/********************************************************************************************************************
*function: construct ADDBAREQ frame
* input: u8* dst //ADDBARsp frame's destination
* PBA_RECORD pBA //BA_RECORD entry which stores the necessary information for BA_RSP.
* u16 StatusCode //status code.
* output: none
* return: sk_buff* skb //return constructed skb to xmit
********************************************************************************************************************/
static struct sk_buff* ieee80211_ADDBA_Rsp( IN struct ieee80211_device* ieee, u8* dst, PBA_RECORD pBA, u16 StatusCode)
{
OCTET_STRING osADDBAFrame, tmp;
FillOctetString(osADDBAFrame, Buffer, 0);
*pLength = 0;
ConstructMaFrameHdr(
Adapter,
Addr,
ACT_CAT_BA,
ACT_ADDBARSP,
&osADDBAFrame );
// Dialog Token
FillOctetString(tmp, &pBA->DialogToken, 1);
PacketAppendData(&osADDBAFrame, tmp);
// Status Code
FillOctetString(tmp, &StatusCode, 2);
PacketAppendData(&osADDBAFrame, tmp);
// BA Parameter Set
FillOctetString(tmp, &pBA->BaParamSet, 2);
PacketAppendData(&osADDBAFrame, tmp);
// BA Timeout Value
FillOctetString(tmp, &pBA->BaTimeoutValue, 2);
PacketAppendData(&osADDBAFrame, tmp);
*pLength = osADDBAFrame.Length;
}
//
// Parsing Information Elements.
//
// This function is used to search the WPS Fragment IE
// In WPS 2.0. It wil content more then 2 IE is the forment
// DD-Len-00-50-f2-04-xxxxx-DD-Len-00-50-f2-04
//
u1Byte
PacketGetElementNum(
IN OCTET_STRING packet,
IN ELEMENT_ID ID,
IN OUI_TYPE OUIType,
IN u1Byte OUISubType
)
{
u2Byte offset;
OCTET_STRING IEs;
OCTET_STRING ret={0,0}; // used for return
u1Byte IENum = 0;
if(!PacketGetIeOffset(&packet, &offset))
{
return 0;
}
if(offset < packet.Length)
{
pu1Byte pIE;
u2Byte IELen = (packet.Length - offset);
pIE = (packet.Octet + offset);
FillOctetString(IEs, pIE,IELen);
RT_PRINT_DATA(COMP_WPS, DBG_TRACE, "The IE in the packet :\n", pIE, IELen);
do
{
ret= IEGetElement(IEs, ID, OUIType, OUISubType);
if(ret.Length > 0)
{
IENum++;
RT_TRACE(COMP_WPS, DBG_TRACE,("We find a WPS IE in probe or beacon Fragment num is %d \n",IENum));
IELen = IELen - ((u2Byte)(ret.Octet - pIE) + ret.Length);
pIE = (ret.Octet + ret.Length);
FillOctetString(IEs, pIE,IELen);
RT_PRINT_DATA(COMP_WPS, DBG_TRACE, "The IE after WPS IE in the packet :\n", pIE, IELen);
}
else
{
RT_TRACE(COMP_WPS, DBG_TRACE,("There is no WPS IE in the probe or beacon\n"));
}
}
while(ret.Length != 0);
return IENum;
}
else
{
return IENum;
}
}
//
// Parsing Information Elements.
//
// Added a parameter "OUISubType" and rewrited by Annie, 2005-11-08,
// since the element ID of WPA-IE and WMM-IE are the same(0xDD=221).
//
OCTET_STRING
PacketGetElement(
IN OCTET_STRING packet,
IN ELEMENT_ID ID,
IN OUI_TYPE OUIType,
IN u1Byte OUISubType
)
{
u2Byte offset;
OCTET_STRING IEs;
OCTET_STRING ret={0,0}; // used for return
if(!PacketGetIeOffset(&packet, &offset))
return ret;
if(offset < packet.Length)
{
FillOctetString(IEs, (packet.Octet + offset), (packet.Length - offset));
return IEGetElement(IEs, ID, OUIType, OUISubType);
}
else
{
return ret;
}
}
//
// Description:
// Get the number of IE elements and extract the interested element for return.
// Arguments:
// [in] IEs -
// The IE elements to be retrived.
// [in] ID -
// The referenced element ID in the IEs to be extracted.
// [in] OUIType -
// Vendor specified OUI to be determined in the element.
// [in] OUISubType -
// The oui subtype of the element
// Return:
// The number of the IEs.
// Revised by Bruce, 2012-03-26.
//
u1Byte
IEGetElementNum(
IN OCTET_STRING IEs,
IN ELEMENT_ID ID,
IN OUI_TYPE OUIType,
IN u1Byte OUISubType
)
{
u1Byte IENum = 0;
OCTET_STRING osTmp, osSingleIE;
u2Byte offset = 0;
do
{
if(offset >= IEs.Length)
break;
FillOctetString(osTmp, IEs.Octet + offset, (IEs.Length - offset));
osSingleIE = IEGetElement(osTmp, ID, OUIType, OUISubType);
if(osSingleIE.Length > 0)
{
IENum ++;
offset += (SIZE_EID_AND_LEN + osSingleIE.Length);
}
else
{
break;
}
}
while(TRUE);
return IENum;
}
VOID
WPS_ConstructBeaconFrame(
IN PADAPTER Adapter
)
{
//
// Simple config IE. by CCW - copy from 818x
//
PMGNT_INFO pMgntInfo = &(Adapter->MgntInfo);
PSIMPLE_CONFIG_T pSimpleConfig ;
OCTET_STRING SimpleConfigInfo;
PMGNT_INFO pDefaultMgntInfo;
if(ACTING_AS_IBSS(Adapter))
return;
if(!ACTING_AS_AP(Adapter))
return;
pDefaultMgntInfo = &(GetDefaultAdapter(Adapter)->MgntInfo);
pSimpleConfig = GET_SIMPLE_CONFIG(pDefaultMgntInfo);
if( ((pSimpleConfig->WpsIeVersion < SUPPORT_WPS_INFO_VERSION) || (wps_IsWPSIEReady(Adapter) == FALSE)) && pSimpleConfig->IELen > 0)
{ // Original method carrying WPS IE
RT_TRACE(COMP_WPS, DBG_TRACE, ("AP Construct Beacon \n"));
FillOctetString(SimpleConfigInfo, pSimpleConfig->IEBuf, pSimpleConfig->IELen);
PacketMakeElement( &pMgntInfo->beaconframe, EID_Vendor, SimpleConfigInfo);
}
else if(pSimpleConfig->WpsIeVersion == SUPPORT_WPS_INFO_VERSION)
{
FillOctetString(SimpleConfigInfo, pSimpleConfig->ieBeaconBuf, pSimpleConfig->ieBeaconLen);
if(pSimpleConfig->ieBeaconLen > 0)
PacketAppendData(&pMgntInfo->beaconframe, SimpleConfigInfo);
}
}
//
// Description:
// Parse the IE elements and extract the interested element for return.
// Arguments:
// IEs -
// The IE elements to be retrived.
// ID -
// The referenced element ID in the IEs to be extracted.
// OUISubType -
// Vendor specified OUI to be determined in the element.
// Revised by Bruce, 2009-02-12.
//
OCTET_STRING
IEGetElement(
IN OCTET_STRING IEs,
IN ELEMENT_ID ID,
IN OUI_TYPE OUIType,
IN u1Byte OUISubType
)
{
u2Byte offset = 0;
u2Byte length = IEs.Length;
OCTET_STRING ret={0,0}; // used for return
u1Byte temp;
BOOLEAN bIEMatched = FALSE;
OCTET_STRING osOuiSub;
u1Byte MaxElementLen;
static u1Byte WPATag[] = {0x00, 0x50, 0xf2, 0x01};
static u1Byte WMMTag[] = {0x00, 0x50, 0xf2, 0x02}; // Added by Annie, 2005-11-08.
static u1Byte Simpleconf[]={0x00, 0x50, 0xF2, 0x04}; //added by David, 2006-10-02
static u1Byte CcxRmCapTag[] = {0x00, 0x40, 0x96, 0x01}; // For CCX 2 S36, Radio Management Capability element, 2006.05.15, by rcnjko.
static u1Byte CcxVerNumTag[] = {0x00, 0x40, 0x96, 0x03}; // For CCX 2 S38, WLAN Device Version Number element. Annie, 2006-08-20.
static u1Byte WPA2GTKTag[] = {0x00, 0x0f, 0xac, 0x01}; // For MAC GTK data IE by CCW
static u1Byte CcxTsmTag[] = {0x00, 0x40, 0x96, 0x07}; // For CCX4 S56, Traffic Stream Metrics, 070615, by rcnjko.
static u1Byte CcxSSIDLTag[] = {0x00, 0x50, 0xf2, 0x05};
static u1Byte RealtekTurboModeTag[] = {0x00, 0xE0, 0x4C, 0x01}; // Added by Annie, 2005-12-27
static u1Byte RealtekAggModeTag[] = {0x00, 0xe0, 0x4c, 0x02};
static u1Byte RealtekBTIOTModeTag[] = {0x00, 0xe0, 0x4c, 0x03}; // Add for BT IOT
static u1Byte RealtekBtHsTag[] = {0x00, 0xe0, 0x4c, 0x04}; // Add for BT HS
static u1Byte Epigram[] = {0x00,0x90,0x4c};
static u1Byte EWC11NHTCap[] = {0x00, 0x90, 0x4c, 0x033}; // For 11n EWC definition, 2007.07.17, by Emily
static u1Byte EWC11NHTInfo[] = {0x00, 0x90, 0x4c, 0x034}; // For 11n EWC definition, 2007.07.17, by Emily
static u1Byte Epigram11ACCap[] = {0x00, 0x90, 0x4c, 0x04, 0x08, 0xBF, 0x0C}; // For 11ac Epigram definition
static u1Byte BroadcomCap_1[] = {0x00, 0x10, 0x18};
static u1Byte BroadcomCap_2[] = {0x00, 0x0a, 0xf7};
static u1Byte BroadcomCap_3[] = {0x00, 0x05, 0xb5};
static u1Byte BroadcomLinksysE4200Cap_1[] = {0x00, 0x10, 0x18,0x02,0x00,0xf0,0x3c}; // for Linksys E4200
static u1Byte BroadcomLinksysE4200Cap_2[] = {0x00, 0x10, 0x18,0x02,0x01,0xf0,0x3c};
static u1Byte BroadcomLinksysE4200Cap_3[] = {0x00, 0x10, 0x18,0x02,0x00,0xf0,0x2c};
static u1Byte CiscoCap[] = {0x00, 0x40, 0x96}; // For Cisco AP IOT issue, by Emily
static u1Byte MeruCap[] = {0x00, 0x0c, 0xe6};
static u1Byte RalinkCap[] ={0x00, 0x0c, 0x43};
static u1Byte AtherosCap_1[] = {0x00,0x03,0x7F};
static u1Byte AtherosCap_2[] = {0x00,0x13,0x74};
static u1Byte MarvellCap[] = {0x00, 0x50, 0x43};
static u1Byte AirgoCap[] = {0x00, 0x0a, 0xf5};
static u1Byte CcxSFA[] = {0x00, 0x40, 0x96, 0x14};
static u1Byte CcxDiagReqReason[] = {0x00, 0x40, 0x96, 0x12};
static u1Byte CcxMHDR[] = {0x00, 0x40, 0x96, 0x10};
static u1Byte P2P_OUI_WITH_TYPE[] = {0x50, 0x6F, 0x9A, WLAN_PA_VENDOR_SPECIFIC};
static u1Byte WFD_OUI_WITH_TYPE[] = {0x50, 0x6F, 0x9A, WFD_OUI_TYPE};
static u1Byte NAN_OUI_WITH_TYPE[] = {0x50, 0x6F, 0x9A, 0x13};
static u1Byte RealtekTDLSTag[] = {0x00, 0xe0, 0x4c, 0x03};
//Mix mode can't get DHCP in MacOS Driver. CCW revice offset 2008-04-15
//offset = 12;
do
{
if( (offset + 2) >= length )
{
return ret;
}
temp = IEs.Octet[offset]; // Get current Element ID.
