git://ftp.safe.ca / safe / jmp / linux-2.6 / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Staging: comedi: Give the addi_apci_* drivers different driver names
[safe/jmp/linux-2.6] / drivers / staging / vt6655 / wmgr.c
1 /*
2  * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
3  * All rights reserved.
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 2 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License along
16  * with this program; if not, write to the Free Software Foundation, Inc.,
17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18  *
19  *
20  * File: wmgr.c
21  *
22  * Purpose: Handles the 802.11 management functions
23  *
24  * Author: Lyndon Chen
25  *
26  * Date: May 8, 2002
27  *
28  * Functions:
29  *      nsMgrObjectInitial - Initialize Management Objet data structure
30  *      vMgrObjectReset - Reset Management Objet data structure
31  *      vMgrAssocBeginSta - Start associate function
32  *      vMgrReAssocBeginSta - Start reassociate function
33  *      vMgrDisassocBeginSta - Start disassociate function
34  *      s_vMgrRxAssocRequest - Handle Rcv associate_request
35  *      s_vMgrRxAssocResponse - Handle Rcv associate_response
36  *      vMrgAuthenBeginSta - Start authentication function
37  *      vMgrDeAuthenDeginSta - Start deauthentication function
38  *      s_vMgrRxAuthentication - Handle Rcv authentication
39  *      s_vMgrRxAuthenSequence_1 - Handle Rcv authentication sequence 1
40  *      s_vMgrRxAuthenSequence_2 - Handle Rcv authentication sequence 2
41  *      s_vMgrRxAuthenSequence_3 - Handle Rcv authentication sequence 3
42  *      s_vMgrRxAuthenSequence_4 - Handle Rcv authentication sequence 4
43  *      s_vMgrRxDisassociation - Handle Rcv disassociation
44  *      s_vMgrRxBeacon - Handle Rcv Beacon
45  *      vMgrCreateOwnIBSS - Create ad_hoc IBSS or AP BSS
46  *      vMgrJoinBSSBegin - Join BSS function
47  *      s_vMgrSynchBSS - Synch & adopt BSS parameters
48  *      s_MgrMakeBeacon - Create Baecon frame
49  *      s_MgrMakeProbeResponse - Create Probe Response frame
50  *      s_MgrMakeAssocRequest - Create Associate Request frame
51  *      s_MgrMakeReAssocRequest - Create ReAssociate Request frame
52  *      s_vMgrRxProbeResponse - Handle Rcv probe_response
53  *      s_vMrgRxProbeRequest - Handle Rcv probe_request
54  *      bMgrPrepareBeaconToSend - Prepare Beacon frame
55  *      s_vMgrLogStatus - Log 802.11 Status
56  *      vMgrRxManagePacket - Rcv management frame dispatch function
57  *      s_vMgrFormatTIM- Assember TIM field of beacon
58  *      vMgrTimerInit- Initial 1-sec and command call back funtions
59  *
60  * Revision History:
61  *
62  */
63
64 #include "tmacro.h"
65 #include "desc.h"
66 #include "device.h"
67 #include "card.h"
68 #include "80211hdr.h"
69 #include "80211mgr.h"
70 #include "wmgr.h"
71 #include "wcmd.h"
72 #include "mac.h"
73 #include "bssdb.h"
74 #include "power.h"
75 #include "datarate.h"
76 #include "baseband.h"
77 #include "rxtx.h"
78 #include "wpa.h"
79 #include "rf.h"
80 #include "iowpa.h"
81
82 #define PLICE_DEBUG
83
84 /*---------------------  Static Definitions -------------------------*/
85
86
87
88 /*---------------------  Static Classes  ----------------------------*/
89
90 /*---------------------  Static Variables  --------------------------*/
91 static int          msglevel                =MSG_LEVEL_INFO;
92 //static int          msglevel                =MSG_LEVEL_DEBUG;
93
94 /*---------------------  Static Functions  --------------------------*/
95 //2008-8-4 <add> by chester
96 static BOOL ChannelExceedZoneType(
97     PSDevice pDevice,
98     BYTE byCurrChannel
99     );
100
101 // Association/diassociation functions
102 static
103 PSTxMgmtPacket
104 s_MgrMakeAssocRequest(
105     PSDevice pDevice,
106     PSMgmtObject pMgmt,
107     PBYTE pDAddr,
108     WORD wCurrCapInfo,
109     WORD wListenInterval,
110     PWLAN_IE_SSID pCurrSSID,
111     PWLAN_IE_SUPP_RATES pCurrRates,
112     PWLAN_IE_SUPP_RATES pCurrExtSuppRates
113     );
114
115 static
116 void
117 s_vMgrRxAssocRequest(
118     PSDevice pDevice,
119     PSMgmtObject pMgmt,
120     PSRxMgmtPacket pRxPacket,
121     UINT  uNodeIndex
122     );
123
124 static
125 PSTxMgmtPacket
126 s_MgrMakeReAssocRequest(
127     PSDevice pDevice,
128     PSMgmtObject pMgmt,
129     PBYTE pDAddr,
130     WORD wCurrCapInfo,
131     WORD wListenInterval,
132     PWLAN_IE_SSID pCurrSSID,
133     PWLAN_IE_SUPP_RATES pCurrRates,
134     PWLAN_IE_SUPP_RATES pCurrExtSuppRates
135     );
136
137 static
138 void
139 s_vMgrRxAssocResponse(
140     PSDevice pDevice,
141     PSMgmtObject pMgmt,
142     PSRxMgmtPacket pRxPacket,
143     BOOL bReAssocType
144     );
145
146 static
147 void
148 s_vMgrRxDisassociation(
149     PSDevice pDevice,
150     PSMgmtObject pMgmt,
151     PSRxMgmtPacket pRxPacket
152     );
153
154 // Authentication/deauthen functions
155 static
156 void
157 s_vMgrRxAuthenSequence_1(
158     PSDevice pDevice,
159     PSMgmtObject pMgmt,
160     PWLAN_FR_AUTHEN pFrame
161     );
162
163 static
164 void
165 s_vMgrRxAuthenSequence_2(
166     PSDevice pDevice,
167     PSMgmtObject pMgmt,
168     PWLAN_FR_AUTHEN pFrame
169     );
170
171 static
172 void
173 s_vMgrRxAuthenSequence_3(
174     PSDevice pDevice,
175     PSMgmtObject pMgmt,
176     PWLAN_FR_AUTHEN pFrame
177     );
178
179 static
180 void
181 s_vMgrRxAuthenSequence_4(
182     PSDevice pDevice,
183     PSMgmtObject pMgmt,
184     PWLAN_FR_AUTHEN pFrame
185     );
186
187 static
188 void
189 s_vMgrRxAuthentication(
190     PSDevice pDevice,
191     PSMgmtObject pMgmt,
192     PSRxMgmtPacket pRxPacket
193     );
194
195 static
196 void
197 s_vMgrRxDeauthentication(
198     PSDevice pDevice,
199     PSMgmtObject pMgmt,
200     PSRxMgmtPacket pRxPacket
201     );
202
203 // Scan functions
204 // probe request/response functions
205 static
206 void
207 s_vMgrRxProbeRequest(
208     PSDevice pDevice,
209     PSMgmtObject pMgmt,
210     PSRxMgmtPacket pRxPacket
211     );
212
213 static
214 void
215 s_vMgrRxProbeResponse(
216     PSDevice pDevice,
217     PSMgmtObject pMgmt,
218     PSRxMgmtPacket pRxPacket
219     );
220
221 // beacon functions
222 static
223 void
224 s_vMgrRxBeacon(
225     PSDevice pDevice,
226     PSMgmtObject pMgmt,
227     PSRxMgmtPacket pRxPacket,
228     BOOL bInScan
229     );
230
231 static
232 void
233 s_vMgrFormatTIM(
234     PSMgmtObject pMgmt,
235     PWLAN_IE_TIM pTIM
236     );
237
238 static
239 PSTxMgmtPacket
240 s_MgrMakeBeacon(
241     PSDevice pDevice,
242     PSMgmtObject pMgmt,
243     WORD wCurrCapInfo,
244     WORD wCurrBeaconPeriod,
245     UINT uCurrChannel,
246     WORD wCurrATIMWinodw,
247     PWLAN_IE_SSID pCurrSSID,
248     PBYTE pCurrBSSID,
249     PWLAN_IE_SUPP_RATES pCurrSuppRates,
250     PWLAN_IE_SUPP_RATES pCurrExtSuppRates
251     );
252
253
254 // Association response
255 static
256 PSTxMgmtPacket
257 s_MgrMakeAssocResponse(
258     PSDevice pDevice,
259     PSMgmtObject pMgmt,
260     WORD wCurrCapInfo,
261     WORD wAssocStatus,
262     WORD wAssocAID,
263     PBYTE pDstAddr,
264     PWLAN_IE_SUPP_RATES pCurrSuppRates,
265     PWLAN_IE_SUPP_RATES pCurrExtSuppRates
266     );
267
268 // ReAssociation response
269 static
270 PSTxMgmtPacket
271 s_MgrMakeReAssocResponse(
272     PSDevice pDevice,
273     PSMgmtObject pMgmt,
274     WORD wCurrCapInfo,
275     WORD wAssocStatus,
276     WORD wAssocAID,
277     PBYTE pDstAddr,
278     PWLAN_IE_SUPP_RATES pCurrSuppRates,
279     PWLAN_IE_SUPP_RATES pCurrExtSuppRates
280     );
281
282 // Probe response
283 static
284 PSTxMgmtPacket
285 s_MgrMakeProbeResponse(
286     PSDevice pDevice,
287     PSMgmtObject pMgmt,
288     WORD wCurrCapInfo,
289     WORD wCurrBeaconPeriod,
290     UINT uCurrChannel,
291     WORD wCurrATIMWinodw,
292     PBYTE pDstAddr,
293     PWLAN_IE_SSID pCurrSSID,
294     PBYTE pCurrBSSID,
295     PWLAN_IE_SUPP_RATES pCurrSuppRates,
296     PWLAN_IE_SUPP_RATES pCurrExtSuppRates,
297     BYTE byPHYType
298     );
299
300 // received status
301 static
302 void
303 s_vMgrLogStatus(
304     PSMgmtObject pMgmt,
305     WORD wStatus
306     );
307
308
309 static
310 void
311 s_vMgrSynchBSS (
312     PSDevice      pDevice,
313     UINT          uBSSMode,
314     PKnownBSS     pCurr,
315     PCMD_STATUS  pStatus
316     );
317
318
319 static BOOL
320 s_bCipherMatch (
321     PKnownBSS                        pBSSNode,
322     NDIS_802_11_ENCRYPTION_STATUS    EncStatus,
323     PBYTE                           pbyCCSPK,
324     PBYTE                           pbyCCSGK
325     );
326
327  static void  Encyption_Rebuild(
328     PSDevice pDevice,
329     PKnownBSS pCurr
330  );
331
332
333
334 /*---------------------  Export Variables  --------------------------*/
335
336
337 /*---------------------  Export Functions  --------------------------*/
338
339
340 /*+
341  *
342  * Routine Description:
343  *    Allocates and initializes the Management object.
344  *
345  * Return Value:
346  *    Ndis_staus.
347  *
348 -*/
349
350 void
351 vMgrObjectInit(
352     void *hDeviceContext
353     )
354 {
355     PSDevice     pDevice = (PSDevice)hDeviceContext;
356     PSMgmtObject    pMgmt = pDevice->pMgmt;
357     int ii;
358
359
360     pMgmt->pbyPSPacketPool = &pMgmt->byPSPacketPool[0];
361     pMgmt->pbyMgmtPacketPool = &pMgmt->byMgmtPacketPool[0];
362     pMgmt->uCurrChannel = pDevice->uChannel;
363     for(ii=0;ii<WLAN_BSSID_LEN;ii++) {
364         pMgmt->abyDesireBSSID[ii] = 0xFF;
365     }
366     pMgmt->sAssocInfo.AssocInfo.Length = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
367     //memset(pMgmt->abyDesireSSID, 0, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN +1);
368     pMgmt->byCSSPK = KEY_CTL_NONE;
369     pMgmt->byCSSGK = KEY_CTL_NONE;
370     pMgmt->wIBSSBeaconPeriod = DEFAULT_IBSS_BI;
371     BSSvClearBSSList((void *)pDevice, FALSE);
372
373     return;
374 }
375
376 /*+
377  *
378  * Routine Description:
379  *    Initializes timer object
380  *
381  * Return Value:
382  *    Ndis_staus.
383  *
384 -*/
385
386 void
387 vMgrTimerInit(
388     void *hDeviceContext
389     )
390 {
391     PSDevice     pDevice = (PSDevice)hDeviceContext;
392     PSMgmtObject    pMgmt = pDevice->pMgmt;
393
394
395     init_timer(&pMgmt->sTimerSecondCallback);
396     pMgmt->sTimerSecondCallback.data = (ULONG)pDevice;
397     pMgmt->sTimerSecondCallback.function = (TimerFunction)BSSvSecondCallBack;
398     pMgmt->sTimerSecondCallback.expires = RUN_AT(HZ);
399
400     init_timer(&pDevice->sTimerCommand);
401     pDevice->sTimerCommand.data = (ULONG)pDevice;
402     pDevice->sTimerCommand.function = (TimerFunction)vCommandTimer;
403     pDevice->sTimerCommand.expires = RUN_AT(HZ);
404
405    #ifdef TxInSleep
406     init_timer(&pDevice->sTimerTxData);
407     pDevice->sTimerTxData.data = (ULONG)pDevice;
408     pDevice->sTimerTxData.function = (TimerFunction)BSSvSecondTxData;
409     pDevice->sTimerTxData.expires = RUN_AT(10*HZ);      //10s callback
410     pDevice->fTxDataInSleep = FALSE;
411     pDevice->IsTxDataTrigger = FALSE;
412     pDevice->nTxDataTimeCout = 0;
413    #endif
414
415     pDevice->cbFreeCmdQueue = CMD_Q_SIZE;
416     pDevice->uCmdDequeueIdx = 0;
417     pDevice->uCmdEnqueueIdx = 0;
418
419     return;
420 }
421
422
423
424 /*+
425  *
426  * Routine Description:
427  *    Reset the management object  structure.
428  *
429  * Return Value:
430  *    None.
431  *
432 -*/
433
434 void
435 vMgrObjectReset(
436     void *hDeviceContext
437     )
438 {
439     PSDevice         pDevice = (PSDevice)hDeviceContext;
440     PSMgmtObject        pMgmt = pDevice->pMgmt;
441
442     pMgmt->eCurrMode = WMAC_MODE_STANDBY;
443     pMgmt->eCurrState = WMAC_STATE_IDLE;
444     pDevice->bEnablePSMode = FALSE;
445     // TODO: timer
446
447     return;
448 }
449
450
451 /*+
452  *
453  * Routine Description:
454  *    Start the station association procedure.  Namely, send an
455  *    association request frame to the AP.
456  *
457  * Return Value:
458  *    None.
459  *
460 -*/
461
462
463 void
464 vMgrAssocBeginSta(
465     void *hDeviceContext,
466     PSMgmtObject pMgmt,
467     PCMD_STATUS pStatus
468     )
469 {
470     PSDevice             pDevice = (PSDevice)hDeviceContext;
471     PSTxMgmtPacket          pTxPacket;
472
473
474     pMgmt->wCurrCapInfo = 0;
475     pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_ESS(1);
476     if (pDevice->bEncryptionEnable) {
477         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_PRIVACY(1);
478     }
479     // always allow receive short preamble
480     //if (pDevice->byPreambleType == 1) {
481     //    pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
482     //}
483     pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
484     if (pMgmt->wListenInterval == 0)
485         pMgmt->wListenInterval = 1;    // at least one.
486
487     // ERP Phy (802.11g) should support short preamble.
488     if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
489         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
490         if (CARDbIsShorSlotTime(pMgmt->pAdapter) == TRUE) {
491             pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTSLOTTIME(1);
492         }
493     } else if (pMgmt->eCurrentPHYMode == PHY_TYPE_11B) {
494         if (CARDbIsShortPreamble(pMgmt->pAdapter) == TRUE) {
495             pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
496         }
497     }
498     if (pMgmt->b11hEnable == TRUE)
499         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SPECTRUMMNG(1);
500
501     /* build an assocreq frame and send it */
502     pTxPacket = s_MgrMakeAssocRequest
503                 (
504                   pDevice,
505                   pMgmt,
506                   pMgmt->abyCurrBSSID,
507                   pMgmt->wCurrCapInfo,
508                   pMgmt->wListenInterval,
509                   (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
510                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
511                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
512                 );
513
514     if (pTxPacket != NULL ){
515         /* send the frame */
516         *pStatus = csMgmt_xmit(pDevice, pTxPacket);
517         if (*pStatus == CMD_STATUS_PENDING) {
518             pMgmt->eCurrState = WMAC_STATE_ASSOCPENDING;
519             *pStatus = CMD_STATUS_SUCCESS;
520         }
521     }
522     else
523         *pStatus = CMD_STATUS_RESOURCES;
524
525     return ;
526 }
527
528
529 /*+
530  *
531  * Routine Description:
532  *    Start the station re-association procedure.
533  *
534  * Return Value:
535  *    None.
536  *
537 -*/
538
539 void
540 vMgrReAssocBeginSta(
541     void *hDeviceContext,
542     PSMgmtObject pMgmt,
543     PCMD_STATUS pStatus
544     )
545 {
546     PSDevice             pDevice = (PSDevice)hDeviceContext;
547     PSTxMgmtPacket          pTxPacket;
548
549
550
551     pMgmt->wCurrCapInfo = 0;
552     pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_ESS(1);
553     if (pDevice->bEncryptionEnable) {
554         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_PRIVACY(1);
555     }
556
557     //if (pDevice->byPreambleType == 1) {
558     //    pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
559     //}
560     pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
561
562     if (pMgmt->wListenInterval == 0)
563         pMgmt->wListenInterval = 1;    // at least one.
564
565
566     // ERP Phy (802.11g) should support short preamble.
567     if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
568         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
569         if (CARDbIsShorSlotTime(pMgmt->pAdapter) == TRUE) {
570             pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTSLOTTIME(1);
571         }
572     } else if (pMgmt->eCurrentPHYMode == PHY_TYPE_11B) {
573         if (CARDbIsShortPreamble(pMgmt->pAdapter) == TRUE) {
574             pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
575         }
576     }
577     if (pMgmt->b11hEnable == TRUE)
578         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SPECTRUMMNG(1);
579
580
581     pTxPacket = s_MgrMakeReAssocRequest
582                 (
583                   pDevice,
584                   pMgmt,
585                   pMgmt->abyCurrBSSID,
586                   pMgmt->wCurrCapInfo,
587                   pMgmt->wListenInterval,
588                   (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
589                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
590                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
591                 );
592
593     if (pTxPacket != NULL ){
594         /* send the frame */
595         *pStatus = csMgmt_xmit(pDevice, pTxPacket);
596         if (*pStatus != CMD_STATUS_PENDING) {
597             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Reassociation tx failed.\n");
598         }
599         else {
600             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Reassociation tx sending.\n");
601         }
602     }
603
604
605     return ;
606 }
607
608 /*+
609  *
610  * Routine Description:
611  *    Send an dis-association request frame to the AP.
612  *
613  * Return Value:
614  *    None.
615  *
616 -*/
617
618 void
619 vMgrDisassocBeginSta(
620     void *hDeviceContext,
621     PSMgmtObject pMgmt,
622     PBYTE  abyDestAddress,
623     WORD    wReason,
624     PCMD_STATUS pStatus
625     )
626 {
627     PSDevice            pDevice = (PSDevice)hDeviceContext;
628     PSTxMgmtPacket      pTxPacket = NULL;
629     WLAN_FR_DISASSOC    sFrame;
630
631     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
632     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_DISASSOC_FR_MAXLEN);
633     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
634
635     // Setup the sFrame structure
636     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
637     sFrame.len = WLAN_DISASSOC_FR_MAXLEN;
638
639     // format fixed field frame structure
640     vMgrEncodeDisassociation(&sFrame);
641
642     // Setup the header
643     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
644         (
645         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
646         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_DISASSOC)
647         ));
648
649     memcpy( sFrame.pHdr->sA3.abyAddr1, abyDestAddress, WLAN_ADDR_LEN);
650     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
651     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
652
653     // Set reason code
654     *(sFrame.pwReason) = cpu_to_le16(wReason);
655     pTxPacket->cbMPDULen = sFrame.len;
656     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
657
658     // send the frame
659     *pStatus = csMgmt_xmit(pDevice, pTxPacket);
660     if (*pStatus == CMD_STATUS_PENDING) {
661         pMgmt->eCurrState = WMAC_STATE_IDLE;
662         *pStatus = CMD_STATUS_SUCCESS;
663     };
664
665     return;
666 }
667
668
669
670 /*+
671  *
672  * Routine Description:(AP function)
673  *    Handle incoming station association request frames.
674  *
675  * Return Value:
676  *    None.
677  *
678 -*/
679
680 static
681 void
682 s_vMgrRxAssocRequest(
683     PSDevice pDevice,
684     PSMgmtObject pMgmt,
685     PSRxMgmtPacket pRxPacket,
686     UINT uNodeIndex
687     )
688 {
689     WLAN_FR_ASSOCREQ    sFrame;
690     CMD_STATUS          Status;
691     PSTxMgmtPacket      pTxPacket;
692     WORD                wAssocStatus = 0;
693     WORD                wAssocAID = 0;
694     UINT                uRateLen = WLAN_RATES_MAXLEN;
695     BYTE                abyCurrSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
696     BYTE                abyCurrExtSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
697
698
699     if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP)
700         return;
701     //  node index not found
702     if (!uNodeIndex)
703         return;
704
705     //check if node is authenticated
706     //decode the frame
707     memset(&sFrame, 0, sizeof(WLAN_FR_ASSOCREQ));
708     memset(abyCurrSuppRates, 0, WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1);
709     memset(abyCurrExtSuppRates, 0, WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1);
710     sFrame.len = pRxPacket->cbMPDULen;
711     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
712
713     vMgrDecodeAssocRequest(&sFrame);
714
715     if (pMgmt->sNodeDBTable[uNodeIndex].eNodeState >= NODE_AUTH) {
716         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_ASSOC;
717         pMgmt->sNodeDBTable[uNodeIndex].wCapInfo = cpu_to_le16(*sFrame.pwCapInfo);
718         pMgmt->sNodeDBTable[uNodeIndex].wListenInterval = cpu_to_le16(*sFrame.pwListenInterval);
719         pMgmt->sNodeDBTable[uNodeIndex].bPSEnable =
720                 WLAN_GET_FC_PWRMGT(sFrame.pHdr->sA3.wFrameCtl) ? TRUE : FALSE;
721         // Todo: check sta basic rate, if ap can't support, set status code
722         if (pDevice->eCurrentPHYType == PHY_TYPE_11B) {
723             uRateLen = WLAN_RATES_MAXLEN_11B;
724         }
725         abyCurrSuppRates[0] = WLAN_EID_SUPP_RATES;
726         abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
727                                          (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
728                                          uRateLen);
729         abyCurrExtSuppRates[0] = WLAN_EID_EXTSUPP_RATES;
730         if (pDevice->eCurrentPHYType == PHY_TYPE_11G) {
731             abyCurrExtSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pExtSuppRates,
732                                                 (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
733                                                 uRateLen);
734         } else {
735             abyCurrExtSuppRates[1] = 0;
736         }
737
738
739         RATEvParseMaxRate((void *)pDevice,
740                            (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
741                            (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
742                            FALSE, // do not change our basic rate
743                            &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
744                            &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
745                            &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
746                            &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
747                            &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
748                           );
749
750         // set max tx rate
751         pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate =
752                 pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate;
753 #ifdef  PLICE_DEBUG
754         printk("RxAssocRequest:wTxDataRate is %d\n",pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate);
755 #endif
756                 // Todo: check sta preamble, if ap can't support, set status code
757         pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble =
758                 WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo);
759         pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime =
760                 WLAN_GET_CAP_INFO_SHORTSLOTTIME(*sFrame.pwCapInfo);
761         pMgmt->sNodeDBTable[uNodeIndex].wAID = (WORD)uNodeIndex;
762         wAssocStatus = WLAN_MGMT_STATUS_SUCCESS;
763         wAssocAID = (WORD)uNodeIndex;
764         // check if ERP support
765         if(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate > RATE_11M)
766            pMgmt->sNodeDBTable[uNodeIndex].bERPExist = TRUE;
767
768         if (pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate <= RATE_11M) {
769             // B only STA join
770             pDevice->bProtectMode = TRUE;
771             pDevice->bNonERPPresent = TRUE;
772         }
773         if (pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble == FALSE) {
774             pDevice->bBarkerPreambleMd = TRUE;
775         }
776
777         DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "Associate AID= %d \n", wAssocAID);
778         DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "MAC=%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X \n",
779                    sFrame.pHdr->sA3.abyAddr2[0],
780                    sFrame.pHdr->sA3.abyAddr2[1],
781                    sFrame.pHdr->sA3.abyAddr2[2],
782                    sFrame.pHdr->sA3.abyAddr2[3],
783                    sFrame.pHdr->sA3.abyAddr2[4],
784                    sFrame.pHdr->sA3.abyAddr2[5]
785                   ) ;
786         DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "Max Support rate = %d \n",
787                    pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate);
788     }//else { TODO: received STA under state1 handle }
789     else {
790         return;
791     }
792
793
794     // assoc response reply..
795     pTxPacket = s_MgrMakeAssocResponse
796                 (
797                   pDevice,
798                   pMgmt,
799                   pMgmt->wCurrCapInfo,
800                   wAssocStatus,
801                   wAssocAID,
802                   sFrame.pHdr->sA3.abyAddr2,
803                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
804                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
805                 );
806     if (pTxPacket != NULL ){
807
808         if (pDevice->bEnableHostapd) {
809             return;
810         }
811         /* send the frame */
812         Status = csMgmt_xmit(pDevice, pTxPacket);
813         if (Status != CMD_STATUS_PENDING) {
814             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Assoc response tx failed\n");
815         }
816         else {
817             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Assoc response tx sending..\n");
818         }
819
820     }
821
822     return;
823 }
824
825
826 /*+
827  *
828  * Description:(AP function)
829  *      Handle incoming station re-association request frames.
