Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
dpc.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
3  * All rights reserved.
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 2 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License along
16  * with this program; if not, write to the Free Software Foundation, Inc.,
17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18  *
19  * File: dpc.c
20  *
21  * Purpose: handle dpc rx functions
22  *
23  * Author: Lyndon Chen
24  *
25  * Date: May 20, 2003
26  *
27  * Functions:
28  * device_receive_frame - Rcv 802.11 frame function
29  * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30  * s_bAPModeRxData- AP Rcv data frame handle
31  * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32  * s_bHostWepRxEncryption- Rcv encrypted data via host
33  * s_byGetRateIdx- get rate index
34  * s_vGetDASA- get data offset
35  * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
36  *
37  * Revision History:
38  *
39  */
40 
41 #include "device.h"
42 #include "rxtx.h"
43 #include "tether.h"
44 #include "card.h"
45 #include "bssdb.h"
46 #include "mac.h"
47 #include "baseband.h"
48 #include "michael.h"
49 #include "tkip.h"
50 #include "tcrc.h"
51 #include "wctl.h"
52 #include "hostap.h"
53 #include "rf.h"
54 #include "iowpa.h"
55 #include "aes_ccmp.h"
56 #include "datarate.h"
57 #include "usbpipe.h"
58 
59 /*--------------------- Static Definitions -------------------------*/
60 
61 /*--------------------- Static Classes ----------------------------*/
62 
63 /*--------------------- Static Variables --------------------------*/
64 //static int msglevel =MSG_LEVEL_DEBUG;
65 static int msglevel =MSG_LEVEL_INFO;
66 
67 const BYTE acbyRxRate[MAX_RATE] =
68 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
69 
70 
71 /*--------------------- Static Functions --------------------------*/
72 
73 /*--------------------- Static Definitions -------------------------*/
74 
75 /*--------------------- Static Functions --------------------------*/
76 
77 static BYTE s_byGetRateIdx(BYTE byRate);
78 
79 static
80 void
81 s_vGetDASA(
82  PBYTE pbyRxBufferAddr,
83  unsigned int *pcbHeaderSize,
84  PSEthernetHeader psEthHeader
85  );
86 
87 static
88 void
89 s_vProcessRxMACHeader (
90  PSDevice pDevice,
91  PBYTE pbyRxBufferAddr,
92  unsigned int cbPacketSize,
93  BOOL bIsWEP,
94  BOOL bExtIV,
95  unsigned int *pcbHeadSize
96  );
97 
98 static BOOL s_bAPModeRxCtl(
99  PSDevice pDevice,
100  PBYTE pbyFrame,
101  signed int iSANodeIndex
102  );
103 
104 
105 
106 static BOOL s_bAPModeRxData (
107  PSDevice pDevice,
108  struct sk_buff *skb,
109  unsigned int FrameSize,
110  unsigned int cbHeaderOffset,
111  signed int iSANodeIndex,
112  signed int iDANodeIndex
113  );
114 
115 
116 static BOOL s_bHandleRxEncryption(
117  PSDevice pDevice,
118  PBYTE pbyFrame,
119  unsigned int FrameSize,
120  PBYTE pbyRsr,
121  PBYTE pbyNewRsr,
122  PSKeyItem * pKeyOut,
123  int * pbExtIV,
124  PWORD pwRxTSC15_0,
125  PDWORD pdwRxTSC47_16
126  );
127 
128 static BOOL s_bHostWepRxEncryption(
129 
130  PSDevice pDevice,
131  PBYTE pbyFrame,
132  unsigned int FrameSize,
133  PBYTE pbyRsr,
134  BOOL bOnFly,
135  PSKeyItem pKey,
136  PBYTE pbyNewRsr,
137  int * pbExtIV,
138  PWORD pwRxTSC15_0,
139  PDWORD pdwRxTSC47_16
140 
141  );
142 
143 /*--------------------- Export Variables --------------------------*/
144 
145 /*+
146  *
147  * Description:
148  * Translate Rcv 802.11 header to 802.3 header with Rx buffer
149  *
150  * Parameters:
151  * In:
152  * pDevice
153  * dwRxBufferAddr - Address of Rcv Buffer
154  * cbPacketSize - Rcv Packet size
155  * bIsWEP - If Rcv with WEP
156  * Out:
157  * pcbHeaderSize - 802.11 header size
158  *
159  * Return Value: None
160  *
161 -*/
162 static
163 void
164 s_vProcessRxMACHeader (
165  PSDevice pDevice,
166  PBYTE pbyRxBufferAddr,
167  unsigned int cbPacketSize,
168  BOOL bIsWEP,
169  BOOL bExtIV,
170  unsigned int *pcbHeadSize
171  )
172 {
173  PBYTE pbyRxBuffer;
174  unsigned int cbHeaderSize = 0;
175  PWORD pwType;
176  PS802_11Header pMACHeader;
177  int ii;
178 
179 
180  pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
181 
182  s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
183 
184  if (bIsWEP) {
185  if (bExtIV) {
186  // strip IV&ExtIV , add 8 byte
187  cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
188  } else {
189  // strip IV , add 4 byte
190  cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
191  }
192  }
193  else {
194  cbHeaderSize += WLAN_HDR_ADDR3_LEN;
195  };
196 
197  pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
198  if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
199  cbHeaderSize += 6;
200  } else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
201  cbHeaderSize += 6;
202  pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
203  if ((*pwType == cpu_to_be16(ETH_P_IPX)) ||
204  (*pwType == cpu_to_le16(0xF380))) {
