📄 dpc.c
字号:
return TRUE;
}
// check if 802.1x authorized
if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
return FALSE;
}
if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
if (bIsWEP) {
FrameSize -= 8; //MIC
}
}
//--------------------------------------------------------------------------------
// Soft MIC
if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
if (bIsWEP) {
PDWORD pdwMIC_L;
PDWORD pdwMIC_R;
DWORD dwMIC_Priority;
DWORD dwMICKey0 = 0, dwMICKey1 = 0;
DWORD dwLocalMIC_L = 0;
DWORD dwLocalMIC_R = 0;
viawget_wpa_header *wpahdr;
if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
}
else {
if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
} else if ((pKey->dwKeyIndex & BIT28) == 0) {
dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16]));
dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20]));
} else {
dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24]));
dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28]));
}
}
MIC_vInit(dwMICKey0, dwMICKey1);
MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
dwMIC_Priority = 0;
MIC_vAppend((PBYTE)&dwMIC_Priority, 4);
// 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
MIC_vAppend((PBYTE)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8),
FrameSize - WLAN_HDR_ADDR3_LEN - 8);
MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
MIC_vUnInit();
pdwMIC_L = (PDWORD)(skb->data + 4 + FrameSize);
pdwMIC_R = (PDWORD)(skb->data + 4 + FrameSize + 4);
//DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R));
//DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R));
//DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1);
if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
(pDevice->bRxMICFail == TRUE)) {
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n");
pDevice->bRxMICFail = FALSE;
//pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
pDevice->s802_11Counter.TKIPLocalMICFailures++;
if (bDeFragRx) {
if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
pDevice->dev->name);
}
}
if ((pDevice->bWPADevEnable) && (pDevice->skb != NULL)) {
wpahdr = (viawget_wpa_header *)pDevice->skb->data;
if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
(pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
//s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
wpahdr->type = VIAWGET_PTK_MIC_MSG;
} else {
//s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
wpahdr->type = VIAWGET_GTK_MIC_MSG;
}
wpahdr->resp_ie_len = 0;
wpahdr->req_ie_len = 0;
skb_put(pDevice->skb, sizeof(viawget_wpa_header));
pDevice->skb->dev = pDevice->wpadev;
pDevice->skb->mac.raw = pDevice->skb->data;
pDevice->skb->pkt_type = PACKET_HOST;
pDevice->skb->protocol = htons(ETH_P_802_2);
memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
netif_rx(pDevice->skb);
pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
};
return FALSE;
}
}
} //---end of SOFT MIC-----------------------------------------------------------------------
// ++++++++++ Reply Counter Check +++++++++++++
if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
(pKey->byCipherSuite == KEY_CTL_CCMP))) {
if (bIsWEP) {
WORD wLocalTSC15_0 = 0;
DWORD dwLocalTSC47_16 = 0;
ULONGLONG RSC = 0;
// endian issues
RSC = *((ULONGLONG *) &(pKey->KeyRSC));
wLocalTSC15_0 = (WORD) RSC;
dwLocalTSC47_16 = (DWORD) (RSC>>16);
RSC = dwRxTSC47_16;
RSC <<= 16;
RSC += wRxTSC15_0;
MEMvCopy(&(pKey->KeyRSC), &RSC, sizeof(QWORD));
if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
(pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
// check RSC
if ( (wRxTSC15_0 < wLocalTSC15_0) &&
(dwRxTSC47_16 <= dwLocalTSC47_16) &&
!((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n ");
if (pKey->byCipherSuite == KEY_CTL_TKIP)
//pDevice->s802_11Counter.TKIPReplays.QuadPart++;
pDevice->s802_11Counter.TKIPReplays++;
else
//pDevice->s802_11Counter.CCMPReplays.QuadPart++;
pDevice->s802_11Counter.CCMPReplays++;
if (bDeFragRx) {
if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
pDevice->dev->name);
}
}
return FALSE;
}
}
}
} // ----- End of Reply Counter Check --------------------------
if ((pKey != NULL) && (bIsWEP)) {
// pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++;
}
s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
FrameSize -= cbHeaderOffset;
cbHeaderOffset += 4; // 4 is Rcv buffer header
// Null data, framesize = 12
if (FrameSize < 12)
return FALSE;
if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
if (s_bAPModeRxData(pDevice,
skb,
FrameSize,
cbHeaderOffset,
iSANodeIndex,
iDANodeIndex
) == FALSE) {
if (bDeFragRx) {
if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