830  *
831  * Parameters:
832  *  In:
833  *      pMgmt           - Management Object structure
834  *      pRxPacket       - Received Packet
835  *  Out:
836  *      none
837  *
838  * Return Value: None.
839  *
840 -*/
841
842 static
843 void
844 s_vMgrRxReAssocRequest(
845     PSDevice pDevice,
846     PSMgmtObject pMgmt,
847     PSRxMgmtPacket pRxPacket,
848     UINT uNodeIndex
849     )
850 {
851     WLAN_FR_REASSOCREQ    sFrame;
852     CMD_STATUS          Status;
853     PSTxMgmtPacket      pTxPacket;
854     WORD                wAssocStatus = 0;
855     WORD                wAssocAID = 0;
856     UINT                uRateLen = WLAN_RATES_MAXLEN;
857     BYTE                abyCurrSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
858     BYTE                abyCurrExtSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
859
860     if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP)
861         return;
862     //  node index not found
863     if (!uNodeIndex)
864         return;
865     //check if node is authenticated
866     //decode the frame
867     memset(&sFrame, 0, sizeof(WLAN_FR_REASSOCREQ));
868     sFrame.len = pRxPacket->cbMPDULen;
869     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
870     vMgrDecodeReassocRequest(&sFrame);
871
872     if (pMgmt->sNodeDBTable[uNodeIndex].eNodeState >= NODE_AUTH) {
873         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_ASSOC;
874         pMgmt->sNodeDBTable[uNodeIndex].wCapInfo = cpu_to_le16(*sFrame.pwCapInfo);
875         pMgmt->sNodeDBTable[uNodeIndex].wListenInterval = cpu_to_le16(*sFrame.pwListenInterval);
876         pMgmt->sNodeDBTable[uNodeIndex].bPSEnable =
877                 WLAN_GET_FC_PWRMGT(sFrame.pHdr->sA3.wFrameCtl) ? TRUE : FALSE;
878         // Todo: check sta basic rate, if ap can't support, set status code
879
880         if (pDevice->eCurrentPHYType == PHY_TYPE_11B) {
881             uRateLen = WLAN_RATES_MAXLEN_11B;
882         }
883
884         abyCurrSuppRates[0] = WLAN_EID_SUPP_RATES;
885         abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
886                                          (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
887                                          uRateLen);
888         abyCurrExtSuppRates[0] = WLAN_EID_EXTSUPP_RATES;
889         if (pDevice->eCurrentPHYType == PHY_TYPE_11G) {
890             abyCurrExtSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pExtSuppRates,
891                                                 (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
892                                                 uRateLen);
893         } else {
894             abyCurrExtSuppRates[1] = 0;
895         }
896
897
898         RATEvParseMaxRate((void *)pDevice,
899                           (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
900                           (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
901                            FALSE, // do not change our basic rate
902                            &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
903                            &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
904                            &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
905                            &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
906                            &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
907                           );
908
909         // set max tx rate
910         pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate =
911                 pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate;
912 #ifdef  PLICE_DEBUG
913         printk("RxReAssocRequest:TxDataRate is %d\n",pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate);
914 #endif
915                 // Todo: check sta preamble, if ap can't support, set status code
916         pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble =
917                 WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo);
918         pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime =
919                 WLAN_GET_CAP_INFO_SHORTSLOTTIME(*sFrame.pwCapInfo);
920         pMgmt->sNodeDBTable[uNodeIndex].wAID = (WORD)uNodeIndex;
921         wAssocStatus = WLAN_MGMT_STATUS_SUCCESS;
922         wAssocAID = (WORD)uNodeIndex;
923
924         // if suppurt ERP
925         if(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate > RATE_11M)
926            pMgmt->sNodeDBTable[uNodeIndex].bERPExist = TRUE;
927
928         if (pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate <= RATE_11M) {
929             // B only STA join
930             pDevice->bProtectMode = TRUE;
931             pDevice->bNonERPPresent = TRUE;
932         }
933         if (pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble == FALSE) {
934             pDevice->bBarkerPreambleMd = TRUE;
935         }
936
937         DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "Rx ReAssociate AID= %d \n", wAssocAID);
938         DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "MAC=%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X \n",
939                    sFrame.pHdr->sA3.abyAddr2[0],
940                    sFrame.pHdr->sA3.abyAddr2[1],
941                    sFrame.pHdr->sA3.abyAddr2[2],
942                    sFrame.pHdr->sA3.abyAddr2[3],
943                    sFrame.pHdr->sA3.abyAddr2[4],
944                    sFrame.pHdr->sA3.abyAddr2[5]
945                   ) ;
946         DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "Max Support rate = %d \n",
947                    pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate);
948
949     }
950
951
952     // assoc response reply..
953     pTxPacket = s_MgrMakeReAssocResponse
954                 (
955                   pDevice,
956                   pMgmt,
957                   pMgmt->wCurrCapInfo,
958                   wAssocStatus,
959                   wAssocAID,
960                   sFrame.pHdr->sA3.abyAddr2,
961                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
962                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
963                 );
964
965     if (pTxPacket != NULL ){
966         /* send the frame */
967         if (pDevice->bEnableHostapd) {
968             return;
969         }
970         Status = csMgmt_xmit(pDevice, pTxPacket);
971         if (Status != CMD_STATUS_PENDING) {
972             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:ReAssoc response tx failed\n");
973         }
974         else {
975             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:ReAssoc response tx sending..\n");
976         }
977     }
978     return;
979 }
980
981
982 /*+
983  *
984  * Routine Description:
985  *    Handle incoming association response frames.
986  *
987  * Return Value:
988  *    None.
989  *
990 -*/
991
992 static
993 void
994 s_vMgrRxAssocResponse(
995     PSDevice pDevice,
996     PSMgmtObject pMgmt,
997     PSRxMgmtPacket pRxPacket,
998     BOOL bReAssocType
999     )
1000 {
1001     WLAN_FR_ASSOCRESP   sFrame;
1002     PWLAN_IE_SSID   pItemSSID;
1003     PBYTE   pbyIEs;
1004     viawget_wpa_header *wpahdr;
1005
1006
1007
1008     if (pMgmt->eCurrState == WMAC_STATE_ASSOCPENDING ||
1009          pMgmt->eCurrState == WMAC_STATE_ASSOC) {
1010
1011         sFrame.len = pRxPacket->cbMPDULen;
1012         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1013         // decode the frame
1014         vMgrDecodeAssocResponse(&sFrame);
1015         if ((sFrame.pwCapInfo == 0) ||
1016             (sFrame.pwStatus == 0) ||
1017             (sFrame.pwAid == 0) ||
1018             (sFrame.pSuppRates == 0)){
1019             DBG_PORT80(0xCC);
1020             return;
1021         };
1022
1023         pMgmt->sAssocInfo.AssocInfo.ResponseFixedIEs.Capabilities = *(sFrame.pwCapInfo);
1024         pMgmt->sAssocInfo.AssocInfo.ResponseFixedIEs.StatusCode = *(sFrame.pwStatus);
1025         pMgmt->sAssocInfo.AssocInfo.ResponseFixedIEs.AssociationId = *(sFrame.pwAid);
1026         pMgmt->sAssocInfo.AssocInfo.AvailableResponseFixedIEs |= 0x07;
1027
1028         pMgmt->sAssocInfo.AssocInfo.ResponseIELength = sFrame.len - 24 - 6;
1029         pMgmt->sAssocInfo.AssocInfo.OffsetResponseIEs = pMgmt->sAssocInfo.AssocInfo.OffsetRequestIEs + pMgmt->sAssocInfo.AssocInfo.RequestIELength;
1030         pbyIEs = pMgmt->sAssocInfo.abyIEs;
1031         pbyIEs += pMgmt->sAssocInfo.AssocInfo.RequestIELength;
1032         memcpy(pbyIEs, (sFrame.pBuf + 24 +6), pMgmt->sAssocInfo.AssocInfo.ResponseIELength);
1033
1034         // save values and set current BSS state
1035         if (cpu_to_le16((*(sFrame.pwStatus))) == WLAN_MGMT_STATUS_SUCCESS ){
1036             // set AID
1037             pMgmt->wCurrAID = cpu_to_le16((*(sFrame.pwAid)));
1038             if ( (pMgmt->wCurrAID >> 14) != (BIT0 | BIT1) )
1039             {
1040                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AID from AP, has two msb clear.\n");
1041             };
1042             DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "Association Successful, AID=%d.\n", pMgmt->wCurrAID & ~(BIT14|BIT15));
1043             pMgmt->eCurrState = WMAC_STATE_ASSOC;
1044             BSSvUpdateAPNode((void *)pDevice, sFrame.pwCapInfo, sFrame.pSuppRates, sFrame.pExtSuppRates);
1045             pItemSSID = (PWLAN_IE_SSID)pMgmt->abyCurrSSID;
1046             DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "Link with AP(SSID): %s\n", pItemSSID->abySSID);
1047             pDevice->bLinkPass = TRUE;
1048             pDevice->uBBVGADiffCount = 0;
1049             if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
1050           if(skb_tailroom(pDevice->skb) <(sizeof(viawget_wpa_header)+pMgmt->sAssocInfo.AssocInfo.ResponseIELength+
1051                                                                          pMgmt->sAssocInfo.AssocInfo.RequestIELength)) {    //data room not enough
1052                      dev_kfree_skb(pDevice->skb);
1053                    pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1054                 }
1055                 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
1056                 wpahdr->type = VIAWGET_ASSOC_MSG;
1057                 wpahdr->resp_ie_len = pMgmt->sAssocInfo.AssocInfo.ResponseIELength;
1058                 wpahdr->req_ie_len = pMgmt->sAssocInfo.AssocInfo.RequestIELength;
1059                 memcpy(pDevice->skb->data + sizeof(viawget_wpa_header), pMgmt->sAssocInfo.abyIEs, wpahdr->req_ie_len);
1060                 memcpy(pDevice->skb->data + sizeof(viawget_wpa_header) + wpahdr->req_ie_len,
1061                        pbyIEs,
1062                        wpahdr->resp_ie_len
1063                        );
1064                 skb_put(pDevice->skb, sizeof(viawget_wpa_header) + wpahdr->resp_ie_len + wpahdr->req_ie_len);
1065                 pDevice->skb->dev = pDevice->wpadev;
1066                 skb_reset_mac_header(pDevice->skb);
1067                 pDevice->skb->pkt_type = PACKET_HOST;
1068                 pDevice->skb->protocol = htons(ETH_P_802_2);
1069                 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
1070                 netif_rx(pDevice->skb);
1071                 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1072             }
1073
1074 //2008-0409-07, <Add> by Einsn Liu
1075 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1076         //if(pDevice->bWPADevEnable == TRUE)
1077                 {
1078                 BYTE buf[512];
1079                 size_t len;
1080                 union iwreq_data  wrqu;
1081                 int we_event;
1082
1083                 memset(buf, 0, 512);
1084
1085                 len = pMgmt->sAssocInfo.AssocInfo.RequestIELength;
1086                 if(len) {
1087                         memcpy(buf, pMgmt->sAssocInfo.abyIEs, len);
1088                         memset(&wrqu, 0, sizeof (wrqu));
1089                         wrqu.data.length = len;
1090                         we_event = IWEVASSOCREQIE;
1091                         wireless_send_event(pDevice->dev, we_event, &wrqu, buf);
1092                 }
1093
1094                 memset(buf, 0, 512);
1095                 len = pMgmt->sAssocInfo.AssocInfo.ResponseIELength;
1096
1097                 if(len) {
1098                         memcpy(buf, pbyIEs, len);
1099                         memset(&wrqu, 0, sizeof (wrqu));
1100                         wrqu.data.length = len;
1101                         we_event = IWEVASSOCRESPIE;
1102                         wireless_send_event(pDevice->dev, we_event, &wrqu, buf);
1103                 }
1104
1105
1106   memset(&wrqu, 0, sizeof (wrqu));
1107         memcpy(wrqu.ap_addr.sa_data, &pMgmt->abyCurrBSSID[0], ETH_ALEN);
1108         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1109         wireless_send_event(pDevice->dev, SIOCGIWAP, &wrqu, NULL);
1110         }
1111 #endif //#ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1112 //End Add -- //2008-0409-07, <Add> by Einsn Liu
1113                 }
1114         else {
1115             if (bReAssocType) {
1116                 pMgmt->eCurrState = WMAC_STATE_IDLE;
1117             }
1118             else {
1119                 // jump back to the auth state and indicate the error
1120                 pMgmt->eCurrState = WMAC_STATE_AUTH;
1121             }
1122             s_vMgrLogStatus(pMgmt,cpu_to_le16((*(sFrame.pwStatus))));
1123         }
1124
1125     }
1126
1127 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1128 //need clear flags related to Networkmanager
1129
1130               pDevice->bwextcount = 0;
1131               pDevice->bWPASuppWextEnabled = FALSE;
1132 #endif
1133
1134
1135 if(pMgmt->eCurrState == WMAC_STATE_ASSOC)
1136       timer_expire(pDevice->sTimerCommand, 0);
1137     return;
1138 }
1139
1140
1141
1142 /*+
1143  *
1144  * Routine Description:
1145  *    Start the station authentication procedure.  Namely, send an
1146  *    authentication frame to the AP.
1147  *
1148  * Return Value:
1149  *    None.
1150  *
1151 -*/
1152
1153 void
1154 vMgrAuthenBeginSta(
1155     void *hDeviceContext,
1156     PSMgmtObject  pMgmt,
1157     PCMD_STATUS pStatus
1158     )
1159 {
1160     PSDevice     pDevice = (PSDevice)hDeviceContext;
1161     WLAN_FR_AUTHEN  sFrame;
1162     PSTxMgmtPacket  pTxPacket = NULL;
1163
1164     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1165     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1166     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1167     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1168     sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1169     vMgrEncodeAuthen(&sFrame);
1170     /* insert values */
1171     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1172         (
1173         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1174         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)
1175         ));
1176     memcpy( sFrame.pHdr->sA3.abyAddr1, pMgmt->abyCurrBSSID, WLAN_ADDR_LEN);
1177     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1178     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1179     if (pMgmt->bShareKeyAlgorithm)
1180         *(sFrame.pwAuthAlgorithm) = cpu_to_le16(WLAN_AUTH_ALG_SHAREDKEY);
1181     else
1182         *(sFrame.pwAuthAlgorithm) = cpu_to_le16(WLAN_AUTH_ALG_OPENSYSTEM);
1183
1184     *(sFrame.pwAuthSequence) = cpu_to_le16(1);
1185     /* Adjust the length fields */
1186     pTxPacket->cbMPDULen = sFrame.len;
1187     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1188
1189     *pStatus = csMgmt_xmit(pDevice, pTxPacket);
1190     if (*pStatus == CMD_STATUS_PENDING){
1191         pMgmt->eCurrState = WMAC_STATE_AUTHPENDING;
1192         *pStatus = CMD_STATUS_SUCCESS;
1193     }
1194
1195     return ;
1196 }
1197
1198
1199
1200 /*+
1201  *
1202  * Routine Description:
1203  *    Start the station(AP) deauthentication procedure.  Namely, send an
1204  *    deauthentication frame to the AP or Sta.
1205  *
1206  * Return Value:
1207  *    None.
1208  *
1209 -*/
1210
1211 void
1212 vMgrDeAuthenBeginSta(
1213     void *hDeviceContext,
1214     PSMgmtObject  pMgmt,
1215     PBYTE  abyDestAddress,
1216     WORD    wReason,
1217     PCMD_STATUS pStatus
1218     )
1219 {
1220     PSDevice            pDevice = (PSDevice)hDeviceContext;
1221     WLAN_FR_DEAUTHEN    sFrame;
1222     PSTxMgmtPacket      pTxPacket = NULL;
1223
1224
1225     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1226     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_DEAUTHEN_FR_MAXLEN);
1227     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1228     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1229     sFrame.len = WLAN_DEAUTHEN_FR_MAXLEN;
1230     vMgrEncodeDeauthen(&sFrame);
1231     /* insert values */
1232     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1233         (
1234         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1235         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_DEAUTHEN)
1236         ));
1237
1238     memcpy( sFrame.pHdr->sA3.abyAddr1, abyDestAddress, WLAN_ADDR_LEN);
1239     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1240     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1241
1242     *(sFrame.pwReason) = cpu_to_le16(wReason);       // deauthen. bcs left BSS
1243     /* Adjust the length fields */
1244     pTxPacket->cbMPDULen = sFrame.len;
1245     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1246
1247     *pStatus = csMgmt_xmit(pDevice, pTxPacket);
1248     if (*pStatus == CMD_STATUS_PENDING){
1249         *pStatus = CMD_STATUS_SUCCESS;
1250     }
1251
1252
1253     return ;
1254 }
1255
1256
1257 /*+
1258  *
1259  * Routine Description:
1260  *    Handle incoming authentication frames.
1261  *
1262  * Return Value:
1263  *    None.
1264  *
1265 -*/
1266
1267 static
1268 void
1269 s_vMgrRxAuthentication(
1270     PSDevice pDevice,
1271     PSMgmtObject pMgmt,
1272     PSRxMgmtPacket pRxPacket
1273     )
1274 {
1275     WLAN_FR_AUTHEN  sFrame;
1276
1277     // we better be an AP or a STA in AUTHPENDING otherwise ignore
1278     if (!(pMgmt->eCurrMode == WMAC_MODE_ESS_AP ||
1279           pMgmt->eCurrState == WMAC_STATE_AUTHPENDING)) {
1280         return;
1281     }
1282
1283     // decode the frame
1284     sFrame.len = pRxPacket->cbMPDULen;
1285     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1286     vMgrDecodeAuthen(&sFrame);
1287     switch (cpu_to_le16((*(sFrame.pwAuthSequence )))){
1288         case 1:
1289             //AP funciton
1290             s_vMgrRxAuthenSequence_1(pDevice,pMgmt, &sFrame);
1291             break;
1292         case 2:
1293             s_vMgrRxAuthenSequence_2(pDevice, pMgmt, &sFrame);
1294             break;
1295         case 3:
1296             //AP funciton
1297             s_vMgrRxAuthenSequence_3(pDevice, pMgmt, &sFrame);
1298             break;
1299         case 4:
1300             s_vMgrRxAuthenSequence_4(pDevice, pMgmt, &sFrame);
1301             break;
1302         default:
1303             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Auth Sequence error, seq = %d\n",
1304                         cpu_to_le16((*(sFrame.pwAuthSequence))));
1305             break;
1306     }
1307     return;
1308 }
1309
1310
1311
1312 /*+
1313  *
1314  * Routine Description:
1315  *   Handles incoming authen frames with sequence 1.  Currently
1316  *   assumes we're an AP.  So far, no one appears to use authentication
1317  *   in Ad-Hoc mode.
1318  *
1319  * Return Value:
1320  *    None.
1321  *
1322 -*/
1323
1324
1325 static
1326 void
1327 s_vMgrRxAuthenSequence_1(
1328     PSDevice pDevice,
1329     PSMgmtObject pMgmt,
1330     PWLAN_FR_AUTHEN pFrame
1331      )
1332 {
1333     PSTxMgmtPacket      pTxPacket = NULL;
1334     UINT                uNodeIndex;
1335     WLAN_FR_AUTHEN      sFrame;
1336     PSKeyItem           pTransmitKey;
1337
1338     // Insert a Node entry
1339     if (!BSSDBbIsSTAInNodeDB(pMgmt, pFrame->pHdr->sA3.abyAddr2, &uNodeIndex)) {
1340         BSSvCreateOneNode((PSDevice)pDevice, &uNodeIndex);
1341         memcpy(pMgmt->sNodeDBTable[uNodeIndex].abyMACAddr, pFrame->pHdr->sA3.abyAddr2,
1342                WLAN_ADDR_LEN);
1343     }
1344
1345     if (pMgmt->bShareKeyAlgorithm) {
1346         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_KNOWN;
1347         pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence = 1;
1348     }
1349     else {
1350         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_AUTH;
1351     }
1352
1353     // send auth reply
1354     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1355     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1356     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1357     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1358     sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1359     // format buffer structure
1360     vMgrEncodeAuthen(&sFrame);
1361     // insert values
1362     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1363          (
1364          WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1365          WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)|
1366          WLAN_SET_FC_ISWEP(0)
1367          ));
1368     memcpy( sFrame.pHdr->sA3.abyAddr1, pFrame->pHdr->sA3.abyAddr2, WLAN_ADDR_LEN);
1369     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1370     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1371     *(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
1372     *(sFrame.pwAuthSequence) = cpu_to_le16(2);
1373
1374     if (cpu_to_le16(*(pFrame->pwAuthAlgorithm)) == WLAN_AUTH_ALG_SHAREDKEY) {
1375         if (pMgmt->bShareKeyAlgorithm)
1376             *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_SUCCESS);
1377         else
1378             *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_UNSUPPORTED_AUTHALG);
1379     }
1380     else {
1381         if (pMgmt->bShareKeyAlgorithm)
1382             *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_UNSUPPORTED_AUTHALG);
1383         else
1384             *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_SUCCESS);
1385     }
1386
1387     if (pMgmt->bShareKeyAlgorithm &&
1388         (cpu_to_le16(*(sFrame.pwStatus)) == WLAN_MGMT_STATUS_SUCCESS)) {
1389
1390         sFrame.pChallenge = (PWLAN_IE_CHALLENGE)(sFrame.pBuf + sFrame.len);
1391         sFrame.len += WLAN_CHALLENGE_IE_LEN;
1392         sFrame.pChallenge->byElementID = WLAN_EID_CHALLENGE;
1393         sFrame.pChallenge->len = WLAN_CHALLENGE_LEN;
1394         memset(pMgmt->abyChallenge, 0, WLAN_CHALLENGE_LEN);
1395         // get group key
1396         if(KeybGetTransmitKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, GROUP_KEY, &pTransmitKey) == TRUE) {
1397             rc4_init(&pDevice->SBox, pDevice->abyPRNG, pTransmitKey->uKeyLength+3);
1398             rc4_encrypt(&pDevice->SBox, pMgmt->abyChallenge, pMgmt->abyChallenge, WLAN_CHALLENGE_LEN);
1399         }
1400         memcpy(sFrame.pChallenge->abyChallenge, pMgmt->abyChallenge , WLAN_CHALLENGE_LEN);
1401     }
1402
1403     /* Adjust the length fields */
1404     pTxPacket->cbMPDULen = sFrame.len;
1405     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1406     // send the frame
1407     if (pDevice->bEnableHostapd) {
1408         return;
1409     }
1410     DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_1 tx.. \n");
1411     if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
1412         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_1 tx failed.\n");
1413     }
1414     return;
1415 }
1416
1417
1418
1419 /*+
1420  *
1421  * Routine Description:
1422  *   Handles incoming auth frames with sequence number 2.  Currently
1423  *   assumes we're a station.
1424  *
1425  *
1426  * Return Value:
1427  *    None.
1428  *
1429 -*/
1430
1431 static
1432 void
1433 s_vMgrRxAuthenSequence_2(
1434     PSDevice pDevice,
1435     PSMgmtObject pMgmt,
1436     PWLAN_FR_AUTHEN pFrame
1437     )
1438 {
1439     WLAN_FR_AUTHEN      sFrame;
1440     PSTxMgmtPacket      pTxPacket = NULL;
1441
1442
1443     switch (cpu_to_le16((*(pFrame->pwAuthAlgorithm))))
1444     {
1445         case WLAN_AUTH_ALG_OPENSYSTEM:
1446             if ( cpu_to_le16((*(pFrame->pwStatus))) == WLAN_MGMT_STATUS_SUCCESS ){
1447                 DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (OPEN) Successful.\n");
1448                 pMgmt->eCurrState = WMAC_STATE_AUTH;
1449          timer_expire(pDevice->sTimerCommand, 0);
1450             }
1451             else {
1452                 DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (OPEN) Failed.\n");
1453                 s_vMgrLogStatus(pMgmt, cpu_to_le16((*(pFrame->pwStatus))));
1454                 pMgmt->eCurrState = WMAC_STATE_IDLE;
1455             }
1456             if (pDevice->eCommandState == WLAN_AUTHENTICATE_WAIT ) {
1457 //                spin_unlock_irq(&pDevice->lock);
1458 //                vCommandTimerWait((void *)pDevice, 0);
1459 //                spin_lock_irq(&pDevice->lock);
1460             }
1461
1462             break;
1463
1464         case WLAN_AUTH_ALG_SHAREDKEY:
1465
1466             if (cpu_to_le16((*(pFrame->pwStatus))) == WLAN_MGMT_STATUS_SUCCESS) {
1467                 pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1468                 memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1469                 pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1470                 sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1471                 sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1472                 // format buffer structure
1473                 vMgrEncodeAuthen(&sFrame);
1474                 // insert values
1475                 sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1476                      (
1477                      WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1478                      WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)|
1479                      WLAN_SET_FC_ISWEP(1)
1480                      ));
1481                 memcpy( sFrame.pHdr->sA3.abyAddr1, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1482                 memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1483                 memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1484                 *(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
1485                 *(sFrame.pwAuthSequence) = cpu_to_le16(3);
1486                 *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_SUCCESS);
1487                 sFrame.pChallenge = (PWLAN_IE_CHALLENGE)(sFrame.pBuf + sFrame.len);
1488                 sFrame.len += WLAN_CHALLENGE_IE_LEN;
1489                 sFrame.pChallenge->byElementID = WLAN_EID_CHALLENGE;
1490                 sFrame.pChallenge->len = WLAN_CHALLENGE_LEN;
1491                 memcpy( sFrame.pChallenge->abyChallenge, pFrame->pChallenge->abyChallenge, WLAN_CHALLENGE_LEN);
1492                 // Adjust the length fields
1493                 pTxPacket->cbMPDULen = sFrame.len;
1494                 pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1495                 // send the frame
1496                 if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
1497                     DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Auth_reply sequence_2 tx failed.\n");
1498                 }
1499                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Auth_reply sequence_2 tx ...\n");
1500             }
1501             else {
1502                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:rx Auth_reply sequence_2 status error ...\n");
1503                 if ( pDevice->eCommandState == WLAN_AUTHENTICATE_WAIT ) {
1504 //                    spin_unlock_irq(&pDevice->lock);
1505 //                    vCommandTimerWait((void *)pDevice, 0);
1506 //                    spin_lock_irq(&pDevice->lock);
1507                 }
1508                 s_vMgrLogStatus(pMgmt, cpu_to_le16((*(pFrame->pwStatus))));
1509             }
1510             break;
1511         default:
1512             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt: rx auth.seq = 2 unknown AuthAlgorithm=%d\n", cpu_to_le16((*(pFrame->pwAuthAlgorithm))));
1513             break;
1514     }
1515     return;
1516 }
1517
1518
1519
1520 /*+
1521  *
1522  * Routine Description:
1523  *   Handles incoming authen frames with sequence 3.  Currently
1524  *   assumes we're an AP.  This function assumes the frame has
1525  *   already been successfully decrypted.
