Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
wmgr.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
3  * All rights reserved.
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 2 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License along
16  * with this program; if not, write to the Free Software Foundation, Inc.,
17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18  *
19  *
20  * File: wmgr.c
21  *
22  * Purpose: Handles the 802.11 management functions
23  *
24  * Author: Lyndon Chen
25  *
26  * Date: May 8, 2002
27  *
28  * Functions:
29  * nsMgrObjectInitial - Initialize Management Objet data structure
30  * vMgrObjectReset - Reset Management Object data structure
31  * vMgrAssocBeginSta - Start associate function
32  * vMgrReAssocBeginSta - Start reassociate function
33  * vMgrDisassocBeginSta - Start disassociate function
34  * s_vMgrRxAssocRequest - Handle Rcv associate_request
35  * s_vMgrRxAssocResponse - Handle Rcv associate_response
36  * vMrgAuthenBeginSta - Start authentication function
37  * vMgrDeAuthenDeginSta - Start deauthentication function
38  * s_vMgrRxAuthentication - Handle Rcv authentication
39  * s_vMgrRxAuthenSequence_1 - Handle Rcv authentication sequence 1
40  * s_vMgrRxAuthenSequence_2 - Handle Rcv authentication sequence 2
41  * s_vMgrRxAuthenSequence_3 - Handle Rcv authentication sequence 3
42  * s_vMgrRxAuthenSequence_4 - Handle Rcv authentication sequence 4
43  * s_vMgrRxDisassociation - Handle Rcv disassociation
44  * s_vMgrRxBeacon - Handle Rcv Beacon
45  * vMgrCreateOwnIBSS - Create ad_hoc IBSS or AP BSS
46  * vMgrJoinBSSBegin - Join BSS function
47  * s_vMgrSynchBSS - Synch & adopt BSS parameters
48  * s_MgrMakeBeacon - Create Baecon frame
49  * s_MgrMakeProbeResponse - Create Probe Response frame
50  * s_MgrMakeAssocRequest - Create Associate Request frame
51  * s_MgrMakeReAssocRequest - Create ReAssociate Request frame
52  * s_vMgrRxProbeResponse - Handle Rcv probe_response
53  * s_vMrgRxProbeRequest - Handle Rcv probe_request
54  * bMgrPrepareBeaconToSend - Prepare Beacon frame
55  * s_vMgrLogStatus - Log 802.11 Status
56  * vMgrRxManagePacket - Rcv management frame dispatch function
57  * s_vMgrFormatTIM- Assembler TIM field of beacon
58  * vMgrTimerInit- Initial 1-sec and command call back funtions
59  *
60  * Revision History:
61  *
62  */
63 
64 #include "tmacro.h"
65 #include "desc.h"
66 #include "device.h"
67 #include "card.h"
68 #include "80211hdr.h"
69 #include "80211mgr.h"
70 #include "wmgr.h"
71 #include "wcmd.h"
72 #include "mac.h"
73 #include "bssdb.h"
74 #include "power.h"
75 #include "datarate.h"
76 #include "baseband.h"
77 #include "rxtx.h"
78 #include "wpa.h"
79 #include "rf.h"
80 #include "iowpa.h"
81 #include "control.h"
82 #include "rndis.h"
83 
84 /*--------------------- Static Definitions -------------------------*/
85 
86 
87 
88 /*--------------------- Static Classes ----------------------------*/
89 
90 /*--------------------- Static Variables --------------------------*/
91 static int msglevel =MSG_LEVEL_INFO;
92 //static int msglevel =MSG_LEVEL_DEBUG;
93 
94 /*--------------------- Static Functions --------------------------*/
95 
96 static BOOL ChannelExceedZoneType(
97  PSDevice pDevice,
99  );
100 
101 // Association/diassociation functions
102 static
104 s_MgrMakeAssocRequest(
105  PSDevice pDevice,
106  PSMgmtObject pMgmt,
107  PBYTE pDAddr,
108  WORD wCurrCapInfo,
109  WORD wListenInterval,
110  PWLAN_IE_SSID pCurrSSID,
111  PWLAN_IE_SUPP_RATES pCurrRates,
112  PWLAN_IE_SUPP_RATES pCurrExtSuppRates
113  );
114 
115 static
116 void
117 s_vMgrRxAssocRequest(
118  PSDevice pDevice,
119  PSMgmtObject pMgmt,
120  PSRxMgmtPacket pRxPacket,
121  unsigned int uNodeIndex
122  );
123 
124 static
126 s_MgrMakeReAssocRequest(
127  PSDevice pDevice,
128  PSMgmtObject pMgmt,
129  PBYTE pDAddr,
130  WORD wCurrCapInfo,
131  WORD wListenInterval,
132  PWLAN_IE_SSID pCurrSSID,
133  PWLAN_IE_SUPP_RATES pCurrRates,
134  PWLAN_IE_SUPP_RATES pCurrExtSuppRates
135  );
136 
137 static
138 void
139 s_vMgrRxAssocResponse(
140  PSDevice pDevice,
141  PSMgmtObject pMgmt,
142  PSRxMgmtPacket pRxPacket,
143  BOOL bReAssocType
144  );
145 
146 static
147 void
148 s_vMgrRxDisassociation(
149  PSDevice pDevice,
150  PSMgmtObject pMgmt,
151  PSRxMgmtPacket pRxPacket
152  );
153 
154 // Authentication/deauthen functions
155 static
156 void
157 s_vMgrRxAuthenSequence_1(
158  PSDevice pDevice,
159  PSMgmtObject pMgmt,
160  PWLAN_FR_AUTHEN pFrame
161  );
162 
163 static
164 void
165 s_vMgrRxAuthenSequence_2(
166  PSDevice pDevice,
167  PSMgmtObject pMgmt,
168  PWLAN_FR_AUTHEN pFrame
169  );
170 
171 static
172 void
173 s_vMgrRxAuthenSequence_3(
174  PSDevice pDevice,
175  PSMgmtObject pMgmt,
176  PWLAN_FR_AUTHEN pFrame
177  );
178 
179 static
180 void
181 s_vMgrRxAuthenSequence_4(
182  PSDevice pDevice,
183  PSMgmtObject pMgmt,
184  PWLAN_FR_AUTHEN pFrame
185  );
186 
187 static
188 void
189 s_vMgrRxAuthentication(
190  PSDevice pDevice,
191  PSMgmtObject pMgmt,
192  PSRxMgmtPacket pRxPacket
193  );
194 
195 static
196 void
197 s_vMgrRxDeauthentication(
198  PSDevice pDevice,
199  PSMgmtObject pMgmt,
200  PSRxMgmtPacket pRxPacket
201  );
202 
203 // Scan functions
204 // probe request/response functions
205 static
206 void
207 s_vMgrRxProbeRequest(
208  PSDevice pDevice,
209  PSMgmtObject pMgmt,
210  PSRxMgmtPacket pRxPacket
211  );
212 
213 static
214 void
215 s_vMgrRxProbeResponse(
216  PSDevice pDevice,
217  PSMgmtObject pMgmt,
218  PSRxMgmtPacket pRxPacket
219  );
220 
221 // beacon functions
222 static
223 void
224 s_vMgrRxBeacon(
225  PSDevice pDevice,
226  PSMgmtObject pMgmt,
227  PSRxMgmtPacket pRxPacket,
228  BOOL bInScan
229  );
230 
231 static
232 void
233 s_vMgrFormatTIM(
234  PSMgmtObject pMgmt,
235  PWLAN_IE_TIM pTIM
236  );
237 
238 static
240 s_MgrMakeBeacon(
241  PSDevice pDevice,
242  PSMgmtObject pMgmt,
243  WORD wCurrCapInfo,
244  WORD wCurrBeaconPeriod,
245  unsigned int uCurrChannel,
246  WORD wCurrATIMWinodw,
247  PWLAN_IE_SSID pCurrSSID,
248  PBYTE pCurrBSSID,
249  PWLAN_IE_SUPP_RATES pCurrSuppRates,
250  PWLAN_IE_SUPP_RATES pCurrExtSuppRates
251  );
252 
253 
254 // Association response
255 static
257 s_MgrMakeAssocResponse(
258  PSDevice pDevice,
259  PSMgmtObject pMgmt,
260  WORD wCurrCapInfo,
261  WORD wAssocStatus,
262  WORD wAssocAID,
263  PBYTE pDstAddr,
264  PWLAN_IE_SUPP_RATES pCurrSuppRates,
265  PWLAN_IE_SUPP_RATES pCurrExtSuppRates
266  );
267 
268 // ReAssociation response
269 static
271 s_MgrMakeReAssocResponse(
272  PSDevice pDevice,
273  PSMgmtObject pMgmt,
274  WORD wCurrCapInfo,
275  WORD wAssocStatus,
276  WORD wAssocAID,
277  PBYTE pDstAddr,
278  PWLAN_IE_SUPP_RATES pCurrSuppRates,
279  PWLAN_IE_SUPP_RATES pCurrExtSuppRates
280  );
281 
282 // Probe response
283 static
285 s_MgrMakeProbeResponse(
286  PSDevice pDevice,
287  PSMgmtObject pMgmt,
288  WORD wCurrCapInfo,
289  WORD wCurrBeaconPeriod,
290  unsigned int uCurrChannel,
291  WORD wCurrATIMWinodw,
292  PBYTE pDstAddr,
293  PWLAN_IE_SSID pCurrSSID,
294  PBYTE pCurrBSSID,
295  PWLAN_IE_SUPP_RATES pCurrSuppRates,
296  PWLAN_IE_SUPP_RATES pCurrExtSuppRates,
297  BYTE byPHYType
298  );
299 
300 // received status
301 static
302 void
303 s_vMgrLogStatus(
304  PSMgmtObject pMgmt,
305  WORD wStatus
306  );
307 
308 
309 static
310 void
311 s_vMgrSynchBSS (
312  PSDevice pDevice,
313  unsigned int uBSSMode,
314  PKnownBSS pCurr,
315  PCMD_STATUS pStatus
316  );
317 
318 
319 static BOOL
320 s_bCipherMatch (
321  PKnownBSS pBSSNode,
323  PBYTE pbyCCSPK,
324  PBYTE pbyCCSGK
325  );
326 
327  static void Encyption_Rebuild(
328  PSDevice pDevice,
329  PKnownBSS pCurr
330  );
331 
332 /*--------------------- Export Variables --------------------------*/
333 
334 /*--------------------- Export Functions --------------------------*/
335 
336 /*+
337  *
338  * Routine Description:
339  * Allocates and initializes the Management object.
340  *
341  * Return Value:
342  * Ndis_staus.
343  *
344 -*/
345 
346 void vMgrObjectInit(void *hDeviceContext)
347 {
348  PSDevice pDevice = (PSDevice)hDeviceContext;
349  PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
350  int ii;
351 
352 
353  pMgmt->pbyPSPacketPool = &pMgmt->byPSPacketPool[0];
354  pMgmt->pbyMgmtPacketPool = &pMgmt->byMgmtPacketPool[0];
355  pMgmt->uCurrChannel = pDevice->uChannel;
356  for (ii = 0; ii < WLAN_BSSID_LEN; ii++)
357  pMgmt->abyDesireBSSID[ii] = 0xFF;
358 
360  //memset(pMgmt->abyDesireSSID, 0, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN +1);
361  pMgmt->byCSSPK = KEY_CTL_NONE;
362  pMgmt->byCSSGK = KEY_CTL_NONE;
364  BSSvClearBSSList((void *) pDevice, FALSE);
365 
367  pMgmt->sTimerSecondCallback.data = (unsigned long)pDevice;
369  pMgmt->sTimerSecondCallback.expires = RUN_AT(HZ);
370 
371  init_timer(&pDevice->sTimerCommand);
372  pDevice->sTimerCommand.data = (unsigned long)pDevice;
373  pDevice->sTimerCommand.function = (TimerFunction)vRunCommand;
374  pDevice->sTimerCommand.expires = RUN_AT(HZ);
375 
376  init_timer(&pDevice->sTimerTxData);
377  pDevice->sTimerTxData.data = (unsigned long)pDevice;
378  pDevice->sTimerTxData.function = (TimerFunction)BSSvSecondTxData;
379  pDevice->sTimerTxData.expires = RUN_AT(10*HZ); //10s callback
380  pDevice->fTxDataInSleep = FALSE;
381  pDevice->IsTxDataTrigger = FALSE;
382  pDevice->nTxDataTimeCout = 0;
383 
384  pDevice->cbFreeCmdQueue = CMD_Q_SIZE;
385  pDevice->uCmdDequeueIdx = 0;
386  pDevice->uCmdEnqueueIdx = 0;
387  pDevice->eCommandState = WLAN_CMD_IDLE;
388  pDevice->bCmdRunning = FALSE;
389  pDevice->bCmdClear = FALSE;
390 
391  return;
392 }
393 
394 /*+
395  *
396  * Routine Description:
397  * Start the station association procedure. Namely, send an
398  * association request frame to the AP.
399  *
400  * Return Value:
401  * None.
402  *
403 -*/
404 
405 void vMgrAssocBeginSta(void *hDeviceContext,
406  PSMgmtObject pMgmt,
407  PCMD_STATUS pStatus)
408 {
409  PSDevice pDevice = (PSDevice)hDeviceContext;
410  PSTxMgmtPacket pTxPacket;
411 
412 
413  pMgmt->wCurrCapInfo = 0;
414  pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_ESS(1);
415  if (pDevice->bEncryptionEnable) {
417  }
418  // always allow receive short preamble
419  //if (pDevice->byPreambleType == 1) {
420  // pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
421  //}
423  if (pMgmt->wListenInterval == 0)
424  pMgmt->wListenInterval = 1; // at least one.
425 
426  // ERP Phy (802.11g) should support short preamble.
427  if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
429  if (pDevice->bShortSlotTime == TRUE)
431 
432  } else if (pMgmt->eCurrentPHYMode == PHY_TYPE_11B) {
433  if (pDevice->byPreambleType == 1) {
435  }
436  }
437  if (pMgmt->b11hEnable == TRUE)
439 
440  // build an assocreq frame and send it
441  pTxPacket = s_MgrMakeAssocRequest
442  (
443  pDevice,
444  pMgmt,
445  pMgmt->abyCurrBSSID,
446  pMgmt->wCurrCapInfo,
447  pMgmt->wListenInterval,
448  (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
451  );
452 
453  if (pTxPacket != NULL ){
454  // send the frame
455  *pStatus = csMgmt_xmit(pDevice, pTxPacket);
456  if (*pStatus == CMD_STATUS_PENDING) {
458  *pStatus = CMD_STATUS_SUCCESS;
459  }
460  }
461  else
462  *pStatus = CMD_STATUS_RESOURCES;
463 
464  return ;
465 }
466 
467 
468 /*+
469  *
470  * Routine Description:
471  * Start the station re-association procedure.
472  *
473  * Return Value:
474  * None.
475  *
476 -*/
477 
478 void vMgrReAssocBeginSta(void *hDeviceContext,
479  PSMgmtObject pMgmt,
480  PCMD_STATUS pStatus)
481 {
482  PSDevice pDevice = (PSDevice)hDeviceContext;
483  PSTxMgmtPacket pTxPacket;
484 
485 
486 
487  pMgmt->wCurrCapInfo = 0;
488  pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_ESS(1);
489  if (pDevice->bEncryptionEnable) {
491  }
492 
493  //if (pDevice->byPreambleType == 1) {
494  // pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
495  //}
497 
498  if (pMgmt->wListenInterval == 0)
499  pMgmt->wListenInterval = 1; // at least one.
500 
501 
502  // ERP Phy (802.11g) should support short preamble.
503  if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
505  if (pDevice->bShortSlotTime == TRUE)
507 
508  } else if (pMgmt->eCurrentPHYMode == PHY_TYPE_11B) {
509  if (pDevice->byPreambleType == 1) {
511  }
512  }
513  if (pMgmt->b11hEnable == TRUE)
515 
516 
517  pTxPacket = s_MgrMakeReAssocRequest
518  (
519  pDevice,
520  pMgmt,
521  pMgmt->abyCurrBSSID,
522  pMgmt->wCurrCapInfo,
523  pMgmt->wListenInterval,
524  (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
527  );
528 
529  if (pTxPacket != NULL ){
530  // send the frame
531  *pStatus = csMgmt_xmit(pDevice, pTxPacket);
532  if (*pStatus != CMD_STATUS_PENDING) {
533  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Reassociation tx failed.\n");
534  }
535  else {
536  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Reassociation tx sending.\n");
537  }
538  }
539 
540 
541  return ;
542 }
543 
544 /*+
545  *
546  * Routine Description:
547  * Send an dis-association request frame to the AP.
548  *
549  * Return Value:
550  * None.
551  *
552 -*/
553 
554 void vMgrDisassocBeginSta(void *hDeviceContext,
555  PSMgmtObject pMgmt,
556  PBYTE abyDestAddress,
557  WORD wReason,
558  PCMD_STATUS pStatus)
559 {
560  PSDevice pDevice = (PSDevice)hDeviceContext;
561  PSTxMgmtPacket pTxPacket = NULL;
562  WLAN_FR_DISASSOC sFrame;
563 
564  pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
565  memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_DISASSOC_FR_MAXLEN);
566  pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
567 
568  // Setup the sFrame structure
569  sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
570  sFrame.len = WLAN_DISASSOC_FR_MAXLEN;
571 
572  // format fixed field frame structure
573  vMgrEncodeDisassociation(&sFrame);
574 
575  // Setup the header
576  sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
577  (
580  ));
581 
582  memcpy( sFrame.pHdr->sA3.abyAddr1, abyDestAddress, WLAN_ADDR_LEN);
583  memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
584  memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
585 
586  // Set reason code
587  *(sFrame.pwReason) = cpu_to_le16(wReason);
588  pTxPacket->cbMPDULen = sFrame.len;
589  pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
590 
591  // send the frame
592  *pStatus = csMgmt_xmit(pDevice, pTxPacket);
593  if (*pStatus == CMD_STATUS_PENDING) {
594  pMgmt->eCurrState = WMAC_STATE_IDLE;
595  *pStatus = CMD_STATUS_SUCCESS;
596  }
597 
598  return;
599 }
600 
601 
602 
603 /*+
604  *
605  * Routine Description:(AP function)
606  * Handle incoming station association request frames.
607  *
608  * Return Value:
609  * None.
610  *
611 -*/
612 
613 static
614 void
615 s_vMgrRxAssocRequest(
616  PSDevice pDevice,
617  PSMgmtObject pMgmt,
618  PSRxMgmtPacket pRxPacket,
619  unsigned int uNodeIndex
620  )
621 {
622  WLAN_FR_ASSOCREQ sFrame;
624  PSTxMgmtPacket pTxPacket;
625  WORD wAssocStatus = 0;
626  WORD wAssocAID = 0;
627  unsigned int uRateLen = WLAN_RATES_MAXLEN;
628  BYTE abyCurrSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
629  BYTE abyCurrExtSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
630 
631 
632  if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP)
633  return;
634  // node index not found
635  if (!uNodeIndex)
636  return;
637 
638  //check if node is authenticated
639  //decode the frame
640  memset(&sFrame, 0, sizeof(WLAN_FR_ASSOCREQ));
641  memset(abyCurrSuppRates, 0, WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1);
642  memset(abyCurrExtSuppRates, 0, WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1);
643  sFrame.len = pRxPacket->cbMPDULen;
644  sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
645 
646  vMgrDecodeAssocRequest(&sFrame);
647 
648  if (pMgmt->sNodeDBTable[uNodeIndex].eNodeState >= NODE_AUTH) {
649  pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_ASSOC;
650  pMgmt->sNodeDBTable[uNodeIndex].wCapInfo = cpu_to_le16(*sFrame.pwCapInfo);
651  pMgmt->sNodeDBTable[uNodeIndex].wListenInterval = cpu_to_le16(*sFrame.pwListenInterval);
652  pMgmt->sNodeDBTable[uNodeIndex].bPSEnable =
653  WLAN_GET_FC_PWRMGT(sFrame.pHdr->sA3.wFrameCtl) ? TRUE : FALSE;
654  // Todo: check sta basic rate, if ap can't support, set status code
655  if (pDevice->byBBType == BB_TYPE_11B) {
656  uRateLen = WLAN_RATES_MAXLEN_11B;
657  }
658  abyCurrSuppRates[0] = WLAN_EID_SUPP_RATES;
659  abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
660  (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
661  uRateLen);
662  abyCurrExtSuppRates[0] = WLAN_EID_EXTSUPP_RATES;
663  if (pDevice->byBBType == BB_TYPE_11G) {
664  abyCurrExtSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pExtSuppRates,
665  (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
666  uRateLen);
667  } else {
668  abyCurrExtSuppRates[1] = 0;
669  }
670 
671 
672  RATEvParseMaxRate((void *)pDevice,
673  (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
674  (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
675  FALSE, // do not change our basic rate
676  &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
677  &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
678  &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
679  &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
680  &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
681  );
682 
683  // set max tx rate
684  pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate =
685  pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate;
686  // Todo: check sta preamble, if ap can't support, set status code
687  pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble =
689  pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime =
691  pMgmt->sNodeDBTable[uNodeIndex].wAID = (WORD)uNodeIndex;
692  wAssocStatus = WLAN_MGMT_STATUS_SUCCESS;
693  wAssocAID = (WORD)uNodeIndex;
694  // check if ERP support
695  if(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate > RATE_11M)
696  pMgmt->sNodeDBTable[uNodeIndex].bERPExist = TRUE;
697 
698  if (pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate <= RATE_11M) {
699  // B only STA join
700  pDevice->bProtectMode = TRUE;
701  pDevice->bNonERPPresent = TRUE;
702  }
703  if (pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble == FALSE) {
704  pDevice->bBarkerPreambleMd = TRUE;
705  }
706 
707  DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "Associate AID= %d \n", wAssocAID);
708  DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "MAC=%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X \n",
709  sFrame.pHdr->sA3.abyAddr2[0],
710  sFrame.pHdr->sA3.abyAddr2[1],
711  sFrame.pHdr->sA3.abyAddr2[2],
712  sFrame.pHdr->sA3.abyAddr2[3],
713  sFrame.pHdr->sA3.abyAddr2[4],
714  sFrame.pHdr->sA3.abyAddr2[5]
715  ) ;
716  DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "Max Support rate = %d \n",
717  pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate);
718  }
719 
720 
721  // assoc response reply..
722  pTxPacket = s_MgrMakeAssocResponse
723  (
724  pDevice,
725  pMgmt,
726  pMgmt->wCurrCapInfo,
727  wAssocStatus,
728  wAssocAID,
729  sFrame.pHdr->sA3.abyAddr2,
732  );
733  if (pTxPacket != NULL ){
734 
735  if (pDevice->bEnableHostapd) {
736  return;
737  }
738  /* send the frame */
739  Status = csMgmt_xmit(pDevice, pTxPacket);
740  if (Status != CMD_STATUS_PENDING) {
741  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Assoc response tx failed\n");
742  }
743  else {
744  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Assoc response tx sending..\n");
745  }
746 
747  }
748 
749  return;
750 }
751 
752 
753 /*+
754  *
755  * Description:(AP function)
756  * Handle incoming station re-association request frames.
757  *
758  * Parameters:
759  * In:
760  * pMgmt - Management Object structure
761  * pRxPacket - Received Packet
762  * Out:
763  * none
764  *
765  * Return Value: None.
766  *
767 -*/
768 
769 static
770 void
771 s_vMgrRxReAssocRequest(
772  PSDevice pDevice,
773  PSMgmtObject pMgmt,
774  PSRxMgmtPacket pRxPacket,
775  unsigned int uNodeIndex
776  )
777 {
778  WLAN_FR_REASSOCREQ sFrame;
780  PSTxMgmtPacket pTxPacket;
781  WORD wAssocStatus = 0;
782  WORD wAssocAID = 0;
783  unsigned int uRateLen = WLAN_RATES_MAXLEN;
784  BYTE abyCurrSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
785  BYTE abyCurrExtSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
786 
787  if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP)
788  return;
789  // node index not found
790  if (!uNodeIndex)
791  return;
792  //check if node is authenticated
793  //decode the frame
794  memset(&sFrame, 0, sizeof(WLAN_FR_REASSOCREQ));
795  sFrame.len = pRxPacket->cbMPDULen;
796  sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
797  vMgrDecodeReassocRequest(&sFrame);
798 
799  if (pMgmt->sNodeDBTable[uNodeIndex].eNodeState >= NODE_AUTH) {
800  pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_ASSOC;
801  pMgmt->sNodeDBTable[uNodeIndex].wCapInfo = cpu_to_le16(*sFrame.pwCapInfo);
802  pMgmt->sNodeDBTable[uNodeIndex].wListenInterval = cpu_to_le16(*sFrame.pwListenInterval);
803  pMgmt->sNodeDBTable[uNodeIndex].bPSEnable =
804  WLAN_GET_FC_PWRMGT(sFrame.pHdr->sA3.wFrameCtl) ? TRUE : FALSE;
805  // Todo: check sta basic rate, if ap can't support, set status code
806 
807  if (pDevice->byBBType == BB_TYPE_11B) {
808  uRateLen = WLAN_RATES_MAXLEN_11B;
809  }
810 
811  abyCurrSuppRates[0] = WLAN_EID_SUPP_RATES;
812  abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
813  (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
814  uRateLen);
815  abyCurrExtSuppRates[0] = WLAN_EID_EXTSUPP_RATES;
816  if (pDevice->byBBType == BB_TYPE_11G) {
817  abyCurrExtSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pExtSuppRates,
818  (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
819  uRateLen);
820  } else {
821  abyCurrExtSuppRates[1] = 0;
822  }
823 
824 
825  RATEvParseMaxRate((void *)pDevice,
826  (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
827  (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
828  FALSE, // do not change our basic rate
829  &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
830  &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
831  &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
832  &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
833  &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
834  );
835 
836  // set max tx rate
837  pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate =
838  pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate;
839  // Todo: check sta preamble, if ap can't support, set status code
840  pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble =
842  pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime =
844  pMgmt->sNodeDBTable[uNodeIndex].wAID = (WORD)uNodeIndex;
845  wAssocStatus = WLAN_MGMT_STATUS_SUCCESS;
846  wAssocAID = (WORD)uNodeIndex;
847 
848  // if suppurt ERP
849  if(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate > RATE_11M)
850  pMgmt->sNodeDBTable[uNodeIndex].bERPExist = TRUE;
851 
852  if (pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate <= RATE_11M) {
853  // B only STA join
854  pDevice->bProtectMode = TRUE;
855  pDevice->bNonERPPresent = TRUE;
856  }
857  if (pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble == FALSE) {
858  pDevice->bBarkerPreambleMd = TRUE;
859  }
860 
861  DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "Rx ReAssociate AID= %d \n", wAssocAID);
862  DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "MAC=%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X \n",
863  sFrame.pHdr->sA3.abyAddr2[0],
864  sFrame.pHdr->sA3.abyAddr2[1],
865  sFrame.pHdr->sA3.abyAddr2[2],
866  sFrame.pHdr->sA3.abyAddr2[3],
867  sFrame.pHdr->sA3.abyAddr2[4],
868  sFrame.pHdr->sA3.abyAddr2[5]
869  ) ;
870  DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "Max Support rate = %d \n",
871  pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate);
872 
873  }
874 
875 
876  // assoc response reply..
877  pTxPacket = s_MgrMakeReAssocResponse
878  (
879  pDevice,
880  pMgmt,
881  pMgmt->wCurrCapInfo,
882  wAssocStatus,
883  wAssocAID,
884  sFrame.pHdr->sA3.abyAddr2,
887  );
888 
889  if (pTxPacket != NULL ){
890  /* send the frame */
891  if (pDevice->bEnableHostapd) {
892  return;
893  }
894  Status = csMgmt_xmit(pDevice, pTxPacket);
895  if (Status != CMD_STATUS_PENDING) {
896  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:ReAssoc response tx failed\n");
897  }
898  else {
899  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:ReAssoc response tx sending..\n");
900  }
901  }
902  return;
903 }
904 
905 
906 /*+
907  *
908  * Routine Description:
909  * Handle incoming association response frames.
910  *
911  * Return Value:
912  * None.
913  *
914 -*/
915 
916 static
917 void
918 s_vMgrRxAssocResponse(
919  PSDevice pDevice,
920  PSMgmtObject pMgmt,
921  PSRxMgmtPacket pRxPacket,
922  BOOL bReAssocType
923  )
924 {
925  WLAN_FR_ASSOCRESP sFrame;
926  PWLAN_IE_SSID pItemSSID;
927  PBYTE pbyIEs;
928  viawget_wpa_header *wpahdr;
929 
930 
931 
932  if (pMgmt->eCurrState == WMAC_STATE_ASSOCPENDING ||
933  pMgmt->eCurrState == WMAC_STATE_ASSOC) {
934 
935  sFrame.len = pRxPacket->cbMPDULen;
936  sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
937  // decode the frame
938  vMgrDecodeAssocResponse(&sFrame);
939  if ((sFrame.pwCapInfo == NULL)
940  || (sFrame.pwStatus == NULL)
941  || (sFrame.pwAid == NULL)
942  || (sFrame.pSuppRates == NULL)) {
943  DBG_PORT80(0xCC);
944  return;
945  }
946 
947  pMgmt->sAssocInfo.AssocInfo.ResponseFixedIEs.Capabilities = *(sFrame.pwCapInfo);
948  pMgmt->sAssocInfo.AssocInfo.ResponseFixedIEs.StatusCode = *(sFrame.pwStatus);
949  pMgmt->sAssocInfo.AssocInfo.ResponseFixedIEs.AssociationId = *(sFrame.pwAid);
951 
952  pMgmt->sAssocInfo.AssocInfo.ResponseIELength = sFrame.len - 24 - 6;
954  pbyIEs = pMgmt->sAssocInfo.abyIEs;
955  pbyIEs += pMgmt->sAssocInfo.AssocInfo.RequestIELength;
956  memcpy(pbyIEs, (sFrame.pBuf + 24 +6), pMgmt->sAssocInfo.AssocInfo.ResponseIELength);
957 
958  // save values and set current BSS state
959  if (cpu_to_le16((*(sFrame.pwStatus))) == WLAN_MGMT_STATUS_SUCCESS ){
960  // set AID
961  pMgmt->wCurrAID = cpu_to_le16((*(sFrame.pwAid)));
962  if ( (pMgmt->wCurrAID >> 14) != (BIT0 | BIT1) )
963  {
964  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AID from AP, has two msb clear.\n");
965  }
966  DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "Association Successful, AID=%d.\n", pMgmt->wCurrAID & ~(BIT14|BIT15));
967  pMgmt->eCurrState = WMAC_STATE_ASSOC;
968  BSSvUpdateAPNode((void *) pDevice,
969  sFrame.pwCapInfo,
970  sFrame.pSuppRates,
971  sFrame.pExtSuppRates);
972  pItemSSID = (PWLAN_IE_SSID)pMgmt->abyCurrSSID;
973  DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "Link with AP(SSID): %s\n", pItemSSID->abySSID);
974  pDevice->bLinkPass = TRUE;
976  if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
977  if(skb_tailroom(pDevice->skb) <(sizeof(viawget_wpa_header)+pMgmt->sAssocInfo.AssocInfo.ResponseIELength+
978  pMgmt->sAssocInfo.AssocInfo.RequestIELength)) { //data room not enough
979  dev_kfree_skb(pDevice->skb);
980  pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
981  }
982  wpahdr = (viawget_wpa_header *)pDevice->skb->data;
983  wpahdr->type = VIAWGET_ASSOC_MSG;
986  memcpy(pDevice->skb->data + sizeof(viawget_wpa_header), pMgmt->sAssocInfo.abyIEs, wpahdr->req_ie_len);
987  memcpy(pDevice->skb->data + sizeof(viawget_wpa_header) + wpahdr->req_ie_len,
988  pbyIEs,
989  wpahdr->resp_ie_len
990  );
991  skb_put(pDevice->skb, sizeof(viawget_wpa_header) + wpahdr->resp_ie_len + wpahdr->req_ie_len);
992  pDevice->skb->dev = pDevice->wpadev;
993  skb_reset_mac_header(pDevice->skb);
994  pDevice->skb->pkt_type = PACKET_HOST;
995  pDevice->skb->protocol = htons(ETH_P_802_2);
996  memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
997  netif_rx(pDevice->skb);
998  pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
999  }
1000 
1001 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1002  //if(pDevice->bWPASuppWextEnabled == TRUE)
1003  {
1004  BYTE buf[512];
1005  size_t len;
1006  union iwreq_data wrqu;
1007  int we_event;
1008 
1009  memset(buf, 0, 512);
1010 
1011  len = pMgmt->sAssocInfo.AssocInfo.RequestIELength;
1012  if(len) {
1013  memcpy(buf, pMgmt->sAssocInfo.abyIEs, len);
1014  memset(&wrqu, 0, sizeof (wrqu));
1015  wrqu.data.length = len;
1016  we_event = IWEVASSOCREQIE;
1017  PRINT_K("wireless_send_event--->IWEVASSOCREQIE\n");
1018  wireless_send_event(pDevice->dev, we_event, &wrqu, buf);
1019  }
1020 
1021  memset(buf, 0, 512);
1022  len = pMgmt->sAssocInfo.AssocInfo.ResponseIELength;
1023 
1024  if(len) {
1025  memcpy(buf, pbyIEs, len);
1026  memset(&wrqu, 0, sizeof (wrqu));
1027  wrqu.data.length = len;
1028  we_event = IWEVASSOCRESPIE;
1029  PRINT_K("wireless_send_event--->IWEVASSOCRESPIE\n");
1030  wireless_send_event(pDevice->dev, we_event, &wrqu, buf);
1031  }
1032 
1033  memset(&wrqu, 0, sizeof (wrqu));
1034  memcpy(wrqu.ap_addr.sa_data, &pMgmt->abyCurrBSSID[0], ETH_ALEN);
1035  wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1036  PRINT_K("wireless_send_event--->SIOCGIWAP(associated)\n");
1037  wireless_send_event(pDevice->dev, SIOCGIWAP, &wrqu, NULL);
1038 
1039  }
1040 #endif //#ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1041 
1042  }
1043  else {
1044  if (bReAssocType) {
1045  pMgmt->eCurrState = WMAC_STATE_IDLE;
1046  }
1047  else {
1048  // jump back to the auth state and indicate the error
1049  pMgmt->eCurrState = WMAC_STATE_AUTH;
1050  }
1051  s_vMgrLogStatus(pMgmt,cpu_to_le16((*(sFrame.pwStatus))));
1052  }
1053 
1054  }
1055 
1056 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1057 //need clear flags related to Networkmanager
1058  pDevice->bwextstep0 = FALSE;
1059  pDevice->bwextstep1 = FALSE;
1060  pDevice->bwextstep2 = FALSE;
1061  pDevice->bwextstep3 = FALSE;
1062  pDevice->bWPASuppWextEnabled = FALSE;
1063 #endif
1064 
1065 if(pMgmt->eCurrState == WMAC_STATE_ASSOC)
1066  timer_expire(pDevice->sTimerCommand, 0);
1067 
1068  return;
1069 }
1070 
1071 /*+
1072  *
1073  * Routine Description:
1074  * Start the station authentication procedure. Namely, send an
1075  * authentication frame to the AP.
1076  *
1077  * Return Value:
1078  * None.
1079  *
1080 -*/
1081 
1082 void vMgrAuthenBeginSta(void *hDeviceContext,
1083  PSMgmtObject pMgmt,
1084  PCMD_STATUS pStatus)
1085 {
1086  PSDevice pDevice = (PSDevice)hDeviceContext;
1087  WLAN_FR_AUTHEN sFrame;
1088  PSTxMgmtPacket pTxPacket = NULL;
1089 
1090  pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1091  memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1092  pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1093  sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1094  sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1095  vMgrEncodeAuthen(&sFrame);
1096  /* insert values */
1097  sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1098  (
1101  ));
1102  memcpy( sFrame.pHdr->sA3.abyAddr1, pMgmt->abyCurrBSSID, WLAN_ADDR_LEN);
1103  memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1104  memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1105  if (pMgmt->bShareKeyAlgorithm)
1107  else
1109 
1110  *(sFrame.pwAuthSequence) = cpu_to_le16(1);
1111  /* Adjust the length fields */
1112  pTxPacket->cbMPDULen = sFrame.len;
1113  pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1114 
1115  *pStatus = csMgmt_xmit(pDevice, pTxPacket);
1116  if (*pStatus == CMD_STATUS_PENDING){
1118  *pStatus = CMD_STATUS_SUCCESS;
1119  }
1120 
1121  return ;
1122 }
1123 
1124 /*+
1125  *
1126  * Routine Description:
1127  * Start the station(AP) deauthentication procedure. Namely, send an
1128  * deauthentication frame to the AP or Sta.
1129  *
1130  * Return Value:
1131  * None.
1132  *
1133 -*/
1134 
1135 void vMgrDeAuthenBeginSta(void *hDeviceContext,
1136  PSMgmtObject pMgmt,
1137  PBYTE abyDestAddress,
1138  WORD wReason,
1139  PCMD_STATUS pStatus)
1140 {
1141  PSDevice pDevice = (PSDevice)hDeviceContext;
1142  WLAN_FR_DEAUTHEN sFrame;
1143  PSTxMgmtPacket pTxPacket = NULL;
1144 
1145 
1146  pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1147  memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_DEAUTHEN_FR_MAXLEN);
1148  pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1149  sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1150  sFrame.len = WLAN_DEAUTHEN_FR_MAXLEN;
1151  vMgrEncodeDeauthen(&sFrame);
1152  /* insert values */
1153  sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1154  (
1157  ));
1158 
1159  memcpy( sFrame.pHdr->sA3.abyAddr1, abyDestAddress, WLAN_ADDR_LEN);
1160  memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1161  memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1162 
1163  *(sFrame.pwReason) = cpu_to_le16(wReason); // deauthen. bcs left BSS
1164  /* Adjust the length fields */
1165  pTxPacket->cbMPDULen = sFrame.len;
1166  pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1167 
1168  *pStatus = csMgmt_xmit(pDevice, pTxPacket);
1169  if (*pStatus == CMD_STATUS_PENDING){
1170  *pStatus = CMD_STATUS_SUCCESS;
1171  }
1172 
1173 
1174  return ;
1175 }
1176 
1177 
1178 /*+
1179  *
1180  * Routine Description:
1181  * Handle incoming authentication frames.
1182  *
1183  * Return Value:
1184  * None.
1185  *
1186 -*/
1187 
1188 static
1189 void
1190 s_vMgrRxAuthentication(
1191  PSDevice pDevice,
1192  PSMgmtObject pMgmt,
1193  PSRxMgmtPacket pRxPacket
1194  )
1195 {
1196  WLAN_FR_AUTHEN sFrame;
1197 
1198  // we better be an AP or a STA in AUTHPENDING otherwise ignore
1199  if (!(pMgmt->eCurrMode == WMAC_MODE_ESS_AP ||
1200  pMgmt->eCurrState == WMAC_STATE_AUTHPENDING)) {
1201  return;
1202  }
1203 
1204  // decode the frame
1205  sFrame.len = pRxPacket->cbMPDULen;
1206  sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1207  vMgrDecodeAuthen(&sFrame);
1208  switch (cpu_to_le16((*(sFrame.pwAuthSequence )))){
1209  case 1:
1210  //AP funciton
1211  s_vMgrRxAuthenSequence_1(pDevice,pMgmt, &sFrame);
1212  break;
1213  case 2:
1214  s_vMgrRxAuthenSequence_2(pDevice, pMgmt, &sFrame);
1215  break;
1216  case 3:
1217  //AP funciton
1218  s_vMgrRxAuthenSequence_3(pDevice, pMgmt, &sFrame);
1219  break;
1220  case 4:
1221  s_vMgrRxAuthenSequence_4(pDevice, pMgmt, &sFrame);
1222  break;
1223  default:
1224  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Auth Sequence error, seq = %d\n",
1225  cpu_to_le16((*(sFrame.pwAuthSequence))));
1226  break;
1227  }
1228  return;
1229 }
1230 
1231 
1232 
1233 /*+
1234  *
1235  * Routine Description:
1236  * Handles incoming authen frames with sequence 1. Currently
1237  * assumes we're an AP. So far, no one appears to use authentication
1238  * in Ad-Hoc mode.
1239  *
1240  * Return Value:
1241  * None.
1242  *
1243 -*/
1244 
1245 
1246 static
1247 void
1248 s_vMgrRxAuthenSequence_1(
1249  PSDevice pDevice,
1250  PSMgmtObject pMgmt,
1251  PWLAN_FR_AUTHEN pFrame
1252  )
1253 {
1254  PSTxMgmtPacket pTxPacket = NULL;
1255  unsigned int uNodeIndex;
1256  WLAN_FR_AUTHEN sFrame;
1257  PSKeyItem pTransmitKey;
1258 
1259  // Insert a Node entry
1260  if (!BSSbIsSTAInNodeDB(pDevice, pFrame->pHdr->sA3.abyAddr2, &uNodeIndex)) {
1261  BSSvCreateOneNode((PSDevice)pDevice, &uNodeIndex);
1262  memcpy(pMgmt->sNodeDBTable[uNodeIndex].abyMACAddr, pFrame->pHdr->sA3.abyAddr2,
1263  WLAN_ADDR_LEN);
1264  }
1265 
1266  if (pMgmt->bShareKeyAlgorithm) {
1267  pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_KNOWN;
1268  pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence = 1;
1269  }
1270  else {
1271  pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_AUTH;
1272  }
1273 
1274  // send auth reply
1275  pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1276  memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1277  pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1278  sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1279  sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1280  // format buffer structure
1281  vMgrEncodeAuthen(&sFrame);
1282  // insert values
1283  sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1284  (
1288  ));
1289  memcpy( sFrame.pHdr->sA3.abyAddr1, pFrame->pHdr->sA3.abyAddr2, WLAN_ADDR_LEN);
1290  memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1291  memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1292  *(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
1293  *(sFrame.pwAuthSequence) = cpu_to_le16(2);
1294 
1296  if (pMgmt->bShareKeyAlgorithm)
1298  else
1300  }
1301  else {
1302  if (pMgmt->bShareKeyAlgorithm)
1304  else
1306  }
1307 
1308  if (pMgmt->bShareKeyAlgorithm &&
1309  (cpu_to_le16(*(sFrame.pwStatus)) == WLAN_MGMT_STATUS_SUCCESS)) {
1310 
1311  sFrame.pChallenge = (PWLAN_IE_CHALLENGE)(sFrame.pBuf + sFrame.len);
1312  sFrame.len += WLAN_CHALLENGE_IE_LEN;
1313  sFrame.pChallenge->byElementID = WLAN_EID_CHALLENGE;
1314  sFrame.pChallenge->len = WLAN_CHALLENGE_LEN;
1316  // get group key
1317  if(KeybGetTransmitKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, GROUP_KEY, &pTransmitKey) == TRUE) {
1318  rc4_init(&pDevice->SBox, pDevice->abyPRNG, pTransmitKey->uKeyLength+3);
1319  rc4_encrypt(&pDevice->SBox, pMgmt->abyChallenge, pMgmt->abyChallenge, WLAN_CHALLENGE_LEN);
1320  }
1321  memcpy(sFrame.pChallenge->abyChallenge, pMgmt->abyChallenge , WLAN_CHALLENGE_LEN);
1322  }
1323 
1324  /* Adjust the length fields */
1325  pTxPacket->cbMPDULen = sFrame.len;
1326  pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1327  // send the frame
1328  if (pDevice->bEnableHostapd) {
1329  return;
1330  }
1331  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_1 tx.. \n");
1332  if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
1333  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_1 tx failed.\n");
1334  }
1335  return;
1336 }
1337 
1338 
1339 
1340 /*+
1341  *
1342  * Routine Description:
1343  * Handles incoming auth frames with sequence number 2. Currently
1344  * assumes we're a station.
1345  *
1346  *
1347  * Return Value:
1348  * None.
1349  *
1350 -*/
1351 
1352 static
1353 void
1354 s_vMgrRxAuthenSequence_2(
1355  PSDevice pDevice,
1356  PSMgmtObject pMgmt,
1357  PWLAN_FR_AUTHEN pFrame
1358  )
1359 {
1360  WLAN_FR_AUTHEN sFrame;
1361  PSTxMgmtPacket pTxPacket = NULL;
1362 
1363 
1364  switch (cpu_to_le16((*(pFrame->pwAuthAlgorithm))))
1365  {
1367  if ( cpu_to_le16((*(pFrame->pwStatus))) == WLAN_MGMT_STATUS_SUCCESS ){
1368  DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (OPEN) Successful.\n");
1369  pMgmt->eCurrState = WMAC_STATE_AUTH;
1370  timer_expire(pDevice->sTimerCommand, 0);
1371  }
1372  else {
1373  DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (OPEN) Failed.\n");
1374  s_vMgrLogStatus(pMgmt, cpu_to_le16((*(pFrame->pwStatus))));
1375  pMgmt->eCurrState = WMAC_STATE_IDLE;
1376  }
1377  if (pDevice->eCommandState == WLAN_AUTHENTICATE_WAIT) {
1378  /* spin_unlock_irq(&pDevice->lock);
1379  vCommandTimerWait((void *) pDevice, 0);
1380  spin_lock_irq(&pDevice->lock); */
1381  }
1382  break;
1383 
1385 
1386  if (cpu_to_le16((*(pFrame->pwStatus))) == WLAN_MGMT_STATUS_SUCCESS) {
1387  pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1388  memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1389  pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1390  sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1391  sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1392  // format buffer structure
1393  vMgrEncodeAuthen(&sFrame);
1394  // insert values
1395  sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1396  (
1400  ));
1401  memcpy( sFrame.pHdr->sA3.abyAddr1, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1402  memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1403  memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1404  *(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
1405  *(sFrame.pwAuthSequence) = cpu_to_le16(3);
1407  sFrame.pChallenge = (PWLAN_IE_CHALLENGE)(sFrame.pBuf + sFrame.len);
1408  sFrame.len += WLAN_CHALLENGE_IE_LEN;
1409  sFrame.pChallenge->byElementID = WLAN_EID_CHALLENGE;
1410  sFrame.pChallenge->len = WLAN_CHALLENGE_LEN;
1411  memcpy( sFrame.pChallenge->abyChallenge, pFrame->pChallenge->abyChallenge, WLAN_CHALLENGE_LEN);
1412  // Adjust the length fields
1413  pTxPacket->cbMPDULen = sFrame.len;
1414  pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1415  // send the frame
1416  if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
1417  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Auth_reply sequence_2 tx failed.\n");
1418  }
1419  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Auth_reply sequence_2 tx ...\n");
1420  }
1421  else {
1422  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:rx Auth_reply sequence_2 status error ...\n");
1423  if ( pDevice->eCommandState == WLAN_AUTHENTICATE_WAIT ) {
1424  /* spin_unlock_irq(&pDevice->lock);
1425  vCommandTimerWait((void *) pDevice, 0);
1426  spin_lock_irq(&pDevice->lock); */
1427  }
1428  s_vMgrLogStatus(pMgmt, cpu_to_le16((*(pFrame->pwStatus))));
1429  }
1430  break;
1431  default:
1432  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt: rx auth.seq = 2 unknown AuthAlgorithm=%d\n", cpu_to_le16((*(pFrame->pwAuthAlgorithm))));
1433  break;
1434  }
1435  return;
1436 }
1437 
1438 
1439 
1440 /*+
1441  *
1442  * Routine Description:
1443  * Handles incoming authen frames with sequence 3. Currently
1444  * assumes we're an AP. This function assumes the frame has
1445  * already been successfully decrypted.
1446  *
1447  *
1448  * Return Value:
1449  * None.
1450  *
1451 -*/
1452 
1453 static
1454 void
1455 s_vMgrRxAuthenSequence_3(
1456  PSDevice pDevice,
1457  PSMgmtObject pMgmt,
1458  PWLAN_FR_AUTHEN pFrame
1459  )
1460 {
1461  PSTxMgmtPacket pTxPacket = NULL;
1462  unsigned int uStatusCode = 0 ;
1463  unsigned int uNodeIndex = 0;
1464  WLAN_FR_AUTHEN sFrame;
1465 
1466  if (!WLAN_GET_FC_ISWEP(pFrame->pHdr->sA3.wFrameCtl)) {
1467  uStatusCode = WLAN_MGMT_STATUS_CHALLENGE_FAIL;
1468  goto reply;
1469  }
1470  if (BSSbIsSTAInNodeDB(pDevice, pFrame->pHdr->sA3.abyAddr2, &uNodeIndex)) {
1471  if (pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence != 1) {
1472  uStatusCode = WLAN_MGMT_STATUS_RX_AUTH_NOSEQ;
1473  goto reply;
1474  }
1475  if (memcmp(pMgmt->abyChallenge, pFrame->pChallenge->abyChallenge, WLAN_CHALLENGE_LEN) != 0) {
1476  uStatusCode = WLAN_MGMT_STATUS_CHALLENGE_FAIL;
1477  goto reply;
1478  }
1479  }
1480  else {
1481  uStatusCode = WLAN_MGMT_STATUS_UNSPEC_FAILURE;
1482  goto reply;
1483  }
1484 
1485  if (uNodeIndex) {
1486  pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_AUTH;
1487  pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence = 0;
1488  }
1489  uStatusCode = WLAN_MGMT_STATUS_SUCCESS;
1490  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Challenge text check ok..\n");
1491 
1492 reply:
1493  // send auth reply
1494  pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1495  memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1496  pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1497  sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1498  sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1499  // format buffer structure
1500  vMgrEncodeAuthen(&sFrame);
1501  /* insert values */
1502  sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1503  (
1507  ));
1508  memcpy( sFrame.pHdr->sA3.abyAddr1, pFrame->pHdr->sA3.abyAddr2, WLAN_ADDR_LEN);
1509  memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1510  memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1511  *(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
1512  *(sFrame.pwAuthSequence) = cpu_to_le16(4);
1513  *(sFrame.pwStatus) = cpu_to_le16(uStatusCode);
1514 
1515  /* Adjust the length fields */
1516  pTxPacket->cbMPDULen = sFrame.len;
1517  pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1518  // send the frame
1519  if (pDevice->bEnableHostapd) {
1520  return;
1521  }
1522  if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
1523  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_4 tx failed.\n");
1524  }
1525  return;
1526 
1527 }
1528 
1529 
1530 
1531 /*+
1532  *
1533  * Routine Description:
1534  * Handles incoming authen frames with sequence 4
1535  *
1536  *
1537  * Return Value:
1538  * None.
1539  *
1540 -*/
1541 static
1542 void
1543 s_vMgrRxAuthenSequence_4(
1544  PSDevice pDevice,
1545  PSMgmtObject pMgmt,
1546  PWLAN_FR_AUTHEN pFrame
1547  )
1548 {
1549 
1550  if ( cpu_to_le16((*(pFrame->pwStatus))) == WLAN_MGMT_STATUS_SUCCESS ){
1551  DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (SHAREDKEY) Successful.\n");
1552  pMgmt->eCurrState = WMAC_STATE_AUTH;
1553  timer_expire(pDevice->sTimerCommand, 0);
1554  }
1555  else{
1556  DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (SHAREDKEY) Failed.\n");
1557  s_vMgrLogStatus(pMgmt, cpu_to_le16((*(pFrame->pwStatus))) );
1558  pMgmt->eCurrState = WMAC_STATE_IDLE;
1559  }
1560 
1561  if ( pDevice->eCommandState == WLAN_AUTHENTICATE_WAIT ) {
1562  /* spin_unlock_irq(&pDevice->lock);
1563  vCommandTimerWait((void *) pDevice, 0);
1564  spin_lock_irq(&pDevice->lock); */
1565  }
1566 }
1567 
1568 /*+
1569  *
1570  * Routine Description:
1571  * Handles incoming disassociation frames
1572  *
1573  *
1574  * Return Value:
1575  * None.
1576  *
1577 -*/
1578 
1579 static
1580 void
1581 s_vMgrRxDisassociation(
1582  PSDevice pDevice,
1583  PSMgmtObject pMgmt,
1584  PSRxMgmtPacket pRxPacket
1585  )
1586 {
1587  WLAN_FR_DISASSOC sFrame;
1588  unsigned int uNodeIndex = 0;
1589  CMD_STATUS CmdStatus;
1590  viawget_wpa_header *wpahdr;
1591 
1592  if ( pMgmt->eCurrMode == WMAC_MODE_ESS_AP ){
1593  // if is acting an AP..
1594  // a STA is leaving this BSS..
1595  sFrame.len = pRxPacket->cbMPDULen;
1596  sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1597  if (BSSbIsSTAInNodeDB(pDevice, pRxPacket->p80211Header->sA3.abyAddr2, &uNodeIndex)) {
1598  BSSvRemoveOneNode(pDevice, uNodeIndex);
1599  }
1600  else {
1601  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rx disassoc, sta not found\n");
1602  }
1603  }
1604  else if (pMgmt->eCurrMode == WMAC_MODE_ESS_STA ){
1605  sFrame.len = pRxPacket->cbMPDULen;
1606  sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1607  vMgrDecodeDisassociation(&sFrame);
1608  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "AP disassociated me, reason=%d.\n", cpu_to_le16(*(sFrame.pwReason)));
1609 
1610  pDevice->fWPA_Authened = FALSE;
1611  if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
1612  wpahdr = (viawget_wpa_header *)pDevice->skb->data;
1613  wpahdr->type = VIAWGET_DISASSOC_MSG;
1614  wpahdr->resp_ie_len = 0;
1615  wpahdr->req_ie_len = 0;
1616  skb_put(pDevice->skb, sizeof(viawget_wpa_header));
1617  pDevice->skb->dev = pDevice->wpadev;
1618  skb_reset_mac_header(pDevice->skb);
1619  pDevice->skb->pkt_type = PACKET_HOST;
1620  pDevice->skb->protocol = htons(ETH_P_802_2);
1621  memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
1622  netif_rx(pDevice->skb);
1623  pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1624  }
1625 
1626  //TODO: do something let upper layer know or
1627  //try to send associate packet again because of inactivity timeout
1628  if (pMgmt->eCurrState == WMAC_STATE_ASSOC) {
1629  pDevice->bLinkPass = FALSE;
1630  pMgmt->sNodeDBTable[0].bActive = FALSE;
1631  pDevice->byReAssocCount = 0;
1632  pMgmt->eCurrState = WMAC_STATE_AUTH; // jump back to the auth state!
1634  vMgrReAssocBeginSta((PSDevice)pDevice, pMgmt, &CmdStatus);
1635  if(CmdStatus == CMD_STATUS_PENDING) {
1636  pDevice->byReAssocCount ++;
1637  return; //mike add: you'll retry for many times, so it cann't be regarded as disconnected!
1638  }
1639  }
1640 
1641  #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1642  // if(pDevice->bWPASuppWextEnabled == TRUE)
1643  {
1644  union iwreq_data wrqu;
1645  memset(&wrqu, 0, sizeof (wrqu));
1646  wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1647  PRINT_K("wireless_send_event--->SIOCGIWAP(disassociated)\n");
1648  wireless_send_event(pDevice->dev, SIOCGIWAP, &wrqu, NULL);
1649  }
1650  #endif
1651  }
1652  /* else, ignore it */
1653 
1654  return;
1655 }
1656 
1657 
1658 /*+
1659  *
1660  * Routine Description:
1661  * Handles incoming deauthentication frames
1662  *
1663  *
1664  * Return Value:
1665  * None.
1666  *
1667 -*/
1668 
1669 static
1670 void
1671 s_vMgrRxDeauthentication(
1672  PSDevice pDevice,
1673  PSMgmtObject pMgmt,
1674  PSRxMgmtPacket pRxPacket
1675  )
1676 {
1677  WLAN_FR_DEAUTHEN sFrame;
1678  unsigned int uNodeIndex = 0;
1679  viawget_wpa_header *wpahdr;
1680 
1681 
1682  if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP ){
1683  //Todo:
1684  // if is acting an AP..
1685  // a STA is leaving this BSS..
1686  sFrame.len = pRxPacket->cbMPDULen;
1687  sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1688  if (BSSbIsSTAInNodeDB(pDevice, pRxPacket->p80211Header->sA3.abyAddr2, &uNodeIndex)) {
1689  BSSvRemoveOneNode(pDevice, uNodeIndex);
1690  }
1691  else {
1692  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Rx deauth, sta not found\n");
1693  }
1694  }
1695  else {
1696  if (pMgmt->eCurrMode == WMAC_MODE_ESS_STA ) {
1697  sFrame.len = pRxPacket->cbMPDULen;
1698  sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1699  vMgrDecodeDeauthen(&sFrame);
1700  pDevice->fWPA_Authened = FALSE;
1701  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "AP deauthed me, reason=%d.\n", cpu_to_le16((*(sFrame.pwReason))));
1702  // TODO: update BSS list for specific BSSID if pre-authentication case
1703  if (!compare_ether_addr(sFrame.pHdr->sA3.abyAddr3,
1704  pMgmt->abyCurrBSSID)) {
1705  if (pMgmt->eCurrState >= WMAC_STATE_AUTHPENDING) {
1706  pMgmt->sNodeDBTable[0].bActive = FALSE;
1707  pMgmt->eCurrMode = WMAC_MODE_STANDBY;
1708  pMgmt->eCurrState = WMAC_STATE_IDLE;
1709  netif_stop_queue(pDevice->dev);
1710  pDevice->bLinkPass = FALSE;
1712  }
1713  }
1714 
1715  if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
1716  wpahdr = (viawget_wpa_header *)pDevice->skb->data;
1717  wpahdr->type = VIAWGET_DISASSOC_MSG;
1718  wpahdr->resp_ie_len = 0;
1719  wpahdr->req_ie_len = 0;
1720  skb_put(pDevice->skb, sizeof(viawget_wpa_header));
1721  pDevice->skb->dev = pDevice->wpadev;
1722  skb_reset_mac_header(pDevice->skb);
1723  pDevice->skb->pkt_type = PACKET_HOST;
1724  pDevice->skb->protocol = htons(ETH_P_802_2);
1725  memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
1726  netif_rx(pDevice->skb);
1727  pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1728  }
1729 
1730  #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1731  // if(pDevice->bWPASuppWextEnabled == TRUE)
1732  {
1733  union iwreq_data wrqu;
1734  memset(&wrqu, 0, sizeof (wrqu));
1735  wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1736  PRINT_K("wireless_send_event--->SIOCGIWAP(disauthen)\n");
1737  wireless_send_event(pDevice->dev, SIOCGIWAP, &wrqu, NULL);
1738  }
1739  #endif
1740 
1741  }
1742  /* else, ignore it. TODO: IBSS authentication service
1743  would be implemented here */
1744  };
1745  return;
1746 }
1747 
1748 /*+
1749  *
1750  * Routine Description:
1751  * check if current channel is match ZoneType.
1752  *for USA:1~11;
1753  * Japan:1~13;
1754  * Europe:1~13
1755  * Return Value:
1756  * True:exceed;
1757  * False:normal case
1758 -*/
1759 static BOOL
1760 ChannelExceedZoneType(
1761  PSDevice pDevice,
1763  )
1764 {
1765  BOOL exceed=FALSE;
1766 
1767  switch(pDevice->byZoneType) {
1768  case 0x00: //USA:1~11
1769  if((byCurrChannel<1) ||(byCurrChannel>11))
1770  exceed = TRUE;
1771  break;
1772  case 0x01: //Japan:1~13
1773  case 0x02: //Europe:1~13
1774  if((byCurrChannel<1) ||(byCurrChannel>13))
1775  exceed = TRUE;
1776  break;
1777  default: //reserve for other zonetype
1778  break;
1779  }
1780 
1781  return exceed;
1782 }
1783 
1784 /*+
1785  *
1786  * Routine Description:
1787  * Handles and analysis incoming beacon frames.
1788  *
1789  *
1790  * Return Value:
1791  * None.
1792  *
1793 -*/
1794 
1795 static
1796 void
1797 s_vMgrRxBeacon(
1798  PSDevice pDevice,
1799  PSMgmtObject pMgmt,
1800  PSRxMgmtPacket pRxPacket,
1801  BOOL bInScan
1802  )
1803 {
1804 
1805  PKnownBSS pBSSList;
1806  WLAN_FR_BEACON sFrame;
1807  QWORD qwTSFOffset;
1808  BOOL bIsBSSIDEqual = FALSE;
1809  BOOL bIsSSIDEqual = FALSE;
1810  BOOL bTSFLargeDiff = FALSE;
1811  BOOL bTSFOffsetPostive = FALSE;
1812  BOOL bUpdateTSF = FALSE;
1813  BOOL bIsAPBeacon = FALSE;
1814  BOOL bIsChannelEqual = FALSE;
1815  unsigned int uLocateByteIndex;
1816  BYTE byTIMBitOn = 0;
1817  WORD wAIDNumber = 0;
1818  unsigned int uNodeIndex;
1819  QWORD qwTimestamp, qwLocalTSF;
1820  QWORD qwCurrTSF;
1821  WORD wStartIndex = 0;
1822  WORD wAIDIndex = 0;
1823  BYTE byCurrChannel = pRxPacket->byRxChannel;
1824  ERPObject sERP;
1825  unsigned int uRateLen = WLAN_RATES_MAXLEN;
1826  BOOL bChannelHit = FALSE;
1827  BYTE byOldPreambleType;
1828 
1829 
1830 
1831  if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP)
1832  return;
1833 
1834  memset(&sFrame, 0, sizeof(WLAN_FR_BEACON));
1835  sFrame.len = pRxPacket->cbMPDULen;
1836  sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1837 
1838  // decode the beacon frame
1839  vMgrDecodeBeacon(&sFrame);
1840 
1841  if ((sFrame.pwBeaconInterval == NULL)
1842  || (sFrame.pwCapInfo == NULL)
1843  || (sFrame.pSSID == NULL)
1844  || (sFrame.pSuppRates == NULL)) {
1845 
1846  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rx beacon frame error\n");
1847  return;
1848  }
1849 
1850  if( byCurrChannel > CB_MAX_CHANNEL_24G )
1851  {
1852  if (sFrame.pDSParms != NULL) {
1853  if (byCurrChannel == RFaby11aChannelIndex[sFrame.pDSParms->byCurrChannel-1])
1854  bChannelHit = TRUE;
1855  byCurrChannel = RFaby11aChannelIndex[sFrame.pDSParms->byCurrChannel-1];
1856  } else {
1857  bChannelHit = TRUE;
1858  }
1859 
1860  } else {
1861  if (sFrame.pDSParms != NULL) {
1862  if (byCurrChannel == sFrame.pDSParms->byCurrChannel)
1863  bChannelHit = TRUE;
1864  byCurrChannel = sFrame.pDSParms->byCurrChannel;
1865  } else {
1866  bChannelHit = TRUE;
1867  }
1868  }
1869 
1870 if(ChannelExceedZoneType(pDevice,byCurrChannel)==TRUE)
1871  return;
1872 
1873  if (sFrame.pERP != NULL) {
1874  sERP.byERP = sFrame.pERP->byContext;
1875  sERP.bERPExist = TRUE;
1876 
1877  } else {
1878  sERP.bERPExist = FALSE;
1879  sERP.byERP = 0;
1880  }
1881 
1882  pBSSList = BSSpAddrIsInBSSList((void *) pDevice,
1883  sFrame.pHdr->sA3.abyAddr3,
1884  sFrame.pSSID);
1885  if (pBSSList == NULL) {
1886  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Beacon/insert: RxChannel = : %d\n", byCurrChannel);
1887  BSSbInsertToBSSList((void *) pDevice,
1888  sFrame.pHdr->sA3.abyAddr3,
1889  *sFrame.pqwTimestamp,
1890  *sFrame.pwBeaconInterval,
1891  *sFrame.pwCapInfo,
1892  byCurrChannel,
1893  sFrame.pSSID,
1894  sFrame.pSuppRates,
1895  sFrame.pExtSuppRates,
1896  &sERP,
1897  sFrame.pRSN,
1898  sFrame.pRSNWPA,
1899  sFrame.pIE_Country,
1900  sFrame.pIE_Quiet,
1901  sFrame.len - WLAN_HDR_ADDR3_LEN,
1902  sFrame.pHdr->sA4.abyAddr4, // payload of beacon
1903  (void *) pRxPacket);
1904  }
1905  else {
1906 // DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"update bcn: RxChannel = : %d\n", byCurrChannel);
1907  BSSbUpdateToBSSList((void *) pDevice,
1908  *sFrame.pqwTimestamp,
1909  *sFrame.pwBeaconInterval,
1910  *sFrame.pwCapInfo,
1911  byCurrChannel,
1912  bChannelHit,
1913  sFrame.pSSID,
1914  sFrame.pSuppRates,
1915  sFrame.pExtSuppRates,
1916  &sERP,
1917  sFrame.pRSN,
1918  sFrame.pRSNWPA,
1919  sFrame.pIE_Country,
1920  sFrame.pIE_Quiet,
1921  pBSSList,
1922  sFrame.len - WLAN_HDR_ADDR3_LEN,
1923  sFrame.pHdr->sA4.abyAddr4, // payload of probresponse
1924  (void *) pRxPacket);
1925 
1926  }
1927 
1928  if (bInScan) {
1929  return;
1930  }
1931 
1932  if(byCurrChannel == (BYTE)pMgmt->uCurrChannel)
1933  bIsChannelEqual = TRUE;
1934 
1935  if (bIsChannelEqual && (pMgmt->eCurrMode == WMAC_MODE_ESS_AP)) {
1936 
1937  // if rx beacon without ERP field
1938  if (sERP.bERPExist) {
1940  pDevice->byERPFlag |= WLAN_SET_ERP_USE_PROTECTION(1);
1942  }
1943  }
1944  else {
1945  pDevice->byERPFlag |= WLAN_SET_ERP_USE_PROTECTION(1);
1947  }
1948 
1949  if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
1951  pDevice->byERPFlag |= WLAN_SET_ERP_BARKER_MODE(1);
1952  if(!sERP.bERPExist)
1953  pDevice->byERPFlag |= WLAN_SET_ERP_NONERP_PRESENT(1);
1954  }
1955  }
1956 
1957  // check if BSSID the same
1958  if (memcmp(sFrame.pHdr->sA3.abyAddr3,
1959  pMgmt->abyCurrBSSID,
1960  WLAN_BSSID_LEN) == 0) {
1961 
1962  bIsBSSIDEqual = TRUE;
1963  pDevice->uCurrRSSI = pRxPacket->uRSSI;
1964  pDevice->byCurrSQ = pRxPacket->bySQ;
1965  if (pMgmt->sNodeDBTable[0].uInActiveCount != 0) {
1966  pMgmt->sNodeDBTable[0].uInActiveCount = 0;
1967  //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"BCN:Wake Count= [%d]\n", pMgmt->wCountToWakeUp);
1968  }
1969  }
1970  // check if SSID the same
1971  if (sFrame.pSSID->len == ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len) {
1972  if (memcmp(sFrame.pSSID->abySSID,
1973  ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->abySSID,
1974  sFrame.pSSID->len
1975  ) == 0) {
1976  bIsSSIDEqual = TRUE;
1977  }
1978  }
1979 
1980  if ((WLAN_GET_CAP_INFO_ESS(*sFrame.pwCapInfo)== TRUE) &&
1981  (bIsBSSIDEqual == TRUE) &&
1982  (bIsSSIDEqual == TRUE) &&
1983  (pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
1984  (pMgmt->eCurrState == WMAC_STATE_ASSOC)) {
1985  // add state check to prevent reconnect fail since we'll receive Beacon
1986 
1987  bIsAPBeacon = TRUE;
1988  if (pBSSList != NULL) {
1989 
1990  // Sync ERP field
1991  if ((pBSSList->sERP.bERPExist == TRUE) && (pDevice->byBBType == BB_TYPE_11G)) {
1992  if ((pBSSList->sERP.byERP & WLAN_EID_ERP_USE_PROTECTION) != pDevice->bProtectMode) {//0000 0010
1993  pDevice->bProtectMode = (pBSSList->sERP.byERP & WLAN_EID_ERP_USE_PROTECTION);
1994  if (pDevice->bProtectMode) {
1995  MACvEnableProtectMD(pDevice);
1996  } else {
1997  MACvDisableProtectMD(pDevice);
1998  }
1999  vUpdateIFS(pDevice);
2000  }
2001  if ((pBSSList->sERP.byERP & WLAN_EID_ERP_NONERP_PRESENT) != pDevice->bNonERPPresent) {//0000 0001
2002  pDevice->bNonERPPresent = (pBSSList->sERP.byERP & WLAN_EID_ERP_USE_PROTECTION);
2003  }
2004  if ((pBSSList->sERP.byERP & WLAN_EID_ERP_BARKER_MODE) != pDevice->bBarkerPreambleMd) {//0000 0100
2005  pDevice->bBarkerPreambleMd = (pBSSList->sERP.byERP & WLAN_EID_ERP_BARKER_MODE);
2006  //BarkerPreambleMd has higher priority than shortPreamble bit in Cap
2007  if (pDevice->bBarkerPreambleMd) {
2008  MACvEnableBarkerPreambleMd(pDevice);
2009  } else {
2010  MACvDisableBarkerPreambleMd(pDevice);
2011  }
2012  }
2013  }
2014  // Sync Short Slot Time
2015  if (WLAN_GET_CAP_INFO_SHORTSLOTTIME(pBSSList->wCapInfo) != pDevice->bShortSlotTime) {
2016  BOOL bShortSlotTime;
2017 
2018  bShortSlotTime = WLAN_GET_CAP_INFO_SHORTSLOTTIME(pBSSList->wCapInfo);
2019  //DBG_PRN_WLAN05(("Set Short Slot Time: %d\n", pDevice->bShortSlotTime));
2020  //Kyle check if it is OK to set G.
2021  if (pDevice->byBBType == BB_TYPE_11A) {
2022  bShortSlotTime = TRUE;
2023  }
2024  else if (pDevice->byBBType == BB_TYPE_11B) {
2025  bShortSlotTime = FALSE;
2026  }
2027  if (bShortSlotTime != pDevice->bShortSlotTime) {
2028  pDevice->bShortSlotTime = bShortSlotTime;
2029  BBvSetShortSlotTime(pDevice);
2030  vUpdateIFS(pDevice);
2031  }
2032  }
2033 
2034  //
2035  // Preamble may change dynamically
2036  //
2037  byOldPreambleType = pDevice->byPreambleType;
2038  if (WLAN_GET_CAP_INFO_SHORTPREAMBLE(pBSSList->wCapInfo)) {
2039  pDevice->byPreambleType = pDevice->byShortPreamble;
2040  }
2041  else {
2042  pDevice->byPreambleType = 0;
2043  }
2044  if (pDevice->byPreambleType != byOldPreambleType)
2045  CARDvSetRSPINF(pDevice, (BYTE)pDevice->byBBType);
2046  //
2047  // Basic Rate Set may change dynamically
2048  //
2049  if (pBSSList->eNetworkTypeInUse == PHY_TYPE_11B) {
2050  uRateLen = WLAN_RATES_MAXLEN_11B;
2051  }
2052  pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)pBSSList->abySuppRates,
2054  uRateLen);
2055  pMgmt->abyCurrExtSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)pBSSList->abyExtSuppRates,
2057  uRateLen);
2058  RATEvParseMaxRate((void *)pDevice,
2061  TRUE,
2062  &(pMgmt->sNodeDBTable[0].wMaxBasicRate),
2063  &(pMgmt->sNodeDBTable[0].wMaxSuppRate),
2064  &(pMgmt->sNodeDBTable[0].wSuppRate),
2065  &(pMgmt->sNodeDBTable[0].byTopCCKBasicRate),
2066  &(pMgmt->sNodeDBTable[0].byTopOFDMBasicRate)
2067  );
2068 
2069  }
2070  }
2071 
2072 // DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Beacon 2 \n");
2073  // check if CF field exisit
2074  if (WLAN_GET_CAP_INFO_ESS(*sFrame.pwCapInfo)) {
2075  if (sFrame.pCFParms->wCFPDurRemaining > 0) {
2076  // TODO: deal with CFP period to set NAV
2077  }
2078  }
2079 
2080  HIDWORD(qwTimestamp) = cpu_to_le32(HIDWORD(*sFrame.pqwTimestamp));
2081  LODWORD(qwTimestamp) = cpu_to_le32(LODWORD(*sFrame.pqwTimestamp));
2082  HIDWORD(qwLocalTSF) = HIDWORD(pRxPacket->qwLocalTSF);
2083  LODWORD(qwLocalTSF) = LODWORD(pRxPacket->qwLocalTSF);
2084 
2085  // check if beacon TSF larger or small than our local TSF
2086  if (HIDWORD(qwTimestamp) == HIDWORD(qwLocalTSF)) {
2087  if (LODWORD(qwTimestamp) >= LODWORD(qwLocalTSF)) {
2088  bTSFOffsetPostive = TRUE;
2089  }
2090  else {
2091  bTSFOffsetPostive = FALSE;
2092  }
2093  }
2094  else if (HIDWORD(qwTimestamp) > HIDWORD(qwLocalTSF)) {
2095  bTSFOffsetPostive = TRUE;
2096  }
2097  else if (HIDWORD(qwTimestamp) < HIDWORD(qwLocalTSF)) {
2098  bTSFOffsetPostive = FALSE;
2099  }
2100 
2101  if (bTSFOffsetPostive) {
2102  qwTSFOffset = CARDqGetTSFOffset(pRxPacket->byRxRate, (qwTimestamp), (qwLocalTSF));
2103  }
2104  else {
2105  qwTSFOffset = CARDqGetTSFOffset(pRxPacket->byRxRate, (qwLocalTSF), (qwTimestamp));
2106  }
2107 
2108  if (HIDWORD(qwTSFOffset) != 0 ||
2109  (LODWORD(qwTSFOffset) > TRIVIAL_SYNC_DIFFERENCE )) {
2110  bTSFLargeDiff = TRUE;
2111  }
2112 
2113 
2114  // if infra mode
2115  if (bIsAPBeacon == TRUE) {
2116 
2117  // Infra mode: Local TSF always follow AP's TSF if Difference huge.
2118  if (bTSFLargeDiff)
2119  bUpdateTSF = TRUE;
2120 
2121  if ((pDevice->bEnablePSMode == TRUE) && (sFrame.pTIM)) {
2122 
2123  /* deal with DTIM, analysis TIM */
2124  pMgmt->bMulticastTIM = WLAN_MGMT_IS_MULTICAST_TIM(sFrame.pTIM->byBitMapCtl) ? TRUE : FALSE ;
2125  pMgmt->byDTIMCount = sFrame.pTIM->byDTIMCount;
2126  pMgmt->byDTIMPeriod = sFrame.pTIM->byDTIMPeriod;
2127  wAIDNumber = pMgmt->wCurrAID & ~(BIT14|BIT15);
2128 
2129  // check if AID in TIM field bit on
2130  // wStartIndex = N1
2131  wStartIndex = WLAN_MGMT_GET_TIM_OFFSET(sFrame.pTIM->byBitMapCtl) << 1;
2132  // AIDIndex = N2
2133  wAIDIndex = (wAIDNumber >> 3);
2134  if ((wAIDNumber > 0) && (wAIDIndex >= wStartIndex)) {
2135  uLocateByteIndex = wAIDIndex - wStartIndex;
2136  // len = byDTIMCount + byDTIMPeriod + byDTIMPeriod + byVirtBitMap[0~250]
2137  if (sFrame.pTIM->len >= (uLocateByteIndex + 4)) {
2138  byTIMBitOn = (0x01) << ((wAIDNumber) % 8);
2139  pMgmt->bInTIM = sFrame.pTIM->byVirtBitMap[uLocateByteIndex] & byTIMBitOn ? TRUE : FALSE;
2140  }
2141  else {
2142  pMgmt->bInTIM = FALSE;
2143  };
2144  }
2145  else {
2146  pMgmt->bInTIM = FALSE;
2147  };
2148 
2149  if (pMgmt->bInTIM ||
2150  (pMgmt->bMulticastTIM && (pMgmt->byDTIMCount == 0))) {
2151  pMgmt->bInTIMWake = TRUE;
2152  // send out ps-poll packet
2153 // DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN:In TIM\n");
2154  if (pMgmt->bInTIM) {
2155  PSvSendPSPOLL((PSDevice)pDevice);
2156 // DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN:PS-POLL sent..\n");
2157  }
2158 
2159  }
2160  else {
2161  pMgmt->bInTIMWake = FALSE;
2162  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN: Not In TIM..\n");
2163  if (pDevice->bPWBitOn == FALSE) {
2164  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN: Send Null Packet\n");
2165  if (PSbSendNullPacket(pDevice))
2166  pDevice->bPWBitOn = TRUE;
2167  }
2168  if(PSbConsiderPowerDown(pDevice, FALSE, FALSE)) {
2169  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN: Power down now...\n");
2170  }
2171  }
2172 
2173  }
2174 
2175  }
2176  // if adhoc mode
2177  if ((pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) && !bIsAPBeacon && bIsChannelEqual) {
2178  if (bIsBSSIDEqual) {
2179  // Use sNodeDBTable[0].uInActiveCount as IBSS beacons received count.
2180  if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
2181  pMgmt->sNodeDBTable[0].uInActiveCount = 0;
2182 
2183  // adhoc mode:TSF updated only when beacon larger then local TSF
2184  if (bTSFLargeDiff && bTSFOffsetPostive &&
2185  (pMgmt->eCurrState == WMAC_STATE_JOINTED))
2186  bUpdateTSF = TRUE;
2187 
2188  // During dpc, already in spinlocked.
2189  if (BSSbIsSTAInNodeDB(pDevice, sFrame.pHdr->sA3.abyAddr2, &uNodeIndex)) {
2190 
2191  // Update the STA, (Technically the Beacons of all the IBSS nodes
2192  // should be identical, but that's not happening in practice.
2196  RATEvParseMaxRate((void *)pDevice,
2198  NULL,
2199  TRUE,
2200  &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
2201  &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
2202  &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
2203  &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
2204  &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
2205  );
2208  pMgmt->sNodeDBTable[uNodeIndex].uInActiveCount = 0;
2209  }
2210  else {
2211  // Todo, initial Node content
2212  BSSvCreateOneNode((PSDevice)pDevice, &uNodeIndex);
2213 
2217  RATEvParseMaxRate((void *)pDevice,
2219  NULL,
2220  TRUE,
2221  &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
2222  &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
2223  &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
2224  &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
2225  &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
2226  );
2227 
2228  memcpy(pMgmt->sNodeDBTable[uNodeIndex].abyMACAddr, sFrame.pHdr->sA3.abyAddr2, WLAN_ADDR_LEN);
2230  pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate = pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate;
2231 /*
2232  pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime = WLAN_GET_CAP_INFO_SHORTSLOTTIME(*sFrame.pwCapInfo);
2233  if(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate > RATE_11M)
2234  pMgmt->sNodeDBTable[uNodeIndex].bERPExist = TRUE;
2235 */
2236  }
2237 
2238  // if other stations jointed, indicate connect to upper layer..
2239  if (pMgmt->eCurrState == WMAC_STATE_STARTED) {
2240  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Current IBSS State: [Started]........to: [Jointed] \n");
2241  pMgmt->eCurrState = WMAC_STATE_JOINTED;
2242  pDevice->bLinkPass = TRUE;
2244  if (netif_queue_stopped(pDevice->dev)){
2245  netif_wake_queue(pDevice->dev);
2246  }
2247  pMgmt->sNodeDBTable[0].bActive = TRUE;
2248  pMgmt->sNodeDBTable[0].uInActiveCount = 0;
2249 
2250  }
2251  }
2252  else if (bIsSSIDEqual) {
2253 
2254  // See other adhoc sta with the same SSID but BSSID is different.
2255  // adpot this vars only when TSF larger then us.
2256  if (bTSFLargeDiff && bTSFOffsetPostive) {
2257  // we don't support ATIM under adhoc mode
2258  // if ( sFrame.pIBSSParms->wATIMWindow == 0) {
2259  // adpot this vars
2260  // TODO: check sFrame cap if privacy on, and support rate syn
2261  memcpy(pMgmt->abyCurrBSSID, sFrame.pHdr->sA3.abyAddr3, WLAN_BSSID_LEN);
2262  memcpy(pDevice->abyBSSID, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
2263  pMgmt->wCurrATIMWindow = cpu_to_le16(sFrame.pIBSSParms->wATIMWindow);
2268  // set HW beacon interval and re-synchronizing....
2269  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rejoining to Other Adhoc group with same SSID........\n");
2270 
2271  MACvWriteBeaconInterval(pDevice, pMgmt->wCurrBeaconPeriod);
2272  CARDvAdjustTSF(pDevice, pRxPacket->byRxRate, qwTimestamp, pRxPacket->qwLocalTSF);
2273  CARDvUpdateNextTBTT(pDevice, qwTimestamp, pMgmt->wCurrBeaconPeriod);
2274 
2275  // Turn off bssid filter to avoid filter others adhoc station which bssid is different.
2276  MACvWriteBSSIDAddress(pDevice, pMgmt->abyCurrBSSID);
2277 
2278  byOldPreambleType = pDevice->byPreambleType;
2280  pDevice->byPreambleType = pDevice->byShortPreamble;
2281  }
2282  else {
2283  pDevice->byPreambleType = 0;
2284  }
2285  if (pDevice->byPreambleType != byOldPreambleType)
2286  CARDvSetRSPINF(pDevice, (BYTE)pDevice->byBBType);
2287 
2288 
2289  // MACvRegBitsOff(pDevice->PortOffset, MAC_REG_RCR, RCR_BSSID);
2290  // set highest basic rate
2291  // s_vSetHighestBasicRate(pDevice, (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates);
2292  // Prepare beacon frame
2293  bMgrPrepareBeaconToSend((void *) pDevice, pMgmt);
2294  // }
2295  }
2296  }
2297  }
2298  // endian issue ???
2299  // Update TSF
2300  if (bUpdateTSF) {
2301  CARDbGetCurrentTSF(pDevice, &qwCurrTSF);
2302  CARDvAdjustTSF(pDevice, pRxPacket->byRxRate, qwTimestamp , pRxPacket->qwLocalTSF);
2303  CARDbGetCurrentTSF(pDevice, &qwCurrTSF);
2304  CARDvUpdateNextTBTT(pDevice, qwTimestamp, pMgmt->wCurrBeaconPeriod);
2305  }
2306 
2307  return;
2308 }
2309 
2310 /*+
2311  *
2312  * Routine Description:
2313  * Instructs the hw to create a bss using the supplied
2314  * attributes. Note that this implementation only supports Ad-Hoc
2315  * BSS creation.
2316  *
2317  *
2318  * Return Value:
2319  * CMD_STATUS
2320  *
2321 -*/
2322 
2323 void vMgrCreateOwnIBSS(void *hDeviceContext,
2324  PCMD_STATUS pStatus)
2325 {
2326  PSDevice pDevice = (PSDevice)hDeviceContext;
2327  PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
2328  WORD wMaxBasicRate;
2329  WORD wMaxSuppRate;
2330  BYTE byTopCCKBasicRate;
2331  BYTE byTopOFDMBasicRate;
2332  QWORD qwCurrTSF;
2333  unsigned int ii;
2334  BYTE abyRATE[] = {0x82, 0x84, 0x8B, 0x96, 0x24, 0x30, 0x48, 0x6C, 0x0C, 0x12, 0x18, 0x60};
2335  BYTE abyCCK_RATE[] = {0x82, 0x84, 0x8B, 0x96};
2336  BYTE abyOFDM_RATE[] = {0x0C, 0x12, 0x18, 0x24, 0x30, 0x48, 0x60, 0x6C};
2337  WORD wSuppRate;
2338 
2339 
2340 
2341  HIDWORD(qwCurrTSF) = 0;
2342  LODWORD(qwCurrTSF) = 0;
2343 
2344  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Create Basic Service Set .......\n");
2345 
2346  if (pMgmt->eConfigMode == WMAC_CONFIG_IBSS_STA) {
2347  if ((pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) &&
2350  // encryption mode error
2351  *pStatus = CMD_STATUS_FAILURE;
2352  return;
2353  }
2354  }
2355 
2358 
2359  if (pMgmt->eConfigMode == WMAC_CONFIG_AP) {
2360  pMgmt->eCurrentPHYMode = pMgmt->byAPBBType;
2361  } else {
2362  if (pDevice->byBBType == BB_TYPE_11G)
2363  pMgmt->eCurrentPHYMode = PHY_TYPE_11G;
2364  if (pDevice->byBBType == BB_TYPE_11B)
2365  pMgmt->eCurrentPHYMode = PHY_TYPE_11B;
2366  if (pDevice->byBBType == BB_TYPE_11A)
2367  pMgmt->eCurrentPHYMode = PHY_TYPE_11A;
2368  }
2369 
2370  if (pMgmt->eCurrentPHYMode != PHY_TYPE_11A) {
2372  pMgmt->abyCurrExtSuppRates[1] = 0;
2373  for (ii = 0; ii < 4; ii++)
2374  pMgmt->abyCurrSuppRates[2+ii] = abyRATE[ii];
2375  } else {
2376  pMgmt->abyCurrSuppRates[1] = 8;
2377  pMgmt->abyCurrExtSuppRates[1] = 0;
2378  for (ii = 0; ii < 8; ii++)
2379  pMgmt->abyCurrSuppRates[2+ii] = abyRATE[ii];
2380  }
2381 
2382 
2383  if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
2384  pMgmt->abyCurrSuppRates[1] = 8;
2385  pMgmt->abyCurrExtSuppRates[1] = 4;
2386  for (ii = 0; ii < 4; ii++)
2387  pMgmt->abyCurrSuppRates[2+ii] = abyCCK_RATE[ii];
2388  for (ii = 4; ii < 8; ii++)
2389  pMgmt->abyCurrSuppRates[2+ii] = abyOFDM_RATE[ii-4];
2390  for (ii = 0; ii < 4; ii++)
2391  pMgmt->abyCurrExtSuppRates[2+ii] = abyOFDM_RATE[ii+4];
2392  }
2393 
2394 
2395  // Disable Protect Mode
2396  pDevice->bProtectMode = 0;
2397  MACvDisableProtectMD(pDevice);
2398 
2399  pDevice->bBarkerPreambleMd = 0;
2400  MACvDisableBarkerPreambleMd(pDevice);
2401 
2402  // Kyle Test 2003.11.04
2403 
2404  // set HW beacon interval
2405  if (pMgmt->wIBSSBeaconPeriod == 0)
2407  MACvWriteBeaconInterval(pDevice, pMgmt->wIBSSBeaconPeriod);
2408 
2409  CARDbGetCurrentTSF(pDevice, &qwCurrTSF);
2410  // clear TSF counter
2411  CARDbClearCurrentTSF(pDevice);
2412 
2413  // enable TSF counter
2415  // set Next TBTT
2416  CARDvSetFirstNextTBTT(pDevice, pMgmt->wIBSSBeaconPeriod);
2417 
2418  pMgmt->uIBSSChannel = pDevice->uChannel;
2419 
2420  if (pMgmt->uIBSSChannel == 0)
2422 
2423  // set channel and clear NAV
2424  CARDbSetMediaChannel(pDevice, pMgmt->uIBSSChannel);
2425  pMgmt->uCurrChannel = pMgmt->uIBSSChannel;
2426 
2427  pDevice->byPreambleType = pDevice->byShortPreamble;
2428 
2429  // set basic rate
2430 
2431  RATEvParseMaxRate((void *)pDevice,
2434  &wMaxBasicRate, &wMaxSuppRate, &wSuppRate,
2435  &byTopCCKBasicRate, &byTopOFDMBasicRate);
2436 
2437 
2438 
2439  if (pDevice->byBBType == BB_TYPE_11A) {
2440  pDevice->bShortSlotTime = TRUE;
2441  } else {
2442  pDevice->bShortSlotTime = FALSE;
2443  }
2444  BBvSetShortSlotTime(pDevice);
2445  // vUpdateIFS() use pDevice->bShortSlotTime as parameter so it must be called
2446  // after setting ShortSlotTime.
2447  // CARDvSetBSSMode call vUpdateIFS()
2448  CARDvSetBSSMode(pDevice);
2449 
2450  if (pMgmt->eConfigMode == WMAC_CONFIG_AP) {
2452  pMgmt->eCurrMode = WMAC_MODE_ESS_AP;
2453  }
2454 
2455  if (pMgmt->eConfigMode == WMAC_CONFIG_IBSS_STA) {
2457  pMgmt->eCurrMode = WMAC_MODE_IBSS_STA;
2458  }
2459 
2460  // Adopt pre-configured IBSS vars to current vars
2461  pMgmt->eCurrState = WMAC_STATE_STARTED;
2462  pMgmt->wCurrBeaconPeriod = pMgmt->wIBSSBeaconPeriod;
2463  pMgmt->uCurrChannel = pMgmt->uIBSSChannel;
2464  pMgmt->wCurrATIMWindow = pMgmt->wIBSSATIMWindow;
2465  pDevice->uCurrRSSI = 0;
2466  pDevice->byCurrSQ = 0;
2467 
2468  memcpy(pMgmt->abyDesireSSID,pMgmt->abyAdHocSSID,
2469  ((PWLAN_IE_SSID)pMgmt->abyAdHocSSID)->len + WLAN_IEHDR_LEN);
2470 
2472  memcpy(pMgmt->abyCurrSSID,
2473  pMgmt->abyDesireSSID,
2474  ((PWLAN_IE_SSID)pMgmt->abyDesireSSID)->len + WLAN_IEHDR_LEN
2475  );
2476 
2477  if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
2478  // AP mode BSSID = MAC addr
2479  memcpy(pMgmt->abyCurrBSSID, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
2480  DBG_PRT(MSG_LEVEL_INFO, KERN_INFO"AP beacon created BSSID:"
2481  "%pM\n", pMgmt->abyCurrBSSID);
2482  }
2483 
2484  if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
2485 
2486  // BSSID selected must be randomized as spec 11.1.3
2487  pMgmt->abyCurrBSSID[5] = (BYTE) (LODWORD(qwCurrTSF)& 0x000000ff);
2488  pMgmt->abyCurrBSSID[4] = (BYTE)((LODWORD(qwCurrTSF)& 0x0000ff00) >> 8);
2489  pMgmt->abyCurrBSSID[3] = (BYTE)((LODWORD(qwCurrTSF)& 0x00ff0000) >> 16);
2490  pMgmt->abyCurrBSSID[2] = (BYTE)((LODWORD(qwCurrTSF)& 0x00000ff0) >> 4);
2491  pMgmt->abyCurrBSSID[1] = (BYTE)((LODWORD(qwCurrTSF)& 0x000ff000) >> 12);
2492  pMgmt->abyCurrBSSID[0] = (BYTE)((LODWORD(qwCurrTSF)& 0x0ff00000) >> 20);
2493  pMgmt->abyCurrBSSID[5] ^= pMgmt->abyMACAddr[0];
2494  pMgmt->abyCurrBSSID[4] ^= pMgmt->abyMACAddr[1];
2495  pMgmt->abyCurrBSSID[3] ^= pMgmt->abyMACAddr[2];
2496  pMgmt->abyCurrBSSID[2] ^= pMgmt->abyMACAddr[3];
2497  pMgmt->abyCurrBSSID[1] ^= pMgmt->abyMACAddr[4];
2498  pMgmt->abyCurrBSSID[0] ^= pMgmt->abyMACAddr[5];
2499  pMgmt->abyCurrBSSID[0] &= ~IEEE_ADDR_GROUP;
2500  pMgmt->abyCurrBSSID[0] |= IEEE_ADDR_UNIVERSAL;
2501 
2502 
2503  DBG_PRT(MSG_LEVEL_INFO, KERN_INFO"Adhoc beacon created bssid:"
2504  "%pM\n", pMgmt->abyCurrBSSID);
2505  }
2506 
2507  // set BSSID filter
2508  MACvWriteBSSIDAddress(pDevice, pMgmt->abyCurrBSSID);
2509  memcpy(pDevice->abyBSSID, pMgmt->abyCurrBSSID, WLAN_ADDR_LEN);
2510 
2511  MACvRegBitsOn(pDevice, MAC_REG_RCR, RCR_BSSID);
2512  pDevice->byRxMode |= RCR_BSSID;
2513  pMgmt->bCurrBSSIDFilterOn = TRUE;
2514 
2515  // Set Capability Info
2516  pMgmt->wCurrCapInfo = 0;
2517 
2518  if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
2519  pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_ESS(1);
2521  pMgmt->byDTIMCount = pMgmt->byDTIMPeriod - 1;
2522  pDevice->eOPMode = OP_MODE_AP;
2523  }
2524 
2525  if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
2526  pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_IBSS(1);
2527  pDevice->eOPMode = OP_MODE_ADHOC;
2528  }
2529 
2530  if (pDevice->bEncryptionEnable) {
2532  if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
2534  pMgmt->byCSSPK = KEY_CTL_CCMP;
2535  pMgmt->byCSSGK = KEY_CTL_CCMP;
2536  } else if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled) {
2537  pMgmt->byCSSPK = KEY_CTL_TKIP;
2538  pMgmt->byCSSGK = KEY_CTL_TKIP;
2539  } else {
2540  pMgmt->byCSSPK = KEY_CTL_NONE;
2541  pMgmt->byCSSGK = KEY_CTL_WEP;
2542  }
2543  } else {
2544  pMgmt->byCSSPK = KEY_CTL_WEP;
2545  pMgmt->byCSSGK = KEY_CTL_WEP;
2546  }
2547  }
2548 
2549  pMgmt->byERPContext = 0;
2550 
2551  if (pDevice->byPreambleType == 1) {
2553  } else {
2555  }
2556 
2557  pMgmt->eCurrState = WMAC_STATE_STARTED;
2558  // Prepare beacon to send
2559  if (bMgrPrepareBeaconToSend((void *) pDevice, pMgmt))
2560  *pStatus = CMD_STATUS_SUCCESS;
2561 
2562  return;
2563 }
2564 
2565 /*+
2566  *
2567  * Routine Description:
2568  * Instructs wmac to join a bss using the supplied attributes.
2569  * The arguments may the BSSID or SSID and the rest of the
2570  * attributes are obtained from the scan result of known bss list.
2571  *
2572  *
2573  * Return Value:
2574  * None.
2575  *
2576 -*/
2577 
2578 void vMgrJoinBSSBegin(void *hDeviceContext, PCMD_STATUS pStatus)
2579 {
2580  PSDevice pDevice = (PSDevice)hDeviceContext;
2581  PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
2582  PKnownBSS pCurr = NULL;
2583  unsigned int ii, uu;
2584  PWLAN_IE_SUPP_RATES pItemRates = NULL;
2585  PWLAN_IE_SUPP_RATES pItemExtRates = NULL;
2586  PWLAN_IE_SSID pItemSSID;
2587  unsigned int uRateLen = WLAN_RATES_MAXLEN;
2588  WORD wMaxBasicRate = RATE_1M;
2589  WORD wMaxSuppRate = RATE_1M;
2590  WORD wSuppRate;
2591  BYTE byTopCCKBasicRate = RATE_1M;
2592  BYTE byTopOFDMBasicRate = RATE_1M;
2593  BOOL bShortSlotTime = FALSE;
2594 
2595 
2596  for (ii = 0; ii < MAX_BSS_NUM; ii++) {
2597  if (pMgmt->sBSSList[ii].bActive == TRUE)
2598  break;
2599  }
2600 
2601  if (ii == MAX_BSS_NUM) {
2602  *pStatus = CMD_STATUS_RESOURCES;
2603  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "BSS finding:BSS list is empty.\n");
2604  return;
2605  }
2606 
2607  // memset(pMgmt->abyDesireBSSID, 0, WLAN_BSSID_LEN);
2608  // Search known BSS list for prefer BSSID or SSID
2609 
2610  pCurr = BSSpSearchBSSList(pDevice,
2611  pMgmt->abyDesireBSSID,
2612  pMgmt->abyDesireSSID,
2613  pDevice->eConfigPHYMode
2614  );
2615 
2616  if (pCurr == NULL){
2617  *pStatus = CMD_STATUS_RESOURCES;
2618  pItemSSID = (PWLAN_IE_SSID)pMgmt->abyDesireSSID;
2619  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Scanning [%s] not found, disconnected !\n", pItemSSID->abySSID);
2620  return;
2621  }
2622 
2623  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "AP(BSS) finding:Found a AP(BSS)..\n");
2624 
2625  if (WLAN_GET_CAP_INFO_ESS(cpu_to_le16(pCurr->wCapInfo))){
2626 
2627  if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
2628  (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK)) {
2629  /*
2630  if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled) {
2631  if (WPA_SearchRSN(0, WPA_TKIP, pCurr) == FALSE) {
2632  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"No match RSN info. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
2633  // encryption mode error
2634  pMgmt->eCurrState = WMAC_STATE_IDLE;
2635  return;
2636  }
2637  } else if (pDevice->eEncryptionStatus == Ndis802_11Encryption3Enabled) {
2638  if (WPA_SearchRSN(0, WPA_AESCCMP, pCurr) == FALSE) {
2639  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"No match RSN info. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
2640  // encryption mode error
2641  pMgmt->eCurrState = WMAC_STATE_IDLE;
2642  return;
2643  }
2644  }
2645 */
2646  }
2647 
2648 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
2649  //if(pDevice->bWPASuppWextEnabled == TRUE)
2650  Encyption_Rebuild(pDevice, pCurr);
2651 #endif
2652 
2653  // Infrastructure BSS
2654  s_vMgrSynchBSS(pDevice,
2656  pCurr,
2657  pStatus
2658  );
2659 
2660  if (*pStatus == CMD_STATUS_SUCCESS){
2661 
2662  // Adopt this BSS state vars in Mgmt Object
2663  pMgmt->uCurrChannel = pCurr->uChannel;
2664 
2667 
2668  if (pCurr->eNetworkTypeInUse == PHY_TYPE_11B) {
2669  uRateLen = WLAN_RATES_MAXLEN_11B;
2670  }
2671 
2672  pItemRates = (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates;
2673  pItemExtRates = (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates;
2674 
2675  // Parse Support Rate IE
2676  pItemRates->byElementID = WLAN_EID_SUPP_RATES;
2677  pItemRates->len = RATEuSetIE((PWLAN_IE_SUPP_RATES)pCurr->abySuppRates,
2678  pItemRates,
2679  uRateLen);
2680 
2681  // Parse Extension Support Rate IE
2682  pItemExtRates->byElementID = WLAN_EID_EXTSUPP_RATES;
2683  pItemExtRates->len = RATEuSetIE((PWLAN_IE_SUPP_RATES)pCurr->abyExtSuppRates,
2684  pItemExtRates,
2685  uRateLen);
2686  // Stuffing Rate IE
2687  if ((pItemExtRates->len > 0) && (pItemRates->len < 8)) {
2688  for (ii = 0; ii < (unsigned int) (8 - pItemRates->len); ) {
2689  pItemRates->abyRates[pItemRates->len + ii] =
2690  pItemExtRates->abyRates[ii];
2691  ii++;
2692  if (pItemExtRates->len <= ii)
2693  break;
2694  }
2695  pItemRates->len += (BYTE)ii;
2696  if (pItemExtRates->len - ii > 0) {
2697  pItemExtRates->len -= (BYTE)ii;
2698  for (uu = 0; uu < pItemExtRates->len; uu ++) {
2699  pItemExtRates->abyRates[uu] = pItemExtRates->abyRates[uu + ii];
2700  }
2701  } else {
2702  pItemExtRates->len = 0;
2703  }
2704  }
2705 
2706  RATEvParseMaxRate((void *)pDevice, pItemRates, pItemExtRates, TRUE,
2707  &wMaxBasicRate, &wMaxSuppRate, &wSuppRate,
2708  &byTopCCKBasicRate, &byTopOFDMBasicRate);
2709  vUpdateIFS(pDevice);
2710  // TODO: deal with if wCapInfo the privacy is on, but station WEP is off
2711  // TODO: deal with if wCapInfo the PS-Pollable is on.
2712  pMgmt->wCurrBeaconPeriod = pCurr->wBeaconInterval;
2714  memcpy(pMgmt->abyCurrBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2715  memcpy(pMgmt->abyCurrSSID, pCurr->abySSID, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN + 1);
2716 
2717  pMgmt->eCurrMode = WMAC_MODE_ESS_STA;
2718 
2719  pMgmt->eCurrState = WMAC_STATE_JOINTED;
2720  // Adopt BSS state in Adapter Device Object
2721  pDevice->eOPMode = OP_MODE_INFRASTRUCTURE;
2722  memcpy(pDevice->abyBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2723 
2724  // Add current BSS to Candidate list
2725  // This should only work for WPA2 BSS, and WPA2 BSS check must be done before.
2726  if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
2727  BOOL bResult = bAdd_PMKID_Candidate((void *) pDevice,
2728  pMgmt->abyCurrBSSID,
2729  &pCurr->sRSNCapObj);
2730  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"bAdd_PMKID_Candidate: 1(%d)\n", bResult);
2731  if (bResult == FALSE) {
2732  vFlush_PMKID_Candidate((void *) pDevice);
2734  KERN_INFO "vFlush_PMKID_Candidate: 4\n");
2735  bAdd_PMKID_Candidate((void *) pDevice,
2736  pMgmt->abyCurrBSSID,
2737  &pCurr->sRSNCapObj);
2738  }
2739  }
2740 
2741  // Preamble type auto-switch: if AP can receive short-preamble cap,
2742  // we can turn on too.
2743  if (WLAN_GET_CAP_INFO_SHORTPREAMBLE(pCurr->wCapInfo)) {
2744  pDevice->byPreambleType = pDevice->byShortPreamble;
2745  }
2746  else {
2747  pDevice->byPreambleType = 0;
2748  }
2749  // Change PreambleType must set RSPINF again
2750  CARDvSetRSPINF(pDevice, (BYTE)pDevice->byBBType);
2751 
2752  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Join ESS\n");
2753 
2754  if (pCurr->eNetworkTypeInUse == PHY_TYPE_11G) {
2755 
2756  if ((pCurr->sERP.byERP & WLAN_EID_ERP_USE_PROTECTION) != pDevice->bProtectMode) {//0000 0010
2757  pDevice->bProtectMode = (pCurr->sERP.byERP & WLAN_EID_ERP_USE_PROTECTION);
2758  if (pDevice->bProtectMode) {
2759  MACvEnableProtectMD(pDevice);
2760  } else {
2761  MACvDisableProtectMD(pDevice);
2762  }
2763  vUpdateIFS(pDevice);
2764  }
2765  if ((pCurr->sERP.byERP & WLAN_EID_ERP_NONERP_PRESENT) != pDevice->bNonERPPresent) {//0000 0001
2766  pDevice->bNonERPPresent = (pCurr->sERP.byERP & WLAN_EID_ERP_USE_PROTECTION);
2767  }
2768  if ((pCurr->sERP.byERP & WLAN_EID_ERP_BARKER_MODE) != pDevice->bBarkerPreambleMd) {//0000 0100
2769  pDevice->bBarkerPreambleMd = (pCurr->sERP.byERP & WLAN_EID_ERP_BARKER_MODE);
2770  //BarkerPreambleMd has higher priority than shortPreamble bit in Cap
2771  if (pDevice->bBarkerPreambleMd) {
2772  MACvEnableBarkerPreambleMd(pDevice);
2773  } else {
2774  MACvDisableBarkerPreambleMd(pDevice);
2775  }
2776  }
2777  }
2778  //DBG_PRN_WLAN05(("wCapInfo: %X\n", pCurr->wCapInfo));
2779  if (WLAN_GET_CAP_INFO_SHORTSLOTTIME(pCurr->wCapInfo) != pDevice->bShortSlotTime) {
2780  if (pDevice->byBBType == BB_TYPE_11A) {
2781  bShortSlotTime = TRUE;
2782  }
2783  else if (pDevice->byBBType == BB_TYPE_11B) {
2784  bShortSlotTime = FALSE;
2785  }
2786  else {
2787  bShortSlotTime = WLAN_GET_CAP_INFO_SHORTSLOTTIME(pCurr->wCapInfo);
2788  }
2789  //DBG_PRN_WLAN05(("Set Short Slot Time: %d\n", pDevice->bShortSlotTime));
2790  if (bShortSlotTime != pDevice->bShortSlotTime) {
2791  pDevice->bShortSlotTime = bShortSlotTime;
2792  BBvSetShortSlotTime(pDevice);
2793  vUpdateIFS(pDevice);
2794  }
2795  }
2796 
2797  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"End of Join AP -- A/B/G Action\n");
2798  }
2799  else {
2800  pMgmt->eCurrState = WMAC_STATE_IDLE;
2801  };
2802 
2803 
2804  }
2805  else {
2806  // ad-hoc mode BSS
2807  if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
2808 
2810 /*
2811  if (WPA_SearchRSN(0, WPA_TKIP, pCurr) == FALSE) {
2812  // encryption mode error
2813  pMgmt->eCurrState = WMAC_STATE_IDLE;
2814  return;
2815  }
2816 */
2817  } else if (pDevice->eEncryptionStatus == Ndis802_11Encryption3Enabled) {
2818 /*
2819  if (WPA_SearchRSN(0, WPA_AESCCMP, pCurr) == FALSE) {
2820  // encryption mode error
2821  pMgmt->eCurrState = WMAC_STATE_IDLE;
2822  return;
2823  }
2824 */
2825  } else {
2826  // encryption mode error
2827  pMgmt->eCurrState = WMAC_STATE_IDLE;
2828  return;
2829  }
2830  }
2831 
2832  s_vMgrSynchBSS(pDevice,
2834  pCurr,
2835  pStatus
2836  );
2837 
2838  if (*pStatus == CMD_STATUS_SUCCESS){
2839  // Adopt this BSS state vars in Mgmt Object
2840  // TODO: check if CapInfo privacy on, but we don't..
2841  pMgmt->uCurrChannel = pCurr->uChannel;
2842 
2843 
2844  // Parse Support Rate IE
2846  pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)pCurr->abySuppRates,
2849  // set basic rate
2850  RATEvParseMaxRate((void *)pDevice,
2852  NULL, TRUE, &wMaxBasicRate, &wMaxSuppRate, &wSuppRate,
2853  &byTopCCKBasicRate, &byTopOFDMBasicRate);
2854  vUpdateIFS(pDevice);
2855  pMgmt->wCurrCapInfo = pCurr->wCapInfo;
2856  pMgmt->wCurrBeaconPeriod = pCurr->wBeaconInterval;
2858  memcpy(pMgmt->abyCurrBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2859  memcpy(pMgmt->abyCurrSSID, pCurr->abySSID, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN);
2860 // pMgmt->wCurrATIMWindow = pCurr->wATIMWindow;
2861  pMgmt->eCurrMode = WMAC_MODE_IBSS_STA;
2862  pMgmt->eCurrState = WMAC_STATE_STARTED;
2863  // Adopt BSS state in Adapter Device Object
2864  pDevice->eOPMode = OP_MODE_ADHOC;
2865  pDevice->bLinkPass = TRUE;
2867  memcpy(pDevice->abyBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2868 
2869  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Join IBSS ok:%pM\n",
2870  pMgmt->abyCurrBSSID);
2871  // Preamble type auto-switch: if AP can receive short-preamble cap,
2872  // and if registry setting is short preamble we can turn on too.
2873 
2874  if (WLAN_GET_CAP_INFO_SHORTPREAMBLE(pCurr->wCapInfo)) {
2875  pDevice->byPreambleType = pDevice->byShortPreamble;
2876  }
2877  else {
2878  pDevice->byPreambleType = 0;
2879  }
2880  // Change PreambleType must set RSPINF again
2881  CARDvSetRSPINF(pDevice, (BYTE)pDevice->byBBType);
2882 
2883  // Prepare beacon
2884  bMgrPrepareBeaconToSend((void *) pDevice, pMgmt);
2885  }
2886  else {
2887  pMgmt->eCurrState = WMAC_STATE_IDLE;
2888  };
2889  };
2890  return;
2891 }
2892 
2893 
2894 
2895 /*+
2896  *
2897  * Routine Description:
2898  * Set HW to synchronize a specific BSS from known BSS list.
2899  *
2900  *
2901  * Return Value:
2902  * PCM_STATUS
2903  *
2904 -*/
2905 static
2906 void
2907 s_vMgrSynchBSS (
2908  PSDevice pDevice,
2909  unsigned int uBSSMode,
2910  PKnownBSS pCurr,
2911  PCMD_STATUS pStatus
2912  )
2913 {
2914  PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
2915  //1M, 2M, 5M, 11M, 18M, 24M, 36M, 54M
2916  BYTE abyCurrSuppRatesG[] = {WLAN_EID_SUPP_RATES, 8, 0x02, 0x04, 0x0B, 0x16, 0x24, 0x30, 0x48, 0x6C};
2917  BYTE abyCurrExtSuppRatesG[] = {WLAN_EID_EXTSUPP_RATES, 4, 0x0C, 0x12, 0x18, 0x60};
2918  //6M, 9M, 12M, 48M
2919  BYTE abyCurrSuppRatesA[] = {WLAN_EID_SUPP_RATES, 8, 0x0C, 0x12, 0x18, 0x24, 0x30, 0x48, 0x60, 0x6C};
2920  BYTE abyCurrSuppRatesB[] = {WLAN_EID_SUPP_RATES, 4, 0x02, 0x04, 0x0B, 0x16};
2921 
2922 
2923  *pStatus = CMD_STATUS_FAILURE;
2924 
2925  if (s_bCipherMatch(pCurr,
2926  pDevice->eEncryptionStatus,
2927  &(pMgmt->byCSSPK),
2928  &(pMgmt->byCSSGK)) == FALSE) {
2929  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "s_bCipherMatch Fail .......\n");
2930  return;
2931  }
2932 
2933  pMgmt->pCurrBSS = pCurr;
2934 
2935  // if previous mode is IBSS.
2936  if(pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
2938  }
2939 
2940  // Init the BSS informations
2941  pDevice->bCCK = TRUE;
2942  pDevice->bProtectMode = FALSE;
2943  MACvDisableProtectMD(pDevice);
2944  pDevice->bBarkerPreambleMd = FALSE;
2945  MACvDisableBarkerPreambleMd(pDevice);
2946  pDevice->bNonERPPresent = FALSE;
2947  pDevice->byPreambleType = 0;
2948  pDevice->wBasicRate = 0;
2949  // Set Basic Rate
2950  CARDbAddBasicRate((void *)pDevice, RATE_1M);
2951 
2952  // calculate TSF offset
2953  // TSF Offset = Received Timestamp TSF - Marked Local's TSF
2954  CARDvAdjustTSF(pDevice, pCurr->byRxRate, pCurr->qwBSSTimestamp, pCurr->qwLocalTSF);
2955 
2956  // set HW beacon interval
2957  MACvWriteBeaconInterval(pDevice, pCurr->wBeaconInterval);
2958 
2959  // set Next TBTT
2960  // Next TBTT = ((local_current_TSF / beacon_interval) + 1 ) * beacon_interval
2961  CARDvSetFirstNextTBTT(pDevice, pCurr->wBeaconInterval);
2962 
2963  // set BSSID
2964  MACvWriteBSSIDAddress(pDevice, pCurr->abyBSSID);
2965 
2966  memcpy(pMgmt->abyCurrBSSID, pCurr->abyBSSID, 6);
2967 
2968  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Sync:set CurrBSSID address = "
2969  "%pM\n", pMgmt->abyCurrBSSID);
2970 
2971  if (pCurr->eNetworkTypeInUse == PHY_TYPE_11A) {
2972  if ((pDevice->eConfigPHYMode == PHY_TYPE_11A) ||
2973  (pDevice->eConfigPHYMode == PHY_TYPE_AUTO)) {
2974  pDevice->byBBType = BB_TYPE_11A;
2975  pMgmt->eCurrentPHYMode = PHY_TYPE_11A;
2976  pDevice->bShortSlotTime = TRUE;
2977  BBvSetShortSlotTime(pDevice);
2978  CARDvSetBSSMode(pDevice);
2979  } else {
2980  return;
2981  }
2982  } else if (pCurr->eNetworkTypeInUse == PHY_TYPE_11B) {
2983  if ((pDevice->eConfigPHYMode == PHY_TYPE_11B) ||
2984  (pDevice->eConfigPHYMode == PHY_TYPE_11G) ||
2985  (pDevice->eConfigPHYMode == PHY_TYPE_AUTO)) {
2986  pDevice->byBBType = BB_TYPE_11B;
2987  pMgmt->eCurrentPHYMode = PHY_TYPE_11B;
2988  pDevice->bShortSlotTime = FALSE;
2989  BBvSetShortSlotTime(pDevice);
2990  CARDvSetBSSMode(pDevice);
2991  } else {
2992  return;
2993  }
2994  } else {
2995  if ((pDevice->eConfigPHYMode == PHY_TYPE_11G) ||
2996  (pDevice->eConfigPHYMode == PHY_TYPE_AUTO)) {
2997  pDevice->byBBType = BB_TYPE_11G;
2998  pMgmt->eCurrentPHYMode = PHY_TYPE_11G;
2999  pDevice->bShortSlotTime = TRUE;
3000  BBvSetShortSlotTime(pDevice);
3001  CARDvSetBSSMode(pDevice);
3002  } else if (pDevice->eConfigPHYMode == PHY_TYPE_11B) {
3003  pDevice->byBBType = BB_TYPE_11B;
3004  pDevice->bShortSlotTime = FALSE;
3005  BBvSetShortSlotTime(pDevice);
3006  CARDvSetBSSMode(pDevice);
3007  } else {
3008  return;
3009  }
3010  }
3011 
3012  if (uBSSMode == WMAC_MODE_ESS_STA) {
3014  MACvRegBitsOn(pDevice, MAC_REG_RCR, RCR_BSSID);
3015  pDevice->byRxMode |= RCR_BSSID;
3016  pMgmt->bCurrBSSIDFilterOn = TRUE;
3017  }
3018 
3019  // set channel and clear NAV
3020  CARDbSetMediaChannel(pDevice, pCurr->uChannel);
3021  pMgmt->uCurrChannel = pCurr->uChannel;
3022  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "<----s_bSynchBSS Set Channel [%d]\n", pCurr->uChannel);
3023 
3024  if ((pDevice->bUpdateBBVGA) &&
3025  (pDevice->byBBVGACurrent != pDevice->abyBBVGA[0])) {
3026  pDevice->byBBVGACurrent = pDevice->abyBBVGA[0];
3027  BBvSetVGAGainOffset(pDevice, pDevice->byBBVGACurrent);
3028  BBvSetShortSlotTime(pDevice);
3029  }
3030  //
3031  // Notes:
3032  // 1. In Ad-hoc mode : check if received others beacon as jointed indication,
3033  // otherwise we will start own IBSS.
3034  // 2. In Infra mode : Supposed we already synchronized with AP right now.
3035 
3036  if (uBSSMode == WMAC_MODE_IBSS_STA) {
3038  MACvRegBitsOn(pDevice, MAC_REG_RCR, RCR_BSSID);
3039  pDevice->byRxMode |= RCR_BSSID;
3040  pMgmt->bCurrBSSIDFilterOn = TRUE;
3041  }
3042 
3043  if (pDevice->byBBType == BB_TYPE_11A) {
3044  memcpy(pMgmt->abyCurrSuppRates, &abyCurrSuppRatesA[0], sizeof(abyCurrSuppRatesA));
3045  pMgmt->abyCurrExtSuppRates[1] = 0;
3046  } else if (pDevice->byBBType == BB_TYPE_11B) {
3047  memcpy(pMgmt->abyCurrSuppRates, &abyCurrSuppRatesB[0], sizeof(abyCurrSuppRatesB));
3048  pMgmt->abyCurrExtSuppRates[1] = 0;
3049  } else {
3050  memcpy(pMgmt->abyCurrSuppRates, &abyCurrSuppRatesG[0], sizeof(abyCurrSuppRatesG));
3051  memcpy(pMgmt->abyCurrExtSuppRates, &abyCurrExtSuppRatesG[0], sizeof(abyCurrExtSuppRatesG));
3052  }
3053  pMgmt->byERPContext = pCurr->sERP.byERP;
3054 
3055  *pStatus = CMD_STATUS_SUCCESS;
3056 
3057  return;
3058 };
3059 
3060 
3061 //mike add: fix NetworkManager 0.7.0 hidden ssid mode in WPA encryption
3062 // ,need reset eAuthenMode and eEncryptionStatus
3063  static void Encyption_Rebuild(
3064  PSDevice pDevice,
3065  PKnownBSS pCurr
3066  )
3067  {
3068  PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
3069  /* unsigned int ii, uSameBssidNum=0; */
3070 
3071  // if( uSameBssidNum>=2) { //we only check AP in hidden sssid mode
3072  if ((pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || //networkmanager 0.7.0 does not give the pairwise-key selsection,
3073  (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { // so we need re-selsect it according to real pairwise-key info.
3074  if(pCurr->bWPAValid == TRUE) { //WPA-PSK
3075  pMgmt->eAuthenMode = WMAC_AUTH_WPAPSK;
3076  if(pCurr->abyPKType[0] == WPA_TKIP) {
3078  PRINT_K("Encyption_Rebuild--->ssid reset config to [WPAPSK-TKIP]\n");
3079  }
3080  else if(pCurr->abyPKType[0] == WPA_AESCCMP) {
3082  PRINT_K("Encyption_Rebuild--->ssid reset config to [WPAPSK-AES]\n");
3083  }
3084  }
3085  else if(pCurr->bWPA2Valid == TRUE) { //WPA2-PSK
3086  pMgmt->eAuthenMode = WMAC_AUTH_WPA2PSK;
3087  if(pCurr->abyCSSPK[0] == WLAN_11i_CSS_TKIP) {
3089  PRINT_K("Encyption_Rebuild--->ssid reset config to [WPA2PSK-TKIP]\n");
3090  }
3091  else if(pCurr->abyCSSPK[0] == WLAN_11i_CSS_CCMP) {
3093  PRINT_K("Encyption_Rebuild--->ssid reset config to [WPA2PSK-AES]\n");
3094  }
3095  }
3096  }
3097  // }
3098  return;
3099  }
3100 
3101 
3102 /*+
3103  *
3104  * Routine Description:
3105  * Format TIM field
3106  *
3107  *
3108  * Return Value:
3109  * void
3110  *
3111 -*/
3112 
3113 static
3114 void
3115 s_vMgrFormatTIM(
3116  PSMgmtObject pMgmt,
3117  PWLAN_IE_TIM pTIM
3118  )
3119 {
3120  BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
3121  BYTE byMap;
3122  unsigned int ii, jj;
3123  BOOL bStartFound = FALSE;
3124  BOOL bMulticast = FALSE;
3125  WORD wStartIndex = 0;
3126  WORD wEndIndex = 0;
3127 
3128 
3129  // Find size of partial virtual bitmap
3130  for (ii = 0; ii < (MAX_NODE_NUM + 1); ii++) {
3131  byMap = pMgmt->abyPSTxMap[ii];
3132  if (!ii) {
3133  // Mask out the broadcast bit which is indicated separately.
3134  bMulticast = (byMap & byMask[0]) != 0;
3135  if(bMulticast) {
3136  pMgmt->sNodeDBTable[0].bRxPSPoll = TRUE;
3137  }
3138  byMap = 0;
3139  }
3140  if (byMap) {
3141  if (!bStartFound) {
3142  bStartFound = TRUE;
3143  wStartIndex = (WORD)ii;
3144  }
3145  wEndIndex = (WORD)ii;
3146  }
3147  }
3148 
3149 
3150  // Round start index down to nearest even number
3151  wStartIndex &= ~BIT0;
3152 
3153  // Round end index up to nearest even number
3154  wEndIndex = ((wEndIndex + 1) & ~BIT0);
3155 
3156  // Size of element payload
3157 
3158  pTIM->len = 3 + (wEndIndex - wStartIndex) + 1;
3159 
3160  // Fill in the Fixed parts of the TIM
3161  pTIM->byDTIMCount = pMgmt->byDTIMCount;
3162  pTIM->byDTIMPeriod = pMgmt->byDTIMPeriod;
3163  pTIM->byBitMapCtl = (bMulticast ? TIM_MULTICAST_MASK : 0) |
3164  (((wStartIndex >> 1) << 1) & TIM_BITMAPOFFSET_MASK);
3165 
3166  // Append variable part of TIM
3167 
3168  for (ii = wStartIndex, jj =0 ; ii <= wEndIndex; ii++, jj++) {
3169  pTIM->byVirtBitMap[jj] = pMgmt->abyPSTxMap[ii];
3170  }
3171 
3172  // Aid = 0 don't used.
3173  pTIM->byVirtBitMap[0] &= ~BIT0;
3174 }
3175 
3176 
3177 /*+
3178  *
3179  * Routine Description:
3180  * Constructs an Beacon frame( Ad-hoc mode)
3181  *
3182  *
3183  * Return Value:
3184  * PTR to frame; or NULL on allocation failure
3185  *
3186 -*/
3187 
3188 static
3190 s_MgrMakeBeacon(
3191  PSDevice pDevice,
3192  PSMgmtObject pMgmt,
3193  WORD wCurrCapInfo,
3194  WORD wCurrBeaconPeriod,
3195  unsigned int uCurrChannel,
3196  WORD wCurrATIMWinodw,
3197  PWLAN_IE_SSID pCurrSSID,
3198  PBYTE pCurrBSSID,
3199  PWLAN_IE_SUPP_RATES pCurrSuppRates,
3200  PWLAN_IE_SUPP_RATES pCurrExtSuppRates
3201  )
3202 {
3203  PSTxMgmtPacket pTxPacket = NULL;
3204  WLAN_FR_BEACON sFrame;
3205  BYTE abyBroadcastAddr[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
3206 
3207 
3208  // prepare beacon frame
3209  pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3210  memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_BEACON_FR_MAXLEN);
3211  pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3212  // Setup the sFrame structure.
3213  sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3214  sFrame.len = WLAN_BEACON_FR_MAXLEN;
3215  vMgrEncodeBeacon(&sFrame);
3216  // Setup the header
3217  sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
3218  (
3221  ));
3222 
3223  if (pDevice->bEnablePSMode) {
3224  sFrame.pHdr->sA3.wFrameCtl |= cpu_to_le16((WORD)WLAN_SET_FC_PWRMGT(1));
3225  }
3226 
3227  memcpy( sFrame.pHdr->sA3.abyAddr1, abyBroadcastAddr, WLAN_ADDR_LEN);
3228  memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
3229  memcpy( sFrame.pHdr->sA3.abyAddr3, pCurrBSSID, WLAN_BSSID_LEN);
3230  *sFrame.pwBeaconInterval = cpu_to_le16(wCurrBeaconPeriod);
3231  *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
3232  // Copy SSID
3233  sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
3234  sFrame.len += ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len + WLAN_IEHDR_LEN;
3235  memcpy(sFrame.pSSID,
3236  pCurrSSID,
3237  ((PWLAN_IE_SSID)pCurrSSID)->len + WLAN_IEHDR_LEN
3238  );
3239  // Copy the rate set
3240  sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3241  sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
3242  memcpy(sFrame.pSuppRates,
3243  pCurrSuppRates,
3244  ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
3245  );
3246  // DS parameter
3247  if (pDevice->byBBType != BB_TYPE_11A) {
3248  sFrame.pDSParms = (PWLAN_IE_DS_PARMS)(sFrame.pBuf + sFrame.len);
3249  sFrame.len += (1) + WLAN_IEHDR_LEN;
3250  sFrame.pDSParms->byElementID = WLAN_EID_DS_PARMS;
3251  sFrame.pDSParms->len = 1;
3252  sFrame.pDSParms->byCurrChannel = (BYTE)uCurrChannel;
3253  }
3254  // TIM field
3255  if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
3256  sFrame.pTIM = (PWLAN_IE_TIM)(sFrame.pBuf + sFrame.len);
3257  sFrame.pTIM->byElementID = WLAN_EID_TIM;
3258  s_vMgrFormatTIM(pMgmt, sFrame.pTIM);
3259  sFrame.len += (WLAN_IEHDR_LEN + sFrame.pTIM->len);
3260  }
3261 
3262  if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
3263 
3264  // IBSS parameter
3265  sFrame.pIBSSParms = (PWLAN_IE_IBSS_PARMS)(sFrame.pBuf + sFrame.len);
3266  sFrame.len += (2) + WLAN_IEHDR_LEN;
3267  sFrame.pIBSSParms->byElementID = WLAN_EID_IBSS_PARMS;
3268  sFrame.pIBSSParms->len = 2;
3269  sFrame.pIBSSParms->wATIMWindow = wCurrATIMWinodw;
3270  if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
3271  /* RSN parameter */
3272  sFrame.pRSNWPA = (PWLAN_IE_RSN_EXT)(sFrame.pBuf + sFrame.len);
3274  sFrame.pRSNWPA->len = 12;
3275  sFrame.pRSNWPA->abyOUI[0] = 0x00;
3276  sFrame.pRSNWPA->abyOUI[1] = 0x50;
3277  sFrame.pRSNWPA->abyOUI[2] = 0xf2;
3278  sFrame.pRSNWPA->abyOUI[3] = 0x01;
3279  sFrame.pRSNWPA->wVersion = 1;
3280  sFrame.pRSNWPA->abyMulticast[0] = 0x00;
3281  sFrame.pRSNWPA->abyMulticast[1] = 0x50;
3282  sFrame.pRSNWPA->abyMulticast[2] = 0xf2;
3284  sFrame.pRSNWPA->abyMulticast[3] = 0x04;//AES
3285  else if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled)
3286  sFrame.pRSNWPA->abyMulticast[3] = 0x02;//TKIP
3287  else if (pDevice->eEncryptionStatus == Ndis802_11Encryption1Enabled)
3288  sFrame.pRSNWPA->abyMulticast[3] = 0x01;//WEP40
3289  else
3290  sFrame.pRSNWPA->abyMulticast[3] = 0x00;//NONE
3291 
3292  // Pairwise Key Cipher Suite
3293  sFrame.pRSNWPA->wPKCount = 0;
3294  // Auth Key Management Suite
3295  *((PWORD)(sFrame.pBuf + sFrame.len + sFrame.pRSNWPA->len))=0;
3296  sFrame.pRSNWPA->len +=2;
3297 
3298  // RSN Capabilites
3299  *((PWORD)(sFrame.pBuf + sFrame.len + sFrame.pRSNWPA->len))=0;
3300  sFrame.pRSNWPA->len +=2;
3301  sFrame.len += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3302  }
3303  }
3304 
3305 
3306  if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
3307  sFrame.pERP = (PWLAN_IE_ERP)(sFrame.pBuf + sFrame.len);
3308  sFrame.len += 1 + WLAN_IEHDR_LEN;
3309  sFrame.pERP->byElementID = WLAN_EID_ERP;
3310  sFrame.pERP->len = 1;
3311  sFrame.pERP->byContext = 0;
3312  if (pDevice->bProtectMode == TRUE)
3313  sFrame.pERP->byContext |= WLAN_EID_ERP_USE_PROTECTION;
3314  if (pDevice->bNonERPPresent == TRUE)
3315  sFrame.pERP->byContext |= WLAN_EID_ERP_NONERP_PRESENT;
3316  if (pDevice->bBarkerPreambleMd == TRUE)
3317  sFrame.pERP->byContext |= WLAN_EID_ERP_BARKER_MODE;
3318  }
3319  if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
3320  sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3321  sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
3322  memcpy(sFrame.pExtSuppRates,
3323  pCurrExtSuppRates,
3324  ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
3325  );
3326  }
3327  // hostapd wpa/wpa2 IE
3328  if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnableHostapd == TRUE)) {
3329  if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
3330  if (pMgmt->wWPAIELen != 0) {
3331  sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
3332  memcpy(sFrame.pRSN, pMgmt->abyWPAIE, pMgmt->wWPAIELen);
3333  sFrame.len += pMgmt->wWPAIELen;
3334  }
3335  }
3336  }
3337 
3338  /* Adjust the length fields */
3339  pTxPacket->cbMPDULen = sFrame.len;
3340  pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
3341 
3342  return pTxPacket;
3343 }
3344 
3345 
3346 
3347 
3348 
3349 /*+
3350  *
3351  * Routine Description:
3352  * Constructs an Prob-response frame
3353  *
3354  *
3355  * Return Value:
3356  * PTR to frame; or NULL on allocation failure
3357  *
3358 -*/
3359 
3360 
3361 
3362 
3364 s_MgrMakeProbeResponse(
3365  PSDevice pDevice,
3366  PSMgmtObject pMgmt,
3367  WORD wCurrCapInfo,
3368  WORD wCurrBeaconPeriod,
3369  unsigned int uCurrChannel,
3370  WORD wCurrATIMWinodw,
3371  PBYTE pDstAddr,
3372  PWLAN_IE_SSID pCurrSSID,
3373  PBYTE pCurrBSSID,
3374  PWLAN_IE_SUPP_RATES pCurrSuppRates,
3375  PWLAN_IE_SUPP_RATES pCurrExtSuppRates,
3376  BYTE byPHYType
3377  )
3378 {
3379  PSTxMgmtPacket pTxPacket = NULL;
3380  WLAN_FR_PROBERESP sFrame;
3381 
3382 
3383 
3384  pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3385  memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_PROBERESP_FR_MAXLEN);
3386  pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3387  // Setup the sFrame structure.
3388  sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3389  sFrame.len = WLAN_PROBERESP_FR_MAXLEN;
3390  vMgrEncodeProbeResponse(&sFrame);
3391  // Setup the header
3392  sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
3393  (
3396  ));
3397  memcpy( sFrame.pHdr->sA3.abyAddr1, pDstAddr, WLAN_ADDR_LEN);
3398  memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
3399  memcpy( sFrame.pHdr->sA3.abyAddr3, pCurrBSSID, WLAN_BSSID_LEN);
3400  *sFrame.pwBeaconInterval = cpu_to_le16(wCurrBeaconPeriod);
3401  *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
3402 
3403  if (byPHYType == BB_TYPE_11B) {
3405  }
3406 
3407  // Copy SSID
3408  sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
3409  sFrame.len += ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len + WLAN_IEHDR_LEN;
3410  memcpy(sFrame.pSSID,
3411  pCurrSSID,
3412  ((PWLAN_IE_SSID)pCurrSSID)->len + WLAN_IEHDR_LEN
3413  );
3414  // Copy the rate set
3415  sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3416 
3417  sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
3418  memcpy(sFrame.pSuppRates,
3419  pCurrSuppRates,
3420  ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
3421  );
3422 
3423  // DS parameter
3424  if (pDevice->byBBType != BB_TYPE_11A) {
3425  sFrame.pDSParms = (PWLAN_IE_DS_PARMS)(sFrame.pBuf + sFrame.len);
3426  sFrame.len += (1) + WLAN_IEHDR_LEN;
3427  sFrame.pDSParms->byElementID = WLAN_EID_DS_PARMS;
3428  sFrame.pDSParms->len = 1;
3429  sFrame.pDSParms->byCurrChannel = (BYTE)uCurrChannel;
3430  }
3431 
3432  if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP) {
3433  // IBSS parameter
3434  sFrame.pIBSSParms = (PWLAN_IE_IBSS_PARMS)(sFrame.pBuf + sFrame.len);
3435  sFrame.len += (2) + WLAN_IEHDR_LEN;
3436  sFrame.pIBSSParms->byElementID = WLAN_EID_IBSS_PARMS;
3437  sFrame.pIBSSParms->len = 2;
3438  sFrame.pIBSSParms->wATIMWindow = 0;
3439  }
3440  if (pDevice->byBBType == BB_TYPE_11G) {
3441  sFrame.pERP = (PWLAN_IE_ERP)(sFrame.pBuf + sFrame.len);
3442  sFrame.len += 1 + WLAN_IEHDR_LEN;
3443  sFrame.pERP->byElementID = WLAN_EID_ERP;
3444  sFrame.pERP->len = 1;
3445  sFrame.pERP->byContext = 0;
3446  if (pDevice->bProtectMode == TRUE)
3447  sFrame.pERP->byContext |= WLAN_EID_ERP_USE_PROTECTION;
3448  if (pDevice->bNonERPPresent == TRUE)
3449  sFrame.pERP->byContext |= WLAN_EID_ERP_NONERP_PRESENT;
3450  if (pDevice->bBarkerPreambleMd == TRUE)
3451  sFrame.pERP->byContext |= WLAN_EID_ERP_BARKER_MODE;
3452  }
3453 
3454  if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
3455  sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3456  sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
3457  memcpy(sFrame.pExtSuppRates,
3458  pCurrExtSuppRates,
3459  ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
3460  );
3461  }
3462 
3463  // hostapd wpa/wpa2 IE
3464  if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnableHostapd == TRUE)) {
3465  if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
3466  if (pMgmt->wWPAIELen != 0) {
3467  sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
3468  memcpy(sFrame.pRSN, pMgmt->abyWPAIE, pMgmt->wWPAIELen);
3469  sFrame.len += pMgmt->wWPAIELen;
3470  }
3471  }
3472  }
3473 
3474  // Adjust the length fields
3475  pTxPacket->cbMPDULen = sFrame.len;
3476  pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
3477 
3478  return pTxPacket;
3479 }
3480 
3481 
3482 
3483 /*+
3484  *
3485  * Routine Description:
3486  * Constructs an association request frame
3487  *
3488  *
3489  * Return Value:
3490  * A ptr to frame or NULL on allocation failue
3491  *
3492 -*/
3493 
3494 
3496 s_MgrMakeAssocRequest(
3497  PSDevice pDevice,
3498  PSMgmtObject pMgmt,
3499  PBYTE pDAddr,
3500  WORD wCurrCapInfo,
3501  WORD wListenInterval,
3502  PWLAN_IE_SSID pCurrSSID,
3503  PWLAN_IE_SUPP_RATES pCurrRates,
3504  PWLAN_IE_SUPP_RATES pCurrExtSuppRates
3505  )
3506 {
3507  PSTxMgmtPacket pTxPacket = NULL;
3508  WLAN_FR_ASSOCREQ sFrame;
3509  PBYTE pbyIEs;
3510  PBYTE pbyRSN;
3511 
3512 
3513  pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3514  memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_ASSOCREQ_FR_MAXLEN);
3515  pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3516  // Setup the sFrame structure.
3517  sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3518  sFrame.len = WLAN_ASSOCREQ_FR_MAXLEN;
3519  // format fixed field frame structure
3520  vMgrEncodeAssocRequest(&sFrame);
3521  // Setup the header
3522  sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
3523  (
3526  ));
3527  memcpy( sFrame.pHdr->sA3.abyAddr1, pDAddr, WLAN_ADDR_LEN);
3528  memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
3529  memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
3530 
3531  // Set the capability and listen interval
3532  *(sFrame.pwCapInfo) = cpu_to_le16(wCurrCapInfo);
3533  *(sFrame.pwListenInterval) = cpu_to_le16(wListenInterval);
3534 
3535  // sFrame.len point to end of fixed field
3536  sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
3537  sFrame.len += pCurrSSID->len + WLAN_IEHDR_LEN;
3538  memcpy(sFrame.pSSID, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
3539 
3540  pMgmt->sAssocInfo.AssocInfo.RequestIELength = pCurrSSID->len + WLAN_IEHDR_LEN;
3542  pbyIEs = pMgmt->sAssocInfo.abyIEs;
3543  memcpy(pbyIEs, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
3544  pbyIEs += pCurrSSID->len + WLAN_IEHDR_LEN;
3545 
3546  // Copy the rate set
3547  sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3548  if ((pDevice->byBBType == BB_TYPE_11B) && (pCurrRates->len > 4))
3549  sFrame.len += 4 + WLAN_IEHDR_LEN;
3550  else
3551  sFrame.len += pCurrRates->len + WLAN_IEHDR_LEN;
3552  memcpy(sFrame.pSuppRates, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
3553 
3554  // Copy the extension rate set
3555  if ((pDevice->byBBType == BB_TYPE_11G) && (pCurrExtSuppRates->len > 0)) {
3556  sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3557  sFrame.len += pCurrExtSuppRates->len + WLAN_IEHDR_LEN;
3558  memcpy(sFrame.pExtSuppRates, pCurrExtSuppRates, pCurrExtSuppRates->len + WLAN_IEHDR_LEN);
3559  }
3560 
3561  pMgmt->sAssocInfo.AssocInfo.RequestIELength += pCurrRates->len + WLAN_IEHDR_LEN;
3562  memcpy(pbyIEs, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
3563  pbyIEs += pCurrRates->len + WLAN_IEHDR_LEN;
3564 
3565 
3566  if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
3567  (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
3568  (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE)) &&
3569  (pMgmt->pCurrBSS != NULL)) {
3570  /* WPA IE */
3571  sFrame.pRSNWPA = (PWLAN_IE_RSN_EXT)(sFrame.pBuf + sFrame.len);
3573  sFrame.pRSNWPA->len = 16;
3574  sFrame.pRSNWPA->abyOUI[0] = 0x00;
3575  sFrame.pRSNWPA->abyOUI[1] = 0x50;
3576  sFrame.pRSNWPA->abyOUI[2] = 0xf2;
3577  sFrame.pRSNWPA->abyOUI[3] = 0x01;
3578  sFrame.pRSNWPA->wVersion = 1;
3579  //Group Key Cipher Suite
3580  sFrame.pRSNWPA->abyMulticast[0] = 0x00;
3581  sFrame.pRSNWPA->abyMulticast[1] = 0x50;
3582  sFrame.pRSNWPA->abyMulticast[2] = 0xf2;
3583  if (pMgmt->byCSSGK == KEY_CTL_WEP) {
3584  sFrame.pRSNWPA->abyMulticast[3] = pMgmt->pCurrBSS->byGKType;
3585  } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
3586  sFrame.pRSNWPA->abyMulticast[3] = WPA_TKIP;
3587  } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
3588  sFrame.pRSNWPA->abyMulticast[3] = WPA_AESCCMP;
3589  } else {
3590  sFrame.pRSNWPA->abyMulticast[3] = WPA_NONE;
3591  }
3592  // Pairwise Key Cipher Suite
3593  sFrame.pRSNWPA->wPKCount = 1;
3594  sFrame.pRSNWPA->PKSList[0].abyOUI[0] = 0x00;
3595  sFrame.pRSNWPA->PKSList[0].abyOUI[1] = 0x50;
3596  sFrame.pRSNWPA->PKSList[0].abyOUI[2] = 0xf2;
3597  if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
3598  sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_TKIP;
3599  } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
3600  sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_AESCCMP;
3601  } else {
3602  sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_NONE;
3603  }
3604  // Auth Key Management Suite
3605  pbyRSN = (PBYTE)(sFrame.pBuf + sFrame.len + 2 + sFrame.pRSNWPA->len);
3606  *pbyRSN++=0x01;
3607  *pbyRSN++=0x00;
3608  *pbyRSN++=0x00;
3609 
3610  *pbyRSN++=0x50;
3611  *pbyRSN++=0xf2;
3612  if (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) {
3613  *pbyRSN++=WPA_AUTH_PSK;
3614  }
3615  else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA) {
3616  *pbyRSN++=WPA_AUTH_IEEE802_1X;
3617  }
3618  else {
3619  *pbyRSN++=WPA_NONE;
3620  }
3621 
3622  sFrame.pRSNWPA->len +=6;
3623 
3624  // RSN Capabilites
3625 
3626  *pbyRSN++=0x00;
3627  *pbyRSN++=0x00;
3628  sFrame.pRSNWPA->len +=2;
3629 
3630  sFrame.len += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3631  // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
3633  memcpy(pbyIEs, sFrame.pRSNWPA, sFrame.pRSNWPA->len + WLAN_IEHDR_LEN);
3634  pbyIEs += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3635 
3636  } else if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
3637  (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) &&
3638  (pMgmt->pCurrBSS != NULL)) {
3639  unsigned int ii;
3640  PWORD pwPMKID;
3641 
3642  // WPA IE
3643  sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
3644  sFrame.pRSN->byElementID = WLAN_EID_RSN;
3645  sFrame.pRSN->len = 6; //Version(2)+GK(4)
3646  sFrame.pRSN->wVersion = 1;
3647  //Group Key Cipher Suite
3648  sFrame.pRSN->abyRSN[0] = 0x00;
3649  sFrame.pRSN->abyRSN[1] = 0x0F;
3650  sFrame.pRSN->abyRSN[2] = 0xAC;
3651  if (pMgmt->byCSSGK == KEY_CTL_WEP) {
3652  sFrame.pRSN->abyRSN[3] = pMgmt->pCurrBSS->byCSSGK;
3653  } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
3654  sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_TKIP;
3655  } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
3656  sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_CCMP;
3657  } else {
3658  sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_UNKNOWN;
3659  }
3660 
3661  // Pairwise Key Cipher Suite
3662  sFrame.pRSN->abyRSN[4] = 1;
3663  sFrame.pRSN->abyRSN[5] = 0;
3664  sFrame.pRSN->abyRSN[6] = 0x00;
3665  sFrame.pRSN->abyRSN[7] = 0x0F;
3666  sFrame.pRSN->abyRSN[8] = 0xAC;
3667  if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
3668  sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_TKIP;
3669  } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
3670  sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_CCMP;
3671  } else if (pMgmt->byCSSPK == KEY_CTL_NONE) {
3672  sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_USE_GROUP;
3673  } else {
3674  sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_UNKNOWN;
3675  }
3676  sFrame.pRSN->len += 6;
3677 
3678  // Auth Key Management Suite
3679  sFrame.pRSN->abyRSN[10] = 1;
3680  sFrame.pRSN->abyRSN[11] = 0;
3681  sFrame.pRSN->abyRSN[12] = 0x00;
3682  sFrame.pRSN->abyRSN[13] = 0x0F;
3683  sFrame.pRSN->abyRSN[14] = 0xAC;
3684  if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK) {
3685  sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_PSK;
3686  } else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
3687  sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_802_1X;
3688  } else {
3689  sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_UNKNOWN;
3690  }
3691  sFrame.pRSN->len +=6;
3692 
3693  // RSN Capabilites
3694  if (pMgmt->pCurrBSS->sRSNCapObj.bRSNCapExist == TRUE) {
3695  memcpy(&sFrame.pRSN->abyRSN[16], &pMgmt->pCurrBSS->sRSNCapObj.wRSNCap, 2);
3696  } else {
3697  sFrame.pRSN->abyRSN[16] = 0;
3698  sFrame.pRSN->abyRSN[17] = 0;
3699  }
3700  sFrame.pRSN->len +=2;
3701 
3702  if ((pDevice->gsPMKID.BSSIDInfoCount > 0) && (pDevice->bRoaming == TRUE) && (pMgmt->eAuthenMode == WMAC_AUTH_WPA2)) {
3703  // RSN PMKID
3704  pbyRSN = &sFrame.pRSN->abyRSN[18];
3705  pwPMKID = (PWORD)pbyRSN; // Point to PMKID count
3706  *pwPMKID = 0; // Initialize PMKID count
3707  pbyRSN += 2; // Point to PMKID list
3708  for (ii = 0; ii < pDevice->gsPMKID.BSSIDInfoCount; ii++) {
3709  if (!memcmp(&pDevice->gsPMKID.BSSIDInfo[ii].BSSID[0],
3710  pMgmt->abyCurrBSSID,
3711  ETH_ALEN)) {
3712  (*pwPMKID)++;
3713  memcpy(pbyRSN,
3714  pDevice->gsPMKID.BSSIDInfo[ii].PMKID,
3715  16);
3716  pbyRSN += 16;
3717  }
3718  }
3719  if (*pwPMKID != 0) {
3720  sFrame.pRSN->len += (2 + (*pwPMKID)*16);
3721  }
3722  }
3723 
3724  sFrame.len += sFrame.pRSN->len + WLAN_IEHDR_LEN;
3725  // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
3727  memcpy(pbyIEs, sFrame.pRSN, sFrame.pRSN->len + WLAN_IEHDR_LEN);
3728  pbyIEs += sFrame.pRSN->len + WLAN_IEHDR_LEN;
3729  }
3730 
3731 
3732  // Adjust the length fields
3733  pTxPacket->cbMPDULen = sFrame.len;
3734  pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
3735  return pTxPacket;
3736 }
3737 
3738 
3739 
3740 
3741 
3742 
3743 
3744 
3745 /*+
3746  *
3747  * Routine Description:
3748  * Constructs an re-association request frame
3749  *
3750  *
3751  * Return Value:
3752  * A ptr to frame or NULL on allocation failure
3753  *
3754 -*/
3755 
3756 
3758 s_MgrMakeReAssocRequest(
3759  PSDevice pDevice,
3760  PSMgmtObject pMgmt,
3761  PBYTE pDAddr,
3762  WORD wCurrCapInfo,
3763  WORD wListenInterval,
3764  PWLAN_IE_SSID pCurrSSID,
3765  PWLAN_IE_SUPP_RATES pCurrRates,
3766  PWLAN_IE_SUPP_RATES pCurrExtSuppRates
3767  )
3768 {
3769  PSTxMgmtPacket pTxPacket = NULL;
3770  WLAN_FR_REASSOCREQ sFrame;
3771  PBYTE pbyIEs;
3772  PBYTE pbyRSN;
3773 
3774 
3775  pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3776  memset( pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_REASSOCREQ_FR_MAXLEN);
3777  pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3778  /* Setup the sFrame structure. */
3779  sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3780  sFrame.len = WLAN_REASSOCREQ_FR_MAXLEN;
3781 
3782  // format fixed field frame structure
3783  vMgrEncodeReassocRequest(&sFrame);
3784 
3785  /* Setup the header */
3786  sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
3787  (
3790  ));
3791  memcpy( sFrame.pHdr->sA3.abyAddr1, pDAddr, WLAN_ADDR_LEN);
3792  memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
3793  memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
3794 
3795  /* Set the capability and listen interval */
3796  *(sFrame.pwCapInfo) = cpu_to_le16(wCurrCapInfo);
3797  *(sFrame.pwListenInterval) = cpu_to_le16(wListenInterval);
3798 
3799  memcpy(sFrame.pAddrCurrAP, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
3800  /* Copy the SSID */
3801  /* sFrame.len point to end of fixed field */
3802  sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
3803  sFrame.len += pCurrSSID->len + WLAN_IEHDR_LEN;
3804  memcpy(sFrame.pSSID, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
3805 
3806  pMgmt->sAssocInfo.AssocInfo.RequestIELength = pCurrSSID->len + WLAN_IEHDR_LEN;
3808  pbyIEs = pMgmt->sAssocInfo.abyIEs;
3809  memcpy(pbyIEs, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
3810  pbyIEs += pCurrSSID->len + WLAN_IEHDR_LEN;
3811 
3812  /* Copy the rate set */
3813  /* sFrame.len point to end of SSID */
3814  sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3815  sFrame.len += pCurrRates->len + WLAN_IEHDR_LEN;
3816  memcpy(sFrame.pSuppRates, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
3817 
3818  // Copy the extension rate set
3819  if ((pMgmt->eCurrentPHYMode == PHY_TYPE_11G) && (pCurrExtSuppRates->len > 0)) {
3820  sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3821  sFrame.len += pCurrExtSuppRates->len + WLAN_IEHDR_LEN;
3822  memcpy(sFrame.pExtSuppRates, pCurrExtSuppRates, pCurrExtSuppRates->len + WLAN_IEHDR_LEN);
3823  }
3824 
3825  pMgmt->sAssocInfo.AssocInfo.RequestIELength += pCurrRates->len + WLAN_IEHDR_LEN;
3826  memcpy(pbyIEs, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
3827  pbyIEs += pCurrRates->len + WLAN_IEHDR_LEN;
3828 
3829  if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
3830  (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
3831  (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE)) &&
3832  (pMgmt->pCurrBSS != NULL)) {
3833  /* WPA IE */
3834  sFrame.pRSNWPA = (PWLAN_IE_RSN_EXT)(sFrame.pBuf + sFrame.len);
3836  sFrame.pRSNWPA->len = 16;
3837  sFrame.pRSNWPA->abyOUI[0] = 0x00;
3838  sFrame.pRSNWPA->abyOUI[1] = 0x50;
3839  sFrame.pRSNWPA->abyOUI[2] = 0xf2;
3840  sFrame.pRSNWPA->abyOUI[3] = 0x01;
3841  sFrame.pRSNWPA->wVersion = 1;
3842  //Group Key Cipher Suite
3843  sFrame.pRSNWPA->abyMulticast[0] = 0x00;
3844  sFrame.pRSNWPA->abyMulticast[1] = 0x50;
3845  sFrame.pRSNWPA->abyMulticast[2] = 0xf2;
3846  if (pMgmt->byCSSGK == KEY_CTL_WEP) {
3847  sFrame.pRSNWPA->abyMulticast[3] = pMgmt->pCurrBSS->byGKType;
3848  } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
3849  sFrame.pRSNWPA->abyMulticast[3] = WPA_TKIP;
3850  } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
3851  sFrame.pRSNWPA->abyMulticast[3] = WPA_AESCCMP;
3852  } else {
3853  sFrame.pRSNWPA->abyMulticast[3] = WPA_NONE;
3854  }
3855  // Pairwise Key Cipher Suite
3856  sFrame.pRSNWPA->wPKCount = 1;
3857  sFrame.pRSNWPA->PKSList[0].abyOUI[0] = 0x00;
3858  sFrame.pRSNWPA->PKSList[0].abyOUI[1] = 0x50;
3859  sFrame.pRSNWPA->PKSList[0].abyOUI[2] = 0xf2;
3860  if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
3861  sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_TKIP;
3862  } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
3863  sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_AESCCMP;
3864  } else {
3865  sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_NONE;
3866  }
3867  // Auth Key Management Suite
3868  pbyRSN = (PBYTE)(sFrame.pBuf + sFrame.len + 2 + sFrame.pRSNWPA->len);
3869  *pbyRSN++=0x01;
3870  *pbyRSN++=0x00;
3871  *pbyRSN++=0x00;
3872 
3873  *pbyRSN++=0x50;
3874  *pbyRSN++=0xf2;
3875  if (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) {
3876  *pbyRSN++=WPA_AUTH_PSK;
3877  } else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA) {
3878  *pbyRSN++=WPA_AUTH_IEEE802_1X;
3879  } else {
3880  *pbyRSN++=WPA_NONE;
3881  }
3882 
3883  sFrame.pRSNWPA->len +=6;
3884 
3885  // RSN Capabilites
3886  *pbyRSN++=0x00;
3887  *pbyRSN++=0x00;
3888  sFrame.pRSNWPA->len +=2;
3889 
3890  sFrame.len += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3891  // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
3893  memcpy(pbyIEs, sFrame.pRSNWPA, sFrame.pRSNWPA->len + WLAN_IEHDR_LEN);
3894  pbyIEs += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3895 
3896  } else if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
3897  (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) &&
3898  (pMgmt->pCurrBSS != NULL)) {
3899  unsigned int ii;
3900  PWORD pwPMKID;
3901 
3902  /* WPA IE */
3903  sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
3904  sFrame.pRSN->byElementID = WLAN_EID_RSN;
3905  sFrame.pRSN->len = 6; //Version(2)+GK(4)
3906  sFrame.pRSN->wVersion = 1;
3907  //Group Key Cipher Suite
3908  sFrame.pRSN->abyRSN[0] = 0x00;
3909  sFrame.pRSN->abyRSN[1] = 0x0F;
3910  sFrame.pRSN->abyRSN[2] = 0xAC;
3911  if (pMgmt->byCSSGK == KEY_CTL_WEP) {
3912  sFrame.pRSN->abyRSN[3] = pMgmt->pCurrBSS->byCSSGK;
3913  } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
3914  sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_TKIP;
3915  } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
3916  sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_CCMP;
3917  } else {
3918  sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_UNKNOWN;
3919  }
3920 
3921  // Pairwise Key Cipher Suite
3922  sFrame.pRSN->abyRSN[4] = 1;
3923  sFrame.pRSN->abyRSN[5] = 0;
3924  sFrame.pRSN->abyRSN[6] = 0x00;
3925  sFrame.pRSN->abyRSN[7] = 0x0F;
3926  sFrame.pRSN->abyRSN[8] = 0xAC;
3927  if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
3928  sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_TKIP;
3929  } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
3930  sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_CCMP;
3931  } else if (pMgmt->byCSSPK == KEY_CTL_NONE) {
3932  sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_USE_GROUP;
3933  } else {
3934  sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_UNKNOWN;
3935  }
3936  sFrame.pRSN->len += 6;
3937 
3938  // Auth Key Management Suite
3939  sFrame.pRSN->abyRSN[10] = 1;
3940  sFrame.pRSN->abyRSN[11] = 0;
3941  sFrame.pRSN->abyRSN[12] = 0x00;
3942  sFrame.pRSN->abyRSN[13] = 0x0F;
3943  sFrame.pRSN->abyRSN[14] = 0xAC;
3944  if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK) {
3945  sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_PSK;
3946  } else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
3947  sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_802_1X;
3948  } else {
3949  sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_UNKNOWN;
3950  }
3951  sFrame.pRSN->len +=6;
3952 
3953  // RSN Capabilites
3954  if (pMgmt->pCurrBSS->sRSNCapObj.bRSNCapExist == TRUE) {
3955  memcpy(&sFrame.pRSN->abyRSN[16], &pMgmt->pCurrBSS->sRSNCapObj.wRSNCap, 2);
3956  } else {
3957  sFrame.pRSN->abyRSN[16] = 0;
3958  sFrame.pRSN->abyRSN[17] = 0;
3959  }
3960  sFrame.pRSN->len +=2;
3961 
3962  if ((pDevice->gsPMKID.BSSIDInfoCount > 0) && (pDevice->bRoaming == TRUE) && (pMgmt->eAuthenMode == WMAC_AUTH_WPA2)) {
3963  // RSN PMKID
3964  pbyRSN = &sFrame.pRSN->abyRSN[18];
3965  pwPMKID = (PWORD)pbyRSN; // Point to PMKID count
3966  *pwPMKID = 0; // Initialize PMKID count
3967  pbyRSN += 2; // Point to PMKID list
3968  for (ii = 0; ii < pDevice->gsPMKID.BSSIDInfoCount; ii++) {
3969  if (!memcmp(&pDevice->gsPMKID.BSSIDInfo[ii].BSSID[0],
3970  pMgmt->abyCurrBSSID,
3971  ETH_ALEN)) {
3972  (*pwPMKID)++;
3973  memcpy(pbyRSN,
3974  pDevice->gsPMKID.BSSIDInfo[ii].PMKID,
3975  16);
3976  pbyRSN += 16;
3977  }
3978  }
3979  if (*pwPMKID != 0) {
3980  sFrame.pRSN->len += (2 + (*pwPMKID)*16);
3981  }
3982  }
3983 
3984  sFrame.len += sFrame.pRSN->len + WLAN_IEHDR_LEN;
3985  // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
3987  memcpy(pbyIEs, sFrame.pRSN, sFrame.pRSN->len + WLAN_IEHDR_LEN);
3988  pbyIEs += sFrame.pRSN->len + WLAN_IEHDR_LEN;
3989  }
3990 
3991 
3992 
3993  /* Adjust the length fields */
3994  pTxPacket->cbMPDULen = sFrame.len;
3995  pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
3996 
3997  return pTxPacket;
3998 }
3999 
4000 /*+
4001  *
4002  * Routine Description:
4003  * Constructs an assoc-response frame
4004  *
4005  *
4006  * Return Value:
4007  * PTR to frame; or NULL on allocation failure
4008  *
4009 -*/
4010 
4012 s_MgrMakeAssocResponse(
4013  PSDevice pDevice,
4014  PSMgmtObject pMgmt,
4015  WORD wCurrCapInfo,
4016  WORD wAssocStatus,
4017  WORD wAssocAID,
4018  PBYTE pDstAddr,
4019  PWLAN_IE_SUPP_RATES pCurrSuppRates,
4020  PWLAN_IE_SUPP_RATES pCurrExtSuppRates
4021  )
4022 {
4023  PSTxMgmtPacket pTxPacket = NULL;
4024  WLAN_FR_ASSOCRESP sFrame;
4025 
4026 
4027  pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
4028  memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_ASSOCREQ_FR_MAXLEN);
4029  pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
4030  // Setup the sFrame structure
4031  sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
4033  vMgrEncodeAssocResponse(&sFrame);
4034  // Setup the header
4035  sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
4036  (
4039  ));
4040  memcpy( sFrame.pHdr->sA3.abyAddr1, pDstAddr, WLAN_ADDR_LEN);
4041  memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
4042  memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
4043 
4044  *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
4045  *sFrame.pwStatus = cpu_to_le16(wAssocStatus);
4046  *sFrame.pwAid = cpu_to_le16((WORD)(wAssocAID | BIT14 | BIT15));
4047 
4048  // Copy the rate set
4049  sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4050  sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
4051  memcpy(sFrame.pSuppRates,
4052  pCurrSuppRates,
4053  ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
4054  );
4055 
4056  if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
4057  sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4058  sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
4059  memcpy(sFrame.pExtSuppRates,
4060  pCurrExtSuppRates,
4061  ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
4062  );
4063  }
4064 
4065  // Adjust the length fields
4066  pTxPacket->cbMPDULen = sFrame.len;
4067  pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
4068 
4069  return pTxPacket;
4070 }
4071 
4072 
4073 /*+
4074  *
4075  * Routine Description:
4076  * Constructs an reassoc-response frame
4077  *
4078  *
4079  * Return Value:
4080  * PTR to frame; or NULL on allocation failure
4081  *
4082 -*/
4083 
4084 
4086 s_MgrMakeReAssocResponse(
4087  PSDevice pDevice,
4088  PSMgmtObject pMgmt,
4089  WORD wCurrCapInfo,
4090  WORD wAssocStatus,
4091  WORD wAssocAID,
4092  PBYTE pDstAddr,
4093  PWLAN_IE_SUPP_RATES pCurrSuppRates,
4094  PWLAN_IE_SUPP_RATES pCurrExtSuppRates
4095  )
4096 {
4097  PSTxMgmtPacket pTxPacket = NULL;
4098  WLAN_FR_REASSOCRESP sFrame;
4099 
4100 
4101  pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
4102  memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_ASSOCREQ_FR_MAXLEN);
4103  pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
4104  // Setup the sFrame structure
4105  sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
4107  vMgrEncodeReassocResponse(&sFrame);
4108  // Setup the header
4109  sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
4110  (
4113  ));
4114  memcpy( sFrame.pHdr->sA3.abyAddr1, pDstAddr, WLAN_ADDR_LEN);
4115  memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
4116  memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
4117 
4118  *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
4119  *sFrame.pwStatus = cpu_to_le16(wAssocStatus);
4120  *sFrame.pwAid = cpu_to_le16((WORD)(wAssocAID | BIT14 | BIT15));
4121 
4122  // Copy the rate set
4123  sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4124  sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
4125  memcpy(sFrame.pSuppRates,
4126  pCurrSuppRates,
4127  ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
4128  );
4129 
4130  if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
4131  sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4132  sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
4133  memcpy(sFrame.pExtSuppRates,
4134  pCurrExtSuppRates,
4135  ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
4136  );
4137  }
4138 
4139  // Adjust the length fields
4140  pTxPacket->cbMPDULen = sFrame.len;
4141  pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
4142 
4143  return pTxPacket;
4144 }
4145 
4146 
4147 /*+
4148  *
4149  * Routine Description:
4150  * Handles probe response management frames.
