2 *************************************************************************
4 * 5F., No.36, Taiyuan St., Jhubei City,
8 * (c) Copyright 2002-2007, Ralink Technology, Inc.
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
15 * This program is distributed in the hope that it will be useful, *
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
18 * GNU General Public License for more details. *
20 * You should have received a copy of the GNU General Public License *
21 * along with this program; if not, write to the *
22 * Free Software Foundation, Inc., *
23 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 *************************************************************************
34 -------- ---------- ----------------------------------------------
35 John 2004-9-3 porting from RT2500
37 #include "../rt_config.h"
39 UCHAR CipherWpaTemplate
[] = {
42 0x00, 0x50, 0xf2, 0x01, // oui
43 0x01, 0x00, // Version
44 0x00, 0x50, 0xf2, 0x02, // Multicast
45 0x01, 0x00, // Number of unicast
46 0x00, 0x50, 0xf2, 0x02, // unicast
47 0x01, 0x00, // number of authentication method
48 0x00, 0x50, 0xf2, 0x01 // authentication
51 UCHAR CipherWpa2Template
[] = {
54 0x01, 0x00, // Version
55 0x00, 0x0f, 0xac, 0x02, // group cipher, TKIP
56 0x01, 0x00, // number of pairwise
57 0x00, 0x0f, 0xac, 0x02, // unicast
58 0x01, 0x00, // number of authentication method
59 0x00, 0x0f, 0xac, 0x02, // authentication
60 0x00, 0x00, // RSN capability
63 UCHAR Ccx2IeInfo
[] = { 0x00, 0x40, 0x96, 0x03, 0x02};
66 ==========================================================================
68 association state machine init, including state transition and timer init
70 S - pointer to the association state machine
74 ==========================================================================
76 VOID
AssocStateMachineInit(
79 OUT STATE_MACHINE_FUNC Trans
[])
81 StateMachineInit(S
, Trans
, MAX_ASSOC_STATE
, MAX_ASSOC_MSG
, (STATE_MACHINE_FUNC
)Drop
, ASSOC_IDLE
, ASSOC_MACHINE_BASE
);
84 StateMachineSetAction(S
, ASSOC_IDLE
, MT2_MLME_ASSOC_REQ
, (STATE_MACHINE_FUNC
)MlmeAssocReqAction
);
85 StateMachineSetAction(S
, ASSOC_IDLE
, MT2_MLME_REASSOC_REQ
, (STATE_MACHINE_FUNC
)MlmeReassocReqAction
);
86 StateMachineSetAction(S
, ASSOC_IDLE
, MT2_MLME_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)MlmeDisassocReqAction
);
87 StateMachineSetAction(S
, ASSOC_IDLE
, MT2_PEER_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)PeerDisassocAction
);
90 StateMachineSetAction(S
, ASSOC_WAIT_RSP
, MT2_MLME_ASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenAssoc
);
91 StateMachineSetAction(S
, ASSOC_WAIT_RSP
, MT2_MLME_REASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenReassoc
);
92 StateMachineSetAction(S
, ASSOC_WAIT_RSP
, MT2_MLME_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenDisassociate
);
93 StateMachineSetAction(S
, ASSOC_WAIT_RSP
, MT2_PEER_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)PeerDisassocAction
);
94 StateMachineSetAction(S
, ASSOC_WAIT_RSP
, MT2_PEER_ASSOC_RSP
, (STATE_MACHINE_FUNC
)PeerAssocRspAction
);
96 // Patch 3Com AP MOde:3CRWE454G72
97 // We send Assoc request frame to this AP, it always send Reassoc Rsp not Associate Rsp.
99 StateMachineSetAction(S
, ASSOC_WAIT_RSP
, MT2_PEER_REASSOC_RSP
, (STATE_MACHINE_FUNC
)PeerAssocRspAction
);
100 StateMachineSetAction(S
, ASSOC_WAIT_RSP
, MT2_ASSOC_TIMEOUT
, (STATE_MACHINE_FUNC
)AssocTimeoutAction
);
103 StateMachineSetAction(S
, REASSOC_WAIT_RSP
, MT2_MLME_ASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenAssoc
);
104 StateMachineSetAction(S
, REASSOC_WAIT_RSP
, MT2_MLME_REASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenReassoc
);
105 StateMachineSetAction(S
, REASSOC_WAIT_RSP
, MT2_MLME_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenDisassociate
);
106 StateMachineSetAction(S
, REASSOC_WAIT_RSP
, MT2_PEER_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)PeerDisassocAction
);
107 StateMachineSetAction(S
, REASSOC_WAIT_RSP
, MT2_PEER_REASSOC_RSP
, (STATE_MACHINE_FUNC
)PeerReassocRspAction
);
109 // Patch, AP doesn't send Reassociate Rsp frame to Station.
111 StateMachineSetAction(S
, REASSOC_WAIT_RSP
, MT2_PEER_ASSOC_RSP
, (STATE_MACHINE_FUNC
)PeerReassocRspAction
);
112 StateMachineSetAction(S
, REASSOC_WAIT_RSP
, MT2_REASSOC_TIMEOUT
, (STATE_MACHINE_FUNC
)ReassocTimeoutAction
);
115 StateMachineSetAction(S
, DISASSOC_WAIT_RSP
, MT2_MLME_ASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenAssoc
);
116 StateMachineSetAction(S
, DISASSOC_WAIT_RSP
, MT2_MLME_REASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenReassoc
);
117 StateMachineSetAction(S
, DISASSOC_WAIT_RSP
, MT2_MLME_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenDisassociate
);
118 StateMachineSetAction(S
, DISASSOC_WAIT_RSP
, MT2_PEER_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)PeerDisassocAction
);
119 StateMachineSetAction(S
, DISASSOC_WAIT_RSP
, MT2_DISASSOC_TIMEOUT
, (STATE_MACHINE_FUNC
)DisassocTimeoutAction
);
121 // initialize the timer
122 RTMPInitTimer(pAd
, &pAd
->MlmeAux
.AssocTimer
, GET_TIMER_FUNCTION(AssocTimeout
), pAd
, FALSE
);
123 RTMPInitTimer(pAd
, &pAd
->MlmeAux
.ReassocTimer
, GET_TIMER_FUNCTION(ReassocTimeout
), pAd
, FALSE
);
124 RTMPInitTimer(pAd
, &pAd
->MlmeAux
.DisassocTimer
, GET_TIMER_FUNCTION(DisassocTimeout
), pAd
, FALSE
);
128 ==========================================================================
130 Association timeout procedure. After association timeout, this function
131 will be called and it will put a message into the MLME queue
133 Standard timer parameters
135 IRQL = DISPATCH_LEVEL
137 ==========================================================================
139 VOID
AssocTimeout(IN PVOID SystemSpecific1
,
140 IN PVOID FunctionContext
,
141 IN PVOID SystemSpecific2
,
142 IN PVOID SystemSpecific3
)
144 RTMP_ADAPTER
*pAd
= (RTMP_ADAPTER
*)FunctionContext
;
146 // Do nothing if the driver is starting halt state.
147 // This might happen when timer already been fired before cancel timer with mlmehalt
148 if (RTMP_TEST_FLAG(pAd
, fRTMP_ADAPTER_HALT_IN_PROGRESS
| fRTMP_ADAPTER_NIC_NOT_EXIST
))
151 MlmeEnqueue(pAd
, ASSOC_STATE_MACHINE
, MT2_ASSOC_TIMEOUT
, 0, NULL
);
152 RT28XX_MLME_HANDLER(pAd
);
156 ==========================================================================
158 Reassociation timeout procedure. After reassociation timeout, this
159 function will be called and put a message into the MLME queue
161 Standard timer parameters
163 IRQL = DISPATCH_LEVEL
165 ==========================================================================
167 VOID
ReassocTimeout(IN PVOID SystemSpecific1
,
168 IN PVOID FunctionContext
,
169 IN PVOID SystemSpecific2
,
170 IN PVOID SystemSpecific3
)
172 RTMP_ADAPTER
*pAd
= (RTMP_ADAPTER
*)FunctionContext
;
174 // Do nothing if the driver is starting halt state.
175 // This might happen when timer already been fired before cancel timer with mlmehalt
176 if (RTMP_TEST_FLAG(pAd
, fRTMP_ADAPTER_HALT_IN_PROGRESS
| fRTMP_ADAPTER_NIC_NOT_EXIST
))
179 MlmeEnqueue(pAd
, ASSOC_STATE_MACHINE
, MT2_REASSOC_TIMEOUT
, 0, NULL
);
180 RT28XX_MLME_HANDLER(pAd
);
184 ==========================================================================
186 Disassociation timeout procedure. After disassociation timeout, this
187 function will be called and put a message into the MLME queue
189 Standard timer parameters
191 IRQL = DISPATCH_LEVEL
193 ==========================================================================
195 VOID
DisassocTimeout(IN PVOID SystemSpecific1
,
196 IN PVOID FunctionContext
,
197 IN PVOID SystemSpecific2
,
198 IN PVOID SystemSpecific3
)
200 RTMP_ADAPTER
*pAd
= (RTMP_ADAPTER
*)FunctionContext
;
202 // Do nothing if the driver is starting halt state.
203 // This might happen when timer already been fired before cancel timer with mlmehalt
204 if (RTMP_TEST_FLAG(pAd
, fRTMP_ADAPTER_HALT_IN_PROGRESS
| fRTMP_ADAPTER_NIC_NOT_EXIST
))
207 MlmeEnqueue(pAd
, ASSOC_STATE_MACHINE
, MT2_DISASSOC_TIMEOUT
, 0, NULL
);
208 RT28XX_MLME_HANDLER(pAd
);
212 ==========================================================================
214 mlme assoc req handling procedure
216 Adapter - Adapter pointer
217 Elem - MLME Queue Element
219 the station has been authenticated and the following information is stored in the config
221 -# supported rates and their length
222 -# listen interval (Adapter->StaCfg.default_listen_count)
223 -# Transmit power (Adapter->StaCfg.tx_power)
225 -# An association request frame is generated and sent to the air
226 -# Association timer starts
227 -# Association state -> ASSOC_WAIT_RSP
229 IRQL = DISPATCH_LEVEL
231 ==========================================================================
233 VOID
MlmeAssocReqAction(
234 IN PRTMP_ADAPTER pAd
,
235 IN MLME_QUEUE_ELEM
*Elem
)
238 HEADER_802_11 AssocHdr
;
240 UCHAR WmeIe
[9] = {IE_VENDOR_SPECIFIC
, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00};
243 USHORT CapabilityInfo
;
244 BOOLEAN TimerCancelled
;
245 PUCHAR pOutBuffer
= NULL
;
251 UCHAR CkipNegotiationBuffer
[CKIP_NEGOTIATION_LENGTH
];
252 UCHAR AironetCkipIe
= IE_AIRONET_CKIP
;
253 UCHAR AironetCkipLen
= CKIP_NEGOTIATION_LENGTH
;
254 UCHAR AironetIPAddressIE
= IE_AIRONET_IPADDRESS
;
255 UCHAR AironetIPAddressLen
= AIRONET_IPADDRESS_LENGTH
;
256 UCHAR AironetIPAddressBuffer
[AIRONET_IPADDRESS_LENGTH
] = {0x00, 0x40, 0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00};
259 // Block all authentication request durning WPA block period
260 if (pAd
->StaCfg
.bBlockAssoc
== TRUE
)
262 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - Block Assoc request durning WPA block period!\n"));
263 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
264 Status
= MLME_STATE_MACHINE_REJECT
;
265 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_ASSOC_CONF
, 2, &Status
);
267 // check sanity first
268 else if (MlmeAssocReqSanity(pAd
, Elem
->Msg
, Elem
->MsgLen
, ApAddr
, &CapabilityInfo
, &Timeout
, &ListenIntv
))
270 RTMPCancelTimer(&pAd
->MlmeAux
.AssocTimer
, &TimerCancelled
);
271 COPY_MAC_ADDR(pAd
->MlmeAux
.Bssid
, ApAddr
);
273 // Get an unused nonpaged memory
274 NStatus
= MlmeAllocateMemory(pAd
, &pOutBuffer
);
275 if (NStatus
!= NDIS_STATUS_SUCCESS
)
277 DBGPRINT(RT_DEBUG_TRACE
,("ASSOC - MlmeAssocReqAction() allocate memory failed \n"));
278 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
279 Status
= MLME_FAIL_NO_RESOURCE
;
280 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_ASSOC_CONF
, 2, &Status
);
284 // Add by James 03/06/27
285 pAd
->StaCfg
.AssocInfo
.Length
= sizeof(NDIS_802_11_ASSOCIATION_INFORMATION
);
286 // Association don't need to report MAC address
287 pAd
->StaCfg
.AssocInfo
.AvailableRequestFixedIEs
=
288 NDIS_802_11_AI_REQFI_CAPABILITIES
| NDIS_802_11_AI_REQFI_LISTENINTERVAL
;
289 pAd
->StaCfg
.AssocInfo
.RequestFixedIEs
.Capabilities
= CapabilityInfo
;
290 pAd
->StaCfg
.AssocInfo
.RequestFixedIEs
.ListenInterval
= ListenIntv
;
291 // Only reassociate need this
292 //COPY_MAC_ADDR(pAd->StaCfg.AssocInfo.RequestFixedIEs.CurrentAPAddress, ApAddr);
293 pAd
->StaCfg
.AssocInfo
.OffsetRequestIEs
= sizeof(NDIS_802_11_ASSOCIATION_INFORMATION
);
295 NdisZeroMemory(pAd
->StaCfg
.ReqVarIEs
, MAX_VIE_LEN
);
298 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, &SsidIe
, 1);
300 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, &pAd
->MlmeAux
.SsidLen
, 1);
302 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, pAd
->MlmeAux
.Ssid
, pAd
->MlmeAux
.SsidLen
);
303 VarIesOffset
+= pAd
->MlmeAux
.SsidLen
;
305 // Second add Supported rates
306 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, &SupRateIe
, 1);
308 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, &pAd
->MlmeAux
.SupRateLen
, 1);
310 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, pAd
->MlmeAux
.SupRate
, pAd
->MlmeAux
.SupRateLen
);
311 VarIesOffset
+= pAd
->MlmeAux
.SupRateLen
;
314 if ((pAd
->CommonCfg
.Channel
> 14) &&
315 (pAd
->CommonCfg
.bIEEE80211H
== TRUE
))
316 CapabilityInfo
|= 0x0100;
318 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - Send ASSOC request...\n"));
319 MgtMacHeaderInit(pAd
, &AssocHdr
, SUBTYPE_ASSOC_REQ
, 0, ApAddr
, ApAddr
);
321 // Build basic frame first
322 MakeOutgoingFrame(pOutBuffer
, &FrameLen
,
323 sizeof(HEADER_802_11
), &AssocHdr
,
327 1, &pAd
->MlmeAux
.SsidLen
,
328 pAd
->MlmeAux
.SsidLen
, pAd
->MlmeAux
.Ssid
,
330 1, &pAd
->MlmeAux
.SupRateLen
,
331 pAd
->MlmeAux
.SupRateLen
, pAd
->MlmeAux
.SupRate
,
334 if (pAd
->MlmeAux
.ExtRateLen
!= 0)
336 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
338 1, &pAd
->MlmeAux
.ExtRateLen
,
339 pAd
->MlmeAux
.ExtRateLen
, pAd
->MlmeAux
.ExtRate
,
344 #ifdef DOT11_N_SUPPORT
346 if ((pAd
->MlmeAux
.HtCapabilityLen
> 0) && (pAd
->CommonCfg
.PhyMode
>= PHY_11ABGN_MIXED
))
350 UCHAR BROADCOM
[4] = {0x0, 0x90, 0x4c, 0x33};
351 if (pAd
->StaActive
.SupportedPhyInfo
.bPreNHt
== TRUE
)
353 HtLen
= SIZE_HT_CAP_IE
+ 4;
354 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &TmpLen
,
358 pAd
->MlmeAux
.HtCapabilityLen
, &pAd
