search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Initial commit: Uploaded everything from abs/core
[arch-rock.git] / support / rt2500 / kernel-2.6.20.patch
blobb4b9506e6866baa2c0b8592a07da605c2ca982d4
1 diff -r -u rt2500-1.1.0-b4/Module/Makefile rt2500-cvs-2007020414/Module/Makefile
2 --- rt2500-1.1.0-b4/Module/Makefile 2006-06-17 22:12:58.000000000 +0200
3 +++ rt2500-cvs-2007020414/Module/Makefile 2006-12-02 16:25:57.000000000 +0100
4 @@ -113,7 +113,7 @@
5 clean:
6 @rm -f $(RESMAN_GLUE_OBJS) $(RESMAN_CORE_OBJS) .*.{cmd,flags}
7 @rm -f $(MODULE_NAME).{o,ko,mod.{o,c}} built-in.o $(VERSION_HEADER) *~
8 - @rm -fr .tmp_versions
9 + @rm -fr .tmp_versions Module.symvers
10
11 modules_install:
12 ifeq ($(PATCHLEVEL),4)
13 diff -r -u rt2500-1.1.0-b4/Module/README rt2500-cvs-2007020414/Module/README
14 --- rt2500-1.1.0-b4/Module/README 2006-06-17 22:12:58.000000000 +0200
15 +++ rt2500-cvs-2007020414/Module/README 2006-07-14 00:56:44.000000000 +0200
16 @@ -9,7 +9,7 @@
17
18 b. $make # compile driver source code
19
20 -c. $make install # installs kernel module driver
21 +c. $make install # installs kernel module driver
22
23 (read end of file for FedoraCore3 specific information)
24
25 @@ -125,13 +125,14 @@
26 OPEN For Open System
27 SHARED For Shared key system
28 AUTO
29 - WPAPSK
30 + WPANONE For pre-shared key in adhoc mode
31 + WPAPSK For pre-shared key in infrastructure mode
32 7. EncrypType=value
33 value
34 NONE :For AuthMode=OPEN
35 WEP :For AuthMode=OPEN or AuthMode=SHARED
36 - TKIP :For AuthMode=WPAPSK
37 - AES :For AuthMode=WPAPSK
38 + TKIP :For AuthMode=WPAPSK or AuthMode=WPANONE
39 + AES :For AuthMode=WPAPSK or AuthMode=WPANONE
40 8. DefaultKeyID=value
41 value
42 1 ~ 4
43 @@ -210,13 +211,13 @@
44
45 23. AdhocOfdm=value
46 value
47 - 0: Tx MAX rate will be 11Mbps in Adhoc mode.
48 - 1: Tx MAX rate will be 54Mbps in Adhoc mode.
49 + 0: Tx MAX rate will be 11Mbps in Adhoc mode.
50 + 1: Tx MAX rate will be 54Mbps in Adhoc mode.
51
52 24. StaWithEtherBridge=value
53 value
54 - 0: Disable sta with ethernet to wireless bridge.
55 - 1: Enable sta with ethernet to wireless bridge.
56 + 0: Disable sta with ethernet to wireless bridge.
57 + 1: Enable sta with ethernet to wireless bridge.
58
59
60 MORE INFORMATION
61 diff -r -u rt2500-1.1.0-b4/Module/mlme.c rt2500-cvs-2007020414/Module/mlme.c
62 --- rt2500-1.1.0-b4/Module/mlme.c 2006-06-17 22:12:58.000000000 +0200
63 +++ rt2500-cvs-2007020414/Module/mlme.c 2007-01-20 22:12:59.000000000 +0100
64 @@ -357,9 +357,15 @@
65 schedule_work(&pAd->mlme_work);
66 }
67
68 +# if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20))
69 +VOID MlmeWork(struct work_struct *work)
70 +{
71 + PRTMP_ADAPTER pAd = container_of(work, struct _RTMP_ADAPTER ,mlme_work);
72 +# else /* 2.6.20 patch "older kernels" */
73 VOID MlmeWork(void *vpAd)
74 {
75 - PRTMP_ADAPTER pAd = vpAd;
76 + PRTMP_ADAPTER pAd = vpAd;
77 +#endif /* 2.6.20 patch */
78 #endif
79 MLME_QUEUE_ELEM *Elem = NULL;
80 unsigned long flags;
81 @@ -1724,6 +1730,32 @@
82
83 UCHAR ZeroSsid[32] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
84 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
85 +
86 +static NDIS_802_11_WEP_STATUS setWepStatus(
87 + IN USHORT mask, // Peer cipher capability set
88 + IN NDIS_802_11_WEP_STATUS WepStatus) // local cipher selection
89 +{
90 + static const unsigned char transtoieee[] = {
91 + CIPHER_TYPE_WEP104,0,0,0,CIPHER_TYPE_TKIP,0,CIPHER_TYPE_CCMP,0
92 + };
93 + static const unsigned char transtondis[] = {
94 + Ndis802_11EncryptionDisabled, Ndis802_11WEPEnabled,
95 + Ndis802_11Encryption2Enabled, Ndis802_11WEPKeyAbsent,
96 + Ndis802_11Encryption3Enabled, Ndis802_11WEPEnabled
97 + };
98 + NDIS_802_11_WEP_STATUS wepstatus = Ndis802_11WEPDisabled;
99 + USHORT suite = transtoieee[WepStatus];
100 +
101 + DBGPRINT(RT_DEBUG_TRACE, " - (%s) mask 0x%04x wepstatus %d ieee %d\n",
102 + __FUNCTION__, mask, WepStatus, suite);
103 +
104 + if (suite && (mask & 0x01 << suite)) {
105 + wepstatus = transtondis[suite];
106 + }
107 + return wepstatus;
108 +
109 +} /* End setWepStatus () */
110 +
111 /*! \brief
112 * \param
113 * \return
114 @@ -1749,6 +1781,7 @@
115 IN UCHAR Rssi,
116 IN UCHAR Noise,
117 IN LARGE_INTEGER TimeStamp,
118 + IN USHORT VarIELen, // Length of all saved IEs.
119 IN PNDIS_802_11_VARIABLE_IEs pVIE)
120 {
121 COPY_MAC_ADDR(&pBss->Bssid, pBssid);
122 @@ -1801,15 +1834,23 @@
123 pBss->FixIEs.Capabilities = CapabilityInfo;
124
125 // New for microsoft Variable IEs
126 - if (pVIE->Length != 0)
127 + pBss->VarIELen = VarIELen;
128 + if (VarIELen != 0)
129 {
130 - pBss->VarIELen = pVIE->Length + 2;
131 - memcpy(pBss->VarIEs, pVIE, pBss->VarIELen);
132 - pBss->WepStatus = BssCipherParse(pBss->VarIEs);
133 + memcpy(pBss->VarIEs, pVIE, VarIELen);
134 + pBss->CipherCap = BssCipherParse((PBEACON_EID_STRUCT)pBss->VarIEs,
135 + VarIELen);
136 + if (pBss->CipherCap & (0x01 << CIPHER_TYPE_GRP)) {
137 + pBss->WepStatus = setWepStatus(pBss->CipherCap >> 8,
138 + pAd->PortCfg.WepStatus);
139 + }
140 + else {
141 + pBss->WepStatus = setWepStatus(pBss->CipherCap,
142 + pAd->PortCfg.WepStatus);
143 + }
144 }
145 else
146 {
147 - pBss->VarIELen = 0;
148 // No SSN ID, if security is on, this is WEP algorithm
149 if (pBss->Privacy)
150 pBss->WepStatus = Ndis802_11WEPEnabled;
151 @@ -1817,6 +1858,8 @@
152 else
153 pBss->WepStatus = Ndis802_11WEPDisabled;
154 }
155 + DBGPRINT(RT_DEBUG_TRACE, "%s: Ndis WepStatus (Local=%d, Remote=%d)\n",
156 + __FUNCTION__, pAd->PortCfg.WepStatus, pBss->WepStatus);
157 }
158
159 /*!
160 @@ -1858,9 +1901,11 @@
161 IN UCHAR Rssi,
162 IN UCHAR Noise,
163 IN LARGE_INTEGER TimeStamp,
164 + IN USHORT VarIELen, // Length of all saved IEs.
165 IN PNDIS_802_11_VARIABLE_IEs pVIE)
166 {
167 ULONG Idx;
168 +
169 Idx = BssTableSearch(Tab, Bssid);
170 if (Idx == BSS_NOT_FOUND)
171 {
172 @@ -1870,14 +1915,14 @@
173 Idx = Tab->BssNr;
174 BssEntrySet(pAd, &Tab->BssEntry[Idx], Bssid, Ssid, SsidLen, BssType, BeaconPeriod,
175 CfExist, CfParm, AtimWin, CapabilityInfo, Rates, RatesLen, ExtendedRateIeExist,
176 - ChannelNo, Rssi, Noise, TimeStamp, pVIE);
177 + ChannelNo, Rssi, Noise, TimeStamp, VarIELen, pVIE);
178 Tab->BssNr++;
179 }
180 else
181 {
182 BssEntrySet(pAd, &Tab->BssEntry[Idx], Bssid, Ssid, SsidLen, BssType, BeaconPeriod,
183 CfExist, CfParm, AtimWin, CapabilityInfo, Rates, RatesLen, ExtendedRateIeExist,
184 - ChannelNo, Rssi, Noise, TimeStamp, pVIE);
185 + ChannelNo, Rssi, Noise, TimeStamp, VarIELen, pVIE);
186 }
187
188 return Idx;
189 @@ -1976,34 +2021,178 @@
190 }
191 }
192
193 -NDIS_802_11_WEP_STATUS BssCipherParse(
194 - IN PUCHAR pCipher)
195 +/*
196 + * ============================================================================
197 + * Description:
198 + * Scan cipher suite list and return cipher capability set.
199 + * ============================================================================
200 + */
201 +static USHORT scan_csl(
202 + IN suite_list_t *psl,
203 + IN USHORT curtype)
204 {
205 - PBEACON_EID_STRUCT pEid;
206 - PUCHAR pTmp;
207 + USHORT ciphertype = curtype; // Cipher "capability set"
208 + int i, j;
209
210 - pEid = (PBEACON_EID_STRUCT) pCipher;
211 + DBGPRINT(RT_DEBUG_TRACE, " - scan %d pair cipher(s)\n", psl->count);
212
213 - // Double check sanity information, although it should be done at peer beacon sanity check already.
214 - if (pEid->Eid != IE_WPA)
215 - return (Ndis802_11WEPDisabled);
216 + for (i = 0, j = psl->count; i < j; i++) {
217
218 - // Double check Var IE length, it must be no less than 0x16
219 - if (pEid->Len < 0x16)
220 - return (Ndis802_11WEPDisabled);
221 -
222 - // Skip OUI, version, and multicast suite
223 - // This part should be improved in the future when AP supported multiple cipher suite.
224 - // For now, it's OK since almost all APs have fixed cipher suite supported.
225 - pTmp = (PUCHAR) pEid->Octet;
226 - pTmp += 9;
227 -
228 - if (*pTmp == 4) // AES
229 - return (Ndis802_11Encryption3Enabled);
230 - else if (*pTmp == 2) // TKIP
231 - return (Ndis802_11Encryption2Enabled);
232 + if (psl->suite[i].type < NUM_CIPHER_TYPES) {
233 + ciphertype |= 0x01 << psl->suite[i].type;
234 + }
235 + else {
236 + DBGPRINT(RT_DEBUG_ERROR, " - invalid pair cipher type %d\n",
237 + psl->suite[i].type);
238 + }
239 + DBGPRINT(RT_DEBUG_TRACE, " - (pair) CipherType now=0x%04x\n",
240 + ciphertype);
241 + }
242 + return ciphertype;
243 +
244 +} /* End scan_csl () */
245
246 - return (Ndis802_11WEPDisabled);
247 +USHORT BssCipherParse(
248 + IN PBEACON_EID_STRUCT pEid,
249 + IN USHORT VarIELen) // Length of all saved IEs.
