/*
==========================================================================
Description:
IRQL = PASSIVE_LEVEL
==========================================================================
*/
VOID
TDLS_PeerChannelSwitchReqAction(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
PRT_802_11_TDLS pTDLS = NULL;
int LinkId = 0xff;
UCHAR PeerAddr[MAC_ADDR_LEN];
BOOLEAN IsInitator;
//BOOLEAN TimerCancelled;
UCHAR TargetChannel;
UCHAR RegulatoryClass;
UCHAR NewExtChannelOffset = 0xff;
UCHAR LinkIdentLen;
USHORT PeerChSwitchTime;
USHORT PeerChSwitchTimeOut;
TDLS_LINK_IDENT_ELEMENT LinkIdent;
NDIS_STATUS NStatus = NDIS_STATUS_SUCCESS;
USHORT StatusCode = MLME_SUCCESS;
UINT16 SwitchTime = pAd->StaCfg.TdlsInfo.TdlsSwitchTime; //micro seconds
UINT16 SwitchTimeout = pAd->StaCfg.TdlsInfo.TdlsSwitchTimeout; // micro seconds
DBGPRINT(RT_DEBUG_WARN,("TDLS ===> TDLS_PeerChannelSwitchReqAction() \n"));
// Not TDLS Capable, ignore it
if (!IS_TDLS_SUPPORT(pAd))
return;
if (!INFRA_ON(pAd))
return;
if (pAd->StaActive.ExtCapInfo.TDLSChSwitchProhibited == TRUE)
{
DBGPRINT(RT_DEBUG_OFF,("%s(%d): AP Prohibite TDLS Channel Switch !!!\n", __FUNCTION__, __LINE__));
return;
}
tdls_hex_dump("TDLS peer channel switch request receive pack", Elem->Msg, Elem->MsgLen);
if (!PeerTdlsChannelSwitchReqSanity(pAd,
Elem->Msg,
Elem->MsgLen,
PeerAddr,
&IsInitator,
&TargetChannel,
&RegulatoryClass,
&NewExtChannelOffset,
&PeerChSwitchTime,
&PeerChSwitchTimeOut,
&LinkIdentLen,
&LinkIdent))
{
DBGPRINT(RT_DEBUG_ERROR,("%s(%d): from %02x:%02x:%02x:%02x:%02x:%02x Sanity Check Fail !!!\n",
__FUNCTION__,__LINE__, PeerAddr[0], PeerAddr[1], PeerAddr[2], PeerAddr[3], PeerAddr[4], PeerAddr[5]));
return;
}
DBGPRINT(RT_DEBUG_WARN,("%s(%d): from %02x:%02x:%02x:%02x:%02x:%02x !!!\n",
__FUNCTION__,__LINE__, PeerAddr[0], PeerAddr[1], PeerAddr[2], PeerAddr[3], PeerAddr[4], PeerAddr[5]));
DBGPRINT(RT_DEBUG_ERROR, ("300. %ld !!!\n", (jiffies * 1000) / OS_HZ));
// Drop not within my TDLS Table that created before !
LinkId = TDLS_SearchLinkId(pAd, PeerAddr);
if (LinkId == -1 || LinkId == MAX_NUM_OF_TDLS_ENTRY)
{
DBGPRINT(RT_DEBUG_ERROR,("%s(%d): can not find from %02x:%02x:%02x:%02x:%02x:%02x on TDLS entry !!!\n",
__FUNCTION__,__LINE__, PeerAddr[0], PeerAddr[1], PeerAddr[2], PeerAddr[3], PeerAddr[4], PeerAddr[5]));
return;
}
if (pAd->StaCfg.bChannelSwitchInitiator == FALSE)
{
pAd->StaCfg.TdlsForcePowerSaveWithAP = TRUE;
if (pAd->StaCfg.bTdlsNoticeAPPowerSave == FALSE)
{
pAd->StaCfg.TdlsSendNullFrameCount = 0;
pAd->StaCfg.bTdlsNoticeAPPowerSave = TRUE;
RTMPSendNullFrame(pAd, pAd->CommonCfg.TxRate, TRUE, TRUE);
}
else
{
pAd->StaCfg.TdlsSendNullFrameCount++;
if (pAd->StaCfg.TdlsSendNullFrameCount >= 200)
pAd->StaCfg.bTdlsNoticeAPPowerSave = FALSE;
}
}
// Point to the current Link ID
pTDLS = &pAd->StaCfg.TdlsInfo.TDLSEntry[LinkId];
if (SwitchTime >= PeerChSwitchTime)
PeerChSwitchTime = SwitchTime;
if (SwitchTimeout >= PeerChSwitchTimeOut)
PeerChSwitchTimeOut = SwitchTimeout;
if (RtmpPktPmBitCheck(pAd))
{
RTMP_SET_PSM_BIT(pAd, PWR_ACTIVE);
TDLS_SendNullFrame(pAd, pAd->CommonCfg.TxRate, TRUE, 0);
}
{
UINT32 macCfg, TxCount;
UINT32 MTxCycle;
RTMP_IO_READ32(pAd, TX_REPORT_CNT, &macCfg);
if (TargetChannel != pAd->CommonCfg.Channel)
NStatus = TDLS_ChannelSwitchRspAction(pAd, pTDLS, PeerChSwitchTime, PeerChSwitchTimeOut, StatusCode, RTMP_TDLS_SPECIFIC_CS_RSP_WAIT_ACK);
else
NStatus = TDLS_ChannelSwitchRspAction(pAd, pTDLS, PeerChSwitchTime, PeerChSwitchTimeOut, StatusCode, (RTMP_TDLS_SPECIFIC_CS_RSP_WAIT_ACK + RTMP_TDLS_SPECIFIC_HCCA));
for (MTxCycle = 0; MTxCycle < 500; MTxCycle++)
{
RTMP_IO_READ32(pAd, TX_REPORT_CNT, &macCfg);
TxCount = macCfg & 0x0000ffff;
if (TxCount > 0)
{
DBGPRINT(RT_DEBUG_ERROR, ("MTxCycle = %d, %ld !!!\n", MTxCycle, (jiffies * 1000) / OS_HZ));
break;
}
else
RTMPusecDelay(50);
}
if (MTxCycle >= 500)
{
NStatus = NDIS_STATUS_FAILURE;
DBGPRINT(RT_DEBUG_OFF,("TDLS Transmit Channel Switch Response Fail !!!\n"));
}
}
if (NStatus == NDIS_STATUS_SUCCESS)
{
{
if (TargetChannel != pAd->CommonCfg.Channel)
{
BOOLEAN TimerCancelled;
//ULONG Now, temp1, temp2, temp3;
pAd->StaCfg.TdlsCurrentChannel = TargetChannel;
if (NewExtChannelOffset != 0)
pAd->StaCfg.TdlsCurrentChannelBW = NewExtChannelOffset;
else
pAd->StaCfg.TdlsCurrentChannelBW = EXTCHA_NONE;
pTDLS->ChSwitchTime = PeerChSwitchTime;
pAd->StaCfg.TdlsGlobalSwitchTime = PeerChSwitchTime;
pTDLS->ChSwitchTimeout = PeerChSwitchTimeOut;
pAd->StaCfg.TdlsGlobalSwitchTimeOut = PeerChSwitchTimeOut;
RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH);
//Cancel the timer since the received packet to me.
#ifdef TDLS_HWTIMER_SUPPORT
TDLS_SetChannelSwitchTimer(pAd, (PeerChSwitchTimeOut / 1000));
#else
RTMPCancelTimer(&pTDLS->ChannelSwitchTimeoutTimer, &TimerCancelled);
NdisGetSystemUpTime(&pTDLS->ChannelSwitchTimerStartTime);
RTMPSetTimer(&pTDLS->ChannelSwitchTimeoutTimer, (PeerChSwitchTimeOut / 1000));
#endif // TDLS_HWTIMER_SUPPORT //
RTMPCancelTimer(&pAd->StaCfg.TdlsDisableChannelSwitchTimer, &TimerCancelled);
pAd->StaCfg.bTdlsCurrentDoingChannelSwitchWaitSuccess = TRUE;
pAd->StaCfg.bDoingPeriodChannelSwitch = TRUE;
if (RTDebugLevel < RT_DEBUG_ERROR)
RTMPusecDelay(300);
else
DBGPRINT(RT_DEBUG_ERROR, ("1041. %ld !!!\n", (jiffies * 1000) / OS_HZ));
TDLS_InitChannelRelatedValue(pAd, pAd->StaCfg.TdlsCurrentChannel, pAd->StaCfg.TdlsCurrentChannelBW);
}
else
{
pTDLS->bDoingPeriodChannelSwitch = FALSE;
pAd->StaCfg.bDoingPeriodChannelSwitch = FALSE;
pAd->StaCfg.TdlsForcePowerSaveWithAP = FALSE;
pAd->StaCfg.bTdlsNoticeAPPowerSave = FALSE;
RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH);
RTMPusecDelay(300);
if (pAd->CommonCfg.CentralChannel > pAd->CommonCfg.Channel)
TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_ABOVE);
else if (pAd->CommonCfg.CentralChannel < pAd->CommonCfg.Channel)
TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_BELOW);
else
TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_NONE);
TDLS_EnablePktChannel(pAd, TDLS_FIFO_ALL);
RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH);
RTMPSendNullFrame(pAd, pAd->CommonCfg.TxRate, TRUE, FALSE);
}
}
}
DBGPRINT(RT_DEBUG_WARN,("TDLS <=== TDLS_PeerChannelSwitchReqAction() \n"));
return;
}
/*
==========================================================================
Description:
IRQL = DISPATCH_LEVEL
==========================================================================
*/
VOID PeerAuthRspAtSeq2Action(RTMP_ADAPTER *pAd, MLME_QUEUE_ELEM * Elem)
{
UCHAR Addr2[MAC_ADDR_LEN];
USHORT Seq, Status, RemoteStatus, Alg;
UCHAR iv_hdr[4];
UCHAR *ChlgText = NULL;
UCHAR *CyperChlgText = NULL;
ULONG c_len = 0;
HEADER_802_11 AuthHdr;
BOOLEAN TimerCancelled;
PUCHAR pOutBuffer = NULL;
NDIS_STATUS NStatus;
ULONG FrameLen = 0;
USHORT Status2;
UCHAR ChallengeIe = IE_CHALLENGE_TEXT;
UCHAR len_challengeText = CIPHER_TEXT_LEN;
os_alloc_mem(NULL, (UCHAR **) & ChlgText, CIPHER_TEXT_LEN);
if (ChlgText == NULL) {
DBGPRINT(RT_DEBUG_ERROR, ("%s: alloc mem fail\n", __FUNCTION__));
return;
}
os_alloc_mem(NULL, (UCHAR **) & CyperChlgText, CIPHER_TEXT_LEN + 8 + 8);
if (CyperChlgText == NULL) {
DBGPRINT(RT_DEBUG_ERROR,
("%s: CyperChlgText Allocate memory fail!!!\n",
__FUNCTION__));
os_free_mem(NULL, ChlgText);
return;
}
if (PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, (PCHAR)ChlgText)) {
if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 2) {
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n",
Alg, Status));
RTMPCancelTimer(&pAd->MlmeAux.AuthTimer, &TimerCancelled);
if (Status == MLME_SUCCESS) {
/* Authentication Mode "LEAP" has allow for CCX 1.X */
if (pAd->MlmeAux.Alg == Ndis802_11AuthModeOpen) {
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
MlmeEnqueue(pAd,
MLME_CNTL_STATE_MACHINE,
MT2_AUTH_CONF, 2, &Status,
0);
} else {
struct wifi_dev *wdev = &pAd->StaCfg.wdev;
/* 2. shared key, need to be challenged */
Seq++;
RemoteStatus = MLME_SUCCESS;
/* Get an unused nonpaged memory */
NStatus =
MlmeAllocateMemory(pAd,
&pOutBuffer);
if (NStatus != NDIS_STATUS_SUCCESS) {
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - PeerAuthRspAtSeq2Action() allocate memory fail\n"));
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
Status2 = MLME_FAIL_NO_RESOURCE;
MlmeEnqueue(pAd,
MLME_CNTL_STATE_MACHINE,
MT2_AUTH_CONF, 2,
&Status2, 0);
goto LabelOK;
}
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - Send AUTH request seq#3...\n"));
MgtMacHeaderInit(pAd, &AuthHdr,
SUBTYPE_AUTH, 0, Addr2,
pAd->CurrentAddress,
pAd->MlmeAux.Bssid);
AuthHdr.FC.Wep = 1;
/* TSC increment */
INC_TX_TSC(pAd->SharedKey[BSS0][wdev->DefaultKeyId].TxTsc, LEN_WEP_TSC);
/* Construct the 4-bytes WEP IV header */
RTMPConstructWEPIVHdr(wdev->DefaultKeyId,
pAd->SharedKey[BSS0][wdev->DefaultKeyId].TxTsc, iv_hdr);
Alg = cpu2le16(*(USHORT *) & Alg);
Seq = cpu2le16(*(USHORT *) & Seq);
RemoteStatus = cpu2le16(*(USHORT *) &RemoteStatus);
/* Construct message text */
MakeOutgoingFrame(CyperChlgText, &c_len,
2, &Alg,
2, &Seq,
2, &RemoteStatus,
1, &ChallengeIe,
1, &len_challengeText,
len_challengeText,
ChlgText,
END_OF_ARGS);
if (RTMPSoftEncryptWEP(pAd,
iv_hdr,
&pAd->SharedKey[BSS0][wdev->DefaultKeyId],
CyperChlgText, c_len) == FALSE) {
MlmeFreeMemory(pAd, pOutBuffer);
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
Status2 = MLME_FAIL_NO_RESOURCE;
MlmeEnqueue(pAd,
MLME_CNTL_STATE_MACHINE,
MT2_AUTH_CONF, 2,
&Status2, 0);
goto LabelOK;
}
/* Update the total length for 4-bytes ICV */
c_len += LEN_ICV;
MakeOutgoingFrame(pOutBuffer, &FrameLen,
sizeof
(HEADER_802_11),
&AuthHdr,
LEN_WEP_IV_HDR,
iv_hdr, c_len,
CyperChlgText,
END_OF_ARGS);
MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
MlmeFreeMemory(pAd, pOutBuffer);
RTMPSetTimer(&pAd->MlmeAux.AuthTimer, AUTH_TIMEOUT);
pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ4;
}
} else {
pAd->StaCfg.AuthFailReason = Status;
COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2);
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE,
MT2_AUTH_CONF, 2, &Status, 0);
}
}
} else {
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - PeerAuthSanity() sanity check fail\n"));
}
LabelOK:
if (ChlgText != NULL)
os_free_mem(NULL, ChlgText);
if (CyperChlgText != NULL)
os_free_mem(NULL, CyperChlgText);
return;
}
/*
==========================================================================
Description:
==========================================================================
*/
VOID MlmeAuthReqAction(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
UCHAR Addr[MAC_ADDR_LEN];
USHORT Alg, Seq, Status;
ULONG Timeout;
HEADER_802_11 AuthHdr;
PUCHAR pOutBuffer = NULL;
ULONG FrameLen = 0;
USHORT NStatus;
// Block all authentication request durning WPA block period
if (pAd->PortCfg.bBlockAssoc == TRUE)
{
DBGPRINT(RT_DEBUG_TRACE, "AUTH - Block Auth request durning WPA block period!\n");
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
Status = MLME_STATE_MACHINE_REJECT;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
}
else if(MlmeAuthReqSanity(pAd, Elem->Msg, Elem->MsgLen, Addr, &Timeout, &Alg))
{
// reset timer if caller isn't the timer function itself
if (timer_pending(&pAd->MlmeAux.AuthTimer.Timer))
RTMPCancelTimer(&pAd->MlmeAux.AuthTimer);
COPY_MAC_ADDR(pAd->MlmeAux.Bssid, Addr);
pAd->MlmeAux.Alg = Alg;
Seq = 1;
Status = MLME_SUCCESS;
// allocate and send out AuthReq frame
NStatus = MlmeAllocateMemory(pAd, (PVOID)&pOutBuffer); //Get an unused nonpaged memory
if (NStatus != NDIS_STATUS_SUCCESS)
{
DBGPRINT(RT_DEBUG_TRACE, "AUTH - MlmeAuthReqAction() allocate memory failed\n");
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
Status = MLME_FAIL_NO_RESOURCE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
return;
}
DBGPRINT(RT_DEBUG_TRACE, "AUTH - Send AUTH request seq#1 (Alg=%d) %d...\n", Alg, pAd->LatchRfRegs.Channel);
MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr, pAd->MlmeAux.Bssid);
MakeOutgoingFrame(pOutBuffer, &FrameLen,
sizeof(HEADER_802_11),&AuthHdr,
2, &Alg,
2, &Seq,
2, &Status,
END_OF_ARGS);
MiniportMMRequest(pAd, pOutBuffer, FrameLen);
RTMPSetTimer(pAd, &pAd->MlmeAux.AuthTimer, AUTH_TIMEOUT);
pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ2;
}
else
{
DBGPRINT(RT_DEBUG_ERROR, "AUTH - MlmeAuthReqAction() sanity check failed. BUG!!!!!\n");
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
Status = MLME_INVALID_FORMAT;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
}
}
/*
========================================================================
Routine Description:
Set LED Status
Arguments:
pAd Pointer to our adapter
Status LED Status
Return Value:
None
IRQL = PASSIVE_LEVEL
IRQL = DISPATCH_LEVEL
Note:
========================================================================
*/
VOID RTMPSetLEDStatus(
IN PRTMP_ADAPTER pAd,
IN UCHAR Status)
{
/*ULONG data; */
UCHAR LinkStatus = 0;
UCHAR LedMode;
UCHAR MCUCmd = 0;
BOOLEAN bIgnored = FALSE;
#ifdef WSC_INCLUDED
#ifdef WSC_LED_SUPPORT
PWSC_CTRL pWscControl = NULL;
#ifdef CONFIG_AP_SUPPORT
pWscControl = &pAd->ApCfg.MBSSID[MAIN_MBSSID].WscControl;
#endif /* CONFIG_AP_SUPPORT */
#ifdef CONFIG_STA_SUPPORT
pWscControl = &pAd->StaCfg.WscControl;
#endif /* CONFIG_STA_SUPPORT */
#endif /* WSC_LED_SUPPORT */
#endif /* WSC_INCLUDED */
#ifdef RALINK_ATE
/*
In ATE mode of RT2860 AP/STA, we have erased 8051 firmware.
So LED mode is not supported when ATE is running.
*/
if (!IS_RT3572(pAd))
{
if (ATE_ON(pAd))
return;
}
#endif /* RALINK_ATE */
#ifdef RTMP_MAC_USB
#ifdef STATS_COUNT_SUPPORT
if(RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF))
return;
#endif /* STATS_COUNT_SUPPORT */
#endif /* RTMP_MAC_USB */
LedMode = LED_MODE(pAd);
switch (Status)
{
case LED_LINK_DOWN:
LinkStatus = LINK_STATUS_LINK_DOWN;
pAd->LedCntl.LedIndicatorStrength = 0;
MCUCmd = MCU_SET_LED_MODE;
break;
case LED_LINK_UP:
if (pAd->CommonCfg.Channel > 14)
LinkStatus = LINK_STATUS_ABAND_LINK_UP;
else
LinkStatus = LINK_STATUS_GBAND_LINK_UP;
MCUCmd = MCU_SET_LED_MODE;
break;
case LED_RADIO_ON:
LinkStatus = LINK_STATUS_RADIO_ON;
MCUCmd = MCU_SET_LED_MODE;
break;
case LED_HALT:
LedMode = 0; /* Driver sets MAC register and MAC controls LED */
case LED_RADIO_OFF:
LinkStatus = LINK_STATUS_RADIO_OFF;
MCUCmd = MCU_SET_LED_MODE;
break;
case LED_WPS:
LinkStatus = LINK_STATUS_WPS;
MCUCmd = MCU_SET_LED_MODE;
break;
case LED_ON_SITE_SURVEY:
LinkStatus = LINK_STATUS_ON_SITE_SURVEY;
MCUCmd = MCU_SET_LED_MODE;
break;
case LED_POWER_UP:
LinkStatus = LINK_STATUS_POWER_UP;
MCUCmd = MCU_SET_LED_MODE;
break;
#ifdef RALINK_ATE
#endif /* RALINK_ATE */
#ifdef WSC_INCLUDED
#ifdef WSC_LED_SUPPORT
case LED_WPS_IN_PROCESS:
if (WscSupportWPSLEDMode(pAd))
{
LinkStatus = LINK_STATUS_WPS_IN_PROCESS;
MCUCmd = MCU_SET_WPS_LED_MODE;
pWscControl->WscLEDMode = LED_WPS_IN_PROCESS;
DBGPRINT(RT_DEBUG_TRACE, ("%s: LED_WPS_IN_PROCESS\n", __FUNCTION__));
}
else
bIgnored = TRUE;
break;
case LED_WPS_ERROR:
if (WscSupportWPSLEDMode(pAd))
{
/* In the case of LED mode 9, the error LED should be turned on only after WPS walk time expiration. */
if ((pWscControl->bWPSWalkTimeExpiration == FALSE) &&
(LED_MODE(pAd) == WPS_LED_MODE_9))
{
/* do nothing. */
}
else
{
LinkStatus = LINK_STATUS_WPS_ERROR;
MCUCmd = MCU_SET_WPS_LED_MODE;
}
pWscControl->WscLEDMode = LED_WPS_ERROR;
pWscControl->WscLastWarningLEDMode = LED_WPS_ERROR;
}
else
bIgnored = TRUE;
break;
case LED_WPS_SESSION_OVERLAP_DETECTED:
if (WscSupportWPSLEDMode(pAd))
{
LinkStatus = LINK_STATUS_WPS_SESSION_OVERLAP_DETECTED;
MCUCmd = MCU_SET_WPS_LED_MODE;
pWscControl->WscLEDMode = LED_WPS_SESSION_OVERLAP_DETECTED;
pWscControl->WscLastWarningLEDMode = LED_WPS_SESSION_OVERLAP_DETECTED;
}
else
bIgnored = TRUE;
break;
case LED_WPS_SUCCESS:
if (WscSupportWPSLEDMode(pAd))
{
if ((LED_MODE(pAd) == WPS_LED_MODE_7) ||
(LED_MODE(pAd) == WPS_LED_MODE_11) ||
(LED_MODE(pAd) == WPS_LED_MODE_12)
)
{
/* In the WPS LED mode 7, 11 and 12, the blue LED would last 300 seconds regardless of the AP's security settings. */
LinkStatus = LINK_STATUS_WPS_SUCCESS_WITH_SECURITY;
MCUCmd = MCU_SET_WPS_LED_MODE;
pWscControl->WscLEDMode = LED_WPS_SUCCESS;
/* Turn off the WPS successful LED pattern after 300 seconds. */
RTMPSetTimer(&pWscControl->WscLEDTimer, WSC_SUCCESSFUL_LED_PATTERN_TIMEOUT);
}
else if (LED_MODE(pAd) == WPS_LED_MODE_8) /* The WPS LED mode 8 */
{
if (WscAPHasSecuritySetting(pAd, pWscControl)) /* The WPS AP has the security setting. */
{
LinkStatus = LINK_STATUS_WPS_SUCCESS_WITH_SECURITY;
MCUCmd = MCU_SET_WPS_LED_MODE;
pWscControl->WscLEDMode = LED_WPS_SUCCESS;
/* Turn off the WPS successful LED pattern after 300 seconds. */
RTMPSetTimer(&pWscControl->WscLEDTimer, WSC_SUCCESSFUL_LED_PATTERN_TIMEOUT);
}
else /* The WPS AP does not have the secuirty setting. */
{
LinkStatus = LINK_STATUS_WPS_SUCCESS_WITHOUT_SECURITY;
MCUCmd = MCU_SET_WPS_LED_MODE;
pWscControl->WscLEDMode = LED_WPS_SUCCESS;
/* Turn off the WPS successful LED pattern after 300 seconds. */
RTMPSetTimer(&pWscControl->WscLEDTimer, WSC_SUCCESSFUL_LED_PATTERN_TIMEOUT);
}
}
else if (LED_MODE(pAd) == WPS_LED_MODE_9) /* The WPS LED mode 9. */
{
/* Always turn on the WPS blue LED for 300 seconds. */
LinkStatus = LINK_STATUS_WPS_BLUE_LED;
MCUCmd = MCU_SET_WPS_LED_MODE;
pWscControl->WscLEDMode = LED_WPS_SUCCESS;
/* Turn off the WPS successful LED pattern after 300 seconds. */
RTMPSetTimer(&pWscControl->WscLEDTimer, WSC_SUCCESSFUL_LED_PATTERN_TIMEOUT);
}
else
{
DBGPRINT(RT_DEBUG_TRACE, ("%s: LED_WPS_SUCCESS (Incorrect LED mode = %d)\n",
__FUNCTION__, LED_MODE(pAd)));
ASSERT(FALSE);
}
}
else
bIgnored = TRUE;
break;
case LED_WPS_TURN_LED_OFF:
if (WscSupportWPSLEDMode(pAd))
{
LinkStatus = LINK_STATUS_WPS_TURN_LED_OFF;
MCUCmd = MCU_SET_WPS_LED_MODE;
pWscControl->WscLEDMode = LED_WPS_TURN_LED_OFF;
}
else
bIgnored = TRUE;
break;
case LED_WPS_TURN_ON_BLUE_LED:
if (WscSupportWPSLEDMode(pAd))
{
LinkStatus = LINK_STATUS_WPS_BLUE_LED;
MCUCmd = MCU_SET_WPS_LED_MODE;
pWscControl->WscLEDMode = LED_WPS_SUCCESS;
}
else
bIgnored = TRUE;
break;
case LED_NORMAL_CONNECTION_WITHOUT_SECURITY:
if (WscSupportWPSLEDMode(pAd))
{
LinkStatus = LINK_STATUS_NORMAL_CONNECTION_WITHOUT_SECURITY;
MCUCmd = MCU_SET_WPS_LED_MODE;
pWscControl->WscLEDMode = LED_WPS_SUCCESS;
}
else
bIgnored = TRUE;
break;
case LED_NORMAL_CONNECTION_WITH_SECURITY:
if (WscSupportWPSLEDMode(pAd))
{
LinkStatus = LINK_STATUS_NORMAL_CONNECTION_WITH_SECURITY;
MCUCmd = MCU_SET_WPS_LED_MODE;
pWscControl->WscLEDMode = LED_WPS_SUCCESS;
}
else
bIgnored = TRUE;
break;
/*WPS LED Mode 10 */
case LED_WPS_MODE10_TURN_ON:
if(WscSupportWPSLEDMode10(pAd))
{
LinkStatus = LINK_STATUS_WPS_MODE10_TURN_ON;
MCUCmd = MCU_SET_WPS_LED_MODE;
}
else
bIgnored = TRUE;
break;
case LED_WPS_MODE10_FLASH:
if(WscSupportWPSLEDMode10(pAd))
{
LinkStatus = LINK_STATUS_WPS_MODE10_FLASH;
MCUCmd = MCU_SET_WPS_LED_MODE;
}
else
bIgnored = TRUE;
break;
case LED_WPS_MODE10_TURN_OFF:
if(WscSupportWPSLEDMode10(pAd))
{
LinkStatus = LINK_STATUS_WPS_MODE10_TURN_OFF;
MCUCmd = MCU_SET_WPS_LED_MODE;;
}
else
bIgnored = TRUE;
break;
#endif /* WSC_LED_SUPPORT */
#endif /* WSC_INCLUDED */
default:
DBGPRINT(RT_DEBUG_WARN, ("RTMPSetLED::Unknown Status 0x%x\n", Status));
break;
}
if (MCUCmd)
{
AsicSendCommandToMcu(pAd, MCUCmd, 0xff, LedMode, LinkStatus, FALSE);
DBGPRINT(RT_DEBUG_TRACE, ("%s: MCUCmd:0x%x, LED Mode:0x%x, LinkStatus:0x%x\n", __FUNCTION__, MCUCmd, LedMode, LinkStatus));
}
/* */
/* Keep LED status for LED SiteSurvey mode. */
/* After SiteSurvey, we will set the LED mode to previous status. */
/* */
if ((Status != LED_ON_SITE_SURVEY) && (Status != LED_POWER_UP) && (bIgnored == FALSE))
pAd->LedCntl.LedStatus = Status;
}
void PeerAuthRspAtSeq2Action(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem)
{
u8 Addr2[MAC_ADDR_LEN];
u16 Seq, Status, RemoteStatus, Alg;
u8 ChlgText[CIPHER_TEXT_LEN];
u8 CyperChlgText[CIPHER_TEXT_LEN + 8 + 8];
u8 Element[2];
struct rt_header_802_11 AuthHdr;
BOOLEAN TimerCancelled;
u8 *pOutBuffer = NULL;
int NStatus;
unsigned long FrameLen = 0;
u16 Status2;
if (PeerAuthSanity
(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status,
(char *)ChlgText)) {
if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 2) {
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n",
Alg, Status));
RTMPCancelTimer(&pAd->MlmeAux.AuthTimer,
&TimerCancelled);
if (Status == MLME_SUCCESS) {
/* Authentication Mode "LEAP" has allow for CCX 1.X */
if (pAd->MlmeAux.Alg == Ndis802_11AuthModeOpen) {
pAd->Mlme.AuthMachine.CurrState =
AUTH_REQ_IDLE;
MlmeEnqueue(pAd,
MLME_CNTL_STATE_MACHINE,
MT2_AUTH_CONF, 2, &Status);
} else {
/* 2. shared key, need to be challenged */
Seq++;
RemoteStatus = MLME_SUCCESS;
/* Get an unused nonpaged memory */
NStatus =
MlmeAllocateMemory(pAd,
&pOutBuffer);
if (NStatus != NDIS_STATUS_SUCCESS) {
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - PeerAuthRspAtSeq2Action() allocate memory fail\n"));
pAd->Mlme.AuthMachine.
CurrState = AUTH_REQ_IDLE;
Status2 = MLME_FAIL_NO_RESOURCE;
MlmeEnqueue(pAd,
MLME_CNTL_STATE_MACHINE,
MT2_AUTH_CONF, 2,
&Status2);
return;
}
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - Send AUTH request seq#3...\n"));
MgtMacHeaderInit(pAd, &AuthHdr,
SUBTYPE_AUTH, 0, Addr2,
pAd->MlmeAux.Bssid);
AuthHdr.FC.Wep = 1;
/* Encrypt challenge text & auth information */
RTMPInitWepEngine(pAd,
pAd->
SharedKey[BSS0][pAd->
StaCfg.
DefaultKeyId].
Key,
pAd->StaCfg.
DefaultKeyId,
pAd->
SharedKey[BSS0][pAd->
StaCfg.
DefaultKeyId].
KeyLen,
CyperChlgText);
Alg = cpu2le16(*(u16 *) & Alg);
Seq = cpu2le16(*(u16 *) & Seq);
RemoteStatus =
cpu2le16(*(u16 *) &
RemoteStatus);
RTMPEncryptData(pAd, (u8 *)& Alg,
CyperChlgText + 4, 2);
RTMPEncryptData(pAd, (u8 *)& Seq,
CyperChlgText + 6, 2);
RTMPEncryptData(pAd,
(u8 *)& RemoteStatus,
CyperChlgText + 8, 2);
Element[0] = 16;
Element[1] = 128;
RTMPEncryptData(pAd, Element,
CyperChlgText + 10, 2);
RTMPEncryptData(pAd, ChlgText,
CyperChlgText + 12,
128);
RTMPSetICV(pAd, CyperChlgText + 140);
MakeOutgoingFrame(pOutBuffer, &FrameLen,
sizeof(struct rt_header_802_11),
&AuthHdr,
CIPHER_TEXT_LEN + 16,
CyperChlgText,
END_OF_ARGS);
MiniportMMRequest(pAd, 0, pOutBuffer,
FrameLen);
MlmeFreeMemory(pAd, pOutBuffer);
RTMPSetTimer(&pAd->MlmeAux.AuthTimer,
AUTH_TIMEOUT);
pAd->Mlme.AuthMachine.CurrState =
AUTH_WAIT_SEQ4;
}
} else {
pAd->StaCfg.AuthFailReason = Status;
COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2);
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE,
MT2_AUTH_CONF, 2, &Status);
}
}
} else {
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - PeerAuthSanity() sanity check fail\n"));
}
}
int RtmpAsicSendCommandToSwMcu(
IN RTMP_ADAPTER *pAd,
IN UCHAR Command,
IN UCHAR Token,
IN UCHAR Arg0,
IN UCHAR Arg1)
{
BBP_CSR_CFG_STRUC BbpCsr, BbpCsr2;
int j, k;
UINT16 Temp;
#ifdef LED_CONTROL_SUPPORT
PSWMCU_LED_CONTROL pSWMCULedCntl = &pAd->LedCntl.SWMCULedCntl;
#endif // LED_CONTROL_SUPPORT //
switch(Command)
{
case 0x80:
RTMP_IO_READ32(pAd, H2M_BBP_AGENT, &BbpCsr.word);
if ((BbpCsr.field.Busy != 1) || (BbpCsr.field.BBP_RW_MODE != 1))
DBGPRINT(RT_DEBUG_ERROR, ("error read write BBP 1\n"));
for (j=0; j<MAX_BUSY_COUNT; j++)
{
RTMP_IO_READ32(pAd, BBP_CSR_CFG, &BbpCsr2.word);
if (BbpCsr2.field.Busy == BUSY)
{
continue;
}
BbpCsr2.word = BbpCsr.word;
RTMP_IO_WRITE32(pAd, BBP_CSR_CFG, BbpCsr2.word);
if (BbpCsr.field.fRead == 1)
{
// read
for (k=0; k<MAX_BUSY_COUNT; k++)
{
RTMP_IO_READ32(pAd, BBP_CSR_CFG, &BbpCsr2.word);
if (BbpCsr2.field.Busy == IDLE)
break;
}
if (k == MAX_BUSY_COUNT)
DBGPRINT(RT_DEBUG_ERROR, ("error read write BBP 2\n"));
if ((BbpCsr2.field.Busy == IDLE) && (BbpCsr2.field.RegNum == BbpCsr.field.RegNum))
{
BbpCsr.field.Value = BbpCsr2.field.Value;
BbpCsr.field.Busy = IDLE;
RTMP_IO_WRITE32(pAd, H2M_BBP_AGENT, BbpCsr.word);
break;
}
}
else
{
//write
BbpCsr.field.Busy = IDLE;
RTMP_IO_WRITE32(pAd, H2M_BBP_AGENT, BbpCsr.word);
pAd->BbpWriteLatch[BbpCsr.field.RegNum] = BbpCsr2.field.Value;
break;
}
}
if (j == MAX_BUSY_COUNT)
{
DBGPRINT(RT_DEBUG_ERROR, ("error read write BBP 3\n"));
if (BbpCsr.field.Busy != IDLE)
{
BbpCsr.field.Busy = IDLE;
RTMP_IO_WRITE32(pAd, H2M_BBP_AGENT, BbpCsr.word);
}
}
break;
case 0x30:
break;
case 0x31:
break;
#ifdef LED_CONTROL_SUPPORT
#ifdef CONFIG_WIFI_LED_SHARE
case MCU_SET_WPS_LED_MODE:
pSWMCULedCntl->LedParameter.LedMode = Arg0;
pSWMCULedCntl->LinkStatus = Arg1;
SetWPSLinkStatus(pAd);
break;
#endif // CONFIG_WIFI_LED_SHARE //
case MCU_SET_LED_MODE:
pSWMCULedCntl->LedParameter.LedMode = Arg0;
pSWMCULedCntl->LinkStatus = Arg1;
SetLedLinkStatus(pAd);
break;
case MCU_SET_LED_GPIO_SIGNAL_CFG:
pSWMCULedCntl->GPIOPolarity = Arg1;
pSWMCULedCntl->SignalStrength = Arg0;
break;
case MCU_SET_LED_AG_CFG:
Temp = ((UINT16)Arg1 << 8) | (UINT16)Arg0;
NdisMoveMemory(&pSWMCULedCntl->LedParameter.LedAgCfg, &Temp, 2);
break;
case MCU_SET_LED_ACT_CFG:
Temp = ((UINT16)Arg1 << 8) | (UINT16)Arg0;
NdisMoveMemory(&pSWMCULedCntl->LedParameter.LedActCfg, &Temp, 2);
break;
case MCU_SET_LED_POLARITY:
Temp = ((UINT16)Arg1 << 8) | (UINT16)Arg0;
NdisMoveMemory(&pSWMCULedCntl->LedParameter.LedPolarityCfg, &Temp, 2);
break;
#endif // LED_CONTROL_SUPPORT //
// 2880-SW-MCU
#ifdef CONFIG_AP_SUPPORT
#ifdef DFS_SUPPORT
case 0x60:
if (Arg0 == 0 && Arg1 == 0)
{
ULONG Value;
pAd->CommonCfg.McuRadarCmd &= ~(RADAR_DETECTION);
if (pAd->CommonCfg.McuRadarCmd == DETECTION_STOP)
{
DBGPRINT(RT_DEBUG_TRACE, ("AsicSendCommandToMcu 0x60 ==> stop detection\n"));
#ifdef RTMP_RBUS_SUPPORT
unregister_tmr_service();
#else
BOOLEAN Cancelled;
RTMPCancelTimer(&pAd->CommonCfg.CSWatchDogTimer, &Cancelled);
#endif // RTMP_RBUS_SUPPORT //
RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
Value |= 0x04;
RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
}
}
else
{
if (!(pAd->CommonCfg.McuRadarCmd & RADAR_DETECTION))
{
pAd->CommonCfg.McuRadarPeriod = Arg0;
pAd->CommonCfg.McuRadarDetectPeriod = Arg1 & 0x1f;
pAd->CommonCfg.McuRadarCtsProtect = (Arg1 & 0x60) >> 5;
pAd->CommonCfg.McuRadarState = WAIT_CTS_BEING_SENT;
pAd->CommonCfg.McuRadarTick = pAd->CommonCfg.McuRadarPeriod;
pAd->CommonCfg.McuRadarDetectCount = 0;
RTMPPrepareRDCTSFrame(pAd, pAd->CurrentAddress, (pAd->CommonCfg.McuRadarDetectPeriod * 1000 + 100), pAd->CommonCfg.RtsRate, HW_DFS_CTS_BASE, IFS_SIFS);
if (pAd->CommonCfg.McuRadarCmd == DETECTION_STOP)
{
pAd->CommonCfg.McuRadarCmd |= RADAR_DETECTION;
pAd->CommonCfg.McuRadarProtection = 0;
#ifdef RTMP_RBUS_SUPPORT
request_tmr_service(1, &TimerCB, pAd);
#else
RTMPInitTimer(pAd, &pAd->CommonCfg.CSWatchDogTimer, GET_TIMER_FUNCTION(TimerCB), pAd, TRUE);
RTMPSetTimer(&pAd->CommonCfg.DFSWatchDogTimer, NEW_DFS_WATCH_DOG_TIME);
#endif // DFS_ARCH_TEAM //
}
else
pAd->CommonCfg.McuRadarCmd |= RADAR_DETECTION;
#ifdef RTMP_RBUS_SUPPORT
request_tmr_service(1, &TimerCB, pAd);
#else
RTMPInitTimer(pAd, &pAd->CommonCfg.CSWatchDogTimer, GET_TIMER_FUNCTION(TimerCB), pAd, TRUE);
RTMPSetTimer(&pAd->CommonCfg.DFSWatchDogTimer, NEW_DFS_WATCH_DOG_TIME);
#endif // DFS_ARCH_TEAM //
}
else
{
pAd->CommonCfg.McuRadarPeriod = Arg0;
pAd->CommonCfg.McuRadarDetectPeriod = Arg1 & 0x1f;
pAd->CommonCfg.McuRadarCtsProtect = (Arg1 & 0x60) >> 5;
RTMPPrepareRDCTSFrame(pAd, pAd->CurrentAddress, (pAd->CommonCfg.McuRadarDetectPeriod * 1000 + 100), pAd->CommonCfg.RtsRate, HW_DFS_CTS_BASE, IFS_SIFS);
}
}
/*
* generate ADDBA request to
* set up BA agreement
*/
VOID BAOriSessionSetUp(
IN PRTMP_ADAPTER pAd,
IN MAC_TABLE_ENTRY *pEntry,
IN UCHAR TID,
IN USHORT TimeOut,
IN ULONG DelayTime,
IN BOOLEAN isForced)
{
/*MLME_ADDBA_REQ_STRUCT AddbaReq;*/
BA_ORI_ENTRY *pBAEntry = NULL;
USHORT Idx;
BOOLEAN Cancelled;
ASSERT(TID < NUM_OF_TID);
if (TID >= NUM_OF_TID)
{
DBGPRINT(RT_DEBUG_TRACE, ("Wrong TID %d!\n", TID));
return;
}
if ((pAd->CommonCfg.BACapability.field.AutoBA != TRUE) && (isForced == FALSE))
return;
/* if this entry is limited to use legacy tx mode, it doesn't generate BA. */
if (RTMPStaFixedTxMode(pAd, pEntry) != FIXED_TXMODE_HT)
return;
if ((pEntry->BADeclineBitmap & (1<<TID)) && (isForced == FALSE))
{
/* try again after 3 secs*/
DelayTime = 3000;
/* DBGPRINT(RT_DEBUG_TRACE, ("DeCline BA from Peer\n"));*/
/* return;*/
}
Idx = pEntry->BAOriWcidArray[TID];
if (Idx == 0)
{
/* allocate a BA session*/
pBAEntry = BATableAllocOriEntry(pAd, &Idx);
if (pBAEntry == NULL)
{
DBGPRINT(RT_DEBUG_TRACE,("ADDBA - MlmeADDBAAction() allocate BA session failed \n"));
return;
}
}
else
{
pBAEntry =&pAd->BATable.BAOriEntry[Idx];
}
if (pBAEntry->ORI_BA_Status >= Originator_WaitRes)
{
return;
}
pEntry->BAOriWcidArray[TID] = Idx;
/* Initialize BA session */
pBAEntry->ORI_BA_Status = Originator_WaitRes;
pBAEntry->Wcid = pEntry->Aid;
pBAEntry->BAWinSize = pAd->CommonCfg.BACapability.field.RxBAWinLimit;
pBAEntry->Sequence = BA_ORI_INIT_SEQ;
pBAEntry->Token = 1; /* (2008-01-21) Jan Lee recommends it - this token can't be 0*/
pBAEntry->TID = TID;
pBAEntry->TimeOutValue = TimeOut;
pBAEntry->pAdapter = pAd;
if (!(pEntry->TXBAbitmap & (1<<TID)))
{
RTMPInitTimer(pAd, &pBAEntry->ORIBATimer, GET_TIMER_FUNCTION(BAOriSessionSetupTimeout), pBAEntry, FALSE);
}
else
RTMPCancelTimer(&pBAEntry->ORIBATimer, &Cancelled);
/* set timer to send ADDBA request */
RTMPSetTimer(&pBAEntry->ORIBATimer, DelayTime);
}
VOID WPARetryExec(
IN PVOID SystemSpecific1,
IN PVOID FunctionContext,
IN PVOID SystemSpecific2,
IN PVOID SystemSpecific3)
{
MAC_TABLE_ENTRY *pEntry = (MAC_TABLE_ENTRY *)FunctionContext;
if ((pEntry) && IS_ENTRY_CLIENT(pEntry))
{
PRTMP_ADAPTER pAd = (PRTMP_ADAPTER)pEntry->pAd;
pEntry->ReTryCounter++;
DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec---> ReTryCounter=%d, WpaState=%d \n", pEntry->ReTryCounter, pEntry->WpaState));
switch (pEntry->AuthMode)
{
case Ndis802_11AuthModeWPA:
case Ndis802_11AuthModeWPAPSK:
case Ndis802_11AuthModeWPA2:
case Ndis802_11AuthModeWPA2PSK:
/* 1. GTK already retried, give up and disconnect client. */
if (pEntry->ReTryCounter > (GROUP_MSG1_RETRY_TIMER_CTR + 1))
{
/* send wireless event - for group key handshaking timeout */
RTMPSendWirelessEvent(pAd, IW_GROUP_HS_TIMEOUT_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::Group Key HS exceed retry count, Disassociate client, pEntry->ReTryCounter %d\n", pEntry->ReTryCounter));
MlmeDeAuthAction(pAd, pEntry, REASON_GROUP_KEY_HS_TIMEOUT, FALSE);
}
/* 2. Retry GTK. */
else if (pEntry->ReTryCounter > GROUP_MSG1_RETRY_TIMER_CTR)
{
DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::ReTry 2-way group-key Handshake \n"));
if (pEntry->GTKState == REKEY_NEGOTIATING)
{
WPAStart2WayGroupHS(pAd, pEntry);
RTMPSetTimer(&pEntry->RetryTimer, PEER_MSG3_RETRY_EXEC_INTV);
}
}
/* 3. 4-way message 1 retried more than three times. Disconnect client */
else if (pEntry->ReTryCounter > (PEER_MSG1_RETRY_TIMER_CTR + 3))
{
/* send wireless event - for pairwise key handshaking timeout */
RTMPSendWirelessEvent(pAd, IW_PAIRWISE_HS_TIMEOUT_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::MSG1 timeout, pEntry->ReTryCounter = %d\n", pEntry->ReTryCounter));
MlmeDeAuthAction(pAd, pEntry, REASON_4_WAY_TIMEOUT, FALSE);
}
/* 4. Retry 4 way message 1, the last try, the timeout is 3 sec for EAPOL-Start */
else if (pEntry->ReTryCounter == (PEER_MSG1_RETRY_TIMER_CTR + 3))
{
DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::Retry MSG1, the last try\n"));
WPAStart4WayHS(pAd , pEntry, PEER_MSG3_RETRY_EXEC_INTV);
}
/* 4. Retry 4 way message 1 */
else if (pEntry->ReTryCounter < (PEER_MSG1_RETRY_TIMER_CTR + 3))
{
if ((pEntry->WpaState == AS_PTKSTART) || (pEntry->WpaState == AS_INITPSK) || (pEntry->WpaState == AS_INITPMK))
{
DBGPRINT(RT_DEBUG_TRACE, ("WPARetryExec::ReTry MSG1 of 4-way Handshake\n"));
WPAStart4WayHS(pAd, pEntry, PEER_MSG1_RETRY_EXEC_INTV);
}
}
break;
default:
break;
}
}
#ifdef APCLI_SUPPORT
else if ((pEntry) && IS_ENTRY_APCLI(pEntry))
{
if (pEntry->AuthMode == Ndis802_11AuthModeWPA || pEntry->AuthMode == Ndis802_11AuthModeWPAPSK)
{
PRTMP_ADAPTER pAd = (PRTMP_ADAPTER)pEntry->pAd;
if (pEntry->wdev_idx < MAX_APCLI_NUM)
{
UCHAR ifIndex = pEntry->wdev_idx;
DBGPRINT(RT_DEBUG_TRACE, ("(%s) ApCli interface[%d] startdown.\n", __FUNCTION__, ifIndex));
#ifdef MAC_REPEATER_SUPPORT
if ((pEntry->bReptCli) && (pAd->ApCfg.bMACRepeaterEn == TRUE))
ifIndex = (64 + ifIndex*MAX_EXT_MAC_ADDR_SIZE + pEntry->MatchReptCliIdx);
#endif /* MAC_REPEATER_SUPPORT */
#ifdef MAC_REPEATER_SUPPORT
if ( (pAd->ApCfg.bMACRepeaterEn == TRUE) && (pEntry->bReptCli))
{
RTMPRemoveRepeaterDisconnectEntry(pAd, pEntry->wdev_idx, pEntry->MatchReptCliIdx);
RTMPRemoveRepeaterEntry(pAd, pEntry->wdev_idx, pEntry->MatchReptCliIdx);
}
else
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_DISCONNECT_REQ, 0, NULL, ifIndex);
#endif /* MAC_REPEATER_SUPPORT */
}
}
}
#endif /* APCLI_SUPPORT */
}
/*
==========================================================================
Description:
MLME PROBE req state machine procedure
==========================================================================
*/
static VOID ApCliMlmeProbeReqAction(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
BOOLEAN Cancelled;
APCLI_MLME_JOIN_REQ_STRUCT *Info = (APCLI_MLME_JOIN_REQ_STRUCT *)(Elem->Msg);
USHORT ifIndex = (USHORT)(Elem->Priv);
PULONG pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].SyncCurrState;
APCLI_STRUCT *pApCliEntry = NULL;
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("ApCli SYNC - ApCliMlmeProbeReqAction(Ssid %s)\n", Info->Ssid));
if (ifIndex >= MAX_APCLI_NUM)
return;
pApCliEntry = &pAd->ApCfg.ApCliTab[ifIndex];
/* reset all the timers */
RTMPCancelTimer(&(pApCliEntry->MlmeAux.ProbeTimer), &Cancelled);
pApCliEntry->MlmeAux.Rssi = -9999;
#ifdef RT_CFG80211_P2P_CONCURRENT_DEVICE
//Get Channel from ScanTable
pApCliEntry->MlmeAux.SupRateLen = pAd->cfg80211_ctrl.P2pSupRateLen;
NdisMoveMemory(pApCliEntry->MlmeAux.SupRate, pAd->cfg80211_ctrl.P2pSupRate, pAd->cfg80211_ctrl.P2pSupRateLen);
pApCliEntry->MlmeAux.ExtRateLen = pAd->cfg80211_ctrl.P2pExtRateLen;
NdisMoveMemory(pApCliEntry->MlmeAux.ExtRate, pAd->cfg80211_ctrl.P2pExtRate, pAd->cfg80211_ctrl.P2pExtRateLen);
#else
#ifdef APCLI_CONNECTION_TRIAL
if (pApCliEntry->TrialCh ==0)
pApCliEntry->MlmeAux.Channel = pAd->CommonCfg.Channel;
else
pApCliEntry->MlmeAux.Channel = pApCliEntry->TrialCh;
#else
pApCliEntry->MlmeAux.Channel = pAd->CommonCfg.Channel;
#endif /* APCLI_CONNECTION_TRIAL */
pApCliEntry->MlmeAux.SupRateLen = pAd->CommonCfg.SupRateLen;
NdisMoveMemory(pApCliEntry->MlmeAux.SupRate, pAd->CommonCfg.SupRate, pAd->CommonCfg.SupRateLen);
/* Prepare the default value for extended rate */
pApCliEntry->MlmeAux.ExtRateLen = pAd->CommonCfg.ExtRateLen;
NdisMoveMemory(pApCliEntry->MlmeAux.ExtRate, pAd->CommonCfg.ExtRate, pAd->CommonCfg.ExtRateLen);
#endif /* RT_CFG80211_P2P_CONCURRENT_DEVICE */
RTMPSetTimer(&(pApCliEntry->MlmeAux.ProbeTimer), PROBE_TIMEOUT);
#ifdef APCLI_CONNECTION_TRIAL
NdisZeroMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Bssid, MAC_ADDR_LEN);
NdisZeroMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Ssid, MAX_LEN_OF_SSID);
NdisCopyMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Bssid, pAd->ApCfg.ApCliTab[ifIndex].CfgApCliBssid, MAC_ADDR_LEN);
NdisCopyMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Ssid, pAd->ApCfg.ApCliTab[ifIndex].CfgSsid, pAd->ApCfg.ApCliTab[ifIndex].CfgSsidLen);
#endif /* APCLI_CONNECTION_TRIAL */
ApCliEnqueueProbeRequest(pAd, Info->SsidLen, (PCHAR) Info->Ssid, ifIndex);
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("ApCli SYNC - Start Probe the SSID %s on channel =%d\n", pApCliEntry->MlmeAux.Ssid, pApCliEntry->MlmeAux.Channel));
*pCurrState = APCLI_JOIN_WAIT_PROBE_RSP;
return;
}
VOID ApCliRTMPReportMicError(
IN PRTMP_ADAPTER pAd,
IN PCIPHER_KEY pWpaKey,
IN INT ifIndex)
{
ULONG Now;
UCHAR unicastKey = (pWpaKey->Type == PAIRWISE_KEY ? 1:0);
PAPCLI_STRUCT pApCliEntry = NULL;
DBGPRINT(RT_DEBUG_TRACE, (" ApCliRTMPReportMicError <---\n"));
pApCliEntry = &pAd->ApCfg.ApCliTab[ifIndex];
/* Record Last MIC error time and count */
NdisGetSystemUpTime(&Now);
if (pAd->ApCfg.ApCliTab[ifIndex].MicErrCnt == 0)
{
pAd->ApCfg.ApCliTab[ifIndex].MicErrCnt++;
pAd->ApCfg.ApCliTab[ifIndex].LastMicErrorTime = Now;
NdisZeroMemory(pAd->ApCfg.ApCliTab[ifIndex].ReplayCounter, 8);
}
else if (pAd->ApCfg.ApCliTab[ifIndex].MicErrCnt == 1)
{
if ((pAd->ApCfg.ApCliTab[ifIndex].LastMicErrorTime + (60 * OS_HZ)) < Now)
{
/* Update Last MIC error time, this did not violate two MIC errors within 60 seconds */
pAd->ApCfg.ApCliTab[ifIndex].LastMicErrorTime = Now;
}
else
{
/* RTMPSendWirelessEvent(pAd, IW_COUNTER_MEASURES_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0); */
pAd->ApCfg.ApCliTab[ifIndex].LastMicErrorTime = Now;
/* Violate MIC error counts, MIC countermeasures kicks in */
pAd->ApCfg.ApCliTab[ifIndex].MicErrCnt++;
/*
We shall block all reception
We shall clean all Tx ring and disassoicate from AP after next EAPOL frame
No necessary to clean all Tx ring, on RTMPHardTransmit will stop sending non-802.1X EAPOL packets
if pAd->StaCfg.MicErrCnt greater than 2.
*/
}
}
else
{
/* MIC error count >= 2 */
/* This should not happen */
;
}
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_MIC_FAILURE_REPORT_FRAME, 1, &unicastKey, ifIndex);
if (pAd->ApCfg.ApCliTab[ifIndex].MicErrCnt == 2)
{
DBGPRINT(RT_DEBUG_TRACE, (" MIC Error count = 2 Trigger Block timer....\n"));
DBGPRINT(RT_DEBUG_TRACE, (" pAd->ApCfg.ApCliTab[%d].LastMicErrorTime = %ld\n",ifIndex,
pAd->ApCfg.ApCliTab[ifIndex].LastMicErrorTime));
RTMPSetTimer(&pApCliEntry->MlmeAux.WpaDisassocAndBlockAssocTimer, 100);
}
DBGPRINT(RT_DEBUG_TRACE, ("ApCliRTMPReportMicError --->\n"));
}
/*
==========================================================================
Description:
Function to handle countermeasures active attack. Init 60-sec timer if necessary.
Return:
==========================================================================
*/
VOID HandleCounterMeasure(RTMP_ADAPTER *pAd, MAC_TABLE_ENTRY *pEntry)
{
INT i;
BOOLEAN Cancelled;
if (!pEntry)
return;
/* Todo by AlbertY - Not support currently in ApClient-link */
if (IS_ENTRY_APCLI(pEntry))
return;
/* if entry not set key done, ignore this RX MIC ERROR */
if ((pEntry->WpaState < AS_PTKINITDONE) || (pEntry->GTKState != REKEY_ESTABLISHED))
return;
DBGPRINT(RT_DEBUG_TRACE, ("HandleCounterMeasure ===> \n"));
/* record which entry causes this MIC error, if this entry sends disauth/disassoc, AP doesn't need to log the CM */
pEntry->CMTimerRunning = TRUE;
pAd->ApCfg.MICFailureCounter++;
/* send wireless event - for MIC error */
RTMPSendWirelessEvent(pAd, IW_MIC_ERROR_EVENT_FLAG, pEntry->Addr, 0, 0);
if (pAd->ApCfg.CMTimerRunning == TRUE)
{
DBGPRINT(RT_DEBUG_ERROR, ("Receive CM Attack Twice within 60 seconds ====>>> \n"));
/* send wireless event - for counter measures */
RTMPSendWirelessEvent(pAd, IW_COUNTER_MEASURES_EVENT_FLAG, pEntry->Addr, 0, 0);
ApLogEvent(pAd, pEntry->Addr, EVENT_COUNTER_M);
/* renew GTK */
GenRandom(pAd, pAd->ApCfg.MBSSID[pEntry->apidx].wdev.bssid, pAd->ApCfg.MBSSID[pEntry->apidx].GNonce);
/* Cancel CounterMeasure Timer */
RTMPCancelTimer(&pAd->ApCfg.CounterMeasureTimer, &Cancelled);
pAd->ApCfg.CMTimerRunning = FALSE;
for (i = 0; i < MAX_LEN_OF_MAC_TABLE; i++)
{
/* happened twice within 60 sec, AP SENDS disaccociate all associated STAs. All STA's transition to State 2 */
if (IS_ENTRY_CLIENT(&pAd->MacTab.Content[i]))
{
MlmeDeAuthAction(pAd, &pAd->MacTab.Content[i], REASON_MIC_FAILURE, FALSE);
}
}
/*
Further, ban all Class 3 DATA transportation for a period 0f 60 sec
disallow new association , too
*/
pAd->ApCfg.BANClass3Data = TRUE;
/* check how many entry left... should be zero */
/*pAd->ApCfg.MBSSID[pEntry->apidx].GKeyDoneStations = pAd->MacTab.Size; */
/*DBGPRINT(RT_DEBUG_TRACE, ("GKeyDoneStations=%d \n", pAd->ApCfg.MBSSID[pEntry->apidx].GKeyDoneStations)); */
}
RTMPSetTimer(&pAd->ApCfg.CounterMeasureTimer, 60 * MLME_TASK_EXEC_INTV * MLME_TASK_EXEC_MULTIPLE);
pAd->ApCfg.CMTimerRunning = TRUE;
pAd->ApCfg.PrevaMICFailTime = pAd->ApCfg.aMICFailTime;
RTMP_GetCurrentSystemTime(&pAd->ApCfg.aMICFailTime);
}
/*
==========================================================================
Description:
mlme assoc req handling procedure
Parameters:
Adapter - Adapter pointer
Elem - MLME Queue Element
Pre:
the station has been authenticated and the following information is stored in the config
-# SSID
-# supported rates and their length
Post :
-# An association request frame is generated and sent to the air
-# Association timer starts
-# Association state -> ASSOC_WAIT_RSP
==========================================================================
*/
static VOID ApCliMlmeAssocReqAction(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
NDIS_STATUS NStatus;
BOOLEAN Cancelled;
UCHAR ApAddr[6];
HEADER_802_11 AssocHdr;
UCHAR WmeIe[9] = {IE_VENDOR_SPECIFIC, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00};
USHORT ListenIntv;
ULONG Timeout;
USHORT CapabilityInfo;
PUCHAR pOutBuffer = NULL;
ULONG FrameLen = 0;
ULONG tmp;
UCHAR SsidIe = IE_SSID;
UCHAR SupRateIe = IE_SUPP_RATES;
UCHAR ExtRateIe = IE_EXT_SUPP_RATES;
APCLI_CTRL_MSG_STRUCT ApCliCtrlMsg;
USHORT ifIndex = (USHORT)(Elem->Priv);
PULONG pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].AssocCurrState;
#ifdef APCLI_WPA_SUPPLICANT_SUPPORT
USHORT VarIesOffset = 0;
#endif /* APCLI_WPA_SUPPLICANT_SUPPORT */
UCHAR RSNIe = IE_WPA;
if (ifIndex >= MAX_APCLI_NUM)
return;
/* Block all authentication request durning WPA block period */
if (pAd->ApCfg.ApCliTab[ifIndex].bBlockAssoc == TRUE)
{
DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - Block Auth request durning WPA block period!\n"));
*pCurrState = APCLI_ASSOC_IDLE;
ApCliCtrlMsg.Status = MLME_STATE_MACHINE_REJECT;
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_ASSOC_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
}
else if(MlmeAssocReqSanity(pAd, Elem->Msg, Elem->MsgLen, ApAddr, &CapabilityInfo, &Timeout, &ListenIntv))
{
RTMPCancelTimer(&pAd->ApCliMlmeAux.ApCliAssocTimer, &Cancelled);
/* allocate and send out AssocRsp frame */
NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */
if (NStatus != NDIS_STATUS_SUCCESS)
{
DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - ApCliMlmeAssocReqAction() allocate memory failed \n"));
*pCurrState = APCLI_ASSOC_IDLE;
ApCliCtrlMsg.Status = MLME_FAIL_NO_RESOURCE;
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_ASSOC_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
return;
}
#ifdef APCLI_WPA_SUPPLICANT_SUPPORT
pAd->ApCfg.ApCliTab[ifIndex].AssocInfo.Length = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
pAd->ApCfg.ApCliTab[ifIndex].AssocInfo.AvailableRequestFixedIEs =
NDIS_802_11_AI_REQFI_CAPABILITIES | NDIS_802_11_AI_REQFI_LISTENINTERVAL;
pAd->ApCfg.ApCliTab[ifIndex].AssocInfo.RequestFixedIEs.Capabilities = CapabilityInfo;
pAd->ApCfg.ApCliTab[ifIndex].AssocInfo.RequestFixedIEs.ListenInterval = ListenIntv;
pAd->ApCfg.ApCliTab[ifIndex].AssocInfo.OffsetRequestIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
NdisZeroMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs, MAX_VIE_LEN);
/*First add SSID*/
VarIesOffset = 0;
NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, &SsidIe, 1);
VarIesOffset += 1;
NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, &pAd->MlmeAux.SsidLen, 1);
VarIesOffset += 1;
NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen);
VarIesOffset += pAd->MlmeAux.SsidLen;
/*Second add Supported rates*/
NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, &SupRateIe, 1);
VarIesOffset += 1;
NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, &pAd->MlmeAux.SupRateLen, 1);
VarIesOffset += 1;
NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, pAd->MlmeAux.SupRate, pAd->MlmeAux.SupRateLen);
VarIesOffset += pAd->MlmeAux.SupRateLen;
#endif /* APCLI_WPA_SUPPLICANT_SUPPORT */
DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - Send ASSOC request...\n"));
ApCliMgtMacHeaderInit(pAd, &AssocHdr, SUBTYPE_ASSOC_REQ, 0, ApAddr, ApAddr, ifIndex);
/* Build basic frame first */
MakeOutgoingFrame(pOutBuffer, &FrameLen,
sizeof(HEADER_802_11), &AssocHdr,
2, &CapabilityInfo,
2, &ListenIntv,
1, &SsidIe,
1, &pAd->ApCliMlmeAux.SsidLen,
pAd->ApCliMlmeAux.SsidLen, pAd->ApCliMlmeAux.Ssid,
1, &SupRateIe,
1, &pAd->ApCliMlmeAux.SupRateLen,
pAd->ApCliMlmeAux.SupRateLen, pAd->ApCliMlmeAux.SupRate,
END_OF_ARGS);
if(pAd->ApCliMlmeAux.ExtRateLen != 0)
{
MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
1, &ExtRateIe,
1, &pAd->ApCliMlmeAux.ExtRateLen,
pAd->ApCliMlmeAux.ExtRateLen, pAd->ApCliMlmeAux.ExtRate,
END_OF_ARGS);
FrameLen += tmp;
}
#ifdef DOT11_N_SUPPORT
/* HT */
if ((pAd->ApCliMlmeAux.HtCapabilityLen > 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
{
ULONG TmpLen;
HT_CAPABILITY_IE HtCapabilityTmp;
NdisZeroMemory(&HtCapabilityTmp, sizeof(HT_CAPABILITY_IE));
NdisMoveMemory(&HtCapabilityTmp, &pAd->ApCliMlmeAux.HtCapability, pAd->ApCliMlmeAux.HtCapabilityLen);
#ifdef DOT11N_SS3_SUPPORT
HtCapabilityTmp.MCSSet[2] = (pAd->ApCliMlmeAux.HtCapability.MCSSet[2] & pAd->ApCfg.ApCliTab[ifIndex].RxMcsSet[2]);
#endif /* DOT11N_SS3_SUPPORT */
#ifdef RT_BIG_ENDIAN
*(USHORT *)(&HtCapabilityTmp.HtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.HtCapInfo));
*(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo));
#endif /* RT_BIG_ENDINA */
MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
1, &HtCapIe,
1, &pAd->ApCliMlmeAux.HtCapabilityLen,
pAd->ApCliMlmeAux.HtCapabilityLen, &HtCapabilityTmp,
END_OF_ARGS);
FrameLen += TmpLen;
}
#endif /* DOT11_N_SUPPORT */
#ifdef AGGREGATION_SUPPORT
/*
add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION
Case I: (Aggregation + Piggy-Back)
1. user enable aggregation, AND
2. Mac support piggy-back
3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON
Case II: (Aggregation)
1. user enable aggregation, AND
2. AP annouces it's AGGREGATION-capable in BEACON
*/
if (pAd->CommonCfg.bAggregationCapable)
{
#ifdef PIGGYBACK_SUPPORT
if ((pAd->CommonCfg.bPiggyBackCapable) && ((pAd->ApCliMlmeAux.APRalinkIe & 0x00000003) == 3))
{
ULONG TmpLen;
UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00};
MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
9, RalinkIe,
END_OF_ARGS);
FrameLen += TmpLen;
} else
#endif /* PIGGYBACK_SUPPORT */
if (pAd->ApCliMlmeAux.APRalinkIe & 0x00000001)
{
ULONG TmpLen;
UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00};
MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
9, RalinkIe,
END_OF_ARGS);
FrameLen += TmpLen;
}
}
else
{
ULONG TmpLen;
UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x06, 0x00, 0x00, 0x00};
MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
9, RalinkIe,
END_OF_ARGS);
FrameLen += TmpLen;
}
#endif /* AGGREGATION_SUPPORT */
if (pAd->ApCliMlmeAux.APEdcaParm.bValid)
{
if (pAd->ApCfg.ApCliTab[ifIndex].UapsdInfo.bAPSDCapable &&
pAd->ApCliMlmeAux.APEdcaParm.bAPSDCapable)
{
QBSS_STA_INFO_PARM QosInfo;
NdisZeroMemory(&QosInfo, sizeof(QBSS_STA_INFO_PARM));
QosInfo.UAPSD_AC_BE = pAd->CommonCfg.bAPSDAC_BE;
QosInfo.UAPSD_AC_BK = pAd->CommonCfg.bAPSDAC_BK;
QosInfo.UAPSD_AC_VI = pAd->CommonCfg.bAPSDAC_VI;
QosInfo.UAPSD_AC_VO = pAd->CommonCfg.bAPSDAC_VO;
QosInfo.MaxSPLength = pAd->CommonCfg.MaxSPLength;
WmeIe[8] |= *(PUCHAR)&QosInfo;
}
else
{
/* The Parameter Set Count is set to бз0би in the association request frames */
/* WmeIe[8] |= (pAd->MlmeAux.APEdcaParm.EdcaUpdateCount & 0x0f); */
}
MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
9, &WmeIe[0],
END_OF_ARGS);
FrameLen += tmp;
}
/* Append RSN_IE when WPAPSK OR WPA2PSK, */
if (((pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPAPSK) ||
(pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPA2PSK))
#ifdef APCLI_WPA_SUPPLICANT_SUPPORT
|| (pAd->ApCfg.ApCliTab[ifIndex].AuthMode >= Ndis802_11AuthModeWPA)
#endif /* APCLI_WPA_SUPPLICANT_SUPPORT */
#ifdef WSC_AP_SUPPORT
&& (pAd->ApCfg.ApCliTab[ifIndex].WscControl.WscConfMode == WSC_DISABLE)
#endif /* WSC_AP_SUPPORT */
)
{
RSNIe = IE_WPA;
if ((pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPA2PSK)
#ifdef APCLI_WPA_SUPPLICANT_SUPPORT
||(pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPA2)
#endif/*APCLI_WPA_SUPPLICANT_SUPPORT*/
)
RSNIe = IE_WPA2;
#ifdef APCLI_WPA_SUPPLICANT_SUPPORT
if (pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPA2)
{
INT idx;
BOOLEAN FoundPMK = FALSE;
/* Search chched PMKID, append it if existed */
for (idx = 0; idx < PMKID_NO; idx++)
{
if (NdisEqualMemory(ApAddr, &pAd->ApCfg.ApCliTab[ifIndex].SavedPMK[idx].BSSID, 6))
{
FoundPMK = TRUE;
break;
}
}
/*
When AuthMode is WPA2-Enterprise and AP reboot or STA lost AP,
AP would not do PMK cache with STA after STA re-connect to AP again.
In this case, driver doesn't need to send PMKID to AP and WpaSupplicant.
*/
if ((pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPA2) &&
(NdisEqualMemory(pAd->MlmeAux.Bssid, pAd->CommonCfg.LastBssid, MAC_ADDR_LEN)))
{
FoundPMK = FALSE;
}
if (FoundPMK)
{
// Set PMK number
*(PUSHORT) &pAd->ApCfg.ApCliTab[ifIndex].RSN_IE[pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len] = 1;
NdisMoveMemory(&pAd->ApCfg.ApCliTab[ifIndex].RSN_IE[pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len + 2], &pAd->ApCfg.ApCliTab[ifIndex].SavedPMK[idx].PMKID, 16);
pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len += 18;
}
}
#ifdef SIOCSIWGENIE
if ((pAd->ApCfg.ApCliTab[ifIndex].WpaSupplicantUP & WPA_SUPPLICANT_ENABLE) &&
(pAd->ApCfg.ApCliTab[ifIndex].bRSN_IE_FromWpaSupplicant == TRUE))
{
;
}
else
#endif
#endif /*APCLI_WPA_SUPPLICANT_SUPPORT*/
MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
1, &RSNIe,
1, &pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len,
pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len, pAd->ApCfg.ApCliTab[ifIndex].RSN_IE,
END_OF_ARGS);
FrameLen += tmp;
}
#ifdef APCLI_WPA_SUPPLICANT_SUPPORT
#ifdef SIOCSIWGENIE
if (((pAd->ApCfg.ApCliTab[ifIndex].WpaSupplicantUP & 0x7F) != WPA_SUPPLICANT_ENABLE) ||
(pAd->ApCfg.ApCliTab[ifIndex].bRSN_IE_FromWpaSupplicant == FALSE))
#endif
{
// Append Variable IE
NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, &RSNIe, 1);
VarIesOffset += 1;
NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, &pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len, 1);
VarIesOffset += 1;
NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, pAd->ApCfg.ApCliTab[ifIndex].RSN_IE, pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len);
VarIesOffset += pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len;
// Set Variable IEs Length
pAd->ApCfg.ApCliTab[ifIndex].ReqVarIELen = VarIesOffset;
}
#ifdef SIOCSIWGENIE
if ((pAd->ApCfg.ApCliTab[ifIndex].WpaSupplicantUP & WPA_SUPPLICANT_ENABLE) &&
(pAd->ApCfg.ApCliTab[ifIndex].bRSN_IE_FromWpaSupplicant == TRUE))
{
ULONG TmpWpaAssocIeLen = 0;
MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpWpaAssocIeLen,
pAd->ApCfg.ApCliTab[ifIndex].WpaAssocIeLen, pAd->ApCfg.ApCliTab[ifIndex].pWpaAssocIe,
END_OF_ARGS);
FrameLen += TmpWpaAssocIeLen;
NdisMoveMemory(pAd->ApCfg.ApCliTab[ifIndex].ReqVarIEs + VarIesOffset, pAd->ApCfg.ApCliTab[ifIndex].pWpaAssocIe, pAd->ApCfg.ApCliTab[ifIndex].WpaAssocIeLen);
VarIesOffset += pAd->ApCfg.ApCliTab[ifIndex].WpaAssocIeLen;
// Set Variable IEs Length
pAd->ApCfg.ApCliTab[ifIndex].ReqVarIELen = VarIesOffset;
}
#endif
#endif /* APCLI_WPA_SUPPLICANT_SUPPORT */
MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
MlmeFreeMemory(pAd, pOutBuffer);
RTMPSetTimer(&pAd->ApCliMlmeAux.ApCliAssocTimer, Timeout);
*pCurrState = APCLI_ASSOC_WAIT_RSP;
}
else
{
DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - ApCliMlmeAssocReqAction() sanity check failed. BUG!!!!!! \n"));
*pCurrState = APCLI_ASSOC_IDLE;
ApCliCtrlMsg.Status = MLME_INVALID_FORMAT;
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_ASSOC_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
}
return;
}
BOOLEAN BARecSessionAdd(
IN PRTMP_ADAPTER pAd,
IN MAC_TABLE_ENTRY *pEntry,
IN PFRAME_ADDBA_REQ pFrame)
{
BA_REC_ENTRY *pBAEntry = NULL;
BOOLEAN Status = TRUE;
BOOLEAN Cancelled;
USHORT Idx;
UCHAR TID;
UCHAR BAWinSize;
//UINT32 Value;
//UINT offset;
ASSERT(pEntry);
// find TID
TID = pFrame->BaParm.TID;
BAWinSize = min(((UCHAR)pFrame->BaParm.BufSize), (UCHAR)pAd->CommonCfg.BACapability.field.RxBAWinLimit);
// Intel patch
if (BAWinSize == 0)
{
BAWinSize = 64;
}
Idx = pEntry->BARecWcidArray[TID];
if (Idx == 0)
{
pBAEntry = BATableAllocRecEntry(pAd, &Idx);
}
else
{
pBAEntry = &pAd->BATable.BARecEntry[Idx];
// flush all pending reordering mpdus
ba_refresh_reordering_mpdus(pAd, pBAEntry);
}
DBGPRINT(RT_DEBUG_TRACE,("%s(%ld): Idx = %d, BAWinSize(req %d) = %d\n", __func__, pAd->BATable.numAsRecipient, Idx,
pFrame->BaParm.BufSize, BAWinSize));
// Start fill in parameters.
if (pBAEntry != NULL)
{
ASSERT(pBAEntry->list.qlen == 0);
pBAEntry->REC_BA_Status = Recipient_HandleRes;
pBAEntry->BAWinSize = BAWinSize;
pBAEntry->Wcid = pEntry->Aid;
pBAEntry->TID = TID;
pBAEntry->TimeOutValue = pFrame->TimeOutValue;
pBAEntry->REC_BA_Status = Recipient_Accept;
// initial sequence number
pBAEntry->LastIndSeq = RESET_RCV_SEQ; //pFrame->BaStartSeq.field.StartSeq;
printk("Start Seq = %08x\n", pFrame->BaStartSeq.field.StartSeq);
if (pEntry->RXBAbitmap & (1<<TID))
{
RTMPCancelTimer(&pBAEntry->RECBATimer, &Cancelled);
}
else
{
RTMPInitTimer(pAd, &pBAEntry->RECBATimer, GET_TIMER_FUNCTION(BARecSessionIdleTimeout), pBAEntry, TRUE);
}
#if 0 // for debugging
RTMPSetTimer(&pBAEntry->RECBATimer, REC_BA_SESSION_IDLE_TIMEOUT);
#endif
// Set Bitmap flag.
pEntry->RXBAbitmap |= (1<<TID);
pEntry->BARecWcidArray[TID] = Idx;
pEntry->BADeclineBitmap &= ~(1<<TID);
// Set BA session mask in WCID table.
RT28XX_ADD_BA_SESSION_TO_ASIC(pAd, pEntry->Aid, TID);
DBGPRINT(RT_DEBUG_TRACE,("MACEntry[%d]RXBAbitmap = 0x%x. BARecWcidArray=%d\n",
pEntry->Aid, pEntry->RXBAbitmap, pEntry->BARecWcidArray[TID]));
}
else
{
Status = FALSE;
DBGPRINT(RT_DEBUG_TRACE,("Can't Accept ADDBA for %02x:%02x:%02x:%02x:%02x:%02x TID = %d\n",
PRINT_MAC(pEntry->Addr), TID));
}
return(Status);
}
/*
==========================================================================
Description:
IRQL = PASSIVE_LEVEL
==========================================================================
*/
VOID
TDLS_PeerChannelSwitchRspAction(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
PRT_802_11_TDLS pTDLS = NULL;
int LinkId = 0xff;
UCHAR PeerAddr[MAC_ADDR_LEN];
//BOOLEAN IsInitator;
BOOLEAN TimerCancelled;
//UCHAR RegulatoryClass;
//UCHAR NewExtChannelOffset = 0xff;
UCHAR LinkIdentLen;
USHORT PeerChSwitchTime;
USHORT PeerChSwitchTimeOut;
TDLS_LINK_IDENT_ELEMENT LinkIdent;
//NDIS_STATUS NStatus = NDIS_STATUS_SUCCESS;
USHORT StatusCode = MLME_SUCCESS;
DBGPRINT(RT_DEBUG_WARN,("TDLS ===> TDLS_PeerChannelSwitchRspAction() \n"));
// Not TDLS Capable, ignore it
if (!IS_TDLS_SUPPORT(pAd))
return;
if (!INFRA_ON(pAd))
return;
hex_dump("TDLS peer channel switch response receive pack", Elem->Msg, Elem->MsgLen);
if (!PeerTdlsChannelSwitchRspSanity(pAd,
Elem->Msg,
Elem->MsgLen,
PeerAddr,
&StatusCode,
&PeerChSwitchTime,
&PeerChSwitchTimeOut,
&LinkIdentLen,
&LinkIdent))
{
DBGPRINT(RT_DEBUG_ERROR,("%s(%d): from %02x:%02x:%02x:%02x:%02x:%02x Sanity Check Fail !!!\n",
__FUNCTION__,__LINE__, PeerAddr[0], PeerAddr[1], PeerAddr[2], PeerAddr[3], PeerAddr[4], PeerAddr[5]));
return;
}
// Drop not within my TDLS Table that created before !
LinkId = TDLS_SearchLinkId(pAd, PeerAddr);
if (LinkId == -1 || LinkId == MAX_NUM_OF_TDLS_ENTRY)
{
DBGPRINT(RT_DEBUG_ERROR,("%s(%d): can not find from %02x:%02x:%02x:%02x:%02x:%02x on TDLS entry !!!\n",
__FUNCTION__,__LINE__, PeerAddr[0], PeerAddr[1], PeerAddr[2], PeerAddr[3], PeerAddr[4], PeerAddr[5]));
return;
}
// Point to the current Link ID
pTDLS = &pAd->StaCfg.TdlsInfo.TDLSEntry[LinkId];
if ((pTDLS->ChannelSwitchCurrentState == TDLS_CHANNEL_SWITCH_NONE) &&
(StatusCode == MLME_REQUEST_DECLINED))
{
DBGPRINT(RT_DEBUG_OFF,("%s(%d): received a failed StatusCode = %d on Unsolicited response !!!\n",
__FUNCTION__, __LINE__, StatusCode));
return;
}
if (StatusCode == MLME_REQUEST_DECLINED)
{
if ((pAd->StaCfg.TdlsChannelSwitchRetryCount > 0) &&
(pTDLS->bDoingPeriodChannelSwitch) &&
(pAd->StaCfg.bDoingPeriodChannelSwitch))
{
pAd->StaCfg.TdlsChannelSwitchRetryCount--;
DBGPRINT(RT_DEBUG_OFF,("%s(%d): received a failed StatusCode = %d re-try again !!!\n",
__FUNCTION__, __LINE__, StatusCode));
}
else
{
pTDLS->bDoingPeriodChannelSwitch = FALSE;
pAd->StaCfg.bDoingPeriodChannelSwitch = FALSE;
pAd->StaCfg.bTdlsNoticeAPPowerSave = FALSE;
pAd->StaCfg.TdlsForcePowerSaveWithAP = FALSE;
RTMPSendNullFrame(pAd, pAd->CommonCfg.TxRate, TRUE, FALSE);
}
DBGPRINT(RT_DEBUG_OFF,("TDLS - TDLS_PeerChannelSwitchRspAction() received a failed StatusCode = %d !!!\n", StatusCode ));
return;
}
DBGPRINT(RT_DEBUG_WARN,("%s(%d): from %02x:%02x:%02x:%02x:%02x:%02x !!!\n",
__FUNCTION__,__LINE__, PeerAddr[0], PeerAddr[1], PeerAddr[2], PeerAddr[3], PeerAddr[4], PeerAddr[5]));
if (StatusCode == MLME_SUCCESS)
{
if (pTDLS->ChannelSwitchCurrentState == TDLS_CHANNEL_SWITCH_NONE)
{
if (pAd->StaCfg.bChannelSwitchInitiator == FALSE)
{
RTMPCancelTimer(&pAd->StaCfg.TdlsResponderGoBackBaseChTimer, &TimerCancelled);
DBGPRINT(RT_DEBUG_WARN,("%s(%d): i am responder!!!\n", __FUNCTION__,__LINE__));
}
else
{
RTMPCancelTimer(&pAd->StaCfg.TdlsPeriodGoBackBaseChTimer, &TimerCancelled);
DBGPRINT(RT_DEBUG_WARN,("%s(%d): i am Initiator !!!\n", __FUNCTION__,__LINE__));
}
if (pAd->StaCfg.TdlsCurrentOperateChannel != pAd->CommonCfg.Channel)
{
DBGPRINT(RT_DEBUG_ERROR, ("106. %ld !!!\n", (jiffies * 1000) / OS_HZ));
RTMPusecDelay(300);
NdisGetSystemUpTime(&pAd->StaCfg.TdlsGoBackStartTime);
RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH);
if (pAd->CommonCfg.CentralChannel > pAd->CommonCfg.Channel)
TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_ABOVE);
else if (pAd->CommonCfg.CentralChannel < pAd->CommonCfg.Channel)
TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_BELOW);
else
TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_NONE);
TDLS_EnablePktChannel(pAd, TDLS_FIFO_ALL);
RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH);
}
}
else
{
if (pAd->StaCfg.TdlsCurrentChannel != pAd->CommonCfg.Channel)
{
if (pAd->StaCfg.bChannelSwitchInitiator)
{
UINT16 SwitchTime = pAd->StaCfg.TdlsInfo.TdlsSwitchTime; //micro seconds
UINT16 SwitchTimeout = pAd->StaCfg.TdlsInfo.TdlsSwitchTimeout; // micro seconds
pAd->StaCfg.TdlsChannelSwitchPairCount--;
pAd->StaCfg.TdlsChannelSwitchRetryCount = 10;
//pAd->StaCfg.bDoingPeriodChannelSwitch = TRUE;
if (SwitchTime >= PeerChSwitchTime)
PeerChSwitchTime = SwitchTime;
if (SwitchTimeout >= PeerChSwitchTimeOut)
PeerChSwitchTimeOut = SwitchTimeout;
pTDLS->ChSwitchTime = PeerChSwitchTime;
pAd->StaCfg.TdlsGlobalSwitchTime = PeerChSwitchTime;
pTDLS->ChSwitchTimeout = PeerChSwitchTimeOut;
pAd->StaCfg.TdlsGlobalSwitchTimeOut = PeerChSwitchTimeOut;
pTDLS->ChannelSwitchCurrentState = TDLS_CHANNEL_SWITCH_NONE;
RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH);
//Cancel the timer since the received packet to me.
#ifdef TDLS_HWTIMER_SUPPORT
TDLS_SetChannelSwitchTimer(pAd, ((PeerChSwitchTime + pAd->StaCfg.TdlsOffChannelDelay) / 1000));
#else
RTMPCancelTimer(&pTDLS->ChannelSwitchTimer, &TimerCancelled);
pTDLS->bEnableChSwitchTime = TRUE;
NdisGetSystemUpTime(&pTDLS->ChannelSwitchTimerStartTime);
RTMPSetTimer(&pTDLS->ChannelSwitchTimer, ((PeerChSwitchTime + pAd->StaCfg.TdlsOffChannelDelay) / 1000));
#endif // TDLS_HWTIMER_SUPPORT //
if (RTDebugLevel < RT_DEBUG_ERROR)
RTMPusecDelay(300);
else
DBGPRINT(RT_DEBUG_ERROR, ("104. %ld !!!\n", (jiffies * 1000) / OS_HZ));
TDLS_InitChannelRelatedValue(pAd, pAd->StaCfg.TdlsCurrentChannel, pAd->StaCfg.TdlsCurrentChannelBW);
}
}
else
{
pTDLS->bDoingPeriodChannelSwitch = FALSE;
pAd->StaCfg.bDoingPeriodChannelSwitch = FALSE;
pAd->StaCfg.TdlsForcePowerSaveWithAP = FALSE;
pAd->StaCfg.bTdlsNoticeAPPowerSave = FALSE;
if (pAd->StaCfg.bChannelSwitchInitiator == FALSE)
{
DBGPRINT(RT_DEBUG_OFF,("%s(%d): i am channel switch responder!!!\n", __FUNCTION__,__LINE__));
}
else
{
RTMPCancelTimer(&pAd->StaCfg.TdlsDisableChannelSwitchTimer, &TimerCancelled);
pAd->StaCfg.bChannelSwitchInitiator = FALSE;
DBGPRINT(RT_DEBUG_OFF,("%s(%d): i am channel switch Initiator !!!\n", __FUNCTION__,__LINE__));
}
if (pAd->StaCfg.TdlsCurrentOperateChannel != pAd->CommonCfg.Channel)
{
RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH);
if (pAd->CommonCfg.CentralChannel > pAd->CommonCfg.Channel)
TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_ABOVE);
else if (pAd->CommonCfg.CentralChannel < pAd->CommonCfg.Channel)
TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_BELOW);
else
TDLS_InitChannelRelatedValue(pAd, pAd->CommonCfg.Channel, EXTCHA_NONE);
TDLS_EnablePktChannel(pAd, TDLS_FIFO_ALL);
RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_TDLS_DOING_CHANNEL_SWITCH);
}
RTMPSendNullFrame(pAd, pAd->CommonCfg.TxRate, TRUE, FALSE);
}
}
}
DBGPRINT(RT_DEBUG_WARN,("TDLS <=== TDLS_PeerChannelSwitchRspAction() \n"));
return;
}
/*
* generate ADDBA request to
* set up BA agreement
*/
void BAOriSessionSetUp(struct rt_rtmp_adapter *pAd,
struct rt_mac_table_entry *pEntry,
u8 TID,
u16 TimeOut,
unsigned long DelayTime, IN BOOLEAN isForced)
{
/*struct rt_mlme_addba_req AddbaReq; */
struct rt_ba_ori_entry *pBAEntry = NULL;
u16 Idx;
BOOLEAN Cancelled;
if ((pAd->CommonCfg.BACapability.field.AutoBA != TRUE)
&& (isForced == FALSE))
return;
/* if this entry is limited to use legacy tx mode, it doesn't generate BA. */
if (RTMPStaFixedTxMode(pAd, pEntry) != FIXED_TXMODE_HT)
return;
if ((pEntry->BADeclineBitmap & (1 << TID)) && (isForced == FALSE)) {
/* try again after 3 secs */
DelayTime = 3000;
/* DBGPRINT(RT_DEBUG_TRACE, ("DeCline BA from Peer\n")); */
/* return; */
}
Idx = pEntry->BAOriWcidArray[TID];
if (Idx == 0) {
/* allocate a BA session */
pBAEntry = BATableAllocOriEntry(pAd, &Idx);
if (pBAEntry == NULL) {
DBGPRINT(RT_DEBUG_TRACE,
("ADDBA - MlmeADDBAAction() allocate BA session failed \n"));
return;
}
} else {
pBAEntry = &pAd->BATable.BAOriEntry[Idx];
}
if (pBAEntry->ORI_BA_Status >= Originator_WaitRes) {
return;
}
pEntry->BAOriWcidArray[TID] = Idx;
/* Initialize BA session */
pBAEntry->ORI_BA_Status = Originator_WaitRes;
pBAEntry->Wcid = pEntry->Aid;
pBAEntry->BAWinSize = pAd->CommonCfg.BACapability.field.RxBAWinLimit;
pBAEntry->Sequence = BA_ORI_INIT_SEQ;
pBAEntry->Token = 1; /* (2008-01-21) Jan Lee recommends it - this token can't be 0 */
pBAEntry->TID = TID;
pBAEntry->TimeOutValue = TimeOut;
pBAEntry->pAdapter = pAd;
if (!(pEntry->TXBAbitmap & (1 << TID))) {
RTMPInitTimer(pAd, &pBAEntry->ORIBATimer,
GET_TIMER_FUNCTION(BAOriSessionSetupTimeout),
pBAEntry, FALSE);
} else
RTMPCancelTimer(&pBAEntry->ORIBATimer, &Cancelled);
/* set timer to send ADDBA request */
RTMPSetTimer(&pBAEntry->ORIBATimer, DelayTime);
}
/*
==========================================================================
Description:
==========================================================================
*/
static VOID ApCliMlmeAuthReqAction(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
BOOLEAN Cancelled;
NDIS_STATUS NState;
UCHAR Addr[MAC_ADDR_LEN];
USHORT Alg, Seq, Status;
ULONG Timeout;
HEADER_802_11 AuthHdr;
PUCHAR pOutBuffer = NULL;
ULONG FrameLen = 0;
APCLI_CTRL_MSG_STRUCT ApCliCtrlMsg;
PAPCLI_STRUCT pApCliEntry = NULL;
USHORT ifIndex = (USHORT)(Elem->Priv);
PULONG pCurrState = NULL;
#ifdef MAC_REPEATER_SUPPORT
UCHAR CliIdx = 0xFF;
#endif /* MAC_REPEATER_SUPPORT */
if ((ifIndex >= MAX_APCLI_NUM)
#ifdef MAC_REPEATER_SUPPORT
&& (ifIndex < 64)
#endif /* MAC_REPEATER_SUPPORT */
)
return;
#ifdef MAC_REPEATER_SUPPORT
if (ifIndex >= 64)
{
CliIdx = ((ifIndex - 64) % 16);
ifIndex = ((ifIndex - 64) / 16);
pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].AuthCurrState;
}
else
#endif /* MAC_REPEATER_SUPPORT */
pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].AuthCurrState;
pApCliEntry = &pAd->ApCfg.ApCliTab[ifIndex];
/* Block all authentication request durning WPA block period */
if (pAd->ApCfg.ApCliTab[ifIndex].bBlockAssoc == TRUE)
{
DBGPRINT(RT_DEBUG_TRACE, ("APCLI AUTH - Block Auth request durning WPA block period!\n"));
*pCurrState = APCLI_AUTH_REQ_IDLE;
ApCliCtrlMsg.Status = MLME_STATE_MACHINE_REJECT;
#ifdef MAC_REPEATER_SUPPORT
ApCliCtrlMsg.BssIdx = ifIndex;
ApCliCtrlMsg.CliIdx = CliIdx;
ifIndex = (USHORT)(Elem->Priv);
#endif /* MAC_REPEATER_SUPPORT */
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
}
else if(MlmeAuthReqSanity(pAd, Elem->Msg, Elem->MsgLen, Addr, &Timeout, &Alg))
{
#ifdef MAC_REPEATER_SUPPORT
/* reset timer */
if (CliIdx != 0xFF)
RTMPCancelTimer(&pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].ApCliAuthTimer, &Cancelled);
else
#endif /* MAC_REPEATER_SUPPORT */
RTMPCancelTimer(&pApCliEntry->ApCliMlmeAux.ApCliAuthTimer, &Cancelled);
pApCliEntry->ApCliMlmeAux.Alg = Alg;
Seq = 1;
Status = MLME_SUCCESS;
/* allocate and send out AuthReq frame */
NState = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */
if(NState != NDIS_STATUS_SUCCESS)
{
DBGPRINT(RT_DEBUG_TRACE, ("APCLI AUTH - MlmeAuthReqAction() allocate memory failed\n"));
*pCurrState = APCLI_AUTH_REQ_IDLE;
ApCliCtrlMsg.Status = MLME_FAIL_NO_RESOURCE;
#ifdef MAC_REPEATER_SUPPORT
ApCliCtrlMsg.BssIdx = ifIndex;
ApCliCtrlMsg.CliIdx = CliIdx;
ifIndex = (USHORT)(Elem->Priv);
#endif /* MAC_REPEATER_SUPPORT */
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
return;
}
DBGPRINT(RT_DEBUG_TRACE, ("APCLI AUTH - Send AUTH request seq#1 (Alg=%d)...\n", Alg));
ApCliMgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr, pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.Bssid, ifIndex);
#ifdef MAC_REPEATER_SUPPORT
if (CliIdx != 0xFF)
COPY_MAC_ADDR(AuthHdr.Addr2, pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].CurrentAddress);
#endif /* MAC_REPEATER_SUPPORT */
MakeOutgoingFrame(pOutBuffer, &FrameLen,
sizeof(HEADER_802_11),&AuthHdr,
2, &Alg,
2, &Seq,
2, &Status,
END_OF_ARGS);
MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
MlmeFreeMemory(pAd, pOutBuffer);
#ifdef MAC_REPEATER_SUPPORT
if (CliIdx != 0xFF)
RTMPSetTimer(&pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].ApCliAuthTimer, AUTH_TIMEOUT);
else
#endif /* MAC_REPEATER_SUPPORT */
RTMPSetTimer(&pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.ApCliAuthTimer, AUTH_TIMEOUT);
*pCurrState = APCLI_AUTH_WAIT_SEQ2;
}
else
{
DBGPRINT(RT_DEBUG_ERROR, ("APCLI AUTH - MlmeAuthReqAction() sanity check failed. BUG!!!!!\n"));
*pCurrState = APCLI_AUTH_REQ_IDLE;
}
return;
}
void BAOriSessionAdd(struct rt_rtmp_adapter *pAd,
struct rt_mac_table_entry *pEntry, struct rt_frame_addba_rsp * pFrame)
{
struct rt_ba_ori_entry *pBAEntry = NULL;
BOOLEAN Cancelled;
u8 TID;
u16 Idx;
u8 *pOutBuffer2 = NULL;
int NStatus;
unsigned long FrameLen;
struct rt_frame_bar FrameBar;
TID = pFrame->BaParm.TID;
Idx = pEntry->BAOriWcidArray[TID];
pBAEntry = &pAd->BATable.BAOriEntry[Idx];
/* Start fill in parameters. */
if ((Idx != 0) && (pBAEntry->TID == TID)
&& (pBAEntry->ORI_BA_Status == Originator_WaitRes)) {
pBAEntry->BAWinSize =
min(pBAEntry->BAWinSize, ((u8)pFrame->BaParm.BufSize));
BA_MaxWinSizeReasign(pAd, pEntry, &pBAEntry->BAWinSize);
pBAEntry->TimeOutValue = pFrame->TimeOutValue;
pBAEntry->ORI_BA_Status = Originator_Done;
pAd->BATable.numDoneOriginator++;
/* reset sequence number */
pBAEntry->Sequence = BA_ORI_INIT_SEQ;
/* Set Bitmap flag. */
pEntry->TXBAbitmap |= (1 << TID);
RTMPCancelTimer(&pBAEntry->ORIBATimer, &Cancelled);
pBAEntry->ORIBATimer.TimerValue = 0; /*pFrame->TimeOutValue; */
DBGPRINT(RT_DEBUG_TRACE,
("%s : TXBAbitmap = %x, BAWinSize = %d, TimeOut = %ld\n",
__func__, pEntry->TXBAbitmap, pBAEntry->BAWinSize,
pBAEntry->ORIBATimer.TimerValue));
/* SEND BAR ; */
NStatus = MlmeAllocateMemory(pAd, &pOutBuffer2); /*Get an unused nonpaged memory */
if (NStatus != NDIS_STATUS_SUCCESS) {
DBGPRINT(RT_DEBUG_TRACE,
("BA - BAOriSessionAdd() allocate memory failed \n"));
return;
}
BarHeaderInit(pAd, &FrameBar,
pAd->MacTab.Content[pBAEntry->Wcid].Addr,
pAd->CurrentAddress);
FrameBar.StartingSeq.field.FragNum = 0; /* make sure sequence not clear in DEL function. */
FrameBar.StartingSeq.field.StartSeq = pBAEntry->Sequence; /* make sure sequence not clear in DEL funciton. */
FrameBar.BarControl.TID = pBAEntry->TID; /* make sure sequence not clear in DEL funciton. */
MakeOutgoingFrame(pOutBuffer2, &FrameLen,
sizeof(struct rt_frame_bar), &FrameBar, END_OF_ARGS);
MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer2, FrameLen);
MlmeFreeMemory(pAd, pOutBuffer2);
if (pBAEntry->ORIBATimer.TimerValue)
RTMPSetTimer(&pBAEntry->ORIBATimer, pBAEntry->ORIBATimer.TimerValue); /* in mSec */
}
}
/*
==========================================================================
Description:
==========================================================================
*/
static VOID ApCliPeerAuthRspAtSeq2Action(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
BOOLEAN Cancelled;
UCHAR Addr2[MAC_ADDR_LEN];
USHORT Seq, Status, Alg;
USHORT RemoteStatus;
UCHAR iv_hdr[LEN_WEP_IV_HDR];
/* UCHAR ChlgText[CIPHER_TEXT_LEN]; */
UCHAR *ChlgText = NULL;
UCHAR CyperChlgText[CIPHER_TEXT_LEN + 8 + 8];
ULONG c_len = 0;
HEADER_802_11 AuthHdr;
NDIS_STATUS NState;
PUCHAR pOutBuffer = NULL;
ULONG FrameLen = 0;
APCLI_CTRL_MSG_STRUCT ApCliCtrlMsg;
UCHAR ChallengeIe = IE_CHALLENGE_TEXT;
UCHAR len_challengeText = CIPHER_TEXT_LEN;
USHORT ifIndex = (USHORT)(Elem->Priv);
PULONG pCurrState = NULL;
#ifdef MAC_REPEATER_SUPPORT
UCHAR CliIdx = 0xFF;
#endif /* MAC_REPEATER_SUPPORT */
if ((ifIndex >= MAX_APCLI_NUM)
#ifdef MAC_REPEATER_SUPPORT
&& (ifIndex < 64)
#endif /* MAC_REPEATER_SUPPORT */
)
return;
#ifdef MAC_REPEATER_SUPPORT
if (ifIndex >= 64)
{
CliIdx = ((ifIndex - 64) % 16);
ifIndex = ((ifIndex - 64) / 16);
pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].AuthCurrState;
}
else
#endif /* MAC_REPEATER_SUPPORT */
pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].AuthCurrState;
/* allocate memory */
os_alloc_mem(NULL, (UCHAR **)&ChlgText, CIPHER_TEXT_LEN);
if (ChlgText == NULL)
{
DBGPRINT(RT_DEBUG_ERROR, ("%s: Allocate memory fail!!!\n", __FUNCTION__));
return;
}
if(PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, (CHAR *) ChlgText))
{
if(MAC_ADDR_EQUAL(pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.Bssid, Addr2) && Seq == 2)
{
#ifdef MAC_REPEATER_SUPPORT
if (CliIdx != 0xFF)
{
DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Repeater Cli Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n", Alg, Status));
RTMPCancelTimer(&pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].ApCliAuthTimer, &Cancelled);
}
else
#endif /* MAC_REPEATER_SUPPORT */
{
DBGPRINT(RT_DEBUG_TRACE, ("APCLI AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n", Alg, Status));
RTMPCancelTimer(&pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.ApCliAuthTimer, &Cancelled);
}
if(Status == MLME_SUCCESS)
{
if(pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.Alg == Ndis802_11AuthModeOpen)
{
*pCurrState = APCLI_AUTH_REQ_IDLE;
ApCliCtrlMsg.Status= MLME_SUCCESS;
#ifdef MAC_REPEATER_SUPPORT
ApCliCtrlMsg.CliIdx = CliIdx;
ApCliCtrlMsg.BssIdx = ifIndex;
ifIndex = (USHORT)(Elem->Priv);
#endif /* MAC_REPEATER_SUPPORT */
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
}
else
{
PCIPHER_KEY pKey;
UINT default_key = pAd->ApCfg.ApCliTab[ifIndex].DefaultKeyId;
pKey = &pAd->ApCfg.ApCliTab[ifIndex].SharedKey[default_key];
/* 2. shared key, need to be challenged */
Seq++;
RemoteStatus = MLME_SUCCESS;
/* allocate and send out AuthRsp frame */
NState = MlmeAllocateMemory(pAd, &pOutBuffer);
if(NState != NDIS_STATUS_SUCCESS)
{
DBGPRINT(RT_DEBUG_TRACE, ("AUTH - ApCliPeerAuthRspAtSeq2Action allocate memory fail\n"));
*pCurrState = APCLI_AUTH_REQ_IDLE;
ApCliCtrlMsg.Status= MLME_FAIL_NO_RESOURCE;
#ifdef MAC_REPEATER_SUPPORT
ApCliCtrlMsg.CliIdx = CliIdx;
ApCliCtrlMsg.BssIdx = ifIndex;
ifIndex = (USHORT)(Elem->Priv);
#endif /* MAC_REPEATER_SUPPORT */
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
goto LabelOK;
}
#ifdef MAC_REPEATER_SUPPORT
if (CliIdx != 0xFF)
DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Repeater Cli Send AUTH request seq#3...\n"));
else
#endif /* MAC_REPEATER_SUPPORT */
DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send AUTH request seq#3...\n"));
ApCliMgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr2, pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.Bssid, ifIndex);
AuthHdr.FC.Wep = 1;
#ifdef MAC_REPEATER_SUPPORT
if (CliIdx != 0xFF)
COPY_MAC_ADDR(AuthHdr.Addr2, pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].CurrentAddress);
#endif /* MAC_REPEATER_SUPPORT */
/* Encrypt challenge text & auth information */
/* TSC increment */
INC_TX_TSC(pKey->TxTsc, LEN_WEP_TSC);
/* Construct the 4-bytes WEP IV header */
RTMPConstructWEPIVHdr(default_key, pKey->TxTsc, iv_hdr);
Alg = cpu2le16(*(USHORT *)&Alg);
Seq = cpu2le16(*(USHORT *)&Seq);
RemoteStatus= cpu2le16(*(USHORT *)&RemoteStatus);
/* Construct message text */
MakeOutgoingFrame(CyperChlgText, &c_len,
2, &Alg,
2, &Seq,
2, &RemoteStatus,
1, &ChallengeIe,
1, &len_challengeText,
len_challengeText, ChlgText,
END_OF_ARGS);
if (RTMPSoftEncryptWEP(pAd,
iv_hdr,
pKey,
CyperChlgText,
c_len) == FALSE)
{
DBGPRINT(RT_DEBUG_TRACE, ("AUTH - ApCliPeerAuthRspAtSeq2Action allocate memory fail\n"));
*pCurrState = APCLI_AUTH_REQ_IDLE;
ApCliCtrlMsg.Status= MLME_FAIL_NO_RESOURCE;
#ifdef MAC_REPEATER_SUPPORT
ApCliCtrlMsg.BssIdx = ifIndex;
ApCliCtrlMsg.CliIdx = CliIdx;
ifIndex = (USHORT)(Elem->Priv);
#endif /* MAC_REPEATER_SUPPORT */
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
goto LabelOK;
}
/* Update the total length for 4-bytes ICV */
c_len += LEN_ICV;
MakeOutgoingFrame(pOutBuffer, &FrameLen,
sizeof(HEADER_802_11), &AuthHdr,
LEN_WEP_IV_HDR, iv_hdr,
c_len, CyperChlgText,
END_OF_ARGS);
MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
#ifdef MAC_REPEATER_SUPPORT
if (CliIdx != 0xFF)
RTMPSetTimer(&pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].ApCliAuthTimer, AUTH_TIMEOUT);
else
#endif /* MAC_REPEATER_SUPPORT */
RTMPSetTimer(&pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.ApCliAuthTimer, AUTH_TIMEOUT);
*pCurrState = APCLI_AUTH_WAIT_SEQ4;
}
}
else
{
*pCurrState = APCLI_AUTH_REQ_IDLE;
#ifdef MAC_REPEATER_SUPPORT
ApCliCtrlMsg.CliIdx = CliIdx;
ApCliCtrlMsg.BssIdx = ifIndex;
ifIndex = (USHORT)(Elem->Priv);
#endif /* MAC_REPEATER_SUPPORT */
ApCliCtrlMsg.Status= Status;
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
}
}
}
else
{
DBGPRINT(RT_DEBUG_TRACE, ("APCLI AUTH - PeerAuthSanity() sanity check fail\n"));
}
LabelOK:
if (pOutBuffer != NULL)
MlmeFreeMemory(pAd, pOutBuffer);
if (ChlgText != NULL)
os_free_mem(NULL, ChlgText);
return;
}
/*
==========================================================================
Description:
IRQL = PASSIVE_LEVEL
==========================================================================
*/
VOID
TDLS_BuildSetupRequest(
IN PRTMP_ADAPTER pAd,
OUT PUCHAR pFrameBuf,
OUT PULONG pFrameLen,
IN PRT_802_11_TDLS pTDLS)
{
ULONG Timeout = TDLS_TIMEOUT;
BOOLEAN TimerCancelled;
/* fill action code */
TDLS_InsertActField(pAd, (pFrameBuf + *pFrameLen), pFrameLen, CATEGORY_TDLS, TDLS_ACTION_CODE_SETUP_REQUEST);
/* fill Dialog Token */
pAd->StaCfg.TdlsDialogToken++;
if (pAd->StaCfg.TdlsDialogToken == 0)
pAd->StaCfg.TdlsDialogToken++;
pTDLS->Token = pAd->StaCfg.TdlsDialogToken;
TDLS_InsertDialogToken(pAd, (pFrameBuf + *pFrameLen), pFrameLen, pTDLS->Token);
/* fill link identifier */
TDLS_InsertLinkIdentifierIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen, pAd->CurrentAddress, pTDLS->MacAddr);
// fill capability
TDLS_InsertCapIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen);
// fill ssid
TDLS_InsertSSIDIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen);
// fill support rate
TDLS_InsertSupportRateIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen);
// fill ext rate
TDLS_InsertExtRateIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen);
// fill Qos Capability
TDLS_InsertQosCapIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen);
#ifdef DOT11_N_SUPPORT
// fill HT Capability
TDLS_InsertHtCapIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen);
// fill 20/40 BSS Coexistence (7.3.2.61)
#ifdef DOT11N_DRAFT3
TDLS_InsertBSSCoexistenceIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen);
#endif // DOT11N_DRAFT3 //
#endif // DOT11_N_SUPPORT //
// fill Extended Capabilities (7.3.2.27)
TDLS_InsertExtCapIE(pAd, (pFrameBuf + *pFrameLen), pFrameLen);
// TPK Handshake if RSNA Enabled
// Pack TPK Message 1 here!
if (((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK)) &&
((pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled) || (pAd->StaCfg.WepStatus == Ndis802_11Encryption3Enabled)))
{
UCHAR CipherTmp[64] = {0};
UCHAR CipherTmpLen = 0;
FT_FTIE FtIe;
ULONG KeyLifetime = TDLS_KEY_TIMEOUT; // sec
ULONG tmp;
UCHAR Length;
// RSNIE (7.3.2.25)
CipherTmpLen = CipherSuiteTDLSLen;
if (pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled)
NdisMoveMemory(CipherTmp, CipherSuiteTDLSWpa2PskTkip, CipherTmpLen);
else
NdisMoveMemory(CipherTmp, CipherSuiteTDLSWpa2PskAes, CipherTmpLen);
// update AKM
if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2)
CipherTmp[19] = TDLS_AKM_SUITE_1X;
// Insert RSN_IE to outgoing frame
MakeOutgoingFrame((pFrameBuf + *pFrameLen), &tmp,
CipherTmpLen, &CipherTmp,
END_OF_ARGS);
*pFrameLen = *pFrameLen + tmp;
// FTIE (7.3.2.48)
NdisZeroMemory(&FtIe, sizeof(FtIe));
Length = sizeof(FtIe);
// generate SNonce
GenRandom(pAd, pAd->CurrentAddress, FtIe.SNonce);
hex_dump("TDLS - Generate SNonce ", FtIe.SNonce, 32);
NdisMoveMemory(pTDLS->SNonce, FtIe.SNonce, 32);
TDLS_InsertFTIE(
pAd,
(pFrameBuf + *pFrameLen),
pFrameLen,
Length,
FtIe.MICCtr,
FtIe.MIC,
FtIe.ANonce,
FtIe.SNonce);
// Timeout Interval (7.3.2.49)
TDLS_InsertTimeoutIntervalIE(
pAd,
(pFrameBuf + *pFrameLen),
pFrameLen,
2, /* key lifetime interval */
KeyLifetime);
pTDLS->KeyLifetime = KeyLifetime;
}
// ==>> Set sendout timer
RTMPCancelTimer(&pTDLS->Timer, &TimerCancelled);
RTMPSetTimer(&pTDLS->Timer, Timeout);
// ==>> State Change
pTDLS->Status = TDLS_MODE_WAIT_RESPONSE;
}
/*
========================================================================
Routine Description:
Periodic evaluate antenna link status
Arguments:
pAd - Adapter pointer
Return Value:
None
========================================================================
*/
VOID APAsicEvaluateRxAnt(
IN PRTMP_ADAPTER pAd)
{
UCHAR BBPR3 = 0;
ULONG TxTotalCnt;
#ifdef RALINK_ATE
if (ATE_ON(pAd))
return;
#endif /* RALINK_ATE */
#ifdef CARRIER_DETECTION_SUPPORT
if(pAd->CommonCfg.CarrierDetect.CD_State == CD_SILENCE)
return;
#endif /* CARRIER_DETECTION_SUPPORT */
#ifdef TXBF_SUPPORT
/* TODO: we didn't do RxAnt evaluate for 3x3 chips */
if (IS_RT3883(pAd) || IS_RT2883(pAd))
return;
#endif /* TXBF_SUPPORT */
RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BBPR3);
BBPR3 &= (~0x18);
if((pAd->Antenna.field.RxPath == 3)
#ifdef DOT11_N_SUPPORT
#ifdef GREENAP_SUPPORT
&& (pAd->ApCfg.bGreenAPActive == FALSE)
#endif /* GREENAP_SUPPORT */
#endif /* DOT11_N_SUPPORT */
)
{
BBPR3 |= (0x10);
}
else if((pAd->Antenna.field.RxPath == 2)
#ifdef DOT11_N_SUPPORT
#ifdef GREENAP_SUPPORT
&& (pAd->ApCfg.bGreenAPActive == FALSE)
#endif /* GREENAP_SUPPORT */
#endif /* DOT11_N_SUPPORT */
)
{
BBPR3 |= (0x8);
}
else if(pAd->Antenna.field.RxPath == 1)
{
BBPR3 |= (0x0);
}
RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BBPR3);
TxTotalCnt = pAd->RalinkCounters.OneSecTxNoRetryOkCount +
pAd->RalinkCounters.OneSecTxRetryOkCount +
pAd->RalinkCounters.OneSecTxFailCount;
if (TxTotalCnt > 50)
{
RTMPSetTimer(&pAd->Mlme.RxAntEvalTimer, 20);
pAd->Mlme.bLowThroughput = FALSE;
}
else
{
RTMPSetTimer(&pAd->Mlme.RxAntEvalTimer, 300);
pAd->Mlme.bLowThroughput = TRUE;
}
}
VOID BAOriSessionAdd(
IN PRTMP_ADAPTER pAd,
IN MAC_TABLE_ENTRY *pEntry,
IN PFRAME_ADDBA_RSP pFrame)
{
BA_ORI_ENTRY *pBAEntry = NULL;
BOOLEAN Cancelled;
UCHAR TID;
USHORT Idx;
PUCHAR pOutBuffer2 = NULL;
NDIS_STATUS NStatus;
ULONG FrameLen;
FRAME_BAR FrameBar;
UCHAR MaxPeerBufSize;
TID = pFrame->BaParm.TID;
Idx = pEntry->BAOriWcidArray[TID];
pBAEntry =&pAd->BATable.BAOriEntry[Idx];
MaxPeerBufSize = 0;
/* Start fill in parameters.*/
if ((Idx !=0) && (pBAEntry->TID == TID) && (pBAEntry->ORI_BA_Status == Originator_WaitRes))
{
MaxPeerBufSize = (UCHAR)pFrame->BaParm.BufSize;
if (MaxPeerBufSize > 0)
MaxPeerBufSize -= 1;
else
MaxPeerBufSize = 0;
pBAEntry->BAWinSize = min(pBAEntry->BAWinSize, MaxPeerBufSize);
BA_MaxWinSizeReasign(pAd, pEntry, &pBAEntry->BAWinSize);
pBAEntry->TimeOutValue = pFrame->TimeOutValue;
pBAEntry->ORI_BA_Status = Originator_Done;
pAd->BATable.numDoneOriginator ++;
/* reset sequence number */
pBAEntry->Sequence = BA_ORI_INIT_SEQ;
/* Set Bitmap flag.*/
pEntry->TXBAbitmap |= (1<<TID);
RTMPCancelTimer(&pBAEntry->ORIBATimer, &Cancelled);
pBAEntry->ORIBATimer.TimerValue = 0; /*pFrame->TimeOutValue;*/
DBGPRINT(RT_DEBUG_TRACE,("%s : TXBAbitmap = %x, BAWinSize = %d, TimeOut = %ld\n", __FUNCTION__, pEntry->TXBAbitmap,
pBAEntry->BAWinSize, pBAEntry->ORIBATimer.TimerValue));
/* SEND BAR ;*/
NStatus = MlmeAllocateMemory(pAd, &pOutBuffer2); /*Get an unused nonpaged memory*/
if (NStatus != NDIS_STATUS_SUCCESS)
{
DBGPRINT(RT_DEBUG_TRACE,("BA - BAOriSessionAdd() allocate memory failed \n"));
return;
}
#ifdef CONFIG_STA_SUPPORT
IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
BarHeaderInit(pAd, &FrameBar, pAd->MacTab.Content[pBAEntry->Wcid].Addr, pAd->CurrentAddress);
#endif /* CONFIG_STA_SUPPORT */
FrameBar.StartingSeq.field.FragNum = 0; /* make sure sequence not clear in DEL function.*/
FrameBar.StartingSeq.field.StartSeq = pBAEntry->Sequence; /* make sure sequence not clear in DEL funciton.*/
FrameBar.BarControl.TID = pBAEntry->TID; /* make sure sequence not clear in DEL funciton.*/
MakeOutgoingFrame(pOutBuffer2, &FrameLen,
sizeof(FRAME_BAR), &FrameBar,
END_OF_ARGS);
MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer2, FrameLen);
MlmeFreeMemory(pAd, pOutBuffer2);
if (pBAEntry->ORIBATimer.TimerValue)
RTMPSetTimer(&pBAEntry->ORIBATimer, pBAEntry->ORIBATimer.TimerValue); /* in mSec */
}
}
VOID PMF_MlmeSAQueryReq(
IN PRTMP_ADAPTER pAd,
IN MAC_TABLE_ENTRY *pEntry)
{
PUCHAR pOutBuffer = NULL;
HEADER_802_11 SAQReqHdr;
UINT32 FrameLen = 0;
UCHAR SACategoryType, SAActionType;
UINT ccmp_len = LEN_CCMP_HDR + LEN_CCMP_MIC;
UCHAR ccmp_buf[ccmp_len];
PPMF_CFG pPmfCfg = NULL;
if (!pEntry)
{
DBGPRINT(RT_DEBUG_ERROR, ("[PMF]%s : Entry is NULL\n", __FUNCTION__));
return;
}
if (!(CLIENT_STATUS_TEST_FLAG(pEntry, fCLIENT_STATUS_PMF_CAPABLE)))
{
DBGPRINT(RT_DEBUG_ERROR, ("[PMF]%s : Entry is not PMF capable, STA(%02x:%02x:%02x:%02x:%02x:%02x)\n", __FUNCTION__, PRINT_MAC(pEntry->Addr)));
return;
}
if (pEntry->SAQueryStatus == SAQ_SENDING)
return;
#ifdef CONFIG_AP_SUPPORT
IF_DEV_CONFIG_OPMODE_ON_AP(pAd)
{
pPmfCfg = &pAd->ApCfg.MBSSID[pEntry->apidx].PmfCfg;
}
#endif /* CONFIG_AP_SUPPORT */
#ifdef CONFIG_STA_SUPPORT
IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
{
pPmfCfg = &pAd->StaCfg.PmfCfg;
}
#endif /* CONFIG_STA_SUPPORT */
if (pPmfCfg)
{
/* Send the SA Query Request */
os_alloc_mem(NULL, (UCHAR **)&pOutBuffer, MAX_LEN_OF_MLME_BUFFER);
if(pOutBuffer == NULL)
return;
#ifdef CONFIG_AP_SUPPORT
IF_DEV_CONFIG_OPMODE_ON_AP(pAd)
{
MgtMacHeaderInit(pAd, &SAQReqHdr, SUBTYPE_ACTION, 0, pEntry->Addr,pAd->ApCfg.MBSSID[pEntry->apidx].wdev.if_addr,
pAd->ApCfg.MBSSID[pEntry->apidx].wdev.bssid);
}
#endif /* CONFIG_AP_SUPPORT */
#ifdef CONFIG_STA_SUPPORT
IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
{
MgtMacHeaderInit(pAd, &SAQReqHdr, SUBTYPE_ACTION, 0, pEntry->Addr,
pAd->CurrentAddress,
pAd->CurrentAddress);
}
#endif /* CONFIG_STA_SUPPORT */
pEntry->TransactionID++;
SACategoryType = CATEGORY_SA;
SAActionType = ACTION_SAQ_REQUEST;
MakeOutgoingFrame(pOutBuffer, (ULONG *) &FrameLen,
sizeof(HEADER_802_11), &SAQReqHdr,
1, &SACategoryType,
1, &SAActionType,
2, &pEntry->TransactionID,
END_OF_ARGS);
if (pEntry->SAQueryStatus == SAQ_IDLE) {
RTMPSetTimer(&pEntry->SAQueryTimer, 1000); /* 1000ms */
DBGPRINT(RT_DEBUG_ERROR, ("[PMF]%s -- SAQueryTimer\n", __FUNCTION__));
}
pEntry->SAQueryStatus = SAQ_SENDING;
RTMPSetTimer(&pEntry->SAQueryConfirmTimer, 200); /* 200ms */
/* transmit the frame */
MiniportMMRequest(pAd, QID_MGMT, pOutBuffer, FrameLen);
os_free_mem(NULL, pOutBuffer);
DBGPRINT(RT_DEBUG_ERROR, ("[PMF]%s - Send SA Query Request to STA(%02x:%02x:%02x:%02x:%02x:%02x)\n",
__FUNCTION__, PRINT_MAC(pEntry->Addr)));
}
}
BOOLEAN AUTH_ReqSend(struct rt_rtmp_adapter *pAd,
struct rt_mlme_queue_elem *pElem,
struct rt_ralink_timer *pAuthTimer,
char *pSMName,
u16 SeqNo,
u8 *pNewElement, unsigned long ElementLen)
{
u16 Alg, Seq, Status;
u8 Addr[6];
unsigned long Timeout;
struct rt_header_802_11 AuthHdr;
BOOLEAN TimerCancelled;
int NStatus;
u8 *pOutBuffer = NULL;
unsigned long FrameLen = 0, tmp = 0;
/* Block all authentication request durning WPA block period */
if (pAd->StaCfg.bBlockAssoc == TRUE) {
DBGPRINT(RT_DEBUG_TRACE,
("%s - Block Auth request durning WPA block period!\n",
pSMName));
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
Status = MLME_STATE_MACHINE_REJECT;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2,
&Status);
} else
if (MlmeAuthReqSanity
(pAd, pElem->Msg, pElem->MsgLen, Addr, &Timeout, &Alg)) {
/* reset timer */
RTMPCancelTimer(pAuthTimer, &TimerCancelled);
COPY_MAC_ADDR(pAd->MlmeAux.Bssid, Addr);
pAd->MlmeAux.Alg = Alg;
Seq = SeqNo;
Status = MLME_SUCCESS;
NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */
if (NStatus != NDIS_STATUS_SUCCESS) {
DBGPRINT(RT_DEBUG_TRACE,
("%s - MlmeAuthReqAction(Alg:%d) allocate memory failed\n",
pSMName, Alg));
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
Status = MLME_FAIL_NO_RESOURCE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF,
2, &Status);
return FALSE;
}
DBGPRINT(RT_DEBUG_TRACE,
("%s - Send AUTH request seq#1 (Alg=%d)...\n", pSMName,
Alg));
MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr,
pAd->MlmeAux.Bssid);
MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(struct rt_header_802_11),
&AuthHdr, 2, &Alg, 2, &Seq, 2, &Status,
END_OF_ARGS);
if (pNewElement && ElementLen) {
MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
ElementLen, pNewElement, END_OF_ARGS);
FrameLen += tmp;
}
MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
MlmeFreeMemory(pAd, pOutBuffer);
RTMPSetTimer(pAuthTimer, Timeout);
return TRUE;
} else {
DBGPRINT_ERR(("%s - MlmeAuthReqAction() sanity check failed\n",
pSMName));
return FALSE;
}
return TRUE;
}
/*
==========================================================================
Description:
IRQL = DISPATCH_LEVEL
==========================================================================
*/
VOID FT_OTD_ReqAction(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
PUCHAR pOutBuffer = NULL;
NDIS_STATUS NStatus;
ULONG FrameLen = 0;
HEADER_802_11 FtReqHdr;
FT_MDIE MdIe;
UCHAR Snonce[32];
UCHAR R0KhIdLen;
UCHAR R0KhId[FT_ROKH_ID_LEN + 1];
UCHAR Category = FT_CATEGORY_BSS_TRANSITION;
UCHAR Action = FT_ACTION_BT_REQ;
ULONG Timeout = 0;
USHORT Status;
UCHAR TargetAddr[6];
NDIS_802_11_VARIABLE_IEs *pRsnIE = NULL;
USHORT LenRsnIE;
if (!MlmeFtReqSanity
(pAd, Elem->Msg, Elem->MsgLen, TargetAddr, &Timeout, &MdIe, Snonce,
&R0KhIdLen, R0KhId, &LenRsnIE, pRsnIE)) {
DBGPRINT_ERR(("FT_OTD_ACTION - FT_OTD_ReqAction() sanity check failed\n"));
pAd->Mlme.AuthMachine.CurrState = FT_OTD_IDLE;
Status = MLME_INVALID_FORMAT;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2,
&Status, 0);
return;
}
DBGPRINT(RT_DEBUG_TRACE, ("FT_OTD_ACTION :FT_OTD_ReqAction() \n"));
NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */
if (NStatus != NDIS_STATUS_SUCCESS) {
DBGPRINT(RT_DEBUG_ERROR,
("FT_OTD_ACTION :FT_OTD_ReqAction() allocate memory failed \n"));
return;
}
ActHeaderInit(pAd, &FtReqHdr, pAd->CommonCfg.Bssid, pAd->CurrentAddress,
pAd->CommonCfg.Bssid);
/* Build basic frame first */
MakeOutgoingFrame(pOutBuffer, &FrameLen,
sizeof (HEADER_802_11), &FtReqHdr,
1, &Category,
1, &Action,
6, pAd->CurrentAddress, 6, TargetAddr, END_OF_ARGS);
/* MDIE */
FT_InsertMdIE(pAd, pOutBuffer + FrameLen, &FrameLen, MdIe.MdId,
MdIe.FtCapPlc);
/* Process with RSN */
if (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA) {
FT_ConstructAuthReqInRsn(pAd, pOutBuffer, &FrameLen);
}
MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
MlmeFreeMemory(pAd, pOutBuffer);
RTMPSetTimer(&pAd->MlmeAux.FtOtdActTimer, Timeout);
pAd->Mlme.FtOtdActMachine.CurrState = FT_OTD_WAIT_SEQ2;
}
BOOLEAN AUTH_ReqSend(
IN PRTMP_ADAPTER pAd,
IN PMLME_QUEUE_ELEM pElem,
IN PRALINK_TIMER_STRUCT pAuthTimer,
IN PSTRING pSMName,
IN USHORT SeqNo,
IN PUCHAR pNewElement,
IN ULONG ElementLen)
{
USHORT Alg, Seq, Status;
UCHAR Addr[6];
ULONG Timeout;
HEADER_802_11 AuthHdr;
BOOLEAN TimerCancelled;
NDIS_STATUS NStatus;
PUCHAR pOutBuffer = NULL;
ULONG FrameLen = 0, tmp = 0;
/* Block all authentication request durning WPA block period */
if (pAd->StaCfg.bBlockAssoc == TRUE) {
DBGPRINT(RT_DEBUG_TRACE,
("%s - Block Auth request durning WPA block period!\n",
pSMName));
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
Status = MLME_STATE_MACHINE_REJECT;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2,
&Status, 0);
}
else if (MlmeAuthReqSanity(pAd, pElem->Msg, pElem->MsgLen, Addr, &Timeout, &Alg))
{
/* reset timer */
RTMPCancelTimer(pAuthTimer, &TimerCancelled);
COPY_MAC_ADDR(pAd->MlmeAux.Bssid, Addr);
pAd->MlmeAux.Alg = Alg;
Seq = SeqNo;
Status = MLME_SUCCESS;
NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */
if (NStatus != NDIS_STATUS_SUCCESS) {
DBGPRINT(RT_DEBUG_TRACE,
("%s - MlmeAuthReqAction(Alg:%d) allocate memory failed\n",
pSMName, Alg));
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
Status = MLME_FAIL_NO_RESOURCE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF,
2, &Status, 0);
return FALSE;
}
DBGPRINT(RT_DEBUG_TRACE,
("%s - Send AUTH request seq#1 (Alg=%d)...\n",
pSMName, Alg));
MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr,
pAd->CurrentAddress,
pAd->MlmeAux.Bssid);
MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof (HEADER_802_11),
&AuthHdr, 2, &Alg, 2, &Seq, 2, &Status,
END_OF_ARGS);
if (pNewElement && ElementLen) {
MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
ElementLen, pNewElement, END_OF_ARGS);
FrameLen += tmp;
}
MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
MlmeFreeMemory(pAd, pOutBuffer);
RTMPSetTimer(pAuthTimer, Timeout);
return TRUE;
}
else
{
DBGPRINT_ERR(("%s(): %s sanity check fail\n", __FUNCTION__, pSMName));
return FALSE;
}
return TRUE;
}
/*
==========================================================================
Description:
MLME PROBE req state machine procedure
==========================================================================
*/
static VOID ApCliMlmeProbeReqAction(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
BOOLEAN Cancelled;
APCLI_MLME_JOIN_REQ_STRUCT *Info = (APCLI_MLME_JOIN_REQ_STRUCT *)(Elem->Msg);
USHORT ifIndex = (USHORT)(Elem->Priv);
PULONG pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].SyncCurrState;
APCLI_STRUCT *pApCliEntry = NULL;
struct wifi_dev *wdev;
ULONG bss_idx = BSS_NOT_FOUND;
DBGPRINT(RT_DEBUG_TRACE, ("ApCli SYNC - ApCliMlmeProbeReqAction(Ssid %s)\n", Info->Ssid));
if (ifIndex >= MAX_APCLI_NUM)
return;
pApCliEntry = &pAd->ApCfg.ApCliTab[ifIndex];
wdev = &pApCliEntry->wdev;
/* reset all the timers */
RTMPCancelTimer(&(pApCliEntry->MlmeAux.ProbeTimer), &Cancelled);
pApCliEntry->MlmeAux.Rssi = -9999;
bss_idx = BssSsidTableSearchBySSID(&pAd->ScanTab, (PCHAR)Info->Ssid, Info->SsidLen);
if (bss_idx == BSS_NOT_FOUND)
{
#ifdef APCLI_CONNECTION_TRIAL
if (pApCliEntry->TrialCh ==0)
pApCliEntry->MlmeAux.Channel = pAd->CommonCfg.Channel;
else
pApCliEntry->MlmeAux.Channel = pApCliEntry->TrialCh;
#else
pApCliEntry->MlmeAux.Channel = pAd->CommonCfg.Channel;
#endif /* APCLI_CONNECTION_TRIAL */
}
else
{
#ifdef APCLI_CONNECTION_TRIAL
if (pApCliEntry->TrialCh ==0)
pApCliEntry->MlmeAux.Channel = pAd->CommonCfg.Channel;
else
pApCliEntry->MlmeAux.Channel = pApCliEntry->TrialCh;
#else
DBGPRINT(RT_DEBUG_TRACE, ("%s, Found %s in scanTable , goto channel %d\n",
__FUNCTION__, pAd->ScanTab.BssEntry[bss_idx].Ssid,
pAd->ScanTab.BssEntry[bss_idx].Channel));
pApCliEntry->MlmeAux.Channel = pAd->ScanTab.BssEntry[bss_idx].Channel;
#endif /* APCLI_CONNECTION_TRIAL */
}
#ifdef RT_CFG80211_P2P_CONCURRENT_DEVICE
pApCliEntry->MlmeAux.SupRateLen = pAd->cfg80211_ctrl.P2pSupRateLen;
NdisMoveMemory(pApCliEntry->MlmeAux.SupRate, pAd->cfg80211_ctrl.P2pSupRate, pAd->cfg80211_ctrl.P2pSupRateLen);
pApCliEntry->MlmeAux.ExtRateLen = pAd->cfg80211_ctrl.P2pExtRateLen;
NdisMoveMemory(pApCliEntry->MlmeAux.ExtRate, pAd->cfg80211_ctrl.P2pExtRate, pAd->cfg80211_ctrl.P2pExtRateLen);
#else
#ifdef APCLI_AUTO_BW_SUPPORT
pApCliEntry->MlmeAux.SupRateLen = wdev->SupRateLen;
NdisMoveMemory(pApCliEntry->MlmeAux.SupRate, wdev->SupRate, wdev->SupRateLen);
/* Prepare the default value for extended rate */
pApCliEntry->MlmeAux.ExtRateLen = wdev->ExtRateLen;
NdisMoveMemory(pApCliEntry->MlmeAux.ExtRate, wdev->ExtRate, wdev->ExtRateLen);
#else
pApCliEntry->MlmeAux.SupRateLen = pAd->CommonCfg.SupRateLen;
NdisMoveMemory(pApCliEntry->MlmeAux.SupRate, pAd->CommonCfg.SupRate, pAd->CommonCfg.SupRateLen);
/* Prepare the default value for extended rate */
pApCliEntry->MlmeAux.ExtRateLen = pAd->CommonCfg.ExtRateLen;
NdisMoveMemory(pApCliEntry->MlmeAux.ExtRate, pAd->CommonCfg.ExtRate, pAd->CommonCfg.ExtRateLen);
#endif /* APCLI_AUTO_BW_SUPPORT */
#endif /* RT_CFG80211_P2P_CONCURRENT_DEVICE */
RTMPSetTimer(&(pApCliEntry->MlmeAux.ProbeTimer), PROBE_TIMEOUT);
#ifdef APCLI_CONNECTION_TRIAL
NdisZeroMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Bssid, MAC_ADDR_LEN);
NdisZeroMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Ssid, MAX_LEN_OF_SSID);
NdisCopyMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Bssid, Info->Bssid, MAC_ADDR_LEN);
NdisCopyMemory(pAd->ApCfg.ApCliTab[ifIndex].MlmeAux.Ssid, Info->Ssid, Info->SsidLen);
#endif /* APCLI_CONNECTION_TRIAL */
ApCliEnqueueProbeRequest(pAd, Info->SsidLen, (PCHAR)Info->Ssid, (PCHAR)Info->Bssid, ifIndex);
DBGPRINT(RT_DEBUG_TRACE, ("ApCli SYNC - Start Probe the SSID %s on channel =%d\n", Info->Ssid, pApCliEntry->MlmeAux.Channel));
*pCurrState = APCLI_JOIN_WAIT_PROBE_RSP;
return;
}
/*
==========================================================================
Description:
mlme assoc req handling procedure
Parameters:
Adapter - Adapter pointer
Elem - MLME Queue Element
Pre:
the station has been authenticated and the following information is stored in the config
-# SSID
-# supported rates and their length
-# listen interval (Adapter->PortCfg.default_listen_count)
-# Transmit power (Adapter->PortCfg.tx_power)
Post :
-# An association request frame is generated and sent to the air
-# Association timer starts
-# Association state -> ASSOC_WAIT_RSP
==========================================================================
*/
static VOID ApCliMlmeAssocReqAction(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
NDIS_STATUS NStatus;
BOOLEAN Cancelled;
UCHAR ApAddr[6];
HEADER_802_11 AssocHdr;
UCHAR WmeIe[9] = {IE_VENDOR_SPECIFIC, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00};
USHORT ListenIntv;
ULONG Timeout;
USHORT CapabilityInfo;
PUCHAR pOutBuffer = NULL;
ULONG FrameLen = 0;
ULONG tmp;
UCHAR SsidIe = IE_SSID;
UCHAR SupRateIe = IE_SUPP_RATES;
UCHAR ExtRateIe = IE_EXT_SUPP_RATES;
APCLI_CTRL_MSG_STRUCT ApCliCtrlMsg;
USHORT ifIndex = (USHORT)(Elem->Priv);
PULONG pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].AssocCurrState;
if (ifIndex >= MAX_APCLI_NUM)
return;
// Block all authentication request durning WPA block period
if (pAd->ApCfg.ApCliTab[ifIndex].bBlockAssoc == TRUE)
{
DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - Block Auth request durning WPA block period!\n"));
*pCurrState = APCLI_ASSOC_IDLE;
ApCliCtrlMsg.Status = MLME_STATE_MACHINE_REJECT;
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_ASSOC_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
}
else if(MlmeAssocReqSanity(pAd, Elem->Msg, Elem->MsgLen, ApAddr, &CapabilityInfo, &Timeout, &ListenIntv))
{
RTMPCancelTimer(&pAd->MlmeAux.ApCliAssocTimer, &Cancelled);
// allocate and send out AssocRsp frame
NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); //Get an unused nonpaged memory
if (NStatus != NDIS_STATUS_SUCCESS)
{
DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - ApCliMlmeAssocReqAction() allocate memory failed \n"));
*pCurrState = APCLI_ASSOC_IDLE;
ApCliCtrlMsg.Status = MLME_FAIL_NO_RESOURCE;
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_ASSOC_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
return;
}
DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - Send ASSOC request...\n"));
ApCliMgtMacHeaderInit(pAd, &AssocHdr, SUBTYPE_ASSOC_REQ, 0, ApAddr, ApAddr, ifIndex);
// Build basic frame first
MakeOutgoingFrame(pOutBuffer, &FrameLen,
sizeof(HEADER_802_11), &AssocHdr,
2, &CapabilityInfo,
2, &ListenIntv,
1, &SsidIe,
1, &pAd->MlmeAux.SsidLen,
pAd->MlmeAux.SsidLen, pAd->MlmeAux.Ssid,
1, &SupRateIe,
1, &pAd->MlmeAux.SupRateLen,
pAd->MlmeAux.SupRateLen, pAd->MlmeAux.SupRate,
END_OF_ARGS);
if(pAd->MlmeAux.ExtRateLen != 0)
{
MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
1, &ExtRateIe,
1, &pAd->MlmeAux.ExtRateLen,
pAd->MlmeAux.ExtRateLen, pAd->MlmeAux.ExtRate,
END_OF_ARGS);
FrameLen += tmp;
}
#ifdef DOT11_N_SUPPORT
// HT
if ((pAd->MlmeAux.HtCapabilityLen > 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
{
ULONG TmpLen;
//UCHAR HtLen;
//UCHAR BROADCOM[4] = {0x0, 0x90, 0x4c, 0x33};
//2008/12/17:KH modified to fix the low throughput of AP-Client on Big-Endian Platform<--
#ifdef RT_BIG_ENDIAN
HT_CAPABILITY_IE HtCapabilityTmp;
#endif
#ifndef RT_BIG_ENDIAN
{
MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
1, &HtCapIe,
1, &pAd->MlmeAux.HtCapabilityLen,
pAd->MlmeAux.HtCapabilityLen, &pAd->MlmeAux.HtCapability,
END_OF_ARGS);
}
#else
NdisZeroMemory(&HtCapabilityTmp, sizeof(HT_CAPABILITY_IE));
NdisMoveMemory(&HtCapabilityTmp, &pAd->MlmeAux.HtCapability, pAd->MlmeAux.HtCapabilityLen);
*(USHORT *)(&HtCapabilityTmp.HtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.HtCapInfo));
*(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo));
MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
1, &HtCapIe,
1, &pAd->MlmeAux.HtCapabilityLen,
pAd->MlmeAux.HtCapabilityLen,&HtCapabilityTmp,
END_OF_ARGS);
#endif
//2008/12/17:KH modified to fix the low throughput of AP-Client on Big-Endian Platform-->
FrameLen += TmpLen;
}
#endif // DOT11_N_SUPPORT //
#ifdef AGGREGATION_SUPPORT
// add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION
// Case I: (Aggregation + Piggy-Back)
// 1. user enable aggregation, AND
// 2. Mac support piggy-back
// 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON
// Case II: (Aggregation)
// 1. user enable aggregation, AND
// 2. AP annouces it's AGGREGATION-capable in BEACON
if (pAd->CommonCfg.bAggregationCapable)
{
#ifdef PIGGYBACK_SUPPORT
if ((pAd->CommonCfg.bPiggyBackCapable) && ((pAd->MlmeAux.APRalinkIe & 0x00000003) == 3))
{
ULONG TmpLen;
UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00};
MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
9, RalinkIe,
END_OF_ARGS);
FrameLen += TmpLen;
} else
#endif // PIGGYBACK_SUPPORT //
if (pAd->MlmeAux.APRalinkIe & 0x00000001)
{
ULONG TmpLen;
UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00};
MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
9, RalinkIe,
END_OF_ARGS);
FrameLen += TmpLen;
}
}
else
{
ULONG TmpLen;
UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x06, 0x00, 0x00, 0x00};
MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
9, RalinkIe,
END_OF_ARGS);
FrameLen += TmpLen;
}
#endif // AGGREGATION_SUPPORT //
if (pAd->MlmeAux.APEdcaParm.bValid)
{
if (pAd->CommonCfg.bAPSDCapable && pAd->MlmeAux.APEdcaParm.bAPSDCapable)
{
QBSS_STA_INFO_PARM QosInfo;
NdisZeroMemory(&QosInfo, sizeof(QBSS_STA_INFO_PARM));
QosInfo.UAPSD_AC_BE = pAd->CommonCfg.bAPSDAC_BE;
QosInfo.UAPSD_AC_BK = pAd->CommonCfg.bAPSDAC_BK;
QosInfo.UAPSD_AC_VI = pAd->CommonCfg.bAPSDAC_VI;
QosInfo.UAPSD_AC_VO = pAd->CommonCfg.bAPSDAC_VO;
QosInfo.MaxSPLength = pAd->CommonCfg.MaxSPLength;
WmeIe[8] |= *(PUCHAR)&QosInfo;
}
else
{
// The Parameter Set Count is set to бз0би in the association request frames
// WmeIe[8] |= (pAd->MlmeAux.APEdcaParm.EdcaUpdateCount & 0x0f);
}
MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
9, &WmeIe[0],
END_OF_ARGS);
FrameLen += tmp;
}
// Append RSN_IE when WPAPSK OR WPA2PSK,
if (((pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPAPSK) ||
(pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPA2PSK))
#ifdef WSC_AP_SUPPORT
&& (pAd->ApCfg.ApCliTab[ifIndex].WscControl.WscConfMode == WSC_DISABLE)
#endif // WSC_AP_SUPPORT //
)
{
UCHAR RSNIe = IE_WPA;
if (pAd->ApCfg.ApCliTab[ifIndex].AuthMode == Ndis802_11AuthModeWPA2PSK)
RSNIe = IE_WPA2;
MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
1, &RSNIe,
1, &pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len,
pAd->ApCfg.ApCliTab[ifIndex].RSNIE_Len, pAd->ApCfg.ApCliTab[ifIndex].RSN_IE,
END_OF_ARGS);
FrameLen += tmp;
}
MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
MlmeFreeMemory(pAd, pOutBuffer);
RTMPSetTimer(&pAd->MlmeAux.ApCliAssocTimer, Timeout);
*pCurrState = APCLI_ASSOC_WAIT_RSP;
}
else
{
DBGPRINT(RT_DEBUG_TRACE, ("APCLI_ASSOC - ApCliMlmeAssocReqAction() sanity check failed. BUG!!!!!! \n"));
*pCurrState = APCLI_ASSOC_IDLE;
ApCliCtrlMsg.Status = MLME_INVALID_FORMAT;
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_ASSOC_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
}
return;
}
VOID PeerPublicAction(RTMP_ADAPTER *pAd, MLME_QUEUE_ELEM *Elem)
{
UCHAR Action = Elem->Msg[LENGTH_802_11+1];
#if defined(CONFIG_HOTSPOT) && defined(CONFIG_AP_SUPPORT)
if (!HotSpotEnable(pAd, Elem, ACTION_STATE_MESSAGES))
#endif
if ((Elem->Wcid >= MAX_LEN_OF_MAC_TABLE)
)
return;
switch(Action)
{
#ifdef DOT11_N_SUPPORT
#ifdef DOT11N_DRAFT3
case ACTION_BSS_2040_COEXIST: /* Format defined in IEEE 7.4.7a.1 in 11n Draf3.03*/
{
/*UCHAR BssCoexist;*/
BSS_2040_COEXIST_ELEMENT *pCoexistInfo;
BSS_2040_COEXIST_IE *pBssCoexistIe;
BSS_2040_INTOLERANT_CH_REPORT *pIntolerantReport = NULL;
if (Elem->MsgLen <= (LENGTH_802_11 + sizeof(BSS_2040_COEXIST_ELEMENT)) )
{
DBGPRINT(RT_DEBUG_ERROR, ("ACTION - 20/40 BSS Coexistence Management Frame length too short! len = %ld!\n", Elem->MsgLen));
break;
}
DBGPRINT(RT_DEBUG_TRACE, ("ACTION - 20/40 BSS Coexistence Management action----> \n"));
hex_dump("CoexistenceMgmtFrame", Elem->Msg, Elem->MsgLen);
pCoexistInfo = (BSS_2040_COEXIST_ELEMENT *) &Elem->Msg[LENGTH_802_11+2];
/*hex_dump("CoexistInfo", (PUCHAR)pCoexistInfo, sizeof(BSS_2040_COEXIST_ELEMENT));*/
if (Elem->MsgLen >= (LENGTH_802_11 + sizeof(BSS_2040_COEXIST_ELEMENT) + sizeof(BSS_2040_INTOLERANT_CH_REPORT)))
{
pIntolerantReport = (BSS_2040_INTOLERANT_CH_REPORT *)((PUCHAR)pCoexistInfo + sizeof(BSS_2040_COEXIST_ELEMENT));
}
/*hex_dump("IntolerantReport ", (PUCHAR)pIntolerantReport, sizeof(BSS_2040_INTOLERANT_CH_REPORT));*/
if(pAd->CommonCfg.bBssCoexEnable == FALSE || (pAd->CommonCfg.bForty_Mhz_Intolerant == TRUE))
{
DBGPRINT(RT_DEBUG_TRACE, ("20/40 BSS CoexMgmt=%d, bForty_Mhz_Intolerant=%d, ignore this action!!\n",
pAd->CommonCfg.bBssCoexEnable,
pAd->CommonCfg.bForty_Mhz_Intolerant));
break;
}
pBssCoexistIe = (BSS_2040_COEXIST_IE *)(&pCoexistInfo->BssCoexistIe);
#ifdef CONFIG_AP_SUPPORT
IF_DEV_CONFIG_OPMODE_ON_AP(pAd)
{
BOOLEAN bNeedFallBack = FALSE;
/*ApPublicAction(pAd, Elem);*/
if ((pBssCoexistIe->field.BSS20WidthReq ==1) || (pBssCoexistIe->field.Intolerant40 == 1))
{
bNeedFallBack = TRUE;
DBGPRINT(RT_DEBUG_TRACE, ("BSS_2040_COEXIST: BSS20WidthReq=%d, Intolerant40=%d!\n", pBssCoexistIe->field.BSS20WidthReq, pBssCoexistIe->field.Intolerant40));
}
else if ((pIntolerantReport) && (pIntolerantReport->Len > 1)
/*&& (pIntolerantReport->RegulatoryClass == get_regulatory_class(pAd))*/)
{
int i;
UCHAR *ptr;
INT retVal;
BSS_COEX_CH_RANGE coexChRange;
ptr = pIntolerantReport->ChList;
bNeedFallBack = TRUE;
DBGPRINT(RT_DEBUG_TRACE, ("The pIntolerantReport len = %d, chlist=", pIntolerantReport->Len));
for(i =0 ; i < (pIntolerantReport->Len -1); i++, ptr++)
{
DBGPRINT(RT_DEBUG_TRACE, ("%d,", *ptr));
}
DBGPRINT(RT_DEBUG_TRACE, ("\n"));
retVal = GetBssCoexEffectedChRange(pAd, &coexChRange);
if (retVal == TRUE)
{
ptr = pIntolerantReport->ChList;
bNeedFallBack = FALSE;
DBGPRINT(RT_DEBUG_TRACE, ("Check IntolerantReport Channel List in our effectedChList(%d~%d)\n",
pAd->ChannelList[coexChRange.effectChStart].Channel,
pAd->ChannelList[coexChRange.effectChEnd].Channel));
for(i =0 ; i < (pIntolerantReport->Len -1); i++, ptr++)
{
UCHAR chEntry;
chEntry = *ptr;
if (chEntry >= pAd->ChannelList[coexChRange.effectChStart].Channel &&
chEntry <= pAd->ChannelList[coexChRange.effectChEnd].Channel)
{
DBGPRINT(RT_DEBUG_TRACE, ("Found Intolerant channel in effect range=%d!\n", *ptr));
bNeedFallBack = TRUE;
break;
}
}
DBGPRINT(RT_DEBUG_TRACE, ("After CoexChRange Check, bNeedFallBack=%d!\n", bNeedFallBack));
}
if (bNeedFallBack)
{
pBssCoexistIe->field.Intolerant40 = 1;
pBssCoexistIe->field.BSS20WidthReq = 1;
}
}
if (bNeedFallBack)
{
int apidx;
NdisMoveMemory((PUCHAR)&pAd->CommonCfg.LastBSSCoexist2040, (PUCHAR)pBssCoexistIe, sizeof(BSS_2040_COEXIST_IE));
pAd->CommonCfg.Bss2040CoexistFlag |= BSS_2040_COEXIST_INFO_SYNC;
if (!(pAd->CommonCfg.Bss2040CoexistFlag & BSS_2040_COEXIST_TIMER_FIRED))
{
DBGPRINT(RT_DEBUG_TRACE, ("Fire the Bss2040CoexistTimer with timeout=%ld!\n",
pAd->CommonCfg.Dot11BssWidthChanTranDelay));
pAd->CommonCfg.Bss2040CoexistFlag |= BSS_2040_COEXIST_TIMER_FIRED;
/* More 5 sec for the scan report of STAs.*/
RTMPSetTimer(&pAd->CommonCfg.Bss2040CoexistTimer, (pAd->CommonCfg.Dot11BssWidthChanTranDelay + 5) * 1000);
}
else
{
DBGPRINT(RT_DEBUG_TRACE, ("Already fallback to 20MHz, Extend the timeout of Bss2040CoexistTimer!\n"));
/* More 5 sec for the scan report of STAs.*/
RTMPModTimer(&pAd->CommonCfg.Bss2040CoexistTimer, (pAd->CommonCfg.Dot11BssWidthChanTranDelay + 5) * 1000);
}
apidx = pAd->MacTab.Content[Elem->Wcid].apidx;
for (apidx = 0; apidx < pAd->ApCfg.BssidNum; apidx++)
SendBSS2040CoexistMgmtAction(pAd, MCAST_WCID, apidx, 0);
}
}
#endif /* CONFIG_AP_SUPPORT */
}
break;
#endif /* DOT11N_DRAFT3 */
#endif /* DOT11_N_SUPPORT */
#if defined(CONFIG_HOTSPOT) && defined(CONFIG_AP_SUPPORT)
case ACTION_GAS_INIT_REQ:
if (HotSpotEnable(pAd, Elem, ACTION_STATE_MESSAGES))
ReceiveGASInitReq(pAd, Elem);
break;
case ACTION_GAS_CB_REQ:
if (HotSpotEnable(pAd, Elem, ACTION_STATE_MESSAGES))
ReceiveGASCBReq(pAd, Elem);
break;
#endif
case ACTION_WIFI_DIRECT:
break;
default:
break;
}
}
/*
==========================================================================
Description:
==========================================================================
*/
VOID PeerAuthRspAtSeq2Action(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
UCHAR Addr2[MAC_ADDR_LEN];
USHORT Seq, Status, RemoteStatus, Alg;
UCHAR ChlgText[CIPHER_TEXT_LEN];
UCHAR CyperChlgText[CIPHER_TEXT_LEN + 8 + 8];
UCHAR Element[2];
HEADER_802_11 AuthHdr;
PUCHAR pOutBuffer = NULL;
ULONG FrameLen = 0;
USHORT Status2;
USHORT NStatus;
if (PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, ChlgText))
{
if (MAC_ADDR_EQUAL(&pAd->MlmeAux.Bssid, Addr2) && Seq == 2)
{
DBGPRINT(RT_DEBUG_TRACE, "AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n", Alg, Status);
RTMPCancelTimer(&pAd->MlmeAux.AuthTimer);
if (Status == MLME_SUCCESS)
{
if (pAd->MlmeAux.Alg == Ndis802_11AuthModeOpen)
{
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
}
else
{
// 2. shared key, need to be challenged
Seq++;
RemoteStatus = MLME_SUCCESS;
// allocate and send out AuthRsp frame
NStatus = MlmeAllocateMemory(pAd, (PVOID)&pOutBuffer); //Get an unused nonpaged memory
if (NStatus != NDIS_STATUS_SUCCESS)
{
DBGPRINT(RT_DEBUG_TRACE, "AUTH - PeerAuthRspAtSeq2Action() allocate memory fail\n");
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
Status2 = MLME_FAIL_NO_RESOURCE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status2);
return;
}
DBGPRINT(RT_DEBUG_TRACE, "AUTH - Send AUTH request seq#3...\n");
MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr2, pAd->MlmeAux.Bssid);
AuthHdr.FC.Wep = 1;
// Encrypt challenge text & auth information
RTMPInitWepEngine(
pAd,
pAd->SharedKey[pAd->PortCfg.DefaultKeyId].Key,
pAd->PortCfg.DefaultKeyId,
pAd->SharedKey[pAd->PortCfg.DefaultKeyId].KeyLen,
CyperChlgText);
#ifdef BIG_ENDIAN
Alg = SWAP16(*(USHORT *)&Alg);
Seq = SWAP16(*(USHORT *)&Seq);
RemoteStatus= SWAP16(*(USHORT *)&RemoteStatus);
#endif
RTMPEncryptData(pAd, (PUCHAR) &Alg, CyperChlgText + 4, 2);
RTMPEncryptData(pAd, (PUCHAR) &Seq, CyperChlgText + 6, 2);
RTMPEncryptData(pAd, (PUCHAR) &RemoteStatus, CyperChlgText + 8, 2);
Element[0] = 16;
Element[1] = 128;
RTMPEncryptData(pAd, Element, CyperChlgText + 10, 2);
RTMPEncryptData(pAd, ChlgText, CyperChlgText + 12, 128);
RTMPSetICV(pAd, CyperChlgText + 140);
MakeOutgoingFrame(pOutBuffer, &FrameLen,
sizeof(HEADER_802_11), &AuthHdr,
CIPHER_TEXT_LEN + 16, CyperChlgText,
END_OF_ARGS);
MiniportMMRequest(pAd, pOutBuffer, FrameLen);
RTMPSetTimer(pAd, &pAd->MlmeAux.AuthTimer, AUTH_TIMEOUT);
pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ4;
}
}
else
{
pAd->PortCfg.AuthFailReason = Status;
COPY_MAC_ADDR(pAd->PortCfg.AuthFailSta, Addr2);
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
}
}
}
else
{
DBGPRINT(RT_DEBUG_TRACE, "AUTH - PeerAuthSanity() sanity check fail\n");
}
}
VOID NfcParseRspCommand(
IN PRTMP_ADAPTER pAd,
IN PUCHAR pData,
IN USHORT DataLen)
{
NFC_CMD_INFO *pNfcCmdInfo = NULL;
BOOLEAN bSetFromNfc = FALSE;
PWSC_CTRL pWscCtrl = &pAd->ApCfg.MBSSID[0].WscControl;
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("====> %s\n", __FUNCTION__));
hex_dump("Packet", pData, DataLen);
os_alloc_mem(pAd, (UCHAR **)&pNfcCmdInfo, (DataLen*sizeof(UCHAR)));
if (pNfcCmdInfo)
{
NdisMoveMemory(pNfcCmdInfo, pData, DataLen);
hex_dump("Packet", &pNfcCmdInfo->data[0], pNfcCmdInfo->data_len);
bSetFromNfc = ((pNfcCmdInfo->action & 0x41) == 0x41);
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("==> vendor_id: 0x%04x, action = 0x%0x, type = %d, data_len = %u, bSetFromNfc = %d\n",
pNfcCmdInfo->vendor_id, pNfcCmdInfo->action, pNfcCmdInfo->type, pNfcCmdInfo->data_len, bSetFromNfc));
switch(pNfcCmdInfo->type)
{
case TYPE_CMD_RESULT:
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("TYPE_CMD_RESULT(=%d): Command result = %d\n", pNfcCmdInfo->type, pNfcCmdInfo->data[0]));
break;
case TYPE_CONFIGURATION:
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("TYPE_CONFIGURATION(=%d)\n", pNfcCmdInfo->type));
if (bSetFromNfc)
{
if (pNfcCmdInfo->data_len != 1)
{
/*
Receive Configuration from NFC daemon.
*/
if (WscProcessCredential(pAd, &pNfcCmdInfo->data[0], pNfcCmdInfo->data_len, pWscCtrl) == FALSE)
{
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("ProcessCredential fail..\n"));
}
else
{
if ((pAd->OpMode == OPMODE_AP) && (pWscCtrl->WscConfStatus == WSC_SCSTATE_UNCONFIGURED))
{
pWscCtrl->WscConfStatus = WSC_SCSTATE_CONFIGURED;
WscBuildBeaconIE(pAd, WSC_SCSTATE_CONFIGURED, FALSE, 0, 0, 0, NULL, 0, AP_MODE);
WscBuildProbeRespIE(pAd, WSC_MSGTYPE_AP_WLAN_MGR, WSC_SCSTATE_CONFIGURED, FALSE, 0, 0, 0, NULL, 0, AP_MODE);
APUpdateAllBeaconFrame(pAd);
}
if (pWscCtrl->WscUpdatePortCfgTimerRunning)
{
BOOLEAN bCancel;
RTMPCancelTimer(&pWscCtrl->WscUpdatePortCfgTimer, &bCancel);
}
else
pWscCtrl->WscUpdatePortCfgTimerRunning = TRUE;
RTMPSetTimer(&pWscCtrl->WscUpdatePortCfgTimer, 1000);
}
}
}
else
{
Set_NfcConfigurationToken_Proc(pAd, "1");
}
break;
case TYPE_PASSWORD:
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("TYPE_PASSWORD(=%d)\n", pNfcCmdInfo->type));
if (bSetFromNfc)
{
if (pNfcCmdInfo->data_len != 1)
{
/*
Receive Passwd from NFC daemon.
*/
NfcProcessPasswdTV(pAd, &pNfcCmdInfo->data[0], pNfcCmdInfo->data_len, pWscCtrl, FALSE);
WscGetConfWithoutTrigger(pAd, pWscCtrl, FALSE);
pWscCtrl->bTriggerByNFC = TRUE;
pWscCtrl->NfcModel = MODEL_PASSWORD_TOKEN;
}
}
else
{
Set_NfcPasswdToken_Proc(pAd, "1");
}
break;
/* New type for Handover */
case TYPE_PASSWDHO_S:
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("TYPE_PASSWDHO_S(=%d)\n", pNfcCmdInfo->type));
if (bSetFromNfc)
{
if (pNfcCmdInfo->data_len != 1)
{
/*
Receive Passwd from NFC daemon. "So far" no this case.
Due to AP always as Registrar in handover procedure,
AP only receive "Handover Request Message".
*/
NfcProcessPasswdTV(pAd, &pNfcCmdInfo->data[0], pNfcCmdInfo->data_len, pWscCtrl, TRUE);
WscGetConfWithoutTrigger(pAd, pWscCtrl, FALSE);
pWscCtrl->bTriggerByNFC = TRUE;
pWscCtrl->NfcModel = MODEL_HANDOVER; /* 2 */
}
}
else
{
Set_NfcPasswdToken_Proc(pAd, "2");
}
break;
case TYPE_PASSWDHO_R:
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("TYPE_PASSWDHO_R(=%d)\n", pNfcCmdInfo->type));
if (bSetFromNfc)
{
if (pNfcCmdInfo->data_len != 1)
{
/*
Receive Passwd from NFC daemon.
*/
NfcProcessPasswdTV(pAd, &pNfcCmdInfo->data[0], pNfcCmdInfo->data_len, pWscCtrl, TRUE);
WscGetConfWithoutTrigger(pAd, pWscCtrl, FALSE);
pWscCtrl->bTriggerByNFC = TRUE;
pWscCtrl->NfcModel = MODEL_HANDOVER; /* 2 */
}
}
else
{
/*
"So far" no this case.
Due to AP always as Registrar in handover procedure,
AP only send "Handover Select Message".
*/
Set_NfcPasswdToken_Proc(pAd, "3");
}
break;
case TYPE_NFC_STATUS:
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("TYPE_NFC_STATUS(=%d): NFC Status = %d\n", pNfcCmdInfo->type, pNfcCmdInfo->data[0]));
pWscCtrl->NfcStatus = pNfcCmdInfo->data[0];
break;
case TYPE_WIFI_RADIO_STATUS:
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("TYPE_WIFI_RADIO_STATUS(=%d)\n", pNfcCmdInfo->type));
if (bSetFromNfc)
{
if (pNfcCmdInfo->data[0] == 1)
MlmeRadioOn(pAd);
else
MlmeRadioOff(pAd);
}
else
{
UCHAR RadioStatus = 0;
if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF))
RadioStatus = 0;
else
RadioStatus = 1;
NfcCommand(pAd, 0x01, TYPE_WIFI_RADIO_STATUS, 1, &RadioStatus);
}
break;
default:
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("Unknow type(=%d)\n", pNfcCmdInfo->type));
break;
}
os_free_mem(NULL, pNfcCmdInfo);
}
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("<==== %s\n", __FUNCTION__));
return;
}
