📄 dpc.c
字号:
if (bIsWEP) { FrameSize -= 8; //MIC } } //-------------------------------------------------------------------------------- // Soft MIC if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { if (bIsWEP) { PDWORD pdwMIC_L; PDWORD pdwMIC_R; DWORD dwMIC_Priority; DWORD dwMICKey0 = 0, dwMICKey1 = 0; DWORD dwLocalMIC_L = 0; DWORD dwLocalMIC_R = 0; viawget_wpa_header *wpahdr; if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); } else { if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); } else if ((pKey->dwKeyIndex & BIT28) == 0) { dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); } else { dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); } } MIC_vInit(dwMICKey0, dwMICKey1); MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); dwMIC_Priority = 0; MIC_vAppend((PBYTE)&dwMIC_Priority, 4); // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8), FrameSize - WLAN_HDR_ADDR3_LEN - 8); MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); MIC_vUnInit(); pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize); pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4); if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || (pDevice->bRxMICFail == TRUE)) { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n"); pDevice->bRxMICFail = FALSE; //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; pDevice->s802_11Counter.TKIPLocalMICFailures++; if (bDeFragRx) { if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", pDevice->dev->name); } } //2008-0409-07, <Add> by Einsn Liu #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT //send event to wpa_supplicant //if(pDevice->bWPASuppWextEnabled == TRUE) { union iwreq_data wrqu; struct iw_michaelmicfailure ev; int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits memset(&ev, 0, sizeof(ev)); ev.flags = keyidx & IW_MICFAILURE_KEY_ID; if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && (pMgmt->eCurrState == WMAC_STATE_ASSOC) && (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { ev.flags |= IW_MICFAILURE_PAIRWISE; } else { ev.flags |= IW_MICFAILURE_GROUP; } ev.src_addr.sa_family = ARPHRD_ETHER; memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); memset(&wrqu, 0, sizeof(wrqu)); wrqu.data.length = sizeof(ev); printk("wireless_send_event--->IWEVMICHAELMICFAILURE\n"); wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); } #endif if ((pDevice->bWPADevEnable) && (pDevice->skb != NULL)) { wpahdr = (viawget_wpa_header *)pDevice->skb->data; if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && (pMgmt->eCurrState == WMAC_STATE_ASSOC) && (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR; wpahdr->type = VIAWGET_PTK_MIC_MSG; } else { //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR; wpahdr->type = VIAWGET_GTK_MIC_MSG; } wpahdr->resp_ie_len = 0; wpahdr->req_ie_len = 0; skb_put(pDevice->skb, sizeof(viawget_wpa_header)); pDevice->skb->dev = pDevice->wpadev;//2008-4-3 modify by Chester for wpa #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) pDevice->skb->mac_header = pDevice->skb->data;#else pDevice->skb->mac.raw = pDevice->skb->data;#endif pDevice->skb->pkt_type = PACKET_HOST; pDevice->skb->protocol = htons(ETH_P_802_2); memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); netif_rx(pDevice->skb); pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); }; return FALSE; } } } //---end of SOFT MIC----------------------------------------------------------------------- // ++++++++++ Reply Counter Check +++++++++++++ if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || (pKey->byCipherSuite == KEY_CTL_CCMP))) { if (bIsWEP) { WORD wLocalTSC15_0 = 0; DWORD dwLocalTSC47_16 = 0; ULONGLONG RSC = 0; // endian issues RSC = *((ULONGLONG *) &(pKey->KeyRSC)); wLocalTSC15_0 = (WORD) RSC; dwLocalTSC47_16 = (DWORD) (RSC>>16); RSC = dwRxTSC47_16; RSC <<= 16; RSC += wRxTSC15_0; MEMvCopy(&(pKey->KeyRSC), &RSC, sizeof(QWORD)); if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { // check RSC if ( (wRxTSC15_0 < wLocalTSC15_0) && (dwRxTSC47_16 <= dwLocalTSC47_16) && !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n "); if (pKey->byCipherSuite == KEY_CTL_TKIP) //pDevice->s802_11Counter.TKIPReplays.QuadPart++; pDevice->s802_11Counter.TKIPReplays++; else //pDevice->s802_11Counter.CCMPReplays.QuadPart++; pDevice->s802_11Counter.CCMPReplays++; if (bDeFragRx) { if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", pDevice->dev->name); } } return FALSE; } } } } // ----- End of Reply Counter Check -------------------------- s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); FrameSize -= cbHeaderOffset; cbHeaderOffset += 8; // 8 is Rcv buffer header // Null data, framesize = 12 if (FrameSize < 12) return FALSE; if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { if (s_bAPModeRxData(pDevice, skb, FrameSize, cbHeaderOffset, iSANodeIndex, iDANodeIndex ) == FALSE) { if (bDeFragRx) { if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", pDevice->dev->name); } } return FALSE; } } skb->data += cbHeaderOffset; skb->tail += cbHeaderOffset; skb_put(skb, FrameSize); skb->protocol=eth_type_trans(skb, skb->dev); skb->ip_summed=CHECKSUM_NONE; pStats->rx_bytes +=skb->len; pStats->rx_packets++; netif_rx(skb); if (bDeFragRx) { if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", pDevice->dev->name); } return FALSE; } return TRUE;}static BOOL s_bAPModeRxCtl ( IN PSDevice pDevice, IN PBYTE pbyFrame, IN INT iSANodeIndex ){ PS802_11Header p802_11Header; CMD_STATUS Status; PSMgmtObject pMgmt = &(pDevice->sMgmtObj); if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { p802_11Header = (PS802_11Header) (pbyFrame); if (!IS_TYPE_MGMT(pbyFrame)) { // Data & PS-Poll packet // check frame class if (iSANodeIndex > 0) { // frame class 3 fliter & checking if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { // send deauth notification // reason = (6) class 2 received from nonauth sta vMgrDeAuthenBeginSta(pDevice, pMgmt, (PBYTE)(p802_11Header->abyAddr2), (WLAN_MGMT_REASON_CLASS2_NONAUTH), &Status ); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); return TRUE; }; if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { // send deassoc notification // reason = (7) class 3 received from nonassoc sta vMgrDisassocBeginSta(pDevice, pMgmt, (PBYTE)(p802_11Header->abyAddr2), (WLAN_MGMT_REASON_CLASS3_NONASSOC), &Status ); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); return TRUE; }; if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { // delcare received ps-poll event if (IS_CTL_PSPOLL(pbyFrame)) { pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); } else { // check Data PS state // if PW bit off, send out all PS bufferring packets. if (!IS_FC_POWERMGT(pbyFrame)) { pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); } } } else { if (IS_FC_POWERMGT(pbyFrame)) { pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE; // Once if STA in PS state, enable multicast bufferring pMgmt->sNodeDBTable[0].bPSEnable = TRUE; } else { // clear all pending PS frame. if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); } } } } else { vMgrDeAuthenBeginSta(pDevice, pMgmt, (PBYTE)(p802_11Header->abyAddr2), (WLAN_MGMT_REASON_CLASS2_NONAUTH), &Status ); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n", p802_11Header->abyAddr3[0], p802_11Header->abyAddr3[1], p802_11Header->abyAddr3[2], p802_11Header->abyAddr3[3], p802_11Header->abyAddr3[4], p802_11Header->abyAddr3[5] ); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n", p802_11Header->abyAddr2[0], p802_11Header->abyAddr2[1], p802_11Header->abyAddr2[2], p802_11Header->abyAddr2[3], p802_11Header->abyAddr2[4], p802_11Header->abyAddr2[5] ); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n", p802_11Header->abyAddr1[0], p802_11Header->abyAddr1[1], p802_11Header->abyAddr1[2], p802_11Header->abyAddr1[3], p802_11Header->abyAddr1[4], p802_11Header->abyAddr1[5] ); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl ); return TRUE; } } } return FALSE; }static BOOL s_bHandleRxEncryption ( IN PSDevice pDevice, IN PBYTE pbyFrame, IN UINT FrameSize, IN PBYTE pbyRsr, OUT PBYTE pbyNewRsr, OUT PSKeyItem *pKeyOut, OUT PBOOL pbExtIV, OUT PWORD pwRxTSC15_0, OUT PDWORD pdwRxTSC47_16 ){ UINT PayloadLen = FrameSize; PBYTE pbyIV; BYTE byKeyIdx; PSKeyItem pKey = NULL; BYTE byDecMode = KEY_CTL_WEP; PSMgmtObject pMgmt = &(pDevice->sMgmtObj); *pwRxTSC15_0 = 0; *pdwRxTSC47_16 = 0; pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { pbyIV += 6; // 6 is 802.11 address4 PayloadLen -= 6; } byKeyIdx = (*(pbyIV+3) & 0xc0); byKeyIdx >>= 6; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && (pMgmt->byCSSPK != KEY_CTL_NONE)) { // unicast pkt use pairwise key DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n"); if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) { if (pMgmt->byCSSPK == KEY_CTL_TKIP) byDecMode = KEY_CTL_TKIP; else if (pMgmt->byCSSPK == KEY_CTL_CCMP) byDecMode = KEY_CTL_CCMP; } DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey); } else { // use group key KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); if (pMgmt->byCSSGK == KEY_CTL_TKIP) byDecMode = KEY_CTL_TKIP; else if (pMgmt->byCSSGK == KEY_CTL_CCMP) byDecMode = KEY_CTL_CCMP; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); } } // our WEP only support Default Key if (pKey == NULL) { // use default group key KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); if (pMgmt->byCSSGK == KEY_CTL_TKIP) byDecMode = KEY_CTL_TKIP; else if (pMgmt->byCSSGK == KEY_CTL_CCMP) byDecMode = KEY_CTL_CCMP; } *pKeyOut = pKey;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -