly, 1299 PSKeyItem pKey, 1300 PBYTE pbyNewRsr, 1301 int * pbExtIV, 1302 PWORD pwRxTSC15_0, 1303 PDWORD pdwRxTSC47_16 1304 ) 1305{ 1306 PSMgmtObject pMgmt = &(pDevice->sMgmtObj); 1307 unsigned int PayloadLen = FrameSize; 1308 PBYTE pbyIV; 1309 BYTE byKeyIdx; 1310 BYTE byDecMode = KEY_CTL_WEP; 1311 PS802_11Header pMACHeader; 1312 1313 1314 1315 *pwRxTSC15_0 = 0; 1316 *pdwRxTSC47_16 = 0; 1317 1318 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1319 if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && 1320 WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { 1321 pbyIV += 6; // 6 is 802.11 address4 1322 PayloadLen -= 6; 1323 } 1324 byKeyIdx = (*(pbyIV+3) & 0xc0); 1325 byKeyIdx >>= 6; 1326 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); 1327 1328 1329 if (pMgmt->byCSSGK == KEY_CTL_TKIP) 1330 byDecMode = KEY_CTL_TKIP; 1331 else if (pMgmt->byCSSGK == KEY_CTL_CCMP) 1332 byDecMode = KEY_CTL_CCMP; 1333 1334 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode); 1335 1336 if (byDecMode != pKey->byCipherSuite) { 1337 if (byDecMode == KEY_CTL_WEP) { 1338// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; 1339 } else if (pDevice->bLinkPass == TRUE) { 1340// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; 1341 } 1342 return FALSE; 1343 } 1344 1345 if (byDecMode == KEY_CTL_WEP) { 1346 // handle WEP 1347 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n"); 1348 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1349 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) || 1350 (bOnFly == FALSE)) { 1351 // Software WEP 1352 // 1. 3253A 1353 // 2. WEP 256 1354 // 3. NotOnFly 1355 1356 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1357 memcpy(pDevice->abyPRNG, pbyIV, 3); 1358 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1359 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1360 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1361 1362 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { 1363 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1364 } 1365 } 1366 } else if ((byDecMode == KEY_CTL_TKIP) || 1367 (byDecMode == KEY_CTL_CCMP)) { 1368 // TKIP/AES 1369 1370 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1371 *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); 1372 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); 1373 1374 if (byDecMode == KEY_CTL_TKIP) { 1375 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1376 } else { 1377 *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); 1378 } 1379 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); 1380 1381 if (byDecMode == KEY_CTL_TKIP) { 1382 1383 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) { 1384 // Software TKIP 1385 // 1. 3253 A 1386 // 2. NotOnFly 1387 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n"); 1388 pMACHeader = (PS802_11Header) (pbyFrame); 1389 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1390 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1391 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1392 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1393 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1394 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); 1395 } else { 1396 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); 1397 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); 1398 } 1399 } 1400 } 1401 1402 if (byDecMode == KEY_CTL_CCMP) { 1403 if (bOnFly == FALSE) { 1404 // Software CCMP 1405 // NotOnFly 1406 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n"); 1407 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) { 1408 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1409 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n"); 1410 } else { 1411 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n"); 1412 } 1413 } 1414 } 1415 1416 }// end of TKIP/AES 1417 1418 if ((*(pbyIV+3) & 0x20) != 0) 1419 *pbExtIV = TRUE; 1420 return TRUE; 1421} 1422 1423 1424 1425static BOOL s_bAPModeRxData ( 1426 PSDevice pDevice, 1427 struct sk_buff *skb, 1428 unsigned int FrameSize, 1429 unsigned int cbHeaderOffset, 1430 signed int iSANodeIndex, 1431 signed int iDANodeIndex 1432 ) 1433 1434{ 1435 PSMgmtObject pMgmt = &(pDevice->sMgmtObj); 1436 BOOL bRelayAndForward = FALSE; 1437 BOOL bRelayOnly = FALSE; 1438 BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80}; 1439 WORD wAID; 1440 1441 1442 struct sk_buff* skbcpy = NULL; 1443 1444 if (FrameSize > CB_MAX_BUF_SIZE) 1445 return FALSE; 1446 // check DA 1447 if (is_multicast_ether_addr((PBYTE)(skb->data+cbHeaderOffset))) { 1448 if (pMgmt->sNodeDBTable[0].bPSEnable) { 1449 1450 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz); 