if( temp == ID )
{
if( ID == EID_Vendor )
{ // EID_Vendor(=0xDD=221): Vendor Specific, currently we have to consider WPA and WMM Information Element.
switch(OUIType)
{
case OUI_SUB_WPA:
FillOctetString(osOuiSub, WPATag, sizeof(WPATag));
break;
case OUI_SUB_WPA2GTK:
FillOctetString(osOuiSub, WPA2GTKTag, sizeof(WPA2GTKTag));
break;
case OUI_SUB_CCX_TSM:
FillOctetString(osOuiSub, CcxTsmTag, sizeof(CcxTsmTag));
break;
case OUI_SUB_SSIDL:
FillOctetString(osOuiSub, CcxSSIDLTag, sizeof(CcxSSIDLTag));
break;
case OUI_SUB_WMM:
FillOctetString(osOuiSub, WMMTag, sizeof(WMMTag));
break;
case OUI_SUB_REALTEK_TURBO:
FillOctetString(osOuiSub, RealtekTurboModeTag, sizeof(RealtekTurboModeTag));
break;
case OUI_SUB_REALTEK_AGG:
FillOctetString(osOuiSub, RealtekAggModeTag, sizeof(RealtekAggModeTag));
break;
case OUI_SUB_SimpleConfig:
FillOctetString(osOuiSub, Simpleconf, sizeof(Simpleconf));
break;
case OUI_SUB_CCX_RM_CAP:
FillOctetString(osOuiSub, CcxRmCapTag, sizeof(CcxRmCapTag));
break;
case OUI_SUB_CCX_VER_NUM:
FillOctetString(osOuiSub, CcxVerNumTag, sizeof(CcxVerNumTag));
break;
case OUI_SUB_EPIG_IE:
FillOctetString(osOuiSub, Epigram, sizeof(Epigram));
break;
case OUI_SUB_11N_EWC_HT_CAP:
FillOctetString(osOuiSub, EWC11NHTCap, sizeof(EWC11NHTCap));
break;
case OUI_SUB_11N_EWC_HT_INFO:
FillOctetString(osOuiSub, EWC11NHTInfo, sizeof(EWC11NHTInfo));
break;
case OUI_SUB_11AC_EPIG_VHT_CAP:
FillOctetString(osOuiSub, Epigram11ACCap, sizeof(Epigram11ACCap));
break;
case OUI_SUB_BROADCOM_IE_1:
FillOctetString(osOuiSub, BroadcomCap_1, sizeof(BroadcomCap_1));
break;
case OUI_SUB_BROADCOM_IE_2:
FillOctetString(osOuiSub, BroadcomCap_2, sizeof(BroadcomCap_2));
break;
case OUI_SUB_BROADCOM_IE_3:
FillOctetString(osOuiSub, BroadcomCap_3, sizeof(BroadcomCap_3));
break;
case OUI_SUB_BROADCOM_LINKSYSE4200_IE_1:
FillOctetString(osOuiSub, BroadcomLinksysE4200Cap_1, sizeof(BroadcomLinksysE4200Cap_1));
break;
case OUI_SUB_BROADCOM_LINKSYSE4200_IE_2:
FillOctetString(osOuiSub, BroadcomLinksysE4200Cap_2, sizeof(BroadcomLinksysE4200Cap_2));
break;
case OUI_SUB_BROADCOM_LINKSYSE4200_IE_3:
FillOctetString(osOuiSub, BroadcomLinksysE4200Cap_3, sizeof(BroadcomLinksysE4200Cap_3));
break;
case OUI_SUB_CISCO_IE:
FillOctetString(osOuiSub, CiscoCap, sizeof(CiscoCap));
break;
case OUI_SUB_MERU_IE:
FillOctetString(osOuiSub, MeruCap, sizeof(MeruCap));
break;
case OUI_SUB_RALINK_IE:
FillOctetString(osOuiSub, RalinkCap, sizeof(RalinkCap));
break;
case OUI_SUB_ATHEROS_IE_1:
FillOctetString(osOuiSub, AtherosCap_1, sizeof(AtherosCap_1));
break;
case OUI_SUB_ATHEROS_IE_2:
FillOctetString(osOuiSub, AtherosCap_2, sizeof(AtherosCap_2));
break;
case OUI_SUB_MARVELL:
FillOctetString(osOuiSub, MarvellCap, sizeof(MarvellCap));
break;
case OUI_SUB_AIRGO:
FillOctetString(osOuiSub, AirgoCap, sizeof(AirgoCap));
break;
case OUI_SUB_CCX_SFA:
FillOctetString(osOuiSub, CcxSFA, sizeof(CcxSFA));
break;
case OUI_SUB_CCX_DIAG_REQ_REASON:
FillOctetString(osOuiSub, CcxDiagReqReason, sizeof(CcxDiagReqReason));
break;
case OUI_SUB_CCX_MFP_MHDR:
FillOctetString(osOuiSub, CcxMHDR, sizeof(CcxMHDR));
break;
case OUI_SUB_WIFI_DIRECT:
FillOctetString(osOuiSub, P2P_OUI_WITH_TYPE, sizeof(P2P_OUI_WITH_TYPE));
break;
case OUI_SUB_WIFI_DISPLAY:
FillOctetString(osOuiSub, WFD_OUI_WITH_TYPE, sizeof(WFD_OUI_WITH_TYPE));
break;
case OUI_SUB_NAN:
FillOctetString(osOuiSub, NAN_OUI_WITH_TYPE, sizeof(NAN_OUI_WITH_TYPE));
break;
case OUI_SUB_REALTEK_TDLS:
FillOctetString(osOuiSub, RealtekTDLSTag, sizeof(RealtekTDLSTag));
break;
case OUI_SUB_REALTEK_BT_IOT :
FillOctetString(osOuiSub, RealtekBTIOTModeTag, sizeof(RealtekBTIOTModeTag));
break;
case OUI_SUB_REALTEK_BT_HS:
FillOctetString(osOuiSub, RealtekBtHsTag, sizeof(RealtekBtHsTag));
break;
default:
FillOctetString(osOuiSub, NULL, 0);
break;
}
if( osOuiSub.Length > 0 && (length >= (offset + 2 + osOuiSub.Length)) ) // Prevent malicious attack.
{
if( PlatformCompareMemory(
(IEs.Octet + offset + 2),
osOuiSub.Octet,
osOuiSub.Length) == 0 )
{ // OUI field and subtype field are matched
bIEMatched = TRUE;
//
// 060801, Isaiah:
// [UAPSD Logo] Marvel AP has similar element, [DD 07 00 50 F2 02 05 01 24].
//
if( (OUI_SUB_WMM == OUIType) &&
(length >= (offset + 2 + osOuiSub.Length + 1)) )
{ // WMM-IE Matched!
u1Byte WmmSubtype = *(IEs.Octet+offset+2+sizeof(WMMTag));
if(WmmSubtype != OUISubType)
bIEMatched = FALSE;
}
}
}
}
else
{ // Other ID: Matched!
bIEMatched = TRUE;
}
}
if(bIEMatched &&
(length >= offset + 2 + IEs.Octet[offset+1]) ) // Prevent malicious attack.
{ // IE matched! break to return.
//
// Get the length of current IE.
// We also perform length checking here to pervent malicious attack.
//
switch(ID)
{
case EID_SsId:
MaxElementLen = MAX_SSID_LEN;
break;
case EID_SupRates:
MaxElementLen = 12; //Because Belkin 11AC on g Mode only has 12 Octets in this IE
break;
case EID_FHParms:
MaxElementLen = MAX_FH_PARM_LEN;
break;
case EID_DSParms:
MaxElementLen = MAX_DS_PARM_LEN;
break;
case EID_CFParms:
MaxElementLen = MAX_CF_PARM_LEN;
break;
case EID_Tim:
MaxElementLen = MAX_TIM_PARM_LEN;
break;
case EID_IbssParms:
MaxElementLen = MAX_IBSS_PARM_LEN;
break;
case EID_QBSSLoad:
MaxElementLen = MAX_QBSS_LOAD_LEN;
break;
case EID_EDCAParms:
MaxElementLen = MAX_EDCA_PARM_LEN;
break;
case EID_TSpec:
MaxElementLen = MAX_TSPEC_LEN;
break;
case EID_Schedule:
MaxElementLen = MAX_SCHEDULE_LEN;
break;
case EID_Ctext:
MaxElementLen = MAX_CTEXT_LEN;
break;
case EID_ERPInfo:
MaxElementLen = MAX_ERP_INFO_LEN;
break;
case EID_TSDelay:
MaxElementLen = MAX_TS_DELAY_LEN;
break;
case EID_TCLASProc:
MaxElementLen = MAX_TC_PROC_LEN;
break;
case EID_HTCapability:
MaxElementLen = MAX_HT_CAP_LEN;
break;
case EID_HTInfo:
MaxElementLen = MAX_HT_INFO_LEN;
break;
case EID_QoSCap:
MaxElementLen = MAX_QOS_CAP;
break;
case EID_ExtSupRates:
MaxElementLen = MAX_EXT_SUP_RATE_LEN;
break;
case EID_WAPI:
MaxElementLen = MAX_WAPI_IE_LEN;
break;
case EID_LinkIdentifier:
MaxElementLen = MAX_LINKID_LEN;
break;
case EID_SupportedChannels:
MaxElementLen = MAX_SUPCHNL_LEN;
break;
case EID_SupRegulatory:
MaxElementLen = MAX_SUPREGULATORY_LEN;
break;
case EID_SecondaryChnlOffset:
MaxElementLen = MAX_SECONDARYOFFSET_LEN;
break;
case EID_ChnlSwitchTimeing:
MaxElementLen = MAX_CHNLSWITCHTIMING_LEN;
break;
case EID_VHTCapability:
MaxElementLen = MAX_VHT_CAP_LEN;
break;
default:
MaxElementLen = MAX_IE_LEN;
break;
}
ret.Length = (IEs.Octet[offset+1] <= MaxElementLen) ? IEs.Octet[offset+1] : MaxElementLen;
//
// Get pointer to the first byte (ElementID and length are not included).
//
ret.Octet = IEs.Octet + offset + 2;
break;
}
else
{ // Different.
temp = IEs.Octet[offset+1]; // Get the length of current IE.
offset += (temp+2); // Jump to the position of length of next IE. (2 byte is for the ID and length field.)
}
}while(1);
return ret;
}
PADAPTER
MultiPortFeedPacketToMultipleAdapter(
PADAPTER pAdapter,
PRT_RFD pRfd
)
{
// NOTE: --------------------------------------------------------------
// If only single adapter is needed, return that adapter.
// --------------------------------------------------------------------
PADAPTER pDefaultAdapter = GetDefaultAdapter(pAdapter);
PMULTIPORT_COMMON_CONTEXT pMultiPortCommon = MultiPortGetCommonContext(pDefaultAdapter);
PADAPTER pExtAdapter = NULL;
PRT_RFD pExtRfd = NULL;
u4Byte i = 0;
RT_STATUS rtStatus = RT_STATUS_SUCCESS;
// Assertion Check Variable
u4Byte uCurrentCloneRFDs;
// Target List
u4Byte uTargetAdapter = 0;
PADAPTER TargetList[10];
// Single MPDU
OCTET_STRING frame = {NULL, 0};
FillOctetString(frame, pRfd->Buffer.VirtualAddress, pRfd->PacketLength);
if(pRfd->Status.bHwError)
{
RT_TRACE(COMP_RECV, DBG_TRACE, ("MultiPortFeedPacketToMultipleAdapter(): Return because bHwError is true.\n"));
return NULL;
}
// Information Source: pRfd Status Checking -------------------------------------------------------
RT_ASSERT(pRfd->Buffer.VirtualAddress != NULL, ("Error: pRfd->Buffer.VirtualAddress is NULL!\n"));
RT_ASSERT(pRfd->Buffer.Length != 0, ("Error: pRfd->Buffer.Length is 0!\n"));
RT_ASSERT(pRfd->PacketLength <= pRfd->Buffer.Length, ("Error: Packet Too Long!\n"));
// ------------------------------------------------------------------------------------------
// Clone RFD Status Checking ----------------------------------------------------------------------------------------------------------------------
PlatformAcquireSpinLock(pDefaultAdapter, RT_RFD_SPINLOCK);
uCurrentCloneRFDs = pMultiPortCommon->uCloneRfdIdleQueueSize + pMultiPortCommon->uCloneRfdBusyQueueSize;
RT_ASSERT(uCurrentCloneRFDs == pMultiPortCommon->uNumberOfCloneRfds, ("Failure: Some Clone RFDs are Lost!uCurrentCloneRFDs=%d\n", uCurrentCloneRFDs));
PlatformReleaseSpinLock(pDefaultAdapter, RT_RFD_SPINLOCK);
// ---------------------------------------------------------------------------------------------------------------------------------------------
// Get the target adapter list -----------------------------------------------------------------------------
uTargetAdapter = MultiPortGetTargetAdapterList(pAdapter, pRfd, frame, TargetList, sizeof(TargetList) / sizeof(PADAPTER));
//RT_TRACE(COMP_INIT, DBG_TRACE, ("%s: uTargetAdapter: %d \n", __FUNCTION__, uTargetAdapter));
if(uTargetAdapter == 0)
{
// Free the original RFD since the RFD is not necessary
RT_TRACE(COMP_INIT, DBG_TRACE, ("%s: No Target Adapter Found!\n", __FUNCTION__));
return NULL;
}
else if(uTargetAdapter == 1)
{
// Single adapter is needed. Do not free the original RFD, and run the original path
return TargetList[0];
}
// ----------------------------------------------------------------------------------------------------
// Send to each adapter
for(i = 0; i < uTargetAdapter; i++)
{
// Get the target adapter element
pExtAdapter = TargetList[i];
PlatformAcquireSpinLock(pDefaultAdapter, RT_RFD_SPINLOCK);
if(RTIsListEmpty(&pMultiPortCommon->CloneRfdIdleQueue))
{
PlatformReleaseSpinLock(pDefaultAdapter, RT_RFD_SPINLOCK);
RT_TRACE(COMP_INIT, DBG_SERIOUS, ("%s: No enough Clone RFD!\n", __FUNCTION__));
break;
}
// Acquire an idle Clone RFD and initialize the Clone RFD -----------------------------------------
pExtRfd = (PRT_RFD) RTRemoveHeadListWithCnt(
&pMultiPortCommon->CloneRfdIdleQueue,
&pMultiPortCommon->uCloneRfdIdleQueueSize
);
// + Clone the original information
PlatformZeroMemory(pExtRfd, sizeof(RT_RFD));
PlatformMoveMemory(pExtRfd, pRfd, sizeof(RT_RFD));
// + Record the needed memory length
pExtRfd->mbCloneRfdDataBuffer.Length = pRfd->Buffer.Length;
// + Allocate the memory based on the needed memory length above
rtStatus = DrvIFAssociateRFD(pDefaultAdapter, pExtRfd);
if(rtStatus != RT_STATUS_SUCCESS)
{
// Return the CloneRFD resource
RTInsertTailListWithCnt(
&pMultiPortCommon->CloneRfdIdleQueue,
&pExtRfd->List,
&pMultiPortCommon->uCloneRfdIdleQueueSize
);
PlatformReleaseSpinLock(pDefaultAdapter, RT_RFD_SPINLOCK);
//RT_TRACE(COMP_INIT, DBG_SERIOUS, ("%s: No enough memory!\n", __FUNCTION__));
break;
}
//Sinda 20150903, Should assign Buffer's address according to it is clone RFD.
if(IsCloneRFD(pDefaultAdapter, pExtRfd))
{
// + Attach the memory to the CloneRFD
pExtRfd->Buffer.VirtualAddress = pExtRfd->mbCloneRfdDataBuffer.Buffer;
pExtRfd->Buffer.Length = pExtRfd->mbCloneRfdDataBuffer.Length;
}
#if RX_AGGREGATION
// + No Next RFD
pExtRfd->NextRfd = NULL;
// + Only Single MPDU Packet
pExtRfd->nTotalFrag = 1;
// + No Parent RFD
pExtRfd->ParentRfd = NULL;
// + Not in the USB temp RFD list: pAdapter->RfdTmpList
pExtRfd->bIsTemp = FALSE;
#endif
// Please be careful to handle pRfd->Buffer.VirtualAddress offset.
// + Move data
PlatformMoveMemory(
pExtRfd->Buffer.VirtualAddress,
pRfd->Buffer.VirtualAddress - pAdapter->HalFunc.GetRxPacketShiftBytesHandler(pRfd),
(pRfd->PacketLength + pAdapter->HalFunc.GetRxPacketShiftBytesHandler(pRfd))>pAdapter->MAX_RECEIVE_BUFFER_SIZE? pAdapter->MAX_RECEIVE_BUFFER_SIZE:(pRfd->PacketLength + pAdapter->HalFunc.GetRxPacketShiftBytesHandler(pRfd))
);
// + Get shifted bytes of starting address of 802.11 header (Sync the memory offset)
pExtRfd->Buffer.VirtualAddress += pAdapter->HalFunc.GetRxPacketShiftBytesHandler(pRfd);
// -------------------------------------------------------------------------------------
// Insert into busy Clone RFD queue
RTInsertHeadListWithCnt(
&pMultiPortCommon->CloneRfdBusyQueue,
&pExtRfd->List,
&pMultiPortCommon->uCloneRfdBusyQueueSize
);
PlatformReleaseSpinLock(pDefaultAdapter, RT_RFD_SPINLOCK);
// Iteration Flag
pExtRfd->bFeedPacketToSingleAdapter = TRUE;
// The pExtRfd will be free in ProcessReceivedPacket()
ProcessReceivedPacketForEachPortSpecific(pExtAdapter, pExtRfd);
}
// Free the original RFD since the CloneRFD is adopted.
return NULL;
}
// Description: According received EAPOL-key, enter the next state.
// Output: void
// Modify: Annie, 2005-07-02
// Discard using condition pKeyMgnt->bPTKInstalled.
// Instead, I add a macro KeyMgntStateIsWaitingEAPOLKey to check the state.
void
Authenticator_OnEAPOLKeyRecvd(
IN PADAPTER Adapter,
IN PAUTH_PKEY_MGNT_TAG pKeyMgnt,
IN OCTET_STRING pdu
)
{
PMGNT_INFO pMgntInfo = &Adapter->MgntInfo;
PAUTH_GLOBAL_KEY_TAG pGlInfo = &pMgntInfo->globalKeyInfo;
PRT_WLAN_STA pEntry = pKeyMgnt->pWLanSTA;
pu1Byte pSTA_addr = Frame_pSaddr(pdu);
pu1Byte pAP_addr = Frame_pDaddr(pdu);
PEAPOL_KEY_STRUCT eapol_key_recvd;
OCTET_STRING SNonce;
OCTET_STRING RSNIE;
MsgType msg_type = type_unknow;
RT_TRACE( COMP_AUTHENTICATOR, DBG_LOUD, ("===> Authenticator_OnEAPOLKeyRecvd()\n") );
pKeyMgnt->EvntID = ASMEID_EAPOLKeyRecvd;
FillOctetString(pGlInfo->EapolKeyMsgRecvd, \
pGlInfo->EAPOLMsgRecvd.Octet+LIB1X_EAPOL_HDRLEN, \
pGlInfo->EAPOLMsgRecvd.Length-LIB1X_EAPOL_HDRLEN ); \
eapol_key_recvd = (PEAPOL_KEY_STRUCT)pGlInfo->EapolKeyMsgRecvd.Octet;
//PRINT_DATA( ("EapolKeyMsgRecvd: "), pGlInfo->EapolKeyMsgRecvd.Octet, pGlInfo->EapolKeyMsgRecvd.Length);
RSNIE.Octet = NULL;
RSNIE.Length = 0;
// Get the message number.
if( Message_KeyType(pGlInfo->EapolKeyMsgRecvd) == type_Pairwise )
{
if( (Message_Error(pGlInfo->EapolKeyMsgRecvd) == 1) &&
(Message_Request(pGlInfo->EapolKeyMsgRecvd) == 1))
{
//Enter integrity failure state...
Authenticator_StateINTEGRITYFAILURE(Adapter, pEntry);
}
if( (eapol_key_recvd->key_info[0]==0x01 && eapol_key_recvd->key_info[1]==0x09) ||
( eapol_key_recvd->key_info[0]==0x01 && eapol_key_recvd->key_info[1]==0x0a) ||
( eapol_key_recvd->key_info[0]==0x03 && eapol_key_recvd->key_info[1]==0x0a) ||
( eapol_key_recvd->key_info[0]==0x03 && eapol_key_recvd->key_info[1]==0x09) )
{
if( pMgntInfo->SecurityInfo.SecLvl == RT_SEC_LVL_WPA)
RSNIE = EAPOLkeyGetRSNIE( pGlInfo->EapolKeyMsgRecvd, EID_Vendor );
else if( pMgntInfo->SecurityInfo.SecLvl == RT_SEC_LVL_WPA2)
RSNIE = EAPOLkeyGetRSNIE( pGlInfo->EapolKeyMsgRecvd, EID_WPA2 );
if( RSNIE.Length != 0 )
msg_type = type_4way2nd; // with RSNIE: msg 2 (159 or 161)
else
msg_type = type_4way4th; // msg 4 (135)
}
else
{
RT_TRACE( COMP_AUTHENTICATOR, DBG_LOUD, ("unknow pairwise EAPOL-key: info=0x%X-0x%X\n", eapol_key_recvd->key_info[0], eapol_key_recvd->key_info[1]) );
}
}
else
{
// [AnnieNote] Windows zero-config may send 2-way message as 03-01.
//
//if( eapol_key_recvd->key_info[0]==0x03 && eapol_key_recvd->key_info[1]==0x11 ) // if group key index is fixed 1, key information is 03-11.
// msg_type = type_2way2nd; // group key msg2 (155)
//else
// RT_TRACE( COMP_AUTHENTICATOR, DBG_LOUD, ("unknow group EAPOL-key: info=0x%X-0x%X\n", eapol_key_recvd->key_info[0], eapol_key_recvd->key_info[1]) );
msg_type = type_2way2nd;
}
// Check state.
if( KeyMgntStateIsWaitingEAPOLKey(pKeyMgnt) )
{
if( (pKeyMgnt->PrState==ASMPS_PTKSTART && msg_type==type_4way2nd ) ||
( pKeyMgnt->PrState==ASMPS_PTKINITNEGOTIATING && msg_type==type_4way2nd ))
{
RT_TRACE( COMP_AUTHENTICATOR, DBG_LOUD, ("Recvd 4-way message 2\n"));
pKeyMgnt->TimeoutCtr = 0;
// AnnieTODO: if (1)k is pairwise and (2)MICVerified , then enter ASMPS_PTKINITNEGOTIATING state
// TODO: MIC Verify
SNonce = Message_KeyNonce( pGlInfo->EapolKeyMsgRecvd );
CopyMem( pKeyMgnt->SNonce, SNonce.Octet, KEY_NONCE_LEN );
CalcPTK( pAP_addr, pSTA_addr, pKeyMgnt->ANonce, pKeyMgnt->SNonce,
pGlInfo->PMK, PMK_LEN, pKeyMgnt->PTK_update, PTK_LEN );
if(!CheckEapolMIC(Adapter , pGlInfo->EAPOLMsgRecvd , pKeyMgnt->PTK_update , KEY_MIC_LEN ))
{
SendDeauthentication( Adapter, pSTA_addr , mic_failure );
PlatformStallExecution(100);
RT_TRACE_F(COMP_AP, DBG_TRACE, ("AsocEntry_RemoveStation\n"));
AsocEntry_RemoveStation( Adapter , pSTA_addr);
RT_TRACE( COMP_AUTHENTICATOR, DBG_LOUD, ("MIC erroe\n"));
return;
}
Authenticator_StatePTKINITNEGOTIATING(Adapter, pEntry);
}
else if( pKeyMgnt->PrState==ASMPS_PTKINITNEGOTIATING && msg_type==type_4way4th )
{
RT_TRACE( COMP_AUTHENTICATOR, DBG_LOUD, ("Recvd 4-way message 4\n"));
pKeyMgnt->TimeoutCtr = 0;
// if (1)k is pairwise and (2)MICVerified , then enter ASMPS_PTKINITDONE state
if(!CheckEapolMIC(Adapter , pGlInfo->EAPOLMsgRecvd , pKeyMgnt->PTK_update , KEY_MIC_LEN ))
{
SendDeauthentication( Adapter, pSTA_addr , mic_failure );
PlatformStallExecution(100);
RT_TRACE_F(COMP_AP, DBG_TRACE, ("AsocEntry_RemoveStation case 2\n"));
AsocEntry_RemoveStation( Adapter , pSTA_addr);
RT_TRACE( COMP_AUTHENTICATOR, DBG_LOUD, ("MIC erroe\n"));
return;
}
PlatformMoveMemory(&pEntry->perSTAKeyInfo.RxIV, &((PEAPOL_KEY_STRUCT)eapol_key_recvd)->key_rsc[0], 6);
pEntry->perSTAKeyInfo.RxIV &= UINT64_C(0x0000ffffffffffff);
//RT_TRACE( COMP_AUTHENTICATOR, DBG_LOUD, ("pEntry->perSTAKeyInfo.RxIV = 0x%16"i64fmt"x", pEntry->perSTAKeyInfo.RxIV));
Authenticator_StatePTKINITDONE(Adapter, pEntry);
}
else if( pKeyMgnt->GrState == ASMGS_REKEYNEGOTIATING && msg_type==type_2way2nd )
{
RT_TRACE( COMP_AUTHENTICATOR, DBG_LOUD, ("Recvd 2-way message 2\n"));
pKeyMgnt->TimeoutCtr = 0;
// if (1)k is group and (2)MICVerified , then enter ASMGS_REKEYESTABLISHED state
// 2012/01/17 CCW If 4-way check is ok, we need not to check 2-way again.
/*
if(!CheckEapolMIC(Adapter , pGlInfo->EAPOLMsgRecvd , pKeyMgnt->PTK_update , KEY_MIC_LEN ))
{
SendDeauthentication( Adapter, pSTA_addr , mic_failure );
PlatformStallExecution(100);
AsocEntry_RemoveStation( Adapter , pSTA_addr);
RT_TRACE( COMP_AUTHENTICATOR, DBG_LOUD, ("MIC erroe\n"));
return;
}
*/
Authenticator_StateREKEYESTABLISHED(Adapter, pEntry);
}
else
{
RT_TRACE( COMP_AUTHENTICATOR, DBG_LOUD, ("Authenticator_OnEAPOLKeyRecvd(): Unexpected case: PrState=%d, GrState=%d, msg_type=%d\n",
pKeyMgnt->PrState, pKeyMgnt->GrState, msg_type ) );
}
}
else
{
RT_TRACE(COMP_AUTHENTICATOR, DBG_LOUD, ("Authenticator_OnEAPOLKeyRecvd(): Unexpected State!!\n"));
RT_TRACE(COMP_AUTHENTICATOR, DBG_LOUD, ("--- TimeoutCounter:%d, PairwiseKeyState:%d, GroupKeyState:%d ---\n", pKeyMgnt->TimeoutCtr, pKeyMgnt->PrState, pKeyMgnt->GrState));
}
RT_TRACE( COMP_AUTHENTICATOR, DBG_LOUD, ("<=== Authenticator_OnEAPOLKeyRecvd()\n") );
}
VOID
WPS_AppendElement(
IN PADAPTER Adapter,
IN POCTET_STRING posFrame,
IN BOOLEAN bCheckFrag,
IN WPS_INFO_OPCODE frameType
)
{
PSIMPLE_CONFIG_T pSimpleConfig = GET_SIMPLE_CONFIG(&(GetDefaultAdapter(Adapter)->MgntInfo));