1526  *
1527  *
1528  * Return Value:
1529  *    None.
1530  *
1531 -*/
1532
1533 static
1534 void
1535 s_vMgrRxAuthenSequence_3(
1536     PSDevice pDevice,
1537     PSMgmtObject pMgmt,
1538     PWLAN_FR_AUTHEN pFrame
1539     )
1540 {
1541     PSTxMgmtPacket      pTxPacket = NULL;
1542     UINT                uStatusCode = 0 ;
1543     UINT                uNodeIndex = 0;
1544     WLAN_FR_AUTHEN      sFrame;
1545
1546     if (!WLAN_GET_FC_ISWEP(pFrame->pHdr->sA3.wFrameCtl)) {
1547         uStatusCode = WLAN_MGMT_STATUS_CHALLENGE_FAIL;
1548         goto reply;
1549     }
1550     if (BSSDBbIsSTAInNodeDB(pMgmt, pFrame->pHdr->sA3.abyAddr2, &uNodeIndex)) {
1551          if (pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence != 1) {
1552             uStatusCode = WLAN_MGMT_STATUS_RX_AUTH_NOSEQ;
1553             goto reply;
1554          }
1555          if (memcmp(pMgmt->abyChallenge, pFrame->pChallenge->abyChallenge, WLAN_CHALLENGE_LEN) != 0) {
1556             uStatusCode = WLAN_MGMT_STATUS_CHALLENGE_FAIL;
1557             goto reply;
1558          }
1559     }
1560     else {
1561         uStatusCode = WLAN_MGMT_STATUS_UNSPEC_FAILURE;
1562         goto reply;
1563     }
1564
1565     if (uNodeIndex) {
1566         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_AUTH;
1567         pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence = 0;
1568     }
1569     uStatusCode = WLAN_MGMT_STATUS_SUCCESS;
1570     DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Challenge text check ok..\n");
1571
1572 reply:
1573     // send auth reply
1574     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1575     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1576     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1577     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1578     sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1579     // format buffer structure
1580     vMgrEncodeAuthen(&sFrame);
1581     /* insert values */
1582     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1583          (
1584          WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1585          WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)|
1586          WLAN_SET_FC_ISWEP(0)
1587          ));
1588     memcpy( sFrame.pHdr->sA3.abyAddr1, pFrame->pHdr->sA3.abyAddr2, WLAN_ADDR_LEN);
1589     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1590     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1591     *(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
1592     *(sFrame.pwAuthSequence) = cpu_to_le16(4);
1593     *(sFrame.pwStatus) = cpu_to_le16(uStatusCode);
1594
1595     /* Adjust the length fields */
1596     pTxPacket->cbMPDULen = sFrame.len;
1597     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1598     // send the frame
1599     if (pDevice->bEnableHostapd) {
1600         return;
1601     }
1602     if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
1603         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_4 tx failed.\n");
1604     }
1605     return;
1606
1607 }
1608
1609
1610
1611 /*+
1612  *
1613  * Routine Description:
1614  *   Handles incoming authen frames with sequence 4
1615  *
1616  *
1617  * Return Value:
1618  *    None.
1619  *
1620 -*/
1621 static
1622 void
1623 s_vMgrRxAuthenSequence_4(
1624     PSDevice pDevice,
1625     PSMgmtObject pMgmt,
1626     PWLAN_FR_AUTHEN pFrame
1627     )
1628 {
1629
1630     if ( cpu_to_le16((*(pFrame->pwStatus))) == WLAN_MGMT_STATUS_SUCCESS ){
1631         DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (SHAREDKEY) Successful.\n");
1632         pMgmt->eCurrState = WMAC_STATE_AUTH;
1633           timer_expire(pDevice->sTimerCommand, 0);
1634     }
1635     else{
1636         DBG_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (SHAREDKEY) Failed.\n");
1637         s_vMgrLogStatus(pMgmt, cpu_to_le16((*(pFrame->pwStatus))) );
1638         pMgmt->eCurrState = WMAC_STATE_IDLE;
1639     }
1640
1641     if ( pDevice->eCommandState == WLAN_AUTHENTICATE_WAIT ) {
1642 //        spin_unlock_irq(&pDevice->lock);
1643 //        vCommandTimerWait((void *)pDevice, 0);
1644 //        spin_lock_irq(&pDevice->lock);
1645     }
1646
1647 }
1648
1649 /*+
1650  *
1651  * Routine Description:
1652  *   Handles incoming disassociation frames
1653  *
1654  *
1655  * Return Value:
1656  *    None.
1657  *
1658 -*/
1659
1660 static
1661 void
1662 s_vMgrRxDisassociation(
1663     PSDevice pDevice,
1664     PSMgmtObject pMgmt,
1665     PSRxMgmtPacket pRxPacket
1666     )
1667 {
1668     WLAN_FR_DISASSOC    sFrame;
1669     UINT        uNodeIndex = 0;
1670 //    CMD_STATUS          CmdStatus;
1671     viawget_wpa_header *wpahdr;
1672
1673     if ( pMgmt->eCurrMode == WMAC_MODE_ESS_AP ){
1674         // if is acting an AP..
1675         // a STA is leaving this BSS..
1676         sFrame.len = pRxPacket->cbMPDULen;
1677         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1678         if (BSSDBbIsSTAInNodeDB(pMgmt, pRxPacket->p80211Header->sA3.abyAddr2, &uNodeIndex)) {
1679             BSSvRemoveOneNode(pDevice, uNodeIndex);
1680         }
1681         else {
1682             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rx disassoc, sta not found\n");
1683         }
1684     }
1685     else if (pMgmt->eCurrMode == WMAC_MODE_ESS_STA ){
1686         sFrame.len = pRxPacket->cbMPDULen;
1687         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1688         vMgrDecodeDisassociation(&sFrame);
1689         DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "AP disassociated me, reason=%d.\n", cpu_to_le16(*(sFrame.pwReason)));
1690         //TODO: do something let upper layer know or
1691         //try to send associate packet again because of inactivity timeout
1692       //  if (pMgmt->eCurrState == WMAC_STATE_ASSOC) {
1693        //     vMgrReAssocBeginSta((PSDevice)pDevice, pMgmt, &CmdStatus);
1694       //  };
1695         if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
1696              wpahdr = (viawget_wpa_header *)pDevice->skb->data;
1697              wpahdr->type = VIAWGET_DISASSOC_MSG;
1698              wpahdr->resp_ie_len = 0;
1699              wpahdr->req_ie_len = 0;
1700              skb_put(pDevice->skb, sizeof(viawget_wpa_header));
1701              pDevice->skb->dev = pDevice->wpadev;
1702              skb_reset_mac_header(pDevice->skb);
1703
1704              pDevice->skb->pkt_type = PACKET_HOST;
1705              pDevice->skb->protocol = htons(ETH_P_802_2);
1706              memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
1707              netif_rx(pDevice->skb);
1708              pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1709          };
1710
1711  #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1712   // if(pDevice->bWPASuppWextEnabled == TRUE)
1713       {
1714         union iwreq_data  wrqu;
1715         memset(&wrqu, 0, sizeof (wrqu));
1716         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1717         printk("wireless_send_event--->SIOCGIWAP(disassociated)\n");
1718         wireless_send_event(pDevice->dev, SIOCGIWAP, &wrqu, NULL);
1719      }
1720   #endif
1721     }
1722     /* else, ignore it */
1723
1724     return;
1725 }
1726
1727
1728 /*+
1729  *
1730  * Routine Description:
1731  *   Handles incoming deauthentication frames
1732  *
1733  *
1734  * Return Value:
1735  *    None.
1736  *
1737 -*/
1738
1739 static
1740 void
1741 s_vMgrRxDeauthentication(
1742     PSDevice pDevice,
1743     PSMgmtObject pMgmt,
1744     PSRxMgmtPacket pRxPacket
1745     )
1746 {
1747     WLAN_FR_DEAUTHEN    sFrame;
1748     UINT        uNodeIndex = 0;
1749     viawget_wpa_header *wpahdr;
1750
1751
1752     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP ){
1753         //Todo:
1754         // if is acting an AP..
1755         // a STA is leaving this BSS..
1756         sFrame.len = pRxPacket->cbMPDULen;
1757         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1758         if (BSSDBbIsSTAInNodeDB(pMgmt, pRxPacket->p80211Header->sA3.abyAddr2, &uNodeIndex)) {
1759             BSSvRemoveOneNode(pDevice, uNodeIndex);
1760         }
1761         else {
1762             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Rx deauth, sta not found\n");
1763         }
1764     }
1765     else {
1766         if (pMgmt->eCurrMode == WMAC_MODE_ESS_STA ) {
1767             sFrame.len = pRxPacket->cbMPDULen;
1768             sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1769             vMgrDecodeDeauthen(&sFrame);
1770             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO  "AP deauthed me, reason=%d.\n", cpu_to_le16((*(sFrame.pwReason))));
1771             // TODO: update BSS list for specific BSSID if pre-authentication case
1772             if (IS_ETH_ADDRESS_EQUAL(sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID)) {
1773                 if (pMgmt->eCurrState >= WMAC_STATE_AUTHPENDING) {
1774                     pMgmt->sNodeDBTable[0].bActive = FALSE;
1775                     pMgmt->eCurrMode = WMAC_MODE_STANDBY;
1776                     pMgmt->eCurrState = WMAC_STATE_IDLE;
1777                     netif_stop_queue(pDevice->dev);
1778                     pDevice->bLinkPass = FALSE;
1779                 }
1780             };
1781
1782             if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
1783                  wpahdr = (viawget_wpa_header *)pDevice->skb->data;
1784                  wpahdr->type = VIAWGET_DISASSOC_MSG;
1785                  wpahdr->resp_ie_len = 0;
1786                  wpahdr->req_ie_len = 0;
1787                  skb_put(pDevice->skb, sizeof(viawget_wpa_header));
1788                  pDevice->skb->dev = pDevice->wpadev;
1789                  skb_reset_mac_header(pDevice->skb);
1790                  pDevice->skb->pkt_type = PACKET_HOST;
1791                  pDevice->skb->protocol = htons(ETH_P_802_2);
1792                  memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
1793                  netif_rx(pDevice->skb);
1794                  pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1795            };
1796
1797    #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1798   // if(pDevice->bWPASuppWextEnabled == TRUE)
1799       {
1800         union iwreq_data  wrqu;
1801         memset(&wrqu, 0, sizeof (wrqu));
1802         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1803         PRINT_K("wireless_send_event--->SIOCGIWAP(disauthen)\n");
1804         wireless_send_event(pDevice->dev, SIOCGIWAP, &wrqu, NULL);
1805      }
1806   #endif
1807
1808         }
1809         /* else, ignore it.  TODO: IBSS authentication service
1810             would be implemented here */
1811     };
1812     return;
1813 }
1814
1815
1816 //2008-8-4 <add> by chester
1817 /*+
1818  *
1819  * Routine Description:
1820  * check if current channel is match ZoneType.
1821  *for USA:1~11;
1822  *      Japan:1~13;
1823  *      Europe:1~13
1824  * Return Value:
1825  *               True:exceed;
1826  *                False:normal case
1827 -*/
1828 static BOOL
1829 ChannelExceedZoneType(
1830     PSDevice pDevice,
1831     BYTE byCurrChannel
1832     )
1833 {
1834   BOOL exceed=FALSE;
1835
1836   switch(pDevice->byZoneType) {
1837         case 0x00:                  //USA:1~11
1838                      if((byCurrChannel<1) ||(byCurrChannel>11))
1839                         exceed = TRUE;
1840                  break;
1841         case 0x01:                  //Japan:1~13
1842         case 0x02:                  //Europe:1~13
1843                      if((byCurrChannel<1) ||(byCurrChannel>13))
1844                         exceed = TRUE;
1845                  break;
1846         default:                    //reserve for other zonetype
1847                 break;
1848   }
1849
1850   return exceed;
1851 }
1852
1853
1854 /*+
1855  *
1856  * Routine Description:
1857  *   Handles and analysis incoming beacon frames.
1858  *
1859  *
1860  * Return Value:
1861  *    None.
1862  *
1863 -*/
1864
1865 static
1866 void
1867 s_vMgrRxBeacon(
1868     PSDevice pDevice,
1869     PSMgmtObject pMgmt,
1870     PSRxMgmtPacket pRxPacket,
1871     BOOL bInScan
1872     )
1873 {
1874
1875     PKnownBSS           pBSSList;
1876     WLAN_FR_BEACON      sFrame;
1877     QWORD               qwTSFOffset;
1878     BOOL                bIsBSSIDEqual = FALSE;
1879     BOOL                bIsSSIDEqual = FALSE;
1880     BOOL                bTSFLargeDiff = FALSE;
1881     BOOL                bTSFOffsetPostive = FALSE;
1882     BOOL                bUpdateTSF = FALSE;
1883     BOOL                bIsAPBeacon = FALSE;
1884     BOOL                bIsChannelEqual = FALSE;
1885     UINT                uLocateByteIndex;
1886     BYTE                byTIMBitOn = 0;
1887     WORD                wAIDNumber = 0;
1888     UINT                uNodeIndex;
1889     QWORD               qwTimestamp, qwLocalTSF;
1890     QWORD               qwCurrTSF;
1891     WORD                wStartIndex = 0;
1892     WORD                wAIDIndex = 0;
1893     BYTE                byCurrChannel = pRxPacket->byRxChannel;
1894     ERPObject           sERP;
1895     UINT                uRateLen = WLAN_RATES_MAXLEN;
1896     BOOL                bChannelHit = FALSE;
1897     BOOL                bUpdatePhyParameter = FALSE;
1898     BYTE                byIEChannel = 0;
1899
1900
1901     memset(&sFrame, 0, sizeof(WLAN_FR_BEACON));
1902     sFrame.len = pRxPacket->cbMPDULen;
1903     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1904
1905     // decode the beacon frame
1906     vMgrDecodeBeacon(&sFrame);
1907
1908     if ((sFrame.pwBeaconInterval == 0) ||
1909         (sFrame.pwCapInfo == 0) ||
1910         (sFrame.pSSID == 0) ||
1911         (sFrame.pSuppRates == 0) ) {
1912         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rx beacon frame error\n");
1913         return;
1914     };
1915
1916
1917     if (sFrame.pDSParms != NULL) {
1918         if (byCurrChannel > CB_MAX_CHANNEL_24G) {
1919             // channel remapping to
1920             byIEChannel = CARDbyGetChannelMapping(pDevice, sFrame.pDSParms->byCurrChannel, PHY_TYPE_11A);
1921         } else {
1922             byIEChannel = sFrame.pDSParms->byCurrChannel;
1923         }
1924         if (byCurrChannel != byIEChannel) {
1925             // adjust channel info. bcs we rcv adjcent channel pakckets
1926             bChannelHit = FALSE;
1927             byCurrChannel = byIEChannel;
1928         }
1929     } else {
1930         // no DS channel info
1931         bChannelHit = TRUE;
1932     }
1933 //2008-0730-01<Add>by MikeLiu
1934 if(ChannelExceedZoneType(pDevice,byCurrChannel)==TRUE)
1935       return;
1936
1937     if (sFrame.pERP != NULL) {
1938         sERP.byERP = sFrame.pERP->byContext;
1939         sERP.bERPExist = TRUE;
1940
1941     } else {
1942         sERP.bERPExist = FALSE;
1943         sERP.byERP = 0;
1944     }
1945
1946     pBSSList = BSSpAddrIsInBSSList((void *)pDevice, sFrame.pHdr->sA3.abyAddr3, sFrame.pSSID);
1947     if (pBSSList == NULL) {
1948         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Beacon/insert: RxChannel = : %d\n", byCurrChannel);
1949         BSSbInsertToBSSList((void *)pDevice,
1950                             sFrame.pHdr->sA3.abyAddr3,
1951                             *sFrame.pqwTimestamp,
1952                             *sFrame.pwBeaconInterval,
1953                             *sFrame.pwCapInfo,
1954                             byCurrChannel,
1955                             sFrame.pSSID,
1956                             sFrame.pSuppRates,
1957                             sFrame.pExtSuppRates,
1958                             &sERP,
1959                             sFrame.pRSN,
1960                             sFrame.pRSNWPA,
1961                             sFrame.pIE_Country,
1962                             sFrame.pIE_Quiet,
1963                             sFrame.len - WLAN_HDR_ADDR3_LEN,
1964                             sFrame.pHdr->sA4.abyAddr4,   // payload of beacon
1965                             (void *)pRxPacket
1966                            );
1967     }
1968     else {
1969 //        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"update bcn: RxChannel = : %d\n", byCurrChannel);
1970         BSSbUpdateToBSSList((void *)pDevice,
1971                             *sFrame.pqwTimestamp,
1972                             *sFrame.pwBeaconInterval,
1973                             *sFrame.pwCapInfo,
1974                             byCurrChannel,
1975                             bChannelHit,
1976                             sFrame.pSSID,
1977                             sFrame.pSuppRates,
1978                             sFrame.pExtSuppRates,
1979                             &sERP,
1980                             sFrame.pRSN,
1981                             sFrame.pRSNWPA,
1982                             sFrame.pIE_Country,
1983                             sFrame.pIE_Quiet,
1984                             pBSSList,
1985                             sFrame.len - WLAN_HDR_ADDR3_LEN,
1986                             sFrame.pHdr->sA4.abyAddr4,   // payload of probresponse
1987                             (void *)pRxPacket
1988                            );
1989
1990     }
1991
1992     if (bInScan) {
1993         return;
1994     }
1995
1996     if(byCurrChannel == (BYTE)pMgmt->uCurrChannel)
1997        bIsChannelEqual = TRUE;
1998
1999     if (bIsChannelEqual && (pMgmt->eCurrMode == WMAC_MODE_ESS_AP)) {
2000
2001         // if rx beacon without ERP field
2002         if (sERP.bERPExist) {
2003             if (WLAN_GET_ERP_USE_PROTECTION(sERP.byERP)){
2004                 pDevice->byERPFlag |= WLAN_SET_ERP_USE_PROTECTION(1);
2005                 pDevice->wUseProtectCntDown = USE_PROTECT_PERIOD;
2006             }
2007         }
2008         else {
2009             pDevice->byERPFlag |= WLAN_SET_ERP_USE_PROTECTION(1);
2010             pDevice->wUseProtectCntDown = USE_PROTECT_PERIOD;
2011         }
2012
2013         if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
2014             if(!WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo))
2015                 pDevice->byERPFlag |= WLAN_SET_ERP_BARKER_MODE(1);
2016             if(!sERP.bERPExist)
2017                 pDevice->byERPFlag |= WLAN_SET_ERP_NONERP_PRESENT(1);
2018         }
2019
2020         // set to MAC&BBP
2021         if (WLAN_GET_ERP_USE_PROTECTION(pDevice->byERPFlag)){
2022             if (!pDevice->bProtectMode) {
2023                  MACvEnableProtectMD(pDevice->PortOffset);
2024                  pDevice->bProtectMode = TRUE;
2025             }
2026         }
2027     }
2028
2029
2030     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP)
2031         return;
2032
2033     // check if BSSID the same
2034     if (memcmp(sFrame.pHdr->sA3.abyAddr3,
2035                pMgmt->abyCurrBSSID,
2036                WLAN_BSSID_LEN) == 0) {
2037
2038         bIsBSSIDEqual = TRUE;
2039
2040 // 2008-05-21 <add> by Richardtai
2041         pDevice->uCurrRSSI = pRxPacket->uRSSI;
2042         pDevice->byCurrSQ = pRxPacket->bySQ;
2043
2044         if (pMgmt->sNodeDBTable[0].uInActiveCount != 0) {
2045             pMgmt->sNodeDBTable[0].uInActiveCount = 0;
2046             //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"BCN:Wake Count= [%d]\n", pMgmt->wCountToWakeUp);
2047         }
2048     }
2049     // check if SSID the same
2050     if (sFrame.pSSID->len == ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len) {
2051         if (memcmp(sFrame.pSSID->abySSID,
2052                    ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->abySSID,
2053                    sFrame.pSSID->len
2054                    ) == 0) {
2055             bIsSSIDEqual = TRUE;
2056         };
2057     }
2058
2059     if ((WLAN_GET_CAP_INFO_ESS(*sFrame.pwCapInfo)== TRUE) &&
2060         (bIsBSSIDEqual == TRUE) &&
2061         (bIsSSIDEqual == TRUE) &&
2062         (pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
2063         (pMgmt->eCurrState == WMAC_STATE_ASSOC)) {
2064         // add state check to prevent reconnect fail since we'll receive Beacon
2065
2066         bIsAPBeacon = TRUE;
2067
2068         if (pBSSList != NULL) {
2069
2070             // Compare PHY paramater setting
2071             if (pMgmt->wCurrCapInfo != pBSSList->wCapInfo) {
2072                 bUpdatePhyParameter = TRUE;
2073                 pMgmt->wCurrCapInfo = pBSSList->wCapInfo;
2074             }
2075             if (sFrame.pERP != NULL) {
2076                 if ((sFrame.pERP->byElementID == WLAN_EID_ERP) &&
2077                     (pMgmt->byERPContext != sFrame.pERP->byContext)) {
2078                     bUpdatePhyParameter = TRUE;
2079                     pMgmt->byERPContext = sFrame.pERP->byContext;
2080                 }
2081             }
2082             //
2083             // Basic Rate Set may change dynamiclly
2084             //
2085             if (pBSSList->eNetworkTypeInUse == PHY_TYPE_11B) {
2086                 uRateLen = WLAN_RATES_MAXLEN_11B;
2087             }
2088             pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)pBSSList->abySuppRates,
2089                                                     (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2090                                                     uRateLen);
2091             pMgmt->abyCurrExtSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)pBSSList->abyExtSuppRates,
2092                                                     (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates,
2093                                                     uRateLen);
2094             RATEvParseMaxRate( (void *)pDevice,
2095                                (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2096                                (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates,
2097                                TRUE,
2098                                &(pMgmt->sNodeDBTable[0].wMaxBasicRate),
2099                                &(pMgmt->sNodeDBTable[0].wMaxSuppRate),
2100                                &(pMgmt->sNodeDBTable[0].wSuppRate),
2101                                &(pMgmt->sNodeDBTable[0].byTopCCKBasicRate),
2102                                &(pMgmt->sNodeDBTable[0].byTopOFDMBasicRate)
2103                               );
2104 #ifdef  PLICE_DEBUG
2105                 //printk("RxBeacon:MaxSuppRate is %d\n",pMgmt->sNodeDBTable[0].wMaxSuppRate);
2106 #endif
2107                         if (bUpdatePhyParameter == TRUE) {
2108                 CARDbSetPhyParameter( pMgmt->pAdapter,
2109                                       pMgmt->eCurrentPHYMode,
2110                                       pMgmt->wCurrCapInfo,
2111                                       pMgmt->byERPContext,
2112                                       pMgmt->abyCurrSuppRates,
2113                                       pMgmt->abyCurrExtSuppRates
2114                                       );
2115             }
2116             if (sFrame.pIE_PowerConstraint != NULL) {
2117                 CARDvSetPowerConstraint(pMgmt->pAdapter,
2118                                         (BYTE) pBSSList->uChannel,
2119                                         sFrame.pIE_PowerConstraint->byPower
2120                                         );
2121             }
2122             if (sFrame.pIE_CHSW != NULL) {
2123                 CARDbChannelSwitch( pMgmt->pAdapter,
2124                                     sFrame.pIE_CHSW->byMode,
2125                                     CARDbyGetChannelMapping(pMgmt->pAdapter, sFrame.pIE_CHSW->byMode, pMgmt->eCurrentPHYMode),
2126                                     sFrame.pIE_CHSW->byCount
2127                                     );
2128
2129             } else if (bIsChannelEqual == FALSE) {
2130                 CARDbSetChannel(pMgmt->pAdapter, pBSSList->uChannel);
2131             }
2132         }
2133     }
2134
2135 //    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Beacon 2 \n");
2136     // check if CF field exisit
2137     if (WLAN_GET_CAP_INFO_ESS(*sFrame.pwCapInfo)) {
2138         if (sFrame.pCFParms->wCFPDurRemaining > 0) {
2139             // TODO: deal with CFP period to set NAV
2140         };
2141     };
2142
2143     HIDWORD(qwTimestamp) = cpu_to_le32(HIDWORD(*sFrame.pqwTimestamp));
2144     LODWORD(qwTimestamp) = cpu_to_le32(LODWORD(*sFrame.pqwTimestamp));
2145     HIDWORD(qwLocalTSF) = HIDWORD(pRxPacket->qwLocalTSF);
2146     LODWORD(qwLocalTSF) = LODWORD(pRxPacket->qwLocalTSF);
2147
2148     // check if beacon TSF larger or small than our local TSF
2149     if (HIDWORD(qwTimestamp) == HIDWORD(qwLocalTSF)) {
2150         if (LODWORD(qwTimestamp) >= LODWORD(qwLocalTSF)) {
2151             bTSFOffsetPostive = TRUE;
2152         }
2153         else {
2154             bTSFOffsetPostive = FALSE;
2155         }
2156     }
2157     else if (HIDWORD(qwTimestamp) > HIDWORD(qwLocalTSF)) {
2158         bTSFOffsetPostive = TRUE;
2159     }
2160     else if (HIDWORD(qwTimestamp) < HIDWORD(qwLocalTSF)) {
2161         bTSFOffsetPostive = FALSE;
2162     };
2163
2164     if (bTSFOffsetPostive) {
2165         qwTSFOffset = CARDqGetTSFOffset(pRxPacket->byRxRate, (qwTimestamp), (qwLocalTSF));
2166     }
2167     else {
2168         qwTSFOffset = CARDqGetTSFOffset(pRxPacket->byRxRate, (qwLocalTSF), (qwTimestamp));
2169     }
2170
2171     if (HIDWORD(qwTSFOffset) != 0 ||
2172         (LODWORD(qwTSFOffset) > TRIVIAL_SYNC_DIFFERENCE )) {
2173          bTSFLargeDiff = TRUE;
2174     }
2175
2176
2177     // if infra mode
2178     if (bIsAPBeacon == TRUE) {
2179
2180         // Infra mode: Local TSF always follow AP's TSF if Difference huge.
2181         if (bTSFLargeDiff)
2182             bUpdateTSF = TRUE;
2183
2184         if ((pDevice->bEnablePSMode == TRUE) &&(sFrame.pTIM != 0)) {
2185
2186             // deal with DTIM, analysis TIM
2187             pMgmt->bMulticastTIM = WLAN_MGMT_IS_MULTICAST_TIM(sFrame.pTIM->byBitMapCtl) ? TRUE : FALSE ;
2188             pMgmt->byDTIMCount = sFrame.pTIM->byDTIMCount;
2189             pMgmt->byDTIMPeriod = sFrame.pTIM->byDTIMPeriod;
2190             wAIDNumber = pMgmt->wCurrAID & ~(BIT14|BIT15);
2191
2192             // check if AID in TIM field bit on
2193             // wStartIndex = N1
2194             wStartIndex = WLAN_MGMT_GET_TIM_OFFSET(sFrame.pTIM->byBitMapCtl) << 1;
2195             // AIDIndex = N2
2196             wAIDIndex = (wAIDNumber >> 3);
2197             if ((wAIDNumber > 0) && (wAIDIndex >= wStartIndex)) {
2198                 uLocateByteIndex = wAIDIndex - wStartIndex;
2199                 // len = byDTIMCount + byDTIMPeriod + byDTIMPeriod + byVirtBitMap[0~250]
2200                 if (sFrame.pTIM->len >= (uLocateByteIndex + 4)) {
2201                     byTIMBitOn  = (0x01) << ((wAIDNumber) % 8);
2202                     pMgmt->bInTIM = sFrame.pTIM->byVirtBitMap[uLocateByteIndex] & byTIMBitOn ? TRUE : FALSE;
2203                 }
2204                 else {
2205                     pMgmt->bInTIM = FALSE;
2206                 };
2207             }
2208             else {
2209                 pMgmt->bInTIM = FALSE;
2210             };
2211
2212             if (pMgmt->bInTIM ||
2213                 (pMgmt->bMulticastTIM && (pMgmt->byDTIMCount == 0))) {
2214                 pMgmt->bInTIMWake = TRUE;
2215                 // send out ps-poll packet
2216 //                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN:In TIM\n");
2217                 if (pMgmt->bInTIM) {
2218                     PSvSendPSPOLL((PSDevice)pDevice);
2219 //                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN:PS-POLL sent..\n");
2220                 };
2221
2222             }
2223             else {
2224                 pMgmt->bInTIMWake = FALSE;
2225                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN: Not In TIM..\n");
2226                 if (pDevice->bPWBitOn == FALSE) {
2227                     DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN: Send Null Packet\n");
2228                     if (PSbSendNullPacket(pDevice))
2229                         pDevice->bPWBitOn = TRUE;
2230                 }
2231                 if(PSbConsiderPowerDown(pDevice, FALSE, FALSE)) {
2232                    DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN: Power down now...\n");
2233                 };
2234             }
2235
2236         }
2237
2238     }
2239     // if adhoc mode
2240     if ((pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) && !bIsAPBeacon && bIsChannelEqual) {
2241         if (bIsBSSIDEqual) {
2242             // Use sNodeDBTable[0].uInActiveCount as IBSS beacons received count.
2243                     if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
2244                             pMgmt->sNodeDBTable[0].uInActiveCount = 0;
2245
2246             // adhoc mode:TSF updated only when beacon larger then local TSF
2247             if (bTSFLargeDiff && bTSFOffsetPostive &&
2248                 (pMgmt->eCurrState == WMAC_STATE_JOINTED))
2249                 bUpdateTSF = TRUE;
2250
2251             // During dpc, already in spinlocked.
2252             if (BSSDBbIsSTAInNodeDB(pMgmt, sFrame.pHdr->sA3.abyAddr2, &uNodeIndex)) {
2253
2254                 // Update the STA, (Techically the Beacons of all the IBSS nodes
2255                         // should be identical, but that's not happening in practice.
2256                 pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
2257                                                         (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2258                                                         WLAN_RATES_MAXLEN_11B);
2259                 RATEvParseMaxRate( (void *)pDevice,
2260                                    (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2261                                    NULL,
2262                                    TRUE,
2263                                    &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
2264                                    &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
2265                                    &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
2266                                    &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
2267                                    &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
2268                                   );
2269                 pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble = WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo);
2270                 pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime = WLAN_GET_CAP_INFO_SHORTSLOTTIME(*sFrame.pwCapInfo);
2271                 pMgmt->sNodeDBTable[uNodeIndex].uInActiveCount = 0;
2272             }
2273             else {
2274                 // Todo, initial Node content
2275                 BSSvCreateOneNode((PSDevice)pDevice, &uNodeIndex);
2276
2277                 pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
2278                                                         (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2279                                                         WLAN_RATES_MAXLEN_11B);
2280                 RATEvParseMaxRate( (void *)pDevice,
2281                                    (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2282                                    NULL,
2283                                    TRUE,
2284                                    &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
2285                                    &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
2286                                    &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
2287                                    &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
2288                                    &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
2289                                  );
2290
2291                 memcpy(pMgmt->sNodeDBTable[uNodeIndex].abyMACAddr, sFrame.pHdr->sA3.abyAddr2, WLAN_ADDR_LEN);
2292                 pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble = WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo);
2293                 pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate = pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate;
2294 #ifdef  PLICE_DEBUG
2295                 //if (uNodeIndex == 0)
2296                 {
2297                         printk("s_vMgrRxBeacon:TxDataRate is %d,Index is %d\n",pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate,uNodeIndex);
2298                 }
2299 #endif
2300 /*
2301                 pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime = WLAN_GET_CAP_INFO_SHORTSLOTTIME(*sFrame.pwCapInfo);
2302                 if(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate > RATE_11M)
2303                        pMgmt->sNodeDBTable[uNodeIndex].bERPExist = TRUE;
2304 */
2305             }
2306
2307             // if other stations jointed, indicate connect to upper layer..
2308             if (pMgmt->eCurrState == WMAC_STATE_STARTED) {
2309                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Current IBSS State: [Started]........to: [Jointed] \n");
2310                 pMgmt->eCurrState = WMAC_STATE_JOINTED;
2311                 pDevice->bLinkPass = TRUE;
2312                 if (netif_queue_stopped(pDevice->dev)){
2313                     netif_wake_queue(pDevice->dev);
2314                 }
2315                 pMgmt->sNodeDBTable[0].bActive = TRUE;
2316                 pMgmt->sNodeDBTable[0].uInActiveCount = 0;
2317
2318             };
2319         }
2320         else if (bIsSSIDEqual) {
2321
2322             // See other adhoc sta with the same SSID but BSSID is different.
2323             // adpot this vars only when TSF larger then us.
2324             if (bTSFLargeDiff && bTSFOffsetPostive) {
2325                  // we don't support ATIM under adhoc mode
2326                // if ( sFrame.pIBSSParms->wATIMWindow == 0) {
2327                      // adpot this vars
2328                      // TODO: check sFrame cap if privacy on, and support rate syn
2329                      memcpy(pMgmt->abyCurrBSSID, sFrame.pHdr->sA3.abyAddr3, WLAN_BSSID_LEN);
2330                      memcpy(pDevice->abyBSSID, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
2331                      pMgmt->wCurrATIMWindow = cpu_to_le16(sFrame.pIBSSParms->wATIMWindow);
2332                      pMgmt->wCurrBeaconPeriod = cpu_to_le16(*sFrame.pwBeaconInterval);
2333                      pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
2334                                                       (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2335                                                       WLAN_RATES_MAXLEN_11B);
2336                      // set HW beacon interval and re-synchronizing....
2337                      DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rejoining to Other Adhoc group with same SSID........\n");
2338                      VNSvOutPortW(pDevice->PortOffset + MAC_REG_BI, pMgmt->wCurrBeaconPeriod);
2339                      CARDbUpdateTSF(pDevice, pRxPacket->byRxRate, qwTimestamp, qwLocalTSF);
2340                      CARDvUpdateNextTBTT(pDevice->PortOffset, qwTimestamp, pMgmt->wCurrBeaconPeriod);
2341                      // Turn off bssid filter to avoid filter others adhoc station which bssid is different.
2342                      MACvWriteBSSIDAddress(pDevice->PortOffset, pMgmt->abyCurrBSSID);
2343
2344                      CARDbSetPhyParameter (  pMgmt->pAdapter,
2345                                             pMgmt->eCurrentPHYMode,
2346                                             pMgmt->wCurrCapInfo,
2347                                             pMgmt->byERPContext,
2348                                             pMgmt->abyCurrSuppRates,
2349                                             pMgmt->abyCurrExtSuppRates);
2350
2351
2352                      // MACvRegBitsOff(pDevice->PortOffset, MAC_REG_RCR, RCR_BSSID);
2353                      // set highest basic rate
2354                      // s_vSetHighestBasicRate(pDevice, (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates);
2355                      // Prepare beacon frame
2356                      bMgrPrepareBeaconToSend((void *)pDevice, pMgmt);
2357               //  }
2358             };
2359         }
2360     };
2361     // endian issue ???
2362     // Update TSF
2363     if (bUpdateTSF) {
2364         CARDbGetCurrentTSF(pDevice->PortOffset, &qwCurrTSF);
2365         CARDbUpdateTSF(pDevice, pRxPacket->byRxRate, qwTimestamp, pRxPacket->qwLocalTSF);
2366         CARDbGetCurrentTSF(pDevice->PortOffset, &qwCurrTSF);
2367         CARDvUpdateNextTBTT(pDevice->PortOffset, qwTimestamp, pMgmt->wCurrBeaconPeriod);
2368     }
2369
2370     return;
2371 }
2372
2373
2374
2375 /*+
2376  *
2377  * Routine Description:
2378  *   Instructs the hw to create a bss using the supplied
2379  *   attributes. Note that this implementation only supports Ad-Hoc
2380  *   BSS creation.
2381  *
2382  *
2383  * Return Value:
2384  *    CMD_STATUS
2385  *
2386 -*/
2387 void
2388 vMgrCreateOwnIBSS(
2389     void *hDeviceContext,
2390     PCMD_STATUS pStatus
2391     )
2392 {
2393     PSDevice            pDevice = (PSDevice)hDeviceContext;
2394     PSMgmtObject        pMgmt = pDevice->pMgmt;
2395     WORD                wMaxBasicRate;
2396     WORD                wMaxSuppRate;
2397     BYTE                byTopCCKBasicRate;
2398     BYTE                byTopOFDMBasicRate;
2399     QWORD               qwCurrTSF;
2400     UINT                ii;
2401     BYTE    abyRATE[] = {0x82, 0x84, 0x8B, 0x96, 0x24, 0x30, 0x48, 0x6C, 0x0C, 0x12, 0x18, 0x60};
2402     BYTE    abyCCK_RATE[] = {0x82, 0x84, 0x8B, 0x96};
2403     BYTE    abyOFDM_RATE[] = {0x0C, 0x12, 0x18, 0x24, 0x30, 0x48, 0x60, 0x6C};
2404     WORD                wSuppRate;
2405
2406     DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Create Basic Service Set .......\n");
2407
2408     if (pMgmt->eConfigMode == WMAC_CONFIG_IBSS_STA) {
2409         if ((pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) &&
2410             (pDevice->eEncryptionStatus != Ndis802_11Encryption2Enabled) &&
2411             (pDevice->eEncryptionStatus != Ndis802_11Encryption3Enabled)) {
2412             // encryption mode error
2413             *pStatus = CMD_STATUS_FAILURE;
2414             return;
2415         }
2416     }
2417
2418     pMgmt->abyCurrSuppRates[0] = WLAN_EID_SUPP_RATES;
2419     pMgmt->abyCurrExtSuppRates[0] = WLAN_EID_EXTSUPP_RATES;
2420
2421     if (pMgmt->eConfigMode == WMAC_CONFIG_AP) {
2422         pMgmt->eCurrentPHYMode = pMgmt->byAPBBType;
2423     } else {
2424         if (pDevice->byBBType == BB_TYPE_11G)
2425             pMgmt->eCurrentPHYMode = PHY_TYPE_11G;
2426         if (pDevice->byBBType == BB_TYPE_11B)
2427             pMgmt->eCurrentPHYMode = PHY_TYPE_11B;
2428         if (pDevice->byBBType == BB_TYPE_11A)
2429             pMgmt->eCurrentPHYMode = PHY_TYPE_11A;
2430     }
2431
2432     if (pMgmt->eCurrentPHYMode != PHY_TYPE_11A) {
2433         pMgmt->abyCurrSuppRates[1] = WLAN_RATES_MAXLEN_11B;
2434         pMgmt->abyCurrExtSuppRates[1] = 0;
2435         for (ii = 0; ii < 4; ii++)
2436             pMgmt->abyCurrSuppRates[2+ii] = abyRATE[ii];
2437     } else {
2438         pMgmt->abyCurrSuppRates[1] = 8;
2439         pMgmt->abyCurrExtSuppRates[1] = 0;
2440         for (ii = 0; ii < 8; ii++)
2441             pMgmt->abyCurrSuppRates[2+ii] = abyRATE[ii];
2442     }
2443
2444
2445     if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
2446         pMgmt->abyCurrSuppRates[1] = 8;
2447         pMgmt->abyCurrExtSuppRates[1] = 4;
2448         for (ii = 0; ii < 4; ii++)
2449             pMgmt->abyCurrSuppRates[2+ii] =  abyCCK_RATE[ii];
2450         for (ii = 4; ii < 8; ii++)
2451             pMgmt->abyCurrSuppRates[2+ii] =  abyOFDM_RATE[ii-4];
2452         for (ii = 0; ii < 4; ii++)
2453             pMgmt->abyCurrExtSuppRates[2+ii] =  abyOFDM_RATE[ii+4];
2454     }
2455
2456
2457     // Disable Protect Mode
2458     pDevice->bProtectMode = 0;
2459     MACvDisableProtectMD(pDevice->PortOffset);
2460
2461     pDevice->bBarkerPreambleMd = 0;
2462     MACvDisableBarkerPreambleMd(pDevice->PortOffset);
2463
2464     // Kyle Test 2003.11.04
2465
2466     // set HW beacon interval
2467     if (pMgmt->wIBSSBeaconPeriod == 0)
2468         pMgmt->wIBSSBeaconPeriod = DEFAULT_IBSS_BI;
2469
2470
2471     CARDbGetCurrentTSF(pDevice->PortOffset, &qwCurrTSF);
2472     // clear TSF counter
2473     VNSvOutPortB(pDevice->PortOffset + MAC_REG_TFTCTL, TFTCTL_TSFCNTRST);
2474     // enable TSF counter
2475     VNSvOutPortB(pDevice->PortOffset + MAC_REG_TFTCTL, TFTCTL_TSFCNTREN);
2476
2477     // set Next TBTT
2478     CARDvSetFirstNextTBTT(pDevice->PortOffset, pMgmt->wIBSSBeaconPeriod);
2479
2480     pMgmt->uIBSSChannel = pDevice->uChannel;
2481
2482     if (pMgmt->uIBSSChannel == 0)
2483         pMgmt->uIBSSChannel = DEFAULT_IBSS_CHANNEL;
2484
2485
2486     // set basic rate
2487
2488     RATEvParseMaxRate((void *)pDevice, (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2489                       (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates, TRUE,
2490                       &wMaxBasicRate, &wMaxSuppRate, &wSuppRate,
2491                       &byTopCCKBasicRate, &byTopOFDMBasicRate);
2492
2493
2494     if (pMgmt->eConfigMode == WMAC_CONFIG_AP) {
2495         pMgmt->eCurrMode = WMAC_MODE_ESS_AP;
2496     }
2497
2498     if (pMgmt->eConfigMode == WMAC_CONFIG_IBSS_STA) {
2499         memcpy(pMgmt->abyIBSSDFSOwner, pDevice->abyCurrentNetAddr, 6);
2500         pMgmt->byIBSSDFSRecovery = 10;
2501         pMgmt->eCurrMode = WMAC_MODE_IBSS_STA;
2502     }
2503
2504     // Adopt pre-configured IBSS vars to current vars
2505     pMgmt->eCurrState = WMAC_STATE_STARTED;
2506     pMgmt->wCurrBeaconPeriod = pMgmt->wIBSSBeaconPeriod;
2507     pMgmt->uCurrChannel = pMgmt->uIBSSChannel;
2508     pMgmt->wCurrATIMWindow = pMgmt->wIBSSATIMWindow;
2509     MACvWriteATIMW(pDevice->PortOffset, pMgmt->wCurrATIMWindow);
2510     pDevice->uCurrRSSI = 0;
2511     pDevice->byCurrSQ = 0;
2512     //memcpy(pMgmt->abyDesireSSID,pMgmt->abyAdHocSSID,
2513                      // ((PWLAN_IE_SSID)pMgmt->abyAdHocSSID)->len + WLAN_IEHDR_LEN);
2514     memset(pMgmt->abyCurrSSID, 0, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN + 1);
2515     memcpy(pMgmt->abyCurrSSID,
2516            pMgmt->abyDesireSSID,
2517            ((PWLAN_IE_SSID)pMgmt->abyDesireSSID)->len + WLAN_IEHDR_LEN
2518           );
2519
2520     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
2521         // AP mode BSSID = MAC addr
2522         memcpy(pMgmt->abyCurrBSSID, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
2523         DBG_PRT(MSG_LEVEL_INFO, KERN_INFO"AP beacon created BSSID:%02x-%02x-%02x-%02x-%02x-%02x \n",
2524                       pMgmt->abyCurrBSSID[0],
2525                       pMgmt->abyCurrBSSID[1],
2526                       pMgmt->abyCurrBSSID[2],
2527                       pMgmt->abyCurrBSSID[3],
2528                       pMgmt->abyCurrBSSID[4],
2529                       pMgmt->abyCurrBSSID[5]
2530                     );
2531     }
2532
2533     if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
2534
2535         // BSSID selected must be randomized as spec 11.1.3
2536         pMgmt->abyCurrBSSID[5] = (BYTE) (LODWORD(qwCurrTSF)& 0x000000ff);
2537         pMgmt->abyCurrBSSID[4] = (BYTE)((LODWORD(qwCurrTSF)& 0x0000ff00) >> 8);
2538         pMgmt->abyCurrBSSID[3] = (BYTE)((LODWORD(qwCurrTSF)& 0x00ff0000) >> 16);
2539         pMgmt->abyCurrBSSID[2] = (BYTE)((LODWORD(qwCurrTSF)& 0x00000ff0) >> 4);
2540         pMgmt->abyCurrBSSID[1] = (BYTE)((LODWORD(qwCurrTSF)& 0x000ff000) >> 12);
2541         pMgmt->abyCurrBSSID[0] = (BYTE)((LODWORD(qwCurrTSF)& 0x0ff00000) >> 20);
2542         pMgmt->abyCurrBSSID[5] ^= pMgmt->abyMACAddr[0];
2543         pMgmt->abyCurrBSSID[4] ^= pMgmt->abyMACAddr[1];
2544         pMgmt->abyCurrBSSID[3] ^= pMgmt->abyMACAddr[2];
2545         pMgmt->abyCurrBSSID[2] ^= pMgmt->abyMACAddr[3];
2546         pMgmt->abyCurrBSSID[1] ^= pMgmt->abyMACAddr[4];
2547         pMgmt->abyCurrBSSID[0] ^= pMgmt->abyMACAddr[5];
2548         pMgmt->abyCurrBSSID[0] &= ~IEEE_ADDR_GROUP;
2549         pMgmt->abyCurrBSSID[0] |= IEEE_ADDR_UNIVERSAL;
2550
2551
2552         DBG_PRT(MSG_LEVEL_INFO, KERN_INFO"Adhoc beacon created bssid:%02x-%02x-%02x-%02x-%02x-%02x \n",
2553                       pMgmt->abyCurrBSSID[0],
2554                       pMgmt->abyCurrBSSID[1],
2555                       pMgmt->abyCurrBSSID[2],
2556                       pMgmt->abyCurrBSSID[3],
2557                       pMgmt->abyCurrBSSID[4],
2558                       pMgmt->abyCurrBSSID[5]
2559                     );
2560     }
2561
2562     // Set Capability Info
2563     pMgmt->wCurrCapInfo = 0;
2564
2565     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
2566         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_ESS(1);
2567         pMgmt->byDTIMPeriod = DEFAULT_DTIM_PERIOD;
2568         pMgmt->byDTIMCount = pMgmt->byDTIMPeriod - 1;
2569     }
2570
2571     if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
2572         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_IBSS(1);
2573     }
2574
2575     if (pDevice->bEncryptionEnable) {
2576         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_PRIVACY(1);
2577         if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
2578             if (pDevice->eEncryptionStatus == Ndis802_11Encryption3Enabled) {
2579                 pMgmt->byCSSPK = KEY_CTL_CCMP;
2580                 pMgmt->byCSSGK = KEY_CTL_CCMP;
2581             } else if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled) {
2582                 pMgmt->byCSSPK = KEY_CTL_TKIP;
2583                 pMgmt->byCSSGK = KEY_CTL_TKIP;
2584             } else {
2585                 pMgmt->byCSSPK = KEY_CTL_NONE;
2586                 pMgmt->byCSSGK = KEY_CTL_WEP;
2587             }
2588         } else {
2589             pMgmt->byCSSPK = KEY_CTL_WEP;
2590             pMgmt->byCSSGK = KEY_CTL_WEP;
2591         }
2592     };
2593
2594     pMgmt->byERPContext = 0;
2595
2596 //    memcpy(pDevice->abyBSSID, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
2597
2598     if (pMgmt->eConfigMode == WMAC_CONFIG_AP) {
2599         CARDbSetBSSID(pMgmt->pAdapter, pMgmt->abyCurrBSSID, OP_MODE_AP);
2600     } else {
2601         CARDbSetBSSID(pMgmt->pAdapter, pMgmt->abyCurrBSSID, OP_MODE_ADHOC);
2602     }
2603
2604     CARDbSetPhyParameter(   pMgmt->pAdapter,
2605                             pMgmt->eCurrentPHYMode,
2606                             pMgmt->wCurrCapInfo,
2607                             pMgmt->byERPContext,
2608                             pMgmt->abyCurrSuppRates,
2609                             pMgmt->abyCurrExtSuppRates
2610                             );
2611
2612     CARDbSetBeaconPeriod(pMgmt->pAdapter, pMgmt->wIBSSBeaconPeriod);
2613     // set channel and clear NAV
2614     CARDbSetChannel(pMgmt->pAdapter, pMgmt->uIBSSChannel);
2615     pMgmt->uCurrChannel = pMgmt->uIBSSChannel;
2616
2617     if (CARDbIsShortPreamble(pMgmt->pAdapter)) {
2618         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
2619     } else {
2620         pMgmt->wCurrCapInfo &= (~WLAN_SET_CAP_INFO_SHORTPREAMBLE(1));
2621     }
2622
2623     if ((pMgmt->b11hEnable == TRUE) &&
2624         (pMgmt->eCurrentPHYMode == PHY_TYPE_11A)) {
2625         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SPECTRUMMNG(1);
2626     } else {
2627         pMgmt->wCurrCapInfo &= (~WLAN_SET_CAP_INFO_SPECTRUMMNG(1));
2628     }
2629
2630     pMgmt->eCurrState = WMAC_STATE_STARTED;
2631     // Prepare beacon to send
2632     if (bMgrPrepareBeaconToSend((void *)pDevice, pMgmt)) {
2633         *pStatus = CMD_STATUS_SUCCESS;
2634     }
2635
2636     return ;
2637 }
2638
2639
2640
2641 /*+
2642  *
2643  * Routine Description:
2644  *   Instructs wmac to join a bss using the supplied attributes.
2645  *   The arguments may the BSSID or SSID and the rest of the
2646  *   attributes are obtained from the scan result of known bss list.
2647  *
2648  *
2649  * Return Value:
2650  *    None.
