void
limProcessDeauthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession psessionEntry)
{
tANI_U8 *pBody;
tANI_U16 aid, reasonCode;
tpSirMacMgmtHdr pHdr;
tLimMlmAssocCnf mlmAssocCnf;
tLimMlmDeauthInd mlmDeauthInd;
tpDphHashNode pStaDs;
tpPESession pRoamSessionEntry=NULL;
tANI_U8 roamSessionId;
#ifdef WLAN_FEATURE_11W
tANI_U32 frameLen;
#endif
pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo);
pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo);
if ((eLIM_STA_ROLE == psessionEntry->limSystemRole) && (eLIM_SME_WT_DEAUTH_STATE == psessionEntry->limSmeState))
{
/*Every 15th deauth frame will be logged in kmsg*/
if(!(pMac->lim.deauthMsgCnt & 0xF))
{
PELOGE(limLog(pMac, LOGE,
FL("received Deauth frame in DEAUTH_WT_STATE"
"(already processing previously received DEAUTH frame).."
"Dropping this.. Deauth Failed %d"),++pMac->lim.deauthMsgCnt);)
}
else
{
tSirRetStatus
limValidateIEInformationInProbeRspFrame (tpAniSirGlobal pMac,
tANI_U8 *pRxPacketInfo)
{
tSirRetStatus status = eSIR_SUCCESS;
tANI_U8 *pFrame;
tANI_U32 nFrame;
tANI_U32 nMissingRsnBytes;
/* Validate a Probe response frame for malformed frame.
* If the frame is malformed then do not consider as it
* may cause problem fetching wrong IE values
*/
if (WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) < (SIR_MAC_B_PR_SSID_OFFSET + SIR_MAC_MIN_IE_LEN))
{
return eSIR_FAILURE;
}
pFrame = WDA_GET_RX_MPDU_DATA(pRxPacketInfo);
nFrame = WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo);
nMissingRsnBytes = 0;
status = ValidateAndRectifyIEs(pMac, pFrame, nFrame, &nMissingRsnBytes);
if ( status == eSIR_SUCCESS )
{
WDA_GET_RX_MPDU_LEN(pRxPacketInfo) += nMissingRsnBytes;
}
return status;
}
/**
* sysBbtProcessMessageCore
*
* FUNCTION:
* Process BBT messages
*
* LOGIC:
*
* ASSUMPTIONS:
*
* NOTE:
*
* @param tpAniSirGlobal A pointer to MAC params instance
* @param pMsg message pointer
* @param tANI_U32 type
* @param tANI_U32 sub type
* @return None
*/
tSirRetStatus
sysBbtProcessMessageCore(tpAniSirGlobal pMac, tpSirMsgQ pMsg, tANI_U32 type,
tANI_U32 subType)
{
static tANI_U32 lastDeauthPacketTime = 0;
tSirRetStatus ret;
void* pBd;
tMgmtFrmDropReason dropReason;
vos_pkt_t *pVosPkt = (vos_pkt_t *)pMsg->bodyptr;
VOS_STATUS vosStatus =
WDA_DS_PeekRxPacketInfo( pVosPkt, (v_PVOID_t *)&pBd, VOS_FALSE );
#ifdef WLAN_FEATURE_11W
tANI_U8 sessionId;
tpPESession psessionEntry;
tpSirMacMgmtHdr pMacHdr;
#endif /* WLAN_FEATURE_11W */
pMac->sys.gSysBbtReceived++;
if ( !VOS_IS_STATUS_SUCCESS(vosStatus) )
{
goto fail;
}
PELOG3(sysLog(pMac, LOG3, FL("Rx Mgmt Frame Subtype: %d\n"), subType);
sirDumpBuf(pMac, SIR_SYS_MODULE_ID, LOG3, (tANI_U8 *)WDA_GET_RX_MAC_HEADER(pBd), WDA_GET_RX_MPDU_LEN(pBd));
sirDumpBuf(pMac, SIR_SYS_MODULE_ID, LOG3, WDA_GET_RX_MPDU_DATA(pBd), WDA_GET_RX_PAYLOAD_LEN(pBd));)
/**
* limProcessDisassocFrame
*
*FUNCTION:
* This function is called by limProcessMessageQueue() upon
* Disassociation frame reception.
*
*LOGIC:
*
*ASSUMPTIONS:
* DPH drops packets for STA with 'valid' bit in pStaDs set to '0'.
*
*NOTE:
*
* @param pMac - Pointer to Global MAC structure
* @param *pRxPacketInfo - A pointer to Rx packet info structure
* @return None
*/
void
limProcessDisassocFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession psessionEntry)
{
tANI_U8 *pBody;
tANI_U16 aid, reasonCode;
tpSirMacMgmtHdr pHdr;
tpDphHashNode pStaDs;
tLimMlmDisassocInd mlmDisassocInd;
#ifdef WLAN_FEATURE_11W
tANI_U32 frameLen;
#endif
int8_t frame_rssi;
pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo);
pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo);
frame_rssi = (int8_t)WDA_GET_RX_RSSI_NORMALIZED(pRxPacketInfo);
if (limIsGroupAddr(pHdr->sa))
{
// Received Disassoc frame from a BC/MC address
// Log error and ignore it
PELOGE(limLog(pMac, LOGE,
FL("received Disassoc frame from a BC/MC address"));)
return;
/**
* sysBbtProcessMessageCore
*
* FUNCTION:
* Process BBT messages
*
* LOGIC:
*
* ASSUMPTIONS:
*
* NOTE:
*
* @param tpAniSirGlobal A pointer to MAC params instance
* @param pMsg message pointer
* @param tANI_U32 type
* @param tANI_U32 sub type
* @return None
*/
tSirRetStatus
sysBbtProcessMessageCore(tpAniSirGlobal pMac, tpSirMsgQ pMsg, tANI_U32 type,
tANI_U32 subType)
{
tSirRetStatus ret;
void* pBd;
tMgmtFrmDropReason dropReason;
vos_pkt_t *pVosPkt = (vos_pkt_t *)pMsg->bodyptr;
VOS_STATUS vosStatus =
WDA_DS_PeekRxPacketInfo( pVosPkt, (v_PVOID_t *)&pBd, VOS_FALSE );
pMac->sys.gSysBbtReceived++;
if ( !VOS_IS_STATUS_SUCCESS(vosStatus) )
{
goto fail;
}
PELOGW(sysLog(pMac, LOGW, FL("Rx Mgmt Frame Subtype: %d\n"), subType);
sirDumpBuf(pMac, SIR_SYS_MODULE_ID, LOGW, (tANI_U8 *)WDA_GET_RX_MAC_HEADER(pBd), WDA_GET_RX_MPDU_LEN(pBd));
sirDumpBuf(pMac, SIR_SYS_MODULE_ID, LOGW, WDA_GET_RX_MPDU_DATA(pBd), WDA_GET_RX_PAYLOAD_LEN(pBd));)
/**
* limProcessDisassocFrame
*
*FUNCTION:
* This function is called by limProcessMessageQueue() upon
* Disassociation frame reception.
*
*LOGIC:
*
*ASSUMPTIONS:
* DPH drops packets for STA with 'valid' bit in pStaDs set to '0'.
*
*NOTE:
*
* @param pMac - Pointer to Global MAC structure
* @param *pRxPacketInfo - A pointer to Rx packet info structure
* @return None
*/
void
limProcessDisassocFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession psessionEntry)
{
tANI_U8 *pBody;
tANI_U16 aid, reasonCode;
tpSirMacMgmtHdr pHdr;
tpDphHashNode pStaDs;
tLimMlmDisassocInd mlmDisassocInd;
pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo);
pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo);
if (limIsGroupAddr(pHdr->sa))
{
// Received Disassoc frame from a BC/MC address
// Log error and ignore it
PELOG1(limLog(pMac, LOG1,
FL("received Disassoc frame from a BC/MC address\n"));)
return;
void
limProcessDeauthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession psessionEntry)
{
tANI_U8 *pBody;
tANI_U16 aid, reasonCode;
tpSirMacMgmtHdr pHdr;
tLimMlmAssocCnf mlmAssocCnf;
tLimMlmDeauthInd mlmDeauthInd;
tpDphHashNode pStaDs;
tpPESession pRoamSessionEntry=NULL;
tANI_U8 roamSessionId;
pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo);
pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo);
if ((eLIM_STA_ROLE == psessionEntry->limSystemRole) && (eLIM_SME_WT_DEAUTH_STATE == psessionEntry->limSmeState))
{
PELOGE(limLog(pMac, LOGE,
FL("received Deauth frame in DEAUTH_WT_STATE(already processing previously received DEAUTH frame).. Dropping this..\n "));)
return;
eHalStatus
limCollectBssDescription(tpAniSirGlobal pMac,
tSirBssDescription *pBssDescr,
tpSirProbeRespBeacon pBPR,
tANI_U8 *pRxPacketInfo)
#endif
{
tANI_U8 *pBody;
tANI_U32 ieLen = 0;
tpSirMacMgmtHdr pHdr;
tANI_U8 channelNum;
tANI_U8 rxChannel;
tANI_U8 rfBand = 0;
pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo);
if (SIR_MAC_B_PR_SSID_OFFSET > WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo))
{
VOS_ASSERT(WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) >= SIR_MAC_B_PR_SSID_OFFSET);
return eHAL_STATUS_FAILURE;
}
ieLen = WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) - SIR_MAC_B_PR_SSID_OFFSET;
rxChannel = WDA_GET_RX_CH(pRxPacketInfo);
pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo);
rfBand = WDA_GET_RX_RFBAND(pRxPacketInfo);
/**
* Drop all the beacons and probe response without P2P IE during P2P search
*/
if ((NULL != pMac->lim.gpLimMlmScanReq && pMac->lim.gpLimMlmScanReq->p2pSearch) ||
(pMac->fScanOffload && pMac->lim.fOffloadScanPending &&
(pMac->lim.fOffloadScanP2PSearch ||
pMac->lim.fOffloadScanP2PListen)))
{
if (NULL == limGetP2pIEPtr(pMac, (pBody + SIR_MAC_B_PR_SSID_OFFSET), ieLen))
{
limLog( pMac, LOG3, MAC_ADDRESS_STR, MAC_ADDR_ARRAY(pHdr->bssId));
return eHAL_STATUS_FAILURE;
}
}
/**
* Length of BSS desription is without length of
* length itself and length of pointer
* that holds the next BSS description
*/
pBssDescr->length = (tANI_U16)(
sizeof(tSirBssDescription) - sizeof(tANI_U16) -
sizeof(tANI_U32) + ieLen);
// Copy BSS Id
vos_mem_copy((tANI_U8 *) &pBssDescr->bssId,
(tANI_U8 *) pHdr->bssId,
sizeof(tSirMacAddr));
// Copy Timestamp, Beacon Interval and Capability Info
pBssDescr->scanSysTimeMsec = vos_timer_get_system_time();
pBssDescr->timeStamp[0] = pBPR->timeStamp[0];
pBssDescr->timeStamp[1] = pBPR->timeStamp[1];
pBssDescr->beaconInterval = pBPR->beaconInterval;
pBssDescr->capabilityInfo = limGetU16((tANI_U8 *) &pBPR->capabilityInfo);
if(!pBssDescr->beaconInterval )
{
limLog(pMac, LOGW,
FL("Beacon Interval is ZERO, making it to default 100 "
MAC_ADDRESS_STR), MAC_ADDR_ARRAY(pHdr->bssId));
pBssDescr->beaconInterval= 100;
}
/*
* There is a narrow window after Channel Switch msg is sent to HAL and before the AGC is shut
* down and beacons/Probe Rsps can trickle in and we may report the incorrect channel in 5Ghz
* band, so not relying on the 'last Scanned Channel' stored in LIM.
