drivers/staging/vt6655/dpc.c

   1 /*
   2  * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
   3  * All rights reserved.
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * File: dpc.c
  20  *
  21  * Purpose: handle dpc rx functions
  22  *
  23  * Author: Lyndon Chen
  24  *
  25  * Date: May 20, 2003
  26  *
  27  * Functions:
  28  *      device_receive_frame - Rcv 802.11 frame function
  29  *      s_bAPModeRxCtl- AP Rcv frame filer Ctl.
  30  *      s_bAPModeRxData- AP Rcv data frame handle
  31  *      s_bHandleRxEncryption- Rcv decrypted data via on-fly
  32  *      s_bHostWepRxEncryption- Rcv encrypted data via host
  33  *      s_byGetRateIdx- get rate index
  34  *      s_vGetDASA- get data offset
  35  *      s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
  36  *
  37  * Revision History:
  38  *
  39  */
  40
  41 #include "device.h"
  42 #include "rxtx.h"
  43 #include "tether.h"
  44 #include "card.h"
  45 #include "bssdb.h"
  46 #include "mac.h"
  47 #include "baseband.h"
  48 #include "michael.h"
  49 #include "tkip.h"
  50 #include "tcrc.h"
  51 #include "wctl.h"
  52 #include "wroute.h"
  53 #include "hostap.h"
  54 #include "rf.h"
  55 #include "iowpa.h"
  56 #include "aes_ccmp.h"
  57
  58 /*---------------------  Static Definitions -------------------------*/
  59
  60 /*---------------------  Static Classes  ----------------------------*/
  61
  62 /*---------------------  Static Variables  --------------------------*/
  63 //static int          msglevel                =MSG_LEVEL_DEBUG;
  64 static int msglevel = MSG_LEVEL_INFO;
  65
  66 const unsigned char acbyRxRate[MAX_RATE] =
  67 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
  68
  69 /*---------------------  Static Functions  --------------------------*/
  70
  71 /*---------------------  Static Definitions -------------------------*/
  72
  73 /*---------------------  Static Functions  --------------------------*/
  74
  75 static unsigned char s_byGetRateIdx(unsigned char byRate);
  76
  77 static void
  78 s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize,
  79            PSEthernetHeader psEthHeader);
  80
  81 static void
  82 s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr,
  83                       unsigned int cbPacketSize, bool bIsWEP, bool bExtIV,
  84                       unsigned int *pcbHeadSize);
  85
  86 static bool s_bAPModeRxCtl(
  87         PSDevice pDevice,
  88         unsigned char *pbyFrame,
  89         int      iSANodeIndex
  90 );
  91
  92 static bool s_bAPModeRxData(
  93         PSDevice pDevice,
  94         struct sk_buff *skb,
  95         unsigned int FrameSize,
  96         unsigned int cbHeaderOffset,
  97         int      iSANodeIndex,
  98         int      iDANodeIndex
  99 );
 100
 101 static bool s_bHandleRxEncryption(
 102         PSDevice     pDevice,
 103         unsigned char *pbyFrame,
 104         unsigned int FrameSize,
 105         unsigned char *pbyRsr,
 106         unsigned char *pbyNewRsr,
 107         PSKeyItem   *pKeyOut,
 108         bool *pbExtIV,
 109         unsigned short *pwRxTSC15_0,
 110         unsigned long *pdwRxTSC47_16
 111 );
 112
 113 static bool s_bHostWepRxEncryption(
 114
 115         PSDevice     pDevice,
 116         unsigned char *pbyFrame,
 117         unsigned int FrameSize,
 118         unsigned char *pbyRsr,
 119         bool bOnFly,
 120         PSKeyItem    pKey,
 121         unsigned char *pbyNewRsr,
 122         bool *pbExtIV,
 123         unsigned short *pwRxTSC15_0,
 124         unsigned long *pdwRxTSC47_16
 125
 126 );
 127
 128 /*---------------------  Export Variables  --------------------------*/
 129
 130 /*+
 131  *
 132  * Description:
 133  *    Translate Rcv 802.11 header to 802.3 header with Rx buffer
 134  *
 135  * Parameters:
 136  *  In:
 137  *      pDevice
 138  *      dwRxBufferAddr  - Address of Rcv Buffer
 139  *      cbPacketSize    - Rcv Packet size
 140  *      bIsWEP          - If Rcv with WEP
 141  *  Out:
 142  *      pcbHeaderSize   - 802.11 header size
 143  *
 144  * Return Value: None
 145  *
 146  -*/
 147 static void
 148 s_vProcessRxMACHeader(PSDevice pDevice, unsigned char *pbyRxBufferAddr,
 149                       unsigned int cbPacketSize, bool bIsWEP, bool bExtIV,
 150                       unsigned int *pcbHeadSize)
 151 {
 152         unsigned char *pbyRxBuffer;
 153         unsigned int cbHeaderSize = 0;
 154         unsigned short *pwType;
 155         PS802_11Header  pMACHeader;
 156         int             ii;
 157
 158         pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
 159
 160         s_vGetDASA((unsigned char *)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader);
 161
 162         if (bIsWEP) {
 163                 if (bExtIV) {
 164                         // strip IV&ExtIV , add 8 byte
 165                         cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8);
 166                 } else {
 167                         // strip IV , add 4 byte
 168                         cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4);
 169                 }
 170         } else {
 171                 cbHeaderSize += WLAN_HDR_ADDR3_LEN;
 172         };
 173
 174         pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize);
 175         if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) {
 176                 cbHeaderSize += 6;
 177         } else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) {
 178                 cbHeaderSize += 6;
 179                 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize);
 180                 if ((*pwType != TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) {
 181                 } else {
 182                         cbHeaderSize -= 8;
 183                         pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize);
 184                         if (bIsWEP) {
 185                                 if (bExtIV) {
 186                                         *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);    // 8 is IV&ExtIV
 187                                 } else {
 188                                         *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);    // 4 is IV
 189                                 }
 190                         } else {
 191                                 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
 192                         }
 193                 }
 194         } else {
 195                 cbHeaderSize -= 2;
 196                 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize);
 197                 if (bIsWEP) {
 198                         if (bExtIV) {
 199                                 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8);    // 8 is IV&ExtIV
 200                         } else {
 201                                 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4);    // 4 is IV
 202                         }
 203                 } else {
 204                         *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN);
 205                 }
 206         }
 207
 208         cbHeaderSize -= (ETH_ALEN * 2);
 209         pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize);
 210         for (ii = 0; ii < ETH_ALEN; ii++)
 211                 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii];
 212         for (ii = 0; ii < ETH_ALEN; ii++)
 213                 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii];
 214
 215         *pcbHeadSize = cbHeaderSize;
 216 }
 217
 218 static unsigned char s_byGetRateIdx(unsigned char byRate)
 219 {
 220         unsigned char byRateIdx;
 221
 222         for (byRateIdx = 0; byRateIdx < MAX_RATE; byRateIdx++) {
 223                 if (acbyRxRate[byRateIdx % MAX_RATE] == byRate)
 224                         return byRateIdx;
 225         }
 226         return 0;
 227 }
 228
 229 static void
 230 s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize,
 231            PSEthernetHeader psEthHeader)
 232 {
 233         unsigned int cbHeaderSize = 0;
 234         PS802_11Header  pMACHeader;
 235         int             ii;
 236
 237         pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize);
 238
 239         if ((pMACHeader->wFrameCtl & FC_TODS) == 0) {
 240                 if (pMACHeader->wFrameCtl & FC_FROMDS) {
 241                         for (ii = 0; ii < ETH_ALEN; ii++) {
 242                                 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
 243                                 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii];
 244                         }
 245                 } else {
 246                         // IBSS mode
 247                         for (ii = 0; ii < ETH_ALEN; ii++) {
 248                                 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii];
 249                                 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
 250                         }
 251                 }
 252         } else {
 253                 // Is AP mode..
 254                 if (pMACHeader->wFrameCtl & FC_FROMDS) {
 255                         for (ii = 0; ii < ETH_ALEN; ii++) {
 256                                 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
 257                                 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii];
 258                                 cbHeaderSize += 6;
 259                         }
 260                 } else {
 261                         for (ii = 0; ii < ETH_ALEN; ii++) {
 262                                 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii];
 263                                 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii];
 264                         }
 265                 }
 266         };
 267         *pcbHeaderSize = cbHeaderSize;
 268 }
 269
 270 //PLICE_DEBUG ->
 271
 272 void    MngWorkItem(void *Context)
 273 {
 274         PSRxMgmtPacket                  pRxMgmtPacket;
 275         PSDevice        pDevice =  (PSDevice) Context;
 276
 277         spin_lock_irq(&pDevice->lock);
 278         while (pDevice->rxManeQueue.packet_num != 0) {
 279                 pRxMgmtPacket =  DeQueue(pDevice);
 280                 vMgrRxManagePacket(pDevice, pDevice->pMgmt, pRxMgmtPacket);
 281         }
 282         spin_unlock_irq(&pDevice->lock);
 283 }
 284
 285 //PLICE_DEBUG<-
 286
 287 bool
 288 device_receive_frame(
 289         PSDevice pDevice,
 290         PSRxDesc pCurrRD
 291 )
 292 {
 293         PDEVICE_RD_INFO  pRDInfo = pCurrRD->pRDInfo;
 294         struct net_device_stats *pStats = &pDevice->stats;
 295         struct sk_buff *skb;
 296         PSMgmtObject    pMgmt = pDevice->pMgmt;
 297         PSRxMgmtPacket  pRxPacket = &(pDevice->pMgmt->sRxPacket);
 298         PS802_11Header  p802_11Header;
 299         unsigned char *pbyRsr;
 300         unsigned char *pbyNewRsr;
 301         unsigned char *pbyRSSI;
 302         PQWORD          pqwTSFTime;
 303         unsigned short *pwFrameSize;
 304         unsigned char *pbyFrame;
 305         bool bDeFragRx = false;
 306         bool bIsWEP = false;
 307         unsigned int cbHeaderOffset;
 308         unsigned int FrameSize;
 309         unsigned short wEtherType = 0;
 310         int             iSANodeIndex = -1;
 311         int             iDANodeIndex = -1;
 312         unsigned int ii;
 313         unsigned int cbIVOffset;
 314         bool bExtIV = false;
 315         unsigned char *pbyRxSts;
 316         unsigned char *pbyRxRate;
 317         unsigned char *pbySQ;
 318         unsigned int cbHeaderSize;
 319         PSKeyItem       pKey = NULL;
 320         unsigned short wRxTSC15_0 = 0;
 321         unsigned long dwRxTSC47_16 = 0;
 322         SKeyItem        STempKey;
 323         // 802.11h RPI
 324         unsigned long dwDuration = 0;
 325         long            ldBm = 0;
 326         long            ldBmThreshold = 0;
 327         PS802_11Header pMACHeader;
 328         bool bRxeapol_key = false;
 329
 330 //    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- device_receive_frame---\n");
 331
 332         skb = pRDInfo->skb;
 333
 334 //PLICE_DEBUG->
 335 #if 1
 336         pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma,
 337                          pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE);
 338 #endif
 339 //PLICE_DEBUG<-
 340         pwFrameSize = (unsigned short *)(skb->data + 2);
 341         FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount);
 342
 343         // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
 344         // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR
 345         if ((FrameSize > 2364) || (FrameSize <= 32)) {
 346                 // Frame Size error drop this packet.
 347                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 1 \n");
 348                 return false;
 349         }
 350
 351         pbyRxSts = (unsigned char *)(skb->data);
 352         pbyRxRate = (unsigned char *)(skb->data + 1);
 353         pbyRsr = (unsigned char *)(skb->data + FrameSize - 1);
 354         pbyRSSI = (unsigned char *)(skb->data + FrameSize - 2);
 355         pbyNewRsr = (unsigned char *)(skb->data + FrameSize - 3);
 356         pbySQ = (unsigned char *)(skb->data + FrameSize - 4);
 357         pqwTSFTime = (PQWORD)(skb->data + FrameSize - 12);
 358         pbyFrame = (unsigned char *)(skb->data + 4);
 359
 360         // get packet size
 361         FrameSize = cpu_to_le16(*pwFrameSize);
 362
 363         if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC
 364                 // Min: 14 bytes ACK
 365                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2 \n");
 366                 return false;
 367         }
 368 //PLICE_DEBUG->
 369 #if 1
 370         // update receive statistic counter
 371         STAvUpdateRDStatCounter(&pDevice->scStatistic,
 372                                 *pbyRsr,
 373                                 *pbyNewRsr,
 374                                 *pbyRxRate,
 375                                 pbyFrame,
 376                                 FrameSize);
 377
 378 #endif
 379
 380         pMACHeader = (PS802_11Header)((unsigned char *)(skb->data) + 8);
 381 //PLICE_DEBUG<-
 382         if (pDevice->bMeasureInProgress == true) {
 383                 if ((*pbyRsr & RSR_CRCOK) != 0) {
 384                         pDevice->byBasicMap |= 0x01;
 385                 }
 386                 dwDuration = (FrameSize << 4);
 387                 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE];
 388                 if (*pbyRxRate <= RATE_11M) {
 389                         if (*pbyRxSts & 0x01) {
 390                                 // long preamble
 391                                 dwDuration += 192;
 392                         } else {
 393                                 // short preamble
 394                                 dwDuration += 96;
 395                         }
 396                 } else {
 397                         dwDuration += 16;
 398                 }
 399                 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
 400                 ldBmThreshold = -57;
 401                 for (ii = 7; ii > 0;) {
 402                         if (ldBm > ldBmThreshold) {
 403                                 break;
 404                         }
 405                         ldBmThreshold -= 5;
 406                         ii--;
 407                 }
 408                 pDevice->dwRPIs[ii] += dwDuration;
 409                 return false;
 410         }
 411
 412         if (!is_multicast_ether_addr(pbyFrame)) {
 413                 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header)(skb->data + 4))) {
 414                         pDevice->s802_11Counter.FrameDuplicateCount++;
 415                         return false;
 416                 }
 417         }
 418
 419         // Use for TKIP MIC
 420         s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader);
 421
 422         // filter packet send from myself
 423         if (!compare_ether_addr((unsigned char *)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr))
 424                 return false;
 425
 426         if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) {
 427                 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
 428                         p802_11Header = (PS802_11Header)(pbyFrame);
 429                         // get SA NodeIndex
 430                         if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(p802_11Header->abyAddr2), &iSANodeIndex)) {
 431                                 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies;
 432                                 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0;
 433                         }
 434                 }
 435         }
 436
 437         if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 438                 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == true) {
 439                         return false;
 440                 }
 441         }
 442
 443         if (IS_FC_WEP(pbyFrame)) {
 444                 bool bRxDecryOK = false;
 445
 446                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx WEP pkt\n");
 447                 bIsWEP = true;
 448                 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) {
 449                         pKey = &STempKey;
 450                         pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite;
 451                         pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex;
 452                         pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength;
 453                         pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16;
 454                         pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0;
 455                         memcpy(pKey->abyKey,
 456                                &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0],
 457                                pKey->uKeyLength
 458 );
 459
 460                         bRxDecryOK = s_bHostWepRxEncryption(pDevice,
 461                                                             pbyFrame,
 462                                                             FrameSize,
 463                                                             pbyRsr,
 464                                                             pMgmt->sNodeDBTable[iSANodeIndex].bOnFly,
 465                                                             pKey,
 466                                                             pbyNewRsr,
 467                                                             &bExtIV,
 468                                                             &wRxTSC15_0,
 469                                                             &dwRxTSC47_16);
 470                 } else {
 471                         bRxDecryOK = s_bHandleRxEncryption(pDevice,
 472                                                            pbyFrame,
 473                                                            FrameSize,
 474                                                            pbyRsr,
 475                                                            pbyNewRsr,
 476                                                            &pKey,
 477                                                            &bExtIV,
 478                                                            &wRxTSC15_0,
 479                                                            &dwRxTSC47_16);
 480                 }
 481
 482                 if (bRxDecryOK) {
 483                         if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) {
 484                                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV Fail\n");
 485                                 if ((pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
 486                                     (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
 487                                     (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
 488                                     (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
 489                                     (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
 490                                         if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
 491                                                 pDevice->s802_11Counter.TKIPICVErrors++;
 492                                         } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) {
 493                                                 pDevice->s802_11Counter.CCMPDecryptErrors++;
 494                                         } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) {
 495 //                      pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
 496                                         }
 497                                 }
 498                                 return false;
 499                         }
 500                 } else {
 501                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "WEP Func Fail\n");
 502                         return false;
 503                 }
 504                 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP))
 505                         FrameSize -= 8;         // Message Integrity Code
 506                 else
 507                         FrameSize -= 4;         // 4 is ICV
 508         }
 509
 510         //
 511         // RX OK
 512         //
 513         //remove the CRC length
 514         FrameSize -= ETH_FCS_LEN;
 515
 516         if ((!(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address
 517             (IS_FRAGMENT_PKT((skb->data+4)))
 518 ) {
 519                 // defragment
 520                 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header)(skb->data+4), FrameSize, bIsWEP, bExtIV);
 521                 pDevice->s802_11Counter.ReceivedFragmentCount++;
 522                 if (bDeFragRx) {
 523                         // defrag complete
 524                         skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb;
 525                         FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength;
 526
 527                 } else {
 528                         return false;
 529                 }
 530         }
 531
 532 // Management & Control frame Handle
 533         if ((IS_TYPE_DATA((skb->data+4))) == false) {
 534                 // Handle Control & Manage Frame
 535
 536                 if (IS_TYPE_MGMT((skb->data+4))) {
 537                         unsigned char *pbyData1;
 538                         unsigned char *pbyData2;
 539
 540                         pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4);
 541                         pRxPacket->cbMPDULen = FrameSize;
 542                         pRxPacket->uRSSI = *pbyRSSI;
 543                         pRxPacket->bySQ = *pbySQ;
 544                         HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime));
 545                         LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime));
 546                         if (bIsWEP) {
 547                                 // strip IV
 548                                 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4);
 549                                 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4;
 550                                 for (ii = 0; ii < (FrameSize - 4); ii++) {
 551                                         *pbyData1 = *pbyData2;
 552                                         pbyData1++;
 553                                         pbyData2++;
 554                                 }
 555                         }
 556                         pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate);
 557                         pRxPacket->byRxChannel = (*pbyRxSts) >> 2;
 558 //PLICE_DEBUG->
 559 //EnQueue(pDevice,pRxPacket);
 560
 561 #ifdef  THREAD
 562                         EnQueue(pDevice, pRxPacket);
 563
 564                         //up(&pDevice->mlme_semaphore);
 565                         //Enque (pDevice->FirstRecvMngList,pDevice->LastRecvMngList,pMgmt);
 566 #else
 567
 568 #ifdef  TASK_LET
 569                         EnQueue(pDevice, pRxPacket);
 570                         tasklet_schedule(&pDevice->RxMngWorkItem);
 571 #else
 572                         vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket);
 573                         //tasklet_schedule(&pDevice->RxMngWorkItem);
 574 #endif
 575
 576 #endif
 577 //PLICE_DEBUG<-
 578                         //vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket);
 579                         // hostap Deamon handle 802.11 management
 580                         if (pDevice->bEnableHostapd) {
 581                                 skb->dev = pDevice->apdev;
 582                                 skb->data += 4;
 583                                 skb->tail += 4;
 584                                 skb_put(skb, FrameSize);
 585                                 skb_reset_mac_header(skb);
 586                                 skb->pkt_type = PACKET_OTHERHOST;
 587                                 skb->protocol = htons(ETH_P_802_2);
 588                                 memset(skb->cb, 0, sizeof(skb->cb));
 589                                 netif_rx(skb);
 590                                 return true;
 591                         }
 592                 } else {
 593                         // Control Frame
 594                 };
 595                 return false;
 596         } else {
 597                 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 598                         //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
 599                         if (!(*pbyRsr & RSR_BSSIDOK)) {
 600                                 if (bDeFragRx) {
 601                                         if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 602                                                 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
 603                                                         pDevice->dev->name);
 604                                         }
 605                                 }
 606                                 return false;
 607                         }
 608                 } else {
 609                         // discard DATA packet while not associate || BSSID error
 610                         if ((pDevice->bLinkPass == false) ||
 611                             !(*pbyRsr & RSR_BSSIDOK)) {
 612                                 if (bDeFragRx) {
 613                                         if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 614                                                 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
 615                                                         pDevice->dev->name);
 616                                         }
 617                                 }
 618                                 return false;
 619                         }
 620                         //mike add:station mode check eapol-key challenge--->
 621                         {
 622                                 unsigned char Protocol_Version;    //802.1x Authentication
 623                                 unsigned char Packet_Type;           //802.1x Authentication
 624                                 if (bIsWEP)
 625                                         cbIVOffset = 8;
 626                                 else
 627                                         cbIVOffset = 0;
 628                                 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) |
 629                                         skb->data[cbIVOffset + 8 + 24 + 6 + 1];
 630                                 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1];
 631                                 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1 + 1];
 632                                 if (wEtherType == ETH_P_PAE) {         //Protocol Type in LLC-Header
 633                                         if (((Protocol_Version == 1) || (Protocol_Version == 2)) &&
 634                                             (Packet_Type == 3)) {  //802.1x OR eapol-key challenge frame receive
 635                                                 bRxeapol_key = true;
 636                                         }
 637                                 }
 638                         }
 639                         //mike add:station mode check eapol-key challenge<---
 640                 }
 641         }
 642
 643 // Data frame Handle
 644
 645         if (pDevice->bEnablePSMode) {
 646                 if (IS_FC_MOREDATA((skb->data+4))) {
 647                         if (*pbyRsr & RSR_ADDROK) {
 648                                 //PSbSendPSPOLL((PSDevice)pDevice);
 649                         }
 650                 } else {
 651                         if (pDevice->pMgmt->bInTIMWake == true) {
 652                                 pDevice->pMgmt->bInTIMWake = false;
 653                         }
 654                 }
 655         }
 656
 657         // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
 658         if (pDevice->bDiversityEnable && (FrameSize > 50) &&
 659             (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) &&
 660             (pDevice->bLinkPass == true)) {
 661                 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0);
 662         }
 663
 664         if (pDevice->byLocalID != REV_ID_VT3253_B1) {
 665                 pDevice->uCurrRSSI = *pbyRSSI;
 666         }
 667         pDevice->byCurrSQ = *pbySQ;
 668
 669         if ((*pbyRSSI != 0) &&
 670             (pMgmt->pCurrBSS != NULL)) {
 671                 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
 672                 // Monitor if RSSI is too strong.
 673                 pMgmt->pCurrBSS->byRSSIStatCnt++;
 674                 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
 675                 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
 676                 for (ii = 0; ii < RSSI_STAT_COUNT; ii++) {
 677                         if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
 678                                 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
 679                         }
 680                 }
 681         }
 682
 683         // -----------------------------------------------
 684
 685         if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == true)) {
 686                 unsigned char abyMacHdr[24];
 687
 688                 // Only 802.1x packet incoming allowed
 689                 if (bIsWEP)
 690                         cbIVOffset = 8;
 691                 else
 692                         cbIVOffset = 0;
 693                 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) |
 694                         skb->data[cbIVOffset + 4 + 24 + 6 + 1];
 695
 696                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wEtherType = %04x \n", wEtherType);
 697                 if (wEtherType == ETH_P_PAE) {
 698                         skb->dev = pDevice->apdev;
 699
 700                         if (bIsWEP == true) {
 701                                 // strip IV header(8)
 702                                 memcpy(&abyMacHdr[0], (skb->data + 4), 24);
 703                                 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24);
 704                         }
 705                         skb->data +=  (cbIVOffset + 4);
 706                         skb->tail +=  (cbIVOffset + 4);
 707                         skb_put(skb, FrameSize);
 708                         skb_reset_mac_header(skb);
 709
 710                         skb->pkt_type = PACKET_OTHERHOST;
 711                         skb->protocol = htons(ETH_P_802_2);
 712                         memset(skb->cb, 0, sizeof(skb->cb));
 713                         netif_rx(skb);
 714                         return true;
 715
 716                 }
 717                 // check if 802.1x authorized
 718                 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED))
 719                         return false;
 720         }
 721
 722         if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
 723                 if (bIsWEP) {
 724                         FrameSize -= 8;  //MIC
 725                 }
 726         }
 727
 728         //--------------------------------------------------------------------------------
 729         // Soft MIC
 730         if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) {
 731                 if (bIsWEP) {
 732                         unsigned long *pdwMIC_L;
 733                         unsigned long *pdwMIC_R;
 734                         unsigned long dwMIC_Priority;
 735                         unsigned long dwMICKey0 = 0, dwMICKey1 = 0;
 736                         unsigned long dwLocalMIC_L = 0;
 737                         unsigned long dwLocalMIC_R = 0;
 738                         viawget_wpa_header *wpahdr;
 739
 740                         if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 741                                 dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[24]));
 742                                 dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[28]));
 743                         } else {
 744                                 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
 745                                         dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[16]));
 746                                         dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[20]));
 747                                 } else if ((pKey->dwKeyIndex & BIT28) == 0) {
 748                                         dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[16]));
 749                                         dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[20]));
 750                                 } else {
 751                                         dwMICKey0 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[24]));
 752                                         dwMICKey1 = cpu_to_le32(*(unsigned long *)(&pKey->abyKey[28]));
 753                                 }
 754                         }
 755
 756                         MIC_vInit(dwMICKey0, dwMICKey1);
 757                         MIC_vAppend((unsigned char *)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12);
 758                         dwMIC_Priority = 0;
 759                         MIC_vAppend((unsigned char *)&dwMIC_Priority, 4);
 760                         // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
 761                         MIC_vAppend((unsigned char *)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8),
 762                                     FrameSize - WLAN_HDR_ADDR3_LEN - 8);
 763                         MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R);
 764                         MIC_vUnInit();
 765
 766                         pdwMIC_L = (unsigned long *)(skb->data + 4 + FrameSize);
 767                         pdwMIC_R = (unsigned long *)(skb->data + 4 + FrameSize + 4);
 768                         //DBG_PRN_GRP12(("RxL: %lx, RxR: %lx\n", *pdwMIC_L, *pdwMIC_R));
 769                         //DBG_PRN_GRP12(("LocalL: %lx, LocalR: %lx\n", dwLocalMIC_L, dwLocalMIC_R));
 770                         //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dwMICKey0= %lx,dwMICKey1= %lx \n", dwMICKey0, dwMICKey1);
 771
 772                         if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) ||
 773                             (pDevice->bRxMICFail == true)) {
 774                                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "MIC comparison is fail!\n");
 775                                 pDevice->bRxMICFail = false;
 776                                 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
 777                                 pDevice->s802_11Counter.TKIPLocalMICFailures++;
 778                                 if (bDeFragRx) {
 779                                         if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 780                                                 DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
 781                                                         pDevice->dev->name);
 782                                         }
 783                                 }
 784                                 //2008-0409-07, <Add> by Einsn Liu
 785 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
 786                                 //send event to wpa_supplicant
 787                                 {
 788                                         union iwreq_data wrqu;
 789                                         struct iw_michaelmicfailure ev;
 790                                         int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits
 791                                         memset(&ev, 0, sizeof(ev));
 792                                         ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
 793                                         if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
 794                                             (pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
 795                                             (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
 796                                                 ev.flags |= IW_MICFAILURE_PAIRWISE;
 797                                         } else {
 798                                                 ev.flags |= IW_MICFAILURE_GROUP;
 799                                         }
 800
 801                                         ev.src_addr.sa_family = ARPHRD_ETHER;
 802                                         memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN);
 803                                         memset(&wrqu, 0, sizeof(wrqu));
 804                                         wrqu.data.length = sizeof(ev);
 805                                         wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
 806
 807                                 }
 808 #endif
 809
 810                                 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
 811                                         wpahdr = (viawget_wpa_header *)pDevice->skb->data;
 812                                         if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
 813                                             (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) &&
 814                                             (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) {
 815                                                 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
 816                                                 wpahdr->type = VIAWGET_PTK_MIC_MSG;
 817                                         } else {
 818                                                 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
 819                                                 wpahdr->type = VIAWGET_GTK_MIC_MSG;
 820                                         }
 821                                         wpahdr->resp_ie_len = 0;
 822                                         wpahdr->req_ie_len = 0;
 823                                         skb_put(pDevice->skb, sizeof(viawget_wpa_header));
 824                                         pDevice->skb->dev = pDevice->wpadev;
 825                                         skb_reset_mac_header(pDevice->skb);
 826                                         pDevice->skb->pkt_type = PACKET_HOST;
 827                                         pDevice->skb->protocol = htons(ETH_P_802_2);
 828                                         memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
 829                                         netif_rx(pDevice->skb);
 830                                         pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