2651  *
2652 -*/
2653
2654 void
2655 vMgrJoinBSSBegin(
2656     void *hDeviceContext,
2657     PCMD_STATUS pStatus
2658     )
2659 {
2660
2661     PSDevice     pDevice = (PSDevice)hDeviceContext;
2662     PSMgmtObject    pMgmt = pDevice->pMgmt;
2663     PKnownBSS       pCurr = NULL;
2664     UINT            ii, uu;
2665     PWLAN_IE_SUPP_RATES pItemRates = NULL;
2666     PWLAN_IE_SUPP_RATES pItemExtRates = NULL;
2667     PWLAN_IE_SSID   pItemSSID;
2668     UINT            uRateLen = WLAN_RATES_MAXLEN;
2669     WORD            wMaxBasicRate = RATE_1M;
2670     WORD            wMaxSuppRate = RATE_1M;
2671     WORD            wSuppRate;
2672     BYTE            byTopCCKBasicRate = RATE_1M;
2673     BYTE            byTopOFDMBasicRate = RATE_1M;
2674
2675
2676     for (ii = 0; ii < MAX_BSS_NUM; ii++) {
2677         if (pMgmt->sBSSList[ii].bActive == TRUE)
2678             break;
2679     }
2680
2681     if (ii == MAX_BSS_NUM) {
2682        *pStatus = CMD_STATUS_RESOURCES;
2683         DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "BSS finding:BSS list is empty.\n");
2684        return;
2685     };
2686
2687     // memset(pMgmt->abyDesireBSSID, 0,  WLAN_BSSID_LEN);
2688     // Search known BSS list for prefer BSSID or SSID
2689
2690     pCurr = BSSpSearchBSSList(pDevice,
2691                               pMgmt->abyDesireBSSID,
2692                               pMgmt->abyDesireSSID,
2693                               pMgmt->eConfigPHYMode
2694                               );
2695
2696     if (pCurr == NULL){
2697        *pStatus = CMD_STATUS_RESOURCES;
2698        pItemSSID = (PWLAN_IE_SSID)pMgmt->abyDesireSSID;
2699        DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Scanning [%s] not found, disconnected !\n", pItemSSID->abySSID);
2700        return;
2701     };
2702
2703     DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "AP(BSS) finding:Found a AP(BSS)..\n");
2704     if (WLAN_GET_CAP_INFO_ESS(cpu_to_le16(pCurr->wCapInfo))){
2705
2706         if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA)||(pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK)) {
2707
2708     // patch for CISCO migration mode
2709 /*
2710             if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled) {
2711                 if (WPA_SearchRSN(0, WPA_TKIP, pCurr) == FALSE) {
2712                     DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"No match RSN info. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
2713                     // encryption mode error
2714                     pMgmt->eCurrState = WMAC_STATE_IDLE;
2715                     return;
2716                 }
2717             } else if (pDevice->eEncryptionStatus == Ndis802_11Encryption3Enabled) {
2718                 if (WPA_SearchRSN(0, WPA_AESCCMP, pCurr) == FALSE) {
2719                     DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"No match RSN info. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
2720                     // encryption mode error
2721                     pMgmt->eCurrState = WMAC_STATE_IDLE;
2722                     return;
2723                 }
2724             }
2725 */
2726         }
2727
2728 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
2729         //if(pDevice->bWPASuppWextEnabled == TRUE)
2730             Encyption_Rebuild(pDevice, pCurr);
2731 #endif
2732         // Infrastructure BSS
2733         s_vMgrSynchBSS(pDevice,
2734                        WMAC_MODE_ESS_STA,
2735                        pCurr,
2736                        pStatus
2737                        );
2738
2739         if (*pStatus == CMD_STATUS_SUCCESS){
2740
2741             // Adopt this BSS state vars in Mgmt Object
2742             pMgmt->uCurrChannel = pCurr->uChannel;
2743
2744             memset(pMgmt->abyCurrSuppRates, 0 , WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1);
2745             memset(pMgmt->abyCurrExtSuppRates, 0 , WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1);
2746
2747             if (pCurr->eNetworkTypeInUse == PHY_TYPE_11B) {
2748                 uRateLen = WLAN_RATES_MAXLEN_11B;
2749             }
2750
2751             pItemRates = (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates;
2752             pItemExtRates = (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates;
2753
2754             // Parse Support Rate IE
2755             pItemRates->byElementID = WLAN_EID_SUPP_RATES;
2756             pItemRates->len = RATEuSetIE((PWLAN_IE_SUPP_RATES)pCurr->abySuppRates,
2757                                          pItemRates,
2758                                          uRateLen);
2759
2760             // Parse Extension Support Rate IE
2761             pItemExtRates->byElementID = WLAN_EID_EXTSUPP_RATES;
2762             pItemExtRates->len = RATEuSetIE((PWLAN_IE_SUPP_RATES)pCurr->abyExtSuppRates,
2763                                             pItemExtRates,
2764                                             uRateLen);
2765             // Stuffing Rate IE
2766             if ((pItemExtRates->len > 0) && (pItemRates->len < 8)) {
2767                 for (ii = 0; ii < (UINT)(8 - pItemRates->len); ) {
2768                     pItemRates->abyRates[pItemRates->len + ii] = pItemExtRates->abyRates[ii];
2769                     ii ++;
2770                     if (pItemExtRates->len <= ii)
2771                         break;
2772                 }
2773                 pItemRates->len += (BYTE)ii;
2774                 if (pItemExtRates->len - ii > 0) {
2775                     pItemExtRates->len -= (BYTE)ii;
2776                     for (uu = 0; uu < pItemExtRates->len; uu ++) {
2777                         pItemExtRates->abyRates[uu] = pItemExtRates->abyRates[uu + ii];
2778                     }
2779                 } else {
2780                     pItemExtRates->len = 0;
2781                 }
2782             }
2783
2784             RATEvParseMaxRate((void *)pDevice, pItemRates, pItemExtRates, TRUE,
2785                               &wMaxBasicRate, &wMaxSuppRate, &wSuppRate,
2786                               &byTopCCKBasicRate, &byTopOFDMBasicRate);
2787
2788             // TODO: deal with if wCapInfo the privacy is on, but station WEP is off
2789             // TODO: deal with if wCapInfo the PS-Pollable is on.
2790             pMgmt->wCurrBeaconPeriod = pCurr->wBeaconInterval;
2791             memset(pMgmt->abyCurrSSID, 0, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN + 1);
2792             memcpy(pMgmt->abyCurrBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2793             memcpy(pMgmt->abyCurrSSID, pCurr->abySSID, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN + 1);
2794
2795             pMgmt->eCurrMode = WMAC_MODE_ESS_STA;
2796
2797             pMgmt->eCurrState = WMAC_STATE_JOINTED;
2798             // Adopt BSS state in Adapter Device Object
2799             //pDevice->byOpMode = OP_MODE_INFRASTRUCTURE;
2800 //            memcpy(pDevice->abyBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2801
2802             // Add current BSS to Candidate list
2803             // This should only works for WPA2 BSS, and WPA2 BSS check must be done before.
2804             if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
2805                 BOOL bResult = bAdd_PMKID_Candidate((void *)pDevice, pMgmt->abyCurrBSSID, &pCurr->sRSNCapObj);
2806                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"bAdd_PMKID_Candidate: 1(%d)\n", bResult);
2807                 if (bResult == FALSE) {
2808                     vFlush_PMKID_Candidate((void *)pDevice);
2809                     DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"vFlush_PMKID_Candidate: 4\n");
2810                     bAdd_PMKID_Candidate((void *)pDevice, pMgmt->abyCurrBSSID, &pCurr->sRSNCapObj);
2811                 }
2812             }
2813
2814             // Preamble type auto-switch: if AP can receive short-preamble cap,
2815             // we can turn on too.
2816
2817             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Join ESS\n");
2818
2819
2820
2821             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"End of Join AP -- A/B/G Action\n");
2822         }
2823         else {
2824             pMgmt->eCurrState = WMAC_STATE_IDLE;
2825         };
2826
2827
2828      }
2829      else {
2830         // ad-hoc mode BSS
2831         if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
2832
2833             if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled) {
2834                 if (WPA_SearchRSN(0, WPA_TKIP, pCurr) == FALSE) {
2835                     // encryption mode error
2836                     pMgmt->eCurrState = WMAC_STATE_IDLE;
2837                     return;
2838                 }
2839             } else if (pDevice->eEncryptionStatus == Ndis802_11Encryption3Enabled) {
2840                 if (WPA_SearchRSN(0, WPA_AESCCMP, pCurr) == FALSE) {
2841                     // encryption mode error
2842                     pMgmt->eCurrState = WMAC_STATE_IDLE;
2843                     return;
2844                 }
2845             } else {
2846                 // encryption mode error
2847                 pMgmt->eCurrState = WMAC_STATE_IDLE;
2848                 return;
2849             }
2850         }
2851
2852         s_vMgrSynchBSS(pDevice,
2853                        WMAC_MODE_IBSS_STA,
2854                        pCurr,
2855                        pStatus
2856                        );
2857
2858         if (*pStatus == CMD_STATUS_SUCCESS){
2859             // Adopt this BSS state vars in Mgmt Object
2860             // TODO: check if CapInfo privacy on, but we don't..
2861             pMgmt->uCurrChannel = pCurr->uChannel;
2862
2863
2864             // Parse Support Rate IE
2865             pMgmt->abyCurrSuppRates[0] = WLAN_EID_SUPP_RATES;
2866             pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)pCurr->abySuppRates,
2867                                                     (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2868                                                     WLAN_RATES_MAXLEN_11B);
2869             // set basic rate
2870             RATEvParseMaxRate((void *)pDevice, (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2871                               NULL, TRUE, &wMaxBasicRate, &wMaxSuppRate, &wSuppRate,
2872                               &byTopCCKBasicRate, &byTopOFDMBasicRate);
2873
2874             pMgmt->wCurrCapInfo = pCurr->wCapInfo;
2875             pMgmt->wCurrBeaconPeriod = pCurr->wBeaconInterval;
2876             memset(pMgmt->abyCurrSSID, 0, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN);
2877             memcpy(pMgmt->abyCurrBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2878             memcpy(pMgmt->abyCurrSSID, pCurr->abySSID, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN);
2879 //          pMgmt->wCurrATIMWindow = pCurr->wATIMWindow;
2880             MACvWriteATIMW(pDevice->PortOffset, pMgmt->wCurrATIMWindow);
2881             pMgmt->eCurrMode = WMAC_MODE_IBSS_STA;
2882
2883             pMgmt->eCurrState = WMAC_STATE_STARTED;
2884             // Adopt BSS state in Adapter Device Object
2885             //pDevice->byOpMode = OP_MODE_ADHOC;
2886 //            pDevice->bLinkPass = TRUE;
2887 //            memcpy(pDevice->abyBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2888
2889             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Join IBSS ok:%02x-%02x-%02x-%02x-%02x-%02x \n",
2890                   pMgmt->abyCurrBSSID[0],
2891                   pMgmt->abyCurrBSSID[1],
2892                   pMgmt->abyCurrBSSID[2],
2893                   pMgmt->abyCurrBSSID[3],
2894                   pMgmt->abyCurrBSSID[4],
2895                   pMgmt->abyCurrBSSID[5]
2896                 );
2897             // Preamble type auto-switch: if AP can receive short-preamble cap,
2898             // and if registry setting is short preamble we can turn on too.
2899
2900             // Prepare beacon
2901             bMgrPrepareBeaconToSend((void *)pDevice, pMgmt);
2902         }
2903         else {
2904             pMgmt->eCurrState = WMAC_STATE_IDLE;
2905         };
2906      };
2907     return;
2908 }
2909
2910
2911
2912 /*+
2913  *
2914  * Routine Description:
2915  * Set HW to synchronize a specific BSS from known BSS list.
2916  *
2917  *
2918  * Return Value:
2919  *    PCM_STATUS
2920  *
2921 -*/
2922 static
2923 void
2924 s_vMgrSynchBSS (
2925     PSDevice      pDevice,
2926     UINT          uBSSMode,
2927     PKnownBSS     pCurr,
2928     PCMD_STATUS  pStatus
2929     )
2930 {
2931     CARD_PHY_TYPE   ePhyType = PHY_TYPE_11B;
2932     PSMgmtObject  pMgmt = pDevice->pMgmt;
2933 //    int     ii;
2934                                                      //1M,   2M,   5M,   11M,  18M,  24M,  36M,  54M
2935     BYTE abyCurrSuppRatesG[] = {WLAN_EID_SUPP_RATES, 8, 0x02, 0x04, 0x0B, 0x16, 0x24, 0x30, 0x48, 0x6C};
2936     BYTE abyCurrExtSuppRatesG[] = {WLAN_EID_EXTSUPP_RATES, 4, 0x0C, 0x12, 0x18, 0x60};
2937                                                            //6M,   9M,   12M,  48M
2938     BYTE abyCurrSuppRatesA[] = {WLAN_EID_SUPP_RATES, 8, 0x0C, 0x12, 0x18, 0x24, 0x30, 0x48, 0x60, 0x6C};
2939     BYTE abyCurrSuppRatesB[] = {WLAN_EID_SUPP_RATES, 4, 0x02, 0x04, 0x0B, 0x16};
2940
2941
2942     *pStatus = CMD_STATUS_FAILURE;
2943
2944     if (s_bCipherMatch(pCurr,
2945                        pDevice->eEncryptionStatus,
2946                        &(pMgmt->byCSSPK),
2947                        &(pMgmt->byCSSGK)) == FALSE) {
2948         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "s_bCipherMatch Fail .......\n");
2949         return;
2950     }
2951
2952     pMgmt->pCurrBSS = pCurr;
2953
2954     // if previous mode is IBSS.
2955     if(pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
2956         MACvRegBitsOff(pDevice->PortOffset, MAC_REG_BCNDMACTL, BEACON_READY);
2957         MACvRegBitsOff(pDevice->PortOffset, MAC_REG_TCR, TCR_AUTOBCNTX);
2958     }
2959
2960     // Init the BSS informations
2961     pDevice->bCCK = TRUE;
2962     pDevice->bProtectMode = FALSE;
2963     MACvDisableProtectMD(pDevice->PortOffset);
2964     pDevice->bBarkerPreambleMd = FALSE;
2965     MACvDisableBarkerPreambleMd(pDevice->PortOffset);
2966     pDevice->bNonERPPresent = FALSE;
2967     pDevice->byPreambleType = 0;
2968     pDevice->wBasicRate = 0;
2969     // Set Basic Rate
2970     CARDbAddBasicRate((void *)pDevice, RATE_1M);
2971     // calculate TSF offset
2972     // TSF Offset = Received Timestamp TSF - Marked Local's TSF
2973     CARDbUpdateTSF(pDevice, pCurr->byRxRate, pCurr->qwBSSTimestamp, pCurr->qwLocalTSF);
2974
2975     CARDbSetBeaconPeriod(pDevice, pCurr->wBeaconInterval);
2976
2977     // set Next TBTT
2978     // Next TBTT = ((local_current_TSF / beacon_interval) + 1 ) * beacon_interval
2979     CARDvSetFirstNextTBTT(pDevice->PortOffset, pCurr->wBeaconInterval);
2980
2981     // set BSSID
2982     MACvWriteBSSIDAddress(pDevice->PortOffset, pCurr->abyBSSID);
2983
2984     MACvReadBSSIDAddress(pDevice->PortOffset, pMgmt->abyCurrBSSID);
2985
2986     DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Sync:set CurrBSSID address = %02x-%02x-%02x=%02x-%02x-%02x\n",
2987         pMgmt->abyCurrBSSID[0],
2988         pMgmt->abyCurrBSSID[1],
2989         pMgmt->abyCurrBSSID[2],
2990         pMgmt->abyCurrBSSID[3],
2991         pMgmt->abyCurrBSSID[4],
2992         pMgmt->abyCurrBSSID[5]);
2993
2994     if (pCurr->eNetworkTypeInUse == PHY_TYPE_11A) {
2995         if ((pMgmt->eConfigPHYMode == PHY_TYPE_11A) ||
2996             (pMgmt->eConfigPHYMode == PHY_TYPE_AUTO)) {
2997             ePhyType = PHY_TYPE_11A;
2998         } else {
2999             return;
3000         }
3001     } else if (pCurr->eNetworkTypeInUse == PHY_TYPE_11B) {
3002         if ((pMgmt->eConfigPHYMode == PHY_TYPE_11B) ||
3003             (pMgmt->eConfigPHYMode == PHY_TYPE_11G) ||
3004             (pMgmt->eConfigPHYMode == PHY_TYPE_AUTO)) {
3005             ePhyType = PHY_TYPE_11B;
3006         } else {
3007             return;
3008         }
3009     } else {
3010         if ((pMgmt->eConfigPHYMode == PHY_TYPE_11G) ||
3011             (pMgmt->eConfigPHYMode == PHY_TYPE_AUTO)) {
3012             ePhyType = PHY_TYPE_11G;
3013         } else if (pMgmt->eConfigPHYMode == PHY_TYPE_11B) {
3014             ePhyType = PHY_TYPE_11B;
3015         } else {
3016             return;
3017         }
3018     }
3019
3020     if (ePhyType == PHY_TYPE_11A) {
3021         memcpy(pMgmt->abyCurrSuppRates, &abyCurrSuppRatesA[0], sizeof(abyCurrSuppRatesA));
3022         pMgmt->abyCurrExtSuppRates[1] = 0;
3023     } else if (ePhyType == PHY_TYPE_11B) {
3024         memcpy(pMgmt->abyCurrSuppRates, &abyCurrSuppRatesB[0], sizeof(abyCurrSuppRatesB));
3025         pMgmt->abyCurrExtSuppRates[1] = 0;
3026     } else {
3027         memcpy(pMgmt->abyCurrSuppRates, &abyCurrSuppRatesG[0], sizeof(abyCurrSuppRatesG));
3028         memcpy(pMgmt->abyCurrExtSuppRates, &abyCurrExtSuppRatesG[0], sizeof(abyCurrExtSuppRatesG));
3029     }
3030
3031
3032     if (WLAN_GET_CAP_INFO_ESS(pCurr->wCapInfo)) {
3033         CARDbSetBSSID(pMgmt->pAdapter, pCurr->abyBSSID, OP_MODE_INFRASTRUCTURE);
3034         // Add current BSS to Candidate list
3035         // This should only works for WPA2 BSS, and WPA2 BSS check must be done before.
3036         if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
3037             CARDbAdd_PMKID_Candidate(pMgmt->pAdapter, pMgmt->abyCurrBSSID, pCurr->sRSNCapObj.bRSNCapExist, pCurr->sRSNCapObj.wRSNCap);
3038         }
3039     } else {
3040         CARDbSetBSSID(pMgmt->pAdapter, pCurr->abyBSSID, OP_MODE_ADHOC);
3041     }
3042
3043     if (CARDbSetPhyParameter(   pMgmt->pAdapter,
3044                                 ePhyType,
3045                                 pCurr->wCapInfo,
3046                                 pCurr->sERP.byERP,
3047                                 pMgmt->abyCurrSuppRates,
3048                                 pMgmt->abyCurrExtSuppRates
3049                             ) != TRUE) {
3050         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "<----s_bSynchBSS Set Phy Mode Fail [%d]\n", ePhyType);
3051         return;
3052     }
3053     // set channel and clear NAV
3054     if (CARDbSetChannel(pMgmt->pAdapter, pCurr->uChannel) == FALSE) {
3055         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "<----s_bSynchBSS Set Channel [%d]\n", pCurr->uChannel);
3056         return;
3057     }
3058
3059 /*
3060     for (ii=0;ii<BB_VGA_LEVEL;ii++) {
3061         if (pCurr->ldBmMAX< pDevice->ldBmThreshold[ii]) {
3062             pDevice->byBBVGANew = pDevice->abyBBVGA[ii];
3063             break;
3064         }
3065     }
3066
3067     if (pDevice->byBBVGANew != pDevice->byBBVGACurrent) {
3068         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RSSI[%d] NewGain[%d] OldGain[%d] \n",
3069                         (int)pCurr->ldBmMAX, pDevice->byBBVGANew, pDevice->byBBVGACurrent);
3070         printk("RSSI[%d] NewGain[%d] OldGain[%d] \n",
3071                         (int)pCurr->ldBmMAX, pDevice->byBBVGANew, pDevice->byBBVGACurrent);
3072         BBvSetVGAGainOffset(pDevice, pDevice->byBBVGANew);
3073     }
3074     printk("ldBmMAX[%d] NewGain[%d] OldGain[%d] \n",
3075            (int)pCurr->ldBmMAX, pDevice->byBBVGANew, pDevice->byBBVGACurrent);
3076 */
3077     pMgmt->uCurrChannel = pCurr->uChannel;
3078     pMgmt->eCurrentPHYMode = ePhyType;
3079     pMgmt->byERPContext = pCurr->sERP.byERP;
3080     DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Sync:Set to channel = [%d]\n", (INT)pCurr->uChannel);
3081
3082
3083     *pStatus = CMD_STATUS_SUCCESS;
3084
3085
3086     return;
3087 };
3088
3089 //mike add: fix NetworkManager 0.7.0 hidden ssid mode in WPA encryption
3090 //                   ,need reset eAuthenMode and eEncryptionStatus
3091  static void  Encyption_Rebuild(
3092     PSDevice pDevice,
3093     PKnownBSS pCurr
3094  )
3095  {
3096   PSMgmtObject  pMgmt = &(pDevice->sMgmtObj);
3097  // UINT            ii , uSameBssidNum=0;
3098
3099         //  for (ii = 0; ii < MAX_BSS_NUM; ii++) {
3100           //   if (pMgmt->sBSSList[ii].bActive &&
3101             //      IS_ETH_ADDRESS_EQUAL(pMgmt->sBSSList[ii].abyBSSID, pCurr->abyBSSID)) {
3102              //       uSameBssidNum++;
3103                //   }
3104            // }
3105   //   if( uSameBssidNum>=2) {   //we only check AP in hidden sssid  mode
3106         if ((pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||           //networkmanager 0.7.0 does not give the pairwise-key selsection,
3107              (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {         // so we need re-selsect it according to real pairwise-key info.
3108                if(pCurr->bWPAValid == TRUE)  {   //WPA-PSK
3109                           pMgmt->eAuthenMode = WMAC_AUTH_WPAPSK;
3110                     if(pCurr->abyPKType[0] == WPA_TKIP) {
3111                         pDevice->eEncryptionStatus = Ndis802_11Encryption2Enabled;    //TKIP
3112                         PRINT_K("Encyption_Rebuild--->ssid reset config to [WPAPSK-TKIP]\n");
3113                       }
3114                    else if(pCurr->abyPKType[0] == WPA_AESCCMP) {
3115                         pDevice->eEncryptionStatus = Ndis802_11Encryption3Enabled;    //AES
3116                           PRINT_K("Encyption_Rebuild--->ssid reset config to [WPAPSK-AES]\n");
3117                      }
3118                 }
3119                else if(pCurr->bWPA2Valid == TRUE) {  //WPA2-PSK
3120                          pMgmt->eAuthenMode = WMAC_AUTH_WPA2PSK;
3121                        if(pCurr->abyCSSPK[0] == WLAN_11i_CSS_TKIP) {
3122                            pDevice->eEncryptionStatus = Ndis802_11Encryption2Enabled;     //TKIP
3123                              PRINT_K("Encyption_Rebuild--->ssid reset config to [WPA2PSK-TKIP]\n");
3124                         }
3125                        else if(pCurr->abyCSSPK[0] == WLAN_11i_CSS_CCMP) {
3126                            pDevice->eEncryptionStatus = Ndis802_11Encryption3Enabled;    //AES
3127                             PRINT_K("Encyption_Rebuild--->ssid reset config to [WPA2PSK-AES]\n");
3128                         }
3129                 }
3130               }
3131         //  }
3132       return;
3133  }
3134
3135
3136 /*+
3137  *
3138  * Routine Description:
3139  *  Format TIM field
3140  *
3141  *
3142  * Return Value:
3143  *    void
3144  *
3145 -*/
3146
3147 static
3148 void
3149 s_vMgrFormatTIM(
3150     PSMgmtObject pMgmt,
3151     PWLAN_IE_TIM pTIM
3152     )
3153 {
3154     BYTE        byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
3155     BYTE        byMap;
3156     UINT        ii, jj;
3157     BOOL        bStartFound = FALSE;
3158     BOOL        bMulticast = FALSE;
3159     WORD        wStartIndex = 0;
3160     WORD        wEndIndex = 0;
3161
3162
3163     // Find size of partial virtual bitmap
3164     for (ii = 0; ii < (MAX_NODE_NUM + 1); ii++) {
3165         byMap = pMgmt->abyPSTxMap[ii];
3166         if (!ii) {
3167             // Mask out the broadcast bit which is indicated separately.
3168             bMulticast = (byMap & byMask[0]) != 0;
3169             if(bMulticast) {
3170                pMgmt->sNodeDBTable[0].bRxPSPoll = TRUE;
3171             }
3172             byMap = 0;
3173         }
3174         if (byMap) {
3175             if (!bStartFound) {
3176                 bStartFound = TRUE;
3177                 wStartIndex = ii;
3178             }
3179             wEndIndex = ii;
3180         }
3181     };
3182
3183
3184     // Round start index down to nearest even number
3185     wStartIndex &=  ~BIT0;
3186
3187     // Round end index up to nearest even number
3188     wEndIndex = ((wEndIndex + 1) & ~BIT0);
3189
3190     // Size of element payload
3191
3192     pTIM->len =  3 + (wEndIndex - wStartIndex) + 1;
3193
3194     // Fill in the Fixed parts of the TIM
3195     pTIM->byDTIMCount = pMgmt->byDTIMCount;
3196     pTIM->byDTIMPeriod = pMgmt->byDTIMPeriod;
3197     pTIM->byBitMapCtl = (bMulticast ? TIM_MULTICAST_MASK : 0) |
3198         (((wStartIndex >> 1) << 1) & TIM_BITMAPOFFSET_MASK);
3199
3200     // Append variable part of TIM
3201
3202     for (ii = wStartIndex, jj =0 ; ii <= wEndIndex; ii++, jj++) {
3203          pTIM->byVirtBitMap[jj] = pMgmt->abyPSTxMap[ii];
3204     }
3205
3206     // Aid = 0 don't used.