* Instead use the value returned by RXP in BD. This the the same value which HAL programs into
* RXP before every channel switch.
* Right now there is a problem in 5Ghz, where we are receiving beacons from a channel different from
* the currently scanned channel. so incorrect channel is reported to CSR and association does not happen.
* So for now we keep on looking for the channel info in the beacon (DSParamSet IE OR HT Info IE), and only if it
* is not present in the beacon, we go for the channel info present in RXP.
* This fix will work for 5Ghz 11n devices, but for 11a devices, we have to rely on RXP routing flag to get the correct channel.
* So The problem of incorrect channel reporting in 5Ghz will still remain for 11a devices.
*/
pBssDescr->channelId = limGetChannelFromBeacon(pMac, pBPR);
if (pBssDescr->channelId == 0)
{
/* If the channel Id is not retrieved from Beacon, extract the channel from BD */
/* Unmapped the channel.This We have to do since we have done mapping in the hal to
overcome the limitation of RXBD of not able to accomodate the bigger channel number.*/
if ((!rfBand) || IS_5G_BAND(rfBand))
{
rxChannel = limUnmapChannel(rxChannel);
}
if (!rxChannel)
{
rxChannel = pMac->lim.gLimCurrentScanChannelId;
}
pBssDescr->channelId = rxChannel;
}
pBssDescr->channelIdSelf = pBssDescr->channelId;
//set the network type in bss description
channelNum = pBssDescr->channelId;
pBssDescr->nwType = limGetNwType(pMac, channelNum, SIR_MAC_MGMT_FRAME, pBPR);
// Copy RSSI & SINR from BD
PELOG4(limLog(pMac, LOG4, "***********BSS Description for BSSID:*********** ");
sirDumpBuf(pMac, SIR_LIM_MODULE_ID, LOG4, pBssDescr->bssId, 6 );
sirDumpBuf( pMac, SIR_LIM_MODULE_ID, LOG4, (tANI_U8*)pRxPacketInfo, 36 );)
void
limCollectBssDescription(tpAniSirGlobal pMac,
tSirBssDescription *pBssDescr,
tpSirProbeRespBeacon pBPR,
tANI_U8 *pRxPacketInfo)
#endif
{
tANI_U8 *pBody;
tANI_U32 ieLen = 0;
tpSirMacMgmtHdr pHdr;
tANI_U8 channelNum;
tANI_U8 rxChannel;
pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo);
ieLen = WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) - SIR_MAC_B_PR_SSID_OFFSET;
rxChannel = WDA_GET_RX_CH(pRxPacketInfo);
pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo);
/**
* Length of BSS desription is without length of
* length itself and length of pointer
* that holds the next BSS description
*/
pBssDescr->length = (tANI_U16)(
sizeof(tSirBssDescription) - sizeof(tANI_U16) -
sizeof(tANI_U32) + ieLen);
// Copy BSS Id
palCopyMemory( pMac->hHdd, (tANI_U8 *) &pBssDescr->bssId,
(tANI_U8 *) pHdr->bssId,
sizeof(tSirMacAddr));
// Copy Timestamp, Beacon Interval and Capability Info
pBssDescr->scanSysTimeMsec = vos_timer_get_system_time();
pBssDescr->timeStamp[0] = pBPR->timeStamp[0];
pBssDescr->timeStamp[1] = pBPR->timeStamp[1];
pBssDescr->beaconInterval = pBPR->beaconInterval;
pBssDescr->capabilityInfo = limGetU16((tANI_U8 *) &pBPR->capabilityInfo);
/*
* There is a narrow window after Channel Switch msg is sent to HAL and before the AGC is shut
* down and beacons/Probe Rsps can trickle in and we may report the incorrect channel in 5Ghz
* band, so not relying on the 'last Scanned Channel' stored in LIM.
* Instead use the value returned by RXP in BD. This the the same value which HAL programs into
* RXP before every channel switch.
* Right now there is a problem in 5Ghz, where we are receiving beacons from a channel different from
* the currently scanned channel. so incorrect channel is reported to CSR and association does not happen.
* So for now we keep on looking for the channel info in the beacon (DSParamSet IE OR HT Info IE), and only if it
* is not present in the beacon, we go for the channel info present in RXP.
* This fix will work for 5Ghz 11n devices, but for 11a devices, we have to rely on RXP routing flag to get the correct channel.
* So The problem of incorrect channel reporting in 5Ghz will still remain for 11a devices.
*/
pBssDescr->channelId = limGetChannelFromBeacon(pMac, pBPR);
if (pBssDescr->channelId == 0)
{
/* If the channel Id is not retrieved from Beacon, extract the channel from BD */
/* Unmapped the channel.This We have to do since we have done mapping in the hal to
overcome the limitation of RXBD of not able to accomodate the bigger channel number.*/
if (!( rxChannel = limUnmapChannel(rxChannel)))
{
rxChannel = pMac->lim.gLimCurrentScanChannelId;
}
pBssDescr->channelId = rxChannel;
}
pBssDescr->channelIdSelf = rxChannel;
//set the network type in bss description
channelNum = pBssDescr->channelId;
pBssDescr->nwType = limGetNwType(pMac, channelNum, SIR_MAC_MGMT_FRAME, pBPR);
pBssDescr->aniIndicator = pBPR->propIEinfo.aniIndicator;
// Copy RSSI & SINR from BD
PELOG4(limLog(pMac, LOG4, "***********BSS Description for BSSID:*********** ");
sirDumpBuf(pMac, SIR_LIM_MODULE_ID, LOG4, pBssDescr->bssId, 6 );
sirDumpBuf( pMac, SIR_LIM_MODULE_ID, LOG4, (tANI_U8*)pRxPacketInfo, 36 );)
/**
* sysBbtProcessMessageCore
*
* FUNCTION:
* Process BBT messages
*
* LOGIC:
*
* ASSUMPTIONS:
*
* NOTE:
*
* @param tpAniSirGlobal A pointer to MAC params instance
* @param pMsg message pointer
* @param tANI_U32 type
* @param tANI_U32 sub type
* @return None
*/
tSirRetStatus
sysBbtProcessMessageCore(tpAniSirGlobal pMac, tpSirMsgQ pMsg, tANI_U32 type,
tANI_U32 subType)
{
tANI_U32 framecount;
tSirRetStatus ret;
void* pBd;
tMgmtFrmDropReason dropReason;
vos_pkt_t *pVosPkt = (vos_pkt_t *)pMsg->bodyptr;
VOS_STATUS vosStatus =
WDA_DS_PeekRxPacketInfo( pVosPkt, (v_PVOID_t *)&pBd, VOS_FALSE );
pMac->sys.gSysBbtReceived++;
if ( !VOS_IS_STATUS_SUCCESS(vosStatus) )
{
goto fail;
}
sysLog(pMac, LOG3, FL("Rx Mgmt Frame Subtype: %d\n"), subType);
sirDumpBuf(pMac, SIR_SYS_MODULE_ID, LOG3, (tANI_U8 *)WDA_GET_RX_MAC_HEADER(pBd), WDA_GET_RX_MPDU_LEN(pBd));
sirDumpBuf(pMac, SIR_SYS_MODULE_ID, LOG3, WDA_GET_RX_MPDU_DATA(pBd), WDA_GET_RX_PAYLOAD_LEN(pBd));
pMac->sys.gSysFrameCount[type][subType]++;
framecount = pMac->sys.gSysFrameCount[type][subType];
if(type == SIR_MAC_MGMT_FRAME)
{
tpSirMacMgmtHdr mac_hdr;
/*
* Drop beacon frames in deferred state to avoid VOSS run out of
* message wrappers.