205  cbHeaderSize -= 8;
206  pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
207  if (bIsWEP) {
208  if (bExtIV) {
209  *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
210  } else {
211  *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
212  }
213  }
214  else {
215  *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
216  }
217  }
218  }
219  else {
220  cbHeaderSize -= 2;
221  pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize);
222  if (bIsWEP) {
223  if (bExtIV) {
224  *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV
225  } else {
226  *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV
227  }
228  }
229  else {
230  *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
231  }
232  }
233 
234  cbHeaderSize -= (ETH_ALEN * 2);
235  pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize);
236  for (ii = 0; ii < ETH_ALEN; ii++)
237  *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
238  for (ii = 0; ii < ETH_ALEN; ii++)
239  *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
240 
241  *pcbHeadSize = cbHeaderSize;
242 }
243 
244 
245 
246 
247 static BYTE s_byGetRateIdx(BYTE byRate)
248 {
249  BYTE byRateIdx;
250 
251  for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) {
252  if (acbyRxRate[byRateIdx%MAX_RATE] == byRate)
253  return byRateIdx;
254  }
255  return 0;
256 }
257 
258 
259 static
260 void
261 s_vGetDASA (
262  PBYTE pbyRxBufferAddr,
263  unsigned int *pcbHeaderSize,
264  PSEthernetHeader psEthHeader
265  )
266 {
267  unsigned int cbHeaderSize = 0;
268  PS802_11Header pMACHeader;
269  int ii;
270 
271  pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
272 
273  if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
274  if (pMACHeader->wFrameCtl & FC_FROMDS) {
275  for (ii = 0; ii < ETH_ALEN; ii++) {
276  psEthHeader->abyDstAddr[ii] =
277  pMACHeader->abyAddr1[ii];
278  psEthHeader->abySrcAddr[ii] =
279  pMACHeader->abyAddr3[ii];
280  }
281  } else {
282  /* IBSS mode */
283  for (ii = 0; ii < ETH_ALEN; ii++) {
284  psEthHeader->abyDstAddr[ii] =
285  pMACHeader->abyAddr1[ii];
286  psEthHeader->abySrcAddr[ii] =
287  pMACHeader->abyAddr2[ii];
288  }
289  }
290  } else {
291  /* Is AP mode.. */
292  if (pMACHeader->wFrameCtl & FC_FROMDS) {
293  for (ii = 0; ii < ETH_ALEN; ii++) {
294  psEthHeader->abyDstAddr[ii] =
295  pMACHeader->abyAddr3[ii];
296  psEthHeader->abySrcAddr[ii] =
297  pMACHeader->abyAddr4[ii];
298  cbHeaderSize += 6;
299  }
300  } else {
301  for (ii = 0; ii < ETH_ALEN; ii++) {
302  psEthHeader->abyDstAddr[ii] =
303  pMACHeader->abyAddr3[ii];
304  psEthHeader->abySrcAddr[ii] =
305  pMACHeader->abyAddr2[ii];
306  }
307  }
308  };
309  *pcbHeaderSize = cbHeaderSize;
310 }
311 
312 
313 
314 
315 BOOL
316 RXbBulkInProcessData (
317  PSDevice pDevice,
318  PRCB pRCB,
319  unsigned long BytesToIndicate
320  )
321 {
322 
323  struct net_device_stats* pStats=&pDevice->stats;
324  struct sk_buff* skb;
325  PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
326  PSRxMgmtPacket pRxPacket = &(pMgmt->sRxPacket);
327  PS802_11Header p802_11Header;
328  PBYTE pbyRsr;
329  PBYTE pbyNewRsr;
330  PBYTE pbyRSSI;
331  PQWORD pqwTSFTime;
332  PBYTE pbyFrame;
333  BOOL bDeFragRx = FALSE;
334  unsigned int cbHeaderOffset;
335  unsigned int FrameSize;
336  WORD wEtherType = 0;
337  signed int iSANodeIndex = -1;
338  signed int iDANodeIndex = -1;
339  unsigned int ii;
340  unsigned int cbIVOffset;
341  PBYTE pbyRxSts;
342  PBYTE pbyRxRate;
343  PBYTE pbySQ;
344  PBYTE pby3SQ;
345  unsigned int cbHeaderSize;
346  PSKeyItem pKey = NULL;
347  WORD wRxTSC15_0 = 0;
348  DWORD dwRxTSC47_16 = 0;
349  SKeyItem STempKey;
350  // 802.11h RPI
351  /* signed long ldBm = 0; */
352  BOOL bIsWEP = FALSE;
353  BOOL bExtIV = FALSE;
354  DWORD dwWbkStatus;
355  PRCB pRCBIndicate = pRCB;
356  PBYTE pbyDAddress;
357  PWORD pwPLCP_Length;
358  BYTE abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108};
359  WORD wPLCPwithPadding;
360  PS802_11Header pMACHeader;
361  BOOL bRxeapol_key = FALSE;
362 
363 
364 
365  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n");
366 
367  skb = pRCB->skb;
368 
369  //[31:16]RcvByteCount ( not include 4-byte Status )
370  dwWbkStatus = *( (PDWORD)(skb->data) );
371  FrameSize = (unsigned int)(dwWbkStatus >> 16);
372  FrameSize += 4;
373 
374  if (BytesToIndicate != FrameSize) {
375  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n");
376  return FALSE;
377  }
378 
379  if ((BytesToIndicate > 2372) || (BytesToIndicate <= 40)) {
380  // Frame Size error drop this packet.
381  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2\n");
382  return FALSE;
383  }
384 
385  pbyDAddress = (PBYTE)(skb->data);
386  pbyRxSts = pbyDAddress+4;
387  pbyRxRate = pbyDAddress+5;
388 
389  //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding
390  //if SQ3 the range is 24~27, if no SQ3 the range is 20~23
391  //real Frame size in PLCPLength field.