250 +{
251 + USHORT ciphertype = 0;
252 + PBEACON_EID_STRUCT ptEid;
253 + USHORT len;
254 +
255 + DBGPRINT(RT_DEBUG_TRACE, "%s: using VarIELen=%d\n", __FUNCTION__, VarIELen);
256 +
257 + // Handle the stinerman problem (a too-short WPA IE followed by
258 + // a long-enough WPA IE from an AP), the onishin/dacull problem
259 + // (a RSN - WPA2 - IE followed by a WPA1 IE from an AP), and the
260 + // holtzmichel problem (a WPA1 IE followed by a WPA2 IE). We end
261 + // up using the *last* one we find. This may (or may not) really
262 + // be the thing to do. - bb
263 + for (ptEid = pEid, len = 0; len < VarIELen;
264 + len += ptEid->Len + 2,
265 + ptEid = (PBEACON_EID_STRUCT)((UCHAR *)pEid + len)) {
266 +
267 + DBGPRINT(RT_DEBUG_TRACE, " - examining IE=%d, Len=%d\n",
268 + ptEid->Eid, ptEid->Len);
269 +
270 + switch (ptEid->Eid) {
271 + default:
272 + DBGPRINT(RT_DEBUG_ERROR, " - Not a WPA/WPA2 IE=%d, Len=%d\n",
273 + ptEid->Eid, ptEid->Len);
274 + break;
275 +
276 + case IE_WPA: {
277 + #define p ((PRSN_EID_STRUCT)ptEid)
278 +
279 + // Double check Var IE length, it must be no less than 0x16
280 + // Silently ignore if not
281 + if (ptEid->Len < 0x16) {
282 + DBGPRINT(RT_DEBUG_ERROR, " - Len %d too short\n",
283 + ptEid->Len);
284 + break;
285 + }
286 + // Skip OUI, version, and multicast suite
287 + // This part should be improved in the future when AP
288 + // supported multiple cipher suite. For now, it's OK since
289 + // almost all APs have fixed cipher suite supported.
290 + // (The future is now - bb)
291 + if (p->Multicast[3] < NUM_CIPHER_TYPES) {
292 + ciphertype |= 0x100 << p->Multicast[3];
293 + }
294 + else {
295 + DBGPRINT(RT_DEBUG_ERROR,
296 + " - IE_WPA invalid group cipher %d\n",
297 + p->Multicast[3]);
298 + }
299 + DBGPRINT(RT_DEBUG_TRACE, " - WPA CipherType now=0x%04x\n",
300 + ciphertype);
301 +
302 + if (p->Length >= sizeof(RSN_EID_STRUCT) -
303 + offsetof(RSN_EID_STRUCT, Oui)) {
304 + suite_list_p psl = (suite_list_p)((UCHAR *)p +
305 + offsetof(RSN_EID_STRUCT, Count));
306 +
307 + if (psl->count * sizeof(suite_sel_t) +
308 + offsetof(RSN_EID_STRUCT,Count) -
309 + offsetof(RSN_EID_STRUCT,Oui) >
310 + p->Length) {
311 + DBGPRINT(RT_DEBUG_ERROR,
312 + " - malformed WPA pair cipher count "
313 + "(needs %d bytes, %d bytes avail)\n",
314 + psl->count*sizeof(suite_sel_t) +
315 + offsetof(RSN_EID_STRUCT,Count) -
316 + offsetof(RSN_EID_STRUCT,Oui),
317 + p->Length);
318 + break;
319 + }
320 + ciphertype = scan_csl(psl, ciphertype);
321 + }
322 + else {
323 + ciphertype |= 0x01; // Indicate use group cipher
324 + }
325 + #undef p
326 + break;
327 + }
328 + case IE_RSN: { // 802.11i pp. 27 - 32
329 + #define p ((rsn_ie_p)ptEid)
330 +
331 + if (p->length == sizeof(p->version)) {
332 + ciphertype = 0x01 | 0x100 << CIPHER_TYPE_CCMP;
333 + break;
334 + }
335 + if (p->length >= sizeof(p->version) + sizeof(p->gcsuite)) {
336 +
337 + // Right now, we use the group cipher suite since it
338 + // appears (to me, at any rate) that that's what is
339 + // being used from the WPA IE.
340 + // (SWAG - cf. RSN_EID_STRUCT - is that WPA_IE is RSN_IE
341 + // with 4 bytes in front of the version tag. So we
342 + // use the group cipher suite ala case IE_WPA above.)
343 + // cf. the Holtzmichel problem: Looks like the Sinus 154
344 + // Basic 3 includes either 3 pairwise cipher suites, or
345 + // 1 pairwise cipher suite, 1 AKM suite, and an RSN
346 + // capabilities field, because the len is 20.
347 + if (p->gcsuite.type < NUM_CIPHER_TYPES) {
348 + ciphertype |= 0x100 << p->gcsuite.type;
349 + }
350 + else {
351 + DBGPRINT(RT_DEBUG_ERROR,
352 + " - IE_RSN invalid group cipher %d\n",
353 + p->gcsuite.type);
354 + }
355 + DBGPRINT(RT_DEBUG_TRACE,
356 + " - (grp) CipherType now=0x%04x\n", ciphertype);
357 + }
358 + if (p->length > sizeof(p->version) + sizeof(p->gcsuite)) {
359 + suite_list_p psl = (suite_list_p)((UCHAR *)p +
360 + offsetof(rsn_ie_t, version) +
361 + sizeof(ie_version_t) + sizeof(suite_sel_t));
362 +
363 + if (psl->count * sizeof(suite_sel_t) +
364 + sizeof(ie_version_t) + sizeof(suite_sel_t) >
365 + p->length) {
366 + DBGPRINT(RT_DEBUG_ERROR,
367 + " - malformed RSN pair cipher count "
368 + "(needs %d bytes, %d bytes avail)\n",
369 + psl->count*sizeof(suite_sel_t) +
370 + sizeof(ie_version_t) + sizeof(suite_sel_t),
371 + p->length);
372 + break;
373 + }
374 + ciphertype = scan_csl(psl, ciphertype);
375 + }
376 + else {
377 + ciphertype |= 0x01; // Indicate use group cipher
378 + }
379 + #undef p
380 + break;
381 + } /* End case IE_RSN */
382 + } /* End switch EID */
383 + } /* End for () */
384 +
385 + DBGPRINT(RT_DEBUG_TRACE, "%s: return CipherType=0x%04x\n",
386 + __FUNCTION__, ciphertype);
387 + return ciphertype;
388 }
389
390 // ===========================================================================================
391 Nur in rt2500-1.1.0-b4/Module/: mlme.c.orig.
392 diff -r -u rt2500-1.1.0-b4/Module/mlme.h rt2500-cvs-2007020414/Module/mlme.h
393 --- rt2500-1.1.0-b4/Module/mlme.h 2006-06-17 22:12:58.000000000 +0200
394 +++ rt2500-cvs-2007020414/Module/mlme.h 2006-11-28 09:00:02.000000000 +0100
395 @@ -333,9 +333,10 @@
396 ULONG LastBeaconRxTime; // OS's timestamp
397
398 // New for microsoft WPA support
399 + USHORT CipherCap; // Pair (0:7), Group (8:15) cipher cap
400 NDIS_802_11_FIXED_IEs FixIEs;
401 NDIS_802_11_WEP_STATUS WepStatus;
402 - UCHAR VarIELen; // Length of next VIE include EID & Length
403 + USHORT VarIELen; // Length of all saved IEs.
404 UCHAR VarIEs[MAX_VIE_LEN];
405 } BSS_ENTRY, *PBSS_ENTRY;
406
407 @@ -482,7 +483,7 @@
408 typedef struct PACKED _BEACON_EID_STRUCT {
409 UCHAR Eid;
410 UCHAR Len;
411 - CHAR Octet[1];
412 + UCHAR Octet[1];
413 } BEACON_EID_STRUCT,*PBEACON_EID_STRUCT;
414
415 // New for WPA cipher suite
416 @@ -497,6 +498,98 @@
417 UCHAR Oui[4];
418 } Unicast[1];
419 } RSN_EID_STRUCT, *PRSN_EID_STRUCT;
420 +#define MIN_WPA_KEYDATA_LEN (4 + sizeof(ie_version_t) + sizeof(suite_sel_t) + \
421 + 2*sizeof(suite_list_t))
422 +
423 +
424 +/* Country Information Element (802.11d pp. 4, 5) */
425 +
426 +typedef struct country_subelement {
427 + unsigned char first_chan,
428 + num_chans;
429 + signed char max_tx_pwr; // in dBm
430 +} PACKED country_subelement_t, *country_subelement_p;
431 +
432 +typedef struct country_string { // (all alpha)
433 + UCHAR co[2]; // ISO/IEC 3166-1 country code
434 + UCHAR env; // ' '/'O'/'I' - 802.11d pp. 19
435 +} PACKED country_string_t, *country_string_p;
436 +
437 +typedef struct country_ie {
438 + UCHAR eid;
439 + UCHAR length;
440 + country_string_t cs;
441 + country_subelement_t chans[1];
442 + UCHAR pad[0]; // may or may not be present
443 +} PACKED country_ie_t, *country_ie_p;
444 +
445 +
446 +/* WPA2 (cf. 802.11i pp. 27 ff.) */
447 +
448 +// access
449 +#define wtohs(x) (le16_to_cpu(x))// sic (802.11 is "native" little-endian)
450 +#define htows(x) (cpu_to_le16(x))// i.e. opposite of internet byte order
451 +
452 +// primitives
453 +typedef USHORT ie_version_t;
454 +typedef USHORT ie_count_t;
455 +typedef UCHAR ie_oui_t[3]; // Organizationally Unique Identifier
456 +typedef UCHAR pmkid_t[16], *pmkid_p;// 802.11i pp. 76
457 +
458 +typedef struct rsncap {
459 +#ifdef BIG_ENDIAN
460 + USHORT Reserved:10;
461 + USHORT GTKSAReplayCounter:2; // 0/2/4/16 replay counters
462 + USHORT PTKSAReplayCounter:2;
463 + USHORT NoPairwise:1; // WEP key 0 and pairwise key n/a
464 + USHORT PreAuth:1; // AP STA supports pre-authentication
465 +#else
466 + USHORT PreAuth:1; // AP STA supports pre-authentication
467 + USHORT NoPairwise:1; // WEP key 0 and pairwise key n/a
468 + USHORT PTKSAReplayCounter:2;
469 + USHORT GTKSAReplayCounter:2; // 0/2/4/16 replay counters
470 + USHORT Reserved:10;
471 +#endif
472 +} PACKED rsncap_t, *rsncap_p;
473 +
474 +typedef struct suite_sel {
475 + ie_oui_t oui;
476 + UCHAR type;
477 +} PACKED suite_sel_t, *suite_sel_p;
478 +
479 +/* Cipher suite selectors - 802.11i pp. 28, 29 */
480 +#define CIPHER_TYPE_GRP 0
481 +#define CIPHER_TYPE_WEP40 1
482 +#define CIPHER_TYPE_TKIP 2
483 +#define CIPHER_TYPE_RES 3
484 +#define CIPHER_TYPE_CCMP 4
485 +#define CIPHER_TYPE_WEP104 5
486 +#define NUM_CIPHER_TYPES 6
487 +
488 +/* Authentication and Key Management suite selectors - 802.11i pp. 30 */
489 +#define AKM_TYPE_802_1X 1
490 +#define AKM_TYPE_PSK 2
491 +
492 +typedef struct suite_list {
493 + ie_count_t count;
494 + suite_sel_t suite[1];
495 +} PACKED suite_list_t, *suite_list_p;
496 +
497 +typedef struct pmkid_list {
498 + ie_count_t count;
499 + pmkid_t list[1];
500 +} PACKED pmkid_list_t, *pmkid_list_p;
501 +
502 +typedef struct rsn_ie {
503 + UCHAR eid;
504 + UCHAR length;
505 + ie_version_t version;
506 +
507 + // Optional fields
508 + suite_sel_t gcsuite; // Group Cipher Suite
509 +} PACKED rsn_ie_t, *rsn_ie_p;
510 +#define MIN_RSN_KEYDATA_LEN (sizeof(ie_version_t) + sizeof(suite_sel_t) + \
511 + 2*sizeof(suite_list_t))
512
513 extern UCHAR RateIdToMbps[];
514 extern USHORT RateIdTo500Kbps[];
515 diff -r -u rt2500-1.1.0-b4/Module/oid.h rt2500-cvs-2007020414/Module/oid.h
516 --- rt2500-1.1.0-b4/Module/oid.h 2006-06-17 22:12:58.000000000 +0200
517 +++ rt2500-cvs-2007020414/Module/oid.h 2007-01-11 21:20:58.000000000 +0100
518 @@ -30,6 +30,7 @@
519 * -------- ----------- -----------------------------
520 * MarkW 8th Dec 04 Baseline code
521 * RobinC 10th Dec 04 RFMON Support
522 + * RomainB 31st Dec 06 RFMON getter
523 ***************************************************************************/
524
525 #ifndef _OID_H_
526 @@ -56,7 +57,8 @@
527 #define RTPRIV_IOCTL_BBP SIOCIWFIRSTPRIV + 0x03
528 #define RTPRIV_IOCTL_MAC SIOCIWFIRSTPRIV + 0x05
529 #define RTPRIV_IOCTL_E2P SIOCIWFIRSTPRIV + 0x07
530 -#define RTPRIV_IOCTL_RFMONTX SIOCIWFIRSTPRIV + 0x0D
531 +#define RTPRIV_IOCTL_SET_RFMONTX SIOCIWFIRSTPRIV + 0x0C
532 +#define RTPRIV_IOCTL_GET_RFMONTX SIOCIWFIRSTPRIV + 0x0D
533
534 #define OID_GET_SET_TOGGLE 0x8000
535
536 diff -r -u rt2500-1.1.0-b4/Module/rt_config.h rt2500-cvs-2007020414/Module/rt_config.h
537 --- rt2500-1.1.0-b4/Module/rt_config.h 2006-06-17 22:12:58.000000000 +0200
538 +++ rt2500-cvs-2007020414/Module/rt_config.h 2006-12-01 00:18:16.000000000 +0100
539 @@ -39,8 +39,8 @@
540 #define NIC_DEVICE_NAME "RT2500STA"
541
542 #define DRV_NAME "rt2500"
543 -#define DRV_VERSION "1.1.0 BETA4"
544 -#define DRV_RELDATE "2006/06/18"
545 +#define DRV_VERSION "1.1.0 CVS"
546 +#define DRV_RELDATE "CVS"
547 #define DRV_VERSION_MAJOR 1
548 #define DRV_VERSION_MINOR 1
549 #define DRV_VERSION_SUB 0
550 @@ -55,7 +55,6 @@
551 #error You must compile this driver with "-O".
552 #endif
553
554 -#include <linux/config.h> //can delete
555 #include <linux/module.h>
556 #include <linux/version.h>
557 #include <linux/kernel.h>
558 @@ -92,7 +91,7 @@
559 #ifndef ULONG
560 #define CHAR char
561 #define INT int
562 -#define SHORT int
563 +#define SHORT short
564 #define UINT u32
565 #define ULONG u32
566 #define USHORT u16
567 diff -r -u rt2500-1.1.0-b4/Module/rtmp.h rt2500-cvs-2007020414/Module/rtmp.h
568 --- rt2500-1.1.0-b4/Module/rtmp.h 2006-06-17 22:12:58.000000000 +0200
569 +++ rt2500-cvs-2007020414/Module/rtmp.h 2007-01-11 21:20:58.000000000 +0100
570 @@ -37,6 +37,7 @@
571 * MarkW (rt2400) 15th Dec 04 Spinlock fix
572 * Ivo (rt2400) 15th Dec 04 Debug level switching
573 * GregorG 29th Mar 05 Big endian fixes
574 + * RomainB 31st Dec 06 RFMON getter
575 ***************************************************************************/
576
577 #ifndef __RTMP_H__
578 @@ -91,9 +92,27 @@
579 #ifdef RT2500_DBG
580 #define DBGPRINT(Level, fmt, args...) \
581 if(debug){printk(Level DRV_NAME ": " fmt, ## args);}
582 +
583 +#define DBGHEXSTR(level, prefix, src, len) \
584 + { \
585 + char buf[128]; /* allows 64 bytes/512 bits */ \
586 + int i, j; \
587 + unsigned char *p; \
588 + \
589 + if (len > 0) { \
590 + j = len < sizeof(buf)/2? len: sizeof(buf)/2 - 1; \
591 + \
592 + for (p = (unsigned char *)(src), i = 0; i < j; i++) { \
593 + sprintf(&buf[i*2], "%02x", *p++); \
594 + } \
595 + DBGPRINT(level, prefix "%s\n", buf); \
596 + } \
597 + }
598 #else
599 #define DBGPRINT(Level, fmt, args...) \
600 while(0){}
601 +#define DBGHEXSTR(level, prefix, src, len) \
602 + while(0){}
603 #endif
604
605 //
606 @@ -400,10 +419,10 @@
607 typedef struct _WPA_KEY {
608 UCHAR KeyLen; // Key length for each key, 0: entry is invalid
609 UCHAR Key[16]; // right now we implement 4 keys, 128 bits max
610 - UCHAR RxMic[8];
611 - UCHAR TxMic[8];
612 + UCHAR RxMic[8]; // Message Integrity Code
613 + UCHAR TxMic[8]; // MIC
614 NDIS_802_11_MAC_ADDRESS BssId; // For pairwise key only
615 - UCHAR TxTsc[6]; // 48bit TSC value
616 + UCHAR TxTsc[6]; // 48bit TKIP Sequence Counter value
617 UCHAR RxTsc[6]; // 48bit TSC value
618 UCHAR Type; // Indicate Pairwise / Group
619 } WPA_KEY, *PWPA_KEY;
620 @@ -1096,10 +1115,16 @@
621 INT RT2500_close(
622 IN struct net_device *net_dev);
623
624 +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
625 irqreturn_t RTMPIsr(
626 IN INT irq,
627 IN VOID *dev_instance,
628 IN struct pt_regs *rgs);
629 +#else
630 +irqreturn_t RTMPIsr(
631 + IN INT irq,
632 + IN VOID *dev_instance);
633 +#endif
634
635 VOID RT2500_timer(
636 IN unsigned long data);
637 @@ -1501,6 +1526,7 @@
638 IN UCHAR Rssi,
639 IN UCHAR Noise,
640 IN LARGE_INTEGER TimeStamp,
641 + IN USHORT VarIELen, // Length of all saved IEs.
642 IN PNDIS_802_11_VARIABLE_IEs pVIE);
643
644 ULONG BssTableSetEntry(
645 @@ -1522,6 +1548,7 @@
646 IN UCHAR Rssi,
647 IN UCHAR Noise,
648 IN LARGE_INTEGER TimeStamp,
649 + IN USHORT VarIELen, // Length of all saved IEs.
650 IN PNDIS_802_11_VARIABLE_IEs pVIE);
651
652 VOID BssTableSsidSort(
653 @@ -1533,8 +1560,9 @@
654 VOID BssTableSortByRssi(
655 IN OUT BSS_TABLE *OutTab);
656
657 -NDIS_802_11_WEP_STATUS BssCipherParse(
658 - IN PUCHAR pCipher);
659 +USHORT BssCipherParse(
660 + IN PBEACON_EID_STRUCT pEid,
661 + IN USHORT VarIELen); // Length of all saved IEs.
662
663 NDIS_STATUS MlmeQueueInit(
664 IN MLME_QUEUE *Queue);
665 @@ -2012,6 +2040,7 @@
666 OUT UCHAR *SupRateLen,
667 OUT UCHAR ExtRate[],
668 OUT UCHAR *ExtRateLen,
669 + OUT USHORT *VarIELen, // Length of all saved IEs.
670 OUT PNDIS_802_11_VARIABLE_IEs pVIE);
671
672 //BOOLEAN JoinParmSanity(
673 @@ -2425,10 +2454,14 @@
674 IN struct iwreq *wrq);
675 #endif
676
677 -int RTMPIoctlRFMONTX(
678 - IN OUT PRTMP_ADAPTER pAdapter,
679 +int RTMPIoctlSetRFMONTX(
680 + IN PRTMP_ADAPTER pAdapter,
681 IN struct iwreq *wrq);
682
683 +int RTMPIoctlGetRFMONTX(
684 + IN PRTMP_ADAPTER pAdapter,
685 + OUT struct iwreq *wrq);
686 +
687 //
688 // prototype in wpa.c
689 //
690 diff -r -u rt2500-1.1.0-b4/Module/rtmp_data.c rt2500-cvs-2007020414/Module/rtmp_data.c
691 --- rt2500-1.1.0-b4/Module/rtmp_data.c 2006-06-17 22:12:58.000000000 +0200
692 +++ rt2500-cvs-2007020414/Module/rtmp_data.c 2006-07-13 15:57:41.000000000 +0200
693 @@ -1125,7 +1125,9 @@
694 // header sanity again, the only thing we have to check is icv_err bit
695 if (pRxD->IcvError == 1)
696 {
697 - DBGPRINT(RT_DEBUG_TRACE,"Rx DecryptDone - ICV error (len %d)\n", pRxD->DataByteCnt);
698 + DBGPRINT(RT_DEBUG_TRACE,
699 + "Rx DecryptDone - ICV error (CipherAlg=%d) (len %d)\n",
700 + pRxD->CipherAlg, pRxD->DataByteCnt);
701 pRxD->Drop =1; // Drop frame with icv error
702 }
703 // Saved data pointer for management frame which will pass to MLME block
704 @@ -2233,7 +2235,7 @@
705 UCHAR AccessCategory;
706 unsigned long irqflag;
707
708 - DBGPRINT(RT_DEBUG_INFO, "<==== RTMPSendPacket\n");
709 + DBGPRINT(RT_DEBUG_INFO, "====> RTMPSendPacket\n");
710
711 // Init priority value
712 Priority = 0;
713 @@ -2371,7 +2373,7 @@
714 if (INFRA_ON(pAdapter))
715 {
716 // In infrastructure mode, simply enqueue the packet into Tx waiting queue.
717 - DBGPRINT(RT_DEBUG_INFO, "Infrastructure -> Enqueue one frame\n");
718 + DBGPRINT(RT_DEBUG_INFO, "<=== RTMPSendPacket Infrastructure -> Enqueue one frame\n");
719
720 // Enqueue Ndis packet to end of Tx wait queue
721 skb_queue_tail(pTxQueue, skb);
722 @@ -2383,7 +2385,7 @@
723 PsMode = PWR_ACTIVE; // Faked
724 if (PsMode == PWR_ACTIVE)
725 {
726 - DBGPRINT(RT_DEBUG_INFO,"Ad-Hoc -> Enqueue one frame\n");
727 + DBGPRINT(RT_DEBUG_INFO,"<=== RTMPSendPacket Ad-Hoc -> Enqueue one frame\n");
728
729 // Enqueue Ndis packet to end of Tx wait queue
730 skb_queue_tail(pTxQueue, skb);
731 @@ -3278,6 +3280,7 @@
732 {
733 INT i;
734 PUCHAR pTmp;
735 + DBGPRINT(RT_DEBUG_TRACE,"Ndis802_11Encryption3Enabled::DefaultKeyId = %d\n", pAdapter->PortCfg.DefaultKeyId);
736
737 i = 0;
738 pTmp = (PUCHAR) &Iv16;
739 @@ -3308,8 +3311,11 @@
740 CipherAlg = CIPHER_AES; // Set Cipher suite
741 }
742 else
743 + {
744 + DBGPRINT(RT_DEBUG_TRACE,"Ndis802_11EncryptionDisabled\n");
745 CipherAlg = CIPHER_NONE;
746 -
747 + }
748 +
749 //
750 // Only the first fragment required LLC-SNAP header !!!
751 //
752 @@ -3382,16 +3388,18 @@
753 (MICFrag == FALSE) &&
754 (pWpaKey != NULL))
755 {
756 - INT i;
757 -
758 NdisBufferLength = 8; // Set length to MIC length
759 - DBGPRINT(RT_DEBUG_INFO, "Calculated TX MIC value =");
760 - for (i = 0; i < 8; i++)
761 - {
762 - DBGPRINT(RT_DEBUG_INFO, "%02x:", pAdapter->PrivateInfo.Tx.MIC[i]);
763 - }
764 - DBGPRINT(RT_DEBUG_INFO, "\n");
765 -
766 + DBGPRINT(RT_DEBUG_INFO,
767 + "--- TX MIC=%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n",
768 + pAdapter->PrivateInfo.Tx.MIC[0],
769 + pAdapter->PrivateInfo.Tx.MIC[1],
770 + pAdapter->PrivateInfo.Tx.MIC[2],
771 + pAdapter->PrivateInfo.Tx.MIC[3],
772 + pAdapter->PrivateInfo.Tx.MIC[4],
773 + pAdapter->PrivateInfo.Tx.MIC[5],
774 + pAdapter->PrivateInfo.Tx.MIC[6],
775 + pAdapter->PrivateInfo.Tx.MIC[7]);
776 +
777 if (FreeFragSize >= NdisBufferLength)
778 {
779 memcpy(pDest, pAdapter->PrivateInfo.Tx.MIC, NdisBufferLength);
780 diff -r -u rt2500-1.1.0-b4/Module/rtmp_def.h rt2500-cvs-2007020414/Module/rtmp_def.h
781 --- rt2500-1.1.0-b4/Module/rtmp_def.h 2006-06-17 22:12:58.000000000 +0200
782 +++ rt2500-cvs-2007020414/Module/rtmp_def.h 2006-08-29 04:32:00.000000000 +0200
783 @@ -190,7 +190,7 @@
784 #define HASH_TABLE_SIZE 256
785 #define MAX_LEN_OF_MLME_BUFFER 1024
786 #define MAX_FRAME_LEN 2338
787 -#define MAX_VIE_LEN 128 // New for WPA cipher suite variable IE sizes.
788 +#define MAX_VIE_LEN 257 // sum of WPAx IEs
789 #define MAX_MLME_HANDLER_MEMORY 20 //each them cantains MAX_LEN_OF_MLME_BUFFER size
790 #define MAX_INI_BUFFER_SIZE 1024
791
792 diff -r -u rt2500-1.1.0-b4/Module/rtmp_info.c rt2500-cvs-2007020414/Module/rtmp_info.c
793 --- rt2500-1.1.0-b4/Module/rtmp_info.c 2006-06-17 22:12:58.000000000 +0200
794 +++ rt2500-cvs-2007020414/Module/rtmp_info.c 2007-01-11 21:20:58.000000000 +0100
795 @@ -43,6 +43,7 @@
796 * LuisCorreia 23rd Feb 05 fix unknown IOCTL's
797 * MarkW 9th Mar 05 Quality reporting in scan for current
798 * MarkW 9th Jun 05 Fix channel change for ADHOC mode
799 + * RomainB 31st Dec 06 RFMON getter
800 ***************************************************************************/
801
802 #include "rt_config.h"
803 @@ -166,9 +167,12 @@
804 { RTPRIV_IOCTL_E2P,
805 IW_PRIV_TYPE_CHAR | 1024, IW_PRIV_TYPE_CHAR | 1024,
806 "e2p"},
807 -{ RTPRIV_IOCTL_RFMONTX,
808 - IW_PRIV_TYPE_INT | 2, IW_PRIV_TYPE_CHAR | sizeof (char),
809 - "rfmontx"}
810 +{ RTPRIV_IOCTL_SET_RFMONTX,
811 + IW_PRIV_TYPE_INT | 2, 0,
812 + "rfmontx"},
813 +{ RTPRIV_IOCTL_GET_RFMONTX,
814 + 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
815 + "get_rfmontx"}
816 };
817
818 static struct {
819 @@ -233,7 +237,7 @@
820 u16 val;
821 int i,chan;
822
823 - DBGPRINT(RT_DEBUG_TRACE,"0. rtusb_ioctl_giwrange\n");
824 + DBGPRINT(RT_DEBUG_TRACE,"0. rt_ioctl_giwrange\n");
825 data->length = sizeof(struct iw_range);
826 memset(range, 0, sizeof(struct iw_range));
827
828 @@ -422,6 +426,8 @@
829 Status = NDIS_STATUS_SUCCESS;
830 StateMachineTouched = TRUE;
831 }while(0);
832 + if(StateMachineTouched) // Upper layer sent a MLME-related operations
833 + MlmeHandler(pAdapter);
834 return 0;
835 }
836 int
837 @@ -522,7 +528,7 @@
838 memset(&iwe, 0, sizeof(iwe));
839 }
840 data->length = current_ev - extra;
841 - DBGPRINT(RT_DEBUG_TRACE,"rtusb_ioctl_giwscan. %d BSS returned\n",pAdapter->PortCfg.BssTab.BssNr);
842 + DBGPRINT(RT_DEBUG_TRACE,"rt_ioctl_giwscan. %d BSS returned\n",pAdapter->PortCfg.BssTab.BssNr);
843 return 0;
844 }
845 #endif
846 @@ -1236,6 +1242,8 @@
847 Status = -EOPNOTSUPP;
848 break;
849 }
850 + if(StateMachineTouched) // Upper layer sent a MLME-related operations
851 + MlmeHandler(pAdapter);
852
853 return Status;
854 }
855 @@ -1628,6 +1636,7 @@
856 USHORT subcmd;
857 BOOLEAN StateMachineTouched = FALSE;
858 int i, chan = -1, index = 0, len = 0;
859 + ULONG Length;
860
861
862 switch(cmd) {
863 @@ -1646,23 +1655,29 @@
864 break;
865 }
866
867 +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
868 + Length = erq->length - 1; // minux null character.
869 +#else
870 + Length = erq->length;
871 +#endif
872 +
873 if(RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
874 {
875 - if (copy_from_user(Ssid.Ssid, erq->pointer, (erq->length - 1)))
876 + if (copy_from_user(Ssid.Ssid, erq->pointer, Length))
877 {
878 Status = -EFAULT;
879 break;
880 }
881 - Ssid.SsidLength = erq->length - 1; //minus null character.
882 + Ssid.SsidLength = Length;
883 }else{
884 // This SEEMS to be needed to actual work RobinC when iface
885 // is down
886 - if (copy_from_user(pAdapter->PortCfg.Ssid, erq->pointer, (erq->length - 1)))
887 + if (copy_from_user(pAdapter->PortCfg.Ssid, erq->pointer, Length))
888 {
889 Status = -EFAULT;
890 break;
891 }
892 - pAdapter->PortCfg.SsidLen = erq->length - 1; //minus null character.
893 + pAdapter->PortCfg.SsidLen = Length;
894
895 memcpy(pAdapter->Mlme.CntlAux.Ssid, pAdapter->PortCfg.Ssid, pAdapter->PortCfg.SsidLen);
896 pAdapter->Mlme.CntlAux.SsidLen = pAdapter->PortCfg.SsidLen;
897 @@ -1850,7 +1865,8 @@
898 }
899 pAdapter->PortCfg.SharedKey[index].KeyLen = len <= WEP_SMALL_KEY_LEN ? WEP_SMALL_KEY_LEN : WEP_LARGE_KEY_LEN;
900 }
901 - pAdapter->PortCfg.DefaultKeyId = (UCHAR) index;
902 + else
903 + pAdapter->PortCfg.DefaultKeyId = (UCHAR) index;
904 if (wrq->u.encoding.flags & IW_ENCODE_DISABLED)
905 pAdapter->PortCfg.WepStatus = Ndis802_11WEPDisabled;
906 else
907 @@ -2161,8 +2177,12 @@
908 break;
909 #endif
910
911 - case RTPRIV_IOCTL_RFMONTX:
912 - Status = RTMPIoctlRFMONTX(pAdapter, wrq);
913 + case RTPRIV_IOCTL_SET_RFMONTX:
914 + Status = RTMPIoctlSetRFMONTX(pAdapter, wrq);
915 + break;
916 +
917 + case RTPRIV_IOCTL_GET_RFMONTX:
918 + Status = RTMPIoctlGetRFMONTX(pAdapter, wrq);
919 break;
920
921 default:
922 @@ -2960,13 +2980,11 @@
923 int success = TRUE;
924
925 WirelessMode = simple_strtol(arg, 0, 10);
926 + DBGPRINT(RT_DEBUG_TRACE, "Set_WirelessMode_Proc::(=%d)\n", WirelessMode);
927
928 if ((WirelessMode == PHY_11BG_MIXED) || (WirelessMode == PHY_11B) ||
929 (WirelessMode == PHY_11A) || (WirelessMode == PHY_11ABG_MIXED))
930 - {
931 RTMPSetPhyMode(pAdapter, WirelessMode);
932 - DBGPRINT(RT_DEBUG_TRACE, "Set_WirelessMode_Proc::(=%d)\n", WirelessMode);
933 - }
934 else
935 success = FALSE;
936
937 @@ -3703,14 +3721,14 @@
938
939 if (strlen(arg) == 64)
940 {
941 - AtoH(arg, pAdapter->PortCfg.PskKey.Key, 32);
942 + AtoH(arg, keyMaterial, 32);
943 }
944 else
945 {
946 PasswordHash((char *)arg, pAdapter->Mlme.CntlAux.Ssid, pAdapter->Mlme.CntlAux.SsidLen, keyMaterial);
947 -
948 - memcpy(pAdapter->PortCfg.PskKey.Key, keyMaterial, 32);
949 }
950 + memcpy(pAdapter->PortCfg.PskKey.Key, keyMaterial, 32);
951 +
952 // Use RaConfig as PSK agent.
953 // Start STA supplicant state machine
954 pAdapter->PortCfg.WpaState = SS_START;
955 @@ -3734,9 +3752,9 @@
956 // 6. Copy information into Group Key structure.
957 // pKey->KeyLength will include TxMic and RxMic, therefore, we use 16 bytes hardcoded.
958 pAdapter->PortCfg.GroupKey[0].KeyLen = 16;
959 - memcpy(pAdapter->PortCfg.GroupKey[0].Key, (PUCHAR)(keyMaterial) + 0, 16);
960 - memcpy(pAdapter->PortCfg.GroupKey[0].RxMic, (PUCHAR)(keyMaterial) + 16, 8);
961 - memcpy(pAdapter->PortCfg.GroupKey[0].TxMic, (PUCHAR)(keyMaterial) + 16, 8);
962 + memcpy(pAdapter->PortCfg.GroupKey[0].Key, &keyMaterial[0], 16);
963 + memcpy(pAdapter->PortCfg.GroupKey[0].RxMic, &keyMaterial[16], 8);
964 + memcpy(pAdapter->PortCfg.GroupKey[0].TxMic, &keyMaterial[16], 8);
965 memcpy(pAdapter->PortCfg.GroupKey[0].BssId, &pAdapter->PortCfg.Bssid, 6);
966
967 // Init TxTsc to one based on WiFi WPA specs
968 @@ -3887,9 +3905,9 @@
969 kfree(arg);
970 }
971
972 -int RTMPIoctlRFMONTX(
973 +int RTMPIoctlSetRFMONTX(
974 IN PRTMP_ADAPTER pAdapter,
975 - IN OUT struct iwreq *wrq)
976 + IN struct iwreq *wrq)
977 {
978 char *pvalue;
979 char value;
980 @@ -3912,15 +3930,16 @@
981 else return -EINVAL;
982 }
983
984 - /* Display the state. Use "value" to indicate it. */
985 - value = pAdapter->PortCfg.MallowRFMONTx == TRUE ? '1'
986 - : '0';
987 - wrq->u.data.length = sizeof (char);
988 -
989 - if (copy_to_user (wrq->u.data.pointer, &value, wrq->u.data.length))
990 - DBGPRINT (RT_DEBUG_ERROR, "RTMPIoctlRFMONTX - copy to user failure.\n");
991 + return 0;
992 +}
993
994 +int RTMPIoctlGetRFMONTX(
995 + IN PRTMP_ADAPTER pAdapter,
996 + OUT struct iwreq *wrq)
997 +{
998 + *(int *) wrq->u.name = pAdapter->PortCfg.MallowRFMONTx == TRUE ? 1 : 0;
999 return 0;
1000 +
1001 }
1002
1003 /*
1004 Nur in rt2500-1.1.0-b4/Module/: rtmp_info.c.orig.
1005 diff -r -u rt2500-1.1.0-b4/Module/rtmp_init.c rt2500-cvs-2007020414/Module/rtmp_init.c
1006 --- rt2500-1.1.0-b4/Module/rtmp_init.c 2006-06-17 22:12:58.000000000 +0200
1007 +++ rt2500-cvs-2007020414/Module/rtmp_init.c 2007-01-22 20:34:22.000000000 +0100
1008 @@ -916,8 +916,12 @@
1009 DBGPRINT(RT_DEBUG_TRACE, "<-- NICInitAsicFromEEPROM\n");
1010 }
1011
1012 +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20))
1013 +extern VOID MlmeWork(struct work_struct *work);
1014 +#else
1015 extern VOID MlmeWork(void *vpAd);
1016 -
1017 +#endif
1018 +
1019 void NICInitializeAdapter(IN PRTMP_ADAPTER pAdapter)
1020 {
1021 TXCSR2_STRUC TxCSR2;
1022 @@ -974,7 +978,9 @@
1023 // Initialze ASIC for TX & Rx operation
1024 NICInitializeAsic(pAdapter);
1025
1026 -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0))
1027 +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20))
1028 + INIT_WORK(&pAdapter->mlme_work, MlmeWork);
1029 +#elif (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0))
1030 INIT_WORK(&pAdapter->mlme_work, MlmeWork, (void*)pAdapter);
1031 #endif
1032 DBGPRINT(RT_DEBUG_TRACE, "<-- NICInitializeAdapter\n");
1033 Nur in rt2500-1.1.0-b4/Module/: rtmp_init.c.orig.
1034 diff -r -u rt2500-1.1.0-b4/Module/rtmp_main.c rt2500-cvs-2007020414/Module/rtmp_main.c
1035 --- rt2500-1.1.0-b4/Module/rtmp_main.c 2006-06-17 22:12:58.000000000 +0200
1036 +++ rt2500-cvs-2007020414/Module/rtmp_main.c 2006-12-01 00:18:16.000000000 +0100
1037 @@ -85,7 +85,7 @@
1038 #define CSR_REG_BASE 0x0000
1039 #define CSR_REG_SIZE 0x0174
1040 #define EEPROM_BASE 0x0000
1041 -#define EEPROM_SIZE 0x01ff
1042 +#define EEPROM_SIZE 0x0200
1043
1044 #if LINUX_VERSION_CODE > KERNEL_VERSION(2,5,0)
1045 static void
1046 @@ -217,8 +217,8 @@
1047 csr_addr = (unsigned long) ioremap(pci_resource_start(pPci_Dev, 0), pci_resource_len(pPci_Dev, 0));
1048 if (!csr_addr)
1049 {
1050 - DBGPRINT(RT_DEBUG_TRACE, "ioremap failed for device %s, region 0x%X @ 0x%lX\n",
1051 - print_name, (ULONG)pci_resource_len(pPci_Dev, 0), pci_resource_start(pPci_Dev, 0));
1052 + DBGPRINT(RT_DEBUG_TRACE, "ioremap failed for device %s, region 0x%X @ 0x%X\n",
1053 + print_name, (ULONG)pci_resource_len(pPci_Dev, 0), (ULONG)pci_resource_start(pPci_Dev, 0));
1054 goto err_out_free_res;
1055 }
1056
1057 @@ -284,8 +284,8 @@
1058 if (Status != NDIS_STATUS_SUCCESS)
1059 goto err_out_unmap;
1060
1061 - DBGPRINT(RT_DEBUG_TRACE, "%s: at 0x%lx, VA 0x%lx, IRQ %d. \n",
1062 - net_dev->name, pci_resource_start(pPci_Dev, 0), (unsigned long)csr_addr, pPci_Dev->irq);
1063 + DBGPRINT(RT_DEBUG_TRACE, "%s: at 0x%x, VA 0x%lx, IRQ %d. \n",
1064 + net_dev->name, (ULONG)pci_resource_start(pPci_Dev, 0), (unsigned long)csr_addr, pPci_Dev->irq);
1065
1066 // Set driver data
1067 pci_set_drvdata(pPci_Dev, net_dev);
1068 @@ -514,10 +514,16 @@
1069
1070 ========================================================================
1071 */
1072 +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
1073 irqreturn_t RTMPIsr(
1074 IN INT irq,
1075 IN VOID *dev_instance,
1076 IN struct pt_regs *rgs)
1077 +#else
1078 +irqreturn_t RTMPIsr(
1079 + IN INT irq,
1080 + IN VOID *dev_instance)
1081 +#endif
1082 {
1083 struct net_device *net_dev = dev_instance;
1084 PRTMP_ADAPTER pAdapter = net_dev->priv;
1085 diff -r -u rt2500-1.1.0-b4/Module/sanity.c rt2500-cvs-2007020414/Module/sanity.c
1086 --- rt2500-1.1.0-b4/Module/sanity.c 2006-06-17 22:12:58.000000000 +0200
1087 +++ rt2500-cvs-2007020414/Module/sanity.c 2006-11-28 09:00:02.000000000 +0100
1088 @@ -33,7 +33,8 @@
1089
1090 #include "rt_config.h"
1091
1092 -UCHAR WPA_OUI[] = {0x00, 0x50, 0xf2, 0x01};
1093 +static const UCHAR WPA_OUI[] = {0x00, 0x50, 0xf2, 0x01};
1094 +static const ie_oui_t wpa2_oui = {0x00, 0x0f, 0xac}; // 802.11i pp. 28, 30
1095
1096 /*
1097 ==========================================================================
1098 @@ -235,7 +236,7 @@
1099 }
1100 break;
1101 default:
1102 - DBGPRINT(RT_DEBUG_TRACE, "PeerAssocRspSanity - ignore unrecognized EID = %d\n", eid_ptr->Eid);
1103 + DBGPRINT(RT_DEBUG_TRACE, "PeerAssocRspSanity - ignore unrecognized EID=%d (Len=%d)\n", eid_ptr->Eid, eid_ptr->Len);
1104 break;
1105 }
1106
1107 @@ -408,6 +409,94 @@
1108 return TRUE;
1109 }
1110
1111 +static inline void handle_country_ie(
1112 + country_ie_p p)
1113 +{
1114 + int i;
1115 +
1116 + DBGPRINT(RT_DEBUG_INFO,
1117 + " - IE_COUNTRY (ID=%d) (Len=%d) "
1118 + "(string=\"%c%c:%c\")\n",
1119 + p->eid, p->length, p->cs.co[0], p->cs.co[1], p->cs.env);
1120 +
1121 + // drop malformed elements
1122 + if (p->length & 1 || p->length < 6) {
1123 + DBGPRINT(RT_DEBUG_ERROR,
1124 + " - IE_COUNTRY invalid length\n");
1125 + return;
1126 + }
1127 + for (i = 0; i < offsetof(country_string_t, env); i++) {
1128 + if (p->cs.co[i] < 'A' || p->cs.co[i] > 'z') {
1129 + DBGPRINT(RT_DEBUG_ERROR,
1130 + " - IE_COUNTRY invalid co fld\n");
1131 + return;
1132 + }
1133 + }
1134 + if (p->cs.env != ' ' && p->cs.env != 'O' && p->cs.env != 'I') {
1135 + DBGPRINT(RT_DEBUG_ERROR,
1136 + " - IE_COUNTRY invalid env field\n");
1137 + return;
1138 + }
1139 + if (p->length % 3 && *(char *)((char *)p + p->length + 1) != 0) {
1140 + DBGPRINT(RT_DEBUG_ERROR,
1141 + " - IE_COUNTRY pad non-null\n");
1142 + return;
1143 + }
1144 +#ifdef RT2500_DBG
1145 + {
1146 + int num_subelements = p->length/3 - 1;
1147 + country_subelement_p sep = p->chans;
1148 + for (i = 0; i < num_subelements; i++, sep++)
1149 + {
1150 + DBGPRINT(RT_DEBUG_INFO,
1151 + " - Band %d First chan=%d, Num chans=%d, Max Tx Pwr=%d\n",
1152 + i, sep->first_chan, sep->num_chans, sep->max_tx_pwr);
1153 + }
1154 + }
1155 +#endif /* RT2500_DBG */
1156 + /* TODO */
1157 +
1158 +} /* End handle_country_ie () */
1159 +
1160 +static inline int handle_rsn_ie(
1161 + rsn_ie_p p,
1162 + PNDIS_802_11_VARIABLE_IEs pVIE)
1163 +{
1164 + DBGPRINT(RT_DEBUG_INFO,
1165 + " - IE_RSN (ID=%d, Len=%d)\n",
1166 + p->eid, p->length);
1167 +
1168 + // drop malformed elements
1169 + if (p->length < 2 || p->length & 1) {
1170 + DBGPRINT(RT_DEBUG_ERROR,
1171 + " - IE_RSN invalid length\n");
1172 + return 0;
1173 + }
1174 + if (wtohs(p->version) != 1) {
1175 + DBGPRINT(RT_DEBUG_ERROR,
1176 + " - IE_RSN invalid version %d\n",
1177 + p->version);
1178 + return 0;
1179 + }
1180 + if (p->length >= 6) { // group cipher suite
1181 + if (!RTMPEqualMemory(&p->gcsuite.oui, wpa2_oui, sizeof(wpa2_oui)))
1182 + {
1183 + DBGPRINT(RT_DEBUG_ERROR,
1184 + " - IE_RSN invalid oui "
1185 + "%02x %02x %02x\n",
1186 + p->gcsuite.oui[0], p->gcsuite.oui[1], p->gcsuite.oui[2]);
1187 + return 0;
1188 + }
1189 + }
1190 + // Copy to pVIE which will report to microsoft bssid list.
1191 + pVIE->ElementID = p->eid;
1192 + pVIE->Length = p->length;
1193 + memcpy(pVIE->data, &p->version, p->length);
1194 +
1195 + return (p->length + 2);
1196 +
1197 +} /* End handle_rsn_ie () */
1198 +
1199 /*
1200 ==========================================================================
1201 Description:
1202 @@ -445,6 +534,7 @@
1203 OUT UCHAR *SupRateLen,
1204 OUT UCHAR ExtRate[],
1205 OUT UCHAR *ExtRateLen,
1206 + OUT USHORT *VarIELen, // Length of all saved IEs.
1207 OUT PNDIS_802_11_VARIABLE_IEs pVIE)
1208 {
1209 CHAR *Ptr, TimLen;
1210 @@ -452,12 +542,20 @@
1211 PBEACON_EID_STRUCT eid_ptr;
1212 UCHAR SubType;
1213 UCHAR Sanity;
1214 + UCHAR VarIE[MAX_VIE_LEN];
1215 +
1216 + // armor against buffer overflow
1217 + UCHAR *vielim = &VarIE[MAX_VIE_LEN];
1218 + NDIS_802_11_VARIABLE_IEs *ptVIE = (PNDIS_802_11_VARIABLE_IEs)VarIE;
1219 +
1220 + DBGPRINT(RT_DEBUG_TRACE,"===> %s\n", __FUNCTION__);
1221
1222 // Add for 3 necessary EID field check
1223 Sanity = 0;
1224
1225 *ExtendedRateIeExist = FALSE;
1226 *Erp = 0;
1227 + *VarIELen = 0;
1228
1229 Fr = (MACFRAME *)Msg;
1230
1231 @@ -481,6 +579,7 @@
1232 // get capability info from payload and advance the pointer
1233 memcpy(CapabilityInfo, Ptr, 2);
1234 Ptr += 2;
1235 + DBGPRINT(RT_DEBUG_INFO, " - CapabilityInfo=0x%.2x\n", *CapabilityInfo);
1236 if (CAP_IS_ESS_ON(*CapabilityInfo))
1237 {
1238 *BssType = BSS_INFRA;
1239 @@ -498,23 +597,30 @@
1240 // get variable fields from payload and advance the pointer
1241 while(((UCHAR*)eid_ptr + eid_ptr->Len + 1) < ((UCHAR*)Fr + MsgLen))
1242 {
1243 + DBGPRINT(RT_DEBUG_INFO, " - IE #%d len=%d\n",
1244 + eid_ptr->Eid, eid_ptr->Len);
1245 switch(eid_ptr->Eid)
1246 {
1247 case IE_SSID:
1248 - // Already has one SSID EID in this beacon, ignore the second one
1249 + // Already have one SSID EID in this beacon, ignore second one
1250 if (Sanity & 0x1)
1251 break;
1252 if(eid_ptr->Len <= MAX_LEN_OF_SSID)
1253 {
1254 memcpy(Ssid, eid_ptr->Octet, eid_ptr->Len);
1255 - memset(Ssid + eid_ptr->Len,0,1);
1256 + if (eid_ptr->Len < MAX_LEN_OF_SSID)
1257 + memset(Ssid + eid_ptr->Len,0,1);
1258 *SsidLen = eid_ptr->Len;
1259 Sanity |= 0x1;
1260 - //DBGPRINT(RT_DEBUG_TRACE, "PeerBeaconAndProbeRspSanity - ESSID=%s Len=%d\n",Ssid,eid_ptr->Len);
1261 + DBGPRINT(RT_DEBUG_INFO, " - SSID=%s Len=%d\n",
1262 + Ssid, eid_ptr->Len);
1263 + DBGHEXSTR(RT_DEBUG_INFO, " - SSID(hex)=",
1264 + Ssid, eid_ptr->Len);
1265 }
1266 else
1267 {
1268 - DBGPRINT(RT_DEBUG_TRACE, "PeerBeaconAndProbeRspSanity - wrong IE_SSID (len=%d)\n",eid_ptr->Len);
1269 + DBGPRINT(RT_DEBUG_TRACE, "<=== %s - bad IE_SSID len=%d\n",
1270 + __FUNCTION__, eid_ptr->Len);
1271 return FALSE;
1272 }
1273 break;
1274 @@ -546,13 +652,15 @@
1275 }
1276 else
1277 {
1278 - DBGPRINT(RT_DEBUG_TRACE, "PeerBeaconAndProbeRspSanity - wrong IE_SUPP_RATES (len=%d)\n",eid_ptr->Len);
1279 + DBGPRINT(RT_DEBUG_TRACE,
1280 + "<=== %s - wrong IE_SUPP_RATES (len=%d)\n",
1281 + __FUNCTION__, eid_ptr->Len);
1282 return FALSE;
1283 }
1284 break;
1285
1286 case IE_FH_PARM:
1287 - DBGPRINT(RT_DEBUG_TRACE, "PeerBeaconAndProbeRspSanity(IE_FH_PARM) \n");
1288 + DBGPRINT(RT_DEBUG_INFO, " - (IE_FH_PARM) \n");
1289 break;
1290
1291 case IE_DS_PARM:
1292 @@ -561,14 +669,18 @@
1293 *Channel = *eid_ptr->Octet;
1294 if (ChannelSanity(pAd, *Channel) == 0)
1295 {
1296 - DBGPRINT(RT_DEBUG_TRACE, "PeerBeaconAndProbeRspSanity - wrong IE_DS_PARM (ch=%d)\n",*Channel);
1297 + DBGPRINT(RT_DEBUG_TRACE,
1298 + "<=== %s - wrong IE_DS_PARM (ch=%d)\n",
1299 + __FUNCTION__, *Channel);
1300 return FALSE;
1301 }
1302 Sanity |= 0x4;
1303 }
1304 else
1305 {
1306 - DBGPRINT(RT_DEBUG_TRACE, "PeerBeaconAndProbeRspSanity - wrong IE_DS_PARM (len=%d)\n",eid_ptr->Len);
1307 + DBGPRINT(RT_DEBUG_TRACE,
1308 + "<=== %s - wrong IE_DS_PARM (len=%d)\n",
1309 + __FUNCTION__, eid_ptr->Len);
1310 return FALSE;
1311 }
1312 break;
1313 @@ -581,7 +693,8 @@
1314 }
1315 else
1316 {
1317 - DBGPRINT(RT_DEBUG_TRACE, "PeerBeaconAndProbeRspSanity - wrong IE_CF_PARM\n");
1318 + DBGPRINT(RT_DEBUG_TRACE, "<=== %s - wrong IE_CF_PARM\n",
1319 + __FUNCTION__);
1320 return FALSE;
1321 }
1322 break;
1323 @@ -593,7 +706,8 @@
1324 }
1325 else
1326 {
1327 - DBGPRINT(RT_DEBUG_TRACE, "PeerBeaconAndProbeRspSanity - wrong IE_IBSS_PARM\n");
1328 + DBGPRINT(RT_DEBUG_TRACE, "<=== %s - wrong IE_IBSS_PARM\n",
1329 + __FUNCTION__);
1330 return FALSE;
1331 }
1332 break;
1333 @@ -605,18 +719,45 @@
1334 }
1335 break;
1336
1337 + case IE_COUNTRY:
1338 + handle_country_ie((country_ie_p)eid_ptr);
1339 + break;
1340 +
1341 // New for WPA
1342 case IE_WPA:
1343 - // Check the OUI version, filter out non-standard usage
1344 - if (RTMPEqualMemory(eid_ptr->Octet, WPA_OUI, 4))
1345 - {
1346 - // Copy to pVIE which will report to microsoft bssid list.
1347 - pVIE->ElementID = eid_ptr->Eid;
1348 - pVIE->Length = eid_ptr->Len;
1349 - memcpy(pVIE->data, eid_ptr->Octet, eid_ptr->Len);
1350 - }
1351 - DBGPRINT(RT_DEBUG_INFO, "PeerBeaconAndProbeRspSanity - Receive IE_WPA\n");
1352 - break;
1353 + if (vielim >= (UCHAR *)ptVIE + eid_ptr->Len + 2)
1354 + {
1355 + // ptVIE will report to microsoft bssid list.
1356 + ptVIE->ElementID = eid_ptr->Eid;
1357 + ptVIE->Length = eid_ptr->Len;
1358 + memcpy(ptVIE->data, eid_ptr->Octet, eid_ptr->Len);
1359 + ptVIE = (PNDIS_802_11_VARIABLE_IEs)((UCHAR *)ptVIE +
1360 + ptVIE->Length + 2);
1361 + DBGPRINT(RT_DEBUG_INFO, " - OUI (%02x:%02x:%02x:%02x)\n",
1362 + eid_ptr->Octet[0], eid_ptr->Octet[1],
1363 + eid_ptr->Octet[2], eid_ptr->Octet[3]);
1364 + }
1365 + else
1366 + {
1367 + DBGPRINT(RT_DEBUG_ERROR,
1368 + " - IE_WPA rcv area needs %d bytes: has %d left\n",
1369 + eid_ptr->Len + 2, vielim - (UCHAR *)ptVIE);
1370 + }
1371 + break;
1372 +
1373 + case IE_RSN:
1374 + if (vielim >= (UCHAR *)ptVIE + eid_ptr->Len + 2)
1375 + {
1376 + ptVIE = (PNDIS_802_11_VARIABLE_IEs)((UCHAR *)ptVIE +
1377 + handle_rsn_ie((rsn_ie_p)eid_ptr, ptVIE));
1378 + }
1379 + else
1380 + {
1381 + DBGPRINT(RT_DEBUG_ERROR,
1382 + " - IE_RSN rcv area needs %d bytes: has %d left\n",
1383 + eid_ptr->Len + 2, vielim - (UCHAR *)ptVIE);
1384 + }
1385 + break;
1386
1387 case IE_EXT_SUPP_RATES:
1388 // concatenate all extended rates to Rates[] and RateLen
1389 @@ -656,13 +797,18 @@
1390 break;
1391
1392 default:
1393 - DBGPRINT(RT_DEBUG_INFO, "PeerBeaconAndProbeRspSanity - unrecognized EID = %d\n", eid_ptr->Eid);
1394 + DBGPRINT(RT_DEBUG_ERROR, " - EID=%d (Len=%d) unrecognized\n",
1395 + eid_ptr->Eid, eid_ptr->Len);
1396 break;
1397 }
1398
1399 eid_ptr = (PBEACON_EID_STRUCT)((UCHAR*)eid_ptr + 2 + eid_ptr->Len);
1400 }
1401 -
1402 + if ((UCHAR *)ptVIE > VarIE) {
1403 + int vielen = (UCHAR *)ptVIE - VarIE;
1404 + *VarIELen = vielen;
1405 + memcpy(pVIE, VarIE, vielen);
1406 + }
1407
1408 // in 802.11a band, AP may skip this DS IE in their BEACON
1409 if ((pAd->PortCfg.Channel > 14) && ((Sanity & 0x04)==0))
1410 @@ -671,6 +817,7 @@
1411 Sanity |= 0x04;
1412 }
1413
1414 + DBGPRINT(RT_DEBUG_TRACE, "<=== %s: Sanity=0x%02x\n", __FUNCTION__, Sanity);
1415 if (Sanity != 0x7)
1416 {
1417 DBGPRINT(RT_DEBUG_WARN, "PeerBeaconAndProbeRspSanity - missing field, Sanity=0x%02x\n", Sanity);
1418 diff -r -u rt2500-1.1.0-b4/Module/sync.c rt2500-cvs-2007020414/Module/sync.c
1419 --- rt2500-1.1.0-b4/Module/sync.c 2006-06-17 22:12:58.000000000 +0200
1420 +++ rt2500-cvs-2007020414/Module/sync.c 2006-08-29 04:32:00.000000000 +0200
1421 @@ -344,7 +344,7 @@
1422 Ssid, SsidLen, pAd->PortCfg.BssType, pAd->PortCfg.BeaconPeriod,
1423 CfExist, &CfParm, pAd->PortCfg.AtimWin, pAd->PortCfg.CapabilityInfo,
1424 pAd->PortCfg.SupportedRates, pAd->PortCfg.SupportedRatesLen, TRUE,
1425 - pAd->PortCfg.Channel, Elem->Rssi, TimeStamp, pVIE);
1426 + pAd->PortCfg.Channel, Elem->Rssi, TimeStamp, 0, pVIE);
1427 }
1428 #endif
1429
1430 @@ -383,14 +383,14 @@
1431 UCHAR SupRateLen, ExtRateLen;
1432
1433 // New for WPA security suites
1434 - UCHAR VarIE[MAX_VIE_LEN]; // Total VIE length = MAX_VIE_LEN - -5
1435 + USHORT VarIELen; // Length of all saved IEs.
1436 + UCHAR VarIE[MAX_VIE_LEN]; // Total VIE length = MAX_VIE_LEN - -5
1437 NDIS_802_11_VARIABLE_IEs *pVIE = NULL;
1438
1439 // NdisFillMemory(Ssid, MAX_LEN_OF_SSID, 0x00);
1440 Fr = (MACFRAME *) Elem->Msg;
1441 // Init Variable IE structure
1442 pVIE = (PNDIS_802_11_VARIABLE_IEs) VarIE;
1443 - pVIE->Length = 0;
1444 if (PeerBeaconAndProbeRspSanity(pAd,
1445 Elem->Msg,
1446 Elem->MsgLen,
1447 @@ -418,6 +418,7 @@
1448 &SupRateLen,
1449 ExtRate,
1450 &ExtRateLen,
1451 + &VarIELen,
1452 pVIE))
1453 {
1454 ULONG Idx;
1455 @@ -447,7 +448,7 @@
1456 CapabilityInfo &= SUPPORTED_CAPABILITY_INFO;
1457 BssTableSetEntry(pAd, &pAd->PortCfg.BssTab, &Bssid, Ssid, SsidLen, BssType,
1458 BeaconPeriod, CfExist, &CfParm, AtimWin, CapabilityInfo, Rates,
1459 - RatesLen, ExtendedRateIeExist, Channel, Rssi, Noise, TimeStamp, pVIE);
1460 + RatesLen, ExtendedRateIeExist, Channel, Rssi, Noise, TimeStamp, VarIELen, pVIE);
1461 }
1462 // sanity check fail, ignored
1463 }
1464 @@ -474,7 +475,8 @@
1465 UCHAR SupRateLen, ExtRateLen;
1466
1467 // New for WPA security suites
1468 - UCHAR VarIE[MAX_VIE_LEN]; // Total VIE length = MAX_VIE_LEN - -5
1469 + USHORT VarIELen; // Length of all saved IEs.
1470 + UCHAR VarIE[MAX_VIE_LEN]; // Total VIE length = MAX_VIE_LEN - -5
1471 NDIS_802_11_VARIABLE_IEs *pVIE = NULL;
1472
1473 // Init Variable IE structure
1474 @@ -508,6 +510,7 @@
1475 &SupRateLen,
1476 ExtRate,
1477 &ExtRateLen,
1478 + &VarIELen,
1479 pVIE))
1480 {
1481 // Disqualify 11b only adhoc when we are in 11g only adhoc mode
1482 @@ -679,7 +682,8 @@
1483 UCHAR SupRateLen, ExtRateLen;
1484
1485 // New for WPA security suites
1486 - UCHAR VarIE[MAX_VIE_LEN]; // Total VIE length = MAX_VIE_LEN - -5
1487 + USHORT VarIELen; // Length of all saved IEs.
1488 + UCHAR VarIE[MAX_VIE_LEN]; // Total VIE length = MAX_VIE_LEN - -5
1489 NDIS_802_11_VARIABLE_IEs *pVIE = NULL;
1490
1491 if (!INFRA_ON(pAd) && !ADHOC_ON(pAd))
1492 @@ -716,6 +720,7 @@
1493 &SupRateLen,
1494 ExtRate,
1495 &ExtRateLen,
1496 + &VarIELen,
1497 pVIE))
1498 {
1499 BOOLEAN is_my_bssid, is_my_ssid;
1500 @@ -747,7 +752,7 @@
1501 // discover new AP of this network, create BSS entry
1502 Bssidx = BssTableSetEntry(pAd, &pAd->Mlme.CntlAux.SsidBssTab, &Bssid, Ssid, SsidLen,
1503 BssType, BeaconPeriod, CfExist, &CfParm, AtimWin, CapabilityInfo,
1504 - Rates, RatesLen, ExtendedRateIeExist, Channel, Elem->Rssi, Elem->Noise, TimeStamp, pVIE);
1505 + Rates, RatesLen, ExtendedRateIeExist, Channel, Elem->Rssi, Elem->Noise, TimeStamp, VarIELen, pVIE);
1506
1507 if (Bssidx == BSS_NOT_FOUND) // return if BSS table full
1508 return;
1509 @@ -919,7 +924,7 @@
1510 {
1511 Bssidx = BssTableSetEntry(pAd, &pAd->PortCfg.BssTab, &Bssid, Ssid, SsidLen,
1512 BssType, BeaconPeriod, CfExist, &CfParm, AtimWin, CapabilityInfo,
1513 - Rates, RatesLen, ExtendedRateIeExist, Channel, Elem->Rssi, Elem->Noise, TimeStamp, pVIE);
1514 + Rates, RatesLen, ExtendedRateIeExist, Channel, Elem->Rssi, Elem->Noise, TimeStamp, VarIELen, pVIE);
1515 }
1516 }
1517 #endif
1518 diff -r -u rt2500-1.1.0-b4/Module/wpa.c rt2500-cvs-2007020414/Module/wpa.c
1519 --- rt2500-1.1.0-b4/Module/wpa.c 2006-06-17 22:12:58.000000000 +0200
1520 +++ rt2500-cvs-2007020414/Module/wpa.c 2006-11-28 09:00:02.000000000 +0100
1521 @@ -47,6 +47,7 @@
1522 };
1523 UCHAR CipherWpaPskTkipLen = (sizeof(CipherWpaPskTkip) / sizeof(UCHAR));
1524
1525 +// Needed for APs using WPA1 IEs (#221) to indicate CCMP encryption
1526 UCHAR CipherWpaPskAes[] = {
1527 0xDD, 0x16, // RSN IE
1528 0x00, 0x50, 0xf2, 0x01, // oui
1529 @@ -59,6 +60,9 @@
1530 };
1531 UCHAR CipherWpaPskAesLen = (sizeof(CipherWpaPskAes) / sizeof(UCHAR));
1532
1533 +static UCHAR MSOUI[] = {0x00, 0x50, 0xf2, 0x01}; // Microsoft OUI
1534 +static UCHAR WGOUI[] = {0x00, 0x0f, 0xac}; // 802.11i Working Group OUI
1535 +
1536 /*
1537 ========================================================================
1538
1539 @@ -153,9 +157,12 @@
1540 *(USHORT *)((UCHAR *)pKeyDesc+1) = SWAP16(*(USHORT *)((UCHAR *)pKeyDesc+1));
1541 #endif
1542 // Sanity check, this should only happen in WPA-PSK mode
1543 - if (pAdapter->PortCfg.AuthMode != Ndis802_11AuthModeWPAPSK)
1544 + if (pAdapter->PortCfg.AuthMode != Ndis802_11AuthModeWPAPSK) {
1545 + DBGPRINT(RT_DEBUG_TRACE,
1546 + "<----- WpaEAPOLKeyAction - AuthMode (%d) != WPPSK\n",
1547 + pAdapter->PortCfg.AuthMode);
1548 return;
1549 -
1550 + }
1551 // 0. Debug print all bit information
1552 DBGPRINT(RT_DEBUG_INFO, "KeyInfo Key Description Version %d\n", pKeyDesc->KeyInfo.KeyDescVer);
1553 DBGPRINT(RT_DEBUG_INFO, "KeyInfo Key Type %d\n", pKeyDesc->KeyInfo.KeyType);
1554 @@ -190,9 +197,18 @@
1555 // First validate replay counter, only accept message with larger replay counter
1556 // Let equal pass, some AP start with all zero replay counter
1557 memset(ZeroReplay, 0, LEN_KEY_DESC_REPLAY);
1558 - if ((RTMPCompareMemory(pKeyDesc->ReplayCounter, pAdapter->PortCfg.ReplayCounter, LEN_KEY_DESC_REPLAY) != 1) &&
1559 - (RTMPCompareMemory(pKeyDesc->ReplayCounter, ZeroReplay, LEN_KEY_DESC_REPLAY) != 0))
1560 + if ((RTMPCompareMemory(pKeyDesc->ReplayCounter,
1561 + pAdapter->PortCfg.ReplayCounter, LEN_KEY_DESC_REPLAY) != 1) &&
1562 + (RTMPCompareMemory(pKeyDesc->ReplayCounter,
1563 + ZeroReplay, LEN_KEY_DESC_REPLAY) != 0)) {
1564 + DBGPRINT(RT_DEBUG_TRACE, "<----- %s: Replay count error\n",
1565 + __FUNCTION__);
1566 + DBGHEXSTR(RT_DEBUG_TRACE, " AP replay = ",
1567 + pKeyDesc->ReplayCounter, LEN_KEY_DESC_REPLAY);
1568 + DBGHEXSTR(RT_DEBUG_TRACE, " our replay = ",
1569 + pAdapter->PortCfg.ReplayCounter, LEN_KEY_DESC_REPLAY);
1570 return;
1571 + }
1572
1573 // Classify message Type, either pairwise message 1, 3, or group message 1 for supplicant
1574 MsgType = EAPOL_MSG_INVALID;
1575 @@ -457,6 +473,172 @@
1576 }
1577
1578 /*
1579 + ========================================================================
1580 +
1581 + Description:
1582 + Check the information element packaged in the KeyData field of the
1583 + EAPOL packet. At least one of the AP's offerings in each of
1584 +
1585 + 1) the group cipher suite
1586 + 2) the pairwise master key cipher(s), and
1587 + 3) the authentication and key management suite
1588 +
1589 + need to match the configuration for the corresponding attribute
1590 + in the driver.
1591 +
1592 + Arguments:
1593 + pAd Pointer to our adapter
1594 + pie Pointer to the "logical" IE
1595 + pie_len Value of the real IE length field.
1596 + poui Pointer to the WPA1/WPA2 OUI
1597 +
1598 + Return Value:
1599 + 0 -> OK: At least one of the offerings in each category
1600 + matches what is configured in the driver.
1601 +
1602 + Note:
1603 + On entry, it is known that the length of the RSN IE is consistent
1604 + with the length specification of the EAPOL KeyData field, and that
1605 + the IE is at least long enough to contain one group cipher suite
1606 + selection, one PMK cipher suite selection,
1607 + and one AKM suite selection.
1608 + ========================================================================
1609 +*/
1610 +static int checkEAPIE(
1611 + IN RTMP_ADAPTER *pAd,
1612 + IN rsn_ie_t *pie, // (not really, if we're WPA 1)
1613 + IN u8 pie_len, // ... so we provide the length separately.
1614 + IN ie_oui_t *poui)
1615 +{
1616 + suite_list_t *suite_list_p;
1617 + suite_sel_t *suite_sel_p;
1618 + int i, j;
1619 + int needs = 7;
1620 + suite_sel_t *limit = (suite_sel_t *)((void *)pie + pie_len + 2);
1621 +
1622 + if (wtohs(pie->version) != 1) {
1623 + DBGPRINT(RT_DEBUG_ERROR, "Invalid ver %d (sb 1)\n",
1624 + wtohs(pie->version));
1625 + return needs;
1626 + }
1627 + if (memcmp(pie->gcsuite.oui, poui, sizeof(ie_oui_t)) != 0) {
1628 + DBGPRINT(RT_DEBUG_ERROR, "Invalid Grp Cipher OUI %02x:%02x:%02x\n",
1629 + pie->gcsuite.oui[0], pie->gcsuite.oui[1], pie->gcsuite.oui[2]);
1630 + return needs;
1631 + }
1632 + switch (pie->gcsuite.type) {
1633 + case CIPHER_TYPE_WEP40:
1634 + case CIPHER_TYPE_WEP104:
1635 + if (pAd->PortCfg.WepStatus == Ndis802_11Encryption1Enabled)
1636 + needs &= 6;
1637 + break;
1638 + case CIPHER_TYPE_TKIP:
1639 + if (pAd->PortCfg.WepStatus == Ndis802_11Encryption2Enabled)
1640 + needs &= 6;
1641 + break;
1642 + case CIPHER_TYPE_CCMP:
1643 + if (pAd->PortCfg.WepStatus == Ndis802_11Encryption3Enabled)
1644 + needs &= 6;
1645 + break;
1646 + default:
1647 + DBGPRINT(RT_DEBUG_ERROR, "Invalid Grp Cipher Type %d\n",
1648 + pie->gcsuite.type);
1649 + return needs;
1650 + } /* End switch (group cipher suite type) */
1651 +
1652 + suite_list_p = (suite_list_t *)((void *)&pie->gcsuite+sizeof(suite_sel_t));
1653 +
1654 + // Search the PMK list
1655 + for (suite_sel_p = suite_list_p->suite,
1656 + i = 0, j = wtohs(suite_list_p->count);
1657 + suite_sel_p + 1 <= limit && i < j;
1658 + suite_sel_p++, i++) {
1659 + if (memcmp(suite_sel_p->oui, poui, sizeof(ie_oui_t)) != 0) {
1660 + DBGPRINT(RT_DEBUG_ERROR, "Invalid PMK Cipher OUI "
1661 + "%02x:%02x:%02x\n",
1662 + suite_sel_p->oui[0], suite_sel_p->oui[1],
1663 + suite_sel_p->oui[2]);
1664 + break; // Keep going. We may also have a valid one.
