--- a/ath/if_ath.c +++ b/ath/if_ath.c @@ -6457,6 +6457,7 @@ int type; u_int phyerr; u_int processed = 0, early_stop = 0; + u_int mic_fail = 0; DPRINTF(sc, ATH_DEBUG_RX_PROC, "invoked\n"); process_rx_again: @@ -6558,24 +6559,8 @@ } if (rs->rs_status & HAL_RXERR_MIC) { sc->sc_stats.ast_rx_badmic++; - /* - * Do minimal work required to hand off - * the 802.11 header for notification. - */ - /* XXX frag's and QoS frames */ - if (len >= sizeof (struct ieee80211_frame)) { - bus_dma_sync_single(sc->sc_bdev, - bf->bf_skbaddr, len, - BUS_DMA_FROMDEVICE); -#if 0 -/* XXX revalidate MIC, lookup ni to find VAP */ - ieee80211_notify_michael_failure(ic, - (struct ieee80211_frame *)skb->data, - sc->sc_splitmic ? - rs->rs_keyix - 32 : rs->rs_keyix - ); -#endif - } + mic_fail = 1; + goto rx_accept; } /* * Reject error frames if we have no vaps that @@ -6614,8 +6599,9 @@ /* * Finished monitor mode handling, now reject * error frames before passing to other vaps + * Ignore MIC failures here, as we need to recheck them */ - if (rs->rs_status != 0) { + if (rs->rs_status & ~(HAL_RXERR_MIC | HAL_RXERR_DECRYPT)) { ieee80211_dev_kfree_skb(&skb); goto rx_next; } @@ -6623,6 +6609,26 @@ /* remove the CRC */ skb_trim(skb, skb->len - IEEE80211_CRC_LEN); + if (mic_fail) { + /* Ignore control frames which are reported with mic error */ + if ((((struct ieee80211_frame *)skb->data)->i_fc[0] & + IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL) + goto drop_micfail; + + ni = ieee80211_find_rxnode(ic, (const struct ieee80211_frame_min *) skb->data); + + if (ni && ni->ni_table) { + ieee80211_check_mic(ni, skb); + ieee80211_unref_node(&ni); + } + +drop_micfail: + dev_kfree_skb_any(skb); + skb = NULL; + mic_fail = 0; + goto rx_next; + } + /* * From this point on we assume the frame is at least * as large as ieee80211_frame_min; verify that. @@ -6635,6 +6641,7 @@ goto rx_next; } + /* MIC failure. Drop the packet in any case */ /* * Normal receive. */ --- a/net80211/ieee80211_crypto_ccmp.c +++ b/net80211/ieee80211_crypto_ccmp.c @@ -73,7 +73,7 @@ static int ccmp_encap(struct ieee80211_key *, struct sk_buff *, u_int8_t); static int ccmp_decap(struct ieee80211_key *, struct sk_buff *, int); static int ccmp_enmic(struct ieee80211_key *, struct sk_buff *, int); -static int ccmp_demic(struct ieee80211_key *, struct sk_buff *, int); +static int ccmp_demic(struct ieee80211_key *, struct sk_buff *, int, int); static const struct ieee80211_cipher ccmp = { .ic_name = "AES-CCM", @@ -308,7 +308,7 @@ * Verify and strip MIC from the frame. */ static int -ccmp_demic(struct ieee80211_key *k, struct sk_buff *skb, int hdrlen) +ccmp_demic(struct ieee80211_key *k, struct sk_buff *skb, int hdrlen, int force) { return 1; } --- a/net80211/ieee80211_crypto.h +++ b/net80211/ieee80211_crypto.h @@ -145,7 +145,7 @@ int (*ic_encap)(struct ieee80211_key *, struct sk_buff *, u_int8_t); int (*ic_decap)(struct ieee80211_key *, struct sk_buff *, int); int (*ic_enmic)(struct ieee80211_key *, struct sk_buff *, int); - int (*ic_demic)(struct ieee80211_key *, struct sk_buff *, int); + int (*ic_demic)(struct ieee80211_key *, struct sk_buff *, int, int); }; extern const struct ieee80211_cipher ieee80211_cipher_none; @@ -163,10 +163,10 @@ */ static __inline int ieee80211_crypto_demic(struct ieee80211vap *vap, struct ieee80211_key *k, - struct sk_buff *skb, int hdrlen) + struct sk_buff *skb, int hdrlen, int force) { const struct ieee80211_cipher *cip = k->wk_cipher; - return (cip->ic_miclen > 0 ? cip->ic_demic(k, skb, hdrlen) : 1); + return (cip->ic_miclen > 0 ? cip->ic_demic(k, skb, hdrlen, force) : 1); } /* --- a/net80211/ieee80211_crypto_none.c +++ b/net80211/ieee80211_crypto_none.c @@ -52,7 +52,7 @@ static int none_encap(struct ieee80211_key *, struct sk_buff *, u_int8_t); static int none_decap(struct ieee80211_key *, struct sk_buff *, int); static int none_enmic(struct ieee80211_key *, struct sk_buff *, int); -static int none_demic(struct ieee80211_key *, struct sk_buff *, int); +static int none_demic(struct ieee80211_key *, struct sk_buff *, int, int); const struct ieee80211_cipher ieee80211_cipher_none = { .ic_name = "NONE", @@ -137,7 +137,7 @@ } static int -none_demic(struct ieee80211_key *k, struct sk_buff *skb, int hdrlen) +none_demic(struct ieee80211_key *k, struct sk_buff *skb, int hdrlen, int force) { struct ieee80211vap *vap = k->wk_private; --- a/net80211/ieee80211_crypto_tkip.c +++ b/net80211/ieee80211_crypto_tkip.c @@ -57,7 +57,7 @@ static int tkip_encap(struct ieee80211_key *, struct sk_buff *, u_int8_t); static int tkip_enmic(struct ieee80211_key *, struct sk_buff *, int); static int tkip_decap(struct ieee80211_key *, struct sk_buff *, int); -static int tkip_demic(struct ieee80211_key *, struct sk_buff *, int); +static int tkip_demic(struct ieee80211_key *, struct sk_buff *, int, int); static const struct ieee80211_cipher tkip = { .ic_name = "TKIP", @@ -339,7 +339,7 @@ * Verify and strip MIC from the frame. */ static int -tkip_demic(struct ieee80211_key *k, struct sk_buff *skb0, int hdrlen) +tkip_demic(struct ieee80211_key *k, struct sk_buff *skb0, int hdrlen, int force) { struct tkip_ctx *ctx = k->wk_private; struct sk_buff *skb; @@ -355,7 +355,7 @@ } wh = (struct ieee80211_frame *) skb0->data; /* NB: skb left pointing at last in chain */ - if (k->wk_flags & IEEE80211_KEY_SWMIC) { + if ((k->wk_flags & IEEE80211_KEY_SWMIC) || force) { struct ieee80211vap *vap = ctx->tc_vap; u8 mic[IEEE80211_WEP_MICLEN]; u8 mic0[IEEE80211_WEP_MICLEN]; --- a/net80211/ieee80211_crypto_wep.c +++ b/net80211/ieee80211_crypto_wep.c @@ -54,7 +54,7 @@ static int wep_encap(struct ieee80211_key *, struct sk_buff *, u_int8_t); static int wep_decap(struct ieee80211_key *, struct sk_buff *, int); static int wep_enmic(struct ieee80211_key *, struct sk_buff *, int); -static int wep_demic(struct ieee80211_key *, struct sk_buff *, int); +static int wep_demic(struct ieee80211_key *, struct sk_buff *, int, int); static const struct ieee80211_cipher wep = { .ic_name = "WEP", @@ -244,7 +244,7 @@ * Verify and strip MIC from the frame. */ static int -wep_demic(struct ieee80211_key *k, struct sk_buff *skb, int hdrlen) +wep_demic(struct ieee80211_key *k, struct sk_buff *skb, int hdrlen, int force) { return 1; } --- a/net80211/ieee80211_input.c +++ b/net80211/ieee80211_input.c @@ -669,7 +669,7 @@ * Next strip any MSDU crypto bits. */ if (key != NULL && - !ieee80211_crypto_demic(vap, key, skb, hdrspace)) { + !ieee80211_crypto_demic(vap, key, skb, hdrspace, 0)) { IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT, ni->ni_macaddr, "data", "%s", "demic error"); IEEE80211_NODE_STAT(ni, rx_demicfail); @@ -4293,6 +4293,47 @@ } #endif +/* + * Process a frame w/ hw detected MIC failure. + * The frame will be dropped in any case. + */ +void +ieee80211_check_mic(struct ieee80211_node *ni, struct sk_buff *skb) +{ + struct ieee80211vap *vap = ni->ni_vap; + + struct ieee80211_frame *wh; + struct ieee80211_key *key; + int hdrspace; + struct ieee80211com *ic = vap->iv_ic; + + if (skb->len < sizeof(struct ieee80211_frame_min)) { + IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_ANY, + ni->ni_macaddr, NULL, + "too short (1): len %u", skb->len); + vap->iv_stats.is_rx_tooshort++; + return; + } + + wh = (struct ieee80211_frame *)skb->data; + + hdrspace = ieee80211_hdrspace(ic, wh); + key = ieee80211_crypto_decap(ni, skb, hdrspace); + if (key == NULL) { + /* NB: stats+msgs handled in crypto_decap */ + IEEE80211_NODE_STAT(ni, rx_wepfail); + return; + } + + if (!ieee80211_crypto_demic(vap, key, skb, hdrspace, 1)) { + IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT, + ni->ni_macaddr, "data", "%s", "demic error"); + IEEE80211_NODE_STAT(ni, rx_demicfail); + } + return; +} +EXPORT_SYMBOL(ieee80211_check_mic); + #ifdef IEEE80211_DEBUG /* * Debugging support. --- a/net80211/ieee80211_proto.h +++ b/net80211/ieee80211_proto.h @@ -90,6 +90,7 @@ void ieee80211_set11gbasicrates(struct ieee80211_rateset *, enum ieee80211_phymode); enum ieee80211_phymode ieee80211_get11gbasicrates(struct ieee80211_rateset *); void ieee80211_send_pspoll(struct ieee80211_node *); +void ieee80211_check_mic(struct ieee80211_node *, struct sk_buff *); /* * Return the size of the 802.11 header for a management or data frame. --- a/net80211/ieee80211_linux.c +++ b/net80211/ieee80211_linux.c @@ -337,8 +337,8 @@ /* TODO: needed parameters: count, keyid, key type, src address, TSC */ snprintf(buf, sizeof(buf), "%s(keyid=%d %scast addr=" MAC_FMT ")", tag, k->wk_keyix, - IEEE80211_IS_MULTICAST(wh->i_addr1) ? "broad" : "uni", - MAC_ADDR(wh->i_addr1)); + IEEE80211_IS_MULTICAST(wh->i_addr2) ? "broad" : "uni", + MAC_ADDR(wh->i_addr2)); memset(&wrqu, 0, sizeof(wrqu)); wrqu.data.length = strlen(buf); wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); --- a/net80211/ieee80211_output.c +++ b/net80211/ieee80211_output.c @@ -1074,13 +1074,16 @@ cip = (struct ieee80211_cipher *) key->wk_cipher; ciphdrsize = cip->ic_header; tailsize += (cip->ic_trailer + cip->ic_miclen); + + /* add the 8 bytes MIC length */ + if (cip->ic_cipher == IEEE80211_CIPHER_TKIP) + pktlen += IEEE80211_WEP_MICLEN; } pdusize = vap->iv_fragthreshold - (hdrsize_nopad + ciphdrsize); fragcnt = *framecnt = - ((pktlen - (hdrsize_nopad + ciphdrsize)) / pdusize) + - (((pktlen - (hdrsize_nopad + ciphdrsize)) % - pdusize == 0) ? 0 : 1); + ((pktlen - hdrsize_nopad) / pdusize) + + (((pktlen - hdrsize_nopad) % pdusize == 0) ? 0 : 1); /* * Allocate sk_buff for each subsequent fragment; First fragment --- a/net80211/ieee80211_node.c +++ b/net80211/ieee80211_node.c @@ -2264,11 +2264,13 @@ /* From this point onwards we can no longer find the node, * so no more references are generated */ - ieee80211_remove_wds_addr(nt, ni->ni_macaddr); - ieee80211_del_wds_node(nt, ni); - IEEE80211_NODE_TABLE_LOCK_IRQ(nt); - node_table_leave_locked(nt, ni); - IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); + if (nt) { + ieee80211_remove_wds_addr(nt, ni->ni_macaddr); + ieee80211_del_wds_node(nt, ni); + IEEE80211_NODE_TABLE_LOCK_IRQ(nt); + node_table_leave_locked(nt, ni); + IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); + } /* * If node wasn't previously associated all d='n190' href='#n190'>190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 
The Netgear wgt634u uses a different format for storing the 
configuration. This patch is needed to read out the correct 
configuration. The cfe_env.c file uses a different method way to read 
out the configuration than the in kernel cfe config reader.

