/* ======================================================================== Routine Description: Process MIC error indication and record MIC error timer. Arguments: pAd Pointer to our adapter pWpaKey Pointer to the WPA key structure Return Value: None IRQL = DISPATCH_LEVEL Note: ======================================================================== */ VOID RTMPReportMicError( IN PRTMP_ADAPTER pAd, IN PCIPHER_KEY pWpaKey) { ULONG Now; UCHAR unicastKey = (pWpaKey->Type == PAIRWISE_KEY ? 1:0); /* Record Last MIC error time and count */ NdisGetSystemUpTime(&Now); if (pAd->StaCfg.MicErrCnt == 0) { pAd->StaCfg.MicErrCnt++; pAd->StaCfg.LastMicErrorTime = Now; NdisZeroMemory(pAd->StaCfg.ReplayCounter, 8); } else if (pAd->StaCfg.MicErrCnt == 1) { if ((pAd->StaCfg.LastMicErrorTime + (60 * OS_HZ)) < Now) { /* Update Last MIC error time, this did not violate two MIC errors within 60 seconds */ pAd->StaCfg.LastMicErrorTime = Now; } else { RTMPSendWirelessEvent(pAd, IW_COUNTER_MEASURES_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0); pAd->StaCfg.LastMicErrorTime = Now; /* Violate MIC error counts, MIC countermeasures kicks in */ pAd->StaCfg.MicErrCnt++; /* We shall block all reception We shall clean all Tx ring and disassoicate from AP after next EAPOL frame No necessary to clean all Tx ring, on RTMPHardTransmit will stop sending non-802.1X EAPOL packets if pAd->StaCfg.MicErrCnt greater than 2. */ } } else { /* MIC error count >= 2 */ /* This should not happen */ ; } MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, OID_802_11_MIC_FAILURE_REPORT_FRAME, 1, &unicastKey, 0); if (pAd->StaCfg.MicErrCnt == 2) { RTMPSetTimer(&pAd->StaCfg.WpaDisassocAndBlockAssocTimer, 100); } }
static VOID APPeerDeauthReqAction( IN PRTMP_ADAPTER pAd, IN PMLME_QUEUE_ELEM Elem) { UCHAR Addr2[MAC_ADDR_LEN]; USHORT Reason; UINT16 SeqNum; MAC_TABLE_ENTRY *pEntry; if (! PeerDeauthReqSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &SeqNum, &Reason)) return; pEntry = NULL; /*pEntry = MacTableLookup(pAd, Addr2); */ if (Elem->Wcid < MAX_LEN_OF_MAC_TABLE) { pEntry = &pAd->MacTab.Content[Elem->Wcid]; #ifdef DOT1X_SUPPORT /* Notify 802.1x daemon to clear this sta info */ if (pEntry->AuthMode == Ndis802_11AuthModeWPA || pEntry->AuthMode == Ndis802_11AuthModeWPA2 || pAd->ApCfg.MBSSID[pEntry->apidx].wdev.IEEE8021X) DOT1X_InternalCmdAction(pAd, pEntry, DOT1X_DISCONNECT_ENTRY); #endif /* DOT1X_SUPPORT */ /* send wireless event - for deauthentication */ RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG, Addr2, 0, 0); ApLogEvent(pAd, Addr2, EVENT_DISASSOCIATED); if (pEntry->CMTimerRunning == TRUE) { /* If one who initilized Counter Measure deauth itself, AP doesn't log the MICFailTime */ pAd->ApCfg.aMICFailTime = pAd->ApCfg.PrevaMICFailTime; } MacTableDeleteEntry(pAd, Elem->Wcid, Addr2); DBGPRINT(RT_DEBUG_TRACE, ("AUTH - receive DE-AUTH(seq-%d) from " "%02x:%02x:%02x:%02x:%02x:%02x, reason=%d\n", SeqNum, PRINT_MAC(Addr2), Reason)); } }
/* ========================================================================== Description: Upper Layer request to kick out a STA ========================================================================== */ static VOID APMlmeDeauthReqAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { MLME_DEAUTH_REQ_STRUCT *pInfo; HEADER_802_11 Hdr; PUCHAR pOutBuffer = NULL; NDIS_STATUS NStatus; ULONG FrameLen = 0; MAC_TABLE_ENTRY *pEntry; UCHAR apidx; pInfo = (MLME_DEAUTH_REQ_STRUCT *)Elem->Msg; if (Elem->Wcid < MAX_LEN_OF_MAC_TABLE) { pEntry = &pAd->MacTab.Content[Elem->Wcid]; if (!pEntry) return; /* send wireless event - for deauthentication */ RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG, pInfo->Addr, 0, 0); ApLogEvent(pAd, pInfo->Addr, EVENT_DISASSOCIATED); apidx = pEntry->apidx; /* 1. remove this STA from MAC table */ MacTableDeleteEntry(pAd, Elem->Wcid, pInfo->Addr); /* 2. send out DE-AUTH request frame */ NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); if (NStatus != NDIS_STATUS_SUCCESS) return; DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send DE-AUTH req to %02x:%02x:%02x:%02x:%02x:%02x\n", PRINT_MAC(pInfo->Addr))); MgtMacHeaderInit(pAd, &Hdr, SUBTYPE_DEAUTH, 0, pInfo->Addr, pAd->ApCfg.MBSSID[apidx].wdev.if_addr, pAd->ApCfg.MBSSID[apidx].wdev.bssid); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11), &Hdr, 2, &pInfo->Reason, END_OF_ARGS); MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); } }
/* ========================================================================== Description: IRQL = DISPATCH_LEVEL ========================================================================== */ VOID MlmeDeauthReqAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { MLME_DEAUTH_REQ_STRUCT *pInfo; HEADER_802_11 DeauthHdr; PUCHAR pOutBuffer = NULL; NDIS_STATUS NStatus; ULONG FrameLen = 0; USHORT Status; pInfo = (MLME_DEAUTH_REQ_STRUCT *) Elem->Msg; NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */ if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - MlmeDeauthReqAction() allocate memory fail\n")); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status = MLME_FAIL_NO_RESOURCE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DEAUTH_CONF, 2, &Status, 0); return; } #ifdef WAPI_SUPPORT WAPI_InternalCmdAction(pAd, pAd->StaCfg.AuthMode, BSS0, pAd->MlmeAux.Bssid, WAI_MLME_DISCONNECT); #endif /* WAPI_SUPPORT */ DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send DE-AUTH request (Reason=%d)...\n", pInfo->Reason)); MgtMacHeaderInit(pAd, &DeauthHdr, SUBTYPE_DEAUTH, 0, pInfo->Addr, #ifdef P2P_SUPPORT pAd->CurrentAddress, #endif /* P2P_SUPPORT */ pAd->MlmeAux.Bssid); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof (HEADER_802_11), &DeauthHdr, 2, &pInfo->Reason, END_OF_ARGS); MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); pAd->StaCfg.DeauthReason = pInfo->Reason; COPY_MAC_ADDR(pAd->StaCfg.DeauthSta, pInfo->Addr); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status = MLME_SUCCESS; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DEAUTH_CONF, 2, &Status, 0); /* send wireless event - for deauthentication */ RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG, NULL, BSS0, 0); }
/* ========================================================================== Description: IRQL = DISPATCH_LEVEL ========================================================================== */ VOID PeerDeauthAction( IN PRTMP_ADAPTER pAd, IN PMLME_QUEUE_ELEM Elem) { UCHAR Addr2[MAC_ADDR_LEN]; USHORT Reason; if (PeerDeauthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Reason)) { if (INFRA_ON(pAd) && MAC_ADDR_EQUAL(Addr2, pAd->CommonCfg.Bssid)) { DBGPRINT(RT_DEBUG_TRACE,("AUTH_RSP - receive DE-AUTH from our AP (Reason=%d)\n", Reason)); #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT { union iwreq_data wrqu; memset(wrqu.ap_addr.sa_data, 0, MAC_ADDR_LEN); wireless_send_event(pAd->net_dev, SIOCGIWAP, &wrqu, NULL); } #endif // NATIVE_WPA_SUPPLICANT_SUPPORT // // send wireless event - for deauthentication if (pAd->CommonCfg.bWirelessEvent) RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0); LinkDown(pAd, TRUE); // Authentication Mode Cisco_LEAP has start a timer // We should cancel it if using LEAP #ifdef LEAP_SUPPORT if (pAd->StaCfg.LeapAuthMode == CISCO_AuthModeLEAP) { RTMPCancelTimer(&pAd->StaCfg.LeapAuthTimer, &TimerCancelled); //Check is it mach the LEAP Authentication failed as possible a Rogue AP //on it's PortSecured not equal to WPA_802_1X_PORT_SECURED while process the Authenticaton. if ((pAd->StaCfg.PortSecured != WPA_802_1X_PORT_SECURED) && (pAd->Mlme.LeapMachine.CurrState != LEAP_IDLE)) { RogueApTableSetEntry(pAd, &pAd->StaCfg.RogueApTab, Addr2, LEAP_REASON_AUTH_TIMEOUT); } } #endif // LEAP_SUPPORT // } } else { DBGPRINT(RT_DEBUG_TRACE,("AUTH_RSP - PeerDeauthAction() sanity check fail\n")); } }
/* ========================================================================== Description: IRQL = DISPATCH_LEVEL ========================================================================== */ VOID PeerAuthRspAtSeq4Action( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { UCHAR Addr2[MAC_ADDR_LEN]; USHORT Alg, Seq, Status; /* CHAR ChlgText[CIPHER_TEXT_LEN]; */ CHAR *ChlgText = NULL; BOOLEAN TimerCancelled; /* allocate memory */ os_alloc_mem(NULL, (UCHAR **) & ChlgText, CIPHER_TEXT_LEN); if (ChlgText == NULL) { DBGPRINT(RT_DEBUG_ERROR, ("%s: ChlgText Allocate memory fail!!!\n", __FUNCTION__)); return; } if (PeerAuthSanity (pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, ChlgText)) { if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 4) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Receive AUTH_RSP seq#4 to me\n")); RTMPCancelTimer(&pAd->MlmeAux.AuthTimer, &TimerCancelled); if (Status != MLME_SUCCESS) { pAd->StaCfg.AuthFailReason = Status; COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2); RTMPSendWirelessEvent(pAd, IW_SHARED_WEP_FAIL, NULL, BSS0, 0); } pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status, 0); } } else { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - PeerAuthRspAtSeq4Action() sanity check fail\n")); } if (ChlgText != NULL) os_free_mem(NULL, ChlgText); }
void MlmeDeauthReqAction(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem) { struct rt_mlme_deauth_req *pInfo; struct rt_header_802_11 DeauthHdr; u8 *pOutBuffer = NULL; int NStatus; unsigned long FrameLen = 0; u16 Status; pInfo = (struct rt_mlme_deauth_req *)Elem->Msg; NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */ if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - MlmeDeauthReqAction() allocate memory fail\n")); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status = MLME_FAIL_NO_RESOURCE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DEAUTH_CONF, 2, &Status); return; } DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send DE-AUTH request (Reason=%d)...\n", pInfo->Reason)); MgtMacHeaderInit(pAd, &DeauthHdr, SUBTYPE_DEAUTH, 0, pInfo->Addr, pAd->MlmeAux.Bssid); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(struct rt_header_802_11), &DeauthHdr, 2, &pInfo->Reason, END_OF_ARGS); MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); pAd->StaCfg.DeauthReason = pInfo->Reason; COPY_MAC_ADDR(pAd->StaCfg.DeauthSta, pInfo->Addr); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status = MLME_SUCCESS; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DEAUTH_CONF, 2, &Status); /* send wireless event - for deauthentication */ if (pAd->CommonCfg.bWirelessEvent) RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0); }
VOID MlmeDeauthReqAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { MLME_DEAUTH_REQ_STRUCT *pInfo; HEADER_802_11 DeauthHdr; PUCHAR pOutBuffer = NULL; NDIS_STATUS NStatus; ULONG FrameLen = 0; USHORT Status; pInfo = (MLME_DEAUTH_REQ_STRUCT *)Elem->Msg; NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - MlmeDeauthReqAction() allocate memory fail\n")); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status = MLME_FAIL_NO_RESOURCE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DEAUTH_CONF, 2, &Status); return; } DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send DE-AUTH request (Reason=%d)...\n", pInfo->Reason)); MgtMacHeaderInit(pAd, &DeauthHdr, SUBTYPE_DEAUTH, 0, pInfo->Addr, pAd->MlmeAux.Bssid); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11),&DeauthHdr, 2, &pInfo->Reason, END_OF_ARGS); MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); pAd->StaCfg.DeauthReason = pInfo->Reason; COPY_MAC_ADDR(pAd->StaCfg.DeauthSta, pInfo->Addr); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status = MLME_SUCCESS; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DEAUTH_CONF, 2, &Status); if (pAd->CommonCfg.bWirelessEvent) RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0); }
static VOID APPeerAuthConfirmAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { AUTH_FRAME_INFO auth_info; PHEADER_802_11 pRcvHdr; MAC_TABLE_ENTRY *pEntry; UINT32 apidx; if (!APPeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, &auth_info)) return; apidx = get_apidx_by_addr(pAd, auth_info.addr1); if (apidx >= pAd->ApCfg.BssidNum) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Bssid not found\n")); return; } if ((pAd->ApCfg.MBSSID[apidx].wdev.if_dev != NULL) && !(RTMP_OS_NETDEV_STATE_RUNNING(pAd->ApCfg.MBSSID[apidx].wdev.if_dev))) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Bssid IF didn't up yet.\n")); return; } /* End of if */ if (Elem->Wcid >= MAX_LEN_OF_MAC_TABLE) { DBGPRINT(RT_DEBUG_ERROR, ("AUTH - Invalid wcid (%d).\n", Elem->Wcid)); return; } pEntry = &pAd->MacTab.Content[Elem->Wcid]; if (pEntry && IS_ENTRY_CLIENT(pEntry)) { if (!RTMPEqualMemory(auth_info.addr1, pAd->ApCfg.MBSSID[pEntry->func_tb_idx].wdev.bssid, MAC_ADDR_LEN)) { MacTableDeleteEntry(pAd, pEntry->wcid, pEntry->Addr); pEntry = NULL; DBGPRINT(RT_DEBUG_WARN, ("AUTH - Bssid does not match\n")); } else { if (pEntry->bIAmBadAtheros == TRUE) { AsicUpdateProtect(pAd, 8, ALLN_SETPROTECT, FALSE, FALSE); DBGPRINT(RT_DEBUG_TRACE, ("Atheros Problem. Turn on RTS/CTS!!!\n")); pEntry->bIAmBadAtheros = FALSE; } ASSERT(pEntry->Aid == Elem->Wcid); #ifdef DOT11_N_SUPPORT BASessionTearDownALL(pAd, pEntry->wcid); #endif /* DOT11_N_SUPPORT */ } } pRcvHdr = (PHEADER_802_11)(Elem->Msg); DBGPRINT(RT_DEBUG_TRACE, ("AUTH - MBSS(%d), Rcv AUTH seq#%d, Alg=%d, Status=%d from " "[wcid=%d]%02x:%02x:%02x:%02x:%02x:%02x\n", apidx, auth_info.auth_seq, auth_info.auth_alg, auth_info.auth_status, Elem->Wcid, PRINT_MAC(auth_info.addr2))); if (pEntry && MAC_ADDR_EQUAL(auth_info.addr2, pAd->ApMlmeAux.Addr)) { if ((pRcvHdr->FC.Wep == 1) && NdisEqualMemory(auth_info.Chtxt, pAd->ApMlmeAux.Challenge, CIPHER_TEXT_LEN)) { /* Successful */ APPeerAuthSimpleRspGenAndSend(pAd, pRcvHdr, auth_info.auth_alg, auth_info.auth_seq + 1, MLME_SUCCESS); pEntry->AuthState = AS_AUTH_KEY; pEntry->Sst = SST_AUTH; } else { /* send wireless event - Authentication rejected because of challenge failure */ RTMPSendWirelessEvent(pAd, IW_AUTH_REJECT_CHALLENGE_FAILURE, pEntry->Addr, 0, 0); /* fail - wep bit is not set or challenge text is not equal */ APPeerAuthSimpleRspGenAndSend(pAd, pRcvHdr, auth_info.auth_alg, auth_info.auth_seq + 1, MLME_REJ_CHALLENGE_FAILURE); MacTableDeleteEntry(pAd, pEntry->wcid, pEntry->Addr); /*Chtxt[127]='\0'; */ /*pAd->ApMlmeAux.Challenge[127]='\0'; */ DBGPRINT(RT_DEBUG_TRACE, ("%s\n", ((pRcvHdr->FC.Wep == 1) ? "challenge text is not equal" : "wep bit is not set"))); /*DBGPRINT(RT_DEBUG_TRACE, ("Sent Challenge = %s\n",&pAd->ApMlmeAux.Challenge[100])); */ /*DBGPRINT(RT_DEBUG_TRACE, ("Rcv Challenge = %s\n",&Chtxt[100])); */ } } else { /* fail for unknown reason. most likely is AuthRspAux machine be overwritten by another */ /* STA also using SHARED_KEY authentication */ APPeerAuthSimpleRspGenAndSend(pAd, pRcvHdr, auth_info.auth_alg, auth_info.auth_seq + 1, MLME_UNSPECIFY_FAIL); /* If this STA exists, delete it. */ if (pEntry) MacTableDeleteEntry(pAd, pEntry->wcid, pEntry->Addr); } }
static VOID APPeerAuthReqAtIdleAction(RTMP_ADAPTER *pAd, MLME_QUEUE_ELEM *Elem) { INT i; USHORT RspReason; AUTH_FRAME_INFO auth_info; UINT32 apidx; PHEADER_802_11 pRcvHdr; HEADER_802_11 AuthHdr; PUCHAR pOutBuffer = NULL; NDIS_STATUS NStatus; ULONG FrameLen = 0; MAC_TABLE_ENTRY *pEntry; STA_TR_ENTRY *tr_entry; UCHAR ChTxtIe = 16, ChTxtLen = CIPHER_TEXT_LEN; BSS_STRUCT *pMbss; struct wifi_dev *wdev; if (pAd->ApCfg.BANClass3Data == TRUE) { DBGPRINT(RT_DEBUG_TRACE, ("Disallow new Association\n")); return; } if (!APPeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, &auth_info)) return; /* Find which MBSSID to be authenticate */ apidx = get_apidx_by_addr(pAd, auth_info.addr1); if (apidx >= pAd->ApCfg.BssidNum) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Bssid not found\n")); return; } pMbss = &pAd->ApCfg.MBSSID[apidx]; wdev = &pMbss->wdev; ASSERT((wdev->func_idx == apidx)); if ((wdev->if_dev == NULL) || ((wdev->if_dev != NULL) && !(RTMP_OS_NETDEV_STATE_RUNNING(wdev->if_dev)))) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Bssid IF didn't up yet.\n")); return; } pEntry = MacTableLookup(pAd, auth_info.addr2); if (pEntry && IS_ENTRY_CLIENT(pEntry)) { tr_entry = &pAd->MacTab.tr_entry[pEntry->wcid]; #ifdef DOT11W_PMF_SUPPORT if ((CLIENT_STATUS_TEST_FLAG(pEntry, fCLIENT_STATUS_PMF_CAPABLE)) && (tr_entry->PortSecured == WPA_802_1X_PORT_SECURED)) goto SendAuth; #endif /* DOT11W_PMF_SUPPORT */ if (!RTMPEqualMemory(auth_info.addr1, pAd->ApCfg.MBSSID[pEntry->func_tb_idx].wdev.bssid, MAC_ADDR_LEN)) { MacTableDeleteEntry(pAd, pEntry->wcid, pEntry->Addr); pEntry = NULL; DBGPRINT(RT_DEBUG_WARN, ("AUTH - Bssid does not match\n")); } else { if (pEntry->bIAmBadAtheros == TRUE) { AsicUpdateProtect(pAd, 8, ALLN_SETPROTECT, FALSE, FALSE); DBGPRINT(RT_DEBUG_TRACE, ("Atheros Problem. Turn on RTS/CTS!!!\n")); pEntry->bIAmBadAtheros = FALSE; } #ifdef DOT11_N_SUPPORT BASessionTearDownALL(pAd, pEntry->wcid); #endif /* DOT11_N_SUPPORT */ ASSERT(pEntry->Aid == Elem->Wcid); } } #ifdef DOT11W_PMF_SUPPORT SendAuth: #endif /* DOT11W_PMF_SUPPORT */ pRcvHdr = (PHEADER_802_11)(Elem->Msg); DBGPRINT(RT_DEBUG_TRACE, ("AUTH - MBSS(%d), Rcv AUTH seq#%d, Alg=%d, Status=%d from " "[wcid=%d]%02x:%02x:%02x:%02x:%02x:%02x\n", apidx, auth_info.auth_seq, auth_info.auth_alg, auth_info.auth_status, Elem->Wcid, PRINT_MAC(auth_info.addr2))); #ifdef WSC_V2_SUPPORT /* Do not check ACL when WPS V2 is enabled and ACL policy is positive. */ if ((pMbss->WscControl.WscConfMode != WSC_DISABLE) && (pMbss->WscControl.WscV2Info.bEnableWpsV2) && (pMbss->WscControl.WscV2Info.bWpsEnable) && (pMbss->AccessControlList.Policy == 1)) ; else #endif /* WSC_V2_SUPPORT */ /* fail in ACL checking => send an AUTH-Fail seq#2. */ if (! ApCheckAccessControlList(pAd, auth_info.addr2, apidx)) { ASSERT(auth_info.auth_seq == 1); ASSERT(pEntry == NULL); APPeerAuthSimpleRspGenAndSend(pAd, pRcvHdr, auth_info.auth_alg, auth_info.auth_seq + 1, MLME_UNSPECIFY_FAIL); /* If this STA exists, delete it. */ if (pEntry) MacTableDeleteEntry(pAd, pEntry->wcid, pEntry->Addr); RTMPSendWirelessEvent(pAd, IW_MAC_FILTER_LIST_EVENT_FLAG, auth_info.addr2, wdev->wdev_idx, 0); DBGPRINT(RT_DEBUG_TRACE, ("Failed in ACL checking => send an AUTH seq#2 with " "Status code = %d\n", MLME_UNSPECIFY_FAIL)); return; } if ((auth_info.auth_alg == AUTH_MODE_OPEN) && (pMbss->wdev.AuthMode != Ndis802_11AuthModeShared)) { if (!pEntry) pEntry = MacTableInsertEntry(pAd, auth_info.addr2, wdev, ENTRY_CLIENT, OPMODE_AP, TRUE); if (pEntry) { tr_entry = &pAd->MacTab.tr_entry[pEntry->wcid]; #ifdef DOT11W_PMF_SUPPORT if (!(CLIENT_STATUS_TEST_FLAG(pEntry, fCLIENT_STATUS_PMF_CAPABLE)) || (tr_entry->PortSecured != WPA_802_1X_PORT_SECURED)) #endif /* DOT11W_PMF_SUPPORT */ { pEntry->AuthState = AS_AUTH_OPEN; pEntry->Sst = SST_AUTH; /* what if it already in SST_ASSOC ??????? */ } APPeerAuthSimpleRspGenAndSend(pAd, pRcvHdr, auth_info.auth_alg, auth_info.auth_seq + 1, MLME_SUCCESS); } else ; /* MAC table full, what should we respond ????? */ } else if ((auth_info.auth_alg == AUTH_MODE_KEY) && ((wdev->AuthMode == Ndis802_11AuthModeShared) || (wdev->AuthMode == Ndis802_11AuthModeAutoSwitch))) { if (!pEntry) pEntry = MacTableInsertEntry(pAd, auth_info.addr2, wdev, ENTRY_CLIENT, OPMODE_AP, TRUE); if (pEntry) { pEntry->AuthState = AS_AUTHENTICATING; pEntry->Sst = SST_NOT_AUTH; /* what if it already in SST_ASSOC ??????? */ /* log this STA in AuthRspAux machine, only one STA is stored. If two STAs using */ /* SHARED_KEY authentication mingled together, then the late comer will win. */ COPY_MAC_ADDR(&pAd->ApMlmeAux.Addr, auth_info.addr2); for(i=0; i<CIPHER_TEXT_LEN; i++) pAd->ApMlmeAux.Challenge[i] = RandomByte(pAd); RspReason = 0; auth_info.auth_seq++; NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); if(NStatus != NDIS_STATUS_SUCCESS) return; /* if no memory, can't do anything */ DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send AUTH seq#2 (Challenge)\n")); MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, auth_info.addr2, wdev->if_addr, wdev->bssid); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11), &AuthHdr, 2, &auth_info.auth_alg, 2, &auth_info.auth_seq, 2, &RspReason, 1, &ChTxtIe, 1, &ChTxtLen, CIPHER_TEXT_LEN, pAd->ApMlmeAux.Challenge, END_OF_ARGS); MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); } else ; /* MAC table full, what should we respond ???? */ } else { /* wrong algorithm */ APPeerAuthSimpleRspGenAndSend(pAd, pRcvHdr, auth_info.auth_alg, auth_info.auth_seq + 1, MLME_ALG_NOT_SUPPORT); /* If this STA exists, delete it. */ if (pEntry) MacTableDeleteEntry(pAd, pEntry->wcid, pEntry->Addr); DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Alg=%d, Seq=%d, AuthMode=%d\n", auth_info.auth_alg, auth_info.auth_seq, pAd->ApCfg.MBSSID[apidx].wdev.AuthMode)); } }
static VOID APPeerDeauthReqAction( IN PRTMP_ADAPTER pAd, IN PMLME_QUEUE_ELEM Elem) { UCHAR Addr2[MAC_ADDR_LEN]; UINT16 Reason, SeqNum; MAC_TABLE_ENTRY *pEntry; if (! PeerDeauthReqSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &SeqNum, &Reason)) return; pEntry = NULL; /*pEntry = MacTableLookup(pAd, Addr2); */ if (Elem->Wcid < MAX_LEN_OF_MAC_TABLE) { pEntry = &pAd->MacTab.Content[Elem->Wcid]; //JERRY { BSS_STRUCT *pMbss = &pAd->ApCfg.MBSSID[pEntry->apidx]; PFRAME_802_11 Fr = (PFRAME_802_11)Elem->Msg; unsigned char *tmp = (unsigned char *)pMbss->wdev.bssid; unsigned char *tmp2 = (unsigned char *)&Fr->Hdr.Addr1; if (memcmp(&Fr->Hdr.Addr1, pMbss->wdev.bssid, 6) != 0) { printk("da not match bssid,bssid:0x%02x%02x%02x%02x%02x%02x, addr1:0x%02x%02x%02x%02x%02x%02x\n",*tmp, *(tmp+1), *(tmp+2), *(tmp+3), *(tmp+4), *(tmp+5), *tmp2, *(tmp2+1), *(tmp2+2), *(tmp2+3), *(tmp2+4), *(tmp2+5)); return; } else printk("da match,0x%02x%02x%02x%02x%02x%02x\n", *tmp, *(tmp+1), *(tmp+2), *(tmp+3), *(tmp+4), *(tmp+5)); } #ifdef DOT1X_SUPPORT /* Notify 802.1x daemon to clear this sta info */ if (pEntry->AuthMode == Ndis802_11AuthModeWPA || pEntry->AuthMode == Ndis802_11AuthModeWPA2 || pAd->ApCfg.MBSSID[pEntry->func_tb_idx].wdev.IEEE8021X) DOT1X_InternalCmdAction(pAd, pEntry, DOT1X_DISCONNECT_ENTRY); #endif /* DOT1X_SUPPORT */ #ifdef WAPI_SUPPORT WAPI_InternalCmdAction(pAd, pEntry->AuthMode, pEntry->func_tb_idx, pEntry->Addr, WAI_MLME_DISCONNECT); #endif /* WAPI_SUPPORT */ /* send wireless event - for deauthentication */ RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG, Addr2, 0, 0); ApLogEvent(pAd, Addr2, EVENT_DISASSOCIATED); if (pEntry->CMTimerRunning == TRUE) { /* If one who initilized Counter Measure deauth itself, AP doesn't log the MICFailTime */ pAd->ApCfg.aMICFailTime = pAd->ApCfg.PrevaMICFailTime; } MacTableDeleteEntry(pAd, Elem->Wcid, Addr2); DBGPRINT(RT_DEBUG_TRACE, ("AUTH - receive DE-AUTH(seq-%d) from " "%02x:%02x:%02x:%02x:%02x:%02x, reason=%d\n", SeqNum, PRINT_MAC(Addr2), Reason)); #ifdef MAC_REPEATER_SUPPORT if (pAd->ApCfg.bMACRepeaterEn == TRUE) { UCHAR apCliIdx, CliIdx; REPEATER_CLIENT_ENTRY *pReptEntry = NULL; pReptEntry = RTMPLookupRepeaterCliEntry(pAd, TRUE, Addr2); if (pReptEntry && (pReptEntry->CliConnectState != 0)) { apCliIdx = pReptEntry->MatchApCliIdx; CliIdx = pReptEntry->MatchLinkIdx; MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_DISCONNECT_REQ, 0, NULL, (64 + MAX_EXT_MAC_ADDR_SIZE*apCliIdx + CliIdx)); RTMP_MLME_HANDLER(pAd); RTMPRemoveRepeaterEntry(pAd, apCliIdx, CliIdx); } } #endif /* MAC_REPEATER_SUPPORT */ } }
static VOID APPeerAuthReqAtIdleAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { INT i; USHORT Seq, Alg, RspReason, Status; UCHAR Addr1[MAC_ADDR_LEN]; UCHAR Addr2[MAC_ADDR_LEN]; CHAR Chtxt[CIPHER_TEXT_LEN]; UINT32 apidx; PHEADER_802_11 pRcvHdr; HEADER_802_11 AuthHdr; PUCHAR pOutBuffer = NULL; NDIS_STATUS NStatus; ULONG FrameLen = 0; MAC_TABLE_ENTRY *pEntry; UCHAR ChTxtIe = 16, ChTxtLen = CIPHER_TEXT_LEN; MULTISSID_STRUCT *pMbss; struct wifi_dev *wdev; CHAR rssi; if (! APPeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr1, Addr2, &Alg, &Seq, &Status, Chtxt )) return; /* Find which MBSSID to be authenticate */ apidx = get_apidx_by_addr(pAd, Addr1); if (apidx >= pAd->ApCfg.BssidNum) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Bssid not found\n")); return; } pMbss = &pAd->ApCfg.MBSSID[apidx]; wdev = &pMbss->wdev; if ((wdev->if_dev == NULL) || ((wdev->if_dev != NULL) && !(RTMP_OS_NETDEV_STATE_RUNNING(wdev->if_dev)))) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Bssid IF didn't up yet.\n")); return; } pEntry = MacTableLookup(pAd, Addr2); if (pEntry && IS_ENTRY_CLIENT(pEntry)) { #ifdef DOT11W_PMF_SUPPORT if ((CLIENT_STATUS_TEST_FLAG(pEntry, fCLIENT_STATUS_PMF_CAPABLE)) && (pEntry->PortSecured == WPA_802_1X_PORT_SECURED)) goto SendAuth; #endif /* DOT11W_PMF_SUPPORT */ if (!RTMPEqualMemory(Addr1, pAd->ApCfg.MBSSID[pEntry->apidx].wdev.bssid, MAC_ADDR_LEN)) { MacTableDeleteEntry(pAd, pEntry->wcid, pEntry->Addr); pEntry = NULL; DBGPRINT(RT_DEBUG_WARN, ("AUTH - Bssid does not match\n")); } else { if (pEntry->bIAmBadAtheros == TRUE) { AsicUpdateProtect(pAd, 8, ALLN_SETPROTECT, FALSE, FALSE); DBGPRINT(RT_DEBUG_TRACE, ("Atheros Problem. Turn on RTS/CTS!!!\n")); pEntry->bIAmBadAtheros = FALSE; } #ifdef DOT11_N_SUPPORT BASessionTearDownALL(pAd, pEntry->wcid); #endif /* DOT11_N_SUPPORT */ ASSERT(pEntry->Aid == Elem->Wcid); } } #ifdef DOT11W_PMF_SUPPORT SendAuth: #endif /* DOT11W_PMF_SUPPORT */ pRcvHdr = (PHEADER_802_11)(Elem->Msg); DBGPRINT(RT_DEBUG_TRACE, ("AUTH - MBSS(%d), Rcv AUTH seq#%d, Alg=%d, Status=%d from " "[wcid=%d]%02x:%02x:%02x:%02x:%02x:%02x\n", apidx, Seq, Alg, Status, Elem->Wcid, PRINT_MAC(Addr2))); /* YF@20130102: Refuse the weak signal of AuthReq */ rssi = RTMPMaxRssi(pAd, ConvertToRssi(pAd, (CHAR)Elem->Rssi0, RSSI_0), ConvertToRssi(pAd, (CHAR)Elem->Rssi1, RSSI_1), ConvertToRssi(pAd, (CHAR)Elem->Rssi2, RSSI_2)); DBGPRINT(RT_DEBUG_TRACE, ("%s: AUTH_FAIL_REQ Threshold = %d, AUTH_NO_RSP_REQ Threshold = %d, AUTH RSSI = %d\n", wdev->if_dev->name, pMbss->AuthFailRssiThreshold, pMbss->AuthNoRspRssiThreshold, rssi)); if (((pMbss->AuthFailRssiThreshold != 0) && (rssi < pMbss->AuthFailRssiThreshold)) || ((pMbss->AuthNoRspRssiThreshold != 0) && (rssi < pMbss->AuthNoRspRssiThreshold))) { DBGPRINT(RT_DEBUG_TRACE, ("Reject this AUTH_REQ due to Weak Signal.\n")); if ((pMbss->AuthFailRssiThreshold != 0) && (rssi < pMbss->AuthFailRssiThreshold)) APPeerAuthSimpleRspGenAndSend(pAd, pRcvHdr, Alg, Seq + 1, MLME_UNSPECIFY_FAIL); /* If this STA exists, delete it. */ if (pEntry) MacTableDeleteEntry(pAd, pEntry->Aid, pEntry->Addr); RTMPSendWirelessEvent(pAd, IW_MAC_FILTER_LIST_EVENT_FLAG, Addr2, apidx, 0); return; } /* fail in ACL checking => send an AUTH-Fail seq#2. */ if (! ApCheckAccessControlList(pAd, Addr2, apidx)) { ASSERT(Seq == 1); ASSERT(pEntry == NULL); APPeerAuthSimpleRspGenAndSend(pAd, pRcvHdr, Alg, Seq + 1, MLME_UNSPECIFY_FAIL); /* If this STA exists, delete it. */ if (pEntry) MacTableDeleteEntry(pAd, pEntry->wcid, pEntry->Addr); RTMPSendWirelessEvent(pAd, IW_MAC_FILTER_LIST_EVENT_FLAG, Addr2, apidx, 0); DBGPRINT(RT_DEBUG_TRACE, ("Failed in ACL checking => send an AUTH seq#2 with " "Status code = %d\n", MLME_UNSPECIFY_FAIL)); return; } if ((Alg == AUTH_MODE_OPEN) && (pMbss->wdev.AuthMode != Ndis802_11AuthModeShared)) { if (!pEntry) pEntry = MacTableInsertEntry(pAd, Addr2, wdev, apidx, OPMODE_AP, TRUE); if (pEntry) { #ifdef DOT11W_PMF_SUPPORT if (!(CLIENT_STATUS_TEST_FLAG(pEntry, fCLIENT_STATUS_PMF_CAPABLE)) || (pEntry->PortSecured != WPA_802_1X_PORT_SECURED)) #endif /* DOT11W_PMF_SUPPORT */ { pEntry->AuthState = AS_AUTH_OPEN; pEntry->Sst = SST_AUTH; /* what if it already in SST_ASSOC ??????? */ } APPeerAuthSimpleRspGenAndSend(pAd, pRcvHdr, Alg, Seq + 1, MLME_SUCCESS); } else ; /* MAC table full, what should we respond ????? */ } else if ((Alg == AUTH_MODE_KEY) && ((wdev->AuthMode == Ndis802_11AuthModeShared) || (wdev->AuthMode == Ndis802_11AuthModeAutoSwitch))) { if (!pEntry) pEntry = MacTableInsertEntry(pAd, Addr2, wdev, apidx, OPMODE_AP, TRUE); if (pEntry) { pEntry->AuthState = AS_AUTHENTICATING; pEntry->Sst = SST_NOT_AUTH; /* what if it already in SST_ASSOC ??????? */ /* log this STA in AuthRspAux machine, only one STA is stored. If two STAs using */ /* SHARED_KEY authentication mingled together, then the late comer will win. */ COPY_MAC_ADDR(&pAd->ApMlmeAux.Addr, Addr2); for(i=0; i<CIPHER_TEXT_LEN; i++) pAd->ApMlmeAux.Challenge[i] = RandomByte(pAd); RspReason = 0; Seq++; NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); if(NStatus != NDIS_STATUS_SUCCESS) return; /* if no memory, can't do anything */ DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send AUTH seq#2 (Challenge)\n")); MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr2, wdev->if_addr, wdev->bssid); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11), &AuthHdr, 2, &Alg, 2, &Seq, 2, &RspReason, 1, &ChTxtIe, 1, &ChTxtLen, CIPHER_TEXT_LEN, pAd->ApMlmeAux.Challenge, END_OF_ARGS); MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); } else ; /* MAC table full, what should we respond ???? */ } else { /* wrong algorithm */ APPeerAuthSimpleRspGenAndSend(pAd, pRcvHdr, Alg, Seq + 1, MLME_ALG_NOT_SUPPORT); /* If this STA exists, delete it. */ if (pEntry) MacTableDeleteEntry(pAd, pEntry->wcid, pEntry->Addr); DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Alg=%d, Seq=%d, AuthMode=%d\n", Alg, Seq, pAd->ApCfg.MBSSID[apidx].wdev.AuthMode)); } }
/* ========================================================================== Description: Check validity of the received RSNIE. Return: status code ========================================================================== */ UINT APValidateRSNIE( IN struct rtmp_adapter * pAd, IN PMAC_TABLE_ENTRY pEntry, IN u8 * pRsnIe, IN u8 rsnie_len) { UINT StatusCode = MLME_SUCCESS; PEID_STRUCT eid_ptr; INT apidx; PMULTISSID_STRUCT pMbss; if (rsnie_len == 0) return MLME_SUCCESS; eid_ptr = (PEID_STRUCT)pRsnIe; if ((eid_ptr->Len + 2) != rsnie_len) { DBGPRINT(RT_DEBUG_ERROR, ("[ERROR]APValidateRSNIE : the len is invalid !!!\n")); return MLME_UNSPECIFY_FAIL; } apidx = pEntry->apidx; pMbss = &pAd->ApCfg.MBSSID[apidx]; /* check group cipher */ if (!RTMPCheckMcast(pAd, eid_ptr, pEntry)) { DBGPRINT(RT_DEBUG_ERROR, ("[ERROR]APValidateRSNIE : invalid group cipher !!!\n")); StatusCode = MLME_INVALID_GROUP_CIPHER; } /* Check pairwise cipher */ else if (!RTMPCheckUcast(pAd, eid_ptr, pEntry)) { DBGPRINT(RT_DEBUG_ERROR, ("[ERROR]APValidateRSNIE : invalid pairwise cipher !!!\n")); StatusCode = MLME_INVALID_PAIRWISE_CIPHER; } /* Check AKM */ else if (!RTMPCheckAUTH(pAd, eid_ptr, pEntry)) { DBGPRINT(RT_DEBUG_ERROR, ("[ERROR]APValidateRSNIE : invalid AKM !!!\n")); StatusCode = MLME_INVALID_AKMP; } if (StatusCode != MLME_SUCCESS) { /* send wireless event - for RSN IE sanity check fail */ RTMPSendWirelessEvent(pAd, IW_RSNIE_SANITY_FAIL_EVENT_FLAG, pEntry->Addr, 0, 0); DBGPRINT(RT_DEBUG_ERROR, ("%s : invalid status code(%d) !!!\n", __FUNCTION__, StatusCode)); } else { u8 CipherAlg = CIPHER_NONE; if (pEntry->WepStatus == Ndis802_11WEPEnabled) CipherAlg = CIPHER_WEP64; else if (pEntry->WepStatus == Ndis802_11TKIPEnable) CipherAlg = CIPHER_TKIP; else if (pEntry->WepStatus == Ndis802_11AESEnable) CipherAlg = CIPHER_AES; DBGPRINT(RT_DEBUG_TRACE, ("%s : (AID#%d WepStatus=%s)\n", __FUNCTION__, pEntry->Aid, CipherName[CipherAlg])); } return StatusCode; }
/* ======================================================================== Routine Description: Handle a alarm. Arguments: pAd - WLAN control block pointer Return Value: None Note: You can use different methods to handle QBSS Load alarm here. Current methods are: 1. Change 20/40 to 20-only. 2. Change channel to the clear channel. ======================================================================== */ static VOID QBSS_LoadAlarm( IN RTMP_ADAPTER *pAd) { /* suspend alarm until channel switch */ QBSS_LoadAlarmSuspend(pAd); pAd->QloadAlarmNumber ++; /* check if we have already been 20M bandwidth */ #ifdef DOT11_N_SUPPORT #ifdef DOT11N_DRAFT3 if ((pAd->CommonCfg.AddHTInfo.AddHtInfo.ExtChanOffset != 0) && (pAd->CommonCfg.AddHTInfo.AddHtInfo.RecomWidth != 0)) { MAC_TABLE *pMacTable; UINT32 StaId; DBGPRINT(RT_DEBUG_TRACE, ("qbss> Alarm! Change to 20 bw...\n")); /* disassociate stations without D3 2040Coexistence function */ pMacTable = &pAd->MacTab; for(StaId=1; StaId<MAX_LEN_OF_MAC_TABLE; StaId++) { MAC_TABLE_ENTRY *pEntry = &pMacTable->Content[StaId]; BOOLEAN bDisconnectSta = FALSE; if (!IS_ENTRY_CLIENT(pEntry)) continue; /* End of if */ if (pEntry->Sst != SST_ASSOC) continue; /* End of if */ if (pEntry->BSS2040CoexistenceMgmtSupport) bDisconnectSta = TRUE; /* End of if */ if (bDisconnectSta) { /* send wireless event - for ageout */ RTMPSendWirelessEvent(pAd, IW_AGEOUT_EVENT_FLAG, pEntry->Addr, 0, 0); { PUCHAR pOutBuffer = NULL; NDIS_STATUS NStatus; ULONG FrameLen = 0; HEADER_802_11 DeAuthHdr; USHORT Reason; /* send out a DISASSOC request frame */ NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, (" MlmeAllocateMemory fail ..\n")); /*NdisReleaseSpinLock(&pAd->MacTabLock); */ continue; } Reason = REASON_DEAUTH_STA_LEAVING; MgtMacHeaderInit(pAd, &DeAuthHdr, SUBTYPE_DEAUTH, 0, pEntry->Addr, #ifdef P2P_SUPPORT pAd->ApCfg.MBSSID[pEntry->apidx].Bssid, #endif /* P2P_SUPPORT */ pAd->ApCfg.MBSSID[pEntry->apidx].Bssid); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11), &DeAuthHdr, 2, &Reason, END_OF_ARGS); MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); } DBGPRINT(RT_DEBUG_TRACE, ("qbss> Alarm! Deauth the station " "%02x:%02x:%02x:%02x:%02x:%02x\n", pEntry->Addr[0], pEntry->Addr[1], pEntry->Addr[2], pEntry->Addr[3], pEntry->Addr[4], pEntry->Addr[5])); MacTableDeleteEntry(pAd, pEntry->Aid, pEntry->Addr); continue; } /* End of if */ } /* End of for */ /* for 11n */ pAd->CommonCfg.AddHTInfo.AddHtInfo.RecomWidth = 0; pAd->CommonCfg.AddHTInfo.AddHtInfo.ExtChanOffset = 0; /* always 20M */ pAd->CommonCfg.RegTransmitSetting.field.BW = BW_20; /* mark alarm flag */ pAd->FlgQloadAlarm = TRUE; QBSS_LoadAlarmResume(pAd); } else #endif /* DOT11N_DRAFT3 */ #endif /* DOT11_N_SUPPORT */ { /* we are in 20MHz bandwidth so try to switch channel */ DBGPRINT(RT_DEBUG_TRACE, ("qbss> Alarm! Switch channel...\n")); /* send command to switch channel */ RTEnqueueInternalCmd(pAd, CMDTHREAD_CHAN_RESCAN, NULL, 0); } /* End of if */ } /* End of QBSS_LoadAlarm */
/* ======================================================================== Routine Description: Check Rx descriptor, return NDIS_STATUS_FAILURE if any error dound Arguments: pRxD Pointer to the Rx descriptor Return Value: NDIS_STATUS_SUCCESS No err NDIS_STATUS_FAILURE Error Note: ======================================================================== */ NDIS_STATUS RTMPCheckRxError( IN RTMP_ADAPTER *pAd, IN PHEADER_802_11 pHeader, IN RXWI_STRUC *pRxWI, IN RXINFO_STRUC *pRxInfo) { PCIPHER_KEY pWpaKey; INT dBm; if(pRxInfo == NULL) return(NDIS_STATUS_FAILURE); /* Phy errors & CRC errors*/ if (pRxInfo->Crc) { /* Check RSSI for Noise Hist statistic collection.*/ dBm = (INT) (pRxWI->RxWIRSSI0) - pAd->BbpRssiToDbmDelta; if (dBm <= -87) pAd->StaCfg.RPIDensity[0] += 1; else if (dBm <= -82) pAd->StaCfg.RPIDensity[1] += 1; else if (dBm <= -77) pAd->StaCfg.RPIDensity[2] += 1; else if (dBm <= -72) pAd->StaCfg.RPIDensity[3] += 1; else if (dBm <= -67) pAd->StaCfg.RPIDensity[4] += 1; else if (dBm <= -62) pAd->StaCfg.RPIDensity[5] += 1; else if (dBm <= -57) pAd->StaCfg.RPIDensity[6] += 1; else if (dBm > -57) pAd->StaCfg.RPIDensity[7] += 1; return(NDIS_STATUS_FAILURE); } /* Add Rx size to channel load counter, we should ignore error counts*/ pAd->StaCfg.CLBusyBytes += (pRxWI->RxWIMPDUByteCnt + 14); #ifndef CLIENT_WDS if (pHeader->FC.ToDs ) { DBGPRINT_RAW(RT_DEBUG_ERROR, ("Err;FC.ToDs\n")); return NDIS_STATUS_FAILURE; } #endif /* CLIENT_WDS */ /* Paul 04-03 for OFDM Rx length issue*/ if (pRxWI->RxWIMPDUByteCnt > MAX_AGGREGATION_SIZE) { DBGPRINT_RAW(RT_DEBUG_ERROR, ("received packet too long\n")); return NDIS_STATUS_FAILURE; } /* Drop not U2M frames, cant's drop here because we will drop beacon in this case*/ /* I am kind of doubting the U2M bit operation*/ /* if (pRxD->U2M == 0)*/ /* return(NDIS_STATUS_FAILURE);*/ /* drop decyption fail frame*/ if (pRxInfo->Decrypted && pRxInfo->CipherErr) { if (((pRxInfo->CipherErr & 1) == 1) && INFRA_ON(pAd)) RTMPSendWirelessEvent(pAd, IW_ICV_ERROR_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0); if (((pRxInfo->CipherErr & 2) == 2) && INFRA_ON(pAd)) RTMPSendWirelessEvent(pAd, IW_MIC_ERROR_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0); /* MIC Error*/ if ((pRxInfo->CipherErr == 2) && pRxInfo->MyBss) { pWpaKey = &pAd->SharedKey[BSS0][pRxWI->RxWIKeyIndex]; #ifdef WPA_SUPPLICANT_SUPPORT if (pAd->StaCfg.WpaSupplicantUP) WpaSendMicFailureToWpaSupplicant(pAd->net_dev, (pWpaKey->Type == PAIRWISEKEY) ? TRUE:FALSE); else #endif /* WPA_SUPPLICANT_SUPPORT */ RTMPReportMicError(pAd, pWpaKey); DBGPRINT_RAW(RT_DEBUG_ERROR,("Rx MIC Value error\n")); } if (pRxInfo->Decrypted && (pAd->SharedKey[BSS0][pRxWI->RxWIKeyIndex].CipherAlg == CIPHER_AES) && (pHeader->Sequence == pAd->FragFrame.Sequence)) { /* Acceptable since the First FragFrame no CipherErr problem.*/ return(NDIS_STATUS_SUCCESS); } return(NDIS_STATUS_FAILURE); } return(NDIS_STATUS_SUCCESS); }
/* ======================================================================== Routine Description: Parse KEYDATA field. KEYDATA[] May contain 2 RSN IE and optionally GTK. GTK is encaptulated in KDE format at p.83 802.11i D10 Arguments: Return Value: Note: 802.11i D10 ======================================================================== */ BOOLEAN RTMPParseEapolKeyData( IN PRTMP_ADAPTER pAd, IN PUCHAR pKeyData, IN UCHAR KeyDataLen, IN UCHAR GroupKeyIndex, IN UCHAR MsgType, IN BOOLEAN bWPA2, IN MAC_TABLE_ENTRY *pEntry) { PKDE_ENCAP pKDE = NULL; PUCHAR pMyKeyData = pKeyData; UCHAR KeyDataLength = KeyDataLen; UCHAR GTKLEN = 0; UCHAR DefaultIdx = 0; UCHAR skip_offset; // Verify The RSN IE contained in pairewise_msg_2 && pairewise_msg_3 and skip it if (MsgType == EAPOL_PAIR_MSG_2 || MsgType == EAPOL_PAIR_MSG_3) { // Check RSN IE whether it is WPA2/WPA2PSK if (!RTMPCheckRSNIE(pAd, pKeyData, KeyDataLen, pEntry, &skip_offset)) { // send wireless event - for RSN IE different if (pAd->CommonCfg.bWirelessEvent) RTMPSendWirelessEvent(pAd, IW_RSNIE_DIFF_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0); DBGPRINT(RT_DEBUG_ERROR, ("RSN_IE Different in msg %d of 4-way handshake!\n", MsgType)); hex_dump("Receive RSN_IE ", pKeyData, KeyDataLen); hex_dump("Desired RSN_IE ", pEntry->RSN_IE, pEntry->RSNIE_Len); return FALSE; } else { if (bWPA2 && MsgType == EAPOL_PAIR_MSG_3) { // skip RSN IE pMyKeyData += skip_offset; KeyDataLength -= skip_offset; DBGPRINT(RT_DEBUG_TRACE, ("RTMPParseEapolKeyData ==> WPA2/WPA2PSK RSN IE matched in Msg 3, Length(%d) \n", skip_offset)); } else return TRUE; } } DBGPRINT(RT_DEBUG_TRACE,("RTMPParseEapolKeyData ==> KeyDataLength %d without RSN_IE \n", KeyDataLength)); // Parse EKD format in pairwise_msg_3_WPA2 && group_msg_1_WPA2 if (bWPA2 && (MsgType == EAPOL_PAIR_MSG_3 || MsgType == EAPOL_GROUP_MSG_1)) { if (KeyDataLength >= 8) // KDE format exclude GTK length { pKDE = (PKDE_ENCAP) pMyKeyData; DefaultIdx = pKDE->GTKEncap.Kid; // Sanity check - KED length if (KeyDataLength < (pKDE->Len + 2)) { DBGPRINT(RT_DEBUG_ERROR, ("ERROR: The len from KDE is too short \n")); return FALSE; } // Get GTK length - refer to IEEE 802.11i-2004 p.82 GTKLEN = pKDE->Len -6; if (GTKLEN < LEN_AES_KEY) { DBGPRINT(RT_DEBUG_ERROR, ("ERROR: GTK Key length is too short (%d) \n", GTKLEN)); return FALSE; } } else { DBGPRINT(RT_DEBUG_ERROR, ("ERROR: KDE format length is too short \n")); return FALSE; } DBGPRINT(RT_DEBUG_TRACE, ("GTK in KDE format ,DefaultKeyID=%d, KeyLen=%d \n", DefaultIdx, GTKLEN)); // skip it pMyKeyData += 8; KeyDataLength -= 8; } else if (!bWPA2 && MsgType == EAPOL_GROUP_MSG_1) { DefaultIdx = GroupKeyIndex; DBGPRINT(RT_DEBUG_TRACE, ("GTK DefaultKeyID=%d \n", DefaultIdx)); } // Sanity check - shared key index must be 1 ~ 3 if (DefaultIdx < 1 || DefaultIdx > 3) { DBGPRINT(RT_DEBUG_ERROR, ("ERROR: GTK Key index(%d) is invalid in %s %s \n", DefaultIdx, ((bWPA2) ? "WPA2" : "WPA"), GetEapolMsgType(MsgType))); return FALSE; } #ifdef CONFIG_STA_SUPPORT // Todo #endif // CONFIG_STA_SUPPORT // return TRUE; }
/* ========================================================================== Description: IRQL = DISPATCH_LEVEL ========================================================================== */ VOID PeerDeauthAction( IN PRTMP_ADAPTER pAd, IN PMLME_QUEUE_ELEM Elem) { UCHAR Addr1[MAC_ADDR_LEN]; UCHAR Addr2[MAC_ADDR_LEN]; UCHAR Addr3[MAC_ADDR_LEN]; USHORT Reason; BOOLEAN bDoIterate = FALSE; if (PeerDeauthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr1, Addr2, Addr3, &Reason)) { if (INFRA_ON(pAd) && (MAC_ADDR_EQUAL(Addr1, pAd->CurrentAddress) || MAC_ADDR_EQUAL(Addr1, BROADCAST_ADDR)) && MAC_ADDR_EQUAL(Addr2, pAd->CommonCfg.Bssid) && MAC_ADDR_EQUAL(Addr3, pAd->CommonCfg.Bssid) ) { DBGPRINT(RT_DEBUG_TRACE,("AUTH_RSP - receive DE-AUTH from our AP (Reason=%d)\n", Reason)); if (Reason == REASON_4_WAY_TIMEOUT) RTMPSendWirelessEvent(pAd, IW_PAIRWISE_HS_TIMEOUT_EVENT_FLAG, NULL, 0, 0); if (Reason == REASON_GROUP_KEY_HS_TIMEOUT) RTMPSendWirelessEvent(pAd, IW_GROUP_HS_TIMEOUT_EVENT_FLAG, NULL, 0, 0); #ifdef WAPI_SUPPORT WAPI_InternalCmdAction(pAd, pAd->StaCfg.AuthMode, BSS0, Addr2, WAI_MLME_DISCONNECT); #endif // WAPI_SUPPORT // #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT RtmpOSWrielessEventSend(pAd->net_dev, RT_WLAN_EVENT_CGIWAP, -1, NULL, NULL, 0); #endif // NATIVE_WPA_SUPPLICANT_SUPPORT // // send wireless event - for deauthentication RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG, NULL, BSS0, 0); #ifdef WPA_SUPPLICANT_SUPPORT if ((pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE) && (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) && (pAd->StaCfg.PortSecured == WPA_802_1X_PORT_SECURED)) pAd->StaCfg.bLostAp = TRUE; #endif // WPA_SUPPLICANT_SUPPORT // /* Some customer would set AP1 & AP2 same SSID, AuthMode & EncrypType but different WPAPSK, therefore we need to do iterate here. */ if ((pAd->StaCfg.PortSecured == WPA_802_1X_PORT_NOT_SECURED) && ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK)) #ifdef WSC_STA_SUPPORT && (pAd->StaCfg.WscControl.WscState < WSC_STATE_LINK_UP) #endif // WSC_STA_SUPPORT // ) bDoIterate = TRUE; LinkDown(pAd, TRUE); if (bDoIterate) { pAd->MlmeAux.BssIdx++; IterateOnBssTab(pAd); } } #ifdef ADHOC_WPA2PSK_SUPPORT else if (ADHOC_ON(pAd) && (MAC_ADDR_EQUAL(Addr1, pAd->CurrentAddress) || MAC_ADDR_EQUAL(Addr1, BROADCAST_ADDR))) { MAC_TABLE_ENTRY *pEntry; pEntry = MacTableLookup(pAd, Addr2); if (pEntry && IS_ENTRY_CLIENT(pEntry)) MacTableDeleteEntry(pAd, pEntry->Aid, pEntry->Addr); DBGPRINT(RT_DEBUG_TRACE,("AUTH_RSP - receive DE-AUTH from %02x:%02x:%02x:%02x:%02x:%02x \n", PRINT_MAC(Addr2))); } #endif // ADHOC_WPA2PSK_SUPPORT // } else { DBGPRINT(RT_DEBUG_TRACE,("AUTH_RSP - PeerDeauthAction() sanity check fail\n")); } }
static VOID APPeerDeauthReqAction( IN PRTMP_ADAPTER pAd, IN PMLME_QUEUE_ELEM Elem) { UCHAR Addr2[MAC_ADDR_LEN]; USHORT Reason; UINT16 SeqNum; MAC_TABLE_ENTRY *pEntry; if (! PeerDeauthReqSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &SeqNum, &Reason)) return; pEntry = NULL; /*pEntry = MacTableLookup(pAd, Addr2); */ if (Elem->Wcid < MAX_LEN_OF_MAC_TABLE) { pEntry = &pAd->MacTab.Content[Elem->Wcid]; #ifdef DOT1X_SUPPORT /* Notify 802.1x daemon to clear this sta info */ if (pEntry->AuthMode == Ndis802_11AuthModeWPA || pEntry->AuthMode == Ndis802_11AuthModeWPA2 || pAd->ApCfg.MBSSID[pEntry->apidx].IEEE8021X) DOT1X_InternalCmdAction(pAd, pEntry, DOT1X_DISCONNECT_ENTRY); #endif /* DOT1X_SUPPORT */ #ifdef WAPI_SUPPORT WAPI_InternalCmdAction(pAd, pEntry->AuthMode, pEntry->apidx, pEntry->Addr, WAI_MLME_DISCONNECT); #endif /* WAPI_SUPPORT */ /* send wireless event - for deauthentication */ RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG, Addr2, 0, 0); ApLogEvent(pAd, Addr2, EVENT_DISASSOCIATED); if (pEntry->CMTimerRunning == TRUE) { /* If one who initilized Counter Measure deauth itself, AP doesn't log the MICFailTime */ pAd->ApCfg.aMICFailTime = pAd->ApCfg.PrevaMICFailTime; } MacTableDeleteEntry(pAd, Elem->Wcid, Addr2); DBGPRINT(RT_DEBUG_TRACE, // ("AUTH - receive DE-AUTH(seq-%d) from " "%02x:%02x:%02x:%02x:%02x:%02x, reason=%d\n", SeqNum, Addr2[0], Addr2[1], Addr2[2], Addr2[3], Addr2[4], Addr2[5], Reason)); #ifdef MAC_REPEATER_SUPPORT if (pAd->ApCfg.bMACRepeaterEn == TRUE) { UCHAR apCliIdx, CliIdx; REPEATER_CLIENT_ENTRY *pReptEntry = NULL; pReptEntry = RTMPLookupRepeaterCliEntry(pAd, TRUE, Addr2); if (pReptEntry && (pReptEntry->CliConnectState != 0)) { apCliIdx = pReptEntry->MatchApCliIdx; CliIdx = pReptEntry->MatchLinkIdx; MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_DISCONNECT_REQ, 0, NULL, (64 + MAX_EXT_MAC_ADDR_SIZE*apCliIdx + CliIdx)); RTMP_MLME_HANDLER(pAd); RTMPRemoveRepeaterEntry(pAd, apCliIdx, CliIdx); } } #endif /* MAC_REPEATER_SUPPORT */ } }
/* ========================================================================== Description: Upper layer issues disassoc request Parameters: Elem - ========================================================================== */ static VOID ApCliMlmeDisassocReqAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { PMLME_DISASSOC_REQ_STRUCT pDisassocReq; HEADER_802_11 DisassocHdr; PUCHAR pOutBuffer = NULL; ULONG FrameLen = 0; NDIS_STATUS NStatus; APCLI_CTRL_MSG_STRUCT ApCliCtrlMsg; USHORT ifIndex = (USHORT)(Elem->Priv); PULONG pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].AssocCurrState; /* skip sanity check */ pDisassocReq = (PMLME_DISASSOC_REQ_STRUCT)(Elem->Msg); /* allocate and send out DeassocReq frame */ NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */ if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - ApCliMlmeDisassocReqAction() allocate memory failed\n")); *pCurrState = APCLI_ASSOC_IDLE; ApCliCtrlMsg.Status = MLME_FAIL_NO_RESOURCE; MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_DEASSOC_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); return; } DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - Send DISASSOC request [BSSID::%02x:%02x:%02x:%02x:%02x:%02x] \n", pDisassocReq->Addr[0], pDisassocReq->Addr[1], pDisassocReq->Addr[2], pDisassocReq->Addr[3], pDisassocReq->Addr[4], pDisassocReq->Addr[5])); ApCliMgtMacHeaderInit(pAd, &DisassocHdr, SUBTYPE_DISASSOC, 0, pDisassocReq->Addr, pDisassocReq->Addr, ifIndex); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11), &DisassocHdr, 2, &pDisassocReq->Reason, END_OF_ARGS); MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); /* Set the control aux SSID to prevent it reconnect to old SSID Since calling this indicate user don't want to connect to that SSID anymore. 2004-11-10 can't reset this info, cause it may be the new SSID that user requests for */ /* pAd->MlmeAux.SsidLen = MAX_LEN_OF_SSID; NdisZeroMemory(pAd->MlmeAux.Ssid, MAX_LEN_OF_SSID); NdisZeroMemory(pAd->MlmeAux.Bssid, MAC_ADDR_LEN); pAd->PortCfg.DisassocReason = REASON_DISASSOC_STA_LEAVING; COPY_MAC_ADDR(pAd->PortCfg.DisassocSta, pDisassocReq->Addr); */ *pCurrState = APCLI_ASSOC_IDLE; ApCliCtrlMsg.Status = MLME_SUCCESS; MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_DEASSOC_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); #ifdef APCLI_WPA_SUPPLICANT_SUPPORT if (pAd->ApCfg.ApCliTab[ifIndex].WpaSupplicantUP != WPA_SUPPLICANT_DISABLE) { /*send disassociate event to wpa_supplicant*/ RtmpOSWrielessEventSend(pAd->net_dev, RT_WLAN_EVENT_CUSTOM, RT_DISASSOC_EVENT_FLAG, NULL, NULL, 0); } RtmpOSWrielessEventSend(pAd->net_dev, SIOCGIWAP, -1, NULL, NULL, 0); RTMPSendWirelessEvent(pAd, IW_DISASSOC_EVENT_FLAG, NULL, BSS0, 0); #endif /*APCLI_WPA_SUPPLICANT_SUPPORT*/ return; }
VOID WPARetryExec( IN PVOID SystemSpecific1, IN PVOID FunctionContext, IN PVOID SystemSpecific2, IN PVOID SystemSpecific3) { MAC_TABLE_ENTRY *pEntry = (MAC_TABLE_ENTRY *)FunctionContext; if ((pEntry) && IS_ENTRY_CLIENT(pEntry)) { struct rtmp_adapter *pAd = (struct rtmp_adapter *)pEntry->pAd; pEntry->ReTryCounter++; DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec---> ReTryCounter=%d, WpaState=%d \n", pEntry->ReTryCounter, pEntry->WpaState)); switch (pEntry->AuthMode) { case Ndis802_11AuthModeWPA: case Ndis802_11AuthModeWPAPSK: case Ndis802_11AuthModeWPA2: case Ndis802_11AuthModeWPA2PSK: /* 1. GTK already retried, give up and disconnect client. */ if (pEntry->ReTryCounter > (GROUP_MSG1_RETRY_TIMER_CTR + 1)) { /* send wireless event - for group key handshaking timeout */ RTMPSendWirelessEvent(pAd, IW_GROUP_HS_TIMEOUT_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0); DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::Group Key HS exceed retry count, Disassociate client, pEntry->ReTryCounter %d\n", pEntry->ReTryCounter)); MlmeDeAuthAction(pAd, pEntry, REASON_GROUP_KEY_HS_TIMEOUT, false); } /* 2. Retry GTK. */ else if (pEntry->ReTryCounter > GROUP_MSG1_RETRY_TIMER_CTR) { DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::ReTry 2-way group-key Handshake \n")); if (pEntry->GTKState == REKEY_NEGOTIATING) { WPAStart2WayGroupHS(pAd, pEntry); RTMPSetTimer(&pEntry->RetryTimer, PEER_MSG3_RETRY_EXEC_INTV); } } /* 3. 4-way message 1 retried more than three times. Disconnect client */ else if (pEntry->ReTryCounter > (PEER_MSG1_RETRY_TIMER_CTR + 3)) { /* send wireless event - for pairwise key handshaking timeout */ RTMPSendWirelessEvent(pAd, IW_PAIRWISE_HS_TIMEOUT_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0); DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::MSG1 timeout, pEntry->ReTryCounter = %d\n", pEntry->ReTryCounter)); MlmeDeAuthAction(pAd, pEntry, REASON_4_WAY_TIMEOUT, false); } /* 4. Retry 4 way message 1, the last try, the timeout is 3 sec for EAPOL-Start */ else if (pEntry->ReTryCounter == (PEER_MSG1_RETRY_TIMER_CTR + 3)) { DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::Retry MSG1, the last try\n")); WPAStart4WayHS(pAd , pEntry, PEER_MSG3_RETRY_EXEC_INTV); } /* 4. Retry 4 way message 1 */ else if (pEntry->ReTryCounter < (PEER_MSG1_RETRY_TIMER_CTR + 3)) { if ((pEntry->WpaState == AS_PTKSTART) || (pEntry->WpaState == AS_INITPSK) || (pEntry->WpaState == AS_INITPMK)) { DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::ReTry MSG1 of 4-way Handshake\n")); WPAStart4WayHS(pAd, pEntry, PEER_MSG1_RETRY_EXEC_INTV); } } break; default: break; } } }
/* ========================================================================== Description: Function to handle countermeasures active attack. Init 60-sec timer if necessary. Return: ========================================================================== */ VOID HandleCounterMeasure(struct rtmp_adapter *pAd, MAC_TABLE_ENTRY *pEntry) { INT i; bool Cancelled; if (!pEntry) return; /* Todo by AlbertY - Not support currently in ApClient-link */ if (IS_ENTRY_APCLI(pEntry)) return; /* if entry not set key done, ignore this RX MIC ERROR */ if ((pEntry->WpaState < AS_PTKINITDONE) || (pEntry->GTKState != REKEY_ESTABLISHED)) return; DBGPRINT(RT_DEBUG_TRACE, ("HandleCounterMeasure ===> \n")); /* record which entry causes this MIC error, if this entry sends disauth/disassoc, AP doesn't need to log the CM */ pEntry->CMTimerRunning = true; pAd->ApCfg.MICFailureCounter++; /* send wireless event - for MIC error */ RTMPSendWirelessEvent(pAd, IW_MIC_ERROR_EVENT_FLAG, pEntry->Addr, 0, 0); if (pAd->ApCfg.CMTimerRunning == true) { DBGPRINT(RT_DEBUG_ERROR, ("Receive CM Attack Twice within 60 seconds ====>>> \n")); /* send wireless event - for counter measures */ RTMPSendWirelessEvent(pAd, IW_COUNTER_MEASURES_EVENT_FLAG, pEntry->Addr, 0, 0); ApLogEvent(pAd, pEntry->Addr, EVENT_COUNTER_M); /* renew GTK */ GenRandom(pAd, pAd->ApCfg.MBSSID[pEntry->apidx].wdev.bssid, pAd->ApCfg.MBSSID[pEntry->apidx].GNonce); /* Cancel CounterMeasure Timer */ RTMPCancelTimer(&pAd->ApCfg.CounterMeasureTimer, &Cancelled); pAd->ApCfg.CMTimerRunning = false; for (i = 0; i < MAX_LEN_OF_MAC_TABLE; i++) { /* happened twice within 60 sec, AP SENDS disaccociate all associated STAs. All STA's transition to State 2 */ if (IS_ENTRY_CLIENT(&pAd->MacTab.Content[i])) { MlmeDeAuthAction(pAd, &pAd->MacTab.Content[i], REASON_MIC_FAILURE, false); } } /* Further, ban all Class 3 DATA transportation for a period 0f 60 sec disallow new association , too */ pAd->ApCfg.BANClass3Data = true; /* check how many entry left... should be zero */ /*pAd->ApCfg.MBSSID[pEntry->apidx].GKeyDoneStations = pAd->MacTab.Size; */ /*DBGPRINT(RT_DEBUG_TRACE, ("GKeyDoneStations=%d \n", pAd->ApCfg.MBSSID[pEntry->apidx].GKeyDoneStations)); */ } RTMPSetTimer(&pAd->ApCfg.CounterMeasureTimer, 60 * MLME_TASK_EXEC_INTV * MLME_TASK_EXEC_MULTIPLE); pAd->ApCfg.CMTimerRunning = true; pAd->ApCfg.PrevaMICFailTime = pAd->ApCfg.aMICFailTime; RTMP_GetCurrentSystemTime(&pAd->ApCfg.aMICFailTime); }