1665 + }
1666 + switch (suite_sel_p->type) {
1667 + case CIPHER_TYPE_WEP40:
1668 + case CIPHER_TYPE_WEP104:
1669 + if (pAd->PortCfg.WepStatus == Ndis802_11Encryption1Enabled)
1670 + needs &= 5;
1671 + break;
1672 + case CIPHER_TYPE_TKIP:
1673 + if (pAd->PortCfg.WepStatus == Ndis802_11Encryption2Enabled)
1674 + needs &= 5;
1675 + break;
1676 + case CIPHER_TYPE_CCMP:
1677 + if (pAd->PortCfg.WepStatus == Ndis802_11Encryption3Enabled)
1678 + needs &= 5;
1679 + break;
1680 + default:
1681 + DBGPRINT(RT_DEBUG_ERROR, "Invalid PMK Cipher Type %d\n",
1682 + suite_sel_p->type);
1683 + break; // Keep going. We may also have a valid one.
1684 + } /* End switch (PMK type) */
1685 + } /* End search PMK list */
1686 +
1687 + if (suite_sel_p >= limit && i < j) {
1688 + DBGPRINT(RT_DEBUG_ERROR, "Too many PMK suites in EAPOL pkt "
1689 + "(have %d, room for %d) (need=%d)\n",
1690 + j, i, needs);
1691 + return needs;
1692 + }
1693 + if (j == 0) {
1694 + DBGPRINT(RT_DEBUG_ERROR, "Zero count PMK list in EAPOL pkt "
1695 + "(need=%d)\n", needs);
1696 + return needs;
1697 + }
1698 +
1699 + suite_list_p = (suite_list_t *)suite_sel_p;
1700 +
1701 + //Search the Authentication and Key Management (AKM) list
1702 + for (suite_sel_p = suite_list_p->suite,
1703 + i = 0, j = wtohs(suite_list_p->count);
1704 + suite_sel_p + 1 <= limit && i < j;
1705 + suite_sel_p++, i++) {
1706 + if (memcmp(suite_sel_p->oui, poui, sizeof(ie_oui_t)) != 0) {
1707 + DBGPRINT(RT_DEBUG_ERROR, "Invalid AKM OUI %02x:%02x:%02x\n",
1708 + suite_sel_p->oui[0], suite_sel_p->oui[1],
1709 + suite_sel_p->oui[2]);
1710 + break; // Keep going. We may also have a valid one.
1711 + }
1712 + switch (suite_sel_p->type) {
1713 + case AKM_TYPE_802_1X:
1714 + if (pAd->PortCfg.AuthMode == Ndis802_11AuthModeWPA)
1715 + needs &= 3;
1716 + break;
1717 + case AKM_TYPE_PSK:
1718 + if (pAd->PortCfg.AuthMode >= Ndis802_11AuthModeWPAPSK)
1719 + needs &= 3;
1720 + break;
1721 + default:
1722 + DBGPRINT(RT_DEBUG_ERROR, "Invalid PMK Cipher Type %d\n",
1723 + suite_sel_p->type);
1724 + break; // Keep going. We may also have a valid one.
1725 + } /* End switch (AKM type) */
1726 + } /* End search AKM list */
1727 +
1728 + if (suite_sel_p >= limit && i < j) {
1729 + DBGPRINT(RT_DEBUG_ERROR, "Too many AKM suites in EAPOL pkt "
1730 + "(have %d, room for %d) (need=%d)\n",
1731 + j, i, needs);
1732 + return needs; // NB. May still have met all needs.
1733 + }
1734 + if (j == 0) {
1735 + DBGPRINT(RT_DEBUG_ERROR, "Zero count AKM list in EAPOL pkt "
1736 + "(need=%d)\n", needs);
1737 + return needs;
1738 + }
1739 +
1740 + return needs;
1741 +
1742 +} /* End checkEAPIE () */
1743 +
1744 +/*
1745 ========================================================================
1746
1747 Routine Description:
1748 @@ -487,7 +669,6 @@
1749 UCHAR EAPHEAD[8] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00,0x88,0x8e};
1750 EAPOL_PACKET Packet;
1751 PEAPOL_PACKET pMsg3;
1752 - PUCHAR pTmp;
1753 UCHAR Mic[16], OldMic[16];
1754 NDIS_802_11_KEY PeerKey;
1755
1756 @@ -502,31 +683,60 @@
1757 #ifdef BIG_ENDIAN
1758 *(USHORT *)(&(pMsg3->KeyDesc.KeyInfo)) = SWAP16(*(USHORT *)(&(pMsg3->KeyDesc.KeyInfo)));
1759 #endif
1760 + #define pie ((rsn_ie_t *)(void *)pMsg3->KeyDesc.KeyData)
1761 + if (wtohs(pie->length) + 2 != pMsg3->KeyDesc.KeyDataLen[1]) {
1762 + DBGPRINT(RT_DEBUG_ERROR, "RSN IE len %d != KeyDataLen %d)\n",
1763 + pie->length + 2, pMsg3->KeyDesc.KeyDataLen[1]);
1764 + return;
1765 + }
1766 + else {
1767 + switch (pie->eid) {
1768 + case IE_RSN:
1769 + if (wtohs(pie->length) < MIN_RSN_KEYDATA_LEN) {
1770 + DBGPRINT(RT_DEBUG_ERROR,
1771 + "RSN IE msg 3 too short (sb >= %d, is %d)\n",
1772 + MIN_RSN_KEYDATA_LEN, wtohs(pie->length));
1773 + DBGHEXSTR(RT_DEBUG_ERROR, "KeyData ",
1774 + pMsg3->KeyDesc.KeyData,
1775 + pMsg3->KeyDesc.KeyDataLen[1]);
1776 + return;
1777 + }
1778 + if (checkEAPIE(pAdapter, pie, pie->length,
1779 + (ie_oui_t *)WGOUI) != 0) return;
1780 + break;
1781 + case IE_WPA:
1782 + #undef pie
1783 + #define pie ((RSN_EID_STRUCT *)(void *)pMsg3->KeyDesc.KeyData)
1784 + if (wtohs(pie->Length) < MIN_WPA_KEYDATA_LEN) {
1785 + DBGPRINT(RT_DEBUG_ERROR,
1786 + "WPA IE msg 3 too short (sb >= %d, is %d)\n",
1787 + MIN_WPA_KEYDATA_LEN, wtohs(pie->Length));
1788 + DBGHEXSTR(RT_DEBUG_ERROR, "KeyData ",
1789 + pMsg3->KeyDesc.KeyData,
1790 + pMsg3->KeyDesc.KeyDataLen[1]);
1791 + return;
1792 + }
1793 + if (memcmp(pie->Oui, MSOUI, sizeof(pie->Oui)) != 0) {
1794 + DBGPRINT(RT_DEBUG_ERROR,
1795 + "Invalid WPA 1 OUI %02x:%02x:%02x:%02x\n",
1796 + pie->Oui[0], pie->Oui[1], pie->Oui[2], pie->Oui[3]);
1797 + return;
1798 + }
1799 + if (checkEAPIE(pAdapter, (rsn_ie_t *)&pie->Oui[2], pie->Length,
1800 + (ie_oui_t *)MSOUI) != 0) return;
1801 + break;
1802 + default:
1803 + DBGPRINT(RT_DEBUG_ERROR, "RSN IE type %d invalid)\n",
1804 + pie->Eid);
1805 + return;
1806 + } /* End switch (element ID) */
1807 + } /* End if (packet length sane) */
1808 + #undef pie
1809 +
1810 + DBGPRINT(RT_DEBUG_TRACE, "RSN IE matched msg 3 of 4-way handshake "
1811 + "KeyDataLen=%d)\n",
1812 + pMsg3->KeyDesc.KeyDataLen[1]);
1813
1814 - // 1. Verify RSN IE & cipher type match
1815 - if (pAdapter->PortCfg.WepStatus == Ndis802_11Encryption3Enabled)
1816 - {
1817 - if (pMsg3->KeyDesc.KeyInfo.KeyDescVer != 2)
1818 - return;
1819 - pTmp = (PUCHAR) &CipherWpaPskAes;
1820 - }
1821 - else // TKIP
1822 - {
1823 - if (pMsg3->KeyDesc.KeyInfo.KeyDescVer != 1)
1824 - return;
1825 - pTmp = (PUCHAR) &CipherWpaPskTkip;
1826 - }
1827 -
1828 - // Fix compatibility issue, when AP append nonsense data after auth mode with different size.
1829 - // We should qualify this kind of RSN as acceptable
1830 - if (!NdisEqualMemory((PUCHAR) &pMsg3->KeyDesc.KeyData[2], pTmp + 2, CipherWpaPskTkipLen - 2))
1831 - {
1832 - DBGPRINT(RT_DEBUG_ERROR, " RSN IE mismatched msg 3 of 4-way handshake!!!!!!!!!! \n");
1833 - return;
1834 - }
1835 - else
1836 - DBGPRINT(RT_DEBUG_TRACE, " RSN IE matched in msg 3 of 4-way handshake!!!!!!!!!! \n");
1837 -
1838 #ifdef BIG_ENDIAN
1839 *(USHORT *)(&(pMsg3->KeyDesc.KeyInfo)) = SWAP16(*(USHORT *)(&(pMsg3->KeyDesc.KeyInfo)));
1840 #endif
1841 @@ -556,16 +766,31 @@
1842 else
1843 DBGPRINT(RT_DEBUG_TRACE, " MIC VALID in msg 3 of 4-way handshake!!!!!!!!!! \n");
1844
1845 - // 3. Check Replay Counter, it has to be larger than last one. No need to be exact one larger
1846 - if (RTMPCompareMemory(pMsg3->KeyDesc.ReplayCounter, pAdapter->PortCfg.ReplayCounter, LEN_KEY_DESC_REPLAY) != 1)
1847 + // 3. Check Replay Counter, it has to be larger than last one.
1848 + // No need to be exact one larger
1849 + if (RTMPCompareMemory(pMsg3->KeyDesc.ReplayCounter,
1850 + pAdapter->PortCfg.ReplayCounter, LEN_KEY_DESC_REPLAY) != 1) {
1851 + DBGPRINT(RT_DEBUG_TRACE, " Replay count error\n");
1852 + DBGHEXSTR(RT_DEBUG_TRACE, " AP replay = ",
1853 + pMsg3->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
1854 + DBGHEXSTR(RT_DEBUG_TRACE, " our replay = ",
1855 + pAdapter->PortCfg.ReplayCounter, LEN_KEY_DESC_REPLAY);
1856 return;
1857 -
1858 + }
1859 // Update new replay counter
1860 - memcpy(pAdapter->PortCfg.ReplayCounter, pMsg3->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
1861 + memcpy(pAdapter->PortCfg.ReplayCounter, pMsg3->KeyDesc.ReplayCounter,
1862 + LEN_KEY_DESC_REPLAY);
1863
1864 // 4. Double check ANonce
1865 - if (!NdisEqualMemory(pAdapter->PortCfg.ANonce, pMsg3->KeyDesc.KeyNonce, LEN_KEY_DESC_NONCE))
1866 + if (!NdisEqualMemory(pAdapter->PortCfg.ANonce, pMsg3->KeyDesc.KeyNonce,
1867 + LEN_KEY_DESC_NONCE)) {
1868 + DBGPRINT(RT_DEBUG_TRACE, " Nonce error\n");
1869 + DBGHEXSTR(RT_DEBUG_TRACE, " AP Nonce = ",
1870 + pMsg3->KeyDesc.KeyNonce, LEN_KEY_DESC_NONCE);
1871 + DBGHEXSTR(RT_DEBUG_TRACE, " our Nonce = ",
1872 + pAdapter->PortCfg.ANonce, LEN_KEY_DESC_NONCE);
1873 return;
1874 + }
1875
1876 // 5. Construct Message 4
1877 // =====================================
Arch Rock Linux - Stable release of Arch Linux