392  pwPLCP_Length = (PWORD) (pbyDAddress + 6);
393  //Fix hardware bug => PLCP_Length error
394  if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) ||
395  ((BytesToIndicate - (*pwPLCP_Length)) < 24) ||
396  (BytesToIndicate < (*pwPLCP_Length)) ) {
397 
398  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length);
399  ASSERT(0);
400  return FALSE;
401  }
402  for ( ii=RATE_1M;ii<MAX_RATE;ii++) {
403  if ( *pbyRxRate == abyVaildRate[ii] ) {
404  break;
405  }
406  }
407  if ( ii==MAX_RATE ) {
408  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate);
409  return FALSE;
410  }
411 
412  wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4;
413 
414  pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding);
415  if(pDevice->byBBType == BB_TYPE_11G) {
416  pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12;
417  pbySQ = pby3SQ;
418  }
419  else {
420  pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8;
421  pby3SQ = pbySQ;
422  }
423  pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9;
424  pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10;
425  pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11;
426 
427  FrameSize = *pwPLCP_Length;
428 
429  pbyFrame = pbyDAddress + 8;
430  // update receive statistic counter
431 
432  STAvUpdateRDStatCounter(&pDevice->scStatistic,
433  *pbyRsr,
434  *pbyNewRsr,
435  *pbyRxSts,
436  *pbyRxRate,
437  pbyFrame,
438  FrameSize
439  );
440 
441 
442  pMACHeader = (PS802_11Header) pbyFrame;
443 
444 //mike add: to judge if current AP is activated?
445  if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) ||
446  (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) {
447  if (pMgmt->sNodeDBTable[0].bActive) {
448  if (!compare_ether_addr(pMgmt->abyCurrBSSID, pMACHeader->abyAddr2)) {
449  if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
450  pMgmt->sNodeDBTable[0].uInActiveCount = 0;
451  }
452  }
453  }
454 
455  if (!is_multicast_ether_addr(pMACHeader->abyAddr1)) {
456  if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) {
457  pDevice->s802_11Counter.FrameDuplicateCount++;
458  return FALSE;
459  }
460 
461  if (compare_ether_addr(pDevice->abyCurrentNetAddr,
462  pMACHeader->abyAddr1)) {
463  return FALSE;
464  }
465  }
466 
467 
468  // Use for TKIP MIC
469  s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader);
470 
471  if (!compare_ether_addr((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]),
472  pDevice->abyCurrentNetAddr))
473  return FALSE;
474 
475  if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
476  if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
477  p802_11Header = (PS802_11Header) (pbyFrame);
478  // get SA NodeIndex
479  if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) {
480  pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
481  pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
482  }
483  }
484  }
485 
486  if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
487  if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) {
488  return FALSE;
489  }
490  }
491 
492 
493  if (IS_FC_WEP(pbyFrame)) {
494  BOOL bRxDecryOK = FALSE;
495 
496  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n");
497  bIsWEP = TRUE;
498  if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
499  pKey = &STempKey;
500  pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
501  pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
502  pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
503  pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
504  pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
505  memcpy(pKey->abyKey,
506  &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
507  pKey->uKeyLength
508  );
509 
510  bRxDecryOK = s_bHostWepRxEncryption(pDevice,
511  pbyFrame,
512  FrameSize,
513  pbyRsr,
514  pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
515  pKey,
516  pbyNewRsr,
517  &bExtIV,
518  &wRxTSC15_0,
519  &dwRxTSC47_16);
520  } else {
521  bRxDecryOK = s_bHandleRxEncryption(pDevice,
522  pbyFrame,
523  FrameSize,
524  pbyRsr,
525  pbyNewRsr,
526  &pKey,
527  &bExtIV,
528  &wRxTSC15_0,
529  &dwRxTSC47_16);
530  }
531 
532  if (bRxDecryOK) {
533  if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
534  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n");
535  if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
536  (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
537  (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
538  (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
539  (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
540 
541  if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
542  pDevice->s802_11Counter.TKIPICVErrors++;
543  } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
544  pDevice->s802_11Counter.CCMPDecryptErrors++;
545  } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
546 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
547  }
548  }
549  return FALSE;
550  }
551  } else {
552  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n");
553  return FALSE;
554  }
555  if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
556  FrameSize -= 8; // Message Integrity Code
557  else
558  FrameSize -= 4; // 4 is ICV
559  }
560 
561 
562  //
563  // RX OK
564  //
565  /* remove the FCS/CRC length */
566  FrameSize -= ETH_FCS_LEN;
567 
568  if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) && // unicast address
569  (IS_FRAGMENT_PKT((pbyFrame)))
570  ) {
571  // defragment
572  bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV);
573  pDevice->s802_11Counter.ReceivedFragmentCount++;
574  if (bDeFragRx) {
575  // defrag complete
576  // TODO skb, pbyFrame
577  skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
578  FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
579  pbyFrame = skb->data + 8;
580  }
581  else {
582  return FALSE;
583  }
584  }
585 
586  //
587  // Management & Control frame Handle
588  //
589  if ((IS_TYPE_DATA((pbyFrame))) == FALSE) {
590  // Handle Control & Manage Frame
591 
592  if (IS_TYPE_MGMT((pbyFrame))) {
593  PBYTE pbyData1;
594  PBYTE pbyData2;
595 
596  pRxPacket = &(pRCB->sMngPacket);
597  pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame);
598  pRxPacket->cbMPDULen = FrameSize;
599  pRxPacket->uRSSI = *pbyRSSI;
600  pRxPacket->bySQ = *pbySQ;
601  HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
602  LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
603  if (bIsWEP) {
604  // strip IV
605  pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame);
606  pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4;
607  for (ii = 0; ii < (FrameSize - 4); ii++) {
608  *pbyData1 = *pbyData2;
609  pbyData1++;
610  pbyData2++;
611  }
612  }
613 
614  pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
615 
616  if ( *pbyRxSts == 0 ) {
617  //Discard beacon packet which channel is 0
618  if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) ||
619  (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) {
620  return TRUE;
621  }
622  }
623  pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
624 
625  // hostap Deamon handle 802.11 management
626  if (pDevice->bEnableHostapd) {
627  skb->dev = pDevice->apdev;
628  //skb->data += 4;
629  //skb->tail += 4;
630  skb->data += 8;
631  skb->tail += 8;
632  skb_put(skb, FrameSize);
633  skb_reset_mac_header(skb);
634  skb->pkt_type = PACKET_OTHERHOST;
635  skb->protocol = htons(ETH_P_802_2);
636  memset(skb->cb, 0, sizeof(skb->cb));
637  netif_rx(skb);
638  return TRUE;
639  }
640 
641  //
642  // Insert the RCB in the Recv Mng list
643  //
644  EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate);
645  pDevice->NumRecvMngList++;
646  if ( bDeFragRx == FALSE) {
647  pRCB->Ref++;
648  }
649  if (pDevice->bIsRxMngWorkItemQueued == FALSE) {
650  pDevice->bIsRxMngWorkItemQueued = TRUE;
651  tasklet_schedule(&pDevice->RxMngWorkItem);
652  }
653 
654  }
655  else {
656  // Control Frame
657  };
658  return FALSE;
659  }
660  else {
661  if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
662  //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
663  if ( !(*pbyRsr & RSR_BSSIDOK)) {
664  if (bDeFragRx) {
665  if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
666  DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
667  pDevice->dev->name);
668  }
669  }
670  return FALSE;
671  }
672  }
673  else {
674  // discard DATA packet while not associate || BSSID error
675  if ((pDevice->bLinkPass == FALSE) ||
676  !(*pbyRsr & RSR_BSSIDOK)) {
677  if (bDeFragRx) {
678  if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
679  DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
680  pDevice->dev->name);
681  }
682  }
683  return FALSE;
684  }
685  //mike add:station mode check eapol-key challenge--->
686  {
687  BYTE Protocol_Version; //802.1x Authentication
688  BYTE Packet_Type; //802.1x Authentication
689  BYTE Descriptor_type;
690  WORD Key_info;
691  if (bIsWEP)
692  cbIVOffset = 8;
693  else
694  cbIVOffset = 0;
695  wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
696  skb->data[cbIVOffset + 8 + 24 + 6 + 1];
697  Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1];
698  Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1];
699  if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header
700  if(((Protocol_Version==1) ||(Protocol_Version==2)) &&
701  (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive
702  bRxeapol_key = TRUE;
703  Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2];
704  Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ;
705  if(Descriptor_type==2) { //RSN
706  // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info);
707  }
708  else if(Descriptor_type==254) {
709  // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info);
710  }
711  }
712  }
713  }
714  //mike add:station mode check eapol-key challenge<---
715  }
716  }
717 
718 
719 // Data frame Handle
720 
721 
722  if (pDevice->bEnablePSMode) {
723  if (IS_FC_MOREDATA((pbyFrame))) {
724  if (*pbyRsr & RSR_ADDROK) {
725  //PSbSendPSPOLL((PSDevice)pDevice);
726  }
727  }
728  else {
729  if (pMgmt->bInTIMWake == TRUE) {
730  pMgmt->bInTIMWake = FALSE;
731  }
732  }
733  }
734 
735  // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
736  if (pDevice->bDiversityEnable && (FrameSize>50) &&
737  (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
738  (pDevice->bLinkPass == TRUE)) {
739  BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
740  }
741 
742  // ++++++++ For BaseBand Algorithm +++++++++++++++
743  pDevice->uCurrRSSI = *pbyRSSI;
744  pDevice->byCurrSQ = *pbySQ;
745 
746  // todo
747 /*
748  if ((*pbyRSSI != 0) &&
749  (pMgmt->pCurrBSS!=NULL)) {
750  RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
751  // Monitor if RSSI is too strong.
752  pMgmt->pCurrBSS->byRSSIStatCnt++;
753  pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
754  pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
755  for (ii = 0; ii < RSSI_STAT_COUNT; ii++) {
756  if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
757  pMgmt->pCurrBSS->ldBmMAX =
758  max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
759  }
760  }
761  }
762 */
763 
764 
765  // -----------------------------------------------
766 
767  if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){
768  BYTE abyMacHdr[24];
769 
770  // Only 802.1x packet incoming allowed
771  if (bIsWEP)
772  cbIVOffset = 8;
773  else
774  cbIVOffset = 0;
775  wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
776  skb->data[cbIVOffset + 8 + 24 + 6 + 1];
777 
778  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType);
779  if (wEtherType == ETH_P_PAE) {
780  skb->dev = pDevice->apdev;
781 
782  if (bIsWEP == TRUE) {
783  // strip IV header(8)
784  memcpy(&abyMacHdr[0], (skb->data + 8), 24);
785  memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24);
786  }
787 
788  skb->data += (cbIVOffset + 8);
789  skb->tail += (cbIVOffset + 8);
790  skb_put(skb, FrameSize);
791  skb_reset_mac_header(skb);
792  skb->pkt_type = PACKET_OTHERHOST;
793  skb->protocol = htons(ETH_P_802_2);
794  memset(skb->cb, 0, sizeof(skb->cb));
795  netif_rx(skb);
796  return TRUE;
797 
798  }
799  // check if 802.1x authorized
800  if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
801  return FALSE;
802  }
803 
804 
805  if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
806  if (bIsWEP) {
807  FrameSize -= 8; //MIC
808  }
809  }
810 
811  //--------------------------------------------------------------------------------
812  // Soft MIC
813  if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
814  if (bIsWEP) {
815  PDWORD pdwMIC_L;
816  PDWORD pdwMIC_R;
817  DWORD dwMIC_Priority;
818  DWORD dwMICKey0 = 0, dwMICKey1 = 0;
819  DWORD dwLocalMIC_L = 0;
820  DWORD dwLocalMIC_R = 0;
821  viawget_wpa_header *wpahdr;
822 
823 
824  if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
825  dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
826  dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
827  }
828  else {
829  if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
830  dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
831  dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
832  } else if ((pKey->dwKeyIndex & BIT28) == 0) {
833  dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
834  dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
835  } else {
836  dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
837  dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
838  }
839  }
840 
841  MIC_vInit(dwMICKey0, dwMICKey1);
842  MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
843  dwMIC_Priority = 0;
844  MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
845  // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
846  MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8),
847  FrameSize - WLAN_HDR_ADDR3_LEN - 8);
848  MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
849  MIC_vUnInit();
850 
851  pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize);
852  pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4);
853 
854 
855  if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
856  (pDevice->bRxMICFail == TRUE)) {
857  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
858  pDevice->bRxMICFail = FALSE;
859  //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
860  pDevice->s802_11Counter.TKIPLocalMICFailures++;
861  if (bDeFragRx) {
862  if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
863  DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
864  pDevice->dev->name);
865  }
866  }
867  #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
868  //send event to wpa_supplicant
869  //if(pDevice->bWPASuppWextEnabled == TRUE)
870  {
871  union iwreq_data wrqu;
872  struct iw_michaelmicfailure ev;
873  int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
874  memset(&ev, 0, sizeof(ev));
875  ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
876  if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
877  (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
878  (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
879  ev.flags |= IW_MICFAILURE_PAIRWISE;
880  } else {
881  ev.flags |= IW_MICFAILURE_GROUP;
882  }
883 
884  ev.src_addr.sa_family = ARPHRD_ETHER;
885  memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
886  memset(&wrqu, 0, sizeof(wrqu));
887  wrqu.data.length = sizeof(ev);
888  PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
889  wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
890 
891  }
892  #endif
893 
894 
895  if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
896  wpahdr = (viawget_wpa_header *)pDevice->skb->data;
897  if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
898  (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
899  (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
900  //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
901  wpahdr->type = VIAWGET_PTK_MIC_MSG;
902  } else {
903  //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
904  wpahdr->type = VIAWGET_GTK_MIC_MSG;
905  }
906  wpahdr->resp_ie_len = 0;
907  wpahdr->req_ie_len = 0;
908  skb_put(pDevice->skb, sizeof(viawget_wpa_header));
909  pDevice->skb->dev = pDevice->wpadev;
910  skb_reset_mac_header(pDevice->skb);
911  pDevice->skb->pkt_type = PACKET_HOST;
912  pDevice->skb->protocol = htons(ETH_P_802_2);
913  memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
914  netif_rx(pDevice->skb);
915  pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
916  }
917 
918  return FALSE;
919 
920  }
921  }
922  } //---end of SOFT MIC-----------------------------------------------------------------------
923 
924  // ++++++++++ Reply Counter Check +++++++++++++
925 
926  if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
927  (pKey->byCipherSuite == KEY_CTL_CCMP))) {
928  if (bIsWEP) {
929  WORD wLocalTSC15_0 = 0;
930  DWORD dwLocalTSC47_16 = 0;
931  unsigned long long RSC = 0;
932  // endian issues
933  RSC = *((unsigned long long *) &(pKey->KeyRSC));
934  wLocalTSC15_0 = (WORD) RSC;
935  dwLocalTSC47_16 = (DWORD) (RSC>>16);
936 
937  RSC = dwRxTSC47_16;
938  RSC <<= 16;
939  RSC += wRxTSC15_0;
940  memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
941 
942  if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
943  (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
944  // check RSC
945  if ( (wRxTSC15_0 < wLocalTSC15_0) &&
946  (dwRxTSC47_16 <= dwLocalTSC47_16) &&
947  !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
948  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
949  if (pKey->byCipherSuite == KEY_CTL_TKIP)
950  //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
951  pDevice->s802_11Counter.TKIPReplays++;
952  else
953  //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
954  pDevice->s802_11Counter.CCMPReplays++;
955 
956  if (bDeFragRx) {
957  if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
958  DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
959  pDevice->dev->name);
960  }
961  }
962  return FALSE;
963  }
964  }
965  }
966  } // ----- End of Reply Counter Check --------------------------