3207     pTIM->byVirtBitMap[0]  &= ~BIT0;
3208 }
3209
3210
3211 /*+
3212  *
3213  * Routine Description:
3214  *  Constructs an Beacon frame( Ad-hoc mode)
3215  *
3216  *
3217  * Return Value:
3218  *    PTR to frame; or NULL on allocation failue
3219  *
3220 -*/
3221
3222 static
3223 PSTxMgmtPacket
3224 s_MgrMakeBeacon(
3225     PSDevice pDevice,
3226     PSMgmtObject pMgmt,
3227     WORD wCurrCapInfo,
3228     WORD wCurrBeaconPeriod,
3229     UINT uCurrChannel,
3230     WORD wCurrATIMWinodw,
3231     PWLAN_IE_SSID pCurrSSID,
3232     PBYTE pCurrBSSID,
3233     PWLAN_IE_SUPP_RATES pCurrSuppRates,
3234     PWLAN_IE_SUPP_RATES pCurrExtSuppRates
3235     )
3236 {
3237     PSTxMgmtPacket      pTxPacket = NULL;
3238     WLAN_FR_BEACON      sFrame;
3239     BYTE                abyBroadcastAddr[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
3240     PBYTE               pbyBuffer;
3241     UINT                uLength = 0;
3242     PWLAN_IE_IBSS_DFS   pIBSSDFS = NULL;
3243     UINT                ii;
3244
3245     // prepare beacon frame
3246     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3247     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_BEACON_FR_MAXLEN);
3248     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3249     // Setup the sFrame structure.
3250     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3251     sFrame.len = WLAN_BEACON_FR_MAXLEN;
3252     vMgrEncodeBeacon(&sFrame);
3253     // Setup the header
3254     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
3255         (
3256         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
3257         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_BEACON)
3258         ));
3259
3260     if (pDevice->bEnablePSMode) {
3261         sFrame.pHdr->sA3.wFrameCtl |= cpu_to_le16((WORD)WLAN_SET_FC_PWRMGT(1));
3262     }
3263
3264     memcpy( sFrame.pHdr->sA3.abyAddr1, abyBroadcastAddr, WLAN_ADDR_LEN);
3265     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
3266     memcpy( sFrame.pHdr->sA3.abyAddr3, pCurrBSSID, WLAN_BSSID_LEN);
3267     *sFrame.pwBeaconInterval = cpu_to_le16(wCurrBeaconPeriod);
3268     *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
3269     // Copy SSID
3270     sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
3271     sFrame.len += ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len + WLAN_IEHDR_LEN;
3272     memcpy(sFrame.pSSID,
3273              pCurrSSID,
3274              ((PWLAN_IE_SSID)pCurrSSID)->len + WLAN_IEHDR_LEN
3275             );
3276     // Copy the rate set
3277     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3278     sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
3279     memcpy(sFrame.pSuppRates,
3280            pCurrSuppRates,
3281            ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
3282           );
3283     // DS parameter
3284     if (pDevice->eCurrentPHYType != PHY_TYPE_11A) {
3285         sFrame.pDSParms = (PWLAN_IE_DS_PARMS)(sFrame.pBuf + sFrame.len);
3286         sFrame.len += (1) + WLAN_IEHDR_LEN;
3287         sFrame.pDSParms->byElementID = WLAN_EID_DS_PARMS;
3288         sFrame.pDSParms->len = 1;
3289         sFrame.pDSParms->byCurrChannel = (BYTE)uCurrChannel;
3290     }
3291     // TIM field
3292     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
3293         sFrame.pTIM = (PWLAN_IE_TIM)(sFrame.pBuf + sFrame.len);
3294         sFrame.pTIM->byElementID = WLAN_EID_TIM;
3295         s_vMgrFormatTIM(pMgmt, sFrame.pTIM);
3296         sFrame.len += (WLAN_IEHDR_LEN + sFrame.pTIM->len);
3297     }
3298
3299     if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
3300
3301         // IBSS parameter
3302         sFrame.pIBSSParms = (PWLAN_IE_IBSS_PARMS)(sFrame.pBuf + sFrame.len);
3303         sFrame.len += (2) + WLAN_IEHDR_LEN;
3304         sFrame.pIBSSParms->byElementID = WLAN_EID_IBSS_PARMS;
3305         sFrame.pIBSSParms->len = 2;
3306         sFrame.pIBSSParms->wATIMWindow = wCurrATIMWinodw;
3307         if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
3308             /* RSN parameter */
3309             sFrame.pRSNWPA = (PWLAN_IE_RSN_EXT)(sFrame.pBuf + sFrame.len);
3310             sFrame.pRSNWPA->byElementID = WLAN_EID_RSN_WPA;
3311             sFrame.pRSNWPA->len = 12;
3312             sFrame.pRSNWPA->abyOUI[0] = 0x00;
3313             sFrame.pRSNWPA->abyOUI[1] = 0x50;
3314             sFrame.pRSNWPA->abyOUI[2] = 0xf2;
3315             sFrame.pRSNWPA->abyOUI[3] = 0x01;
3316             sFrame.pRSNWPA->wVersion = 1;
3317             sFrame.pRSNWPA->abyMulticast[0] = 0x00;
3318             sFrame.pRSNWPA->abyMulticast[1] = 0x50;
3319             sFrame.pRSNWPA->abyMulticast[2] = 0xf2;
3320             if (pDevice->eEncryptionStatus == Ndis802_11Encryption3Enabled)
3321                 sFrame.pRSNWPA->abyMulticast[3] = 0x04;//AES
3322             else if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled)
3323                 sFrame.pRSNWPA->abyMulticast[3] = 0x02;//TKIP
3324             else if (pDevice->eEncryptionStatus == Ndis802_11Encryption1Enabled)
3325                 sFrame.pRSNWPA->abyMulticast[3] = 0x01;//WEP40
3326             else
3327                 sFrame.pRSNWPA->abyMulticast[3] = 0x00;//NONE
3328
3329             // Pairwise Key Cipher Suite
3330             sFrame.pRSNWPA->wPKCount = 0;
3331             // Auth Key Management Suite
3332             *((PWORD)(sFrame.pBuf + sFrame.len + sFrame.pRSNWPA->len))=0;
3333             sFrame.pRSNWPA->len +=2;
3334
3335             // RSN Capabilites
3336             *((PWORD)(sFrame.pBuf + sFrame.len + sFrame.pRSNWPA->len))=0;
3337             sFrame.pRSNWPA->len +=2;
3338             sFrame.len += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3339         }
3340     }
3341
3342     if ((pMgmt->b11hEnable == TRUE) &&
3343         (pMgmt->eCurrentPHYMode == PHY_TYPE_11A)) {
3344         // Country IE
3345         pbyBuffer = (PBYTE)(sFrame.pBuf + sFrame.len);
3346         CARDvSetCountryIE(pMgmt->pAdapter, pbyBuffer);
3347         CARDvSetCountryInfo(pMgmt->pAdapter, PHY_TYPE_11A, pbyBuffer);
3348         uLength += ((PWLAN_IE_COUNTRY) pbyBuffer)->len + WLAN_IEHDR_LEN;
3349         pbyBuffer += (((PWLAN_IE_COUNTRY) pbyBuffer)->len + WLAN_IEHDR_LEN);
3350         // Power Constrain IE
3351         ((PWLAN_IE_PW_CONST) pbyBuffer)->byElementID = WLAN_EID_PWR_CONSTRAINT;
3352         ((PWLAN_IE_PW_CONST) pbyBuffer)->len = 1;
3353         ((PWLAN_IE_PW_CONST) pbyBuffer)->byPower = 0;
3354         pbyBuffer += (1) + WLAN_IEHDR_LEN;
3355         uLength += (1) + WLAN_IEHDR_LEN;
3356         if (pMgmt->bSwitchChannel == TRUE) {
3357             // Channel Switch IE
3358             ((PWLAN_IE_CH_SW) pbyBuffer)->byElementID = WLAN_EID_CH_SWITCH;
3359             ((PWLAN_IE_CH_SW) pbyBuffer)->len = 3;
3360             ((PWLAN_IE_CH_SW) pbyBuffer)->byMode = 1;
3361             ((PWLAN_IE_CH_SW) pbyBuffer)->byChannel = CARDbyGetChannelNumber(pMgmt->pAdapter, pMgmt->byNewChannel);
3362             ((PWLAN_IE_CH_SW) pbyBuffer)->byCount = 0;
3363             pbyBuffer += (3) + WLAN_IEHDR_LEN;
3364             uLength += (3) + WLAN_IEHDR_LEN;
3365         }
3366         // TPC report
3367         ((PWLAN_IE_TPC_REP) pbyBuffer)->byElementID = WLAN_EID_TPC_REP;
3368         ((PWLAN_IE_TPC_REP) pbyBuffer)->len = 2;
3369         ((PWLAN_IE_TPC_REP) pbyBuffer)->byTxPower = CARDbyGetTransmitPower(pMgmt->pAdapter);
3370         ((PWLAN_IE_TPC_REP) pbyBuffer)->byLinkMargin = 0;
3371         pbyBuffer += (2) + WLAN_IEHDR_LEN;
3372         uLength += (2) + WLAN_IEHDR_LEN;
3373         // IBSS DFS
3374         if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP) {
3375             pIBSSDFS = (PWLAN_IE_IBSS_DFS) pbyBuffer;
3376             pIBSSDFS->byElementID = WLAN_EID_IBSS_DFS;
3377             pIBSSDFS->len = 7;
3378             memcpy(   pIBSSDFS->abyDFSOwner,
3379                         pMgmt->abyIBSSDFSOwner,
3380                         6);
3381             pIBSSDFS->byDFSRecovery = pMgmt->byIBSSDFSRecovery;
3382             pbyBuffer += (7) + WLAN_IEHDR_LEN;
3383             uLength += (7) + WLAN_IEHDR_LEN;
3384             for(ii=CB_MAX_CHANNEL_24G+1; ii<=CB_MAX_CHANNEL; ii++ ) {
3385                 if (CARDbGetChannelMapInfo(pMgmt->pAdapter, ii, pbyBuffer, pbyBuffer+1) == TRUE) {
3386                     pbyBuffer += 2;
3387                     uLength += 2;
3388                     pIBSSDFS->len += 2;
3389                 }
3390             }
3391         }
3392         sFrame.len += uLength;
3393     }
3394
3395     if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
3396         sFrame.pERP = (PWLAN_IE_ERP)(sFrame.pBuf + sFrame.len);
3397         sFrame.len += 1 + WLAN_IEHDR_LEN;
3398         sFrame.pERP->byElementID = WLAN_EID_ERP;
3399         sFrame.pERP->len = 1;
3400         sFrame.pERP->byContext = 0;
3401         if (pDevice->bProtectMode == TRUE)
3402             sFrame.pERP->byContext |= WLAN_EID_ERP_USE_PROTECTION;
3403         if (pDevice->bNonERPPresent == TRUE)
3404             sFrame.pERP->byContext |= WLAN_EID_ERP_NONERP_PRESENT;
3405         if (pDevice->bBarkerPreambleMd == TRUE)
3406             sFrame.pERP->byContext |= WLAN_EID_ERP_BARKER_MODE;
3407     }
3408     if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
3409         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3410         sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
3411         memcpy(sFrame.pExtSuppRates,
3412              pCurrExtSuppRates,
3413              ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
3414              );
3415     }
3416     // hostapd wpa/wpa2 IE
3417     if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnableHostapd == TRUE)) {
3418          if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
3419              if (pMgmt->wWPAIELen != 0) {
3420                  sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
3421                  memcpy(sFrame.pRSN, pMgmt->abyWPAIE, pMgmt->wWPAIELen);
3422                  sFrame.len += pMgmt->wWPAIELen;
3423              }
3424          }
3425     }
3426
3427     /* Adjust the length fields */
3428     pTxPacket->cbMPDULen = sFrame.len;
3429     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
3430
3431     return pTxPacket;
3432 }
3433
3434
3435
3436
3437
3438 /*+
3439  *
3440  * Routine Description:
3441  *  Constructs an Prob-response frame
3442  *
3443  *
3444  * Return Value:
3445  *    PTR to frame; or NULL on allocation failue
3446  *
3447 -*/
3448
3449
3450
3451
3452 PSTxMgmtPacket
3453 s_MgrMakeProbeResponse(
3454     PSDevice pDevice,
3455     PSMgmtObject pMgmt,
3456     WORD wCurrCapInfo,
3457     WORD wCurrBeaconPeriod,
3458     UINT uCurrChannel,
3459     WORD wCurrATIMWinodw,
3460     PBYTE pDstAddr,
3461     PWLAN_IE_SSID pCurrSSID,
3462     PBYTE pCurrBSSID,
3463     PWLAN_IE_SUPP_RATES pCurrSuppRates,
3464     PWLAN_IE_SUPP_RATES pCurrExtSuppRates,
3465     BYTE byPHYType
3466     )
3467 {
3468     PSTxMgmtPacket      pTxPacket = NULL;
3469     WLAN_FR_PROBERESP   sFrame;
3470     PBYTE               pbyBuffer;
3471     UINT                uLength = 0;
3472     PWLAN_IE_IBSS_DFS   pIBSSDFS = NULL;
3473     UINT                ii;
3474
3475
3476     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3477     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_PROBERESP_FR_MAXLEN);
3478     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3479     // Setup the sFrame structure.
3480     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3481     sFrame.len = WLAN_PROBERESP_FR_MAXLEN;
3482     vMgrEncodeProbeResponse(&sFrame);
3483     // Setup the header
3484     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
3485         (
3486         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
3487         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_PROBERESP)
3488         ));
3489     memcpy( sFrame.pHdr->sA3.abyAddr1, pDstAddr, WLAN_ADDR_LEN);
3490     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
3491     memcpy( sFrame.pHdr->sA3.abyAddr3, pCurrBSSID, WLAN_BSSID_LEN);
3492     *sFrame.pwBeaconInterval = cpu_to_le16(wCurrBeaconPeriod);
3493     *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
3494
3495     if (byPHYType == BB_TYPE_11B) {
3496         *sFrame.pwCapInfo &= cpu_to_le16((WORD)~(WLAN_SET_CAP_INFO_SHORTSLOTTIME(1)));
3497     }
3498
3499     // Copy SSID
3500     sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
3501     sFrame.len += ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len + WLAN_IEHDR_LEN;
3502     memcpy(sFrame.pSSID,
3503            pCurrSSID,
3504            ((PWLAN_IE_SSID)pCurrSSID)->len + WLAN_IEHDR_LEN
3505            );
3506     // Copy the rate set
3507     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3508
3509     sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
3510     memcpy(sFrame.pSuppRates,
3511            pCurrSuppRates,
3512            ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
3513           );
3514
3515     // DS parameter
3516     if (pDevice->eCurrentPHYType != PHY_TYPE_11A) {
3517         sFrame.pDSParms = (PWLAN_IE_DS_PARMS)(sFrame.pBuf + sFrame.len);
3518         sFrame.len += (1) + WLAN_IEHDR_LEN;
3519         sFrame.pDSParms->byElementID = WLAN_EID_DS_PARMS;
3520         sFrame.pDSParms->len = 1;
3521         sFrame.pDSParms->byCurrChannel = (BYTE)uCurrChannel;
3522     }
3523
3524     if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP) {
3525         // IBSS parameter
3526         sFrame.pIBSSParms = (PWLAN_IE_IBSS_PARMS)(sFrame.pBuf + sFrame.len);
3527         sFrame.len += (2) + WLAN_IEHDR_LEN;
3528         sFrame.pIBSSParms->byElementID = WLAN_EID_IBSS_PARMS;
3529         sFrame.pIBSSParms->len = 2;
3530         sFrame.pIBSSParms->wATIMWindow = 0;
3531     }
3532     if (pDevice->eCurrentPHYType == PHY_TYPE_11G) {
3533         sFrame.pERP = (PWLAN_IE_ERP)(sFrame.pBuf + sFrame.len);
3534         sFrame.len += 1 + WLAN_IEHDR_LEN;
3535         sFrame.pERP->byElementID = WLAN_EID_ERP;
3536         sFrame.pERP->len = 1;
3537         sFrame.pERP->byContext = 0;
3538         if (pDevice->bProtectMode == TRUE)
3539             sFrame.pERP->byContext |= WLAN_EID_ERP_USE_PROTECTION;
3540         if (pDevice->bNonERPPresent == TRUE)
3541             sFrame.pERP->byContext |= WLAN_EID_ERP_NONERP_PRESENT;
3542         if (pDevice->bBarkerPreambleMd == TRUE)
3543             sFrame.pERP->byContext |= WLAN_EID_ERP_BARKER_MODE;
3544     }
3545
3546     if ((pMgmt->b11hEnable == TRUE) &&
3547         (pMgmt->eCurrentPHYMode == PHY_TYPE_11A)) {
3548         // Country IE
3549         pbyBuffer = (PBYTE)(sFrame.pBuf + sFrame.len);
3550         CARDvSetCountryIE(pMgmt->pAdapter, pbyBuffer);
3551         CARDvSetCountryInfo(pMgmt->pAdapter, PHY_TYPE_11A, pbyBuffer);
3552         uLength += ((PWLAN_IE_COUNTRY) pbyBuffer)->len + WLAN_IEHDR_LEN;
3553         pbyBuffer += (((PWLAN_IE_COUNTRY) pbyBuffer)->len + WLAN_IEHDR_LEN);
3554         // Power Constrain IE
3555         ((PWLAN_IE_PW_CONST) pbyBuffer)->byElementID = WLAN_EID_PWR_CONSTRAINT;
3556         ((PWLAN_IE_PW_CONST) pbyBuffer)->len = 1;
3557         ((PWLAN_IE_PW_CONST) pbyBuffer)->byPower = 0;
3558         pbyBuffer += (1) + WLAN_IEHDR_LEN;
3559         uLength += (1) + WLAN_IEHDR_LEN;
3560         if (pMgmt->bSwitchChannel == TRUE) {
3561             // Channel Switch IE
3562             ((PWLAN_IE_CH_SW) pbyBuffer)->byElementID = WLAN_EID_CH_SWITCH;
3563             ((PWLAN_IE_CH_SW) pbyBuffer)->len = 3;
3564             ((PWLAN_IE_CH_SW) pbyBuffer)->byMode = 1;
3565             ((PWLAN_IE_CH_SW) pbyBuffer)->byChannel = CARDbyGetChannelNumber(pMgmt->pAdapter, pMgmt->byNewChannel);
3566             ((PWLAN_IE_CH_SW) pbyBuffer)->byCount = 0;
3567             pbyBuffer += (3) + WLAN_IEHDR_LEN;
3568             uLength += (3) + WLAN_IEHDR_LEN;
3569         }
3570         // TPC report
3571         ((PWLAN_IE_TPC_REP) pbyBuffer)->byElementID = WLAN_EID_TPC_REP;
3572         ((PWLAN_IE_TPC_REP) pbyBuffer)->len = 2;
3573         ((PWLAN_IE_TPC_REP) pbyBuffer)->byTxPower = CARDbyGetTransmitPower(pMgmt->pAdapter);
3574         ((PWLAN_IE_TPC_REP) pbyBuffer)->byLinkMargin = 0;
3575         pbyBuffer += (2) + WLAN_IEHDR_LEN;
3576         uLength += (2) + WLAN_IEHDR_LEN;
3577         // IBSS DFS
3578         if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP) {
3579             pIBSSDFS = (PWLAN_IE_IBSS_DFS) pbyBuffer;
3580             pIBSSDFS->byElementID = WLAN_EID_IBSS_DFS;
3581             pIBSSDFS->len = 7;
3582             memcpy(   pIBSSDFS->abyDFSOwner,
3583                         pMgmt->abyIBSSDFSOwner,
3584                         6);
3585             pIBSSDFS->byDFSRecovery = pMgmt->byIBSSDFSRecovery;
3586             pbyBuffer += (7) + WLAN_IEHDR_LEN;
3587             uLength += (7) + WLAN_IEHDR_LEN;
3588             for(ii=CB_MAX_CHANNEL_24G+1; ii<=CB_MAX_CHANNEL; ii++ ) {
3589                 if (CARDbGetChannelMapInfo(pMgmt->pAdapter, ii, pbyBuffer, pbyBuffer+1) == TRUE) {
3590                     pbyBuffer += 2;
3591                     uLength += 2;
3592                     pIBSSDFS->len += 2;
3593                 }
3594             }
3595         }
3596         sFrame.len += uLength;
3597     }
3598
3599
3600     if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
3601         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3602         sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
3603         memcpy(sFrame.pExtSuppRates,
3604              pCurrExtSuppRates,
3605              ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
3606              );
3607     }
3608
3609     // hostapd wpa/wpa2 IE
3610     if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnableHostapd == TRUE)) {
3611          if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
3612              if (pMgmt->wWPAIELen != 0) {
3613                  sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
3614                  memcpy(sFrame.pRSN, pMgmt->abyWPAIE, pMgmt->wWPAIELen);
3615                  sFrame.len += pMgmt->wWPAIELen;
3616              }
3617          }
3618     }
3619
3620     // Adjust the length fields
3621     pTxPacket->cbMPDULen = sFrame.len;
3622     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
3623
3624     return pTxPacket;
3625 }
3626
3627
3628
3629 /*+
3630  *
3631  * Routine Description:
3632  *  Constructs an association request frame
3633  *
3634  *
3635  * Return Value:
3636  *    A ptr to frame or NULL on allocation failue
3637  *
3638 -*/
3639
3640
3641 PSTxMgmtPacket
3642 s_MgrMakeAssocRequest(
3643     PSDevice pDevice,
3644     PSMgmtObject pMgmt,
3645     PBYTE pDAddr,
3646     WORD wCurrCapInfo,
3647     WORD wListenInterval,
3648     PWLAN_IE_SSID pCurrSSID,
3649     PWLAN_IE_SUPP_RATES pCurrRates,
3650     PWLAN_IE_SUPP_RATES pCurrExtSuppRates
3651     )
3652 {
3653     PSTxMgmtPacket      pTxPacket = NULL;
3654     WLAN_FR_ASSOCREQ    sFrame;
3655     PBYTE               pbyIEs;
3656     PBYTE               pbyRSN;
3657
3658
3659     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3660     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_ASSOCREQ_FR_MAXLEN);
3661     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3662     // Setup the sFrame structure.
3663     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3664     sFrame.len = WLAN_ASSOCREQ_FR_MAXLEN;
3665     // format fixed field frame structure
3666     vMgrEncodeAssocRequest(&sFrame);
3667     // Setup the header
3668     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
3669         (
3670         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
3671         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_ASSOCREQ)
3672         ));
3673     memcpy( sFrame.pHdr->sA3.abyAddr1, pDAddr, WLAN_ADDR_LEN);
3674     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
3675     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
3676
3677     // Set the capibility and listen interval
3678     *(sFrame.pwCapInfo) = cpu_to_le16(wCurrCapInfo);
3679     *(sFrame.pwListenInterval) = cpu_to_le16(wListenInterval);
3680
3681     // sFrame.len point to end of fixed field
3682     sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
3683     sFrame.len += pCurrSSID->len + WLAN_IEHDR_LEN;
3684     memcpy(sFrame.pSSID, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
3685
3686     pMgmt->sAssocInfo.AssocInfo.RequestIELength = pCurrSSID->len + WLAN_IEHDR_LEN;
3687     pMgmt->sAssocInfo.AssocInfo.OffsetRequestIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
3688     pbyIEs = pMgmt->sAssocInfo.abyIEs;
3689     memcpy(pbyIEs, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
3690     pbyIEs += pCurrSSID->len + WLAN_IEHDR_LEN;
3691
3692     // Copy the rate set
3693     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3694     if ((pDevice->eCurrentPHYType == PHY_TYPE_11B) && (pCurrRates->len > 4))
3695         sFrame.len += 4 + WLAN_IEHDR_LEN;
3696     else
3697         sFrame.len += pCurrRates->len + WLAN_IEHDR_LEN;
3698     memcpy(sFrame.pSuppRates, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
3699
3700     // Copy the extension rate set
3701     if ((pDevice->eCurrentPHYType == PHY_TYPE_11G) && (pCurrExtSuppRates->len > 0)) {
3702         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3703         sFrame.len += pCurrExtSuppRates->len + WLAN_IEHDR_LEN;
3704         memcpy(sFrame.pExtSuppRates, pCurrExtSuppRates, pCurrExtSuppRates->len + WLAN_IEHDR_LEN);
3705     }
3706
3707     pMgmt->sAssocInfo.AssocInfo.RequestIELength += pCurrRates->len + WLAN_IEHDR_LEN;
3708     memcpy(pbyIEs, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
3709     pbyIEs += pCurrRates->len + WLAN_IEHDR_LEN;
3710
3711     // for 802.11h
3712     if (pMgmt->b11hEnable == TRUE) {
3713         if (sFrame.pCurrPowerCap == NULL) {
3714             sFrame.pCurrPowerCap = (PWLAN_IE_PW_CAP)(sFrame.pBuf + sFrame.len);
3715             sFrame.len += (2 + WLAN_IEHDR_LEN);
3716             sFrame.pCurrPowerCap->byElementID = WLAN_EID_PWR_CAPABILITY;
3717             sFrame.pCurrPowerCap->len = 2;
3718             CARDvGetPowerCapability(pMgmt->pAdapter,
3719                                     &(sFrame.pCurrPowerCap->byMinPower),
3720                                     &(sFrame.pCurrPowerCap->byMaxPower)
3721                                     );
3722         }
3723         if (sFrame.pCurrSuppCh == NULL) {
3724             sFrame.pCurrSuppCh = (PWLAN_IE_SUPP_CH)(sFrame.pBuf + sFrame.len);
3725             sFrame.len += CARDbySetSupportChannels(pMgmt->pAdapter,(PBYTE)sFrame.pCurrSuppCh);
3726         }
3727     }
3728
3729     if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
3730          (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
3731          (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE)) &&
3732         (pMgmt->pCurrBSS != NULL)) {
3733         /* WPA IE */
3734         sFrame.pRSNWPA = (PWLAN_IE_RSN_EXT)(sFrame.pBuf + sFrame.len);
3735         sFrame.pRSNWPA->byElementID = WLAN_EID_RSN_WPA;
3736         sFrame.pRSNWPA->len = 16;
3737         sFrame.pRSNWPA->abyOUI[0] = 0x00;
3738         sFrame.pRSNWPA->abyOUI[1] = 0x50;
3739         sFrame.pRSNWPA->abyOUI[2] = 0xf2;
3740         sFrame.pRSNWPA->abyOUI[3] = 0x01;
3741         sFrame.pRSNWPA->wVersion = 1;
3742         //Group Key Cipher Suite
3743         sFrame.pRSNWPA->abyMulticast[0] = 0x00;
3744         sFrame.pRSNWPA->abyMulticast[1] = 0x50;
3745         sFrame.pRSNWPA->abyMulticast[2] = 0xf2;
3746         if (pMgmt->byCSSGK == KEY_CTL_WEP) {
3747             sFrame.pRSNWPA->abyMulticast[3] = pMgmt->pCurrBSS->byGKType;
3748         } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
3749             sFrame.pRSNWPA->abyMulticast[3] = WPA_TKIP;
3750         } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
3751             sFrame.pRSNWPA->abyMulticast[3] = WPA_AESCCMP;
3752         } else {
3753             sFrame.pRSNWPA->abyMulticast[3] = WPA_NONE;
3754         }
3755         // Pairwise Key Cipher Suite
3756         sFrame.pRSNWPA->wPKCount = 1;
3757         sFrame.pRSNWPA->PKSList[0].abyOUI[0] = 0x00;
3758         sFrame.pRSNWPA->PKSList[0].abyOUI[1] = 0x50;
3759         sFrame.pRSNWPA->PKSList[0].abyOUI[2] = 0xf2;
3760         if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
3761             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_TKIP;
3762         } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
3763             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_AESCCMP;
3764         } else {
3765             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_NONE;
3766         }
3767         // Auth Key Management Suite
3768         pbyRSN = (PBYTE)(sFrame.pBuf + sFrame.len + 2 + sFrame.pRSNWPA->len);
3769         *pbyRSN++=0x01;
3770         *pbyRSN++=0x00;
3771         *pbyRSN++=0x00;
3772
3773         *pbyRSN++=0x50;
3774         *pbyRSN++=0xf2;
3775         if (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) {
3776             *pbyRSN++=WPA_AUTH_PSK;
3777         }
3778         else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA) {
3779             *pbyRSN++=WPA_AUTH_IEEE802_1X;
3780         }
3781         else {
3782             *pbyRSN++=WPA_NONE;
3783         }
3784
3785         sFrame.pRSNWPA->len +=6;
3786
3787         // RSN Capabilites
3788
3789         *pbyRSN++=0x00;
3790         *pbyRSN++=0x00;
3791         sFrame.pRSNWPA->len +=2;
3792
3793         sFrame.len += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3794         // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
3795         pMgmt->sAssocInfo.AssocInfo.RequestIELength += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3796         memcpy(pbyIEs, sFrame.pRSNWPA, sFrame.pRSNWPA->len + WLAN_IEHDR_LEN);
3797         pbyIEs += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3798
3799     } else if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
3800                 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) &&
3801                (pMgmt->pCurrBSS != NULL)) {
3802         UINT                ii;
3803         PWORD               pwPMKID;
3804
3805         // WPA IE
3806         sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
3807         sFrame.pRSN->byElementID = WLAN_EID_RSN;
3808         sFrame.pRSN->len = 6; //Version(2)+GK(4)
3809         sFrame.pRSN->wVersion = 1;
3810         //Group Key Cipher Suite
3811         sFrame.pRSN->abyRSN[0] = 0x00;
3812         sFrame.pRSN->abyRSN[1] = 0x0F;
3813         sFrame.pRSN->abyRSN[2] = 0xAC;
3814         if (pMgmt->byCSSGK == KEY_CTL_WEP) {
3815             sFrame.pRSN->abyRSN[3] = pMgmt->pCurrBSS->byCSSGK;
3816         } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
3817             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_TKIP;
3818         } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
3819             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_CCMP;
3820         } else {
3821             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_UNKNOWN;
3822         }
3823
3824         // Pairwise Key Cipher Suite
3825         sFrame.pRSN->abyRSN[4] = 1;
3826         sFrame.pRSN->abyRSN[5] = 0;
3827         sFrame.pRSN->abyRSN[6] = 0x00;
3828         sFrame.pRSN->abyRSN[7] = 0x0F;
3829         sFrame.pRSN->abyRSN[8] = 0xAC;
3830         if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
3831             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_TKIP;
3832         } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
3833             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_CCMP;
3834         } else if (pMgmt->byCSSPK == KEY_CTL_NONE) {
3835             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_USE_GROUP;
3836         } else {
3837             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_UNKNOWN;
3838         }
3839         sFrame.pRSN->len += 6;
3840
3841         // Auth Key Management Suite
3842         sFrame.pRSN->abyRSN[10] = 1;
3843         sFrame.pRSN->abyRSN[11] = 0;
3844         sFrame.pRSN->abyRSN[12] = 0x00;
3845         sFrame.pRSN->abyRSN[13] = 0x0F;
3846         sFrame.pRSN->abyRSN[14] = 0xAC;
3847         if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK) {
3848             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_PSK;
3849         } else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
3850             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_802_1X;
3851         } else {
3852             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_UNKNOWN;
3853         }
3854         sFrame.pRSN->len +=6;
3855
3856         // RSN Capabilites
3857         if (pMgmt->pCurrBSS->sRSNCapObj.bRSNCapExist == TRUE) {
3858             memcpy(&sFrame.pRSN->abyRSN[16], &pMgmt->pCurrBSS->sRSNCapObj.wRSNCap, 2);
3859         } else {
3860             sFrame.pRSN->abyRSN[16] = 0;
3861             sFrame.pRSN->abyRSN[17] = 0;
3862         }
3863         sFrame.pRSN->len +=2;
3864
3865         if ((pDevice->gsPMKID.BSSIDInfoCount > 0) && (pDevice->bRoaming == TRUE) && (pMgmt->eAuthenMode == WMAC_AUTH_WPA2)) {
3866             // RSN PMKID
3867             pbyRSN = &sFrame.pRSN->abyRSN[18];
3868             pwPMKID = (PWORD)pbyRSN; // Point to PMKID count
3869             *pwPMKID = 0;            // Initialize PMKID count
3870             pbyRSN += 2;             // Point to PMKID list
3871             for (ii = 0; ii < pDevice->gsPMKID.BSSIDInfoCount; ii++) {
3872                 if ( !memcmp(&pDevice->gsPMKID.BSSIDInfo[ii].BSSID[0], pMgmt->abyCurrBSSID, ETH_ALEN)) {
3873                     (*pwPMKID) ++;
3874                     memcpy(pbyRSN, pDevice->gsPMKID.BSSIDInfo[ii].PMKID, 16);
3875                     pbyRSN += 16;
3876                 }
3877             }
3878             if (*pwPMKID != 0) {
3879                 sFrame.pRSN->len += (2 + (*pwPMKID)*16);
3880             }
3881         }
3882
3883         sFrame.len += sFrame.pRSN->len + WLAN_IEHDR_LEN;
3884         // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
3885         pMgmt->sAssocInfo.AssocInfo.RequestIELength += sFrame.pRSN->len + WLAN_IEHDR_LEN;
3886         memcpy(pbyIEs, sFrame.pRSN, sFrame.pRSN->len + WLAN_IEHDR_LEN);
3887         pbyIEs += sFrame.pRSN->len + WLAN_IEHDR_LEN;
3888     }
3889
3890
3891     // Adjust the length fields
3892     pTxPacket->cbMPDULen = sFrame.len;
3893     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
3894     return pTxPacket;
3895 }
3896
3897
3898
3899
3900
3901
3902
3903
3904 /*+
3905  *
3906  * Routine Description:
3907  *  Constructs an re-association request frame
3908  *
3909  *
3910  * Return Value:
3911  *    A ptr to frame or NULL on allocation failue
3912  *
3913 -*/
3914
3915
3916 PSTxMgmtPacket
3917 s_MgrMakeReAssocRequest(
3918     PSDevice pDevice,
3919     PSMgmtObject pMgmt,
3920     PBYTE pDAddr,
3921     WORD wCurrCapInfo,
3922     WORD wListenInterval,
3923     PWLAN_IE_SSID pCurrSSID,
3924     PWLAN_IE_SUPP_RATES pCurrRates,
3925     PWLAN_IE_SUPP_RATES pCurrExtSuppRates
3926     )
3927 {
3928     PSTxMgmtPacket      pTxPacket = NULL;
3929     WLAN_FR_REASSOCREQ  sFrame;
3930     PBYTE               pbyIEs;
3931     PBYTE               pbyRSN;
3932
3933
3934     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3935     memset( pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_REASSOCREQ_FR_MAXLEN);
3936     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3937     /* Setup the sFrame structure. */
3938     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3939     sFrame.len = WLAN_REASSOCREQ_FR_MAXLEN;
3940
3941     // format fixed field frame structure
3942     vMgrEncodeReassocRequest(&sFrame);
3943
3944     /* Setup the header */
3945     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
3946         (
3947         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
3948         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_REASSOCREQ)
3949         ));
3950     memcpy( sFrame.pHdr->sA3.abyAddr1, pDAddr, WLAN_ADDR_LEN);
3951     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
3952     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
3953
3954     /* Set the capibility and listen interval */
3955     *(sFrame.pwCapInfo) = cpu_to_le16(wCurrCapInfo);
3956     *(sFrame.pwListenInterval) = cpu_to_le16(wListenInterval);
3957
3958     memcpy(sFrame.pAddrCurrAP, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
3959     /* Copy the SSID */
3960     /* sFrame.len point to end of fixed field */
3961     sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
3962     sFrame.len += pCurrSSID->len + WLAN_IEHDR_LEN;
3963     memcpy(sFrame.pSSID, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
3964
3965     pMgmt->sAssocInfo.AssocInfo.RequestIELength = pCurrSSID->len + WLAN_IEHDR_LEN;
3966     pMgmt->sAssocInfo.AssocInfo.OffsetRequestIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
3967     pbyIEs = pMgmt->sAssocInfo.abyIEs;
3968     memcpy(pbyIEs, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
3969     pbyIEs += pCurrSSID->len + WLAN_IEHDR_LEN;
3970
3971     /* Copy the rate set */
3972     /* sFrame.len point to end of SSID */
3973     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3974     sFrame.len += pCurrRates->len + WLAN_IEHDR_LEN;
3975     memcpy(sFrame.pSuppRates, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
3976
3977     // Copy the extension rate set
3978     if ((pMgmt->eCurrentPHYMode == PHY_TYPE_11G) && (pCurrExtSuppRates->len > 0)) {
3979         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3980         sFrame.len += pCurrExtSuppRates->len + WLAN_IEHDR_LEN;
3981         memcpy(sFrame.pExtSuppRates, pCurrExtSuppRates, pCurrExtSuppRates->len + WLAN_IEHDR_LEN);
3982     }
3983
3984     pMgmt->sAssocInfo.AssocInfo.RequestIELength += pCurrRates->len + WLAN_IEHDR_LEN;
3985     memcpy(pbyIEs, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
3986     pbyIEs += pCurrRates->len + WLAN_IEHDR_LEN;
3987
3988     if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
3989          (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
3990          (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE)) &&
3991         (pMgmt->pCurrBSS != NULL)) {
3992         /* WPA IE */
3993         sFrame.pRSNWPA = (PWLAN_IE_RSN_EXT)(sFrame.pBuf + sFrame.len);
3994         sFrame.pRSNWPA->byElementID = WLAN_EID_RSN_WPA;
3995         sFrame.pRSNWPA->len = 16;
3996         sFrame.pRSNWPA->abyOUI[0] = 0x00;
3997         sFrame.pRSNWPA->abyOUI[1] = 0x50;
3998         sFrame.pRSNWPA->abyOUI[2] = 0xf2;
3999         sFrame.pRSNWPA->abyOUI[3] = 0x01;
4000         sFrame.pRSNWPA->wVersion = 1;
4001         //Group Key Cipher Suite
4002         sFrame.pRSNWPA->abyMulticast[0] = 0x00;
4003         sFrame.pRSNWPA->abyMulticast[1] = 0x50;
4004         sFrame.pRSNWPA->abyMulticast[2] = 0xf2;
4005         if (pMgmt->byCSSGK == KEY_CTL_WEP) {
4006             sFrame.pRSNWPA->abyMulticast[3] = pMgmt->pCurrBSS->byGKType;
4007         } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
4008             sFrame.pRSNWPA->abyMulticast[3] = WPA_TKIP;
4009         } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
4010             sFrame.pRSNWPA->abyMulticast[3] = WPA_AESCCMP;
4011         } else {
4012             sFrame.pRSNWPA->abyMulticast[3] = WPA_NONE;
4013         }
4014         // Pairwise Key Cipher Suite
4015         sFrame.pRSNWPA->wPKCount = 1;
4016         sFrame.pRSNWPA->PKSList[0].abyOUI[0] = 0x00;
4017         sFrame.pRSNWPA->PKSList[0].abyOUI[1] = 0x50;
4018         sFrame.pRSNWPA->PKSList[0].abyOUI[2] = 0xf2;
4019         if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
4020             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_TKIP;
4021         } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
4022             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_AESCCMP;
4023         } else {
4024             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_NONE;
4025         }
4026         // Auth Key Management Suite
4027         pbyRSN = (PBYTE)(sFrame.pBuf + sFrame.len + 2 + sFrame.pRSNWPA->len);
4028         *pbyRSN++=0x01;
4029         *pbyRSN++=0x00;
4030         *pbyRSN++=0x00;
4031
4032         *pbyRSN++=0x50;
4033         *pbyRSN++=0xf2;
4034         if (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) {
4035             *pbyRSN++=WPA_AUTH_PSK;
4036         } else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA) {
4037             *pbyRSN++=WPA_AUTH_IEEE802_1X;
4038         } else {
4039             *pbyRSN++=WPA_NONE;
4040         }
4041
4042         sFrame.pRSNWPA->len +=6;
4043
4044         // RSN Capabilites
4045         *pbyRSN++=0x00;
4046         *pbyRSN++=0x00;
4047         sFrame.pRSNWPA->len +=2;
4048
4049         sFrame.len += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
4050         // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
4051         pMgmt->sAssocInfo.AssocInfo.RequestIELength += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
4052         memcpy(pbyIEs, sFrame.pRSNWPA, sFrame.pRSNWPA->len + WLAN_IEHDR_LEN);
4053         pbyIEs += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
4054
4055     } else if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
4056                 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) &&
4057                (pMgmt->pCurrBSS != NULL)) {
4058         UINT                ii;
4059         PWORD               pwPMKID;
4060
4061         /* WPA IE */
4062         sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
4063         sFrame.pRSN->byElementID = WLAN_EID_RSN;
4064         sFrame.pRSN->len = 6; //Version(2)+GK(4)
4065         sFrame.pRSN->wVersion = 1;
4066         //Group Key Cipher Suite
4067         sFrame.pRSN->abyRSN[0] = 0x00;
4068         sFrame.pRSN->abyRSN[1] = 0x0F;
4069         sFrame.pRSN->abyRSN[2] = 0xAC;
4070         if (pMgmt->byCSSGK == KEY_CTL_WEP) {
4071             sFrame.pRSN->abyRSN[3] = pMgmt->pCurrBSS->byCSSGK;
4072         } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
4073             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_TKIP;
4074         } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
4075             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_CCMP;
4076         } else {
4077             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_UNKNOWN;
4078         }
4079
4080         // Pairwise Key Cipher Suite
4081         sFrame.pRSN->abyRSN[4] = 1;
4082         sFrame.pRSN->abyRSN[5] = 0;
4083         sFrame.pRSN->abyRSN[6] = 0x00;
4084         sFrame.pRSN->abyRSN[7] = 0x0F;
4085         sFrame.pRSN->abyRSN[8] = 0xAC;
4086         if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
4087             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_TKIP;
4088         } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
4089             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_CCMP;
4090         } else if (pMgmt->byCSSPK == KEY_CTL_NONE) {
4091             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_USE_GROUP;
4092         } else {
4093             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_UNKNOWN;
4094         }
4095         sFrame.pRSN->len += 6;
4096
4097         // Auth Key Management Suite
4098         sFrame.pRSN->abyRSN[10] = 1;
4099         sFrame.pRSN->abyRSN[11] = 0;
4100         sFrame.pRSN->abyRSN[12] = 0x00;
4101         sFrame.pRSN->abyRSN[13] = 0x0F;
4102         sFrame.pRSN->abyRSN[14] = 0xAC;
4103         if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK) {
4104             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_PSK;
4105         } else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
4106             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_802_1X;
4107         } else {
4108             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_UNKNOWN;
4109         }
4110         sFrame.pRSN->len +=6;
4111
4112         // RSN Capabilites
4113         if (pMgmt->pCurrBSS->sRSNCapObj.bRSNCapExist == TRUE) {
4114             memcpy(&sFrame.pRSN->abyRSN[16], &pMgmt->pCurrBSS->sRSNCapObj.wRSNCap, 2);
4115         } else {
4116             sFrame.pRSN->abyRSN[16] = 0;
4117             sFrame.pRSN->abyRSN[17] = 0;
4118         }
4119         sFrame.pRSN->len +=2;
4120
4121         if ((pDevice->gsPMKID.BSSIDInfoCount > 0) && (pDevice->bRoaming == TRUE) && (pMgmt->eAuthenMode == WMAC_AUTH_WPA2)) {
4122             // RSN PMKID
4123             pbyRSN = &sFrame.pRSN->abyRSN[18];
4124             pwPMKID = (PWORD)pbyRSN; // Point to PMKID count
4125             *pwPMKID = 0;            // Initialize PMKID count
4126             pbyRSN += 2;             // Point to PMKID list
4127             for (ii = 0; ii < pDevice->gsPMKID.BSSIDInfoCount; ii++) {
4128                 if ( !memcmp(&pDevice->gsPMKID.BSSIDInfo[ii].BSSID[0], pMgmt->abyCurrBSSID, ETH_ALEN)) {
4129                     (*pwPMKID) ++;
4130                     memcpy(pbyRSN, pDevice->gsPMKID.BSSIDInfo[ii].PMKID, 16);
4131                     pbyRSN += 16;
4132                 }
4133             }
4134             if (*pwPMKID != 0) {
4135                 sFrame.pRSN->len += (2 + (*pwPMKID)*16);
4136             }
4137         }
4138
4139         sFrame.len += sFrame.pRSN->len + WLAN_IEHDR_LEN;
4140         // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
4141         pMgmt->sAssocInfo.AssocInfo.RequestIELength += sFrame.pRSN->len + WLAN_IEHDR_LEN;
4142         memcpy(pbyIEs, sFrame.pRSN, sFrame.pRSN->len + WLAN_IEHDR_LEN);
4143         pbyIEs += sFrame.pRSN->len + WLAN_IEHDR_LEN;
4144     }
4145
4146
4147     /* Adjust the length fields */
4148     pTxPacket->cbMPDULen = sFrame.len;
4149     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
4150
4151     return pTxPacket;
4152 }
4153
4154
4155
4156 /*+
4157  *
4158  * Routine Description:
4159  *  Constructs an assoc-response frame
4160  *
4161  *
4162  * Return Value:
4163  *    PTR to frame; or NULL on allocation failue
4164  *
4165 -*/
4166
4167
4168 PSTxMgmtPacket
4169 s_MgrMakeAssocResponse(
4170     PSDevice pDevice,
4171     PSMgmtObject pMgmt,
4172     WORD wCurrCapInfo,
4173     WORD wAssocStatus,
4174     WORD wAssocAID,
4175     PBYTE pDstAddr,
4176     PWLAN_IE_SUPP_RATES pCurrSuppRates,
4177     PWLAN_IE_SUPP_RATES pCurrExtSuppRates
4178     )
4179 {
4180     PSTxMgmtPacket      pTxPacket = NULL;
4181     WLAN_FR_ASSOCRESP   sFrame;
4182
4183
4184     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
4185     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_ASSOCREQ_FR_MAXLEN);
4186     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
4187     // Setup the sFrame structure
4188     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
4189     sFrame.len = WLAN_REASSOCRESP_FR_MAXLEN;
4190     vMgrEncodeAssocResponse(&sFrame);
4191     // Setup the header
4192     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
4193         (
4194         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
4195         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_ASSOCRESP)
4196         ));
4197     memcpy( sFrame.pHdr->sA3.abyAddr1, pDstAddr, WLAN_ADDR_LEN);
4198     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
4199     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
4200
4201     *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
4202     *sFrame.pwStatus = cpu_to_le16(wAssocStatus);
4203     *sFrame.pwAid = cpu_to_le16((WORD)(wAssocAID | BIT14 | BIT15));
4204
4205     // Copy the rate set
4206     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4207     sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
4208     memcpy(sFrame.pSuppRates,
4209            pCurrSuppRates,
4210            ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
4211           );
4212
4213     if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
4214         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4215         sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
4216         memcpy(sFrame.pExtSuppRates,
4217              pCurrExtSuppRates,
4218              ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
4219              );
4220     }
4221
4222     // Adjust the length fields
4223     pTxPacket->cbMPDULen = sFrame.len;
4224     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
4225
4226     return pTxPacket;
4227 }
4228
4229
4230 /*+
4231  *
4232  * Routine Description:
4233  *  Constructs an reassoc-response frame
4234  *
4235  *
4236  * Return Value:
4237  *    PTR to frame; or NULL on allocation failue
4238  *
4239 -*/
4240
4241
4242 PSTxMgmtPacket
4243 s_MgrMakeReAssocResponse(
4244     PSDevice pDevice,
4245     PSMgmtObject pMgmt,
4246     WORD wCurrCapInfo,
4247     WORD wAssocStatus,
4248     WORD wAssocAID,
4249     PBYTE pDstAddr,
4250     PWLAN_IE_SUPP_RATES pCurrSuppRates,
4251     PWLAN_IE_SUPP_RATES pCurrExtSuppRates
4252     )
4253 {
4254     PSTxMgmtPacket      pTxPacket = NULL;
4255     WLAN_FR_REASSOCRESP   sFrame;
4256
4257
4258     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
4259     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_ASSOCREQ_FR_MAXLEN);
4260     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
4261     // Setup the sFrame structure
4262     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
4263     sFrame.len = WLAN_REASSOCRESP_FR_MAXLEN;
4264     vMgrEncodeReassocResponse(&sFrame);
4265     // Setup the header
4266     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
4267         (
4268         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
4269         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_REASSOCRESP)
4270         ));
4271     memcpy( sFrame.pHdr->sA3.abyAddr1, pDstAddr, WLAN_ADDR_LEN);
4272     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
4273     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
4274
4275     *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
4276     *sFrame.pwStatus = cpu_to_le16(wAssocStatus);
4277     *sFrame.pwAid = cpu_to_le16((WORD)(wAssocAID | BIT14 | BIT15));
4278
4279     // Copy the rate set
4280     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4281     sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
4282     memcpy(sFrame.pSuppRates,
4283              pCurrSuppRates,
4284              ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
4285              );
4286
4287     if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
4288         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4289         sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
4290         memcpy(sFrame.pExtSuppRates,
4291              pCurrExtSuppRates,
4292              ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
4293              );
4294     }
4295
4296     // Adjust the length fields
4297     pTxPacket->cbMPDULen = sFrame.len;
4298     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
4299
4300     return pTxPacket;
4301 }
4302
4303
4304 /*+
4305  *
4306  * Routine Description:
4307  *  Handles probe response management frames.
4308  *
4309  *
4310  * Return Value:
4311  *    none.
4312  *
4313 -*/
4314
4315 static
4316 void
4317 s_vMgrRxProbeResponse(
4318     PSDevice pDevice,
4319     PSMgmtObject pMgmt,
4320     PSRxMgmtPacket pRxPacket
4321     )
4322 {
4323     PKnownBSS           pBSSList = NULL;
4324     WLAN_FR_PROBERESP   sFrame;
4325     BYTE                byCurrChannel = pRxPacket->byRxChannel;
4326     ERPObject           sERP;
4327     BYTE                byIEChannel = 0;
4328     BOOL                bChannelHit = TRUE;
4329
4330
4331     memset(&sFrame, 0, sizeof(WLAN_FR_PROBERESP));
4332     // decode the frame
4333     sFrame.len = pRxPacket->cbMPDULen;
4334     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
4335     vMgrDecodeProbeResponse(&sFrame);
4336
4337     if ((sFrame.pqwTimestamp == 0) ||
4338         (sFrame.pwBeaconInterval == 0) ||
4339         (sFrame.pwCapInfo == 0) ||
4340         (sFrame.pSSID == 0) ||
4341         (sFrame.pSuppRates == 0)) {
4342         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Probe resp:Fail addr:[%p] \n", pRxPacket->p80211Header);
4343         DBG_PORT80(0xCC);
4344         return;
4345     };
4346
4347     if(sFrame.pSSID->len == 0)
4348        DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rx Probe resp: SSID len = 0 \n");
4349
4350     if (sFrame.pDSParms != 0) {
4351         if (byCurrChannel > CB_MAX_CHANNEL_24G) {
4352             // channel remapping to
4353             byIEChannel = CARDbyGetChannelMapping(pMgmt->pAdapter, sFrame.pDSParms->byCurrChannel, PHY_TYPE_11A);
4354         } else {
4355             byIEChannel = sFrame.pDSParms->byCurrChannel;
4356         }
4357         if (byCurrChannel != byIEChannel) {
4358             // adjust channel info. bcs we rcv adjcent channel pakckets
4359             bChannelHit = FALSE;
4360             byCurrChannel = byIEChannel;
4361         }
4362     } else {
4363         // no DS channel info
4364         bChannelHit = TRUE;
4365     }
4366
4367 //2008-0730-01<Add>by MikeLiu
4368 if(ChannelExceedZoneType(pDevice,byCurrChannel)==TRUE)
4369       return;
4370
4371     if (sFrame.pERP != NULL) {
4372         sERP.byERP = sFrame.pERP->byContext;
4373         sERP.bERPExist = TRUE;
4374     } else {
4375         sERP.bERPExist = FALSE;
4376         sERP.byERP = 0;
4377     }
4378
4379
4380     // update or insert the bss
4381     pBSSList = BSSpAddrIsInBSSList((void *)pDevice, sFrame.pHdr->sA3.abyAddr3, sFrame.pSSID);
4382     if (pBSSList) {
4383         BSSbUpdateToBSSList((void *)pDevice,
4384                             *sFrame.pqwTimestamp,
4385                             *sFrame.pwBeaconInterval,
4386                             *sFrame.pwCapInfo,
4387                             byCurrChannel,
4388                             bChannelHit,
4389                             sFrame.pSSID,
4390                             sFrame.pSuppRates,
4391                             sFrame.pExtSuppRates,
4392                             &sERP,
4393                             sFrame.pRSN,
4394                             sFrame.pRSNWPA,
4395                             sFrame.pIE_Country,
4396                             sFrame.pIE_Quiet,
4397                             pBSSList,
4398                             sFrame.len - WLAN_HDR_ADDR3_LEN,
4399                             sFrame.pHdr->sA4.abyAddr4,   // payload of probresponse
4400                             (void *)pRxPacket
4401                            );
4402     }
4403     else {
4404         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Probe resp/insert: RxChannel = : %d\n", byCurrChannel);
4405         BSSbInsertToBSSList((void *)pDevice,
4406                             sFrame.pHdr->sA3.abyAddr3,
4407                             *sFrame.pqwTimestamp,
4408                             *sFrame.pwBeaconInterval,
4409                             *sFrame.pwCapInfo,
4410                             byCurrChannel,
4411                             sFrame.pSSID,
4412                             sFrame.pSuppRates,
4413                             sFrame.pExtSuppRates,
4414                             &sERP,
4415                             sFrame.pRSN,
4416                             sFrame.pRSNWPA,
4417                             sFrame.pIE_Country,
4418                             sFrame.pIE_Quiet,
4419                             sFrame.len - WLAN_HDR_ADDR3_LEN,
4420                             sFrame.pHdr->sA4.abyAddr4,   // payload of beacon
4421                             (void *)pRxPacket
4422                            );
4423     }
4424     return;
4425
4426 }
4427
4428 /*+
4429  *
4430  * Routine Description:(AP)or(Ad-hoc STA)
4431  *  Handles probe request management frames.
4432  *
4433  *
4434  * Return Value:
4435  *    none.
4436  *
4437 -*/
4438
4439
4440 static
4441 void
4442 s_vMgrRxProbeRequest(
4443     PSDevice pDevice,
4444     PSMgmtObject pMgmt,
4445     PSRxMgmtPacket pRxPacket
4446     )
4447 {
4448     WLAN_FR_PROBEREQ    sFrame;
4449     CMD_STATUS          Status;
4450     PSTxMgmtPacket      pTxPacket;
4451     BYTE                byPHYType = BB_TYPE_11B;
4452
4453     // STA in Ad-hoc mode: when latest TBTT beacon transmit success,
4454     // STA have to response this request.
4455     if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) ||
4456         ((pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) && pDevice->bBeaconSent)) {
4457
4458         memset(&sFrame, 0, sizeof(WLAN_FR_PROBEREQ));
4459         // decode the frame
4460         sFrame.len = pRxPacket->cbMPDULen;
4461         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
4462         vMgrDecodeProbeRequest(&sFrame);
4463 /*
4464         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Probe request rx:MAC addr:%02x-%02x-%02x=%02x-%02x-%02x \n",
4465                   sFrame.pHdr->sA3.abyAddr2[0],
4466                   sFrame.pHdr->sA3.abyAddr2[1],
4467                   sFrame.pHdr->sA3.abyAddr2[2],
4468                   sFrame.pHdr->sA3.abyAddr2[3],
4469                   sFrame.pHdr->sA3.abyAddr2[4],
4470                   sFrame.pHdr->sA3.abyAddr2[5]
4471                 );
4472 */
4473         if (sFrame.pSSID->len != 0) {
4474             if (sFrame.pSSID->len != ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len)
4475                 return;
4476             if (memcmp(sFrame.pSSID->abySSID,
4477                        ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->abySSID,
4478                        ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len) != 0) {
4479                        return;
4480             }
4481         }
4482
4483         if ((sFrame.pSuppRates->len > 4) || (sFrame.pExtSuppRates != NULL)) {
4484             byPHYType = BB_TYPE_11G;
4485         }
4486
4487         // Probe response reply..
4488         pTxPacket = s_MgrMakeProbeResponse
4489                     (
4490                       pDevice,
4491                       pMgmt,
4492                       pMgmt->wCurrCapInfo,
4493                       pMgmt->wCurrBeaconPeriod,
4494                       pMgmt->uCurrChannel,
4495                       0,
4496                       sFrame.pHdr->sA3.abyAddr2,
4497                       (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
4498                       (PBYTE)pMgmt->abyCurrBSSID,
4499                       (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
4500                       (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates,
4501                        byPHYType
4502                     );
4503         if (pTxPacket != NULL ){
4504             /* send the frame */
4505             Status = csMgmt_xmit(pDevice, pTxPacket);
4506             if (Status != CMD_STATUS_PENDING) {
4507                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Probe response tx failed\n");
4508             }
4509             else {
4510 //                DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Probe response tx sending..\n");
4511             }
4512         }
4513     }
4514
4515     return;
4516 }
4517
4518
4519
4520
4521
4522 /*+
4523  *
4524  * Routine Description:
4525  *
4526  *  Entry point for the reception and handling of 802.11 management
4527  *  frames. Makes a determination of the frame type and then calls
4528  *  the appropriate function.
4529  *
4530  *
4531  * Return Value:
4532  *    none.
4533  *
4534 -*/
4535
4536
4537 void
4538 vMgrRxManagePacket(
4539     void *hDeviceContext,
4540     PSMgmtObject pMgmt,
4541     PSRxMgmtPacket pRxPacket
4542      )
4543 {
4544     PSDevice    pDevice = (PSDevice)hDeviceContext;
4545     BOOL        bInScan = FALSE;
4546     UINT        uNodeIndex = 0;
4547     NODE_STATE  eNodeState = 0;
4548     CMD_STATUS  Status;
4549
4550
4551     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
4552         if (BSSDBbIsSTAInNodeDB(pMgmt, pRxPacket->p80211Header->sA3.abyAddr2, &uNodeIndex))
4553             eNodeState = pMgmt->sNodeDBTable[uNodeIndex].eNodeState;
4554     }
4555
4556     switch( WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) ){
4557
4558         case WLAN_FSTYPE_ASSOCREQ:
4559             // Frame Clase = 2
4560             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx assocreq\n");
4561             if (eNodeState < NODE_AUTH) {
4562                 // send deauth notification
4563                 // reason = (6) class 2 received from nonauth sta
4564                 vMgrDeAuthenBeginSta(pDevice,
4565                                      pMgmt,
4566                                      pRxPacket->p80211Header->sA3.abyAddr2,
4567                                      (6),
4568                                      &Status
4569                                      );
4570                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wmgr: send vMgrDeAuthenBeginSta 1\n");
4571             }
4572             else {
4573                 s_vMgrRxAssocRequest(pDevice, pMgmt, pRxPacket, uNodeIndex);
4574             }
4575             break;
4576
4577         case WLAN_FSTYPE_ASSOCRESP:
4578             // Frame Clase = 2
4579             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx assocresp1\n");
4580             s_vMgrRxAssocResponse(pDevice, pMgmt, pRxPacket, FALSE);
4581             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx assocresp2\n");
4582             break;
4583
4584         case WLAN_FSTYPE_REASSOCREQ:
4585             // Frame Clase = 2
4586             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx reassocreq\n");
4587             // Todo: reassoc
4588             if (eNodeState < NODE_AUTH) {
4589                 // send deauth notification
4590                 // reason = (6) class 2 received from nonauth sta
4591                 vMgrDeAuthenBeginSta(pDevice,
4592                                      pMgmt,
4593                                      pRxPacket->p80211Header->sA3.abyAddr2,
4594                                      (6),
4595                                      &Status
4596                                      );
4597                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wmgr: send vMgrDeAuthenBeginSta 2\n");
4598
4599             }
4600             s_vMgrRxReAssocRequest(pDevice, pMgmt, pRxPacket, uNodeIndex);
4601             break;
4602
4603         case WLAN_FSTYPE_REASSOCRESP:
4604             // Frame Clase = 2
4605             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx reassocresp\n");
4606             s_vMgrRxAssocResponse(pDevice, pMgmt, pRxPacket, TRUE);
4607             break;
4608
4609         case WLAN_FSTYPE_PROBEREQ:
4610             // Frame Clase = 0
4611             //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx probereq\n");
4612             s_vMgrRxProbeRequest(pDevice, pMgmt, pRxPacket);
4613             break;
4614
4615         case WLAN_FSTYPE_PROBERESP:
4616             // Frame Clase = 0
4617             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx proberesp\n");
4618
4619             s_vMgrRxProbeResponse(pDevice, pMgmt, pRxPacket);
4620             break;
4621
4622         case WLAN_FSTYPE_BEACON:
4623             // Frame Clase = 0
4624             //DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx beacon\n");
4625             if (pMgmt->eScanState != WMAC_NO_SCANNING) {
4626                 bInScan = TRUE;
4627             };
4628             s_vMgrRxBeacon(pDevice, pMgmt, pRxPacket, bInScan);
4629             break;
4630
4631         case WLAN_FSTYPE_ATIM:
4632             // Frame Clase = 1
4633             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx atim\n");
4634             break;
4635
4636         case WLAN_FSTYPE_DISASSOC:
4637             // Frame Clase = 2
4638             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx disassoc\n");
4639             if (eNodeState < NODE_AUTH) {
4640                 // send deauth notification
4641                 // reason = (6) class 2 received from nonauth sta
4642                 vMgrDeAuthenBeginSta(pDevice,
4643                                      pMgmt,
4644                                      pRxPacket->p80211Header->sA3.abyAddr2,
4645                                      (6),
4646                                      &Status
4647                                      );
4648                 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wmgr: send vMgrDeAuthenBeginSta 3\n");
4649             }
4650             s_vMgrRxDisassociation(pDevice, pMgmt, pRxPacket);
4651             break;
4652
4653         case WLAN_FSTYPE_AUTHEN:
4654             // Frame Clase = 1
4655             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO  "rx authen\n");
4656             s_vMgrRxAuthentication(pDevice, pMgmt, pRxPacket);
4657             break;
4658
4659         case WLAN_FSTYPE_DEAUTHEN:
4660             // Frame Clase = 1
4661             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx deauthen\n");
4662             s_vMgrRxDeauthentication(pDevice, pMgmt, pRxPacket);
4663             break;
4664
4665         default:
4666             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx unknown mgmt\n");
4667     }
4668
4669     return;
4670 }
4671
4672
4673
4674
4675 /*+
4676  *
4677  * Routine Description:
4678  *
4679  *
4680  *  Prepare beacon to send
4681  *
4682  * Return Value:
4683  *    TRUE if success; FALSE if failed.
4684  *
4685 -*/
4686 BOOL
4687 bMgrPrepareBeaconToSend(
4688     void *hDeviceContext,
4689     PSMgmtObject pMgmt
4690     )
4691 {
4692     PSDevice            pDevice = (PSDevice)hDeviceContext;
4693     PSTxMgmtPacket      pTxPacket;
4694
4695 //    pDevice->bBeaconBufReady = FALSE;
4696     if (pDevice->bEncryptionEnable || pDevice->bEnable8021x){
4697         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_PRIVACY(1);
4698     }
4699     else {
4700         pMgmt->wCurrCapInfo &= ~WLAN_SET_CAP_INFO_PRIVACY(1);
4701     }
4702     pTxPacket = s_MgrMakeBeacon
4703                 (
4704                   pDevice,
4705                   pMgmt,
4706                   pMgmt->wCurrCapInfo,
4707                   pMgmt->wCurrBeaconPeriod,
4708                   pMgmt->uCurrChannel,
4709                   pMgmt->wCurrATIMWindow, //0,
4710                   (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
4711                   (PBYTE)pMgmt->abyCurrBSSID,
4712                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
4713                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
4714                 );
4715
4716     if ((pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) &&
4717         (pMgmt->abyCurrBSSID[0] == 0))
4718         return FALSE;
4719
4720     csBeacon_xmit(pDevice, pTxPacket);
4721
4722     return TRUE;
4723 }
4724
4725
4726
4727
4728 /*+
4729  *
4730  * Routine Description:
4731  *
4732  *  Log a warning message based on the contents of the Status
4733  *  Code field of an 802.11 management frame.  Defines are
4734  *  derived from 802.11-1997 SPEC.
4735  *
4736  * Return Value:
4737  *    none.
4738  *
4739 -*/
4740 static
4741 void
4742 s_vMgrLogStatus(
4743     PSMgmtObject pMgmt,
4744     WORD  wStatus
4745     )
4746 {
4747     switch( wStatus ){
4748         case WLAN_MGMT_STATUS_UNSPEC_FAILURE:
4749             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Unspecified error.\n");
4750             break;
4751         case WLAN_MGMT_STATUS_CAPS_UNSUPPORTED:
4752             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Can't support all requested capabilities.\n");
4753             break;
4754         case WLAN_MGMT_STATUS_REASSOC_NO_ASSOC:
4755             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Reassoc denied, can't confirm original Association.\n");
4756             break;
4757         case WLAN_MGMT_STATUS_ASSOC_DENIED_UNSPEC:
4758             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, undefine in spec\n");
4759             break;
4760         case WLAN_MGMT_STATUS_UNSUPPORTED_AUTHALG:
4761             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Peer doesn't support authen algorithm.\n");
4762             break;
4763         case WLAN_MGMT_STATUS_RX_AUTH_NOSEQ:
4764             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Authen frame received out of sequence.\n");
4765             break;
4766         case WLAN_MGMT_STATUS_CHALLENGE_FAIL:
4767             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Authen rejected, challenge  failure.\n");
4768             break;
4769         case WLAN_MGMT_STATUS_AUTH_TIMEOUT:
4770             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Authen rejected, timeout waiting for next frame.\n");
4771             break;
4772         case WLAN_MGMT_STATUS_ASSOC_DENIED_BUSY:
4773             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, AP too busy.\n");
4774             break;
4775         case WLAN_MGMT_STATUS_ASSOC_DENIED_RATES:
4776             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we haven't enough basic rates.\n");
4777             break;
4778         case WLAN_MGMT_STATUS_ASSOC_DENIED_SHORTPREAMBLE:
4779             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we do not support short preamble.\n");
4780             break;
4781         case WLAN_MGMT_STATUS_ASSOC_DENIED_PBCC:
4782             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we do not support PBCC.\n");
4783             break;
4784         case WLAN_MGMT_STATUS_ASSOC_DENIED_AGILITY:
4785             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we do not support channel agility.\n");
4786             break;
4787         default:
4788             DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Unknown status code %d.\n", wStatus);
4789             break;
4790     }
4791 }
4792
4793
4794 /*
4795  *
4796  * Description:
4797  *    Add BSSID in PMKID Candidate list.
4798  *
4799  * Parameters:
4800  *  In:
4801  *      hDeviceContext - device structure point
4802  *      pbyBSSID - BSSID address for adding
4803  *      wRSNCap - BSS's RSN capability
4804  *  Out:
4805  *      none
4806  *
4807  * Return Value: none.
4808  *
4809 -*/
4810 BOOL
4811 bAdd_PMKID_Candidate (
4812     void *hDeviceContext,
4813     PBYTE          pbyBSSID,
4814     PSRSNCapObject psRSNCapObj
4815     )
4816 {
4817     PSDevice         pDevice = (PSDevice)hDeviceContext;
4818     PPMKID_CANDIDATE pCandidateList;
4819     UINT             ii = 0;
4820
4821     DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"bAdd_PMKID_Candidate START: (%d)\n", (int)pDevice->gsPMKIDCandidate.NumCandidates);
4822
4823     if ((pDevice == NULL) || (pbyBSSID == NULL) || (psRSNCapObj == NULL))
4824         return FALSE;
4825
4826     if (pDevice->gsPMKIDCandidate.NumCandidates >= MAX_PMKIDLIST)
4827         return FALSE;
4828
4829
4830
4831     // Update Old Candidate
4832     for (ii = 0; ii < pDevice->gsPMKIDCandidate.NumCandidates; ii++) {
4833         pCandidateList = &pDevice->gsPMKIDCandidate.CandidateList[ii];
4834         if ( !memcmp(pCandidateList->BSSID, pbyBSSID, ETH_ALEN)) {
4835             if ((psRSNCapObj->bRSNCapExist == TRUE) && (psRSNCapObj->wRSNCap & BIT0)) {
4836                 pCandidateList->Flags |= NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED;
4837             } else {
4838                 pCandidateList->Flags &= ~(NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED);
4839             }
4840             return TRUE;
4841         }
4842     }
4843
4844     // New Candidate
4845     pCandidateList = &pDevice->gsPMKIDCandidate.CandidateList[pDevice->gsPMKIDCandidate.NumCandidates];
4846     if ((psRSNCapObj->bRSNCapExist == TRUE) && (psRSNCapObj->wRSNCap & BIT0)) {
4847         pCandidateList->Flags |= NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED;
4848     } else {
4849         pCandidateList->Flags &= ~(NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED);
4850     }
4851     memcpy(pCandidateList->BSSID, pbyBSSID, ETH_ALEN);
4852     pDevice->gsPMKIDCandidate.NumCandidates++;
4853     DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"NumCandidates:%d\n", (int)pDevice->gsPMKIDCandidate.NumCandidates);
4854     return TRUE;
4855 }
4856
4857 /*
4858  *
4859  * Description:
4860  *    Flush PMKID Candidate list.
4861  *
4862  * Parameters:
4863  *  In:
4864  *      hDeviceContext - device structure point
4865  *  Out:
4866  *      none
4867  *
4868  * Return Value: none.
4869  *
4870 -*/
4871 void
4872 vFlush_PMKID_Candidate (
4873     void *hDeviceContext
4874     )
4875 {
4876     PSDevice        pDevice = (PSDevice)hDeviceContext;
4877
4878     if (pDevice == NULL)
4879         return;
4880
4881     memset(&pDevice->gsPMKIDCandidate, 0, sizeof(SPMKIDCandidateEvent));
4882 }
4883
4884 static BOOL
4885 s_bCipherMatch (
4886     PKnownBSS                        pBSSNode,
4887     NDIS_802_11_ENCRYPTION_STATUS    EncStatus,
4888     PBYTE                           pbyCCSPK,
4889     PBYTE                           pbyCCSGK
4890     )
4891 {
4892     BYTE byMulticastCipher = KEY_CTL_INVALID;
4893     BYTE byCipherMask = 0x00;
4894     int i;
4895
4896     if (pBSSNode == NULL)
4897         return FALSE;
4898
4899     // check cap. of BSS
4900     if ((WLAN_GET_CAP_INFO_PRIVACY(pBSSNode->wCapInfo) != 0) &&
4901          (EncStatus == Ndis802_11Encryption1Enabled)) {
4902         // default is WEP only
4903         byMulticastCipher = KEY_CTL_WEP;
4904     }
4905
4906     if ((WLAN_GET_CAP_INFO_PRIVACY(pBSSNode->wCapInfo) != 0) &&
4907         (pBSSNode->bWPA2Valid == TRUE) &&
4908           //20080123-01,<Add> by Einsn Liu
4909         ((EncStatus == Ndis802_11Encryption3Enabled)||(EncStatus == Ndis802_11Encryption2Enabled))) {
4910         //WPA2
4911         // check Group Key Cipher
4912         if ((pBSSNode->byCSSGK == WLAN_11i_CSS_WEP40) ||
4913             (pBSSNode->byCSSGK == WLAN_11i_CSS_WEP104)) {
4914             byMulticastCipher = KEY_CTL_WEP;
4915         } else if (pBSSNode->byCSSGK == WLAN_11i_CSS_TKIP) {
4916             byMulticastCipher = KEY_CTL_TKIP;
4917         } else if (pBSSNode->byCSSGK == WLAN_11i_CSS_CCMP) {
4918             byMulticastCipher = KEY_CTL_CCMP;
4919         } else {
4920             byMulticastCipher = KEY_CTL_INVALID;
4921         }
4922
4923         // check Pairwise Key Cipher
4924         for(i=0;i<pBSSNode->wCSSPKCount;i++) {
4925             if ((pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_WEP40) ||
4926                 (pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_WEP104)) {
4927                 // this should not happen as defined 802.11i
4928                 byCipherMask |= 0x01;
4929             } else if (pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_TKIP) {
4930                 byCipherMask |= 0x02;
4931             } else if (pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_CCMP) {
4932                 byCipherMask |= 0x04;
4933             } else if (pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_USE_GROUP) {
4934                 // use group key only ignore all others
4935                 byCipherMask = 0;
4936                 i = pBSSNode->wCSSPKCount;
4937             }
4938         }
4939
4940     } else if ((WLAN_GET_CAP_INFO_PRIVACY(pBSSNode->wCapInfo) != 0) &&
4941                 (pBSSNode->bWPAValid == TRUE) &&
4942                 ((EncStatus == Ndis802_11Encryption3Enabled) || (EncStatus == Ndis802_11Encryption2Enabled))) {
4943         //WPA
4944         // check Group Key Cipher
4945         if ((pBSSNode->byGKType == WPA_WEP40) ||
4946             (pBSSNode->byGKType == WPA_WEP104)) {
4947             byMulticastCipher = KEY_CTL_WEP;
4948         } else if (pBSSNode->byGKType == WPA_TKIP) {
4949             byMulticastCipher = KEY_CTL_TKIP;
4950         } else if (pBSSNode->byGKType == WPA_AESCCMP) {
4951             byMulticastCipher = KEY_CTL_CCMP;
4952         } else {
4953             byMulticastCipher = KEY_CTL_INVALID;
4954         }
4955
4956         // check Pairwise Key Cipher
4957         for(i=0;i<pBSSNode->wPKCount;i++) {
4958             if (pBSSNode->abyPKType[i] == WPA_TKIP) {
4959                 byCipherMask |= 0x02;
4960             } else if (pBSSNode->abyPKType[i] == WPA_AESCCMP) {
4961                 byCipherMask |= 0x04;
4962             } else if (pBSSNode->abyPKType[i] == WPA_NONE) {
4963                 // use group key only ignore all others
4964                 byCipherMask = 0;
4965                 i = pBSSNode->wPKCount;
4966             }
4967         }
4968     }
4969
4970     DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"%d, %d, %d, %d, EncStatus:%d\n",
4971         byMulticastCipher, byCipherMask, pBSSNode->bWPAValid, pBSSNode->bWPA2Valid, EncStatus);
4972
4973     // mask our cap. with BSS
4974     if (EncStatus == Ndis802_11Encryption1Enabled) {
4975
4976         // For supporting Cisco migration mode, don't care pairwise key cipher
4977         if ((byMulticastCipher == KEY_CTL_WEP) &&
4978             (byCipherMask == 0)) {
4979             *pbyCCSGK = KEY_CTL_WEP;
4980             *pbyCCSPK = KEY_CTL_NONE;
4981             return TRUE;
4982         } else {
4983             return FALSE;
4984         }
4985
4986     } else if (EncStatus == Ndis802_11Encryption2Enabled) {
4987         if ((byMulticastCipher == KEY_CTL_TKIP) &&
4988             (byCipherMask == 0)) {
4989             *pbyCCSGK = KEY_CTL_TKIP;
4990             *pbyCCSPK = KEY_CTL_NONE;
4991             return TRUE;
4992         } else if ((byMulticastCipher == KEY_CTL_WEP) &&
4993                    ((byCipherMask & 0x02) != 0)) {
4994             *pbyCCSGK = KEY_CTL_WEP;
4995             *pbyCCSPK = KEY_CTL_TKIP;
4996             return TRUE;
4997         } else if ((byMulticastCipher == KEY_CTL_TKIP) &&
4998                    ((byCipherMask & 0x02) != 0)) {
4999             *pbyCCSGK = KEY_CTL_TKIP;
5000             *pbyCCSPK = KEY_CTL_TKIP;
5001             return TRUE;
5002         } else {
5003             return FALSE;
5004         }
5005     } else if (EncStatus == Ndis802_11Encryption3Enabled) {
5006         if ((byMulticastCipher == KEY_CTL_CCMP) &&
5007             (byCipherMask == 0)) {
5008             // When CCMP is enable, "Use group cipher suite" shall not be a valid option.
5009             return FALSE;
5010         } else if ((byMulticastCipher == KEY_CTL_WEP) &&
5011                    ((byCipherMask & 0x04) != 0)) {
5012             *pbyCCSGK = KEY_CTL_WEP;
5013             *pbyCCSPK = KEY_CTL_CCMP;
5014             return TRUE;
5015         } else if ((byMulticastCipher == KEY_CTL_TKIP) &&
5016                    ((byCipherMask & 0x04) != 0)) {
5017             *pbyCCSGK = KEY_CTL_TKIP;
5018             *pbyCCSPK = KEY_CTL_CCMP;
5019             return TRUE;
5020         } else if ((byMulticastCipher == KEY_CTL_CCMP) &&
5021                    ((byCipherMask & 0x04) != 0)) {
5022             *pbyCCSGK = KEY_CTL_CCMP;
5023             *pbyCCSPK = KEY_CTL_CCMP;
5024             return TRUE;
5025         } else {
5026             return FALSE;
5027         }
5028     }
5029     return TRUE;
5030 }
5031
5032
Full containers within linux kernel