 831                                 }
 832
 833                                 return false;
 834
 835                         }
 836                 }
 837         } //---end of SOFT MIC-----------------------------------------------------------------------
 838
 839         // ++++++++++ Reply Counter Check +++++++++++++
 840
 841         if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) ||
 842                                (pKey->byCipherSuite == KEY_CTL_CCMP))) {
 843                 if (bIsWEP) {
 844                         unsigned short wLocalTSC15_0 = 0;
 845                         unsigned long dwLocalTSC47_16 = 0;
 846                         unsigned long long       RSC = 0;
 847                         // endian issues
 848                         RSC = *((unsigned long long *)&(pKey->KeyRSC));
 849                         wLocalTSC15_0 = (unsigned short)RSC;
 850                         dwLocalTSC47_16 = (unsigned long)(RSC>>16);
 851
 852                         RSC = dwRxTSC47_16;
 853                         RSC <<= 16;
 854                         RSC += wRxTSC15_0;
 855                         memcpy(&(pKey->KeyRSC), &RSC,  sizeof(QWORD));
 856
 857                         if ((pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) &&
 858                             (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) {
 859                                 // check RSC
 860                                 if ((wRxTSC15_0 < wLocalTSC15_0) &&
 861                                     (dwRxTSC47_16 <= dwLocalTSC47_16) &&
 862                                     !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) {
 863                                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC is illegal~~!\n ");
 864                                         if (pKey->byCipherSuite == KEY_CTL_TKIP)
 865                                                 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
 866                                                 pDevice->s802_11Counter.TKIPReplays++;
 867                                         else
 868                                                 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
 869                                                 pDevice->s802_11Counter.CCMPReplays++;
 870
 871                                         if (bDeFragRx) {
 872                                                 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 873                                                         DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
 874                                                                 pDevice->dev->name);
 875                                                 }
 876                                         }
 877                                         return false;
 878                                 }
 879                         }
 880                 }
 881         } // ----- End of Reply Counter Check --------------------------
 882
 883         if ((pKey != NULL) && (bIsWEP)) {
 884 //      pDevice->s802_11Counter.DecryptSuccessCount.QuadPart++;
 885         }
 886
 887         s_vProcessRxMACHeader(pDevice, (unsigned char *)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset);
 888         FrameSize -= cbHeaderOffset;
 889         cbHeaderOffset += 4;        // 4 is Rcv buffer header
 890
 891         // Null data, framesize = 14
 892         if (FrameSize < 15)
 893                 return false;
 894
 895         if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
 896                 if (s_bAPModeRxData(pDevice,
 897                                     skb,
 898                                     FrameSize,
 899                                     cbHeaderOffset,
 900                                     iSANodeIndex,
 901                                     iDANodeIndex
 902 ) == false) {
 903                         if (bDeFragRx) {
 904                                 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 905                                         DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
 906                                                 pDevice->dev->name);
 907                                 }
 908                         }
 909                         return false;
 910                 }
 911         }
 912
 913         skb->data += cbHeaderOffset;
 914         skb->tail += cbHeaderOffset;
 915         skb_put(skb, FrameSize);
 916         skb->protocol = eth_type_trans(skb, skb->dev);
 917
 918         //drop frame not met IEEE 802.3
 919 /*
 920   if (pDevice->flags & DEVICE_FLAGS_VAL_PKT_LEN) {
 921   if ((skb->protocol==htons(ETH_P_802_3)) &&
 922   (skb->len!=htons(skb->mac.ethernet->h_proto))) {
 923   pStats->rx_length_errors++;
 924   pStats->rx_dropped++;
 925   if (bDeFragRx) {
 926   if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 927   DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n",
 928   pDevice->dev->name);
 929   }
 930   }
 931   return false;
 932   }
 933   }
 934 */
 935
 936         skb->ip_summed = CHECKSUM_NONE;
 937         pStats->rx_bytes += skb->len;
 938         pStats->rx_packets++;
 939         netif_rx(skb);
 940
 941         if (bDeFragRx) {
 942                 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) {
 943                         DBG_PRT(MSG_LEVEL_ERR, KERN_ERR "%s: can not alloc more frag bufs\n",
 944                                 pDevice->dev->name);
 945                 }
 946                 return false;
 947         }
 948
 949         return true;
 950 }
 951
 952 static bool s_bAPModeRxCtl(
 953         PSDevice pDevice,
 954         unsigned char *pbyFrame,
 955         int      iSANodeIndex
 956 )
 957 {
 958         PS802_11Header      p802_11Header;
 959         CMD_STATUS          Status;
 960         PSMgmtObject        pMgmt = pDevice->pMgmt;
 961
 962         if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) {
 963                 p802_11Header = (PS802_11Header)(pbyFrame);
 964                 if (!IS_TYPE_MGMT(pbyFrame)) {
 965                         // Data & PS-Poll packet
 966                         // check frame class
 967                         if (iSANodeIndex > 0) {
 968                                 // frame class 3 fliter & checking
 969                                 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) {
 970                                         // send deauth notification
 971                                         // reason = (6) class 2 received from nonauth sta
 972                                         vMgrDeAuthenBeginSta(pDevice,
 973                                                              pMgmt,
 974                                                              (unsigned char *)(p802_11Header->abyAddr2),
 975                                                              (WLAN_MGMT_REASON_CLASS2_NONAUTH),
 976                                                              &Status
 977 );
 978                                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n");
 979                                         return true;
 980                                 }
 981                                 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) {
 982                                         // send deassoc notification
 983                                         // reason = (7) class 3 received from nonassoc sta
 984                                         vMgrDisassocBeginSta(pDevice,
 985                                                              pMgmt,
 986                                                              (unsigned char *)(p802_11Header->abyAddr2),
 987                                                              (WLAN_MGMT_REASON_CLASS3_NONASSOC),
 988                                                              &Status
 989 );
 990                                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n");
 991                                         return true;
 992                                 }
 993
 994                                 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) {
 995                                         // delcare received ps-poll event
 996                                         if (IS_CTL_PSPOLL(pbyFrame)) {
 997                                                 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
 998                                                 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
 999                                                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n");
1000                                         } else {
1001                                                 // check Data PS state
1002                                                 // if PW bit off, send out all PS bufferring packets.
1003                                                 if (!IS_FC_POWERMGT(pbyFrame)) {
1004                                                         pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false;
1005                                                         pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
1006                                                         bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1007                                                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n");
1008                                                 }
1009                                         }
1010                                 } else {
1011                                         if (IS_FC_POWERMGT(pbyFrame)) {
1012                                                 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = true;
1013                                                 // Once if STA in PS state, enable multicast bufferring
1014                                                 pMgmt->sNodeDBTable[0].bPSEnable = true;
1015                                         } else {
1016                                                 // clear all pending PS frame.
1017                                                 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) {
1018                                                         pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false;
1019                                                         pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true;
1020                                                         bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL);
1021                                                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n");
1022
1023                                                 }
1024                                         }
1025                                 }
1026                         } else {
1027                                 vMgrDeAuthenBeginSta(pDevice,
1028                                                      pMgmt,
1029                                                      (unsigned char *)(p802_11Header->abyAddr2),
1030                                                      (WLAN_MGMT_REASON_CLASS2_NONAUTH),
1031                                                      &Status
1032 );
1033                                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n");
1034                                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%pM\n",
1035                                         p802_11Header->abyAddr3);
1036                                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%pM\n",
1037                                         p802_11Header->abyAddr2);
1038                                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%pM\n",
1039                                         p802_11Header->abyAddr1);
1040                                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl);
1041                                 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode));
1042                                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc:pDevice->byRxMode = %x\n", pDevice->byRxMode);
1043                                 return true;
1044                         }
1045                 }
1046         }
1047         return false;
1048 }
1049
1050 static bool s_bHandleRxEncryption(
1051         PSDevice     pDevice,
1052         unsigned char *pbyFrame,
1053         unsigned int FrameSize,
1054         unsigned char *pbyRsr,
1055         unsigned char *pbyNewRsr,
1056         PSKeyItem   *pKeyOut,
1057         bool *pbExtIV,
1058         unsigned short *pwRxTSC15_0,
1059         unsigned long *pdwRxTSC47_16
1060 )
1061 {
1062         unsigned int PayloadLen = FrameSize;
1063         unsigned char *pbyIV;
1064         unsigned char byKeyIdx;
1065         PSKeyItem       pKey = NULL;
1066         unsigned char byDecMode = KEY_CTL_WEP;
1067         PSMgmtObject    pMgmt = pDevice->pMgmt;
1068
1069         *pwRxTSC15_0 = 0;
1070         *pdwRxTSC47_16 = 0;
1071
1072         pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1073         if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) &&
1074             WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) {
1075                 pbyIV += 6;             // 6 is 802.11 address4
1076                 PayloadLen -= 6;
1077         }
1078         byKeyIdx = (*(pbyIV+3) & 0xc0);
1079         byKeyIdx >>= 6;
1080         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "\nKeyIdx: %d\n", byKeyIdx);
1081
1082         if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
1083             (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
1084             (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
1085             (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
1086             (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
1087                 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
1088                     (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) {
1089                         // unicast pkt use pairwise key
1090                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "unicast pkt\n");
1091                         if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == true) {
1092                                 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP)
1093                                         byDecMode = KEY_CTL_TKIP;
1094                                 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP)
1095                                         byDecMode = KEY_CTL_CCMP;
1096                         }
1097                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "unicast pkt: %d, %p\n", byDecMode, pKey);
1098                 } else {
1099                         // use group key
1100                         KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
1101                         if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1102                                 byDecMode = KEY_CTL_TKIP;
1103                         else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1104                                 byDecMode = KEY_CTL_CCMP;
1105                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
1106                 }
1107         }
1108         // our WEP only support Default Key
1109         if (pKey == NULL) {
1110                 // use default group key
1111                 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
1112                 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1113                         byDecMode = KEY_CTL_TKIP;
1114                 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1115                         byDecMode = KEY_CTL_CCMP;
1116         }
1117         *pKeyOut = pKey;
1118
1119         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1120
1121         if (pKey == NULL) {
1122                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "pKey == NULL\n");
1123                 if (byDecMode == KEY_CTL_WEP) {
1124 //            pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1125                 } else if (pDevice->bLinkPass == true) {
1126 //            pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1127                 }
1128                 return false;
1129         }
1130         if (byDecMode != pKey->byCipherSuite) {
1131                 if (byDecMode == KEY_CTL_WEP) {
1132 //            pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1133                 } else if (pDevice->bLinkPass == true) {
1134 //            pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1135                 }
1136                 *pKeyOut = NULL;
1137                 return false;
1138         }
1139         if (byDecMode == KEY_CTL_WEP) {
1140                 // handle WEP
1141                 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1142                     (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true)) {
1143                         // Software WEP
1144                         // 1. 3253A
1145                         // 2. WEP 256
1146
1147                         PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1148                         memcpy(pDevice->abyPRNG, pbyIV, 3);
1149                         memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1150                         rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1151                         rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1152
1153                         if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1154                                 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1155                         }
1156                 }
1157         } else if ((byDecMode == KEY_CTL_TKIP) ||
1158                    (byDecMode == KEY_CTL_CCMP)) {
1159                 // TKIP/AES
1160
1161                 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1162                 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4));
1163                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ExtIV: %lx\n", *pdwRxTSC47_16);
1164                 if (byDecMode == KEY_CTL_TKIP) {
1165                         *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV + 2), *pbyIV));
1166                 } else {
1167                         *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV);
1168                 }
1169                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC0_15: %x\n", *pwRxTSC15_0);
1170
1171                 if ((byDecMode == KEY_CTL_TKIP) &&
1172                     (pDevice->byLocalID <= REV_ID_VT3253_A1)) {
1173                         // Software TKIP
1174                         // 1. 3253 A
1175                         PS802_11Header  pMACHeader = (PS802_11Header)(pbyFrame);
1176                         TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1177                         rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1178                         rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1179                         if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1180                                 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1181                                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV OK!\n");
1182                         } else {
1183                                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV FAIL!!!\n");
1184                                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "PayloadLen = %d\n", PayloadLen);
1185                         }
1186                 }
1187         }// end of TKIP/AES
1188
1189         if ((*(pbyIV+3) & 0x20) != 0)
1190                 *pbExtIV = true;
1191         return true;
1192 }
1193
1194 static bool s_bHostWepRxEncryption(
1195         PSDevice     pDevice,
1196         unsigned char *pbyFrame,
1197         unsigned int FrameSize,
1198         unsigned char *pbyRsr,
1199         bool bOnFly,
1200         PSKeyItem    pKey,