967 
968 
969  s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
970  FrameSize -= cbHeaderOffset;
971  cbHeaderOffset += 8; // 8 is Rcv buffer header
972 
973  // Null data, framesize = 12
974  if (FrameSize < 12)
975  return FALSE;
976 
977  if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
978  if (s_bAPModeRxData(pDevice,
979  skb,
980  FrameSize,
981  cbHeaderOffset,
982  iSANodeIndex,
983  iDANodeIndex
984  ) == FALSE) {
985 
986  if (bDeFragRx) {
987  if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
988  DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
989  pDevice->dev->name);
990  }
991  }
992  return FALSE;
993  }
994 
995  }
996 
997  skb->data += cbHeaderOffset;
998  skb->tail += cbHeaderOffset;
999  skb_put(skb, FrameSize);
1000  skb->protocol=eth_type_trans(skb, skb->dev);
1001  skb->ip_summed=CHECKSUM_NONE;
1002  pStats->rx_bytes +=skb->len;
1003  pStats->rx_packets++;
1004  netif_rx(skb);
1005  if (bDeFragRx) {
1006  if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
1007  DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
1008  pDevice->dev->name);
1009  }
1010  return FALSE;
1011  }
1012 
1013  return TRUE;
1014 }
1015 
1016 
1017 static BOOL s_bAPModeRxCtl (
1018  PSDevice pDevice,
1019  PBYTE pbyFrame,
1020  signed int iSANodeIndex
1021  )
1022 {
1023  PS802_11Header p802_11Header;
1024  CMD_STATUS Status;
1025  PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1026 
1027 
1028  if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
1029 
1030  p802_11Header = (PS802_11Header) (pbyFrame);
1031  if (!IS_TYPE_MGMT(pbyFrame)) {
1032 
1033  // Data & PS-Poll packet
1034  // check frame class
1035  if (iSANodeIndex > 0) {
1036  // frame class 3 fliter & checking
1037  if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
1038  // send deauth notification
1039  // reason = (6) class 2 received from nonauth sta
1040  vMgrDeAuthenBeginSta(pDevice,
1041  pMgmt,
1042  (PBYTE)(p802_11Header->abyAddr2),
1043  (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1044  &Status
1045  );
1046  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
1047  return TRUE;
1048  }
1049  if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
1050  // send deassoc notification
1051  // reason = (7) class 3 received from nonassoc sta
1052  vMgrDisassocBeginSta(pDevice,
1053  pMgmt,
1054  (PBYTE)(p802_11Header->abyAddr2),
1055  (WLAN_MGMT_REASON_CLASS3_NONASSOC),
1056  &Status
1057  );
1058  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
1059  return TRUE;
1060  }
1061 
1062  if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
1063  // delcare received ps-poll event
1064  if (IS_CTL_PSPOLL(pbyFrame)) {
1065  pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1066  bScheduleCommand((void *) pDevice,
1067  WLAN_CMD_RX_PSPOLL,
1068  NULL);
1069  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1070  }
1071  else {
1072  // check Data PS state
1073  // if PW bit off, send out all PS bufferring packets.
1074  if (!IS_FC_POWERMGT(pbyFrame)) {
1075  pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1076  pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1077  bScheduleCommand((void *) pDevice,
1078  WLAN_CMD_RX_PSPOLL,
1079  NULL);
1080  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1081  }
1082  }
1083  }
1084  else {
1085  if (IS_FC_POWERMGT(pbyFrame)) {
1086  pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
1087  // Once if STA in PS state, enable multicast bufferring
1088  pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
1089  }
1090  else {
1091  // clear all pending PS frame.
1092  if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1093  pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
1094  pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
1095  bScheduleCommand((void *) pDevice,
1096  WLAN_CMD_RX_PSPOLL,
1097  NULL);
1098  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1099 
1100  }
1101  }
1102  }
1103  }
1104  else {
1105  vMgrDeAuthenBeginSta(pDevice,
1106  pMgmt,
1107  (PBYTE)(p802_11Header->abyAddr2),
1108  (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1109  &Status
1110  );
1111  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1112  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%pM\n",
1113  p802_11Header->abyAddr3);
1114  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%pM\n",
1115  p802_11Header->abyAddr2);
1116  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%pM\n",
1117  p802_11Header->abyAddr1);
1118  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
1119  return TRUE;
1120  }
1121  }
1122  }
1123  return FALSE;
1124 
1125 }
1126 
1127 static BOOL s_bHandleRxEncryption (
1128  PSDevice pDevice,
1129  PBYTE pbyFrame,
1130  unsigned int FrameSize,
1131  PBYTE pbyRsr,
1132  PBYTE pbyNewRsr,
1133  PSKeyItem * pKeyOut,
1134  int * pbExtIV,
1135  PWORD pwRxTSC15_0,
1136  PDWORD pdwRxTSC47_16
1137  )
1138 {
1139  unsigned int PayloadLen = FrameSize;
1140  PBYTE pbyIV;
1141  BYTE byKeyIdx;
1142  PSKeyItem pKey = NULL;
1143  BYTE byDecMode = KEY_CTL_WEP;
1144  PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1145 
1146 
1147  *pwRxTSC15_0 = 0;
1148  *pdwRxTSC47_16 = 0;
1149 
1150  pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1151  if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1152  WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1153  pbyIV += 6; // 6 is 802.11 address4
1154  PayloadLen -= 6;
1155  }
1156  byKeyIdx = (*(pbyIV+3) & 0xc0);
1157  byKeyIdx >>= 6;
1158  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1159 
1160  if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1161  (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1162  (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1163  (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1164  (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1165  if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1166  (pMgmt->byCSSPK != KEY_CTL_NONE)) {
1167  // unicast pkt use pairwise key
1168  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
1169  if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
1170  if (pMgmt->byCSSPK == KEY_CTL_TKIP)
1171  byDecMode = KEY_CTL_TKIP;
1172  else if (pMgmt->byCSSPK == KEY_CTL_CCMP)
1173  byDecMode = KEY_CTL_CCMP;
1174  }
1175  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
1176  } else {
1177  // use group key
1178  KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1179  if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1180  byDecMode = KEY_CTL_TKIP;
1181  else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1182  byDecMode = KEY_CTL_CCMP;
1183  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1184  }
1185  }
1186  // our WEP only support Default Key
1187  if (pKey == NULL) {
1188  // use default group key
1189  KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1190  if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1191  byDecMode = KEY_CTL_TKIP;
1192  else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1193  byDecMode = KEY_CTL_CCMP;
1194  }
1195  *pKeyOut = pKey;
1196 
1197  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1198 
1199  if (pKey == NULL) {
1200  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
1201  if (byDecMode == KEY_CTL_WEP) {
1202 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1203  } else if (pDevice->bLinkPass == TRUE) {
1204 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1205  }
1206  return FALSE;
1207  }
1208  if (byDecMode != pKey->byCipherSuite) {
1209  if (byDecMode == KEY_CTL_WEP) {
1210 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1211  } else if (pDevice->bLinkPass == TRUE) {
1212 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1213  }
1214  *pKeyOut = NULL;
1215  return FALSE;
1216  }
1217  if (byDecMode == KEY_CTL_WEP) {
1218  // handle WEP
1219  if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1220  (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
1221  // Software WEP
1222  // 1. 3253A
1223  // 2. WEP 256
1224 
1225  PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1226  memcpy(pDevice->abyPRNG, pbyIV, 3);
1227  memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1228  rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1229  rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1230 
1231  if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1232  *pbyNewRsr |= NEWRSR_DECRYPTOK;
1233  }
1234  }
1235  } else if ((byDecMode == KEY_CTL_TKIP) ||
1236  (byDecMode == KEY_CTL_CCMP)) {
1237  // TKIP/AES
1238 
1239  PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1240  *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1241  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1242  if (byDecMode == KEY_CTL_TKIP) {
1243  *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1244  } else {
1245  *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1246  }
1247  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1248 
1249  if ((byDecMode == KEY_CTL_TKIP) &&
1250  (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1251  // Software TKIP
1252  // 1. 3253 A
1253  PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
1254  TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1255  rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1256  rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1257  if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1258  *pbyNewRsr |= NEWRSR_DECRYPTOK;
1259  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1260  } else {
1261  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1262  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1263  }
1264  }
1265  }// end of TKIP/AES
1266 
1267  if ((*(pbyIV+3) & 0x20) != 0)
1268  *pbExtIV = TRUE;
1269  return TRUE;
1270 }
1271 
1272 
1273 static BOOL s_bHostWepRxEncryption (
1274  PSDevice pDevice,
1275  PBYTE pbyFrame,
1276  unsigned int FrameSize,
1277  PBYTE pbyRsr,
1278  BOOL bOnFly,
1279  PSKeyItem pKey,
1280  PBYTE pbyNewRsr,
1281  int * pbExtIV,
1282  PWORD pwRxTSC15_0,
1283  PDWORD pdwRxTSC47_16
1284  )
1285 {
1286  PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1287  unsigned int PayloadLen = FrameSize;
1288  PBYTE pbyIV;
1289  BYTE byKeyIdx;
1290  BYTE byDecMode = KEY_CTL_WEP;
1291  PS802_11Header pMACHeader;
1292 
1293 
1294 
1295  *pwRxTSC15_0 = 0;
1296  *pdwRxTSC47_16 = 0;
1297 
1298  pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1299  if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
1300  WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
1301  pbyIV += 6; // 6 is 802.11 address4
1302  PayloadLen -= 6;
1303  }
1304  byKeyIdx = (*(pbyIV+3) & 0xc0);
1305  byKeyIdx >>= 6;
1306  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
1307 
1308 
1309  if (pMgmt->byCSSGK == KEY_CTL_TKIP)
1310  byDecMode = KEY_CTL_TKIP;
1311  else if (pMgmt->byCSSGK == KEY_CTL_CCMP)
1312  byDecMode = KEY_CTL_CCMP;
1313 
1314  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode);
1315 
1316  if (byDecMode != pKey->byCipherSuite) {
1317  if (byDecMode == KEY_CTL_WEP) {
1318 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1319  } else if (pDevice->bLinkPass == TRUE) {
1320 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1321  }
1322  return FALSE;
1323  }
1324 
1325  if (byDecMode == KEY_CTL_WEP) {
1326  // handle WEP
1327  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
1328  if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1329  (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
1330  (bOnFly == FALSE)) {
1331  // Software WEP
1332  // 1. 3253A
1333  // 2. WEP 256
1334  // 3. NotOnFly
1335 
1336  PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1337  memcpy(pDevice->abyPRNG, pbyIV, 3);
1338  memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1339  rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1340  rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1341 
1342  if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1343  *pbyNewRsr |= NEWRSR_DECRYPTOK;
1344  }
1345  }
1346  } else if ((byDecMode == KEY_CTL_TKIP) ||
1347  (byDecMode == KEY_CTL_CCMP)) {
1348  // TKIP/AES
1349 
1350  PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1351  *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
1352  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
1353 
1354  if (byDecMode == KEY_CTL_TKIP) {
1355  *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1356  } else {
1357  *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
1358  }
1359  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
1360 
1361  if (byDecMode == KEY_CTL_TKIP) {
1362 
1363  if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
1364  // Software TKIP
1365  // 1. 3253 A
1366  // 2. NotOnFly
1367  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
1368  pMACHeader = (PS802_11Header) (pbyFrame);
1369  TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1370  rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1371  rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1372  if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1373  *pbyNewRsr |= NEWRSR_DECRYPTOK;
1374  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
1375  } else {
1376  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
1377  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
1378  }
1379  }
1380  }
1381 
1382  if (byDecMode == KEY_CTL_CCMP) {
1383  if (bOnFly == FALSE) {
1384  // Software CCMP
1385  // NotOnFly
1386  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
1387  if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1388  *pbyNewRsr |= NEWRSR_DECRYPTOK;
1389  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
1390  } else {
1391  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
1392  }
1393  }
1394  }
1395 
1396  }// end of TKIP/AES
1397 
1398  if ((*(pbyIV+3) & 0x20) != 0)
1399  *pbExtIV = TRUE;
1400  return TRUE;
1401 }
1402 
1403 
1404 
1405 static BOOL s_bAPModeRxData (
1406  PSDevice pDevice,
1407  struct sk_buff *skb,
1408  unsigned int FrameSize,
1409  unsigned int cbHeaderOffset,
1410  signed int iSANodeIndex,
1411  signed int iDANodeIndex
1412  )
1413 
1414 {
1415  PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
1416  BOOL bRelayAndForward = FALSE;
1417  BOOL bRelayOnly = FALSE;
1418  BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1419  WORD wAID;
1420 
1421 
1422  struct sk_buff* skbcpy = NULL;
1423 
1424  if (FrameSize > CB_MAX_BUF_SIZE)
1425  return FALSE;
1426  // check DA
1427  if (is_multicast_ether_addr((PBYTE)(skb->data+cbHeaderOffset))) {
1428  if (pMgmt->sNodeDBTable[0].bPSEnable) {
1429 
1430  skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1431 
1432  // if any node in PS mode, buffer packet until DTIM.