--- a/arch/mips/bcm47xx/Makefile
+++ b/arch/mips/bcm47xx/Makefile
@@ -5,3 +5,4 @@
 
 obj-y				+= irq.o nvram.o prom.o serial.o setup.o time.o sprom.o
 obj-y				+= board.o buttons.o leds.o workarounds.o
+obj-y				+= cfe_env.o
--- /dev/null
+++ b/arch/mips/bcm47xx/cfe_env.c
@@ -0,0 +1,228 @@
+/*
+ * CFE environment variable access
+ *
+ * Copyright 2001-2003, Broadcom Corporation
+ * Copyright 2006, Felix Fietkau <nbd@openwrt.org>
+ * 
+ * This program is free software; you can redistribute  it and/or modify it
+ * under  the terms of  the GNU General  Public License as published by the
+ * Free Software Foundation;  either version 2 of the  License, or (at your
+ * option) any later version.
+ */
+
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/string.h>
+#include <asm/io.h>
+#include <asm/uaccess.h>
+
+#define NVRAM_SIZE       (0x1ff0)
+static char _nvdata[NVRAM_SIZE];
+static char _valuestr[256];
+
+/*
+ * TLV types.  These codes are used in the "type-length-value"
+ * encoding of the items stored in the NVRAM device (flash or EEPROM)
+ *
+ * The layout of the flash/nvram is as follows:
+ *
+ * <type> <length> <data ...> <type> <length> <data ...> <type_end>
+ *
+ * The type code of "ENV_TLV_TYPE_END" marks the end of the list.
+ * The "length" field marks the length of the data section, not
+ * including the type and length fields.
+ *
+ * Environment variables are stored as follows:
+ *
+ * <type_env> <length> <flags> <name> = <value>
+ *
+ * If bit 0 (low bit) is set, the length is an 8-bit value.
+ * If bit 0 (low bit) is clear, the length is a 16-bit value
+ * 
+ * Bit 7 set indicates "user" TLVs.  In this case, bit 0 still
+ * indicates the size of the length field.  
+ *
+ * Flags are from the constants below:
+ *
+ */
+#define ENV_LENGTH_16BITS	0x00	/* for low bit */
+#define ENV_LENGTH_8BITS	0x01
+
+#define ENV_TYPE_USER		0x80
+
+#define ENV_CODE_SYS(n,l) (((n)<<1)|(l))
+#define ENV_CODE_USER(n,l) ((((n)<<1)|(l)) | ENV_TYPE_USER)
+
+/*
+ * The actual TLV types we support
+ */
+
+#define ENV_TLV_TYPE_END	0x00	
+#define ENV_TLV_TYPE_ENV	ENV_CODE_SYS(0,ENV_LENGTH_8BITS)
+
+/*
+ * Environment variable flags 
+ */
+
+#define ENV_FLG_NORMAL		0x00	/* normal read/write */
+#define ENV_FLG_BUILTIN		0x01	/* builtin - not stored in flash */
+#define ENV_FLG_READONLY	0x02	/* read-only - cannot be changed */
+
+#define ENV_FLG_MASK		0xFF	/* mask of attributes we keep */
+#define ENV_FLG_ADMIN		0x100	/* lets us internally override permissions */
+
+
+/*  *********************************************************************
+    *  _nvram_read(buffer,offset,length)
+    *  
+    *  Read data from the NVRAM device
+    *  
+    *  Input parameters: 
+    *  	   buffer - destination buffer
+    *  	   offset - offset of data to read
+    *  	   length - number of bytes to read
+    *  	   
+    *  Return value:
+    *  	   number of bytes read, or <0 if error occured
+    ********************************************************************* */
+static int
+_nvram_read(unsigned char *nv_buf, unsigned char *buffer, int offset, int length)
+{
+    int i;
+    if (offset > NVRAM_SIZE)
+	return -1; 
+
+    for ( i = 0; i < length; i++) {
+	buffer[i] = ((volatile unsigned char*)nv_buf)[offset + i];
+    }
+    return length;
+}
+
+
+static char*
+_strnchr(const char *dest,int c,size_t cnt)
+{
+	while (*dest && (cnt > 0)) {
+	if (*dest == c) return (char *) dest;
+	dest++;
+	cnt--;
+	}
+	return NULL;
+}
+
+
+
+/*
+ * Core support API: Externally visible.
