/* ========================================================================== Description: IRQL = PASSIVE_LEVEL ========================================================================== */ VOID TDLS_PeerChannelSwitchReqAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { PRT_802_11_TDLS pTDLS = NULL; int LinkId = 0xff; UCHAR PeerAddr[MAC_ADDR_LEN]; BOOLEAN IsInitator; //BOOLEAN TimerCancelled; UCHAR TargetChannel; UCHAR RegulatoryClass; UCHAR NewExtChannelOffset = 0xff; UCHAR LinkIdentLen; USHORT PeerChSwitchTime; USHORT PeerChSwitchTimeOut; TDLS_LINK_IDENT_ELEMENT LinkIdent; NDIS_STATUS NStatus = NDIS_STATUS_SUCCESS; USHORT StatusCode = MLME_SUCCESS; UINT16 SwitchTime = pAd->StaCfg.TdlsInfo.TdlsSwitchTime; //micro seconds UINT16 SwitchTimeout = pAd->StaCfg.TdlsInfo.TdlsSwitchTimeout; // micro seconds DBGPRINT(RT_DEBUG_WARN,("TDLS ===> TDLS_PeerChannelSwitchReqAction() \n")); // Not TDLS Capable, ignore it if (!IS_TDLS_SUPPORT(pAd)) return; if (!INFRA_ON(pAd)) return; if (pAd->StaActive.ExtCapInfo.TDLSChSwitchProhibited == TRUE) { DBGPRINT(RT_DEBUG_OFF,("%s(%d): AP Prohibite TDLS Channel Switch !!!\n", __FUNCTION__, __LINE__)); return; } tdls_hex_dump("TDLS peer channel switch request receive pack", Elem->Msg, Elem->MsgLen); if (!PeerTdlsChannelSwitchReqSanity(pAd, Elem->Msg, Elem->MsgLen, PeerAddr, &IsInitator, &TargetChannel, &RegulatoryClass, &NewExtChannelOffset, &PeerChSwitchTime, &PeerChSwitchTimeOut, &LinkIdentLen, &LinkIdent)) { DBGPRINT(RT_DEBUG_ERROR,("%s(%d): from %02x:%02x:%02x:%02x:%02x:%02x Sanity Check Fail !!!\n", __FUNCTION__,__LINE__, PeerAddr[0], PeerAddr[1], PeerAddr[2], PeerAddr[3], PeerAddr[4], PeerAddr[5])); return; } DBGPRINT(RT_DEBUG_WARN,("%s(%d): from %02x:%02x:%02x:%02x:%02x:%02x !!!\n", __FUNCTION__,__LINE__, PeerAddr[0], PeerAddr[1], PeerAddr[2], PeerAddr[3], PeerAddr[4], PeerAddr[5])); DBGPRINT(RT_DEBUG_ERROR, ("300. %ld !!!\n", (jiffies * 1000) / OS_HZ)); // Drop not within my TDLS Table that created before ! LinkId = TDLS_SearchLinkId(pAd, PeerAddr); if (LinkId == -1 || LinkId == MAX_NUM_OF_TDLS_ENTRY) { DBGPRINT(RT_DEBUG_ERROR,("%s(%d): can not find from %02x:%02x:%02x:%02x:%02x:%02x on TDLS entry !!!\n", __FUNCTION__,__LINE__, PeerAddr[0], PeerAddr[1], PeerAddr[2], PeerAddr[3], PeerAddr[4], PeerAddr[5])); return; } if (pAd->StaCfg.bChannelSwitchInitiator == FALSE) { pAd->StaCfg.TdlsForcePowerSaveWithAP = TRUE; if (pAd->StaCfg.bTdlsNoticeAPPowerSave == FALSE) { pAd->StaCfg.TdlsSendNullFrameCount = 0; pAd->StaCfg.bTdlsNoticeAPPowerSave = TRUE; RTMPSendNullFrame(pAd, pAd->CommonCfg.TxRate, TRUE, TRUE); } else { pAd->StaCfg.TdlsSendNullFrameCount++; if (pAd->StaCfg.TdlsSendNullFrameCount >= 200) pAd->StaCfg.bTdlsNoticeAPPowerSave = FALSE; } } // Point to the current Link ID pTDLS = &pAd->StaCfg.TdlsInfo.TDLSEntry[LinkId]; if (SwitchTime >= PeerChSwitchTime) PeerChSwitchTime = SwitchTime; if (SwitchTimeout >= PeerChSwitchTimeOut) PeerChSwitchTimeOut = SwitchTimeout; if (RtmpPktPmBitCheck(pAd)) { RTMP_SET_PSM_BIT(pAd, PWR_ACTIVE); TDLS_SendNullFrame(pAd, pAd->CommonCfg.TxRate, TRUE, 0); } { UINT32 macCfg, TxCount; UINT32 MTxCycle; RTMP_IO_READ32(pAd, TX_REPORT_CNT, &macCfg); if (TargetChannel != pAd->CommonCfg.Channel) NStatus = TDLS_ChannelSwitchRspAction(pAd, pTDLS, PeerChSwitchTime, PeerChSwitchTimeOut, StatusCode, RTMP_TDLS_SPECIFIC_CS_RSP_WAIT_ACK); else NStatus = TDLS_ChannelSwitchRspAction(pAd, pTDLS, PeerChSwitchTime, PeerChSwitchTimeOut, StatusCode, (RTMP_TDLS_SPECIFIC_CS_RSP_WAIT_ACK + RTMP_TDLS_SPECIFIC_HCCA)); for (MTxCycle = 0; MTxCycle < 500; MTxCycle++) { RTMP_IO_READ32(pAd, TX_REPORT_CNT, &macCfg); TxCount = macCfg & 0x0000ffff; if (TxCount > 0) { DBGPRINT(RT_DEBUG_ERROR, ("MTxCycle = %d, %ld !!!\n", MTxCycle, (jiffies * 1000) / OS_HZ)); break; } else RTMPusecDelay(50); } if (MTxCycle >= 500) { NStatus = NDIS_STATUS_FAILURE; DBGPRINT(RT_DEBUG_OFF,("TDLS Transmit Channel Switch Response Fail !!!\n")); } } if (NStatus == NDIS_STATUS_SUCCESS) { { if (TargetChannel != pAd->CommonCfg.Channel) { BOOLEAN TimerCancelled; //ULONG Now, temp1, temp2, temp3; pAd->StaCfg.TdlsCurrentChannel = TargetChannel; if (NewExtChannelOffset != 0) pAd->StaCfg.TdlsCurrentChannelBW = NewExtChannelOffset; else pAd->StaCfg.TdlsCurrentChannelBW = EXTCHA_NONE; pTDLS->ChSwitchTime = PeerChSwitchTime; pAd->StaCfg.TdlsGlobalSwitchTime = PeerChSwitchTime; pTDLS->ChSwitchTimeout = PeerChSwitchTimeOut; pAd->StaCfg.TdlsGlobalSwitchTimeOut = PeerChSwitchTimeOut; RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH); //Cancel the timer since the received packet to me. #ifdef TDLS_HWTIMER_SUPPORT TDLS_SetChannelSwitchTimer(pAd, (PeerChSwitchTimeOut / 1000)); #else RTMPCancelTimer(&pTDLS->ChannelSwitchTimeoutTimer, &TimerCancelled); NdisGetSystemUpTime(&pTDLS->ChannelSwitchTimerStartTime); RTMPSetTimer(&pTDLS->ChannelSwitchTimeoutTimer, (PeerChSwitchTimeOut / 1000)); #endif // TDLS_HWTIMER_SUPPORT // RTMPCancelTimer(&pAd->StaCfg.TdlsDisableChannelSwitchTimer, &TimerCancelled); pAd->StaCfg.bTdlsCurrentDoingChannelSwitchWaitSuccess = TRUE; pAd->StaCfg.bDoingPeriodChannelSwitch = TRUE; if (RTDebugLevel < RT_DEBUG_ERROR) RTMPusecDelay(300); else DBGPRINT(RT_DEBUG_ERROR, ("1041. %ld !!!\n", (jiffies * 1000) / OS_HZ)); TDLS_InitChannelRelatedValue(pAd, pAd->StaCfg.TdlsCurrentChannel, pAd->StaCfg.TdlsCurrentChannelBW); } else { pTDLS->bDoingPeriodChannelSwitch = FALSE; pAd->StaCfg.bDoingPeriodChannelSwitch = FALSE; pAd->StaCfg.TdlsForcePowerSaveWithAP = FALSE; pAd->StaCfg.bTdlsNoticeAPPowerSave = FALSE; RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH); RTMPusecDelay(300); if (pAd->CommonCfg.CentralChannel > pAd->CommonCfg.Channel) TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_ABOVE); else if (pAd->CommonCfg.CentralChannel < pAd->CommonCfg.Channel) TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_BELOW); else TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_NONE); TDLS_EnablePktChannel(pAd, TDLS_FIFO_ALL); RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH); RTMPSendNullFrame(pAd, pAd->CommonCfg.TxRate, TRUE, FALSE); } } } DBGPRINT(RT_DEBUG_WARN,("TDLS <=== TDLS_PeerChannelSwitchReqAction() \n")); return; }
/* ========================================================================== Description: IRQL = DISPATCH_LEVEL ========================================================================== */ VOID PeerAuthRspAtSeq2Action(RTMP_ADAPTER *pAd, MLME_QUEUE_ELEM * Elem) { UCHAR Addr2[MAC_ADDR_LEN]; USHORT Seq, Status, RemoteStatus, Alg; UCHAR iv_hdr[4]; UCHAR *ChlgText = NULL; UCHAR *CyperChlgText = NULL; ULONG c_len = 0; HEADER_802_11 AuthHdr; BOOLEAN TimerCancelled; PUCHAR pOutBuffer = NULL; NDIS_STATUS NStatus; ULONG FrameLen = 0; USHORT Status2; UCHAR ChallengeIe = IE_CHALLENGE_TEXT; UCHAR len_challengeText = CIPHER_TEXT_LEN; os_alloc_mem(NULL, (UCHAR **) & ChlgText, CIPHER_TEXT_LEN); if (ChlgText == NULL) { DBGPRINT(RT_DEBUG_ERROR, ("%s: alloc mem fail\n", __FUNCTION__)); return; } os_alloc_mem(NULL, (UCHAR **) & CyperChlgText, CIPHER_TEXT_LEN + 8 + 8); if (CyperChlgText == NULL) { DBGPRINT(RT_DEBUG_ERROR, ("%s: CyperChlgText Allocate memory fail!!!\n", __FUNCTION__)); os_free_mem(NULL, ChlgText); return; } if (PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, (PCHAR)ChlgText)) { if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 2) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n", Alg, Status)); RTMPCancelTimer(&pAd->MlmeAux.AuthTimer, &TimerCancelled); if (Status == MLME_SUCCESS) { /* Authentication Mode "LEAP" has allow for CCX 1.X */ if (pAd->MlmeAux.Alg == Ndis802_11AuthModeOpen) { pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status, 0); } else { struct wifi_dev *wdev = &pAd->StaCfg.wdev; /* 2. shared key, need to be challenged */ Seq++; RemoteStatus = MLME_SUCCESS; /* Get an unused nonpaged memory */ NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - PeerAuthRspAtSeq2Action() allocate memory fail\n")); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status2 = MLME_FAIL_NO_RESOURCE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status2, 0); goto LabelOK; } DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send AUTH request seq#3...\n")); MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr2, pAd->CurrentAddress, pAd->MlmeAux.Bssid); AuthHdr.FC.Wep = 1; /* TSC increment */ INC_TX_TSC(pAd->SharedKey[BSS0][wdev->DefaultKeyId].TxTsc, LEN_WEP_TSC); /* Construct the 4-bytes WEP IV header */ RTMPConstructWEPIVHdr(wdev->DefaultKeyId, pAd->SharedKey[BSS0][wdev->DefaultKeyId].TxTsc, iv_hdr); Alg = cpu2le16(*(USHORT *) & Alg); Seq = cpu2le16(*(USHORT *) & Seq); RemoteStatus = cpu2le16(*(USHORT *) &RemoteStatus); /* Construct message text */ MakeOutgoingFrame(CyperChlgText, &c_len, 2, &Alg, 2, &Seq, 2, &RemoteStatus, 1, &ChallengeIe, 1, &len_challengeText, len_challengeText, ChlgText, END_OF_ARGS); if (RTMPSoftEncryptWEP(pAd, iv_hdr, &pAd->SharedKey[BSS0][wdev->DefaultKeyId], CyperChlgText, c_len) == FALSE) { MlmeFreeMemory(pAd, pOutBuffer); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status2 = MLME_FAIL_NO_RESOURCE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status2, 0); goto LabelOK; } /* Update the total length for 4-bytes ICV */ c_len += LEN_ICV; MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof (HEADER_802_11), &AuthHdr, LEN_WEP_IV_HDR, iv_hdr, c_len, CyperChlgText, END_OF_ARGS); MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); RTMPSetTimer(&pAd->MlmeAux.AuthTimer, AUTH_TIMEOUT); pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ4; } } else { pAd->StaCfg.AuthFailReason = Status; COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status, 0); } } } else { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - PeerAuthSanity() sanity check fail\n")); } LabelOK: if (ChlgText != NULL) os_free_mem(NULL, ChlgText); if (CyperChlgText != NULL) os_free_mem(NULL, CyperChlgText); return; }
/* ========================================================================== Description: ========================================================================== */ VOID MlmeAuthReqAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { UCHAR Addr[MAC_ADDR_LEN]; USHORT Alg, Seq, Status; ULONG Timeout; HEADER_802_11 AuthHdr; PUCHAR pOutBuffer = NULL; ULONG FrameLen = 0; USHORT NStatus; // Block all authentication request durning WPA block period if (pAd->PortCfg.bBlockAssoc == TRUE) { DBGPRINT(RT_DEBUG_TRACE, "AUTH - Block Auth request durning WPA block period!\n"); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status = MLME_STATE_MACHINE_REJECT; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status); } else if(MlmeAuthReqSanity(pAd, Elem->Msg, Elem->MsgLen, Addr, &Timeout, &Alg)) { // reset timer if caller isn't the timer function itself if (timer_pending(&pAd->MlmeAux.AuthTimer.Timer)) RTMPCancelTimer(&pAd->MlmeAux.AuthTimer); COPY_MAC_ADDR(pAd->MlmeAux.Bssid, Addr); pAd->MlmeAux.Alg = Alg; Seq = 1; Status = MLME_SUCCESS; // allocate and send out AuthReq frame NStatus = MlmeAllocateMemory(pAd, (PVOID)&pOutBuffer); //Get an unused nonpaged memory if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, "AUTH - MlmeAuthReqAction() allocate memory failed\n"); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status = MLME_FAIL_NO_RESOURCE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status); return; } DBGPRINT(RT_DEBUG_TRACE, "AUTH - Send AUTH request seq#1 (Alg=%d) %d...\n", Alg, pAd->LatchRfRegs.Channel); MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr, pAd->MlmeAux.Bssid); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11),&AuthHdr, 2, &Alg, 2, &Seq, 2, &Status, END_OF_ARGS); MiniportMMRequest(pAd, pOutBuffer, FrameLen); RTMPSetTimer(pAd, &pAd->MlmeAux.AuthTimer, AUTH_TIMEOUT); pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ2; } else { DBGPRINT(RT_DEBUG_ERROR, "AUTH - MlmeAuthReqAction() sanity check failed. BUG!!!!!\n"); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status = MLME_INVALID_FORMAT; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status); } }
/* ======================================================================== Routine Description: Set LED Status Arguments: pAd Pointer to our adapter Status LED Status Return Value: None IRQL = PASSIVE_LEVEL IRQL = DISPATCH_LEVEL Note: ======================================================================== */ VOID RTMPSetLEDStatus( IN PRTMP_ADAPTER pAd, IN UCHAR Status) { /*ULONG data; */ UCHAR LinkStatus = 0; UCHAR LedMode; UCHAR MCUCmd = 0; BOOLEAN bIgnored = FALSE; #ifdef WSC_INCLUDED #ifdef WSC_LED_SUPPORT PWSC_CTRL pWscControl = NULL; #ifdef CONFIG_AP_SUPPORT pWscControl = &pAd->ApCfg.MBSSID[MAIN_MBSSID].WscControl; #endif /* CONFIG_AP_SUPPORT */ #ifdef CONFIG_STA_SUPPORT pWscControl = &pAd->StaCfg.WscControl; #endif /* CONFIG_STA_SUPPORT */ #endif /* WSC_LED_SUPPORT */ #endif /* WSC_INCLUDED */ #ifdef RALINK_ATE /* In ATE mode of RT2860 AP/STA, we have erased 8051 firmware. So LED mode is not supported when ATE is running. */ if (!IS_RT3572(pAd)) { if (ATE_ON(pAd)) return; } #endif /* RALINK_ATE */ #ifdef RTMP_MAC_USB #ifdef STATS_COUNT_SUPPORT if(RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF)) return; #endif /* STATS_COUNT_SUPPORT */ #endif /* RTMP_MAC_USB */ LedMode = LED_MODE(pAd); switch (Status) { case LED_LINK_DOWN: LinkStatus = LINK_STATUS_LINK_DOWN; pAd->LedCntl.LedIndicatorStrength = 0; MCUCmd = MCU_SET_LED_MODE; break; case LED_LINK_UP: if (pAd->CommonCfg.Channel > 14) LinkStatus = LINK_STATUS_ABAND_LINK_UP; else LinkStatus = LINK_STATUS_GBAND_LINK_UP; MCUCmd = MCU_SET_LED_MODE; break; case LED_RADIO_ON: LinkStatus = LINK_STATUS_RADIO_ON; MCUCmd = MCU_SET_LED_MODE; break; case LED_HALT: LedMode = 0; /* Driver sets MAC register and MAC controls LED */ case LED_RADIO_OFF: LinkStatus = LINK_STATUS_RADIO_OFF; MCUCmd = MCU_SET_LED_MODE; break; case LED_WPS: LinkStatus = LINK_STATUS_WPS; MCUCmd = MCU_SET_LED_MODE; break; case LED_ON_SITE_SURVEY: LinkStatus = LINK_STATUS_ON_SITE_SURVEY; MCUCmd = MCU_SET_LED_MODE; break; case LED_POWER_UP: LinkStatus = LINK_STATUS_POWER_UP; MCUCmd = MCU_SET_LED_MODE; break; #ifdef RALINK_ATE #endif /* RALINK_ATE */ #ifdef WSC_INCLUDED #ifdef WSC_LED_SUPPORT case LED_WPS_IN_PROCESS: if (WscSupportWPSLEDMode(pAd)) { LinkStatus = LINK_STATUS_WPS_IN_PROCESS; MCUCmd = MCU_SET_WPS_LED_MODE; pWscControl->WscLEDMode = LED_WPS_IN_PROCESS; DBGPRINT(RT_DEBUG_TRACE, ("%s: LED_WPS_IN_PROCESS\n", __FUNCTION__)); } else bIgnored = TRUE; break; case LED_WPS_ERROR: if (WscSupportWPSLEDMode(pAd)) { /* In the case of LED mode 9, the error LED should be turned on only after WPS walk time expiration. */ if ((pWscControl->bWPSWalkTimeExpiration == FALSE) && (LED_MODE(pAd) == WPS_LED_MODE_9)) { /* do nothing. */ } else { LinkStatus = LINK_STATUS_WPS_ERROR; MCUCmd = MCU_SET_WPS_LED_MODE; } pWscControl->WscLEDMode = LED_WPS_ERROR; pWscControl->WscLastWarningLEDMode = LED_WPS_ERROR; } else bIgnored = TRUE; break; case LED_WPS_SESSION_OVERLAP_DETECTED: if (WscSupportWPSLEDMode(pAd)) { LinkStatus = LINK_STATUS_WPS_SESSION_OVERLAP_DETECTED; MCUCmd = MCU_SET_WPS_LED_MODE; pWscControl->WscLEDMode = LED_WPS_SESSION_OVERLAP_DETECTED; pWscControl->WscLastWarningLEDMode = LED_WPS_SESSION_OVERLAP_DETECTED; } else bIgnored = TRUE; break; case LED_WPS_SUCCESS: if (WscSupportWPSLEDMode(pAd)) { if ((LED_MODE(pAd) == WPS_LED_MODE_7) || (LED_MODE(pAd) == WPS_LED_MODE_11) || (LED_MODE(pAd) == WPS_LED_MODE_12) ) { /* In the WPS LED mode 7, 11 and 12, the blue LED would last 300 seconds regardless of the AP's security settings. */ LinkStatus = LINK_STATUS_WPS_SUCCESS_WITH_SECURITY; MCUCmd = MCU_SET_WPS_LED_MODE; pWscControl->WscLEDMode = LED_WPS_SUCCESS; /* Turn off the WPS successful LED pattern after 300 seconds. */ RTMPSetTimer(&pWscControl->WscLEDTimer, WSC_SUCCESSFUL_LED_PATTERN_TIMEOUT); } else if (LED_MODE(pAd) == WPS_LED_MODE_8) /* The WPS LED mode 8 */ { if (WscAPHasSecuritySetting(pAd, pWscControl)) /* The WPS AP has the security setting. */ { LinkStatus = LINK_STATUS_WPS_SUCCESS_WITH_SECURITY; MCUCmd = MCU_SET_WPS_LED_MODE; pWscControl->WscLEDMode = LED_WPS_SUCCESS; /* Turn off the WPS successful LED pattern after 300 seconds. */ RTMPSetTimer(&pWscControl->WscLEDTimer, WSC_SUCCESSFUL_LED_PATTERN_TIMEOUT); } else /* The WPS AP does not have the secuirty setting. */ { LinkStatus = LINK_STATUS_WPS_SUCCESS_WITHOUT_SECURITY; MCUCmd = MCU_SET_WPS_LED_MODE; pWscControl->WscLEDMode = LED_WPS_SUCCESS; /* Turn off the WPS successful LED pattern after 300 seconds. */ RTMPSetTimer(&pWscControl->WscLEDTimer, WSC_SUCCESSFUL_LED_PATTERN_TIMEOUT); } } else if (LED_MODE(pAd) == WPS_LED_MODE_9) /* The WPS LED mode 9. */ { /* Always turn on the WPS blue LED for 300 seconds. */ LinkStatus = LINK_STATUS_WPS_BLUE_LED; MCUCmd = MCU_SET_WPS_LED_MODE; pWscControl->WscLEDMode = LED_WPS_SUCCESS; /* Turn off the WPS successful LED pattern after 300 seconds. */ RTMPSetTimer(&pWscControl->WscLEDTimer, WSC_SUCCESSFUL_LED_PATTERN_TIMEOUT); } else { DBGPRINT(RT_DEBUG_TRACE, ("%s: LED_WPS_SUCCESS (Incorrect LED mode = %d)\n", __FUNCTION__, LED_MODE(pAd))); ASSERT(FALSE); } } else bIgnored = TRUE; break; case LED_WPS_TURN_LED_OFF: if (WscSupportWPSLEDMode(pAd)) { LinkStatus = LINK_STATUS_WPS_TURN_LED_OFF; MCUCmd = MCU_SET_WPS_LED_MODE; pWscControl->WscLEDMode = LED_WPS_TURN_LED_OFF; } else bIgnored = TRUE; break; case LED_WPS_TURN_ON_BLUE_LED: if (WscSupportWPSLEDMode(pAd)) { LinkStatus = LINK_STATUS_WPS_BLUE_LED; MCUCmd = MCU_SET_WPS_LED_MODE; pWscControl->WscLEDMode = LED_WPS_SUCCESS; } else bIgnored = TRUE; break; case LED_NORMAL_CONNECTION_WITHOUT_SECURITY: if (WscSupportWPSLEDMode(pAd)) { LinkStatus = LINK_STATUS_NORMAL_CONNECTION_WITHOUT_SECURITY; MCUCmd = MCU_SET_WPS_LED_MODE; pWscControl->WscLEDMode = LED_WPS_SUCCESS; } else bIgnored = TRUE; break; case LED_NORMAL_CONNECTION_WITH_SECURITY: if (WscSupportWPSLEDMode(pAd)) { LinkStatus = LINK_STATUS_NORMAL_CONNECTION_WITH_SECURITY; MCUCmd = MCU_SET_WPS_LED_MODE; pWscControl->WscLEDMode = LED_WPS_SUCCESS; } else bIgnored = TRUE; break; /*WPS LED Mode 10 */ case LED_WPS_MODE10_TURN_ON: if(WscSupportWPSLEDMode10(pAd)) { LinkStatus = LINK_STATUS_WPS_MODE10_TURN_ON; MCUCmd = MCU_SET_WPS_LED_MODE; } else bIgnored = TRUE; break; case LED_WPS_MODE10_FLASH: if(WscSupportWPSLEDMode10(pAd)) { LinkStatus = LINK_STATUS_WPS_MODE10_FLASH; MCUCmd = MCU_SET_WPS_LED_MODE; } else bIgnored = TRUE; break; case LED_WPS_MODE10_TURN_OFF: if(WscSupportWPSLEDMode10(pAd)) { LinkStatus = LINK_STATUS_WPS_MODE10_TURN_OFF; MCUCmd = MCU_SET_WPS_LED_MODE;; } else bIgnored = TRUE; break; #endif /* WSC_LED_SUPPORT */ #endif /* WSC_INCLUDED */ default: DBGPRINT(RT_DEBUG_WARN, ("RTMPSetLED::Unknown Status 0x%x\n", Status)); break; } if (MCUCmd) { AsicSendCommandToMcu(pAd, MCUCmd, 0xff, LedMode, LinkStatus, FALSE); DBGPRINT(RT_DEBUG_TRACE, ("%s: MCUCmd:0x%x, LED Mode:0x%x, LinkStatus:0x%x\n", __FUNCTION__, MCUCmd, LedMode, LinkStatus)); } /* */ /* Keep LED status for LED SiteSurvey mode. */ /* After SiteSurvey, we will set the LED mode to previous status. */ /* */ if ((Status != LED_ON_SITE_SURVEY) && (Status != LED_POWER_UP) && (bIgnored == FALSE)) pAd->LedCntl.LedStatus = Status; }
void PeerAuthRspAtSeq2Action(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem) { u8 Addr2[MAC_ADDR_LEN]; u16 Seq, Status, RemoteStatus, Alg; u8 ChlgText[CIPHER_TEXT_LEN]; u8 CyperChlgText[CIPHER_TEXT_LEN + 8 + 8]; u8 Element[2]; struct rt_header_802_11 AuthHdr; BOOLEAN TimerCancelled; u8 *pOutBuffer = NULL; int NStatus; unsigned long FrameLen = 0; u16 Status2; if (PeerAuthSanity (pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, (char *)ChlgText)) { if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 2) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n", Alg, Status)); RTMPCancelTimer(&pAd->MlmeAux.AuthTimer, &TimerCancelled); if (Status == MLME_SUCCESS) { /* Authentication Mode "LEAP" has allow for CCX 1.X */ if (pAd->MlmeAux.Alg == Ndis802_11AuthModeOpen) { pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status); } else { /* 2. shared key, need to be challenged */ Seq++; RemoteStatus = MLME_SUCCESS; /* Get an unused nonpaged memory */ NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - PeerAuthRspAtSeq2Action() allocate memory fail\n")); pAd->Mlme.AuthMachine. CurrState = AUTH_REQ_IDLE; Status2 = MLME_FAIL_NO_RESOURCE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status2); return; } DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send AUTH request seq#3...\n")); MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr2, pAd->MlmeAux.Bssid); AuthHdr.FC.Wep = 1; /* Encrypt challenge text & auth information */ RTMPInitWepEngine(pAd, pAd-> SharedKey[BSS0][pAd-> StaCfg. DefaultKeyId]. Key, pAd->StaCfg. DefaultKeyId, pAd-> SharedKey[BSS0][pAd-> StaCfg. DefaultKeyId]. KeyLen, CyperChlgText); Alg = cpu2le16(*(u16 *) & Alg); Seq = cpu2le16(*(u16 *) & Seq); RemoteStatus = cpu2le16(*(u16 *) & RemoteStatus); RTMPEncryptData(pAd, (u8 *)& Alg, CyperChlgText + 4, 2); RTMPEncryptData(pAd, (u8 *)& Seq, CyperChlgText + 6, 2); RTMPEncryptData(pAd, (u8 *)& RemoteStatus, CyperChlgText + 8, 2); Element[0] = 16; Element[1] = 128; RTMPEncryptData(pAd, Element, CyperChlgText + 10, 2); RTMPEncryptData(pAd, ChlgText, CyperChlgText + 12, 128); RTMPSetICV(pAd, CyperChlgText + 140); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(struct rt_header_802_11), &AuthHdr, CIPHER_TEXT_LEN + 16, CyperChlgText, END_OF_ARGS); MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); RTMPSetTimer(&pAd->MlmeAux.AuthTimer, AUTH_TIMEOUT); pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ4; } } else { pAd->StaCfg.AuthFailReason = Status; COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status); } } } else { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - PeerAuthSanity() sanity check fail\n")); } }
int RtmpAsicSendCommandToSwMcu( IN RTMP_ADAPTER *pAd, IN UCHAR Command, IN UCHAR Token, IN UCHAR Arg0, IN UCHAR Arg1) { BBP_CSR_CFG_STRUC BbpCsr, BbpCsr2; int j, k; UINT16 Temp; #ifdef LED_CONTROL_SUPPORT PSWMCU_LED_CONTROL pSWMCULedCntl = &pAd->LedCntl.SWMCULedCntl; #endif // LED_CONTROL_SUPPORT // switch(Command) { case 0x80: RTMP_IO_READ32(pAd, H2M_BBP_AGENT, &BbpCsr.word); if ((BbpCsr.field.Busy != 1) || (BbpCsr.field.BBP_RW_MODE != 1)) DBGPRINT(RT_DEBUG_ERROR, ("error read write BBP 1\n")); for (j=0; j<MAX_BUSY_COUNT; j++) { RTMP_IO_READ32(pAd, BBP_CSR_CFG, &BbpCsr2.word); if (BbpCsr2.field.Busy == BUSY) { continue; } BbpCsr2.word = BbpCsr.word; RTMP_IO_WRITE32(pAd, BBP_CSR_CFG, BbpCsr2.word); if (BbpCsr.field.fRead == 1) { // read for (k=0; k<MAX_BUSY_COUNT; k++) { RTMP_IO_READ32(pAd, BBP_CSR_CFG, &BbpCsr2.word); if (BbpCsr2.field.Busy == IDLE) break; } if (k == MAX_BUSY_COUNT) DBGPRINT(RT_DEBUG_ERROR, ("error read write BBP 2\n")); if ((BbpCsr2.field.Busy == IDLE) && (BbpCsr2.field.RegNum == BbpCsr.field.RegNum)) { BbpCsr.field.Value = BbpCsr2.field.Value; BbpCsr.field.Busy = IDLE; RTMP_IO_WRITE32(pAd, H2M_BBP_AGENT, BbpCsr.word); break; } } else { //write BbpCsr.field.Busy = IDLE; RTMP_IO_WRITE32(pAd, H2M_BBP_AGENT, BbpCsr.word); pAd->BbpWriteLatch[BbpCsr.field.RegNum] = BbpCsr2.field.Value; break; } } if (j == MAX_BUSY_COUNT) { DBGPRINT(RT_DEBUG_ERROR, ("error read write BBP 3\n")); if (BbpCsr.field.Busy != IDLE) { BbpCsr.field.Busy = IDLE; RTMP_IO_WRITE32(pAd, H2M_BBP_AGENT, BbpCsr.word); } } break; case 0x30: break; case 0x31: break; #ifdef LED_CONTROL_SUPPORT #ifdef CONFIG_WIFI_LED_SHARE case MCU_SET_WPS_LED_MODE: pSWMCULedCntl->LedParameter.LedMode = Arg0; pSWMCULedCntl->LinkStatus = Arg1; SetWPSLinkStatus(pAd); break; #endif // CONFIG_WIFI_LED_SHARE // case MCU_SET_LED_MODE: pSWMCULedCntl->LedParameter.LedMode = Arg0; pSWMCULedCntl->LinkStatus = Arg1; SetLedLinkStatus(pAd); break; case MCU_SET_LED_GPIO_SIGNAL_CFG: pSWMCULedCntl->GPIOPolarity = Arg1; pSWMCULedCntl->SignalStrength = Arg0; break; case MCU_SET_LED_AG_CFG: Temp = ((UINT16)Arg1 << 8) | (UINT16)Arg0; NdisMoveMemory(&pSWMCULedCntl->LedParameter.LedAgCfg, &Temp, 2); break; case MCU_SET_LED_ACT_CFG: Temp = ((UINT16)Arg1 << 8) | (UINT16)Arg0; NdisMoveMemory(&pSWMCULedCntl->LedParameter.LedActCfg, &Temp, 2); break; case MCU_SET_LED_POLARITY: Temp = ((UINT16)Arg1 << 8) | (UINT16)Arg0; NdisMoveMemory(&pSWMCULedCntl->LedParameter.LedPolarityCfg, &Temp, 2); break; #endif // LED_CONTROL_SUPPORT // // 2880-SW-MCU #ifdef CONFIG_AP_SUPPORT #ifdef DFS_SUPPORT case 0x60: if (Arg0 == 0 && Arg1 == 0) { ULONG Value; pAd->CommonCfg.McuRadarCmd &= ~(RADAR_DETECTION); if (pAd->CommonCfg.McuRadarCmd == DETECTION_STOP) { DBGPRINT(RT_DEBUG_TRACE, ("AsicSendCommandToMcu 0x60 ==> stop detection\n")); #ifdef RTMP_RBUS_SUPPORT unregister_tmr_service(); #else BOOLEAN Cancelled; RTMPCancelTimer(&pAd->CommonCfg.CSWatchDogTimer, &Cancelled); #endif // RTMP_RBUS_SUPPORT // RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value); Value |= 0x04; RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value); } } else { if (!(pAd->CommonCfg.McuRadarCmd & RADAR_DETECTION)) { pAd->CommonCfg.McuRadarPeriod = Arg0; pAd->CommonCfg.McuRadarDetectPeriod = Arg1 & 0x1f; pAd->CommonCfg.McuRadarCtsProtect = (Arg1 & 0x60) >> 5; pAd->CommonCfg.McuRadarState = WAIT_CTS_BEING_SENT; pAd->CommonCfg.McuRadarTick = pAd->CommonCfg.McuRadarPeriod; pAd->CommonCfg.McuRadarDetectCount = 0; RTMPPrepareRDCTSFrame(pAd, pAd->CurrentAddress, (pAd->CommonCfg.McuRadarDetectPeriod * 1000 + 100), pAd->CommonCfg.RtsRate, HW_DFS_CTS_BASE, IFS_SIFS); if (pAd->CommonCfg.McuRadarCmd == DETECTION_STOP) { pAd->CommonCfg.McuRadarCmd |= RADAR_DETECTION; pAd->CommonCfg.McuRadarProtection = 0; #ifdef RTMP_RBUS_SUPPORT request_tmr_service(1, &TimerCB, pAd); #else RTMPInitTimer(pAd, &pAd->CommonCfg.CSWatchDogTimer, GET_TIMER_FUNCTION(TimerCB), pAd, TRUE); RTMPSetTimer(&pAd->CommonCfg.DFSWatchDogTimer, NEW_DFS_WATCH_DOG_TIME); #endif // DFS_ARCH_TEAM // } else pAd->CommonCfg.McuRadarCmd |= RADAR_DETECTION; #ifdef RTMP_RBUS_SUPPORT request_tmr_service(1, &TimerCB, pAd); #else RTMPInitTimer(pAd, &pAd->CommonCfg.CSWatchDogTimer, GET_TIMER_FUNCTION(TimerCB), pAd, TRUE); RTMPSetTimer(&pAd->CommonCfg.DFSWatchDogTimer, NEW_DFS_WATCH_DOG_TIME); #endif // DFS_ARCH_TEAM // } else { pAd->CommonCfg.McuRadarPeriod = Arg0; pAd->CommonCfg.McuRadarDetectPeriod = Arg1 & 0x1f; pAd->CommonCfg.McuRadarCtsProtect = (Arg1 & 0x60) >> 5; RTMPPrepareRDCTSFrame(pAd, pAd->CurrentAddress, (pAd->CommonCfg.McuRadarDetectPeriod * 1000 + 100), pAd->CommonCfg.RtsRate, HW_DFS_CTS_BASE, IFS_SIFS); } }
/* * generate ADDBA request to * set up BA agreement */ VOID BAOriSessionSetUp( IN PRTMP_ADAPTER pAd, IN MAC_TABLE_ENTRY *pEntry, IN UCHAR TID, IN USHORT TimeOut, IN ULONG DelayTime, IN BOOLEAN isForced) { /*MLME_ADDBA_REQ_STRUCT AddbaReq;*/ BA_ORI_ENTRY *pBAEntry = NULL; USHORT Idx; BOOLEAN Cancelled; ASSERT(TID < NUM_OF_TID); if (TID >= NUM_OF_TID) { DBGPRINT(RT_DEBUG_TRACE, ("Wrong TID %d!\n", TID)); return; } if ((pAd->CommonCfg.BACapability.field.AutoBA != TRUE) && (isForced == FALSE)) return; /* if this entry is limited to use legacy tx mode, it doesn't generate BA. */ if (RTMPStaFixedTxMode(pAd, pEntry) != FIXED_TXMODE_HT) return; if ((pEntry->BADeclineBitmap & (1<<TID)) && (isForced == FALSE)) { /* try again after 3 secs*/ DelayTime = 3000; /* DBGPRINT(RT_DEBUG_TRACE, ("DeCline BA from Peer\n"));*/ /* return;*/ } Idx = pEntry->BAOriWcidArray[TID]; if (Idx == 0) { /* allocate a BA session*/ pBAEntry = BATableAllocOriEntry(pAd, &Idx); if (pBAEntry == NULL) { DBGPRINT(RT_DEBUG_TRACE,("ADDBA - MlmeADDBAAction() allocate BA session failed \n")); return; } } else { pBAEntry =&pAd->BATable.BAOriEntry[Idx]; } if (pBAEntry->ORI_BA_Status >= Originator_WaitRes) { return; } pEntry->BAOriWcidArray[TID] = Idx; /* Initialize BA session */ pBAEntry->ORI_BA_Status = Originator_WaitRes; pBAEntry->Wcid = pEntry->Aid; pBAEntry->BAWinSize = pAd->CommonCfg.BACapability.field.RxBAWinLimit; pBAEntry->Sequence = BA_ORI_INIT_SEQ; pBAEntry->Token = 1; /* (2008-01-21) Jan Lee recommends it - this token can't be 0*/ pBAEntry->TID = TID; pBAEntry->TimeOutValue = TimeOut; pBAEntry->pAdapter = pAd; if (!(pEntry->TXBAbitmap & (1<<TID))) { RTMPInitTimer(pAd, &pBAEntry->ORIBATimer, GET_TIMER_FUNCTION(BAOriSessionSetupTimeout), pBAEntry, FALSE); } else RTMPCancelTimer(&pBAEntry->ORIBATimer, &Cancelled); /* set timer to send ADDBA request */ RTMPSetTimer(&pBAEntry->ORIBATimer, DelayTime); }
VOID WPARetryExec( IN PVOID SystemSpecific1, IN PVOID FunctionContext, IN PVOID SystemSpecific2, IN PVOID SystemSpecific3) { MAC_TABLE_ENTRY *pEntry = (MAC_TABLE_ENTRY *)FunctionContext; if ((pEntry) && IS_ENTRY_CLIENT(pEntry)) { PRTMP_ADAPTER pAd = (PRTMP_ADAPTER)pEntry->pAd; pEntry->ReTryCounter++; DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec---> ReTryCounter=%d, WpaState=%d \n", pEntry->ReTryCounter, pEntry->WpaState)); switch (pEntry->AuthMode) { case Ndis802_11AuthModeWPA: case Ndis802_11AuthModeWPAPSK: case Ndis802_11AuthModeWPA2: case Ndis802_11AuthModeWPA2PSK: /* 1. GTK already retried, give up and disconnect client. */ if (pEntry->ReTryCounter > (GROUP_MSG1_RETRY_TIMER_CTR + 1)) { /* send wireless event - for group key handshaking timeout */ RTMPSendWirelessEvent(pAd, IW_GROUP_HS_TIMEOUT_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0); DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::Group Key HS exceed retry count, Disassociate client, pEntry->ReTryCounter %d\n", pEntry->ReTryCounter)); MlmeDeAuthAction(pAd, pEntry, REASON_GROUP_KEY_HS_TIMEOUT, FALSE); } /* 2. Retry GTK. */ else if (pEntry->ReTryCounter > GROUP_MSG1_RETRY_TIMER_CTR) { DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::ReTry 2-way group-key Handshake \n")); if (pEntry->GTKState == REKEY_NEGOTIATING) { WPAStart2WayGroupHS(pAd, pEntry); RTMPSetTimer(&pEntry->RetryTimer, PEER_MSG3_RETRY_EXEC_INTV); } } /* 3. 4-way message 1 retried more than three times. Disconnect client */ else if (pEntry->ReTryCounter > (PEER_MSG1_RETRY_TIMER_CTR + 3)) { /* send wireless event - for pairwise key handshaking timeout */ RTMPSendWirelessEvent(pAd, IW_PAIRWISE_HS_TIMEOUT_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0); DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::MSG1 timeout, pEntry->ReTryCounter = %d\n", pEntry->ReTryCounter)); MlmeDeAuthAction(pAd, pEntry, REASON_4_WAY_TIMEOUT, FALSE); } /* 4. Retry 4 way message 1, the last try, the timeout is 3 sec for EAPOL-Start */ else if (pEntry->ReTryCounter == (PEER_MSG1_RETRY_TIMER_CTR + 3)) { DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::Retry MSG1, the last try\n")); WPAStart4WayHS(pAd , pEntry, PEER_MSG3_RETRY_EXEC_INTV); } /* 4. Retry 4 way message 1 */ else if (pEntry->ReTryCounter < (PEER_MSG1_RETRY_TIMER_CTR + 3)) { if ((pEntry->WpaState == AS_PTKSTART) || (pEntry->WpaState == AS_INITPSK) || (pEntry->WpaState == AS_INITPMK)) { DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::ReTry MSG1 of 4-way Handshake\n")); WPAStart4WayHS(pAd, pEntry, PEER_MSG1_RETRY_EXEC_INTV); } } break; default: break; } } #ifdef APCLI_SUPPORT else if ((pEntry) && IS_ENTRY_APCLI(pEntry)) { if (pEntry->AuthMode == Ndis802_11AuthModeWPA || pEntry->AuthMode == Ndis802_11AuthModeWPAPSK) { PRTMP_ADAPTER pAd = (PRTMP_ADAPTER)pEntry->pAd; if (pEntry->wdev_idx < MAX_APCLI_NUM) { UCHAR ifIndex = pEntry->wdev_idx; DBGPRINT(RT_DEBUG_TRACE, ("(%s) ApCli interface[%d] startdown.\n", __FUNCTION__, ifIndex)); #ifdef MAC_REPEATER_SUPPORT if ((pEntry->bReptCli) && (pAd->ApCfg.bMACRepeaterEn == TRUE)) ifIndex = (64 + ifIndex*MAX_EXT_MAC_ADDR_SIZE + pEntry->MatchReptCliIdx); #endif /* MAC_REPEATER_SUPPORT */ #ifdef MAC_REPEATER_SUPPORT if ( (pAd->ApCfg.bMACRepeaterEn == TRUE) && (pEntry->bReptCli)) { RTMPRemoveRepeaterDisconnectEntry(pAd, pEntry->wdev_idx, pEntry->MatchReptCliIdx); RTMPRemoveRepeaterEntry(pAd, pEntry->wdev_idx, pEntry->MatchReptCliIdx); } else MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_DISCONNECT_REQ, 0, NULL, ifIndex); #endif /* MAC_REPEATER_SUPPORT */ } } } #endif /* APCLI_SUPPORT */ }
/* ========================================================================== Description: MLME PROBE req state machine procedure ========================================================================== */ static VOID ApCliMlmeProbeReqAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { BOOLEAN Cancelled; APCLI_MLME_JOIN_REQ_STRUCT *Info = (APCLI_MLME_JOIN_REQ_STRUCT *)(Elem->Msg); USHORT ifIndex = (USHORT)(Elem->Priv); PULONG pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].SyncCurrState; APCLI_STRUCT *pApCliEntry = NULL; MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("ApCli SYNC - ApCliMlmeProbeReqAction(Ssid %s)\n", Info->Ssid)); if (ifIndex >= MAX_APCLI_NUM) return; pApCliEntry = &pAd->ApCfg.ApCliTab[ifIndex]; /* reset all the timers */ RTMPCancelTimer(&(pApCliEntry->MlmeAux.ProbeTimer), &Cancelled); pApCliEntry->MlmeAux.Rssi = -9999; #ifdef RT_CFG80211_P2P_CONCURRENT_DEVICE //Get Channel from ScanTable pApCliEntry->MlmeAux.SupRateLen = pAd->cfg80211_ctrl.P2pSupRateLen; NdisMoveMemory(pApCliEntry->MlmeAux.SupRate, pAd->cfg80211_ctrl.P2pSupRate, pAd->cfg80211_ctrl.P2pSupRateLen); pApCliEntry->MlmeAux.ExtRateLen = pAd->cfg80211_ctrl.P2pExtRateLen; NdisMoveMemory(pApCliEntry->MlmeAux.ExtRate, pAd->cfg80211_ctrl.P2pExtRate, pAd->cfg80211_ctrl.P2pExtRateLen); #else #ifdef APCLI_CONNECTION_TRIAL if (pApCliEntry->TrialCh ==0) pApCliEntry->MlmeAux.Channel = pAd->CommonCfg.Channel; else pApCliEntry->MlmeAux.Channel = pApCliEntry->TrialCh; #else pApCliEntry->MlmeAux.Channel = pAd->CommonCfg.Channel; #endif /* APCLI_CONNECTION_TRIAL */ pApCliEntry->MlmeAux.SupRateLen = pAd->CommonCfg.SupRateLen; NdisMoveMemory(pApCliEntry->MlmeAux.SupRate, pAd->CommonCfg.SupRate, pAd->CommonCfg.SupRateLen); /* Prepare the default value for extended rate */ pApCliEntry->MlmeAux.ExtRateLen = pAd->CommonCfg.ExtRateLen; NdisMoveMemory(pApCliEntry->MlmeAux.ExtRate, pAd->CommonCfg.ExtRate, pAd->CommonCfg.ExtRateLen); #endif /* RT_CFG80211_P2P_CONCURRENT_DEVICE */ RTMPSetTimer(&(pApCliEntry->MlmeAux.ProbeTimer), PROBE_TIMEOUT); #ifdef APCLI_CONNECTION_TRIAL NdisZeroMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Bssid, MAC_ADDR_LEN); NdisZeroMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Ssid, MAX_LEN_OF_SSID); NdisCopyMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Bssid, pAd->ApCfg.ApCliTab[ifIndex].CfgApCliBssid, MAC_ADDR_LEN); NdisCopyMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Ssid, pAd->ApCfg.ApCliTab[ifIndex].CfgSsid, pAd->ApCfg.ApCliTab[ifIndex].CfgSsidLen); #endif /* APCLI_CONNECTION_TRIAL */ ApCliEnqueueProbeRequest(pAd, Info->SsidLen, (PCHAR) Info->Ssid, ifIndex); MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("ApCli SYNC - Start Probe the SSID %s on channel =%d\n", pApCliEntry->MlmeAux.Ssid, pApCliEntry->MlmeAux.Channel)); *pCurrState = APCLI_JOIN_WAIT_PROBE_RSP; return; }
VOID ApCliRTMPReportMicError( IN PRTMP_ADAPTER pAd, IN PCIPHER_KEY pWpaKey, IN INT ifIndex) { ULONG Now; UCHAR unicastKey = (pWpaKey->Type == PAIRWISE_KEY ? 1:0); PAPCLI_STRUCT pApCliEntry = NULL; DBGPRINT(RT_DEBUG_TRACE, (" ApCliRTMPReportMicError <---\n")); pApCliEntry = &pAd->ApCfg.ApCliTab[ifIndex]; /* Record Last MIC error time and count */ NdisGetSystemUpTime(&Now); if (pAd->ApCfg.ApCliTab[ifIndex].MicErrCnt == 0) { pAd->ApCfg.ApCliTab[ifIndex].MicErrCnt++; pAd->ApCfg.ApCliTab[ifIndex].LastMicErrorTime = Now; NdisZeroMemory(pAd->ApCfg.ApCliTab[ifIndex].ReplayCounter, 8); } else if (pAd->ApCfg.ApCliTab[ifIndex].MicErrCnt == 1) { if ((pAd->ApCfg.ApCliTab[ifIndex].LastMicErrorTime + (60 * OS_HZ)) < Now) { /* Update Last MIC error time, this did not violate two MIC errors within 60 seconds */ pAd->ApCfg.ApCliTab[ifIndex].LastMicErrorTime = Now; } else { /* RTMPSendWirelessEvent(pAd, IW_COUNTER_MEASURES_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0); */ pAd->ApCfg.ApCliTab[ifIndex].LastMicErrorTime = Now; /* Violate MIC error counts, MIC countermeasures kicks in */ pAd->ApCfg.ApCliTab[ifIndex].MicErrCnt++; /* We shall block all reception We shall clean all Tx ring and disassoicate from AP after next EAPOL frame No necessary to clean all Tx ring, on RTMPHardTransmit will stop sending non-802.1X EAPOL packets if pAd->StaCfg.MicErrCnt greater than 2. */ } } else { /* MIC error count >= 2 */ /* This should not happen */ ; } MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_MIC_FAILURE_REPORT_FRAME, 1, &unicastKey, ifIndex); if (pAd->ApCfg.ApCliTab[ifIndex].MicErrCnt == 2) { DBGPRINT(RT_DEBUG_TRACE, (" MIC Error count = 2 Trigger Block timer....\n")); DBGPRINT(RT_DEBUG_TRACE, (" pAd->ApCfg.ApCliTab[%d].LastMicErrorTime = %ld\n",ifIndex, pAd->ApCfg.ApCliTab[ifIndex].LastMicErrorTime)); RTMPSetTimer(&pApCliEntry->MlmeAux.WpaDisassocAndBlockAssocTimer, 100); } DBGPRINT(RT_DEBUG_TRACE, ("ApCliRTMPReportMicError --->\n")); }
/* ========================================================================== Description: Function to handle countermeasures active attack. Init 60-sec timer if necessary. Return: ========================================================================== */ VOID HandleCounterMeasure(RTMP_ADAPTER *pAd, MAC_TABLE_ENTRY *pEntry) { INT i; BOOLEAN Cancelled; if (!pEntry) return; /* Todo by AlbertY - Not support currently in ApClient-link */ if (IS_ENTRY_APCLI(pEntry)) return; /* if entry not set key done, ignore this RX MIC ERROR */ if ((pEntry->WpaState < AS_PTKINITDONE) || (pEntry->GTKState != REKEY_ESTABLISHED)) return; DBGPRINT(RT_DEBUG_TRACE, ("HandleCounterMeasure ===> \n")); /* record which entry causes this MIC error, if this entry sends disauth/disassoc, AP doesn't need to log the CM */ pEntry->CMTimerRunning = TRUE; pAd->ApCfg.MICFailureCounter++; /* send wireless event - for MIC error */ RTMPSendWirelessEvent(pAd, IW_MIC_ERROR_EVENT_FLAG, pEntry->Addr, 0, 0); if (pAd->ApCfg.CMTimerRunning == TRUE) { DBGPRINT(RT_DEBUG_ERROR, ("Receive CM Attack Twice within 60 seconds ====>>> \n")); /* send wireless event - for counter measures */ RTMPSendWirelessEvent(pAd, IW_COUNTER_MEASURES_EVENT_FLAG, pEntry->Addr, 0, 0); ApLogEvent(pAd, pEntry->Addr, EVENT_COUNTER_M); /* renew GTK */ GenRandom(pAd, pAd->ApCfg.MBSSID[pEntry->apidx].wdev.bssid, pAd->ApCfg.MBSSID[pEntry->apidx].GNonce); /* Cancel CounterMeasure Timer */ RTMPCancelTimer(&pAd->ApCfg.CounterMeasureTimer, &Cancelled); pAd->ApCfg.CMTimerRunning = FALSE; for (i = 0; i < MAX_LEN_OF_MAC_TABLE; i++) { /* happened twice within 60 sec, AP SENDS disaccociate all associated STAs. All STA's transition to State 2 */ if (IS_ENTRY_CLIENT(&pAd->MacTab.Content[i])) { MlmeDeAuthAction(pAd, &pAd->MacTab.Content[i], REASON_MIC_FAILURE, FALSE); } } /* Further, ban all Class 3 DATA transportation for a period 0f 60 sec disallow new association , too */ pAd->ApCfg.BANClass3Data = TRUE; /* check how many entry left... should be zero */ /*pAd->ApCfg.MBSSID[pEntry->apidx].GKeyDoneStations = pAd->MacTab.Size; */ /*DBGPRINT(RT_DEBUG_TRACE, ("GKeyDoneStations=%d \n", pAd->ApCfg.MBSSID[pEntry->apidx].GKeyDoneStations)); */ } RTMPSetTimer(&pAd->ApCfg.CounterMeasureTimer, 60 * MLME_TASK_EXEC_INTV * MLME_TASK_EXEC_MULTIPLE); pAd->ApCfg.CMTimerRunning = TRUE; pAd->ApCfg.PrevaMICFailTime = pAd->ApCfg.aMICFailTime; RTMP_GetCurrentSystemTime(&pAd->ApCfg.aMICFailTime); }
/* ========================================================================== Description: mlme assoc req handling procedure Parameters: Adapter - Adapter pointer Elem - MLME Queue Element Pre: the station has been authenticated and the following information is stored in the config -# SSID -# supported rates and their length Post : -# An association request frame is generated and sent to the air -# Association timer starts -# Association state -> ASSOC_WAIT_RSP ========================================================================== */ static VOID ApCliMlmeAssocReqAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { NDIS_STATUS NStatus; BOOLEAN Cancelled; UCHAR ApAddr[6]; HEADER_802_11 AssocHdr; UCHAR WmeIe[9] = {IE_VENDOR_SPECIFIC, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00}; USHORT ListenIntv; ULONG Timeout; USHORT CapabilityInfo; PUCHAR pOutBuffer = NULL; ULONG FrameLen = 0; ULONG tmp; UCHAR SsidIe = IE_SSID; UCHAR SupRateIe = IE_SUPP_RATES; UCHAR ExtRateIe = IE_EXT_SUPP_RATES; APCLI_CTRL_MSG_STRUCT ApCliCtrlMsg; USHORT ifIndex = (USHORT)(Elem->Priv); PULONG pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].AssocCurrState; #ifdef APCLI_WPA_SUPPLICANT_SUPPORT USHORT VarIesOffset = 0; #endif /* APCLI_WPA_SUPPLICANT_SUPPORT */ UCHAR RSNIe = IE_WPA; if (ifIndex >= MAX_APCLI_NUM) return; /* Block all authentication request durning WPA block period */ if (pAd->ApCfg.ApCliTab[ifIndex].bBlockAssoc == TRUE) { DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - Block Auth request durning WPA block period!\n")); *pCurrState = APCLI_ASSOC_IDLE; ApCliCtrlMsg.Status = MLME_STATE_MACHINE_REJECT; MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_ASSOC_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); } else if(MlmeAssocReqSanity(pAd, Elem->Msg, Elem->MsgLen, ApAddr, &CapabilityInfo, &Timeout, &ListenIntv)) { RTMPCancelTimer(&pAd->ApCliMlmeAux.ApCliAssocTimer, &Cancelled); /* allocate and send out AssocRsp frame */ NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */ if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - ApCliMlmeAssocReqAction() allocate memory failed \n")); *pCurrState = APCLI_ASSOC_IDLE; ApCliCtrlMsg.Status = MLME_FAIL_NO_RESOURCE; MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_ASSOC_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); return; } #ifdef APCLI_WPA_SUPPLICANT_SUPPORT pAd->ApCfg.ApCliTab[ifIndex].AssocInfo.Length = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION); pAd->ApCfg.ApCliTab[ifIndex].AssocInfo.AvailableRequestFixedIEs = NDIS_802_11_AI_REQFI_CAPABILITIES | NDIS_802_11_AI_REQFI_LISTENINTERVAL; pAd->ApCfg.ApCliTab[ifIndex].AssocInfo.RequestFixedIEs.Capabilities = CapabilityInfo; pAd->ApCfg.ApCliTab[ifIndex].AssocInfo.RequestFixedIEs.ListenInterval = ListenIntv; pAd->ApCfg.ApCliTab[ifIndex].AssocInfo.OffsetRequestIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION); NdisZeroMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs, MAX_VIE_LEN); /*First add SSID*/ VarIesOffset = 0; NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, &SsidIe, 1); VarIesOffset += 1; NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, &pAd->MlmeAux.SsidLen, 1); VarIesOffset += 1; NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen); VarIesOffset += pAd->MlmeAux.SsidLen; /*Second add Supported rates*/ NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, &SupRateIe, 1); VarIesOffset += 1; NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, &pAd->MlmeAux.SupRateLen, 1); VarIesOffset += 1; NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, pAd->MlmeAux.SupRate, pAd->MlmeAux.SupRateLen); VarIesOffset += pAd->MlmeAux.SupRateLen; #endif /* APCLI_WPA_SUPPLICANT_SUPPORT */ DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - Send ASSOC request...\n")); ApCliMgtMacHeaderInit(pAd, &AssocHdr, SUBTYPE_ASSOC_REQ, 0, ApAddr, ApAddr, ifIndex); /* Build basic frame first */ MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11), &AssocHdr, 2, &CapabilityInfo, 2, &ListenIntv, 1, &SsidIe, 1, &pAd->ApCliMlmeAux.SsidLen, pAd->ApCliMlmeAux.SsidLen, pAd->ApCliMlmeAux.Ssid, 1, &SupRateIe, 1, &pAd->ApCliMlmeAux.SupRateLen, pAd->ApCliMlmeAux.SupRateLen, pAd->ApCliMlmeAux.SupRate, END_OF_ARGS); if(pAd->ApCliMlmeAux.ExtRateLen != 0) { MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp, 1, &ExtRateIe, 1, &pAd->ApCliMlmeAux.ExtRateLen, pAd->ApCliMlmeAux.ExtRateLen, pAd->ApCliMlmeAux.ExtRate, END_OF_ARGS); FrameLen += tmp; } #ifdef DOT11_N_SUPPORT /* HT */ if ((pAd->ApCliMlmeAux.HtCapabilityLen > 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED)) { ULONG TmpLen; HT_CAPABILITY_IE HtCapabilityTmp; NdisZeroMemory(&HtCapabilityTmp, sizeof(HT_CAPABILITY_IE)); NdisMoveMemory(&HtCapabilityTmp, &pAd->ApCliMlmeAux.HtCapability, pAd->ApCliMlmeAux.HtCapabilityLen); #ifdef DOT11N_SS3_SUPPORT HtCapabilityTmp.MCSSet[2] = (pAd->ApCliMlmeAux.HtCapability.MCSSet[2] & pAd->ApCfg.ApCliTab[ifIndex].RxMcsSet[2]); #endif /* DOT11N_SS3_SUPPORT */ #ifdef RT_BIG_ENDIAN *(USHORT *)(&HtCapabilityTmp.HtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.HtCapInfo)); *(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo)); #endif /* RT_BIG_ENDINA */ MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen, 1, &HtCapIe, 1, &pAd->ApCliMlmeAux.HtCapabilityLen, pAd->ApCliMlmeAux.HtCapabilityLen, &HtCapabilityTmp, END_OF_ARGS); FrameLen += TmpLen; } #endif /* DOT11_N_SUPPORT */ #ifdef AGGREGATION_SUPPORT /* add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION Case I: (Aggregation + Piggy-Back) 1. user enable aggregation, AND 2. Mac support piggy-back 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON Case II: (Aggregation) 1. user enable aggregation, AND 2. AP annouces it's AGGREGATION-capable in BEACON */ if (pAd->CommonCfg.bAggregationCapable) { #ifdef PIGGYBACK_SUPPORT if ((pAd->CommonCfg.bPiggyBackCapable) && ((pAd->ApCliMlmeAux.APRalinkIe & 0x00000003) == 3)) { ULONG TmpLen; UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00}; MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen, 9, RalinkIe, END_OF_ARGS); FrameLen += TmpLen; } else #endif /* PIGGYBACK_SUPPORT */ if (pAd->ApCliMlmeAux.APRalinkIe & 0x00000001) { ULONG TmpLen; UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00}; MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen, 9, RalinkIe, END_OF_ARGS); FrameLen += TmpLen; } } else { ULONG TmpLen; UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x06, 0x00, 0x00, 0x00}; MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen, 9, RalinkIe, END_OF_ARGS); FrameLen += TmpLen; } #endif /* AGGREGATION_SUPPORT */ if (pAd->ApCliMlmeAux.APEdcaParm.bValid) { if (pAd->ApCfg.ApCliTab[ifIndex].UapsdInfo.bAPSDCapable && pAd->ApCliMlmeAux.APEdcaParm.bAPSDCapable) { QBSS_STA_INFO_PARM QosInfo; NdisZeroMemory(&QosInfo, sizeof(QBSS_STA_INFO_PARM)); QosInfo.UAPSD_AC_BE = pAd->CommonCfg.bAPSDAC_BE; QosInfo.UAPSD_AC_BK = pAd->CommonCfg.bAPSDAC_BK; QosInfo.UAPSD_AC_VI = pAd->CommonCfg.bAPSDAC_VI; QosInfo.UAPSD_AC_VO = pAd->CommonCfg.bAPSDAC_VO; QosInfo.MaxSPLength = pAd->CommonCfg.MaxSPLength; WmeIe[8] |= *(PUCHAR)&QosInfo; } else { /* The Parameter Set Count is set to бз0би in the association request frames */ /* WmeIe[8] |= (pAd->MlmeAux.APEdcaParm.EdcaUpdateCount & 0x0f); */ } MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp, 9, &WmeIe[0], END_OF_ARGS); FrameLen += tmp; } /* Append RSN_IE when WPAPSK OR WPA2PSK, */ if (((pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPAPSK) || (pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPA2PSK)) #ifdef APCLI_WPA_SUPPLICANT_SUPPORT || (pAd->ApCfg.ApCliTab[ifIndex].AuthMode >= Ndis802_11AuthModeWPA) #endif /* APCLI_WPA_SUPPLICANT_SUPPORT */ #ifdef WSC_AP_SUPPORT && (pAd->ApCfg.ApCliTab[ifIndex].WscControl.WscConfMode == WSC_DISABLE) #endif /* WSC_AP_SUPPORT */ ) { RSNIe = IE_WPA; if ((pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPA2PSK) #ifdef APCLI_WPA_SUPPLICANT_SUPPORT ||(pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPA2) #endif/*APCLI_WPA_SUPPLICANT_SUPPORT*/ ) RSNIe = IE_WPA2; #ifdef APCLI_WPA_SUPPLICANT_SUPPORT if (pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPA2) { INT idx; BOOLEAN FoundPMK = FALSE; /* Search chched PMKID, append it if existed */ for (idx = 0; idx < PMKID_NO; idx++) { if (NdisEqualMemory(ApAddr, &pAd->ApCfg.ApCliTab[ifIndex].SavedPMK[idx].BSSID, 6)) { FoundPMK = TRUE; break; } } /* When AuthMode is WPA2-Enterprise and AP reboot or STA lost AP, AP would not do PMK cache with STA after STA re-connect to AP again. In this case, driver doesn't need to send PMKID to AP and WpaSupplicant. */ if ((pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPA2) && (NdisEqualMemory(pAd->MlmeAux.Bssid, pAd->CommonCfg.LastBssid, MAC_ADDR_LEN))) { FoundPMK = FALSE; } if (FoundPMK) { // Set PMK number *(PUSHORT) &pAd->ApCfg.ApCliTab[ifIndex].RSN_IE[pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len] = 1; NdisMoveMemory(&pAd->ApCfg.ApCliTab[ifIndex].RSN_IE[pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len + 2], &pAd->ApCfg.ApCliTab[ifIndex].SavedPMK[idx].PMKID, 16); pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len += 18; } } #ifdef SIOCSIWGENIE if ((pAd->ApCfg.ApCliTab[ifIndex].WpaSupplicantUP & WPA_SUPPLICANT_ENABLE) && (pAd->ApCfg.ApCliTab[ifIndex].bRSN_IE_FromWpaSupplicant == TRUE)) { ; } else #endif #endif /*APCLI_WPA_SUPPLICANT_SUPPORT*/ MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp, 1, &RSNIe, 1, &pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len, pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len, pAd->ApCfg.ApCliTab[ifIndex].RSN_IE, END_OF_ARGS); FrameLen += tmp; } #ifdef APCLI_WPA_SUPPLICANT_SUPPORT #ifdef SIOCSIWGENIE if (((pAd->ApCfg.ApCliTab[ifIndex].WpaSupplicantUP & 0x7F) != WPA_SUPPLICANT_ENABLE) || (pAd->ApCfg.ApCliTab[ifIndex].bRSN_IE_FromWpaSupplicant == FALSE)) #endif { // Append Variable IE NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, &RSNIe, 1); VarIesOffset += 1; NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, &pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len, 1); VarIesOffset += 1; NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, pAd->ApCfg.ApCliTab[ifIndex].RSN_IE, pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len); VarIesOffset += pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len; // Set Variable IEs Length pAd->ApCfg.ApCliTab[ifIndex].ReqVarIELen = VarIesOffset; } #ifdef SIOCSIWGENIE if ((pAd->ApCfg.ApCliTab[ifIndex].WpaSupplicantUP & WPA_SUPPLICANT_ENABLE) && (pAd->ApCfg.ApCliTab[ifIndex].bRSN_IE_FromWpaSupplicant == TRUE)) { ULONG TmpWpaAssocIeLen = 0; MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpWpaAssocIeLen, pAd->ApCfg.ApCliTab[ifIndex].WpaAssocIeLen, pAd->ApCfg.ApCliTab[ifIndex].pWpaAssocIe, END_OF_ARGS); FrameLen += TmpWpaAssocIeLen; NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, pAd->ApCfg.ApCliTab[ifIndex].pWpaAssocIe, pAd->ApCfg.ApCliTab[ifIndex].WpaAssocIeLen); VarIesOffset += pAd->ApCfg.ApCliTab[ifIndex].WpaAssocIeLen; // Set Variable IEs Length pAd->ApCfg.ApCliTab[ifIndex].ReqVarIELen = VarIesOffset; } #endif #endif /* APCLI_WPA_SUPPLICANT_SUPPORT */ MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); RTMPSetTimer(&pAd->ApCliMlmeAux.ApCliAssocTimer, Timeout); *pCurrState = APCLI_ASSOC_WAIT_RSP; } else { DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - ApCliMlmeAssocReqAction() sanity check failed. BUG!!!!!! \n")); *pCurrState = APCLI_ASSOC_IDLE; ApCliCtrlMsg.Status = MLME_INVALID_FORMAT; MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_ASSOC_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); } return; }
BOOLEAN BARecSessionAdd( IN PRTMP_ADAPTER pAd, IN MAC_TABLE_ENTRY *pEntry, IN PFRAME_ADDBA_REQ pFrame) { BA_REC_ENTRY *pBAEntry = NULL; BOOLEAN Status = TRUE; BOOLEAN Cancelled; USHORT Idx; UCHAR TID; UCHAR BAWinSize; //UINT32 Value; //UINT offset; ASSERT(pEntry); // find TID TID = pFrame->BaParm.TID; BAWinSize = min(((UCHAR)pFrame->BaParm.BufSize), (UCHAR)pAd->CommonCfg.BACapability.field.RxBAWinLimit); // Intel patch if (BAWinSize == 0) { BAWinSize = 64; } Idx = pEntry->BARecWcidArray[TID]; if (Idx == 0) { pBAEntry = BATableAllocRecEntry(pAd, &Idx); } else { pBAEntry = &pAd->BATable.BARecEntry[Idx]; // flush all pending reordering mpdus ba_refresh_reordering_mpdus(pAd, pBAEntry); } DBGPRINT(RT_DEBUG_TRACE,("%s(%ld): Idx = %d, BAWinSize(req %d) = %d\n", __func__, pAd->BATable.numAsRecipient, Idx, pFrame->BaParm.BufSize, BAWinSize)); // Start fill in parameters. if (pBAEntry != NULL) { ASSERT(pBAEntry->list.qlen == 0); pBAEntry->REC_BA_Status = Recipient_HandleRes; pBAEntry->BAWinSize = BAWinSize; pBAEntry->Wcid = pEntry->Aid; pBAEntry->TID = TID; pBAEntry->TimeOutValue = pFrame->TimeOutValue; pBAEntry->REC_BA_Status = Recipient_Accept; // initial sequence number pBAEntry->LastIndSeq = RESET_RCV_SEQ; //pFrame->BaStartSeq.field.StartSeq; printk("Start Seq = %08x\n", pFrame->BaStartSeq.field.StartSeq); if (pEntry->RXBAbitmap & (1<<TID)) { RTMPCancelTimer(&pBAEntry->RECBATimer, &Cancelled); } else { RTMPInitTimer(pAd, &pBAEntry->RECBATimer, GET_TIMER_FUNCTION(BARecSessionIdleTimeout), pBAEntry, TRUE); } #if 0 // for debugging RTMPSetTimer(&pBAEntry->RECBATimer, REC_BA_SESSION_IDLE_TIMEOUT); #endif // Set Bitmap flag. pEntry->RXBAbitmap |= (1<<TID); pEntry->BARecWcidArray[TID] = Idx; pEntry->BADeclineBitmap &= ~(1<<TID); // Set BA session mask in WCID table. RT28XX_ADD_BA_SESSION_TO_ASIC(pAd, pEntry->Aid, TID); DBGPRINT(RT_DEBUG_TRACE,("MACEntry[%d]RXBAbitmap = 0x%x. BARecWcidArray=%d\n", pEntry->Aid, pEntry->RXBAbitmap, pEntry->BARecWcidArray[TID])); } else { Status = FALSE; DBGPRINT(RT_DEBUG_TRACE,("Can't Accept ADDBA for %02x:%02x:%02x:%02x:%02x:%02x TID = %d\n", PRINT_MAC(pEntry->Addr), TID)); } return(Status); }
/* ========================================================================== Description: IRQL = PASSIVE_LEVEL ========================================================================== */ VOID TDLS_PeerChannelSwitchRspAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { PRT_802_11_TDLS pTDLS = NULL; int LinkId = 0xff; UCHAR PeerAddr[MAC_ADDR_LEN]; //BOOLEAN IsInitator; BOOLEAN TimerCancelled; //UCHAR RegulatoryClass; //UCHAR NewExtChannelOffset = 0xff; UCHAR LinkIdentLen; USHORT PeerChSwitchTime; USHORT PeerChSwitchTimeOut; TDLS_LINK_IDENT_ELEMENT LinkIdent; //NDIS_STATUS NStatus = NDIS_STATUS_SUCCESS; USHORT StatusCode = MLME_SUCCESS; DBGPRINT(RT_DEBUG_WARN,("TDLS ===> TDLS_PeerChannelSwitchRspAction() \n")); // Not TDLS Capable, ignore it if (!IS_TDLS_SUPPORT(pAd)) return; if (!INFRA_ON(pAd)) return; hex_dump("TDLS peer channel switch response receive pack", Elem->Msg, Elem->MsgLen); if (!PeerTdlsChannelSwitchRspSanity(pAd, Elem->Msg, Elem->MsgLen, PeerAddr, &StatusCode, &PeerChSwitchTime, &PeerChSwitchTimeOut, &LinkIdentLen, &LinkIdent)) { DBGPRINT(RT_DEBUG_ERROR,("%s(%d): from %02x:%02x:%02x:%02x:%02x:%02x Sanity Check Fail !!!\n", __FUNCTION__,__LINE__, PeerAddr[0], PeerAddr[1], PeerAddr[2], PeerAddr[3], PeerAddr[4], PeerAddr[5])); return; } // Drop not within my TDLS Table that created before ! LinkId = TDLS_SearchLinkId(pAd, PeerAddr); if (LinkId == -1 || LinkId == MAX_NUM_OF_TDLS_ENTRY) { DBGPRINT(RT_DEBUG_ERROR,("%s(%d): can not find from %02x:%02x:%02x:%02x:%02x:%02x on TDLS entry !!!\n", __FUNCTION__,__LINE__, PeerAddr[0], PeerAddr[1], PeerAddr[2], PeerAddr[3], PeerAddr[4], PeerAddr[5])); return; } // Point to the current Link ID pTDLS = &pAd->StaCfg.TdlsInfo.TDLSEntry[LinkId]; if ((pTDLS->ChannelSwitchCurrentState == TDLS_CHANNEL_SWITCH_NONE) && (StatusCode == MLME_REQUEST_DECLINED)) { DBGPRINT(RT_DEBUG_OFF,("%s(%d): received a failed StatusCode = %d on Unsolicited response !!!\n", __FUNCTION__, __LINE__, StatusCode)); return; } if (StatusCode == MLME_REQUEST_DECLINED) { if ((pAd->StaCfg.TdlsChannelSwitchRetryCount > 0) && (pTDLS->bDoingPeriodChannelSwitch) && (pAd->StaCfg.bDoingPeriodChannelSwitch)) { pAd->StaCfg.TdlsChannelSwitchRetryCount--; DBGPRINT(RT_DEBUG_OFF,("%s(%d): received a failed StatusCode = %d re-try again !!!\n", __FUNCTION__, __LINE__, StatusCode)); } else { pTDLS->bDoingPeriodChannelSwitch = FALSE; pAd->StaCfg.bDoingPeriodChannelSwitch = FALSE; pAd->StaCfg.bTdlsNoticeAPPowerSave = FALSE; pAd->StaCfg.TdlsForcePowerSaveWithAP = FALSE; RTMPSendNullFrame(pAd, pAd->CommonCfg.TxRate, TRUE, FALSE); } DBGPRINT(RT_DEBUG_OFF,("TDLS - TDLS_PeerChannelSwitchRspAction() received a failed StatusCode = %d !!!\n", StatusCode )); return; } DBGPRINT(RT_DEBUG_WARN,("%s(%d): from %02x:%02x:%02x:%02x:%02x:%02x !!!\n", __FUNCTION__,__LINE__, PeerAddr[0], PeerAddr[1], PeerAddr[2], PeerAddr[3], PeerAddr[4], PeerAddr[5])); if (StatusCode == MLME_SUCCESS) { if (pTDLS->ChannelSwitchCurrentState == TDLS_CHANNEL_SWITCH_NONE) { if (pAd->StaCfg.bChannelSwitchInitiator == FALSE) { RTMPCancelTimer(&pAd->StaCfg.TdlsResponderGoBackBaseChTimer, &TimerCancelled); DBGPRINT(RT_DEBUG_WARN,("%s(%d): i am responder!!!\n", __FUNCTION__,__LINE__)); } else { RTMPCancelTimer(&pAd->StaCfg.TdlsPeriodGoBackBaseChTimer, &TimerCancelled); DBGPRINT(RT_DEBUG_WARN,("%s(%d): i am Initiator !!!\n", __FUNCTION__,__LINE__)); } if (pAd->StaCfg.TdlsCurrentOperateChannel != pAd->CommonCfg.Channel) { DBGPRINT(RT_DEBUG_ERROR, ("106. %ld !!!\n", (jiffies * 1000) / OS_HZ)); RTMPusecDelay(300); NdisGetSystemUpTime(&pAd->StaCfg.TdlsGoBackStartTime); RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH); if (pAd->CommonCfg.CentralChannel > pAd->CommonCfg.Channel) TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_ABOVE); else if (pAd->CommonCfg.CentralChannel < pAd->CommonCfg.Channel) TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_BELOW); else TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_NONE); TDLS_EnablePktChannel(pAd, TDLS_FIFO_ALL); RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH); } } else { if (pAd->StaCfg.TdlsCurrentChannel != pAd->CommonCfg.Channel) { if (pAd->StaCfg.bChannelSwitchInitiator) { UINT16 SwitchTime = pAd->StaCfg.TdlsInfo.TdlsSwitchTime; //micro seconds UINT16 SwitchTimeout = pAd->StaCfg.TdlsInfo.TdlsSwitchTimeout; // micro seconds pAd->StaCfg.TdlsChannelSwitchPairCount--; pAd->StaCfg.TdlsChannelSwitchRetryCount = 10; //pAd->StaCfg.bDoingPeriodChannelSwitch = TRUE; if (SwitchTime >= PeerChSwitchTime) PeerChSwitchTime = SwitchTime; if (SwitchTimeout >= PeerChSwitchTimeOut) PeerChSwitchTimeOut = SwitchTimeout; pTDLS->ChSwitchTime = PeerChSwitchTime; pAd->StaCfg.TdlsGlobalSwitchTime = PeerChSwitchTime; pTDLS->ChSwitchTimeout = PeerChSwitchTimeOut; pAd->StaCfg.TdlsGlobalSwitchTimeOut = PeerChSwitchTimeOut; pTDLS->ChannelSwitchCurrentState = TDLS_CHANNEL_SWITCH_NONE; RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH); //Cancel the timer since the received packet to me. #ifdef TDLS_HWTIMER_SUPPORT TDLS_SetChannelSwitchTimer(pAd, ((PeerChSwitchTime + pAd->StaCfg.TdlsOffChannelDelay) / 1000)); #else RTMPCancelTimer(&pTDLS->ChannelSwitchTimer, &TimerCancelled); pTDLS->bEnableChSwitchTime = TRUE; NdisGetSystemUpTime(&pTDLS->ChannelSwitchTimerStartTime); RTMPSetTimer(&pTDLS->ChannelSwitchTimer, ((PeerChSwitchTime + pAd->StaCfg.TdlsOffChannelDelay) / 1000)); #endif // TDLS_HWTIMER_SUPPORT // if (RTDebugLevel < RT_DEBUG_ERROR) RTMPusecDelay(300); else DBGPRINT(RT_DEBUG_ERROR, ("104. %ld !!!\n", (jiffies * 1000) / OS_HZ)); TDLS_InitChannelRelatedValue(pAd, pAd->StaCfg.TdlsCurrentChannel, pAd->StaCfg.TdlsCurrentChannelBW); } } else { pTDLS->bDoingPeriodChannelSwitch = FALSE; pAd->StaCfg.bDoingPeriodChannelSwitch = FALSE; pAd->StaCfg.TdlsForcePowerSaveWithAP = FALSE; pAd->StaCfg.bTdlsNoticeAPPowerSave = FALSE; if (pAd->StaCfg.bChannelSwitchInitiator == FALSE) { DBGPRINT(RT_DEBUG_OFF,("%s(%d): i am channel switch responder!!!\n", __FUNCTION__,__LINE__)); } else { RTMPCancelTimer(&pAd->StaCfg.TdlsDisableChannelSwitchTimer, &TimerCancelled); pAd->StaCfg.bChannelSwitchInitiator = FALSE; DBGPRINT(RT_DEBUG_OFF,("%s(%d): i am channel switch Initiator !!!\n", __FUNCTION__,__LINE__)); } if (pAd->StaCfg.TdlsCurrentOperateChannel != pAd->CommonCfg.Channel) { RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH); if (pAd->CommonCfg.CentralChannel > pAd->CommonCfg.Channel) TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_ABOVE); else if (pAd->CommonCfg.CentralChannel < pAd->CommonCfg.Channel) TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_BELOW); else TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_NONE); TDLS_EnablePktChannel(pAd, TDLS_FIFO_ALL); RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH); } RTMPSendNullFrame(pAd, pAd->CommonCfg.TxRate, TRUE, FALSE); } } } DBGPRINT(RT_DEBUG_WARN,("TDLS <=== TDLS_PeerChannelSwitchRspAction() \n")); return; }
/* * generate ADDBA request to * set up BA agreement */ void BAOriSessionSetUp(struct rt_rtmp_adapter *pAd, struct rt_mac_table_entry *pEntry, u8 TID, u16 TimeOut, unsigned long DelayTime, IN BOOLEAN isForced) { /*struct rt_mlme_addba_req AddbaReq; */ struct rt_ba_ori_entry *pBAEntry = NULL; u16 Idx; BOOLEAN Cancelled; if ((pAd->CommonCfg.BACapability.field.AutoBA != TRUE) && (isForced == FALSE)) return; /* if this entry is limited to use legacy tx mode, it doesn't generate BA. */ if (RTMPStaFixedTxMode(pAd, pEntry) != FIXED_TXMODE_HT) return; if ((pEntry->BADeclineBitmap & (1 << TID)) && (isForced == FALSE)) { /* try again after 3 secs */ DelayTime = 3000; /* DBGPRINT(RT_DEBUG_TRACE, ("DeCline BA from Peer\n")); */ /* return; */ } Idx = pEntry->BAOriWcidArray[TID]; if (Idx == 0) { /* allocate a BA session */ pBAEntry = BATableAllocOriEntry(pAd, &Idx); if (pBAEntry == NULL) { DBGPRINT(RT_DEBUG_TRACE, ("ADDBA - MlmeADDBAAction() allocate BA session failed \n")); return; } } else { pBAEntry = &pAd->BATable.BAOriEntry[Idx]; } if (pBAEntry->ORI_BA_Status >= Originator_WaitRes) { return; } pEntry->BAOriWcidArray[TID] = Idx; /* Initialize BA session */ pBAEntry->ORI_BA_Status = Originator_WaitRes; pBAEntry->Wcid = pEntry->Aid; pBAEntry->BAWinSize = pAd->CommonCfg.BACapability.field.RxBAWinLimit; pBAEntry->Sequence = BA_ORI_INIT_SEQ; pBAEntry->Token = 1; /* (2008-01-21) Jan Lee recommends it - this token can't be 0 */ pBAEntry->TID = TID; pBAEntry->TimeOutValue = TimeOut; pBAEntry->pAdapter = pAd; if (!(pEntry->TXBAbitmap & (1 << TID))) { RTMPInitTimer(pAd, &pBAEntry->ORIBATimer, GET_TIMER_FUNCTION(BAOriSessionSetupTimeout), pBAEntry, FALSE); } else RTMPCancelTimer(&pBAEntry->ORIBATimer, &Cancelled); /* set timer to send ADDBA request */ RTMPSetTimer(&pBAEntry->ORIBATimer, DelayTime); }
/* ========================================================================== Description: ========================================================================== */ static VOID ApCliMlmeAuthReqAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { BOOLEAN Cancelled; NDIS_STATUS NState; UCHAR Addr[MAC_ADDR_LEN]; USHORT Alg, Seq, Status; ULONG Timeout; HEADER_802_11 AuthHdr; PUCHAR pOutBuffer = NULL; ULONG FrameLen = 0; APCLI_CTRL_MSG_STRUCT ApCliCtrlMsg; PAPCLI_STRUCT pApCliEntry = NULL; USHORT ifIndex = (USHORT)(Elem->Priv); PULONG pCurrState = NULL; #ifdef MAC_REPEATER_SUPPORT UCHAR CliIdx = 0xFF; #endif /* MAC_REPEATER_SUPPORT */ if ((ifIndex >= MAX_APCLI_NUM) #ifdef MAC_REPEATER_SUPPORT && (ifIndex < 64) #endif /* MAC_REPEATER_SUPPORT */ ) return; #ifdef MAC_REPEATER_SUPPORT if (ifIndex >= 64) { CliIdx = ((ifIndex - 64) % 16); ifIndex = ((ifIndex - 64) / 16); pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].AuthCurrState; } else #endif /* MAC_REPEATER_SUPPORT */ pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].AuthCurrState; pApCliEntry = &pAd->ApCfg.ApCliTab[ifIndex]; /* Block all authentication request durning WPA block period */ if (pAd->ApCfg.ApCliTab[ifIndex].bBlockAssoc == TRUE) { DBGPRINT(RT_DEBUG_TRACE, ("APCLI AUTH - Block Auth request durning WPA block period!\n")); *pCurrState = APCLI_AUTH_REQ_IDLE; ApCliCtrlMsg.Status = MLME_STATE_MACHINE_REJECT; #ifdef MAC_REPEATER_SUPPORT ApCliCtrlMsg.BssIdx = ifIndex; ApCliCtrlMsg.CliIdx = CliIdx; ifIndex = (USHORT)(Elem->Priv); #endif /* MAC_REPEATER_SUPPORT */ MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); } else if(MlmeAuthReqSanity(pAd, Elem->Msg, Elem->MsgLen, Addr, &Timeout, &Alg)) { #ifdef MAC_REPEATER_SUPPORT /* reset timer */ if (CliIdx != 0xFF) RTMPCancelTimer(&pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].ApCliAuthTimer, &Cancelled); else #endif /* MAC_REPEATER_SUPPORT */ RTMPCancelTimer(&pApCliEntry->ApCliMlmeAux.ApCliAuthTimer, &Cancelled); pApCliEntry->ApCliMlmeAux.Alg = Alg; Seq = 1; Status = MLME_SUCCESS; /* allocate and send out AuthReq frame */ NState = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */ if(NState != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, ("APCLI AUTH - MlmeAuthReqAction() allocate memory failed\n")); *pCurrState = APCLI_AUTH_REQ_IDLE; ApCliCtrlMsg.Status = MLME_FAIL_NO_RESOURCE; #ifdef MAC_REPEATER_SUPPORT ApCliCtrlMsg.BssIdx = ifIndex; ApCliCtrlMsg.CliIdx = CliIdx; ifIndex = (USHORT)(Elem->Priv); #endif /* MAC_REPEATER_SUPPORT */ MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); return; } DBGPRINT(RT_DEBUG_TRACE, ("APCLI AUTH - Send AUTH request seq#1 (Alg=%d)...\n", Alg)); ApCliMgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr, pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.Bssid, ifIndex); #ifdef MAC_REPEATER_SUPPORT if (CliIdx != 0xFF) COPY_MAC_ADDR(AuthHdr.Addr2, pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].CurrentAddress); #endif /* MAC_REPEATER_SUPPORT */ MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11),&AuthHdr, 2, &Alg, 2, &Seq, 2, &Status, END_OF_ARGS); MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); #ifdef MAC_REPEATER_SUPPORT if (CliIdx != 0xFF) RTMPSetTimer(&pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].ApCliAuthTimer, AUTH_TIMEOUT); else #endif /* MAC_REPEATER_SUPPORT */ RTMPSetTimer(&pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.ApCliAuthTimer, AUTH_TIMEOUT); *pCurrState = APCLI_AUTH_WAIT_SEQ2; } else { DBGPRINT(RT_DEBUG_ERROR, ("APCLI AUTH - MlmeAuthReqAction() sanity check failed. BUG!!!!!\n")); *pCurrState = APCLI_AUTH_REQ_IDLE; } return; }
void BAOriSessionAdd(struct rt_rtmp_adapter *pAd, struct rt_mac_table_entry *pEntry, struct rt_frame_addba_rsp * pFrame) { struct rt_ba_ori_entry *pBAEntry = NULL; BOOLEAN Cancelled; u8 TID; u16 Idx; u8 *pOutBuffer2 = NULL; int NStatus; unsigned long FrameLen; struct rt_frame_bar FrameBar; TID = pFrame->BaParm.TID; Idx = pEntry->BAOriWcidArray[TID]; pBAEntry = &pAd->BATable.BAOriEntry[Idx]; /* Start fill in parameters. */ if ((Idx != 0) && (pBAEntry->TID == TID) && (pBAEntry->ORI_BA_Status == Originator_WaitRes)) { pBAEntry->BAWinSize = min(pBAEntry->BAWinSize, ((u8)pFrame->BaParm.BufSize)); BA_MaxWinSizeReasign(pAd, pEntry, &pBAEntry->BAWinSize); pBAEntry->TimeOutValue = pFrame->TimeOutValue; pBAEntry->ORI_BA_Status = Originator_Done; pAd->BATable.numDoneOriginator++; /* reset sequence number */ pBAEntry->Sequence = BA_ORI_INIT_SEQ; /* Set Bitmap flag. */ pEntry->TXBAbitmap |= (1 << TID); RTMPCancelTimer(&pBAEntry->ORIBATimer, &Cancelled); pBAEntry->ORIBATimer.TimerValue = 0; /*pFrame->TimeOutValue; */ DBGPRINT(RT_DEBUG_TRACE, ("%s : TXBAbitmap = %x, BAWinSize = %d, TimeOut = %ld\n", __func__, pEntry->TXBAbitmap, pBAEntry->BAWinSize, pBAEntry->ORIBATimer.TimerValue)); /* SEND BAR ; */ NStatus = MlmeAllocateMemory(pAd, &pOutBuffer2); /*Get an unused nonpaged memory */ if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, ("BA - BAOriSessionAdd() allocate memory failed \n")); return; } BarHeaderInit(pAd, &FrameBar, pAd->MacTab.Content[pBAEntry->Wcid].Addr, pAd->CurrentAddress); FrameBar.StartingSeq.field.FragNum = 0; /* make sure sequence not clear in DEL function. */ FrameBar.StartingSeq.field.StartSeq = pBAEntry->Sequence; /* make sure sequence not clear in DEL funciton. */ FrameBar.BarControl.TID = pBAEntry->TID; /* make sure sequence not clear in DEL funciton. */ MakeOutgoingFrame(pOutBuffer2, &FrameLen, sizeof(struct rt_frame_bar), &FrameBar, END_OF_ARGS); MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer2, FrameLen); MlmeFreeMemory(pAd, pOutBuffer2); if (pBAEntry->ORIBATimer.TimerValue) RTMPSetTimer(&pBAEntry->ORIBATimer, pBAEntry->ORIBATimer.TimerValue); /* in mSec */ } }
/* ========================================================================== Description: ========================================================================== */ static VOID ApCliPeerAuthRspAtSeq2Action( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { BOOLEAN Cancelled; UCHAR Addr2[MAC_ADDR_LEN]; USHORT Seq, Status, Alg; USHORT RemoteStatus; UCHAR iv_hdr[LEN_WEP_IV_HDR]; /* UCHAR ChlgText[CIPHER_TEXT_LEN]; */ UCHAR *ChlgText = NULL; UCHAR CyperChlgText[CIPHER_TEXT_LEN + 8 + 8]; ULONG c_len = 0; HEADER_802_11 AuthHdr; NDIS_STATUS NState; PUCHAR pOutBuffer = NULL; ULONG FrameLen = 0; APCLI_CTRL_MSG_STRUCT ApCliCtrlMsg; UCHAR ChallengeIe = IE_CHALLENGE_TEXT; UCHAR len_challengeText = CIPHER_TEXT_LEN; USHORT ifIndex = (USHORT)(Elem->Priv); PULONG pCurrState = NULL; #ifdef MAC_REPEATER_SUPPORT UCHAR CliIdx = 0xFF; #endif /* MAC_REPEATER_SUPPORT */ if ((ifIndex >= MAX_APCLI_NUM) #ifdef MAC_REPEATER_SUPPORT && (ifIndex < 64) #endif /* MAC_REPEATER_SUPPORT */ ) return; #ifdef MAC_REPEATER_SUPPORT if (ifIndex >= 64) { CliIdx = ((ifIndex - 64) % 16); ifIndex = ((ifIndex - 64) / 16); pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].AuthCurrState; } else #endif /* MAC_REPEATER_SUPPORT */ pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].AuthCurrState; /* allocate memory */ os_alloc_mem(NULL, (UCHAR **)&ChlgText, CIPHER_TEXT_LEN); if (ChlgText == NULL) { DBGPRINT(RT_DEBUG_ERROR, ("%s: Allocate memory fail!!!\n", __FUNCTION__)); return; } if(PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, (CHAR *) ChlgText)) { if(MAC_ADDR_EQUAL(pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.Bssid, Addr2) && Seq == 2) { #ifdef MAC_REPEATER_SUPPORT if (CliIdx != 0xFF) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Repeater Cli Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n", Alg, Status)); RTMPCancelTimer(&pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].ApCliAuthTimer, &Cancelled); } else #endif /* MAC_REPEATER_SUPPORT */ { DBGPRINT(RT_DEBUG_TRACE, ("APCLI AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n", Alg, Status)); RTMPCancelTimer(&pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.ApCliAuthTimer, &Cancelled); } if(Status == MLME_SUCCESS) { if(pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.Alg == Ndis802_11AuthModeOpen) { *pCurrState = APCLI_AUTH_REQ_IDLE; ApCliCtrlMsg.Status= MLME_SUCCESS; #ifdef MAC_REPEATER_SUPPORT ApCliCtrlMsg.CliIdx = CliIdx; ApCliCtrlMsg.BssIdx = ifIndex; ifIndex = (USHORT)(Elem->Priv); #endif /* MAC_REPEATER_SUPPORT */ MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); } else { PCIPHER_KEY pKey; UINT default_key = pAd->ApCfg.ApCliTab[ifIndex].DefaultKeyId; pKey = &pAd->ApCfg.ApCliTab[ifIndex].SharedKey[default_key]; /* 2. shared key, need to be challenged */ Seq++; RemoteStatus = MLME_SUCCESS; /* allocate and send out AuthRsp frame */ NState = MlmeAllocateMemory(pAd, &pOutBuffer); if(NState != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - ApCliPeerAuthRspAtSeq2Action allocate memory fail\n")); *pCurrState = APCLI_AUTH_REQ_IDLE; ApCliCtrlMsg.Status= MLME_FAIL_NO_RESOURCE; #ifdef MAC_REPEATER_SUPPORT ApCliCtrlMsg.CliIdx = CliIdx; ApCliCtrlMsg.BssIdx = ifIndex; ifIndex = (USHORT)(Elem->Priv); #endif /* MAC_REPEATER_SUPPORT */ MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); goto LabelOK; } #ifdef MAC_REPEATER_SUPPORT if (CliIdx != 0xFF) DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Repeater Cli Send AUTH request seq#3...\n")); else #endif /* MAC_REPEATER_SUPPORT */ DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send AUTH request seq#3...\n")); ApCliMgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr2, pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.Bssid, ifIndex); AuthHdr.FC.Wep = 1; #ifdef MAC_REPEATER_SUPPORT if (CliIdx != 0xFF) COPY_MAC_ADDR(AuthHdr.Addr2, pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].CurrentAddress); #endif /* MAC_REPEATER_SUPPORT */ /* Encrypt challenge text & auth information */ /* TSC increment */ INC_TX_TSC(pKey->TxTsc, LEN_WEP_TSC); /* Construct the 4-bytes WEP IV header */ RTMPConstructWEPIVHdr(default_key, pKey->TxTsc, iv_hdr); Alg = cpu2le16(*(USHORT *)&Alg); Seq = cpu2le16(*(USHORT *)&Seq); RemoteStatus= cpu2le16(*(USHORT *)&RemoteStatus); /* Construct message text */ MakeOutgoingFrame(CyperChlgText, &c_len, 2, &Alg, 2, &Seq, 2, &RemoteStatus, 1, &ChallengeIe, 1, &len_challengeText, len_challengeText, ChlgText, END_OF_ARGS); if (RTMPSoftEncryptWEP(pAd, iv_hdr, pKey, CyperChlgText, c_len) == FALSE) { DBGPRINT(RT_DEBUG_TRACE, ("AUTH - ApCliPeerAuthRspAtSeq2Action allocate memory fail\n")); *pCurrState = APCLI_AUTH_REQ_IDLE; ApCliCtrlMsg.Status= MLME_FAIL_NO_RESOURCE; #ifdef MAC_REPEATER_SUPPORT ApCliCtrlMsg.BssIdx = ifIndex; ApCliCtrlMsg.CliIdx = CliIdx; ifIndex = (USHORT)(Elem->Priv); #endif /* MAC_REPEATER_SUPPORT */ MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); goto LabelOK; } /* Update the total length for 4-bytes ICV */ c_len += LEN_ICV; MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11), &AuthHdr, LEN_WEP_IV_HDR, iv_hdr, c_len, CyperChlgText, END_OF_ARGS); MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen); #ifdef MAC_REPEATER_SUPPORT if (CliIdx != 0xFF) RTMPSetTimer(&pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].ApCliAuthTimer, AUTH_TIMEOUT); else #endif /* MAC_REPEATER_SUPPORT */ RTMPSetTimer(&pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.ApCliAuthTimer, AUTH_TIMEOUT); *pCurrState = APCLI_AUTH_WAIT_SEQ4; } } else { *pCurrState = APCLI_AUTH_REQ_IDLE; #ifdef MAC_REPEATER_SUPPORT ApCliCtrlMsg.CliIdx = CliIdx; ApCliCtrlMsg.BssIdx = ifIndex; ifIndex = (USHORT)(Elem->Priv); #endif /* MAC_REPEATER_SUPPORT */ ApCliCtrlMsg.Status= Status; MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); } } } else { DBGPRINT(RT_DEBUG_TRACE, ("APCLI AUTH - PeerAuthSanity() sanity check fail\n")); } LabelOK: if (pOutBuffer != NULL) MlmeFreeMemory(pAd, pOutBuffer); if (ChlgText != NULL) os_free_mem(NULL, ChlgText); return; }
/* ========================================================================== Description: IRQL = PASSIVE_LEVEL ========================================================================== */ VOID TDLS_BuildSetupRequest( IN PRTMP_ADAPTER pAd, OUT PUCHAR pFrameBuf, OUT PULONG pFrameLen, IN PRT_802_11_TDLS pTDLS) { ULONG Timeout = TDLS_TIMEOUT; BOOLEAN TimerCancelled; /* fill action code */ TDLS_InsertActField(pAd, (pFrameBuf + *pFrameLen), pFrameLen, CATEGORY_TDLS, TDLS_ACTION_CODE_SETUP_REQUEST); /* fill Dialog Token */ pAd->StaCfg.TdlsDialogToken++; if (pAd->StaCfg.TdlsDialogToken == 0) pAd->StaCfg.TdlsDialogToken++; pTDLS->Token = pAd->StaCfg.TdlsDialogToken; TDLS_InsertDialogToken(pAd, (pFrameBuf + *pFrameLen), pFrameLen, pTDLS->Token); /* fill link identifier */ TDLS_InsertLinkIdentifierIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen, pAd->CurrentAddress, pTDLS->MacAddr); // fill capability TDLS_InsertCapIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen); // fill ssid TDLS_InsertSSIDIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen); // fill support rate TDLS_InsertSupportRateIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen); // fill ext rate TDLS_InsertExtRateIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen); // fill Qos Capability TDLS_InsertQosCapIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen); #ifdef DOT11_N_SUPPORT // fill HT Capability TDLS_InsertHtCapIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen); // fill 20/40 BSS Coexistence (7.3.2.61) #ifdef DOT11N_DRAFT3 TDLS_InsertBSSCoexistenceIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen); #endif // DOT11N_DRAFT3 // #endif // DOT11_N_SUPPORT // // fill Extended Capabilities (7.3.2.27) TDLS_InsertExtCapIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen); // TPK Handshake if RSNA Enabled // Pack TPK Message 1 here! if (((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK)) && ((pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled) || (pAd->StaCfg.WepStatus == Ndis802_11Encryption3Enabled))) { UCHAR CipherTmp[64] = {0}; UCHAR CipherTmpLen = 0; FT_FTIE FtIe; ULONG KeyLifetime = TDLS_KEY_TIMEOUT; // sec ULONG tmp; UCHAR Length; // RSNIE (7.3.2.25) CipherTmpLen = CipherSuiteTDLSLen; if (pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled) NdisMoveMemory(CipherTmp, CipherSuiteTDLSWpa2PskTkip, CipherTmpLen); else NdisMoveMemory(CipherTmp, CipherSuiteTDLSWpa2PskAes, CipherTmpLen); // update AKM if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) CipherTmp[19] = TDLS_AKM_SUITE_1X; // Insert RSN_IE to outgoing frame MakeOutgoingFrame((pFrameBuf + *pFrameLen), &tmp, CipherTmpLen, &CipherTmp, END_OF_ARGS); *pFrameLen = *pFrameLen + tmp; // FTIE (7.3.2.48) NdisZeroMemory(&FtIe, sizeof(FtIe)); Length = sizeof(FtIe); // generate SNonce GenRandom(pAd, pAd->CurrentAddress, FtIe.SNonce); hex_dump("TDLS - Generate SNonce ", FtIe.SNonce, 32); NdisMoveMemory(pTDLS->SNonce, FtIe.SNonce, 32); TDLS_InsertFTIE( pAd, (pFrameBuf + *pFrameLen), pFrameLen, Length, FtIe.MICCtr, FtIe.MIC, FtIe.ANonce, FtIe.SNonce); // Timeout Interval (7.3.2.49) TDLS_InsertTimeoutIntervalIE( pAd, (pFrameBuf + *pFrameLen), pFrameLen, 2, /* key lifetime interval */ KeyLifetime); pTDLS->KeyLifetime = KeyLifetime; } // ==>> Set sendout timer RTMPCancelTimer(&pTDLS->Timer, &TimerCancelled); RTMPSetTimer(&pTDLS->Timer, Timeout); // ==>> State Change pTDLS->Status = TDLS_MODE_WAIT_RESPONSE; }
/* ======================================================================== Routine Description: Periodic evaluate antenna link status Arguments: pAd - Adapter pointer Return Value: None ======================================================================== */ VOID APAsicEvaluateRxAnt( IN PRTMP_ADAPTER pAd) { UCHAR BBPR3 = 0; ULONG TxTotalCnt; #ifdef RALINK_ATE if (ATE_ON(pAd)) return; #endif /* RALINK_ATE */ #ifdef CARRIER_DETECTION_SUPPORT if(pAd->CommonCfg.CarrierDetect.CD_State == CD_SILENCE) return; #endif /* CARRIER_DETECTION_SUPPORT */ #ifdef TXBF_SUPPORT /* TODO: we didn't do RxAnt evaluate for 3x3 chips */ if (IS_RT3883(pAd) || IS_RT2883(pAd)) return; #endif /* TXBF_SUPPORT */ RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BBPR3); BBPR3 &= (~0x18); if((pAd->Antenna.field.RxPath == 3) #ifdef DOT11_N_SUPPORT #ifdef GREENAP_SUPPORT && (pAd->ApCfg.bGreenAPActive == FALSE) #endif /* GREENAP_SUPPORT */ #endif /* DOT11_N_SUPPORT */ ) { BBPR3 |= (0x10); } else if((pAd->Antenna.field.RxPath == 2) #ifdef DOT11_N_SUPPORT #ifdef GREENAP_SUPPORT && (pAd->ApCfg.bGreenAPActive == FALSE) #endif /* GREENAP_SUPPORT */ #endif /* DOT11_N_SUPPORT */ ) { BBPR3 |= (0x8); } else if(pAd->Antenna.field.RxPath == 1) { BBPR3 |= (0x0); } RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BBPR3); TxTotalCnt = pAd->RalinkCounters.OneSecTxNoRetryOkCount + pAd->RalinkCounters.OneSecTxRetryOkCount + pAd->RalinkCounters.OneSecTxFailCount; if (TxTotalCnt > 50) { RTMPSetTimer(&pAd->Mlme.RxAntEvalTimer, 20); pAd->Mlme.bLowThroughput = FALSE; } else { RTMPSetTimer(&pAd->Mlme.RxAntEvalTimer, 300); pAd->Mlme.bLowThroughput = TRUE; } }
VOID BAOriSessionAdd( IN PRTMP_ADAPTER pAd, IN MAC_TABLE_ENTRY *pEntry, IN PFRAME_ADDBA_RSP pFrame) { BA_ORI_ENTRY *pBAEntry = NULL; BOOLEAN Cancelled; UCHAR TID; USHORT Idx; PUCHAR pOutBuffer2 = NULL; NDIS_STATUS NStatus; ULONG FrameLen; FRAME_BAR FrameBar; UCHAR MaxPeerBufSize; TID = pFrame->BaParm.TID; Idx = pEntry->BAOriWcidArray[TID]; pBAEntry =&pAd->BATable.BAOriEntry[Idx]; MaxPeerBufSize = 0; /* Start fill in parameters.*/ if ((Idx !=0) && (pBAEntry->TID == TID) && (pBAEntry->ORI_BA_Status == Originator_WaitRes)) { MaxPeerBufSize = (UCHAR)pFrame->BaParm.BufSize; if (MaxPeerBufSize > 0) MaxPeerBufSize -= 1; else MaxPeerBufSize = 0; pBAEntry->BAWinSize = min(pBAEntry->BAWinSize, MaxPeerBufSize); BA_MaxWinSizeReasign(pAd, pEntry, &pBAEntry->BAWinSize); pBAEntry->TimeOutValue = pFrame->TimeOutValue; pBAEntry->ORI_BA_Status = Originator_Done; pAd->BATable.numDoneOriginator ++; /* reset sequence number */ pBAEntry->Sequence = BA_ORI_INIT_SEQ; /* Set Bitmap flag.*/ pEntry->TXBAbitmap |= (1<<TID); RTMPCancelTimer(&pBAEntry->ORIBATimer, &Cancelled); pBAEntry->ORIBATimer.TimerValue = 0; /*pFrame->TimeOutValue;*/ DBGPRINT(RT_DEBUG_TRACE,("%s : TXBAbitmap = %x, BAWinSize = %d, TimeOut = %ld\n", __FUNCTION__, pEntry->TXBAbitmap, pBAEntry->BAWinSize, pBAEntry->ORIBATimer.TimerValue)); /* SEND BAR ;*/ NStatus = MlmeAllocateMemory(pAd, &pOutBuffer2); /*Get an unused nonpaged memory*/ if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE,("BA - BAOriSessionAdd() allocate memory failed \n")); return; } #ifdef CONFIG_STA_SUPPORT IF_DEV_CONFIG_OPMODE_ON_STA(pAd) BarHeaderInit(pAd, &FrameBar, pAd->MacTab.Content[pBAEntry->Wcid].Addr, pAd->CurrentAddress); #endif /* CONFIG_STA_SUPPORT */ FrameBar.StartingSeq.field.FragNum = 0; /* make sure sequence not clear in DEL function.*/ FrameBar.StartingSeq.field.StartSeq = pBAEntry->Sequence; /* make sure sequence not clear in DEL funciton.*/ FrameBar.BarControl.TID = pBAEntry->TID; /* make sure sequence not clear in DEL funciton.*/ MakeOutgoingFrame(pOutBuffer2, &FrameLen, sizeof(FRAME_BAR), &FrameBar, END_OF_ARGS); MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer2, FrameLen); MlmeFreeMemory(pAd, pOutBuffer2); if (pBAEntry->ORIBATimer.TimerValue) RTMPSetTimer(&pBAEntry->ORIBATimer, pBAEntry->ORIBATimer.TimerValue); /* in mSec */ } }
VOID PMF_MlmeSAQueryReq( IN PRTMP_ADAPTER pAd, IN MAC_TABLE_ENTRY *pEntry) { PUCHAR pOutBuffer = NULL; HEADER_802_11 SAQReqHdr; UINT32 FrameLen = 0; UCHAR SACategoryType, SAActionType; UINT ccmp_len = LEN_CCMP_HDR + LEN_CCMP_MIC; UCHAR ccmp_buf[ccmp_len]; PPMF_CFG pPmfCfg = NULL; if (!pEntry) { DBGPRINT(RT_DEBUG_ERROR, ("[PMF]%s : Entry is NULL\n", __FUNCTION__)); return; } if (!(CLIENT_STATUS_TEST_FLAG(pEntry, fCLIENT_STATUS_PMF_CAPABLE))) { DBGPRINT(RT_DEBUG_ERROR, ("[PMF]%s : Entry is not PMF capable, STA(%02x:%02x:%02x:%02x:%02x:%02x)\n", __FUNCTION__, PRINT_MAC(pEntry->Addr))); return; } if (pEntry->SAQueryStatus == SAQ_SENDING) return; #ifdef CONFIG_AP_SUPPORT IF_DEV_CONFIG_OPMODE_ON_AP(pAd) { pPmfCfg = &pAd->ApCfg.MBSSID[pEntry->apidx].PmfCfg; } #endif /* CONFIG_AP_SUPPORT */ #ifdef CONFIG_STA_SUPPORT IF_DEV_CONFIG_OPMODE_ON_STA(pAd) { pPmfCfg = &pAd->StaCfg.PmfCfg; } #endif /* CONFIG_STA_SUPPORT */ if (pPmfCfg) { /* Send the SA Query Request */ os_alloc_mem(NULL, (UCHAR **)&pOutBuffer, MAX_LEN_OF_MLME_BUFFER); if(pOutBuffer == NULL) return; #ifdef CONFIG_AP_SUPPORT IF_DEV_CONFIG_OPMODE_ON_AP(pAd) { MgtMacHeaderInit(pAd, &SAQReqHdr, SUBTYPE_ACTION, 0, pEntry->Addr,pAd->ApCfg.MBSSID[pEntry->apidx].wdev.if_addr, pAd->ApCfg.MBSSID[pEntry->apidx].wdev.bssid); } #endif /* CONFIG_AP_SUPPORT */ #ifdef CONFIG_STA_SUPPORT IF_DEV_CONFIG_OPMODE_ON_STA(pAd) { MgtMacHeaderInit(pAd, &SAQReqHdr, SUBTYPE_ACTION, 0, pEntry->Addr, pAd->CurrentAddress, pAd->CurrentAddress); } #endif /* CONFIG_STA_SUPPORT */ pEntry->TransactionID++; SACategoryType = CATEGORY_SA; SAActionType = ACTION_SAQ_REQUEST; MakeOutgoingFrame(pOutBuffer, (ULONG *) &FrameLen, sizeof(HEADER_802_11), &SAQReqHdr, 1, &SACategoryType, 1, &SAActionType, 2, &pEntry->TransactionID, END_OF_ARGS); if (pEntry->SAQueryStatus == SAQ_IDLE) { RTMPSetTimer(&pEntry->SAQueryTimer, 1000); /* 1000ms */ DBGPRINT(RT_DEBUG_ERROR, ("[PMF]%s -- SAQueryTimer\n", __FUNCTION__)); } pEntry->SAQueryStatus = SAQ_SENDING; RTMPSetTimer(&pEntry->SAQueryConfirmTimer, 200); /* 200ms */ /* transmit the frame */ MiniportMMRequest(pAd, QID_MGMT, pOutBuffer, FrameLen); os_free_mem(NULL, pOutBuffer); DBGPRINT(RT_DEBUG_ERROR, ("[PMF]%s - Send SA Query Request to STA(%02x:%02x:%02x:%02x:%02x:%02x)\n", __FUNCTION__, PRINT_MAC(pEntry->Addr))); } }
BOOLEAN AUTH_ReqSend(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *pElem, struct rt_ralink_timer *pAuthTimer, char *pSMName, u16 SeqNo, u8 *pNewElement, unsigned long ElementLen) { u16 Alg, Seq, Status; u8 Addr[6]; unsigned long Timeout; struct rt_header_802_11 AuthHdr; BOOLEAN TimerCancelled; int NStatus; u8 *pOutBuffer = NULL; unsigned long FrameLen = 0, tmp = 0; /* Block all authentication request durning WPA block period */ if (pAd->StaCfg.bBlockAssoc == TRUE) { DBGPRINT(RT_DEBUG_TRACE, ("%s - Block Auth request durning WPA block period!\n", pSMName)); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status = MLME_STATE_MACHINE_REJECT; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status); } else if (MlmeAuthReqSanity (pAd, pElem->Msg, pElem->MsgLen, Addr, &Timeout, &Alg)) { /* reset timer */ RTMPCancelTimer(pAuthTimer, &TimerCancelled); COPY_MAC_ADDR(pAd->MlmeAux.Bssid, Addr); pAd->MlmeAux.Alg = Alg; Seq = SeqNo; Status = MLME_SUCCESS; NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */ if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, ("%s - MlmeAuthReqAction(Alg:%d) allocate memory failed\n", pSMName, Alg)); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status = MLME_FAIL_NO_RESOURCE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status); return FALSE; } DBGPRINT(RT_DEBUG_TRACE, ("%s - Send AUTH request seq#1 (Alg=%d)...\n", pSMName, Alg)); MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr, pAd->MlmeAux.Bssid); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(struct rt_header_802_11), &AuthHdr, 2, &Alg, 2, &Seq, 2, &Status, END_OF_ARGS); if (pNewElement && ElementLen) { MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp, ElementLen, pNewElement, END_OF_ARGS); FrameLen += tmp; } MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); RTMPSetTimer(pAuthTimer, Timeout); return TRUE; } else { DBGPRINT_ERR(("%s - MlmeAuthReqAction() sanity check failed\n", pSMName)); return FALSE; } return TRUE; }
/* ========================================================================== Description: IRQL = DISPATCH_LEVEL ========================================================================== */ VOID FT_OTD_ReqAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { PUCHAR pOutBuffer = NULL; NDIS_STATUS NStatus; ULONG FrameLen = 0; HEADER_802_11 FtReqHdr; FT_MDIE MdIe; UCHAR Snonce[32]; UCHAR R0KhIdLen; UCHAR R0KhId[FT_ROKH_ID_LEN + 1]; UCHAR Category = FT_CATEGORY_BSS_TRANSITION; UCHAR Action = FT_ACTION_BT_REQ; ULONG Timeout = 0; USHORT Status; UCHAR TargetAddr[6]; NDIS_802_11_VARIABLE_IEs *pRsnIE = NULL; USHORT LenRsnIE; if (!MlmeFtReqSanity (pAd, Elem->Msg, Elem->MsgLen, TargetAddr, &Timeout, &MdIe, Snonce, &R0KhIdLen, R0KhId, &LenRsnIE, pRsnIE)) { DBGPRINT_ERR(("FT_OTD_ACTION - FT_OTD_ReqAction() sanity check failed\n")); pAd->Mlme.AuthMachine.CurrState = FT_OTD_IDLE; Status = MLME_INVALID_FORMAT; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status, 0); return; } DBGPRINT(RT_DEBUG_TRACE, ("FT_OTD_ACTION :FT_OTD_ReqAction() \n")); NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */ if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_ERROR, ("FT_OTD_ACTION :FT_OTD_ReqAction() allocate memory failed \n")); return; } ActHeaderInit(pAd, &FtReqHdr, pAd->CommonCfg.Bssid, pAd->CurrentAddress, pAd->CommonCfg.Bssid); /* Build basic frame first */ MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof (HEADER_802_11), &FtReqHdr, 1, &Category, 1, &Action, 6, pAd->CurrentAddress, 6, TargetAddr, END_OF_ARGS); /* MDIE */ FT_InsertMdIE(pAd, pOutBuffer + FrameLen, &FrameLen, MdIe.MdId, MdIe.FtCapPlc); /* Process with RSN */ if (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA) { FT_ConstructAuthReqInRsn(pAd, pOutBuffer, &FrameLen); } MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); RTMPSetTimer(&pAd->MlmeAux.FtOtdActTimer, Timeout); pAd->Mlme.FtOtdActMachine.CurrState = FT_OTD_WAIT_SEQ2; }
BOOLEAN AUTH_ReqSend( IN PRTMP_ADAPTER pAd, IN PMLME_QUEUE_ELEM pElem, IN PRALINK_TIMER_STRUCT pAuthTimer, IN PSTRING pSMName, IN USHORT SeqNo, IN PUCHAR pNewElement, IN ULONG ElementLen) { USHORT Alg, Seq, Status; UCHAR Addr[6]; ULONG Timeout; HEADER_802_11 AuthHdr; BOOLEAN TimerCancelled; NDIS_STATUS NStatus; PUCHAR pOutBuffer = NULL; ULONG FrameLen = 0, tmp = 0; /* Block all authentication request durning WPA block period */ if (pAd->StaCfg.bBlockAssoc == TRUE) { DBGPRINT(RT_DEBUG_TRACE, ("%s - Block Auth request durning WPA block period!\n", pSMName)); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status = MLME_STATE_MACHINE_REJECT; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status, 0); } else if (MlmeAuthReqSanity(pAd, pElem->Msg, pElem->MsgLen, Addr, &Timeout, &Alg)) { /* reset timer */ RTMPCancelTimer(pAuthTimer, &TimerCancelled); COPY_MAC_ADDR(pAd->MlmeAux.Bssid, Addr); pAd->MlmeAux.Alg = Alg; Seq = SeqNo; Status = MLME_SUCCESS; NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */ if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, ("%s - MlmeAuthReqAction(Alg:%d) allocate memory failed\n", pSMName, Alg)); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status = MLME_FAIL_NO_RESOURCE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status, 0); return FALSE; } DBGPRINT(RT_DEBUG_TRACE, ("%s - Send AUTH request seq#1 (Alg=%d)...\n", pSMName, Alg)); MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr, pAd->CurrentAddress, pAd->MlmeAux.Bssid); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof (HEADER_802_11), &AuthHdr, 2, &Alg, 2, &Seq, 2, &Status, END_OF_ARGS); if (pNewElement && ElementLen) { MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp, ElementLen, pNewElement, END_OF_ARGS); FrameLen += tmp; } MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); RTMPSetTimer(pAuthTimer, Timeout); return TRUE; } else { DBGPRINT_ERR(("%s(): %s sanity check fail\n", __FUNCTION__, pSMName)); return FALSE; } return TRUE; }
/* ========================================================================== Description: MLME PROBE req state machine procedure ========================================================================== */ static VOID ApCliMlmeProbeReqAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { BOOLEAN Cancelled; APCLI_MLME_JOIN_REQ_STRUCT *Info = (APCLI_MLME_JOIN_REQ_STRUCT *)(Elem->Msg); USHORT ifIndex = (USHORT)(Elem->Priv); PULONG pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].SyncCurrState; APCLI_STRUCT *pApCliEntry = NULL; struct wifi_dev *wdev; ULONG bss_idx = BSS_NOT_FOUND; DBGPRINT(RT_DEBUG_TRACE, ("ApCli SYNC - ApCliMlmeProbeReqAction(Ssid %s)\n", Info->Ssid)); if (ifIndex >= MAX_APCLI_NUM) return; pApCliEntry = &pAd->ApCfg.ApCliTab[ifIndex]; wdev = &pApCliEntry->wdev; /* reset all the timers */ RTMPCancelTimer(&(pApCliEntry->MlmeAux.ProbeTimer), &Cancelled); pApCliEntry->MlmeAux.Rssi = -9999; bss_idx = BssSsidTableSearchBySSID(&pAd->ScanTab, (PCHAR)Info->Ssid, Info->SsidLen); if (bss_idx == BSS_NOT_FOUND) { #ifdef APCLI_CONNECTION_TRIAL if (pApCliEntry->TrialCh ==0) pApCliEntry->MlmeAux.Channel = pAd->CommonCfg.Channel; else pApCliEntry->MlmeAux.Channel = pApCliEntry->TrialCh; #else pApCliEntry->MlmeAux.Channel = pAd->CommonCfg.Channel; #endif /* APCLI_CONNECTION_TRIAL */ } else { #ifdef APCLI_CONNECTION_TRIAL if (pApCliEntry->TrialCh ==0) pApCliEntry->MlmeAux.Channel = pAd->CommonCfg.Channel; else pApCliEntry->MlmeAux.Channel = pApCliEntry->TrialCh; #else DBGPRINT(RT_DEBUG_TRACE, ("%s, Found %s in scanTable , goto channel %d\n", __FUNCTION__, pAd->ScanTab.BssEntry[bss_idx].Ssid, pAd->ScanTab.BssEntry[bss_idx].Channel)); pApCliEntry->MlmeAux.Channel = pAd->ScanTab.BssEntry[bss_idx].Channel; #endif /* APCLI_CONNECTION_TRIAL */ } #ifdef RT_CFG80211_P2P_CONCURRENT_DEVICE pApCliEntry->MlmeAux.SupRateLen = pAd->cfg80211_ctrl.P2pSupRateLen; NdisMoveMemory(pApCliEntry->MlmeAux.SupRate, pAd->cfg80211_ctrl.P2pSupRate, pAd->cfg80211_ctrl.P2pSupRateLen); pApCliEntry->MlmeAux.ExtRateLen = pAd->cfg80211_ctrl.P2pExtRateLen; NdisMoveMemory(pApCliEntry->MlmeAux.ExtRate, pAd->cfg80211_ctrl.P2pExtRate, pAd->cfg80211_ctrl.P2pExtRateLen); #else #ifdef APCLI_AUTO_BW_SUPPORT pApCliEntry->MlmeAux.SupRateLen = wdev->SupRateLen; NdisMoveMemory(pApCliEntry->MlmeAux.SupRate, wdev->SupRate, wdev->SupRateLen); /* Prepare the default value for extended rate */ pApCliEntry->MlmeAux.ExtRateLen = wdev->ExtRateLen; NdisMoveMemory(pApCliEntry->MlmeAux.ExtRate, wdev->ExtRate, wdev->ExtRateLen); #else pApCliEntry->MlmeAux.SupRateLen = pAd->CommonCfg.SupRateLen; NdisMoveMemory(pApCliEntry->MlmeAux.SupRate, pAd->CommonCfg.SupRate, pAd->CommonCfg.SupRateLen); /* Prepare the default value for extended rate */ pApCliEntry->MlmeAux.ExtRateLen = pAd->CommonCfg.ExtRateLen; NdisMoveMemory(pApCliEntry->MlmeAux.ExtRate, pAd->CommonCfg.ExtRate, pAd->CommonCfg.ExtRateLen); #endif /* APCLI_AUTO_BW_SUPPORT */ #endif /* RT_CFG80211_P2P_CONCURRENT_DEVICE */ RTMPSetTimer(&(pApCliEntry->MlmeAux.ProbeTimer), PROBE_TIMEOUT); #ifdef APCLI_CONNECTION_TRIAL NdisZeroMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Bssid, MAC_ADDR_LEN); NdisZeroMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Ssid, MAX_LEN_OF_SSID); NdisCopyMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Bssid, Info->Bssid, MAC_ADDR_LEN); NdisCopyMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Ssid, Info->Ssid, Info->SsidLen); #endif /* APCLI_CONNECTION_TRIAL */ ApCliEnqueueProbeRequest(pAd, Info->SsidLen, (PCHAR)Info->Ssid, (PCHAR)Info->Bssid, ifIndex); DBGPRINT(RT_DEBUG_TRACE, ("ApCli SYNC - Start Probe the SSID %s on channel =%d\n", Info->Ssid, pApCliEntry->MlmeAux.Channel)); *pCurrState = APCLI_JOIN_WAIT_PROBE_RSP; return; }
/* ========================================================================== Description: mlme assoc req handling procedure Parameters: Adapter - Adapter pointer Elem - MLME Queue Element Pre: the station has been authenticated and the following information is stored in the config -# SSID -# supported rates and their length -# listen interval (Adapter->PortCfg.default_listen_count) -# Transmit power (Adapter->PortCfg.tx_power) Post : -# An association request frame is generated and sent to the air -# Association timer starts -# Association state -> ASSOC_WAIT_RSP ========================================================================== */ static VOID ApCliMlmeAssocReqAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { NDIS_STATUS NStatus; BOOLEAN Cancelled; UCHAR ApAddr[6]; HEADER_802_11 AssocHdr; UCHAR WmeIe[9] = {IE_VENDOR_SPECIFIC, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00}; USHORT ListenIntv; ULONG Timeout; USHORT CapabilityInfo; PUCHAR pOutBuffer = NULL; ULONG FrameLen = 0; ULONG tmp; UCHAR SsidIe = IE_SSID; UCHAR SupRateIe = IE_SUPP_RATES; UCHAR ExtRateIe = IE_EXT_SUPP_RATES; APCLI_CTRL_MSG_STRUCT ApCliCtrlMsg; USHORT ifIndex = (USHORT)(Elem->Priv); PULONG pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].AssocCurrState; if (ifIndex >= MAX_APCLI_NUM) return; // Block all authentication request durning WPA block period if (pAd->ApCfg.ApCliTab[ifIndex].bBlockAssoc == TRUE) { DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - Block Auth request durning WPA block period!\n")); *pCurrState = APCLI_ASSOC_IDLE; ApCliCtrlMsg.Status = MLME_STATE_MACHINE_REJECT; MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_ASSOC_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); } else if(MlmeAssocReqSanity(pAd, Elem->Msg, Elem->MsgLen, ApAddr, &CapabilityInfo, &Timeout, &ListenIntv)) { RTMPCancelTimer(&pAd->MlmeAux.ApCliAssocTimer, &Cancelled); // allocate and send out AssocRsp frame NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); //Get an unused nonpaged memory if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - ApCliMlmeAssocReqAction() allocate memory failed \n")); *pCurrState = APCLI_ASSOC_IDLE; ApCliCtrlMsg.Status = MLME_FAIL_NO_RESOURCE; MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_ASSOC_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); return; } DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - Send ASSOC request...\n")); ApCliMgtMacHeaderInit(pAd, &AssocHdr, SUBTYPE_ASSOC_REQ, 0, ApAddr, ApAddr, ifIndex); // Build basic frame first MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11), &AssocHdr, 2, &CapabilityInfo, 2, &ListenIntv, 1, &SsidIe, 1, &pAd->MlmeAux.SsidLen, pAd->MlmeAux.SsidLen, pAd->MlmeAux.Ssid, 1, &SupRateIe, 1, &pAd->MlmeAux.SupRateLen, pAd->MlmeAux.SupRateLen, pAd->MlmeAux.SupRate, END_OF_ARGS); if(pAd->MlmeAux.ExtRateLen != 0) { MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp, 1, &ExtRateIe, 1, &pAd->MlmeAux.ExtRateLen, pAd->MlmeAux.ExtRateLen, pAd->MlmeAux.ExtRate, END_OF_ARGS); FrameLen += tmp; } #ifdef DOT11_N_SUPPORT // HT if ((pAd->MlmeAux.HtCapabilityLen > 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED)) { ULONG TmpLen; //UCHAR HtLen; //UCHAR BROADCOM[4] = {0x0, 0x90, 0x4c, 0x33}; //2008/12/17:KH modified to fix the low throughput of AP-Client on Big-Endian Platform<-- #ifdef RT_BIG_ENDIAN HT_CAPABILITY_IE HtCapabilityTmp; #endif #ifndef RT_BIG_ENDIAN { MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen, 1, &HtCapIe, 1, &pAd->MlmeAux.HtCapabilityLen, pAd->MlmeAux.HtCapabilityLen, &pAd->MlmeAux.HtCapability, END_OF_ARGS); } #else NdisZeroMemory(&HtCapabilityTmp, sizeof(HT_CAPABILITY_IE)); NdisMoveMemory(&HtCapabilityTmp, &pAd->MlmeAux.HtCapability, pAd->MlmeAux.HtCapabilityLen); *(USHORT *)(&HtCapabilityTmp.HtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.HtCapInfo)); *(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo)); MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen, 1, &HtCapIe, 1, &pAd->MlmeAux.HtCapabilityLen, pAd->MlmeAux.HtCapabilityLen,&HtCapabilityTmp, END_OF_ARGS); #endif //2008/12/17:KH modified to fix the low throughput of AP-Client on Big-Endian Platform--> FrameLen += TmpLen; } #endif // DOT11_N_SUPPORT // #ifdef AGGREGATION_SUPPORT // add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION // Case I: (Aggregation + Piggy-Back) // 1. user enable aggregation, AND // 2. Mac support piggy-back // 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON // Case II: (Aggregation) // 1. user enable aggregation, AND // 2. AP annouces it's AGGREGATION-capable in BEACON if (pAd->CommonCfg.bAggregationCapable) { #ifdef PIGGYBACK_SUPPORT if ((pAd->CommonCfg.bPiggyBackCapable) && ((pAd->MlmeAux.APRalinkIe & 0x00000003) == 3)) { ULONG TmpLen; UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00}; MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen, 9, RalinkIe, END_OF_ARGS); FrameLen += TmpLen; } else #endif // PIGGYBACK_SUPPORT // if (pAd->MlmeAux.APRalinkIe & 0x00000001) { ULONG TmpLen; UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00}; MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen, 9, RalinkIe, END_OF_ARGS); FrameLen += TmpLen; } } else { ULONG TmpLen; UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x06, 0x00, 0x00, 0x00}; MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen, 9, RalinkIe, END_OF_ARGS); FrameLen += TmpLen; } #endif // AGGREGATION_SUPPORT // if (pAd->MlmeAux.APEdcaParm.bValid) { if (pAd->CommonCfg.bAPSDCapable && pAd->MlmeAux.APEdcaParm.bAPSDCapable) { QBSS_STA_INFO_PARM QosInfo; NdisZeroMemory(&QosInfo, sizeof(QBSS_STA_INFO_PARM)); QosInfo.UAPSD_AC_BE = pAd->CommonCfg.bAPSDAC_BE; QosInfo.UAPSD_AC_BK = pAd->CommonCfg.bAPSDAC_BK; QosInfo.UAPSD_AC_VI = pAd->CommonCfg.bAPSDAC_VI; QosInfo.UAPSD_AC_VO = pAd->CommonCfg.bAPSDAC_VO; QosInfo.MaxSPLength = pAd->CommonCfg.MaxSPLength; WmeIe[8] |= *(PUCHAR)&QosInfo; } else { // The Parameter Set Count is set to бз0би in the association request frames // WmeIe[8] |= (pAd->MlmeAux.APEdcaParm.EdcaUpdateCount & 0x0f); } MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp, 9, &WmeIe[0], END_OF_ARGS); FrameLen += tmp; } // Append RSN_IE when WPAPSK OR WPA2PSK, if (((pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPAPSK) || (pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPA2PSK)) #ifdef WSC_AP_SUPPORT && (pAd->ApCfg.ApCliTab[ifIndex].WscControl.WscConfMode == WSC_DISABLE) #endif // WSC_AP_SUPPORT // ) { UCHAR RSNIe = IE_WPA; if (pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPA2PSK) RSNIe = IE_WPA2; MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp, 1, &RSNIe, 1, &pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len, pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len, pAd->ApCfg.ApCliTab[ifIndex].RSN_IE, END_OF_ARGS); FrameLen += tmp; } MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); RTMPSetTimer(&pAd->MlmeAux.ApCliAssocTimer, Timeout); *pCurrState = APCLI_ASSOC_WAIT_RSP; } else { DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - ApCliMlmeAssocReqAction() sanity check failed. BUG!!!!!! \n")); *pCurrState = APCLI_ASSOC_IDLE; ApCliCtrlMsg.Status = MLME_INVALID_FORMAT; MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_ASSOC_RSP, sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex); } return; }
VOID PeerPublicAction(RTMP_ADAPTER *pAd, MLME_QUEUE_ELEM *Elem) { UCHAR Action = Elem->Msg[LENGTH_802_11+1]; #if defined(CONFIG_HOTSPOT) && defined(CONFIG_AP_SUPPORT) if (!HotSpotEnable(pAd, Elem, ACTION_STATE_MESSAGES)) #endif if ((Elem->Wcid >= MAX_LEN_OF_MAC_TABLE) ) return; switch(Action) { #ifdef DOT11_N_SUPPORT #ifdef DOT11N_DRAFT3 case ACTION_BSS_2040_COEXIST: /* Format defined in IEEE 7.4.7a.1 in 11n Draf3.03*/ { /*UCHAR BssCoexist;*/ BSS_2040_COEXIST_ELEMENT *pCoexistInfo; BSS_2040_COEXIST_IE *pBssCoexistIe; BSS_2040_INTOLERANT_CH_REPORT *pIntolerantReport = NULL; if (Elem->MsgLen <= (LENGTH_802_11 + sizeof(BSS_2040_COEXIST_ELEMENT)) ) { DBGPRINT(RT_DEBUG_ERROR, ("ACTION - 20/40 BSS Coexistence Management Frame length too short! len = %ld!\n", Elem->MsgLen)); break; } DBGPRINT(RT_DEBUG_TRACE, ("ACTION - 20/40 BSS Coexistence Management action----> \n")); hex_dump("CoexistenceMgmtFrame", Elem->Msg, Elem->MsgLen); pCoexistInfo = (BSS_2040_COEXIST_ELEMENT *) &Elem->Msg[LENGTH_802_11+2]; /*hex_dump("CoexistInfo", (PUCHAR)pCoexistInfo, sizeof(BSS_2040_COEXIST_ELEMENT));*/ if (Elem->MsgLen >= (LENGTH_802_11 + sizeof(BSS_2040_COEXIST_ELEMENT) + sizeof(BSS_2040_INTOLERANT_CH_REPORT))) { pIntolerantReport = (BSS_2040_INTOLERANT_CH_REPORT *)((PUCHAR)pCoexistInfo + sizeof(BSS_2040_COEXIST_ELEMENT)); } /*hex_dump("IntolerantReport ", (PUCHAR)pIntolerantReport, sizeof(BSS_2040_INTOLERANT_CH_REPORT));*/ if(pAd->CommonCfg.bBssCoexEnable == FALSE || (pAd->CommonCfg.bForty_Mhz_Intolerant == TRUE)) { DBGPRINT(RT_DEBUG_TRACE, ("20/40 BSS CoexMgmt=%d, bForty_Mhz_Intolerant=%d, ignore this action!!\n", pAd->CommonCfg.bBssCoexEnable, pAd->CommonCfg.bForty_Mhz_Intolerant)); break; } pBssCoexistIe = (BSS_2040_COEXIST_IE *)(&pCoexistInfo->BssCoexistIe); #ifdef CONFIG_AP_SUPPORT IF_DEV_CONFIG_OPMODE_ON_AP(pAd) { BOOLEAN bNeedFallBack = FALSE; /*ApPublicAction(pAd, Elem);*/ if ((pBssCoexistIe->field.BSS20WidthReq ==1) || (pBssCoexistIe->field.Intolerant40 == 1)) { bNeedFallBack = TRUE; DBGPRINT(RT_DEBUG_TRACE, ("BSS_2040_COEXIST: BSS20WidthReq=%d, Intolerant40=%d!\n", pBssCoexistIe->field.BSS20WidthReq, pBssCoexistIe->field.Intolerant40)); } else if ((pIntolerantReport) && (pIntolerantReport->Len > 1) /*&& (pIntolerantReport->RegulatoryClass == get_regulatory_class(pAd))*/) { int i; UCHAR *ptr; INT retVal; BSS_COEX_CH_RANGE coexChRange; ptr = pIntolerantReport->ChList; bNeedFallBack = TRUE; DBGPRINT(RT_DEBUG_TRACE, ("The pIntolerantReport len = %d, chlist=", pIntolerantReport->Len)); for(i =0 ; i < (pIntolerantReport->Len -1); i++, ptr++) { DBGPRINT(RT_DEBUG_TRACE, ("%d,", *ptr)); } DBGPRINT(RT_DEBUG_TRACE, ("\n")); retVal = GetBssCoexEffectedChRange(pAd, &coexChRange); if (retVal == TRUE) { ptr = pIntolerantReport->ChList; bNeedFallBack = FALSE; DBGPRINT(RT_DEBUG_TRACE, ("Check IntolerantReport Channel List in our effectedChList(%d~%d)\n", pAd->ChannelList[coexChRange.effectChStart].Channel, pAd->ChannelList[coexChRange.effectChEnd].Channel)); for(i =0 ; i < (pIntolerantReport->Len -1); i++, ptr++) { UCHAR chEntry; chEntry = *ptr; if (chEntry >= pAd->ChannelList[coexChRange.effectChStart].Channel && chEntry <= pAd->ChannelList[coexChRange.effectChEnd].Channel) { DBGPRINT(RT_DEBUG_TRACE, ("Found Intolerant channel in effect range=%d!\n", *ptr)); bNeedFallBack = TRUE; break; } } DBGPRINT(RT_DEBUG_TRACE, ("After CoexChRange Check, bNeedFallBack=%d!\n", bNeedFallBack)); } if (bNeedFallBack) { pBssCoexistIe->field.Intolerant40 = 1; pBssCoexistIe->field.BSS20WidthReq = 1; } } if (bNeedFallBack) { int apidx; NdisMoveMemory((PUCHAR)&pAd->CommonCfg.LastBSSCoexist2040, (PUCHAR)pBssCoexistIe, sizeof(BSS_2040_COEXIST_IE)); pAd->CommonCfg.Bss2040CoexistFlag |= BSS_2040_COEXIST_INFO_SYNC; if (!(pAd->CommonCfg.Bss2040CoexistFlag & BSS_2040_COEXIST_TIMER_FIRED)) { DBGPRINT(RT_DEBUG_TRACE, ("Fire the Bss2040CoexistTimer with timeout=%ld!\n", pAd->CommonCfg.Dot11BssWidthChanTranDelay)); pAd->CommonCfg.Bss2040CoexistFlag |= BSS_2040_COEXIST_TIMER_FIRED; /* More 5 sec for the scan report of STAs.*/ RTMPSetTimer(&pAd->CommonCfg.Bss2040CoexistTimer, (pAd->CommonCfg.Dot11BssWidthChanTranDelay + 5) * 1000); } else { DBGPRINT(RT_DEBUG_TRACE, ("Already fallback to 20MHz, Extend the timeout of Bss2040CoexistTimer!\n")); /* More 5 sec for the scan report of STAs.*/ RTMPModTimer(&pAd->CommonCfg.Bss2040CoexistTimer, (pAd->CommonCfg.Dot11BssWidthChanTranDelay + 5) * 1000); } apidx = pAd->MacTab.Content[Elem->Wcid].apidx; for (apidx = 0; apidx < pAd->ApCfg.BssidNum; apidx++) SendBSS2040CoexistMgmtAction(pAd, MCAST_WCID, apidx, 0); } } #endif /* CONFIG_AP_SUPPORT */ } break; #endif /* DOT11N_DRAFT3 */ #endif /* DOT11_N_SUPPORT */ #if defined(CONFIG_HOTSPOT) && defined(CONFIG_AP_SUPPORT) case ACTION_GAS_INIT_REQ: if (HotSpotEnable(pAd, Elem, ACTION_STATE_MESSAGES)) ReceiveGASInitReq(pAd, Elem); break; case ACTION_GAS_CB_REQ: if (HotSpotEnable(pAd, Elem, ACTION_STATE_MESSAGES)) ReceiveGASCBReq(pAd, Elem); break; #endif case ACTION_WIFI_DIRECT: break; default: break; } }
/* ========================================================================== Description: ========================================================================== */ VOID PeerAuthRspAtSeq2Action( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { UCHAR Addr2[MAC_ADDR_LEN]; USHORT Seq, Status, RemoteStatus, Alg; UCHAR ChlgText[CIPHER_TEXT_LEN]; UCHAR CyperChlgText[CIPHER_TEXT_LEN + 8 + 8]; UCHAR Element[2]; HEADER_802_11 AuthHdr; PUCHAR pOutBuffer = NULL; ULONG FrameLen = 0; USHORT Status2; USHORT NStatus; if (PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, ChlgText)) { if (MAC_ADDR_EQUAL(&pAd->MlmeAux.Bssid, Addr2) && Seq == 2) { DBGPRINT(RT_DEBUG_TRACE, "AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n", Alg, Status); RTMPCancelTimer(&pAd->MlmeAux.AuthTimer); if (Status == MLME_SUCCESS) { if (pAd->MlmeAux.Alg == Ndis802_11AuthModeOpen) { pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status); } else { // 2. shared key, need to be challenged Seq++; RemoteStatus = MLME_SUCCESS; // allocate and send out AuthRsp frame NStatus = MlmeAllocateMemory(pAd, (PVOID)&pOutBuffer); //Get an unused nonpaged memory if (NStatus != NDIS_STATUS_SUCCESS) { DBGPRINT(RT_DEBUG_TRACE, "AUTH - PeerAuthRspAtSeq2Action() allocate memory fail\n"); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; Status2 = MLME_FAIL_NO_RESOURCE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status2); return; } DBGPRINT(RT_DEBUG_TRACE, "AUTH - Send AUTH request seq#3...\n"); MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr2, pAd->MlmeAux.Bssid); AuthHdr.FC.Wep = 1; // Encrypt challenge text & auth information RTMPInitWepEngine( pAd, pAd->SharedKey[pAd->PortCfg.DefaultKeyId].Key, pAd->PortCfg.DefaultKeyId, pAd->SharedKey[pAd->PortCfg.DefaultKeyId].KeyLen, CyperChlgText); #ifdef BIG_ENDIAN Alg = SWAP16(*(USHORT *)&Alg); Seq = SWAP16(*(USHORT *)&Seq); RemoteStatus= SWAP16(*(USHORT *)&RemoteStatus); #endif RTMPEncryptData(pAd, (PUCHAR) &Alg, CyperChlgText + 4, 2); RTMPEncryptData(pAd, (PUCHAR) &Seq, CyperChlgText + 6, 2); RTMPEncryptData(pAd, (PUCHAR) &RemoteStatus, CyperChlgText + 8, 2); Element[0] = 16; Element[1] = 128; RTMPEncryptData(pAd, Element, CyperChlgText + 10, 2); RTMPEncryptData(pAd, ChlgText, CyperChlgText + 12, 128); RTMPSetICV(pAd, CyperChlgText + 140); MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(HEADER_802_11), &AuthHdr, CIPHER_TEXT_LEN + 16, CyperChlgText, END_OF_ARGS); MiniportMMRequest(pAd, pOutBuffer, FrameLen); RTMPSetTimer(pAd, &pAd->MlmeAux.AuthTimer, AUTH_TIMEOUT); pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ4; } } else { pAd->PortCfg.AuthFailReason = Status; COPY_MAC_ADDR(pAd->PortCfg.AuthFailSta, Addr2); pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status); } } } else { DBGPRINT(RT_DEBUG_TRACE, "AUTH - PeerAuthSanity() sanity check fail\n"); } }
VOID NfcParseRspCommand( IN PRTMP_ADAPTER pAd, IN PUCHAR pData, IN USHORT DataLen) { NFC_CMD_INFO *pNfcCmdInfo = NULL; BOOLEAN bSetFromNfc = FALSE; PWSC_CTRL pWscCtrl = &pAd->ApCfg.MBSSID[0].WscControl; MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("====> %s\n", __FUNCTION__)); hex_dump("Packet", pData, DataLen); os_alloc_mem(pAd, (UCHAR **)&pNfcCmdInfo, (DataLen*sizeof(UCHAR))); if (pNfcCmdInfo) { NdisMoveMemory(pNfcCmdInfo, pData, DataLen); hex_dump("Packet", &pNfcCmdInfo->data[0], pNfcCmdInfo->data_len); bSetFromNfc = ((pNfcCmdInfo->action & 0x41) == 0x41); MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("==> vendor_id: 0x%04x, action = 0x%0x, type = %d, data_len = %u, bSetFromNfc = %d\n", pNfcCmdInfo->vendor_id, pNfcCmdInfo->action, pNfcCmdInfo->type, pNfcCmdInfo->data_len, bSetFromNfc)); switch(pNfcCmdInfo->type) { case TYPE_CMD_RESULT: MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("TYPE_CMD_RESULT(=%d): Command result = %d\n", pNfcCmdInfo->type, pNfcCmdInfo->data[0])); break; case TYPE_CONFIGURATION: MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("TYPE_CONFIGURATION(=%d)\n", pNfcCmdInfo->type)); if (bSetFromNfc) { if (pNfcCmdInfo->data_len != 1) { /* Receive Configuration from NFC daemon. */ if (WscProcessCredential(pAd, &pNfcCmdInfo->data[0], pNfcCmdInfo->data_len, pWscCtrl) == FALSE) { MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("ProcessCredential fail..\n")); } else { if ((pAd->OpMode == OPMODE_AP) && (pWscCtrl->WscConfStatus == WSC_SCSTATE_UNCONFIGURED)) { pWscCtrl->WscConfStatus = WSC_SCSTATE_CONFIGURED; WscBuildBeaconIE(pAd, WSC_SCSTATE_CONFIGURED, FALSE, 0, 0, 0, NULL, 0, AP_MODE); WscBuildProbeRespIE(pAd, WSC_MSGTYPE_AP_WLAN_MGR, WSC_SCSTATE_CONFIGURED, FALSE, 0, 0, 0, NULL, 0, AP_MODE); APUpdateAllBeaconFrame(pAd); } if (pWscCtrl->WscUpdatePortCfgTimerRunning) { BOOLEAN bCancel; RTMPCancelTimer(&pWscCtrl->WscUpdatePortCfgTimer, &bCancel); } else pWscCtrl->WscUpdatePortCfgTimerRunning = TRUE; RTMPSetTimer(&pWscCtrl->WscUpdatePortCfgTimer, 1000); } } } else { Set_NfcConfigurationToken_Proc(pAd, "1"); } break; case TYPE_PASSWORD: MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("TYPE_PASSWORD(=%d)\n", pNfcCmdInfo->type)); if (bSetFromNfc) { if (pNfcCmdInfo->data_len != 1) { /* Receive Passwd from NFC daemon. */ NfcProcessPasswdTV(pAd, &pNfcCmdInfo->data[0], pNfcCmdInfo->data_len, pWscCtrl, FALSE); WscGetConfWithoutTrigger(pAd, pWscCtrl, FALSE); pWscCtrl->bTriggerByNFC = TRUE; pWscCtrl->NfcModel = MODEL_PASSWORD_TOKEN; } } else { Set_NfcPasswdToken_Proc(pAd, "1"); } break; /* New type for Handover */ case TYPE_PASSWDHO_S: MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("TYPE_PASSWDHO_S(=%d)\n", pNfcCmdInfo->type)); if (bSetFromNfc) { if (pNfcCmdInfo->data_len != 1) { /* Receive Passwd from NFC daemon. "So far" no this case. Due to AP always as Registrar in handover procedure, AP only receive "Handover Request Message". */ NfcProcessPasswdTV(pAd, &pNfcCmdInfo->data[0], pNfcCmdInfo->data_len, pWscCtrl, TRUE); WscGetConfWithoutTrigger(pAd, pWscCtrl, FALSE); pWscCtrl->bTriggerByNFC = TRUE; pWscCtrl->NfcModel = MODEL_HANDOVER; /* 2 */ } } else { Set_NfcPasswdToken_Proc(pAd, "2"); } break; case TYPE_PASSWDHO_R: MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("TYPE_PASSWDHO_R(=%d)\n", pNfcCmdInfo->type)); if (bSetFromNfc) { if (pNfcCmdInfo->data_len != 1) { /* Receive Passwd from NFC daemon. */ NfcProcessPasswdTV(pAd, &pNfcCmdInfo->data[0], pNfcCmdInfo->data_len, pWscCtrl, TRUE); WscGetConfWithoutTrigger(pAd, pWscCtrl, FALSE); pWscCtrl->bTriggerByNFC = TRUE; pWscCtrl->NfcModel = MODEL_HANDOVER; /* 2 */ } } else { /* "So far" no this case. Due to AP always as Registrar in handover procedure, AP only send "Handover Select Message". */ Set_NfcPasswdToken_Proc(pAd, "3"); } break; case TYPE_NFC_STATUS: MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("TYPE_NFC_STATUS(=%d): NFC Status = %d\n", pNfcCmdInfo->type, pNfcCmdInfo->data[0])); pWscCtrl->NfcStatus = pNfcCmdInfo->data[0]; break; case TYPE_WIFI_RADIO_STATUS: MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("TYPE_WIFI_RADIO_STATUS(=%d)\n", pNfcCmdInfo->type)); if (bSetFromNfc) { if (pNfcCmdInfo->data[0] == 1) MlmeRadioOn(pAd); else MlmeRadioOff(pAd); } else { UCHAR RadioStatus = 0; if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF)) RadioStatus = 0; else RadioStatus = 1; NfcCommand(pAd, 0x01, TYPE_WIFI_RADIO_STATUS, 1, &RadioStatus); } break; default: MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("Unknow type(=%d)\n", pNfcCmdInfo->type)); break; } os_free_mem(NULL, pNfcCmdInfo); } MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("<==== %s\n", __FUNCTION__)); return; }