1201         unsigned char *pbyNewRsr,
1202         bool *pbExtIV,
1203         unsigned short *pwRxTSC15_0,
1204         unsigned long *pdwRxTSC47_16
1205 )
1206 {
1207         unsigned int PayloadLen = FrameSize;
1208         unsigned char *pbyIV;
1209         unsigned char byKeyIdx;
1210         unsigned char byDecMode = KEY_CTL_WEP;
1211         PS802_11Header  pMACHeader;
1212
1213         *pwRxTSC15_0 = 0;
1214         *pdwRxTSC47_16 = 0;
1215
1216         pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
1217         if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) &&
1218             WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) {
1219                 pbyIV += 6;             // 6 is 802.11 address4
1220                 PayloadLen -= 6;
1221         }
1222         byKeyIdx = (*(pbyIV+3) & 0xc0);
1223         byKeyIdx >>= 6;
1224         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "\nKeyIdx: %d\n", byKeyIdx);
1225
1226         if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
1227                 byDecMode = KEY_CTL_TKIP;
1228         else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
1229                 byDecMode = KEY_CTL_CCMP;
1230
1231         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
1232
1233         if (byDecMode != pKey->byCipherSuite) {
1234                 if (byDecMode == KEY_CTL_WEP) {
1235 //            pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1236                 } else if (pDevice->bLinkPass == true) {
1237 //            pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1238                 }
1239                 return false;
1240         }
1241
1242         if (byDecMode == KEY_CTL_WEP) {
1243                 // handle WEP
1244                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "byDecMode == KEY_CTL_WEP \n");
1245                 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
1246                     (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true) ||
1247                     (bOnFly == false)) {
1248                         // Software WEP
1249                         // 1. 3253A
1250                         // 2. WEP 256
1251                         // 3. NotOnFly
1252
1253                         PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1254                         memcpy(pDevice->abyPRNG, pbyIV, 3);
1255                         memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
1256                         rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
1257                         rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
1258
1259                         if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
1260                                 *pbyNewRsr |= NEWRSR_DECRYPTOK;
1261                         }
1262                 }
1263         } else if ((byDecMode == KEY_CTL_TKIP) ||
1264                    (byDecMode == KEY_CTL_CCMP)) {
1265                 // TKIP/AES
1266
1267                 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1268                 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4));
1269                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ExtIV: %lx\n", *pdwRxTSC47_16);
1270
1271                 if (byDecMode == KEY_CTL_TKIP) {
1272                         *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
1273                 } else {
1274                         *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV);
1275                 }
1276                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "TSC0_15: %x\n", *pwRxTSC15_0);
1277
1278                 if (byDecMode == KEY_CTL_TKIP) {
1279                         if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == false)) {
1280                                 // Software TKIP
1281                                 // 1. 3253 A
1282                                 // 2. NotOnFly
1283                                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "soft KEY_CTL_TKIP \n");
1284                                 pMACHeader = (PS802_11Header)(pbyFrame);
1285                                 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
1286                                 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
1287                                 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
1288                                 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
1289                                         *pbyNewRsr |= NEWRSR_DECRYPTOK;
1290                                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV OK!\n");
1291                                 } else {
1292                                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ICV FAIL!!!\n");
1293                                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "PayloadLen = %d\n", PayloadLen);
1294                                 }
1295                         }
1296                 }
1297
1298                 if (byDecMode == KEY_CTL_CCMP) {
1299                         if (bOnFly == false) {
1300                                 // Software CCMP
1301                                 // NotOnFly
1302                                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "soft KEY_CTL_CCMP\n");
1303                                 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
1304                                         *pbyNewRsr |= NEWRSR_DECRYPTOK;
1305                                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "CCMP MIC compare OK!\n");
1306                                 } else {
1307                                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "CCMP MIC fail!\n");
1308                                 }
1309                         }
1310                 }
1311
1312         }// end of TKIP/AES
1313
1314         if ((*(pbyIV+3) & 0x20) != 0)
1315                 *pbExtIV = true;
1316         return true;
1317 }
1318
1319 static bool s_bAPModeRxData(
1320         PSDevice pDevice,
1321         struct sk_buff *skb,
1322         unsigned int FrameSize,
1323         unsigned int cbHeaderOffset,
1324         int      iSANodeIndex,
1325         int      iDANodeIndex
1326 )
1327 {
1328         PSMgmtObject        pMgmt = pDevice->pMgmt;
1329         bool bRelayAndForward = false;
1330         bool bRelayOnly = false;
1331         unsigned char byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1332         unsigned short wAID;
1333
1334         struct sk_buff *skbcpy = NULL;
1335
1336         if (FrameSize > CB_MAX_BUF_SIZE)
1337                 return false;
1338         // check DA
1339         if (is_multicast_ether_addr((unsigned char *)(skb->data+cbHeaderOffset))) {
1340                 if (pMgmt->sNodeDBTable[0].bPSEnable) {
1341                         skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
1342
1343                         // if any node in PS mode, buffer packet until DTIM.
1344                         if (skbcpy == NULL) {
1345                                 DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
1346                         } else {
1347                                 skbcpy->dev = pDevice->dev;
1348                                 skbcpy->len = FrameSize;
1349                                 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
1350                                 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
1351
1352                                 pMgmt->sNodeDBTable[0].wEnQueueCnt++;
1353                                 // set tx map
1354                                 pMgmt->abyPSTxMap[0] |= byMask[0];
1355                         }
1356                 } else {
1357                         bRelayAndForward = true;
1358                 }
1359         } else {
1360                 // check if relay
1361                 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
1362                         if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
1363                                 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
1364                                         // queue this skb until next PS tx, and then release.
1365
1366                                         skb->data += cbHeaderOffset;
1367                                         skb->tail += cbHeaderOffset;
1368                                         skb_put(skb, FrameSize);
1369                                         skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
1370                                         pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
1371                                         wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
1372                                         pMgmt->abyPSTxMap[wAID >> 3] |=  byMask[wAID & 7];
1373                                         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1374                                                 iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
1375                                         return true;
1376                                 } else {
1377                                         bRelayOnly = true;
1378                                 }
1379                         }
1380                 }
1381         }
1382
1383         if (bRelayOnly || bRelayAndForward) {
1384                 // relay this packet right now
1385                 if (bRelayAndForward)
1386                         iDANodeIndex = 0;
1387
1388                 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
1389                         ROUTEbRelay(pDevice, (unsigned char *)(skb->data + cbHeaderOffset), FrameSize, (unsigned int)iDANodeIndex);
1390                 }
1391
1392                 if (bRelayOnly)
1393                         return false;
1394         }
1395         // none associate, don't forward
1396         if (pDevice->uAssocCount == 0)
1397                 return false;
1398
1399         return true;
1400 }