pDevice->dev->name);
}
}
return FALSE;
}
// if(pDevice->bRxMICFail == FALSE) {
// for (ii =0; ii < 100; ii++)
// printk(" %02x", *(skb->data + ii));
// printk("\n");
// }
}
#ifdef PRIVATE_OBJ
ref_skb_add_offset(skb->skb, cbHeaderOffset);
skb_put(skb->skb, FrameSize);
*(skb->protocol)=eth_type_trans(skb->skb, skb->dev);
#else
skb->data += cbHeaderOffset;
skb->tail += cbHeaderOffset;
skb_put(skb, FrameSize);
skb->protocol=eth_type_trans(skb, skb->dev);
#endif
//drop frame not met IEEE 802.3
/*
if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) {
#ifdef PRIVATE_OBJ
if ((*(skb->protocol)==htons(ETH_P_802_3)) &&
(*(skb->len)!=htons(skb->mac.ethernet->h_proto))) {
#else
if ((skb->protocol==htons(ETH_P_802_3)) &&
(skb->len!=htons(skb->mac.ethernet->h_proto))) {
#endif
pStats->rx_length_errors++;
pStats->rx_dropped++;
if (bDeFragRx) {
if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
pDevice->dev->name);
}
}
return FALSE;
}
}
*/
#ifdef PRIVATE_OBJ
*(skb->ip_summed)=CHECKSUM_NONE;
pStats->rx_bytes +=*(skb->len);
pStats->rx_packets++;
netif_rx(skb->skb);
#else
skb->ip_summed=CHECKSUM_NONE;
pStats->rx_bytes +=skb->len;
pStats->rx_packets++;
netif_rx(skb);
#endif
if (bDeFragRx) {
if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
DEVICE_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
pDevice->dev->name);
}
return FALSE;
}
return TRUE;
}
static BOOL s_bAPModeRxCtl (
IN PSDevice pDevice,
IN PBYTE pbyFrame,
IN INT iSANodeIndex
)
{
PS802_11Header p802_11Header;
CMD_STATUS Status;
PSMgmtObject pMgmt = pDevice->pMgmt;
if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
p802_11Header = (PS802_11Header) (pbyFrame);
if (!IS_TYPE_MGMT(pbyFrame)) {
// Data & PS-Poll packet
// check frame class
if (iSANodeIndex > 0) {
// frame class 3 fliter & checking
if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
// send deauth notification
// reason = (6) class 2 received from nonauth sta
vMgrDeAuthenBeginSta(pDevice,
pMgmt,
(PBYTE)(p802_11Header->abyAddr2),
(WLAN_MGMT_REASON_CLASS2_NONAUTH),
&Status
);
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
return TRUE;
};
if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
// send deassoc notification
// reason = (7) class 3 received from nonassoc sta
vMgrDisassocBeginSta(pDevice,
pMgmt,
(PBYTE)(p802_11Header->abyAddr2),
(WLAN_MGMT_REASON_CLASS3_NONASSOC),
&Status
);
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
return TRUE;
};
if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
// delcare received ps-poll event
if (IS_CTL_PSPOLL(pbyFrame)) {
pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
}
else {
// check Data PS state
// if PW bit off, send out all PS bufferring packets.
if (!IS_FC_POWERMGT(pbyFrame)) {
pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
}
}
}
else {
if (IS_FC_POWERMGT(pbyFrame)) {
pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE;
// Once if STA in PS state, enable multicast bufferring
pMgmt->sNodeDBTable[0].bPSEnable = TRUE;
}
else {
// clear all pending PS frame.
if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE;
pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE;
bScheduleCommand((HANDLE)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
}
}
}
}
else {
vMgrDeAuthenBeginSta(pDevice,
pMgmt,
(PBYTE)(p802_11Header->abyAddr2),
(WLAN_MGMT_REASON_CLASS2_NONAUTH),
&Status
);
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
p802_11Header->abyAddr3[0],
p802_11Header->abyAddr3[1],
p802_11Header->abyAddr3[2],
p802_11Header->abyAddr3[3],
p802_11Header->abyAddr3[4],
p802_11Header->abyAddr3[5]
);
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
p802_11Header->abyAddr2[0],
p802_11Header->abyAddr2[1],
p802_11Header->abyAddr2[2],
p802_11Header->abyAddr2[3],
p802_11Header->abyAddr2[4],
p802_11Header->abyAddr2[5]
);
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
p802_11Header->abyAddr1[0],
p802_11Header->abyAddr1[1],
p802_11Header->abyAddr1[2],
p802_11Header->abyAddr1[3],
p802_11Header->abyAddr1[4],
p802_11Header->abyAddr1[5]
);
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl );
VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode));
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode );
return TRUE;
}
}
}
return FALSE;
}
static BOOL s_bHandleRxEncryption (
IN PSDevice pDevice,
IN PBYTE pbyFrame,
IN UINT FrameSize,
IN PBYTE pbyRsr,
OUT PBYTE pbyNewRsr,
OUT PSKeyItem *pKeyOut,
OUT PBOOL pbExtIV,
OUT PWORD pwRxTSC15_0,
OUT PDWORD pdwRxTSC47_16
)
{
UINT PayloadLen = FrameSize;
PBYTE pbyIV;
BYTE byKeyIdx;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -