void limProcessDeauthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession psessionEntry) { tANI_U8 *pBody; tANI_U16 aid, reasonCode; tpSirMacMgmtHdr pHdr; tLimMlmAssocCnf mlmAssocCnf; tLimMlmDeauthInd mlmDeauthInd; tpDphHashNode pStaDs; tpPESession pRoamSessionEntry=NULL; tANI_U8 roamSessionId; #ifdef WLAN_FEATURE_11W tANI_U32 frameLen; #endif pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo); pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo); if ((eLIM_STA_ROLE == psessionEntry->limSystemRole) && (eLIM_SME_WT_DEAUTH_STATE == psessionEntry->limSmeState)) { /*Every 15th deauth frame will be logged in kmsg*/ if(!(pMac->lim.deauthMsgCnt & 0xF)) { PELOGE(limLog(pMac, LOGE, FL("received Deauth frame in DEAUTH_WT_STATE" "(already processing previously received DEAUTH frame).." "Dropping this.. Deauth Failed %d"),++pMac->lim.deauthMsgCnt);) } else {
tSirRetStatus limValidateIEInformationInProbeRspFrame (tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo) { tSirRetStatus status = eSIR_SUCCESS; tANI_U8 *pFrame; tANI_U32 nFrame; tANI_U32 nMissingRsnBytes; /* Validate a Probe response frame for malformed frame. * If the frame is malformed then do not consider as it * may cause problem fetching wrong IE values */ if (WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) < (SIR_MAC_B_PR_SSID_OFFSET + SIR_MAC_MIN_IE_LEN)) { return eSIR_FAILURE; } pFrame = WDA_GET_RX_MPDU_DATA(pRxPacketInfo); nFrame = WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo); nMissingRsnBytes = 0; status = ValidateAndRectifyIEs(pMac, pFrame, nFrame, &nMissingRsnBytes); if ( status == eSIR_SUCCESS ) { WDA_GET_RX_MPDU_LEN(pRxPacketInfo) += nMissingRsnBytes; } return status; }
/** * sysBbtProcessMessageCore * * FUNCTION: * Process BBT messages * * LOGIC: * * ASSUMPTIONS: * * NOTE: * * @param tpAniSirGlobal A pointer to MAC params instance * @param pMsg message pointer * @param tANI_U32 type * @param tANI_U32 sub type * @return None */ tSirRetStatus sysBbtProcessMessageCore(tpAniSirGlobal pMac, tpSirMsgQ pMsg, tANI_U32 type, tANI_U32 subType) { static tANI_U32 lastDeauthPacketTime = 0; tSirRetStatus ret; void* pBd; tMgmtFrmDropReason dropReason; vos_pkt_t *pVosPkt = (vos_pkt_t *)pMsg->bodyptr; VOS_STATUS vosStatus = WDA_DS_PeekRxPacketInfo( pVosPkt, (v_PVOID_t *)&pBd, VOS_FALSE ); #ifdef WLAN_FEATURE_11W tANI_U8 sessionId; tpPESession psessionEntry; tpSirMacMgmtHdr pMacHdr; #endif /* WLAN_FEATURE_11W */ pMac->sys.gSysBbtReceived++; if ( !VOS_IS_STATUS_SUCCESS(vosStatus) ) { goto fail; } PELOG3(sysLog(pMac, LOG3, FL("Rx Mgmt Frame Subtype: %d\n"), subType); sirDumpBuf(pMac, SIR_SYS_MODULE_ID, LOG3, (tANI_U8 *)WDA_GET_RX_MAC_HEADER(pBd), WDA_GET_RX_MPDU_LEN(pBd)); sirDumpBuf(pMac, SIR_SYS_MODULE_ID, LOG3, WDA_GET_RX_MPDU_DATA(pBd), WDA_GET_RX_PAYLOAD_LEN(pBd));)
/** * limProcessDisassocFrame * *FUNCTION: * This function is called by limProcessMessageQueue() upon * Disassociation frame reception. * *LOGIC: * *ASSUMPTIONS: * DPH drops packets for STA with 'valid' bit in pStaDs set to '0'. * *NOTE: * * @param pMac - Pointer to Global MAC structure * @param *pRxPacketInfo - A pointer to Rx packet info structure * @return None */ void limProcessDisassocFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession psessionEntry) { tANI_U8 *pBody; tANI_U16 aid, reasonCode; tpSirMacMgmtHdr pHdr; tpDphHashNode pStaDs; tLimMlmDisassocInd mlmDisassocInd; #ifdef WLAN_FEATURE_11W tANI_U32 frameLen; #endif int8_t frame_rssi; pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo); pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo); frame_rssi = (int8_t)WDA_GET_RX_RSSI_NORMALIZED(pRxPacketInfo); if (limIsGroupAddr(pHdr->sa)) { // Received Disassoc frame from a BC/MC address // Log error and ignore it PELOGE(limLog(pMac, LOGE, FL("received Disassoc frame from a BC/MC address"));) return;
/** * sysBbtProcessMessageCore * * FUNCTION: * Process BBT messages * * LOGIC: * * ASSUMPTIONS: * * NOTE: * * @param tpAniSirGlobal A pointer to MAC params instance * @param pMsg message pointer * @param tANI_U32 type * @param tANI_U32 sub type * @return None */ tSirRetStatus sysBbtProcessMessageCore(tpAniSirGlobal pMac, tpSirMsgQ pMsg, tANI_U32 type, tANI_U32 subType) { tSirRetStatus ret; void* pBd; tMgmtFrmDropReason dropReason; vos_pkt_t *pVosPkt = (vos_pkt_t *)pMsg->bodyptr; VOS_STATUS vosStatus = WDA_DS_PeekRxPacketInfo( pVosPkt, (v_PVOID_t *)&pBd, VOS_FALSE ); pMac->sys.gSysBbtReceived++; if ( !VOS_IS_STATUS_SUCCESS(vosStatus) ) { goto fail; } PELOGW(sysLog(pMac, LOGW, FL("Rx Mgmt Frame Subtype: %d\n"), subType); sirDumpBuf(pMac, SIR_SYS_MODULE_ID, LOGW, (tANI_U8 *)WDA_GET_RX_MAC_HEADER(pBd), WDA_GET_RX_MPDU_LEN(pBd)); sirDumpBuf(pMac, SIR_SYS_MODULE_ID, LOGW, WDA_GET_RX_MPDU_DATA(pBd), WDA_GET_RX_PAYLOAD_LEN(pBd));)
/** * limProcessDisassocFrame * *FUNCTION: * This function is called by limProcessMessageQueue() upon * Disassociation frame reception. * *LOGIC: * *ASSUMPTIONS: * DPH drops packets for STA with 'valid' bit in pStaDs set to '0'. * *NOTE: * * @param pMac - Pointer to Global MAC structure * @param *pRxPacketInfo - A pointer to Rx packet info structure * @return None */ void limProcessDisassocFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession psessionEntry) { tANI_U8 *pBody; tANI_U16 aid, reasonCode; tpSirMacMgmtHdr pHdr; tpDphHashNode pStaDs; tLimMlmDisassocInd mlmDisassocInd; pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo); pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo); if (limIsGroupAddr(pHdr->sa)) { // Received Disassoc frame from a BC/MC address // Log error and ignore it PELOG1(limLog(pMac, LOG1, FL("received Disassoc frame from a BC/MC address\n"));) return;
void limProcessDeauthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession psessionEntry) { tANI_U8 *pBody; tANI_U16 aid, reasonCode; tpSirMacMgmtHdr pHdr; tLimMlmAssocCnf mlmAssocCnf; tLimMlmDeauthInd mlmDeauthInd; tpDphHashNode pStaDs; tpPESession pRoamSessionEntry=NULL; tANI_U8 roamSessionId; pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo); pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo); if ((eLIM_STA_ROLE == psessionEntry->limSystemRole) && (eLIM_SME_WT_DEAUTH_STATE == psessionEntry->limSmeState)) { PELOGE(limLog(pMac, LOGE, FL("received Deauth frame in DEAUTH_WT_STATE(already processing previously received DEAUTH frame).. Dropping this..\n "));) return;
eHalStatus limCollectBssDescription(tpAniSirGlobal pMac, tSirBssDescription *pBssDescr, tpSirProbeRespBeacon pBPR, tANI_U8 *pRxPacketInfo) #endif { tANI_U8 *pBody; tANI_U32 ieLen = 0; tpSirMacMgmtHdr pHdr; tANI_U8 channelNum; tANI_U8 rxChannel; tANI_U8 rfBand = 0; pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo); if (SIR_MAC_B_PR_SSID_OFFSET > WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo)) { VOS_ASSERT(WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) >= SIR_MAC_B_PR_SSID_OFFSET); return eHAL_STATUS_FAILURE; } ieLen = WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) - SIR_MAC_B_PR_SSID_OFFSET; rxChannel = WDA_GET_RX_CH(pRxPacketInfo); pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo); rfBand = WDA_GET_RX_RFBAND(pRxPacketInfo); /** * Drop all the beacons and probe response without P2P IE during P2P search */ if ((NULL != pMac->lim.gpLimMlmScanReq && pMac->lim.gpLimMlmScanReq->p2pSearch) || (pMac->fScanOffload && pMac->lim.fOffloadScanPending && (pMac->lim.fOffloadScanP2PSearch || pMac->lim.fOffloadScanP2PListen))) { if (NULL == limGetP2pIEPtr(pMac, (pBody + SIR_MAC_B_PR_SSID_OFFSET), ieLen)) { limLog( pMac, LOG3, MAC_ADDRESS_STR, MAC_ADDR_ARRAY(pHdr->bssId)); return eHAL_STATUS_FAILURE; } } /** * Length of BSS desription is without length of * length itself and length of pointer * that holds the next BSS description */ pBssDescr->length = (tANI_U16)( sizeof(tSirBssDescription) - sizeof(tANI_U16) - sizeof(tANI_U32) + ieLen); // Copy BSS Id vos_mem_copy((tANI_U8 *) &pBssDescr->bssId, (tANI_U8 *) pHdr->bssId, sizeof(tSirMacAddr)); // Copy Timestamp, Beacon Interval and Capability Info pBssDescr->scanSysTimeMsec = vos_timer_get_system_time(); pBssDescr->timeStamp[0] = pBPR->timeStamp[0]; pBssDescr->timeStamp[1] = pBPR->timeStamp[1]; pBssDescr->beaconInterval = pBPR->beaconInterval; pBssDescr->capabilityInfo = limGetU16((tANI_U8 *) &pBPR->capabilityInfo); if(!pBssDescr->beaconInterval ) { limLog(pMac, LOGW, FL("Beacon Interval is ZERO, making it to default 100 " MAC_ADDRESS_STR), MAC_ADDR_ARRAY(pHdr->bssId)); pBssDescr->beaconInterval= 100; } /* * There is a narrow window after Channel Switch msg is sent to HAL and before the AGC is shut * down and beacons/Probe Rsps can trickle in and we may report the incorrect channel in 5Ghz * band, so not relying on the 'last Scanned Channel' stored in LIM. * Instead use the value returned by RXP in BD. This the the same value which HAL programs into * RXP before every channel switch. * Right now there is a problem in 5Ghz, where we are receiving beacons from a channel different from * the currently scanned channel. so incorrect channel is reported to CSR and association does not happen. * So for now we keep on looking for the channel info in the beacon (DSParamSet IE OR HT Info IE), and only if it * is not present in the beacon, we go for the channel info present in RXP. * This fix will work for 5Ghz 11n devices, but for 11a devices, we have to rely on RXP routing flag to get the correct channel. * So The problem of incorrect channel reporting in 5Ghz will still remain for 11a devices. */ pBssDescr->channelId = limGetChannelFromBeacon(pMac, pBPR); if (pBssDescr->channelId == 0) { /* If the channel Id is not retrieved from Beacon, extract the channel from BD */ /* Unmapped the channel.This We have to do since we have done mapping in the hal to overcome the limitation of RXBD of not able to accomodate the bigger channel number.*/ if ((!rfBand) || IS_5G_BAND(rfBand)) { rxChannel = limUnmapChannel(rxChannel); } if (!rxChannel) { rxChannel = pMac->lim.gLimCurrentScanChannelId; } pBssDescr->channelId = rxChannel; } pBssDescr->channelIdSelf = pBssDescr->channelId; //set the network type in bss description channelNum = pBssDescr->channelId; pBssDescr->nwType = limGetNwType(pMac, channelNum, SIR_MAC_MGMT_FRAME, pBPR); // Copy RSSI & SINR from BD PELOG4(limLog(pMac, LOG4, "***********BSS Description for BSSID:*********** "); sirDumpBuf(pMac, SIR_LIM_MODULE_ID, LOG4, pBssDescr->bssId, 6 ); sirDumpBuf( pMac, SIR_LIM_MODULE_ID, LOG4, (tANI_U8*)pRxPacketInfo, 36 );)
void limCollectBssDescription(tpAniSirGlobal pMac, tSirBssDescription *pBssDescr, tpSirProbeRespBeacon pBPR, tANI_U8 *pRxPacketInfo) #endif { tANI_U8 *pBody; tANI_U32 ieLen = 0; tpSirMacMgmtHdr pHdr; tANI_U8 channelNum; tANI_U8 rxChannel; pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo); ieLen = WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) - SIR_MAC_B_PR_SSID_OFFSET; rxChannel = WDA_GET_RX_CH(pRxPacketInfo); pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo); /** * Length of BSS desription is without length of * length itself and length of pointer * that holds the next BSS description */ pBssDescr->length = (tANI_U16)( sizeof(tSirBssDescription) - sizeof(tANI_U16) - sizeof(tANI_U32) + ieLen); // Copy BSS Id palCopyMemory( pMac->hHdd, (tANI_U8 *) &pBssDescr->bssId, (tANI_U8 *) pHdr->bssId, sizeof(tSirMacAddr)); // Copy Timestamp, Beacon Interval and Capability Info pBssDescr->scanSysTimeMsec = vos_timer_get_system_time(); pBssDescr->timeStamp[0] = pBPR->timeStamp[0]; pBssDescr->timeStamp[1] = pBPR->timeStamp[1]; pBssDescr->beaconInterval = pBPR->beaconInterval; pBssDescr->capabilityInfo = limGetU16((tANI_U8 *) &pBPR->capabilityInfo); /* * There is a narrow window after Channel Switch msg is sent to HAL and before the AGC is shut * down and beacons/Probe Rsps can trickle in and we may report the incorrect channel in 5Ghz * band, so not relying on the 'last Scanned Channel' stored in LIM. * Instead use the value returned by RXP in BD. This the the same value which HAL programs into * RXP before every channel switch. * Right now there is a problem in 5Ghz, where we are receiving beacons from a channel different from * the currently scanned channel. so incorrect channel is reported to CSR and association does not happen. * So for now we keep on looking for the channel info in the beacon (DSParamSet IE OR HT Info IE), and only if it * is not present in the beacon, we go for the channel info present in RXP. * This fix will work for 5Ghz 11n devices, but for 11a devices, we have to rely on RXP routing flag to get the correct channel. * So The problem of incorrect channel reporting in 5Ghz will still remain for 11a devices. */ pBssDescr->channelId = limGetChannelFromBeacon(pMac, pBPR); if (pBssDescr->channelId == 0) { /* If the channel Id is not retrieved from Beacon, extract the channel from BD */ /* Unmapped the channel.This We have to do since we have done mapping in the hal to overcome the limitation of RXBD of not able to accomodate the bigger channel number.*/ if (!( rxChannel = limUnmapChannel(rxChannel))) { rxChannel = pMac->lim.gLimCurrentScanChannelId; } pBssDescr->channelId = rxChannel; } pBssDescr->channelIdSelf = rxChannel; //set the network type in bss description channelNum = pBssDescr->channelId; pBssDescr->nwType = limGetNwType(pMac, channelNum, SIR_MAC_MGMT_FRAME, pBPR); pBssDescr->aniIndicator = pBPR->propIEinfo.aniIndicator; // Copy RSSI & SINR from BD PELOG4(limLog(pMac, LOG4, "***********BSS Description for BSSID:*********** "); sirDumpBuf(pMac, SIR_LIM_MODULE_ID, LOG4, pBssDescr->bssId, 6 ); sirDumpBuf( pMac, SIR_LIM_MODULE_ID, LOG4, (tANI_U8*)pRxPacketInfo, 36 );)
/** * sysBbtProcessMessageCore * * FUNCTION: * Process BBT messages * * LOGIC: * * ASSUMPTIONS: * * NOTE: * * @param tpAniSirGlobal A pointer to MAC params instance * @param pMsg message pointer * @param tANI_U32 type * @param tANI_U32 sub type * @return None */ tSirRetStatus sysBbtProcessMessageCore(tpAniSirGlobal pMac, tpSirMsgQ pMsg, tANI_U32 type, tANI_U32 subType) { tANI_U32 framecount; tSirRetStatus ret; void* pBd; tMgmtFrmDropReason dropReason; vos_pkt_t *pVosPkt = (vos_pkt_t *)pMsg->bodyptr; VOS_STATUS vosStatus = WDA_DS_PeekRxPacketInfo( pVosPkt, (v_PVOID_t *)&pBd, VOS_FALSE ); pMac->sys.gSysBbtReceived++; if ( !VOS_IS_STATUS_SUCCESS(vosStatus) ) { goto fail; } sysLog(pMac, LOG3, FL("Rx Mgmt Frame Subtype: %d\n"), subType); sirDumpBuf(pMac, SIR_SYS_MODULE_ID, LOG3, (tANI_U8 *)WDA_GET_RX_MAC_HEADER(pBd), WDA_GET_RX_MPDU_LEN(pBd)); sirDumpBuf(pMac, SIR_SYS_MODULE_ID, LOG3, WDA_GET_RX_MPDU_DATA(pBd), WDA_GET_RX_PAYLOAD_LEN(pBd)); pMac->sys.gSysFrameCount[type][subType]++; framecount = pMac->sys.gSysFrameCount[type][subType]; if(type == SIR_MAC_MGMT_FRAME) { tpSirMacMgmtHdr mac_hdr; /* * Drop beacon frames in deferred state to avoid VOSS run out of * message wrappers. */ if ((subType == SIR_MAC_MGMT_BEACON) && (!limIsSystemInScanState(pMac)) && (true != GET_LIM_PROCESS_DEFD_MESGS(pMac)) && !pMac->lim.gLimSystemInScanLearnMode) { sysLog(pMac, LOG1, FL("dropping received beacon in deffered state")); goto fail; } dropReason = limIsPktCandidateForDrop(pMac, pBd, subType); if (dropReason != eMGMT_DROP_NO_DROP) { sysLog(pMac, LOG1, FL("Mgmt Frame %d being dropped, reason: %d\n"), subType, dropReason); MTRACE(macTrace(pMac, TRACE_CODE_RX_MGMT_DROP, NO_SESSION, dropReason)); goto fail; } mac_hdr = WDA_GET_RX_MAC_HEADER(pBd); if (subType == SIR_MAC_MGMT_ASSOC_REQ) { sysLog(pMac, LOG1, FL("ASSOC REQ frame allowed: da: " MAC_ADDRESS_STR ", sa: " MAC_ADDRESS_STR ", bssid: " MAC_ADDRESS_STR ", Assoc Req count so far: %d\n"), MAC_ADDR_ARRAY(mac_hdr->da), MAC_ADDR_ARRAY(mac_hdr->sa), MAC_ADDR_ARRAY(mac_hdr->bssId), pMac->sys.gSysFrameCount[type][subType]); } if (subType == SIR_MAC_MGMT_DEAUTH) { sysLog(pMac, LOG1, FL("DEAUTH frame allowed: da: " MAC_ADDRESS_STR ", sa: " MAC_ADDRESS_STR ", bssid: " MAC_ADDRESS_STR ", DEAUTH count so far: %d\n"), MAC_ADDR_ARRAY(mac_hdr->da), MAC_ADDR_ARRAY(mac_hdr->sa), MAC_ADDR_ARRAY(mac_hdr->bssId), pMac->sys.gSysFrameCount[type][subType]); } if (subType == SIR_MAC_MGMT_DISASSOC) { sysLog(pMac, LOG1, FL("DISASSOC frame allowed: da: " MAC_ADDRESS_STR ", sa: " MAC_ADDRESS_STR ", bssid: " MAC_ADDRESS_STR ", DISASSOC count so far: %d\n"), MAC_ADDR_ARRAY(mac_hdr->da), MAC_ADDR_ARRAY(mac_hdr->sa), MAC_ADDR_ARRAY(mac_hdr->bssId), pMac->sys.gSysFrameCount[type][subType]); } //Post the message to PE Queue ret = (tSirRetStatus) limPostMsgApi(pMac, pMsg); if (ret != eSIR_SUCCESS) { /* Print only one debug failure out of 512 failure messages */ if(pMac->sys.gSysBbtReceived & 0x0200) sysLog(pMac, LOGE, FL("posting to LIM2 failed, ret %d"), ret); goto fail; } pMac->sys.gSysBbtPostedToLim++; } else if (type == SIR_MAC_DATA_FRAME) { #ifdef FEATURE_WLAN_ESE sysLog(pMac, LOGW, FL("IAPP Frame...\n")); //Post the message to PE Queue ret = (tSirRetStatus) limPostMsgApi(pMac, pMsg); if (ret != eSIR_SUCCESS) { sysLog(pMac, LOGE, FL("posting to LIM2 failed, ret %d\n"), ret); goto fail; } pMac->sys.gSysBbtPostedToLim++; #endif } else { sysLog(pMac, LOG3, "BBT received Invalid type %d subType %d " "LIM state %X. BD dump is:\n", type, subType, limGetSmeState(pMac)); sirDumpBuf(pMac, SIR_SYS_MODULE_ID, LOG3, (tANI_U8 *) pBd, WLANHAL_RX_BD_HEADER_SIZE); goto fail; } return eSIR_SUCCESS; fail: pMac->sys.gSysBbtDropped++; return eSIR_FAILURE; }