4151  *
4152  *
4153  * Return Value:
4154  * none.
4155  *
4156 -*/
4157 
4158 static
4159 void
4160 s_vMgrRxProbeResponse(
4161  PSDevice pDevice,
4162  PSMgmtObject pMgmt,
4163  PSRxMgmtPacket pRxPacket
4164  )
4165 {
4166  PKnownBSS pBSSList = NULL;
4167  WLAN_FR_PROBERESP sFrame;
4168  BYTE byCurrChannel = pRxPacket->byRxChannel;
4169  ERPObject sERP;
4170  BOOL bChannelHit = TRUE;
4171 
4172 
4173  memset(&sFrame, 0, sizeof(WLAN_FR_PROBERESP));
4174  // decode the frame
4175  sFrame.len = pRxPacket->cbMPDULen;
4176  sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
4177  vMgrDecodeProbeResponse(&sFrame);
4178 
4179  if ((sFrame.pqwTimestamp == NULL)
4180  || (sFrame.pwBeaconInterval == NULL)
4181  || (sFrame.pwCapInfo == NULL)
4182  || (sFrame.pSSID == NULL)
4183  || (sFrame.pSuppRates == NULL)) {
4184 
4185  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Probe resp:Fail addr:[%p]\n",
4186  pRxPacket->p80211Header);
4187  DBG_PORT80(0xCC);
4188  return;
4189  }
4190 
4191  if(sFrame.pSSID->len == 0)
4192  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rx Probe resp: SSID len = 0 \n");
4193 
4194 
4195  //{{ RobertYu:20050201, 11a byCurrChannel != sFrame.pDSParms->byCurrChannel mapping
4196  if( byCurrChannel > CB_MAX_CHANNEL_24G )
4197  {
4198  if (sFrame.pDSParms) {
4199  if (byCurrChannel ==
4200  RFaby11aChannelIndex[sFrame.pDSParms->byCurrChannel-1])
4201  bChannelHit = TRUE;
4202  byCurrChannel =
4203  RFaby11aChannelIndex[sFrame.pDSParms->byCurrChannel-1];
4204  } else {
4205  bChannelHit = TRUE;
4206  }
4207  } else {
4208  if (sFrame.pDSParms) {
4209  if (byCurrChannel == sFrame.pDSParms->byCurrChannel)
4210  bChannelHit = TRUE;
4211  byCurrChannel = sFrame.pDSParms->byCurrChannel;
4212  } else {
4213  bChannelHit = TRUE;
4214  }
4215  }
4216  //RobertYu:20050201
4217 
4218 if(ChannelExceedZoneType(pDevice,byCurrChannel)==TRUE)
4219  return;
4220 
4221  if (sFrame.pERP) {
4222  sERP.byERP = sFrame.pERP->byContext;
4223  sERP.bERPExist = TRUE;
4224  } else {
4225  sERP.bERPExist = FALSE;
4226  sERP.byERP = 0;
4227  }
4228 
4229 
4230  // update or insert the bss
4231  pBSSList = BSSpAddrIsInBSSList((void *) pDevice,
4232  sFrame.pHdr->sA3.abyAddr3,
4233  sFrame.pSSID);
4234  if (pBSSList) {
4235  BSSbUpdateToBSSList((void *) pDevice,
4236  *sFrame.pqwTimestamp,
4237  *sFrame.pwBeaconInterval,
4238  *sFrame.pwCapInfo,
4239  byCurrChannel,
4240  bChannelHit,
4241  sFrame.pSSID,
4242  sFrame.pSuppRates,
4243  sFrame.pExtSuppRates,
4244  &sERP,
4245  sFrame.pRSN,
4246  sFrame.pRSNWPA,
4247  sFrame.pIE_Country,
4248  sFrame.pIE_Quiet,
4249  pBSSList,
4250  sFrame.len - WLAN_HDR_ADDR3_LEN,
4251  /* payload of probresponse */
4252  sFrame.pHdr->sA4.abyAddr4,
4253  (void *) pRxPacket);
4254  } else {
4255  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Probe resp/insert: RxChannel = : %d\n", byCurrChannel);
4256  BSSbInsertToBSSList((void *) pDevice,
4257  sFrame.pHdr->sA3.abyAddr3,
4258  *sFrame.pqwTimestamp,
4259  *sFrame.pwBeaconInterval,
4260  *sFrame.pwCapInfo,
4261  byCurrChannel,
4262  sFrame.pSSID,
4263  sFrame.pSuppRates,
4264  sFrame.pExtSuppRates,
4265  &sERP,
4266  sFrame.pRSN,
4267  sFrame.pRSNWPA,
4268  sFrame.pIE_Country,
4269  sFrame.pIE_Quiet,
4270  sFrame.len - WLAN_HDR_ADDR3_LEN,
4271  sFrame.pHdr->sA4.abyAddr4, /* payload of beacon */
4272  (void *) pRxPacket);
4273  }
4274  return;
4275 
4276 }
4277 
4278 /*+
4279  *
4280  * Routine Description:(AP)or(Ad-hoc STA)
4281  * Handles probe request management frames.
4282  *
4283  *
4284  * Return Value:
4285  * none.
4286  *
4287 -*/
4288 
4289 
4290 static
4291 void
4292 s_vMgrRxProbeRequest(
4293  PSDevice pDevice,
4294  PSMgmtObject pMgmt,
4295  PSRxMgmtPacket pRxPacket
4296  )
4297 {
4298  WLAN_FR_PROBEREQ sFrame;
4300  PSTxMgmtPacket pTxPacket;
4301  BYTE byPHYType = BB_TYPE_11B;
4302 
4303  // STA in Ad-hoc mode: when latest TBTT beacon transmit success,
4304  // STA have to response this request.
4305  if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) ||
4306  ((pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) && pDevice->bBeaconSent)) {
4307 
4308  memset(&sFrame, 0, sizeof(WLAN_FR_PROBEREQ));
4309  // decode the frame
4310  sFrame.len = pRxPacket->cbMPDULen;
4311  sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
4312  vMgrDecodeProbeRequest(&sFrame);
4313 /*
4314  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Probe request rx:MAC addr:%pM\n",
4315  sFrame.pHdr->sA3.abyAddr2);
4316 */
4317  if (sFrame.pSSID->len != 0) {
4318  if (sFrame.pSSID->len != ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len)
4319  return;
4320  if (memcmp(sFrame.pSSID->abySSID,
4321  ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->abySSID,
4322  ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len) != 0) {
4323  return;
4324  }
4325  }
4326 
4327  if ((sFrame.pSuppRates->len > 4) || (sFrame.pExtSuppRates != NULL)) {
4328  byPHYType = BB_TYPE_11G;
4329  }
4330 
4331  // Probe response reply..
4332  pTxPacket = s_MgrMakeProbeResponse
4333  (
4334  pDevice,
4335  pMgmt,
4336  pMgmt->wCurrCapInfo,
4337  pMgmt->wCurrBeaconPeriod,
4338  pMgmt->uCurrChannel,
4339  0,
4340  sFrame.pHdr->sA3.abyAddr2,
4341  (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
4342  (PBYTE)pMgmt->abyCurrBSSID,
4345  byPHYType
4346  );
4347  if (pTxPacket != NULL ){
4348  /* send the frame */
4349  Status = csMgmt_xmit(pDevice, pTxPacket);
4350  if (Status != CMD_STATUS_PENDING) {
4351  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Probe response tx failed\n");
4352  }
4353  else {
4354 // DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Probe response tx sending..\n");
4355  }
4356  }
4357  }
4358 
4359  return;
4360 }
4361 
4362 /*+
4363  *
4364  * Routine Description:
4365  *
4366  * Entry point for the reception and handling of 802.11 management
4367  * frames. Makes a determination of the frame type and then calls
4368  * the appropriate function.
4369  *
4370  *
4371  * Return Value:
4372  * none.
4373  *
4374 -*/
4375 
4376 void vMgrRxManagePacket(void *hDeviceContext,
4377  PSMgmtObject pMgmt,
4378  PSRxMgmtPacket pRxPacket)
4379 {
4380  PSDevice pDevice = (PSDevice)hDeviceContext;
4381  BOOL bInScan = FALSE;
4382  unsigned int uNodeIndex = 0;
4383  NODE_STATE eNodeState = 0;
4385 
4386 
4387  if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
4388  if (BSSbIsSTAInNodeDB(pDevice, pRxPacket->p80211Header->sA3.abyAddr2, &uNodeIndex))
4389  eNodeState = pMgmt->sNodeDBTable[uNodeIndex].eNodeState;
4390  }
4391 
4392  switch( WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) ){
4393 
4394  case WLAN_FSTYPE_ASSOCREQ:
4395  // Frame Clase = 2
4396  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx assocreq\n");
4397  if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) &&
4398  (eNodeState < NODE_AUTH)) {
4399  // send deauth notification
4400  // reason = (6) class 2 received from nonauth sta
4401  vMgrDeAuthenBeginSta(pDevice,
4402  pMgmt,
4403  pRxPacket->p80211Header->sA3.abyAddr2,
4404  (6),
4405  &Status
4406  );
4407  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wmgr: send vMgrDeAuthenBeginSta 1\n");
4408  }
4409  else {
4410  s_vMgrRxAssocRequest(pDevice, pMgmt, pRxPacket, uNodeIndex);
4411  }
4412  break;
4413 
4414  case WLAN_FSTYPE_ASSOCRESP:
4415  // Frame Clase = 2
4416  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx assocresp1\n");
4417  s_vMgrRxAssocResponse(pDevice, pMgmt, pRxPacket, FALSE);
4418  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx assocresp2\n");
4419  break;
4420 
4422  // Frame Clase = 2
4423  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx reassocreq\n");
4424  // Todo: reassoc
4425  if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) &&
4426  (eNodeState < NODE_AUTH)) {
4427  // send deauth notification
4428  // reason = (6) class 2 received from nonauth sta
4429  vMgrDeAuthenBeginSta(pDevice,
4430  pMgmt,
4431  pRxPacket->p80211Header->sA3.abyAddr2,
4432  (6),
4433  &Status
4434  );
4435  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wmgr: send vMgrDeAuthenBeginSta 2\n");
4436 
4437  }
4438  s_vMgrRxReAssocRequest(pDevice, pMgmt, pRxPacket, uNodeIndex);
4439  break;
4440 
4442  // Frame Clase = 2
4443  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx reassocresp\n");
4444  s_vMgrRxAssocResponse(pDevice, pMgmt, pRxPacket, TRUE);
4445  break;
4446 
4447  case WLAN_FSTYPE_PROBEREQ:
4448  // Frame Clase = 0
4449  //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx probereq\n");
4450  s_vMgrRxProbeRequest(pDevice, pMgmt, pRxPacket);
4451  break;
4452 
4453  case WLAN_FSTYPE_PROBERESP:
4454  // Frame Clase = 0
4455  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx proberesp\n");
4456 
4457  s_vMgrRxProbeResponse(pDevice, pMgmt, pRxPacket);
4458  break;
4459 
4460  case WLAN_FSTYPE_BEACON:
4461  // Frame Clase = 0
4462  //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx beacon\n");
4463  if (pMgmt->eScanState != WMAC_NO_SCANNING) {
4464  bInScan = TRUE;
4465  }
4466  s_vMgrRxBeacon(pDevice, pMgmt, pRxPacket, bInScan);
4467  break;
4468 
4469  case WLAN_FSTYPE_ATIM:
4470  // Frame Clase = 1
4471  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx atim\n");
4472  break;
4473 
4474  case WLAN_FSTYPE_DISASSOC:
4475  // Frame Clase = 2
4476  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx disassoc\n");
4477  if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) &&
4478  (eNodeState < NODE_AUTH)) {
4479  // send deauth notification
4480  // reason = (6) class 2 received from nonauth sta
4481  vMgrDeAuthenBeginSta(pDevice,
4482  pMgmt,
4483  pRxPacket->p80211Header->sA3.abyAddr2,
4484  (6),
4485  &Status
4486  );
4487  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wmgr: send vMgrDeAuthenBeginSta 3\n");
4488  }
4489  s_vMgrRxDisassociation(pDevice, pMgmt, pRxPacket);
4490  break;
4491 
4492  case WLAN_FSTYPE_AUTHEN:
4493  // Frame Clase = 1
4494  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx authen\n");
4495  s_vMgrRxAuthentication(pDevice, pMgmt, pRxPacket);
4496  break;
4497 
4498  case WLAN_FSTYPE_DEAUTHEN:
4499  // Frame Clase = 1
4500  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx deauthen\n");
4501  s_vMgrRxDeauthentication(pDevice, pMgmt, pRxPacket);
4502  break;
4503 
4504  default:
4505  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx unknown mgmt\n");
4506  }
4507 
4508  return;
4509 }
4510 
4511 /*+
4512  *
4513  * Routine Description:
4514  *
4515  *
4516  * Prepare beacon to send
4517  *
4518  * Return Value:
4519  * TRUE if success; FALSE if failed.
4520  *
4521 -*/
4522 BOOL bMgrPrepareBeaconToSend(void *hDeviceContext, PSMgmtObject pMgmt)
4523 {
4524  PSDevice pDevice = (PSDevice)hDeviceContext;
4525  PSTxMgmtPacket pTxPacket;
4526 
4527 // pDevice->bBeaconBufReady = FALSE;
4528  if (pDevice->bEncryptionEnable || pDevice->bEnable8021x){
4530  }
4531  else {
4533  }
4534  pTxPacket = s_MgrMakeBeacon
4535  (
4536  pDevice,
4537  pMgmt,
4538  pMgmt->wCurrCapInfo,
4539  pMgmt->wCurrBeaconPeriod,
4540  pMgmt->uCurrChannel,
4541  pMgmt->wCurrATIMWindow, //0,
4542  (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
4543  (PBYTE)pMgmt->abyCurrBSSID,
4546  );
4547 
4548  if ((pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) &&
4549  (pMgmt->abyCurrBSSID[0] == 0))
4550  return FALSE;
4551 
4552  csBeacon_xmit(pDevice, pTxPacket);
4554 
4555  return TRUE;
4556 }
4557 
4558 
4559 
4560 
4561 /*+
4562  *
4563  * Routine Description:
4564  *
4565  * Log a warning message based on the contents of the Status
4566  * Code field of an 802.11 management frame. Defines are
4567  * derived from 802.11-1997 SPEC.
4568  *
4569  * Return Value:
4570  * none.
4571  *
4572 -*/
4573 static
4574 void
4575 s_vMgrLogStatus(
4576  PSMgmtObject pMgmt,
4577  WORD wStatus
4578  )
4579 {
4580  switch( wStatus ){
4582  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Unspecified error.\n");
4583  break;
4585  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Can't support all requested capabilities.\n");
4586  break;
4588  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Reassoc denied, can't confirm original Association.\n");
4589  break;
4591  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, undefine in spec\n");
4592  break;
4594  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Peer doesn't support authen algorithm.\n");
4595  break;
4597  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Authen frame received out of sequence.\n");
4598  break;
4600  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Authen rejected, challenge failure.\n");
4601  break;
4603  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Authen rejected, timeout waiting for next frame.\n");
4604  break;
4606  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, AP too busy.\n");
4607  break;
4609  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we haven't enough basic rates.\n");
4610  break;
4612  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we do not support short preamble.\n");
4613  break;
4615  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we do not support PBCC.\n");
4616  break;
4618  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we do not support channel agility.\n");
4619  break;
4620  default:
4621  DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Unknown status code %d.\n", wStatus);
4622  break;
4623  }
4624 }
4625 
4626 /*
4627  *
4628  * Description:
4629  * Add BSSID in PMKID Candidate list.
4630  *
4631  * Parameters:
4632  * In:
4633  * hDeviceContext - device structure point
4634  * pbyBSSID - BSSID address for adding
4635  * wRSNCap - BSS's RSN capability
4636  * Out:
4637  * none
4638  *
4639  * Return Value: none.
4640  *
4641 -*/
4642 
4643 BOOL bAdd_PMKID_Candidate(void *hDeviceContext,
4644  PBYTE pbyBSSID,
4645  PSRSNCapObject psRSNCapObj)
4646 {
4647  PSDevice pDevice = (PSDevice)hDeviceContext;
4648  PPMKID_CANDIDATE pCandidateList;
4649  unsigned int ii = 0;
4650 
4651  DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"bAdd_PMKID_Candidate START: (%d)\n", (int)pDevice->gsPMKIDCandidate.NumCandidates);
4652 
4653  if ((pDevice == NULL) || (pbyBSSID == NULL) || (psRSNCapObj == NULL))
4654  return FALSE;
4655 
4657  return FALSE;
4658 
4659 
4660 
4661  // Update Old Candidate
4662  for (ii = 0; ii < pDevice->gsPMKIDCandidate.NumCandidates; ii++) {
4663  pCandidateList = &pDevice->gsPMKIDCandidate.CandidateList[ii];
4664  if (!memcmp(pCandidateList->BSSID, pbyBSSID, ETH_ALEN)) {
4665  if ((psRSNCapObj->bRSNCapExist == TRUE)
4666  && (psRSNCapObj->wRSNCap & BIT0)) {
4667  pCandidateList->Flags |=
4669  } else {
4670  pCandidateList->Flags &=
4672  }
4673  return TRUE;
4674  }
4675  }
4676 
4677  // New Candidate
4678  pCandidateList = &pDevice->gsPMKIDCandidate.CandidateList[pDevice->gsPMKIDCandidate.NumCandidates];
4679  if ((psRSNCapObj->bRSNCapExist == TRUE) && (psRSNCapObj->wRSNCap & BIT0)) {
4681  }