/* ========================================================================== Description: Upper layer issues disassoc request Parameters: Elem - ========================================================================== */ static VOID ApCliMlmeDisassocReqAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { PMLME_DISASSOC_REQ_STRUCT pDisassocReq; HEADER_802_11 DisassocHdr; PUCHAR pOutBuffer = NULL; ULONG FrameLen = 0; NDIS_STATUS NStatus; APCLI_CTRL_MSG_STRUCT ApCliCtrlMsg; USHORT ifIndex = (USHORT)(Elem->Priv); PULONG pCurrState = NULL; #ifdef MAC_REPEATER_SUPPORT UCHAR CliIdx = 0xFF; #endif /* MAC_REPEATER_SUPPORT */ if ((ifIndex >= MAX_APCLI_NUM) #ifdef MAC_REPEATER_SUPPORT && (ifIndex < 64) #endif /* MAC_REPEATER_SUPPORT */ ) return; #ifdef MAC_REPEATER_SUPPORT if (ifIndex >= 64) { CliIdx = ((ifIndex - 64) % 16); ifIndex = ((ifIndex - 64) / 16); pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].AssocCurrState; } else #endif /* MAC_REPEATER_SUPPORT */ pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].AssocCurrState; /* skip sanity check */ pDisassocReq = (PMLME_DISASSOC_REQ_STRUCT)(Elem->Msg); /* allocate and send out DeassocReq frame */ NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */ if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - ApCliMlmeDisassocReqAction() allocate memory failed\n")); *pCurrState = APCLI_ASSOC_IDLE; ApCliCtrlMsg.Status = MLME_FAIL_NO_RESOURCE; #ifdef MAC_REPEATER_SUPPORT ApCliCtrlMsg.BssIdx = ifIndex; ApCliCtrlMsg.CliIdx = CliIdx; ifIndex = (USHORT)(Elem->Priv); #endif /* MAC_REPEATER_SUPPORT */ MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_DEASSOC_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); return; } DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - Send DISASSOC request [BSSID::%02x:%02x:%02x:%02x:%02x:%02x] \n", pDisassocReq->Addr[0], pDisassocReq->Addr[1], pDisassocReq->Addr[2], pDisassocReq->Addr[3], pDisassocReq->Addr[4], pDisassocReq->Addr[5])); ApCliMgtMacHeaderInit(pAd, &DisassocHdr, SUBTYPE_DISASSOC, 0, pDisassocReq->Addr, pDisassocReq->Addr, ifIndex); #ifdef MAC_REPEATER_SUPPORT if (CliIdx != 0xFF) { COPY_MAC_ADDR(DisassocHdr.Addr2, pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].CurrentAddress); COPY_MAC_ADDR(DisassocHdr.Addr2, pDisassocReq->Addr2); } #endif /* MAC_REPEATER_SUPPORT */ MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11), &DisassocHdr, 2, &pDisassocReq->Reason, END_OF_ARGS); MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); *pCurrState = APCLI_ASSOC_IDLE; ApCliCtrlMsg.Status = MLME_SUCCESS; #ifdef MAC_REPEATER_SUPPORT ApCliCtrlMsg.BssIdx = ifIndex; ApCliCtrlMsg.CliIdx = CliIdx; ifIndex = (USHORT)(Elem->Priv); #endif /* MAC_REPEATER_SUPPORT */ MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_DEASSOC_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); #ifdef APCLI_WPA_SUPPLICANT_SUPPORT if (pAd->ApCfg.ApCliTab[ifIndex].WpaSupplicantUP != WPA_SUPPLICANT_DISABLE) { /*send disassociate event to wpa_supplicant*/ RtmpOSWrielessEventSend(pAd->net_dev, RT_WLAN_EVENT_CUSTOM, RT_DISASSOC_EVENT_FLAG, NULL, NULL, 0); } RtmpOSWrielessEventSend(pAd->net_dev, SIOCGIWAP, -1, NULL, NULL, 0); RTMPSendWirelessEvent(pAd, IW_DISASSOC_EVENT_FLAG, NULL, BSS0, 0); #endif /*APCLI_WPA_SUPPLICANT_SUPPORT*/ return; }
/* ======================================================================== Routine Description: Check Rx descriptor, return NDIS_STATUS_FAILURE if any error dound Arguments: pRxD Pointer to the Rx descriptor Return Value: NDIS_STATUS_SUCCESS No err NDIS_STATUS_FAILURE Error Note: ======================================================================== */ NDIS_STATUS RTMPCheckRxError( IN PRTMP_ADAPTER pAd, IN PHEADER_802_11 pHeader, IN PRXWI_STRUC pRxWI, IN PRT28XX_RXD_STRUC pRxD) { PCIPHER_KEY pWpaKey; INT dBm; // Phy errors & CRC errors if (/*(pRxD->PhyErr) ||*/ (pRxD->Crc)) { // Check RSSI for Noise Hist statistic collection. dBm = (INT) (pRxWI->RSSI0) - pAd->BbpRssiToDbmDelta; if (dBm <= -87) pAd->StaCfg.RPIDensity[0] += 1; else if (dBm <= -82) pAd->StaCfg.RPIDensity[1] += 1; else if (dBm <= -77) pAd->StaCfg.RPIDensity[2] += 1; else if (dBm <= -72) pAd->StaCfg.RPIDensity[3] += 1; else if (dBm <= -67) pAd->StaCfg.RPIDensity[4] += 1; else if (dBm <= -62) pAd->StaCfg.RPIDensity[5] += 1; else if (dBm <= -57) pAd->StaCfg.RPIDensity[6] += 1; else if (dBm > -57) pAd->StaCfg.RPIDensity[7] += 1; return(NDIS_STATUS_FAILURE); } // Add Rx size to channel load counter, we should ignore error counts pAd->StaCfg.CLBusyBytes += (pRxD->SDL0 + 14); // Drop ToDs promiscous frame, it is opened due to CCX 2 channel load statistics if (pHeader != NULL) { #ifndef CLIENT_WDS if (pHeader->FC.ToDs ) { return(NDIS_STATUS_FAILURE); } #endif // CLIENT_WDS // } // Drop not U2M frames, cant's drop here because we will drop beacon in this case // I am kind of doubting the U2M bit operation // if (pRxD->U2M == 0) // return(NDIS_STATUS_FAILURE); // drop decyption fail frame if (pRxD->CipherErr) { if (pRxD->CipherErr == 2) {DBGPRINT_RAW(RT_DEBUG_TRACE,("pRxD ERROR: ICV ok but MICErr "));} else if (pRxD->CipherErr == 1) {DBGPRINT_RAW(RT_DEBUG_TRACE,("pRxD ERROR: ICV Err "));} else if (pRxD->CipherErr == 3) DBGPRINT_RAW(RT_DEBUG_TRACE,("pRxD ERROR: Key not valid ")); if (((pRxD->CipherErr & 1) == 1) && INFRA_ON(pAd)) RTMPSendWirelessEvent(pAd, IW_ICV_ERROR_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0); DBGPRINT_RAW(RT_DEBUG_TRACE,(" %d (len=%d, Mcast=%d, MyBss=%d, Wcid=%d, KeyId=%d)\n", pRxD->CipherErr, pRxD->SDL0, pRxD->Mcast | pRxD->Bcast, pRxD->MyBss, pRxWI->WirelessCliID, // CipherName[pRxD->CipherAlg], pRxWI->KeyIndex)); // // MIC Error // if (pRxD->CipherErr == 2) { pWpaKey = &pAd->SharedKey[BSS0][pRxWI->KeyIndex]; #ifdef WPA_SUPPLICANT_SUPPORT if (pAd->StaCfg.WpaSupplicantUP) WpaSendMicFailureToWpaSupplicant(pAd, (pWpaKey->Type == PAIRWISEKEY) ? TRUE:FALSE); else #endif // WPA_SUPPLICANT_SUPPORT // RTMPReportMicError(pAd, pWpaKey); if (((pRxD->CipherErr & 2) == 2) && INFRA_ON(pAd)) RTMPSendWirelessEvent(pAd, IW_MIC_ERROR_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0); DBGPRINT_RAW(RT_DEBUG_ERROR,("Rx MIC Value error\n")); } if (pHeader == NULL) return(NDIS_STATUS_SUCCESS); /*if ((pRxD->CipherAlg == CIPHER_AES) && (pHeader->Sequence == pAd->FragFrame.Sequence)) { // // Acceptable since the First FragFrame no CipherErr problem. // return(NDIS_STATUS_SUCCESS); }*/ return(NDIS_STATUS_FAILURE); } return(NDIS_STATUS_SUCCESS); }
VOID ap_cmm_peer_assoc_req_action( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem, IN BOOLEAN isReassoc) { IE_LISTS *ie_list = NULL; HEADER_802_11 AssocRspHdr; USHORT CapabilityInfoForAssocResp; USHORT StatusCode = MLME_SUCCESS; USHORT Aid; PUCHAR pOutBuffer = NULL; NDIS_STATUS NStatus; ULONG FrameLen = 0; UCHAR MaxSupportedRate = 0; UCHAR SupRateLen, PhyMode, FlgIs11bSta; UCHAR i; MAC_TABLE_ENTRY *pEntry; #ifdef DBG UCHAR *sAssoc = isReassoc ? (PUCHAR)"ReASSOC" : (PUCHAR)"ASSOC"; #endif /* DBG */ UCHAR SubType; BOOLEAN bACLReject = FALSE; #ifdef DOT1X_SUPPORT PUINT8 pPmkid = NULL; UINT8 pmkid_count = 0; #endif /* DOT1X_SUPPORT */ MULTISSID_STRUCT *wdev; /* allocate memory */ os_alloc_mem(NULL, (UCHAR **)&ie_list, sizeof(IE_LISTS)); if (ie_list == NULL) { DBGPRINT(RT_DEBUG_ERROR, ("%s(): mem alloc failed\n", __FUNCTION__)); return; } NdisZeroMemory(ie_list, sizeof(IE_LISTS)); if (!PeerAssocReqCmmSanity(pAd, isReassoc, Elem->Msg, Elem->MsgLen, ie_list)) goto LabelOK; /* check if AP address is same as us */ /* TODO */ /* goto label_err; */ pEntry = MacTableLookup(pAd, ie_list->Addr2); if (!pEntry) { DBGPRINT(RT_DEBUG_ERROR, ("NoAuth MAC - %02x:%02x:%02x:%02x:%02x:%02x\n", PRINT_MAC(ie_list->Addr2))); goto LabelOK; } if (!VALID_MBSS(pAd, pEntry->apidx)) { DBGPRINT(RT_DEBUG_ERROR, ("%s():pEntry bounding invalid wdev(apidx=%d)\n", __FUNCTION__, pEntry->apidx)); goto LabelOK; } wdev = &pAd->ApCfg.MBSSID[pEntry->apidx]; PhyMode = wdev->PhyMode; FlgIs11bSta = 1; for(i=0; i<ie_list->SupportedRatesLen; i++) { if (((ie_list->SupportedRates[i] & 0x7F) != 2) && ((ie_list->SupportedRates[i] & 0x7F) != 4) && ((ie_list->SupportedRates[i] & 0x7F) != 11) && ((ie_list->SupportedRates[i] & 0x7F) != 22)) { FlgIs11bSta = 0; break; } } /* clear the previous Pairwise key table */ if(pEntry->Aid != 0 && (pEntry->WepStatus >= Ndis802_11Encryption2Enabled #ifdef DOT1X_SUPPORT || wdev->IEEE8021X #endif /* DOT1X_SUPPORT */ )) { /* clear GTK state */ pEntry->GTKState = REKEY_NEGOTIATING; NdisZeroMemory(&pEntry->PairwiseKey, sizeof(CIPHER_KEY)); /* clear this entry as no-security mode */ AsicRemovePairwiseKeyEntry(pAd, pEntry->Aid); #ifdef DOT1X_SUPPORT /* Notify 802.1x daemon to clear this sta info */ if (pEntry->AuthMode == Ndis802_11AuthModeWPA || pEntry->AuthMode == Ndis802_11AuthModeWPA2 || wdev->IEEE8021X) DOT1X_InternalCmdAction(pAd, pEntry, DOT1X_DISCONNECT_ENTRY); #endif /* DOT1X_SUPPORT */ } /* for hidden SSID sake, SSID in AssociateRequest should be fully verified */ if ((ie_list->SsidLen != wdev->SsidLen) || (NdisEqualMemory(ie_list->Ssid, wdev->Ssid, ie_list->SsidLen)==0)) goto LabelOK; /* set a flag for sending Assoc-Fail response to unwanted STA later. */ if (! ApCheckAccessControlList(pAd, ie_list->Addr2, pEntry->apidx)) bACLReject = TRUE; DBGPRINT(RT_DEBUG_TRACE, ("%s - MBSS(%d), receive %s request from %02x:%02x:%02x:%02x:%02x:%02x\n", sAssoc, pEntry->apidx, sAssoc, PRINT_MAC(ie_list->Addr2))); /* supported rates array may not be sorted. sort it and find the maximum rate */ for (i=0; i<ie_list->SupportedRatesLen; i++) { if (MaxSupportedRate < (ie_list->SupportedRates[i] & 0x7f)) MaxSupportedRate = ie_list->SupportedRates[i] & 0x7f; } /* Assign RateLen here or we will select wrong rate table in APBuildAssociation() when 11N compile option is disabled. */ pEntry->RateLen = ie_list->SupportedRatesLen; RTMPSetSupportMCS(pAd, OPMODE_AP, pEntry, ie_list->SupportedRates, ie_list->SupportedRatesLen, NULL, 0, #ifdef DOT11_VHT_AC ie_list->vht_cap_len, &ie_list->vht_cap, #endif /* DOT11_VHT_AC */ &ie_list->HTCapability, ie_list->ht_cap_len); /* 2. qualify this STA's auth_asoc status in the MAC table, decide StatusCode */ StatusCode = APBuildAssociation(pAd, pEntry, ie_list, MaxSupportedRate, &Aid); #ifdef DOT11_VHT_AC if (ie_list->vht_cap_len) { VHT_CAP_INFO *vht_cap = &ie_list->vht_cap.vht_cap; //+++Add by shiang for debug if (WMODE_CAP_AC(pAd->CommonCfg.PhyMode)) { DBGPRINT(RT_DEBUG_TRACE, ("%s():Peer is VHT capable device!\n", __FUNCTION__)); //dump_vht_cap(pAd, &ie_list->vht_cap); } //---Add by shiang for debug } #endif /* DOT11_VHT_AC */ if (StatusCode == MLME_ASSOC_REJ_DATA_RATE) RTMPSendWirelessEvent(pAd, IW_STA_MODE_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0); /* 3. send Association Response */ NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); if (NStatus != NDIS_STATUS_SUCCESS) goto LabelOK; DBGPRINT(RT_DEBUG_TRACE, ("%s - Send %s response (Status=%d)...