+ */
+
+/*
+ * Get the value of an NVRAM variable
+ * @param	name	name of variable to get
+ * @return	value of variable or NULL if undefined
+ */
+
+char *cfe_env_get(unsigned char *nv_buf, const char *name)
+{
+    int size;
+    unsigned char *buffer;
+    unsigned char *ptr;
+    unsigned char *envval;
+    unsigned int reclen;
+    unsigned int rectype;
+    int offset;
+    int flg;
+    
+	if (!strcmp(name, "nvram_type"))
+		return "cfe";
+	
+    size = NVRAM_SIZE;
+    buffer = &_nvdata[0];
+
+    ptr = buffer;
+    offset = 0;
+
+    /* Read the record type and length */
+    if (_nvram_read(nv_buf, ptr,offset,1) != 1) {
+	goto error;
+    }
+    
+    while ((*ptr != ENV_TLV_TYPE_END)  && (size > 1)) {
+
+	/* Adjust pointer for TLV type */
+	rectype = *(ptr);
+	offset++;
+	size--;
+
+	/* 
+	 * Read the length.  It can be either 1 or 2 bytes
+	 * depending on the code 
+	 */
+	if (rectype & ENV_LENGTH_8BITS) {
+	    /* Read the record type and length - 8 bits */
+	    if (_nvram_read(nv_buf, ptr,offset,1) != 1) {
+		goto error;
+	    }
+	    reclen = *(ptr);
+	    size--;
+	    offset++;
+	}
+	else {
+	    /* Read the record type and length - 16 bits, MSB first */
+	    if (_nvram_read(nv_buf, ptr,offset,2) != 2) {
+		goto error;
+	    }
+	    reclen = (((unsigned int) *(ptr)) << 8) + (unsigned int) *(ptr+1);
+	    size -= 2;
+	    offset += 2;
+	}
+
+	if (reclen > size)
+	    break;	/* should not happen, bad NVRAM */
+
+	switch (rectype) {
+	    case ENV_TLV_TYPE_ENV:
+		/* Read the TLV data */
+		if (_nvram_read(nv_buf, ptr,offset,reclen) != reclen)
+		    goto error;
+		flg = *ptr++;
+		envval = (unsigned char *) _strnchr(ptr,'=',(reclen-1));
+		if (envval) {
+		    *envval++ = '\0';
+		    memcpy(_valuestr,envval,(reclen-1)-(envval-ptr));
+		    _valuestr[(reclen-1)-(envval-ptr)] = '\0';
+#if 0			
+		    printk(KERN_INFO "NVRAM:%s=%s\n", ptr, _valuestr);
+#endif
+		    if(!strcmp(ptr, name)){
+			return _valuestr;
+		    }
+		    if((strlen(ptr) > 1) && !strcmp(&ptr[1], name))
+			return _valuestr;
+		}
+		break;
+		
+	    default: 
+		/* Unknown TLV type, skip it. */
+		break;
+	    }
+
+	/*
+	 * Advance to next TLV 
+	 */
+		
+	size -= (int)reclen;
+	offset += reclen;
+
+	/* Read the next record type */
+	ptr = buffer;
+	if (_nvram_read(nv_buf, ptr,offset,1) != 1)
+	    goto error;
+	}
+
+error:
+    return NULL;
+
+}
+
--- a/arch/mips/bcm47xx/nvram.c
+++ b/arch/mips/bcm47xx/nvram.c
@@ -36,6 +36,8 @@ struct nvram_header {
 
 static char nvram_buf[NVRAM_SPACE];
 static const u32 nvram_sizes[] = {0x8000, 0xF000, 0x10000};
+static int cfe_env;
+extern char *cfe_env_get(char *nv_buf, const char *name);
 
 static u32 find_nvram_size(void __iomem *end)
 {
@@ -65,6 +67,26 @@ static int nvram_find_and_copy(void __io
 		return -EEXIST;
 	}
 
+	cfe_env = 0;
+
+	/* XXX: hack for supporting the CFE environment stuff on WGT634U */
+	if (lim >= 8 * 1024 * 1024) {
+		src = (u32 *) iobase + 8 * 1024 * 1024 - 0x2000;
+		dst = (u32 *) nvram_buf;
+
+		if ((*src & 0xff00ff) == 0x000001) {
+			printk("early_nvram_init: WGT634U NVRAM found.\n");
+
+			for (i = 0; i < 0x1ff0; i++) {
+				if (*src == 0xFFFFFFFF)
+					break;
+				*dst++ = *src++;
+			}
+			cfe_env = 1;
+			return 0;
+		}
+	}
+
 	/* TODO: when nvram is on nand flash check for bad blocks first. */
 	off = FLASH_MIN;
 	while (off <= lim) {
@@ -181,6 +203,13 @@ int bcm47xx_nvram_getenv(const char *nam
 			return err;
 	}
 
+	if (cfe_env) {
+		value = cfe_env_get(nvram_buf, name);
+		if (!value)
+			return -ENOENT;
+		return snprintf(val, val_len, "%s", value);
+	}
+
 	/* Look for name=value and return value */
 	var = &nvram_buf[sizeof(struct nvram_header)];
 	end = nvram_buf + sizeof(nvram_buf) - 2;
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-05 10:56:52 +0000