OCTET_STRING SimpleConfigInfo;
FunctionIn(COMP_WPS);
#if 0
if(bCheckFrag)
{
// WPS 2.0 Support IE Fragment for Testbed function
if(pSimpleConfig->bFragmentIE && pSimpleConfig->IELen <= MAX_SIMPLE_CONFIG_IE_LEN)
{
u1Byte tempBuf[MAX_SIMPLE_CONFIG_IE_LEN];
pu1Byte currPtr;
pu1Byte currPtrAftOui;
RT_TRACE(COMP_WPS,DBG_LOUD,("ConstructProbeRequest: in Fragment IE\n"));
PlatformZeroMemory(tempBuf, MAX_SIMPLE_CONFIG_IE_LEN);
//Copy the OUI
currPtr = pSimpleConfig->IEBuf;
//Tesplan to copy the first octet in the first fragment
PlatformMoveMemory(tempBuf, currPtr, SIZE_OUI + SIZE_OUI_TYPE);
currPtr += (SIZE_OUI + SIZE_OUI_TYPE);
currPtrAftOui = &tempBuf[SIZE_OUI + SIZE_OUI_TYPE];
// the first octet
PlatformMoveMemory(currPtrAftOui, currPtr, 1);
currPtr += 1;
FillOctetString(SimpleConfigInfo,tempBuf,(SIZE_OUI + SIZE_OUI_TYPE +1));
PacketMakeElement( posFrame, EID_Vendor, SimpleConfigInfo);
// the rest octet
PlatformZeroMemory(currPtrAftOui, 1);
PlatformMoveMemory(currPtrAftOui, currPtr, (pSimpleConfig->IELen-(SIZE_OUI + SIZE_OUI_TYPE)-1) );
FillOctetString(SimpleConfigInfo,tempBuf,(pSimpleConfig->IELen-1));
PacketMakeElement( posFrame, EID_Vendor, SimpleConfigInfo);
}
else if(pSimpleConfig->IELen > MAX_SIMPLE_CONFIG_IE_LEN)
{
u1Byte tempBuf[MAX_SIMPLE_CONFIG_IE_LEN];
pu1Byte currPtr;
pu1Byte currPtrAftOui;
PlatformZeroMemory(tempBuf, MAX_SIMPLE_CONFIG_IE_LEN);
//Copy the OUI
currPtr = pSimpleConfig->IEBuf;
//Tesplan to copy the first octet in the first fragment
PlatformMoveMemory(tempBuf, currPtr, SIZE_OUI + SIZE_OUI_TYPE);
currPtr += (SIZE_OUI + SIZE_OUI_TYPE);
currPtrAftOui = &tempBuf[SIZE_OUI + SIZE_OUI_TYPE];
// the first fragment
PlatformMoveMemory(currPtrAftOui, currPtr, (MAX_SIMPLE_CONFIG_IE_LEN - (SIZE_OUI + SIZE_OUI_TYPE)));
currPtr += (MAX_SIMPLE_CONFIG_IE_LEN - (SIZE_OUI + SIZE_OUI_TYPE));
FillOctetString(SimpleConfigInfo,tempBuf,(MAX_SIMPLE_CONFIG_IE_LEN - (SIZE_OUI + SIZE_OUI_TYPE)));
PacketMakeElement( posFrame, EID_Vendor, SimpleConfigInfo);
// the rest octet
PlatformZeroMemory(currPtrAftOui, (MAX_SIMPLE_CONFIG_IE_LEN - (SIZE_OUI + SIZE_OUI_TYPE)));
PlatformMoveMemory(currPtrAftOui, currPtr, (pSimpleConfig->IELen-MAX_SIMPLE_CONFIG_IE_LEN) );
FillOctetString(SimpleConfigInfo,tempBuf,(pSimpleConfig->IELen-MAX_SIMPLE_CONFIG_IE_LEN));
PacketMakeElement( posFrame, EID_Vendor, SimpleConfigInfo);
}
else
{
FillOctetString(SimpleConfigInfo, pSimpleConfig->IEBuf, pSimpleConfig->IELen);
PacketMakeElement( posFrame, EID_Vendor, SimpleConfigInfo);
}
}
else
#endif
{
if(((pSimpleConfig->WpsIeVersion < SUPPORT_WPS_INFO_VERSION) || (wps_IsWPSIEReady(Adapter) == FALSE)) && pSimpleConfig->IELen > 0)
{
FillOctetString(SimpleConfigInfo, pSimpleConfig->IEBuf, pSimpleConfig->IELen);
PacketMakeElement( posFrame, EID_Vendor, SimpleConfigInfo);
}
else if(pSimpleConfig->WpsIeVersion == SUPPORT_WPS_INFO_VERSION)
{
switch(frameType)
{
case WPS_INFO_ASOCREQ_IE:
{
FillOctetString(SimpleConfigInfo, pSimpleConfig->ieAsocReqBuf, pSimpleConfig->ieAsocReqLen);
if(pSimpleConfig->ieAsocReqLen > 0)
PacketAppendData(posFrame, SimpleConfigInfo);
}
break;
case WPS_INFO_ASOCRSP_IE:
{
FillOctetString(SimpleConfigInfo, pSimpleConfig->ieAsocRspBuf, pSimpleConfig->ieAsocRspLen);
if(pSimpleConfig->ieAsocRspLen > 0)
PacketAppendData(posFrame, SimpleConfigInfo);
}
break;
case WPS_INFO_PROBEREQ_IE:
{
FillOctetString(SimpleConfigInfo, pSimpleConfig->ieProbeReqBuf, pSimpleConfig->ieProbeReqLen);
if(pSimpleConfig->ieProbeReqLen > 0)
PacketAppendData(posFrame, SimpleConfigInfo);
}
break;
case WPS_INFO_PROBERSP_IE:
{
FillOctetString(SimpleConfigInfo, pSimpleConfig->ieProbeRspBuf, pSimpleConfig->ieProbeRspLen);
if(pSimpleConfig->ieProbeRspLen > 0)
PacketAppendData(posFrame, SimpleConfigInfo);
}
break;
default: //for MacOS warning.
break;
}
}
}
}