\n", sAssoc, sAssoc, StatusCode)); Aid |= 0xc000; /* 2 most significant bits should be ON */ SubType = isReassoc ? SUBTYPE_REASSOC_RSP : SUBTYPE_ASSOC_RSP; CapabilityInfoForAssocResp = wdev->CapabilityInfo; /*use AP's cability */ /* fail in ACL checking => send an Assoc-Fail resp. */ SupRateLen = pAd->CommonCfg.SupRateLen; /* TODO: need to check rate in support rate element, not number */ if (FlgIs11bSta == 1) SupRateLen = 4; if (bACLReject == TRUE) { MgtMacHeaderInit(pAd, &AssocRspHdr, SubType, 0, ie_list->Addr2, wdev->Bssid); StatusCode = MLME_UNSPECIFY_FAIL; MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11), &AssocRspHdr, 2, &CapabilityInfoForAssocResp, 2, &StatusCode, 2, &Aid, 1, &SupRateIe, 1, &SupRateLen, SupRateLen, pAd->CommonCfg.SupRate, END_OF_ARGS); MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, (PVOID) pOutBuffer); RTMPSendWirelessEvent(pAd, IW_MAC_FILTER_LIST_EVENT_FLAG, ie_list->Addr2, pEntry->apidx, 0); goto LabelOK; } MgtMacHeaderInit(pAd, &AssocRspHdr, SubType, 0, ie_list->Addr2, wdev->Bssid); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11), &AssocRspHdr, 2, &CapabilityInfoForAssocResp, 2, &StatusCode, 2, &Aid, 1, &SupRateIe, 1, &SupRateLen, SupRateLen, pAd->CommonCfg.SupRate, END_OF_ARGS); if ((pAd->CommonCfg.ExtRateLen) && (PhyMode != WMODE_B) && (FlgIs11bSta == 0)) { ULONG TmpLen; MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen, 1, &ExtRateIe, 1, &pAd->CommonCfg.ExtRateLen, pAd->CommonCfg.ExtRateLen, pAd->CommonCfg.ExtRate, END_OF_ARGS); FrameLen += TmpLen; } /* add WMM IE here */ if (wdev->bWmmCapable && CLIENT_STATUS_TEST_FLAG(pEntry, fCLIENT_STATUS_WMM_CAPABLE)) { ULONG TmpLen; UCHAR WmeParmIe[26] = {IE_VENDOR_SPECIFIC, 24, 0x00, 0x50, 0xf2, 0x02, 0x01, 0x01, 0, 0}; WmeParmIe[8] = pAd->ApCfg.BssEdcaParm.EdcaUpdateCount & 0x0f; #ifdef UAPSD_SUPPORT UAPSD_MR_IE_FILL(WmeParmIe[8], &wdev->UapsdInfo); #endif /* UAPSD_SUPPORT */ for (i=QID_AC_BE; i<=QID_AC_VO; i++) { WmeParmIe[10+ (i*4)] = (i << 5) + /* b5-6 is ACI */ ((UCHAR)pAd->ApCfg.BssEdcaParm.bACM[i] << 4) + /* b4 is ACM */ (pAd->ApCfg.BssEdcaParm.Aifsn[i] & 0x0f); /* b0-3 is AIFSN */ WmeParmIe[11+ (i*4)] = (pAd->ApCfg.BssEdcaParm.Cwmax[i] << 4) + /* b5-8 is CWMAX */ (pAd->ApCfg.BssEdcaParm.Cwmin[i] & 0x0f); /* b0-3 is CWMIN */ WmeParmIe[12+ (i*4)] = (UCHAR)(pAd->ApCfg.BssEdcaParm.Txop[i] & 0xff); /* low byte of TXOP */ WmeParmIe[13+ (i*4)] = (UCHAR)(pAd->ApCfg.BssEdcaParm.Txop[i] >> 8); /* high byte of TXOP */ } MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen, 26, WmeParmIe, END_OF_ARGS); FrameLen += TmpLen; }
/* ======================================================================== Routine Description: Check Rx descriptor, return NDIS_STATUS_FAILURE if any error found ======================================================================== */ INT RTMPCheckRxError(RTMP_ADAPTER *pAd, HEADER_802_11 *pHeader, RX_BLK *pRxBlk, IN RXINFO_STRUC *pRxInfo) { if(pRxInfo == NULL) return NDIS_STATUS_FAILURE; /* Phy errors & CRC errors*/ if (pRxInfo->Crc) { INT dBm = (pRxBlk->rssi[0]) - pAd->BbpRssiToDbmDelta; /* Check RSSI for Noise Hist statistic collection.*/ if (dBm <= -87) pAd->StaCfg.RPIDensity[0] += 1; else if (dBm <= -82) pAd->StaCfg.RPIDensity[1] += 1; else if (dBm <= -77) pAd->StaCfg.RPIDensity[2] += 1; else if (dBm <= -72) pAd->StaCfg.RPIDensity[3] += 1; else if (dBm <= -67) pAd->StaCfg.RPIDensity[4] += 1; else if (dBm <= -62) pAd->StaCfg.RPIDensity[5] += 1; else if (dBm <= -57) pAd->StaCfg.RPIDensity[6] += 1; else if (dBm > -57) pAd->StaCfg.RPIDensity[7] += 1; return NDIS_STATUS_FAILURE; } /* Add Rx size to channel load counter, we should ignore error counts*/ //pAd->StaCfg.CLBusyBytes += (pRxBlk->MPDUtotalByteCnt + 14); /* Drop ToDs promiscous frame, it is opened due to CCX 2 channel load statistics*/ if (pHeader != NULL) { if (pHeader->FC.ToDs) { return NDIS_STATUS_FAILURE; } } /* Paul 04-03 for OFDM Rx length issue*/ if (pRxBlk->MPDUtotalByteCnt > MAX_AGGREGATION_SIZE) { DBGPRINT(RT_DEBUG_ERROR, ("received packet too long\n")); return NDIS_STATUS_FAILURE; } /* Drop not U2M frames, cant's drop here because we will drop beacon in this case I am kind of doubting the U2M bit operation */ /* if (pRxInfo->U2M == 0) return NDIS_STATUS_FAILURE; */ /* drop decyption fail frame*/ if (pRxInfo->Decrypted && pRxInfo->CipherErr) { if (pRxInfo->CipherErr == 2) {DBGPRINT(RT_DEBUG_TRACE,("RxErr: ICV ok but MICErr"));} else if (pRxInfo->CipherErr == 1) {DBGPRINT(RT_DEBUG_TRACE,("RxErr: ICV Err"));} else if (pRxInfo->CipherErr == 3) DBGPRINT(RT_DEBUG_TRACE,("RxErr: Key not valid")); if (INFRA_ON(pAd) && pRxInfo->MyBss) { if ((pRxInfo->CipherErr & 1) == 1) { RTMPSendWirelessEvent(pAd, IW_ICV_ERROR_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0); } /* MIC Error*/ if (pRxInfo->CipherErr == 2) { CIPHER_KEY *pWpaKey = &pAd->SharedKey[BSS0][pRxBlk->key_idx]; #ifdef WPA_SUPPLICANT_SUPPORT if (pAd->StaCfg.wpa_supplicant_info.WpaSupplicantUP) WpaSendMicFailureToWpaSupplicant(pAd->net_dev,pHeader->Addr2, (pWpaKey->Type == PAIRWISEKEY) ? TRUE:FALSE, (INT) pRxBlk->key_idx, NULL); else #endif /* WPA_SUPPLICANT_SUPPORT */ RTMPReportMicError(pAd, pWpaKey); RTMPSendWirelessEvent(pAd, IW_MIC_ERROR_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0); } } DBGPRINT(RT_DEBUG_TRACE, ("%s(): %d (len=%d, Mcast=%d, MyBss=%d, Wcid=%d, KeyId=%d)\n", __FUNCTION__, pRxInfo->CipherErr, pRxBlk->MPDUtotalByteCnt, pRxInfo->Mcast | pRxInfo->Bcast, pRxInfo->MyBss, pRxBlk->wcid, pRxBlk->key_idx)); #ifdef DBG dump_rxinfo(pAd, pRxInfo); dump_rxwi(pAd, pRxBlk->pRxWI); hex_dump("ErrorPkt", (UCHAR *)pHeader, pRxBlk->MPDUtotalByteCnt); #endif if (pHeader == NULL) return NDIS_STATUS_SUCCESS; return NDIS_STATUS_FAILURE; } return NDIS_STATUS_SUCCESS; }
/* ========================================================================== Description: Scan next channel ========================================================================== */ VOID ScanNextChannel( IN PRTMP_ADAPTER pAd) { HEADER_802_11 Hdr80211; PUCHAR pOutBuffer = NULL; NDIS_STATUS NStatus; ULONG FrameLen = 0; UCHAR SsidLen = 0, ScanType = pAd->MlmeAux.ScanType, BBPValue = 0; #ifdef CONFIG_STA_SUPPORT USHORT Status; PHEADER_802_11 pHdr80211; #endif // CONFIG_STA_SUPPORT // UINT ScanTimeIn5gChannel = SHORT_CHANNEL_TIME; #ifdef CONFIG_STA_SUPPORT IF_DEV_CONFIG_OPMODE_ON_STA(pAd) { if (MONITOR_ON(pAd)) return; } #endif // CONFIG_STA_SUPPORT // #ifdef RALINK_ATE // Nothing to do in ATE mode. if (ATE_ON(pAd)) return; #endif // RALINK_ATE // if (pAd->MlmeAux.Channel == 0) { if ((pAd->CommonCfg.BBPCurrentBW == BW_40) && ( #ifdef CONFIG_STA_SUPPORT INFRA_ON(pAd) || ADHOC_ON(pAd) || #endif // CONFIG_STA_SUPPORT // (0))) { AsicSwitchChannel(pAd, pAd->CommonCfg.CentralChannel, FALSE); AsicLockChannel(pAd, pAd->CommonCfg.CentralChannel); RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue); BBPValue &= (~0x18); BBPValue |= 0x10; RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue); DBGPRINT(RT_DEBUG_TRACE, ("SYNC - End of SCAN, restore to 40MHz channel %d, Total BSS[%02d]\n",pAd->CommonCfg.CentralChannel, pAd->ScanTab.BssNr)); } else { AsicSwitchChannel(pAd, pAd->CommonCfg.Channel, FALSE); AsicLockChannel(pAd, pAd->CommonCfg.Channel); DBGPRINT(RT_DEBUG_TRACE, ("SYNC - End of SCAN, restore to channel %d, Total BSS[%02d]\n",pAd->CommonCfg.Channel, pAd->ScanTab.BssNr)); } #ifdef CONFIG_STA_SUPPORT IF_DEV_CONFIG_OPMODE_ON_STA(pAd) { /* If all peer Ad-hoc clients leave, driver would do LinkDown and LinkUp. In LinkUp, CommonCfg.Ssid would copy SSID from MlmeAux. To prevent SSID is zero or wrong in Beacon, need to recover MlmeAux.SSID here. */ if (ADHOC_ON(pAd)) { NdisZeroMemory(pAd->MlmeAux.Ssid, MAX_LEN_OF_SSID); pAd->MlmeAux.SsidLen = pAd->CommonCfg.SsidLen; NdisMoveMemory(pAd->MlmeAux.Ssid, pAd->CommonCfg.Ssid, pAd->CommonCfg.SsidLen); } // // To prevent data lost. // Send an NULL data with turned PSM bit on to current associated AP before SCAN progress. // Now, we need to send an NULL data with turned PSM bit off to AP, when scan progress done // if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED) && (INFRA_ON(pAd))) { NStatus = MlmeAllocateMemory(pAd, (PVOID)&pOutBuffer); if (NStatus == NDIS_STATUS_SUCCESS) { pHdr80211 = (PHEADER_802_11) pOutBuffer; MgtMacHeaderInit(pAd, pHdr80211, SUBTYPE_NULL_FUNC, 1, pAd->CommonCfg.Bssid, pAd->CommonCfg.Bssid); pHdr80211->Duration = 0; pHdr80211->FC.Type = BTYPE_DATA; pHdr80211->FC.PwrMgmt = (pAd->StaCfg.Psm == PWR_SAVE); // Send using priority queue MiniportMMRequest(pAd, 0, pOutBuffer, sizeof(HEADER_802_11)); DBGPRINT(RT_DEBUG_TRACE, ("MlmeScanReqAction -- Send PSM Data frame\n")); MlmeFreeMemory(pAd, pOutBuffer); RTMPusecDelay(5000); } } pAd->Mlme.SyncMachine.CurrState = SYNC_IDLE; Status = MLME_SUCCESS; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_SCAN_CONF, 2, &Status, 0); RTMPSendWirelessEvent(pAd, IW_SCAN_COMPLETED_EVENT_FLAG, NULL, BSS0, 0); #ifdef LINUX #ifdef RT_CFG80211_SUPPORT RTEnqueueInternalCmd(pAd, CMDTHREAD_SCAN_END, NULL, 0); #endif // RT_CFG80211_SUPPORT // #endif // LINUX // } #endif // CONFIG_STA_SUPPORT // } else {
VOID RTMPHandleIdsEvent( IN PRTMP_ADAPTER pAd) { INT i, j; UINT32 FloodFrameCount[IW_FLOOD_EVENT_TYPE_NUM]; UINT32 FloodFrameThreshold[IW_FLOOD_EVENT_TYPE_NUM]; FloodFrameCount[0] = pAd->ApCfg.RcvdAuthCount; FloodFrameCount[1] = pAd->ApCfg.RcvdAssocReqCount; FloodFrameCount[2] = pAd->ApCfg.RcvdReassocReqCount; FloodFrameCount[3] = pAd->ApCfg.RcvdProbeReqCount; FloodFrameCount[4] = pAd->ApCfg.RcvdDisassocCount; FloodFrameCount[5] = pAd->ApCfg.RcvdDeauthCount; FloodFrameCount[6] = pAd->ApCfg.RcvdEapReqCount; FloodFrameThreshold[0] = pAd->ApCfg.AuthFloodThreshold; FloodFrameThreshold[1] = pAd->ApCfg.AssocReqFloodThreshold; FloodFrameThreshold[2] = pAd->ApCfg.ReassocReqFloodThreshold; FloodFrameThreshold[3] = pAd->ApCfg.ProbeReqFloodThreshold; FloodFrameThreshold[4] = pAd->ApCfg.DisassocFloodThreshold; FloodFrameThreshold[5] = pAd->ApCfg.DeauthFloodThreshold; FloodFrameThreshold[6] = pAd->ApCfg.EapReqFloodThreshold; /* trigger flooding traffic event */ for (j = 0; j < IW_FLOOD_EVENT_TYPE_NUM; j++) { if ((FloodFrameThreshold[j] > 0) && (FloodFrameCount[j] > FloodFrameThreshold[j])) { RTMPSendWirelessEvent(pAd, IW_FLOOD_AUTH_EVENT_FLAG + j, NULL, MAX_MBSSID_NUM(pAd), 0); /*MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("flooding traffic event(%d) - %d\n", IW_FLOOD_AUTH_EVENT_FLAG + j, FloodFrameCount[j])); */ } } for (i = 0; i < pAd->ApCfg.BssidNum; i++) { UINT32 SpoofedFrameCount[IW_SPOOF_EVENT_TYPE_NUM]; CHAR RssiOfSpoofedFrame[IW_SPOOF_EVENT_TYPE_NUM]; INT k; SpoofedFrameCount[0] = pAd->ApCfg.MBSSID[i].RcvdConflictSsidCount; SpoofedFrameCount[1] = pAd->ApCfg.MBSSID[i].RcvdSpoofedAssocRespCount; SpoofedFrameCount[2] = pAd->ApCfg.MBSSID[i].RcvdSpoofedReassocRespCount; SpoofedFrameCount[3] = pAd->ApCfg.MBSSID[i].RcvdSpoofedProbeRespCount; SpoofedFrameCount[4] = pAd->ApCfg.MBSSID[i].RcvdSpoofedBeaconCount; SpoofedFrameCount[5] = pAd->ApCfg.MBSSID[i].RcvdSpoofedDisassocCount; SpoofedFrameCount[6] = pAd->ApCfg.MBSSID[i].RcvdSpoofedAuthCount; SpoofedFrameCount[7] = pAd->ApCfg.MBSSID[i].RcvdSpoofedDeauthCount; SpoofedFrameCount[8] = pAd->ApCfg.MBSSID[i].RcvdSpoofedUnknownMgmtCount; SpoofedFrameCount[9] = pAd->ApCfg.MBSSID[i].RcvdReplayAttackCount; RssiOfSpoofedFrame[0] = pAd->ApCfg.MBSSID[i].RssiOfRcvdConflictSsid; RssiOfSpoofedFrame[1] = pAd->ApCfg.MBSSID[i].RssiOfRcvdSpoofedAssocResp; RssiOfSpoofedFrame[2] = pAd->ApCfg.MBSSID[i].RssiOfRcvdSpoofedReassocResp; RssiOfSpoofedFrame[3] = pAd->ApCfg.MBSSID[i].RssiOfRcvdSpoofedProbeResp; RssiOfSpoofedFrame[4] = pAd->ApCfg.MBSSID[i].RssiOfRcvdSpoofedBeacon; RssiOfSpoofedFrame[5] = pAd->ApCfg.MBSSID[i].RssiOfRcvdSpoofedDisassoc; RssiOfSpoofedFrame[6] = pAd->ApCfg.MBSSID[i].RssiOfRcvdSpoofedAuth; RssiOfSpoofedFrame[7] = pAd->ApCfg.MBSSID[i].RssiOfRcvdSpoofedDeauth; RssiOfSpoofedFrame[8] = pAd->ApCfg.MBSSID[i].RssiOfRcvdSpoofedUnknownMgmt; RssiOfSpoofedFrame[9] = pAd->ApCfg.MBSSID[i].RssiOfRcvdReplayAttack; /* trigger spoofed attack event */ for (k = 0; k < IW_SPOOF_EVENT_TYPE_NUM; k++) { if (SpoofedFrameCount[k] > 0) { RTMPSendWirelessEvent(pAd, IW_CONFLICT_SSID_EVENT_FLAG + k, NULL, i, RssiOfSpoofedFrame[k]); /*MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("spoofed attack event(%d) - %d\n", IW_CONFLICT_SSID_EVENT_FLAG + k, SpoofedFrameCount[k])); */ } } } }
static VOID APPeerAuthReqAtIdleAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { int i; USHORT Seq, Alg, RspReason, Status; UCHAR Addr1[MAC_ADDR_LEN]; UCHAR Addr2[MAC_ADDR_LEN]; CHAR Chtxt[CIPHER_TEXT_LEN]; UINT32 apidx; PHEADER_802_11 pRcvHdr; HEADER_802_11 AuthHdr; PUCHAR pOutBuffer = NULL; NDIS_STATUS NStatus; ULONG FrameLen = 0; MAC_TABLE_ENTRY *pEntry; UCHAR ChTxtIe = 16, ChTxtLen = CIPHER_TEXT_LEN; if (! APPeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr1, Addr2, &Alg, &Seq, &Status, Chtxt )) return; /* Find which MBSSID to be authenticate */ for (apidx=0; apidx<pAd->ApCfg.BssidNum; apidx++) { if (RTMPEqualMemory(Addr1, pAd->ApCfg.MBSSID[apidx].Bssid, MAC_ADDR_LEN)) break; } if (apidx >= pAd->ApCfg.BssidNum) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Bssid not found\n")); return; } if ((pAd->ApCfg.MBSSID[apidx].MSSIDDev != NULL) && !(RTMP_OS_NETDEV_STATE_RUNNING(pAd->ApCfg.MBSSID[apidx].MSSIDDev))) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Bssid IF didn't up yet.\n")); return; } /* End of if */ pEntry = MacTableLookup(pAd, Addr2); if (pEntry && IS_ENTRY_CLIENT(pEntry)) { if (!RTMPEqualMemory(Addr1, pAd->ApCfg.MBSSID[pEntry->apidx].Bssid, MAC_ADDR_LEN)) { MacTableDeleteEntry(pAd, pEntry->Aid, pEntry->Addr); pEntry = NULL; DBGPRINT(RT_DEBUG_WARN, ("AUTH - Bssid does not match\n")); } else { if (pEntry->bIAmBadAtheros == TRUE) { AsicUpdateProtect(pAd, 8, ALLN_SETPROTECT, FALSE, FALSE); DBGPRINT(RT_DEBUG_TRACE, ("Atheros Problem. Turn on RTS/CTS!!!\n")); pEntry->bIAmBadAtheros = FALSE; } #ifdef DOT11_N_SUPPORT BASessionTearDownALL(pAd, pEntry->Aid); #endif /* DOT11_N_SUPPORT */ ASSERT(pEntry->Aid == Elem->Wcid); } } pRcvHdr = (PHEADER_802_11)(Elem->Msg); DBGPRINT(RT_DEBUG_TRACE, ("AUTH - MBSS(%d), Rcv AUTH seq#%d, Alg=%d, Status=%d from " "[wcid=%d]%02x:%02x:%02x:%02x:%02x:%02x\n", apidx, Seq, Alg, Status, Elem->Wcid, PRINT_MAC(Addr2))); /* fail in ACL checking => send an AUTH-Fail seq#2. */ if (! ApCheckAccessControlList(pAd, Addr2, apidx)) { ASSERT(Seq == 1); ASSERT(pEntry == NULL); APPeerAuthSimpleRspGenAndSend(pAd, pRcvHdr, Alg, Seq + 1, MLME_UNSPECIFY_FAIL); /* If this STA exists, delete it. */ if (pEntry) MacTableDeleteEntry(pAd, pEntry->Aid, pEntry->Addr); RTMPSendWirelessEvent(pAd, IW_MAC_FILTER_LIST_EVENT_FLAG, Addr2, apidx, 0); DBGPRINT(RT_DEBUG_TRACE, ("Failed in ACL checking => send an AUTH seq#2 with " "Status code = %d\n", MLME_UNSPECIFY_FAIL)); return; } if ((Alg == AUTH_MODE_OPEN) && (pAd->ApCfg.MBSSID[apidx].AuthMode != Ndis802_11AuthModeShared)) { if (!pEntry) pEntry = MacTableInsertEntry(pAd, Addr2, apidx, OPMODE_AP, TRUE); if (pEntry) { { pEntry->AuthState = AS_AUTH_OPEN; pEntry->Sst = SST_AUTH; /* what if it already in SST_ASSOC ??????? */ } APPeerAuthSimpleRspGenAndSend(pAd, pRcvHdr, Alg, Seq + 1, MLME_SUCCESS); } else ; /* MAC table full, what should we respond ????? */ } else if ((Alg == AUTH_MODE_KEY) && ((pAd->ApCfg.MBSSID[apidx].AuthMode == Ndis802_11AuthModeShared) || (pAd->ApCfg.MBSSID[apidx].AuthMode == Ndis802_11AuthModeAutoSwitch))) { if (!pEntry) pEntry = MacTableInsertEntry(pAd, Addr2, apidx, OPMODE_AP, TRUE); if (pEntry) { pEntry->AuthState = AS_AUTHENTICATING; pEntry->Sst = SST_NOT_AUTH; /* what if it already in SST_ASSOC ??????? */ /* log this STA in AuthRspAux machine, only one STA is stored. If two STAs using */ /* SHARED_KEY authentication mingled together, then the late comer will win. */ COPY_MAC_ADDR(&pAd->ApMlmeAux.Addr, Addr2); for(i=0; i<CIPHER_TEXT_LEN; i++) pAd->ApMlmeAux.Challenge[i] = RandomByte(pAd); RspReason = 0; Seq++; NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); if(NStatus != NDIS_STATUS_SUCCESS) return; /* if no memory, can't do anything */ DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send AUTH seq#2 (Challenge)\n")); MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr2, pAd->ApCfg.MBSSID[apidx].Bssid); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11), &AuthHdr, 2, &Alg, 2, &Seq, 2, &RspReason, 1, &ChTxtIe, 1, &ChTxtLen, CIPHER_TEXT_LEN, pAd->ApMlmeAux.Challenge, END_OF_ARGS); MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); } else ; /* MAC table full, what should we respond ???? */ } else { /* wrong algorithm */ APPeerAuthSimpleRspGenAndSend(pAd, pRcvHdr, Alg, Seq + 1, MLME_ALG_NOT_SUPPORT); /* If this STA exists, delete it. */ if (pEntry) MacTableDeleteEntry(pAd, pEntry->Aid, pEntry->Addr); DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Alg=%d, Seq=%d, AuthMode=%d\n", Alg, Seq, pAd->ApCfg.MBSSID[apidx].AuthMode)); } }
/* ======================================================================== Routine Description: Check Rx descriptor, return NDIS_STATUS_FAILURE if any error dound Arguments: pRxD Pointer to the Rx descriptor Return Value: NDIS_STATUS_SUCCESS No err NDIS_STATUS_FAILURE Error Note: ======================================================================== */ int RTMPCheckRxError(struct rt_rtmp_adapter *pAd, struct rt_header_802_11 * pHeader, struct rt_rxwi * pRxWI, IN PRT28XX_RXD_STRUC pRxINFO) { struct rt_cipher_key *pWpaKey; int dBm; if (pAd->bPromiscuous == TRUE) return (NDIS_STATUS_SUCCESS); if (pRxINFO == NULL) return (NDIS_STATUS_FAILURE); /* Phy errors & CRC errors */ if (pRxINFO->Crc) { /* Check RSSI for Noise Hist statistic collection. */ dBm = (int)(pRxWI->RSSI0) - pAd->BbpRssiToDbmDelta; if (dBm <= -87) pAd->StaCfg.RPIDensity[0] += 1; else if (dBm <= -82) pAd->StaCfg.RPIDensity[1] += 1; else if (dBm <= -77) pAd->StaCfg.RPIDensity[2] += 1; else if (dBm <= -72) pAd->StaCfg.RPIDensity[3] += 1; else if (dBm <= -67) pAd->StaCfg.RPIDensity[4] += 1; else if (dBm <= -62) pAd->StaCfg.RPIDensity[5] += 1; else if (dBm <= -57) pAd->StaCfg.RPIDensity[6] += 1; else if (dBm > -57) pAd->StaCfg.RPIDensity[7] += 1; return (NDIS_STATUS_FAILURE); } /* Add Rx size to channel load counter, we should ignore error counts */ pAd->StaCfg.CLBusyBytes += (pRxWI->MPDUtotalByteCount + 14); /* Drop ToDs promiscuous frame, it is opened due to CCX 2 channel load statistics */ if (pHeader->FC.ToDs) { DBGPRINT_RAW(RT_DEBUG_ERROR, ("Err;FC.ToDs\n")); return NDIS_STATUS_FAILURE; } /* Paul 04-03 for OFDM Rx length issue */ if (pRxWI->MPDUtotalByteCount > MAX_AGGREGATION_SIZE) { DBGPRINT_RAW(RT_DEBUG_ERROR, ("received packet too long\n")); return NDIS_STATUS_FAILURE; } /* Drop not U2M frames, can't's drop here because we will drop beacon in this case */ /* I am kind of doubting the U2M bit operation */ /* if (pRxD->U2M == 0) */ /* return(NDIS_STATUS_FAILURE); */ /* drop decyption fail frame */ if (pRxINFO->Decrypted && pRxINFO->CipherErr) { if (((pRxINFO->CipherErr & 1) == 1) && pAd->CommonCfg.bWirelessEvent && INFRA_ON(pAd)) RTMPSendWirelessEvent(pAd, IW_ICV_ERROR_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID]. Addr, BSS0, 0); if (((pRxINFO->CipherErr & 2) == 2) && pAd->CommonCfg.bWirelessEvent && INFRA_ON(pAd)) RTMPSendWirelessEvent(pAd, IW_MIC_ERROR_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID]. Addr, BSS0, 0); /* */ /* MIC Error */ /* */ if ((pRxINFO->CipherErr == 2) && pRxINFO->MyBss) { pWpaKey = &pAd->SharedKey[BSS0][pRxWI->KeyIndex]; RTMPReportMicError(pAd, pWpaKey); DBGPRINT_RAW(RT_DEBUG_ERROR, ("Rx MIC Value error\n")); } if (pRxINFO->Decrypted && (pAd->SharedKey[BSS0][pRxWI->KeyIndex].CipherAlg == CIPHER_AES) && (pHeader->Sequence == pAd->FragFrame.Sequence)) { /* */ /* Acceptable since the First FragFrame no CipherErr problem. */ /* */ return (NDIS_STATUS_SUCCESS); } return (NDIS_STATUS_FAILURE); } return (NDIS_STATUS_SUCCESS); }
/* ========================================================================== Description: IRQL = DISPATCH_LEVEL ========================================================================== */ void PeerDeauthAction( PRTMP_ADAPTER pAd, PMLME_QUEUE_ELEM Elem) { unsigned char Addr1[MAC_ADDR_LEN]; unsigned char Addr2[MAC_ADDR_LEN]; unsigned char Addr3[MAC_ADDR_LEN]; unsigned short Reason; unsigned char bDoIterate = FALSE; if (PeerDeauthSanity (pAd, Elem->Msg, Elem->MsgLen, Addr1, Addr2, Addr3, &Reason)) { if (INFRA_ON(pAd) && (MAC_ADDR_EQUAL(Addr1, pAd->CurrentAddress) || MAC_ADDR_EQUAL(Addr1, BROADCAST_ADDR)) && MAC_ADDR_EQUAL(Addr2, pAd->CommonCfg.Bssid) && MAC_ADDR_EQUAL(Addr3, pAd->CommonCfg.Bssid) ) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH_RSP - receive DE-AUTH from our AP (Reason=%d)\n", Reason)); if (Reason == REASON_4_WAY_TIMEOUT) RTMPSendWirelessEvent(pAd, IW_PAIRWISE_HS_TIMEOUT_EVENT_FLAG, NULL, 0, 0); if (Reason == REASON_GROUP_KEY_HS_TIMEOUT) RTMPSendWirelessEvent(pAd, IW_GROUP_HS_TIMEOUT_EVENT_FLAG, NULL, 0, 0); #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT RtmpOSWrielessEventSend(pAd->net_dev, RT_WLAN_EVENT_CGIWAP, -1, NULL, NULL, 0); #endif /* NATIVE_WPA_SUPPLICANT_SUPPORT */ /* send wireless event - for deauthentication */ RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG, NULL, BSS0, 0); #ifdef WPA_SUPPLICANT_SUPPORT if ((pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE) && (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) && (pAd->StaCfg.PortSecured == WPA_802_1X_PORT_SECURED)) pAd->StaCfg.bLostAp = TRUE; #endif /* WPA_SUPPLICANT_SUPPORT */ /* Some customer would set AP1 & AP2 same SSID, AuthMode & EncrypType but different WPAPSK, therefore we need to do iterate here. */ if ((pAd->StaCfg.PortSecured == WPA_802_1X_PORT_NOT_SECURED) && ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK)) ) bDoIterate = TRUE; LinkDown(pAd, TRUE); if (bDoIterate) { pAd->MlmeAux.BssIdx++; IterateOnBssTab(pAd); } } } else { DBGPRINT(RT_DEBUG_TRACE, ("AUTH_RSP - PeerDeauthAction() sanity check fail\n")); } }