*/
if ((subType == SIR_MAC_MGMT_BEACON) &&
(!limIsSystemInScanState(pMac)) &&
(true != GET_LIM_PROCESS_DEFD_MESGS(pMac)) &&
!pMac->lim.gLimSystemInScanLearnMode) {
sysLog(pMac, LOG1,
FL("dropping received beacon in deffered state"));
goto fail;
}
dropReason = limIsPktCandidateForDrop(pMac, pBd, subType);
if (dropReason != eMGMT_DROP_NO_DROP) {
sysLog(pMac, LOG1,
FL("Mgmt Frame %d being dropped, reason: %d\n"),
subType, dropReason);
MTRACE(macTrace(pMac, TRACE_CODE_RX_MGMT_DROP, NO_SESSION, dropReason));
goto fail;
}
mac_hdr = WDA_GET_RX_MAC_HEADER(pBd);
if (subType == SIR_MAC_MGMT_ASSOC_REQ) {
sysLog(pMac, LOG1,
FL("ASSOC REQ frame allowed: da: " MAC_ADDRESS_STR ", sa: " MAC_ADDRESS_STR ", bssid: " MAC_ADDRESS_STR ", Assoc Req count so far: %d\n"),
MAC_ADDR_ARRAY(mac_hdr->da),
MAC_ADDR_ARRAY(mac_hdr->sa),
MAC_ADDR_ARRAY(mac_hdr->bssId),
pMac->sys.gSysFrameCount[type][subType]);
}
if (subType == SIR_MAC_MGMT_DEAUTH)
{
sysLog(pMac, LOG1,
FL("DEAUTH frame allowed: da: " MAC_ADDRESS_STR ", sa: " MAC_ADDRESS_STR ", bssid: " MAC_ADDRESS_STR ", DEAUTH count so far: %d\n"),
MAC_ADDR_ARRAY(mac_hdr->da),
MAC_ADDR_ARRAY(mac_hdr->sa),
MAC_ADDR_ARRAY(mac_hdr->bssId),
pMac->sys.gSysFrameCount[type][subType]);
}
if (subType == SIR_MAC_MGMT_DISASSOC)
{
sysLog(pMac, LOG1,
FL("DISASSOC frame allowed: da: " MAC_ADDRESS_STR ", sa: " MAC_ADDRESS_STR ", bssid: " MAC_ADDRESS_STR ", DISASSOC count so far: %d\n"),
MAC_ADDR_ARRAY(mac_hdr->da),
MAC_ADDR_ARRAY(mac_hdr->sa),
MAC_ADDR_ARRAY(mac_hdr->bssId),
pMac->sys.gSysFrameCount[type][subType]);
}
//Post the message to PE Queue
ret = (tSirRetStatus) limPostMsgApi(pMac, pMsg);
if (ret != eSIR_SUCCESS)
{
/* Print only one debug failure out of 512 failure messages */
if(pMac->sys.gSysBbtReceived & 0x0200)
sysLog(pMac, LOGE,
FL("posting to LIM2 failed, ret %d"), ret);
goto fail;
}
pMac->sys.gSysBbtPostedToLim++;
}
else if (type == SIR_MAC_DATA_FRAME)
{
#ifdef FEATURE_WLAN_ESE
sysLog(pMac, LOGW, FL("IAPP Frame...\n"));
//Post the message to PE Queue
ret = (tSirRetStatus) limPostMsgApi(pMac, pMsg);
if (ret != eSIR_SUCCESS)
{
sysLog(pMac, LOGE, FL("posting to LIM2 failed, ret %d\n"), ret);
goto fail;
}
pMac->sys.gSysBbtPostedToLim++;
#endif
}
else
{
sysLog(pMac, LOG3, "BBT received Invalid type %d subType %d "
"LIM state %X. BD dump is:\n",
type, subType, limGetSmeState(pMac));
sirDumpBuf(pMac, SIR_SYS_MODULE_ID, LOG3,
(tANI_U8 *) pBd, WLANHAL_RX_BD_HEADER_SIZE);
goto fail;
}
return eSIR_SUCCESS;
fail:
pMac->sys.gSysBbtDropped++;
return eSIR_FAILURE;
}