1451 1452 // if any node in PS mode, buffer packet until DTIM. 1453 if (skbcpy == NULL) { 1454 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n"); 1455 } 1456 else { 1457 skbcpy->dev = pDevice->dev; 1458 skbcpy->len = FrameSize; 1459 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize); 1460 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy); 1461 pMgmt->sNodeDBTable[0].wEnQueueCnt++; 1462 // set tx map 1463 pMgmt->abyPSTxMap[0] |= byMask[0]; 1464 } 1465 } 1466 else { 1467 bRelayAndForward = TRUE; 1468 } 1469 } 1470 else { 1471 // check if relay 1472 if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) { 1473 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) { 1474 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) { 1475 // queue this skb until next PS tx, and then release. 1476 1477 skb->data += cbHeaderOffset; 1478 skb->tail += cbHeaderOffset; 1479 skb_put(skb, FrameSize); 1480 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb); 1481 1482 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++; 1483 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID; 1484 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7]; 1485 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n", 1486 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]); 1487 return TRUE; 1488 } 1489 else { 1490 bRelayOnly = TRUE; 1491 } 1492 } 1493 }; 1494 } 1495 1496 if (bRelayOnly || bRelayAndForward) { 1497 // relay this packet right now 1498 if (bRelayAndForward) 1499 iDANodeIndex = 0; 1500 1501 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) { 1502 bRelayPacketSend(pDevice, (PBYTE) (skb->data + cbHeaderOffset), 1503 FrameSize, (unsigned int) iDANodeIndex); 1504 } 1505 1506 if (bRelayOnly) 1507 return FALSE; 1508 } 1509 // none associate, don't forward 1510 if (pDevice->uAssocCount == 0) 1511 return FALSE; 1512 1513 return TRUE; 1514} 1515 1516 1517 1518 1519void RXvWorkItem(void *Context) 1520{ 1521 PSDevice pDevice = (PSDevice) Context; 1522 int ntStatus; 1523 PRCB pRCB=NULL; 1524 1525 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n"); 1526 spin_lock_irq(&pDevice->lock); 1527 while ( MP_TEST_FLAG(pDevice, fMP_POST_READS) && 1528 MP_IS_READY(pDevice) && 1529 (pDevice->NumRecvFreeList != 0) ) { 1530 pRCB = pDevice->FirstRecvFreeList; 1531 pDevice->NumRecvFreeList--; 1532 ASSERT(pRCB);// cannot be NULL 1533 DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList); 1534 ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB); 1535 } 1536 pDevice->bIsRxWorkItemQueued = FALSE; 1537 spin_unlock_irq(&pDevice->lock); 1538 1539} 1540 1541 1542void 1543RXvFreeRCB( 1544 PRCB pRCB, 1545 BOOL bReAllocSkb 1546 ) 1547{ 1548 PSDevice pDevice = (PSDevice)pRCB->pDevice; 1549 1550 1551 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n"); 1552 1553 ASSERT(!pRCB->Ref); // should be 0 1554 ASSERT(pRCB->pDevice); // shouldn't be NULL 1555 1556 if (bReAllocSkb == TRUE) { 1557 pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); 1558 // todo error handling 1559 if (pRCB->skb == NULL) { 1560 DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n"); 1561 }else { 1562 pRCB->skb->dev = pDevice->dev; 1563 } 1564 } 1565 // 1566 // Insert the RCB back in the Recv free list 1567 // 1568 EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB); 1569 pDevice->NumRecvFreeList++; 1570 1571 1572 if (MP_TEST_FLAG(pDevice, fMP_POST_READS) && MP_IS_READY(pDevice) && 1573 (pDevice->bIsRxWorkItemQueued == FALSE) ) { 1574 1575 pDevice->bIsRxWorkItemQueued = TRUE; 1576 tasklet_schedule(&pDevice->ReadWorkItem); 1577 } 1578 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList); 1579} 1580 1581 1582void RXvMngWorkItem(void *Context) 1583{ 1584 PSDevice pDevice = (PSDevice) Context; 1585 PRCB pRCB=NULL; 1586 PSRxMgmtPacket pRxPacket; 1587 BOOL bReAllocSkb = FALSE; 1588 1589 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n"); 1590 1591 spin_lock_irq(&pDevice->lock); 1592 while (pDevice->NumRecvMngList!=0) 1593 { 1594 pRCB = pDevice->FirstRecvMngList; 1595 pDevice->NumRecvMngList--; 1596 DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList); 1597 if(!pRCB){ 1598 break; 1599 } 1600 ASSERT(pRCB);// cannot be NULL 1601 pRxPacket = &(pRCB->sMngPacket); 1602 vMgrRxManagePacket((void *) pDevice, &(pDevice->sMgmtObj), pRxPacket); 1603 pRCB->Ref--; 1604 if(pRCB->Ref == 0) { 1605 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList); 1606 RXvFreeRCB(pRCB, bReAllocSkb); 1607 } else { 1608 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n"); 1609 } 1610 } 1611 1612 pDevice->bIsRxMngWorkItemQueued = FALSE; 1613 spin_unlock_irq(&pDevice->lock); 1614 1615} 1616