1433  if (skbcpy == NULL) {
1434  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1435  }
1436  else {
1437  skbcpy->dev = pDevice->dev;
1438  skbcpy->len = FrameSize;
1439  memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1440  skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1441  pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1442  // set tx map
1443  pMgmt->abyPSTxMap[0] |= byMask[0];
1444  }
1445  }
1446  else {
1447  bRelayAndForward = TRUE;
1448  }
1449  }
1450  else {
1451  // check if relay
1452  if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1453  if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1454  if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1455  // queue this skb until next PS tx, and then release.
1456 
1457  skb->data += cbHeaderOffset;
1458  skb->tail += cbHeaderOffset;
1459  skb_put(skb, FrameSize);
1460  skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1461 
1462  pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1463  wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1464  pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
1465  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1466  iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1467  return TRUE;
1468  }
1469  else {
1470  bRelayOnly = TRUE;
1471  }
1472  }
1473  }
1474  }
1475 
1476  if (bRelayOnly || bRelayAndForward) {
1477  // relay this packet right now
1478  if (bRelayAndForward)
1479  iDANodeIndex = 0;
1480 
1481  if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1482  bRelayPacketSend(pDevice, (PBYTE) (skb->data + cbHeaderOffset),
1483  FrameSize, (unsigned int) iDANodeIndex);
1484  }
1485 
1486  if (bRelayOnly)
1487  return FALSE;
1488  }
1489  // none associate, don't forward
1490  if (pDevice->uAssocCount == 0)
1491  return FALSE;
1492 
1493  return TRUE;
1494 }
1495 
1496 
1497 
1498 
1499 void RXvWorkItem(void *Context)
1500 {
1501  PSDevice pDevice = (PSDevice) Context;
1502  int ntStatus;
1503  PRCB pRCB=NULL;
1504 
1505  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n");
1506  spin_lock_irq(&pDevice->lock);
1507 
1508  while ((pDevice->Flags & fMP_POST_READS) &&
1509  MP_IS_READY(pDevice) &&
1510  (pDevice->NumRecvFreeList != 0) ) {
1511  pRCB = pDevice->FirstRecvFreeList;
1512  pDevice->NumRecvFreeList--;
1513  ASSERT(pRCB);// cannot be NULL
1514  DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList);
1515  ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB);
1516  }
1517  pDevice->bIsRxWorkItemQueued = FALSE;
1518  spin_unlock_irq(&pDevice->lock);
1519 
1520 }
1521 
1522 
1523 void
1524 RXvFreeRCB(
1525  PRCB pRCB,
1526  BOOL bReAllocSkb
1527  )
1528 {
1529  PSDevice pDevice = (PSDevice)pRCB->pDevice;
1530 
1531 
1532  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n");
1533 
1534  ASSERT(!pRCB->Ref); // should be 0
1535  ASSERT(pRCB->pDevice); // shouldn't be NULL
1536 
1537  if (bReAllocSkb == TRUE) {
1538  pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1539  // todo error handling
1540  if (pRCB->skb == NULL) {
1541  DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n");
1542  }else {
1543  pRCB->skb->dev = pDevice->dev;
1544  }
1545  }
1546  //
1547  // Insert the RCB back in the Recv free list
1548  //
1549  EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB);
1550  pDevice->NumRecvFreeList++;
1551 
1552 
1553  if ((pDevice->Flags & fMP_POST_READS) && MP_IS_READY(pDevice) &&
1554  (pDevice->bIsRxWorkItemQueued == FALSE) ) {
1555 
1556  pDevice->bIsRxWorkItemQueued = TRUE;
1557  tasklet_schedule(&pDevice->ReadWorkItem);
1558  }
1559  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1560 }
1561 
1562 
1563 void RXvMngWorkItem(void *Context)
1564 {
1565  PSDevice pDevice = (PSDevice) Context;
1566  PRCB pRCB=NULL;
1567  PSRxMgmtPacket pRxPacket;
1568  BOOL bReAllocSkb = FALSE;
1569 
1570  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n");
1571 
1572  spin_lock_irq(&pDevice->lock);
1573  while (pDevice->NumRecvMngList!=0)
1574  {
1575  pRCB = pDevice->FirstRecvMngList;
1576  pDevice->NumRecvMngList--;
1577  DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList);
1578  if(!pRCB){
1579  break;
1580  }
1581  ASSERT(pRCB);// cannot be NULL
1582  pRxPacket = &(pRCB->sMngPacket);
1583  vMgrRxManagePacket((void *) pDevice, &(pDevice->sMgmtObj), pRxPacket);
1584  pRCB->Ref--;
1585  if(pRCB->Ref == 0) {
1586  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList);
1587  RXvFreeRCB(pRCB, bReAllocSkb);
1588  } else {
1589  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n");
1590  }
1591  }
1592 
1593  pDevice->bIsRxMngWorkItemQueued = FALSE;
1594  spin_unlock_irq(&pDevice->lock);
1595 
1596 }
1597 
1598 
Generated on Thu Jan 10 2013 14:32:24 for Linux Kernel by   doxygen 1.8.2