->MlmeAux
.HtCapability
,
364 HT_CAPABILITY_IE HtCapabilityTmp
;
367 #ifndef RT_BIG_ENDIAN
368 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &TmpLen
,
370 1, &pAd
->MlmeAux
.HtCapabilityLen
,
371 pAd
->MlmeAux
.HtCapabilityLen
, &pAd
->MlmeAux
.HtCapability
,
374 NdisZeroMemory(&HtCapabilityTmp
, sizeof(HT_CAPABILITY_IE
));
375 NdisMoveMemory(&HtCapabilityTmp
, &pAd
->MlmeAux
.HtCapability
, pAd
->MlmeAux
.HtCapabilityLen
);
376 *(USHORT
*)(&HtCapabilityTmp
.HtCapInfo
) = SWAP16(*(USHORT
*)(&HtCapabilityTmp
.HtCapInfo
));
377 *(USHORT
*)(&HtCapabilityTmp
.ExtHtCapInfo
) = SWAP16(*(USHORT
*)(&HtCapabilityTmp
.ExtHtCapInfo
));
379 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &TmpLen
,
381 1, &pAd
->MlmeAux
.HtCapabilityLen
,
382 pAd
->MlmeAux
.HtCapabilityLen
,&HtCapabilityTmp
,
388 #endif // DOT11_N_SUPPORT //
390 // add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION
391 // Case I: (Aggregation + Piggy-Back)
392 // 1. user enable aggregation, AND
393 // 2. Mac support piggy-back
394 // 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON
395 // Case II: (Aggregation)
396 // 1. user enable aggregation, AND
397 // 2. AP annouces it's AGGREGATION-capable in BEACON
398 if (pAd
->CommonCfg
.bAggregationCapable
)
400 if ((pAd
->CommonCfg
.bPiggyBackCapable
) && ((pAd
->MlmeAux
.APRalinkIe
& 0x00000003) == 3))
403 UCHAR RalinkIe
[9] = {IE_VENDOR_SPECIFIC
, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00};
404 MakeOutgoingFrame(pOutBuffer
+FrameLen
, &TmpLen
,
409 else if (pAd
->MlmeAux
.APRalinkIe
& 0x00000001)
412 UCHAR RalinkIe
[9] = {IE_VENDOR_SPECIFIC
, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00};
413 MakeOutgoingFrame(pOutBuffer
+FrameLen
, &TmpLen
,
422 UCHAR RalinkIe
[9] = {IE_VENDOR_SPECIFIC
, 7, 0x00, 0x0c, 0x43, 0x06, 0x00, 0x00, 0x00};
423 MakeOutgoingFrame(pOutBuffer
+FrameLen
, &TmpLen
,
429 if (pAd
->MlmeAux
.APEdcaParm
.bValid
)
431 if (pAd
->CommonCfg
.bAPSDCapable
&& pAd
->MlmeAux
.APEdcaParm
.bAPSDCapable
)
433 QBSS_STA_INFO_PARM QosInfo
;
435 NdisZeroMemory(&QosInfo
, sizeof(QBSS_STA_INFO_PARM
));
436 QosInfo
.UAPSD_AC_BE
= pAd
->CommonCfg
.bAPSDAC_BE
;
437 QosInfo
.UAPSD_AC_BK
= pAd
->CommonCfg
.bAPSDAC_BK
;
438 QosInfo
.UAPSD_AC_VI
= pAd
->CommonCfg
.bAPSDAC_VI
;
439 QosInfo
.UAPSD_AC_VO
= pAd
->CommonCfg
.bAPSDAC_VO
;
440 QosInfo
.MaxSPLength
= pAd
->CommonCfg
.MaxSPLength
;
441 WmeIe
[8] |= *(PUCHAR
)&QosInfo
;
445 // The Parameter Set Count is set to ¡§0¡¨ in the association request frames
446 // WmeIe[8] |= (pAd->MlmeAux.APEdcaParm.EdcaUpdateCount & 0x0f);
449 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
456 // Let WPA(#221) Element ID on the end of this association frame.
457 // Otherwise some AP will fail on parsing Element ID and set status fail on Assoc Rsp.
458 // For example: Put Vendor Specific IE on the front of WPA IE.
459 // This happens on AP (Model No:Linksys WRK54G)
461 if (((pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPAPSK
) ||
462 (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA2PSK
) ||
463 (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA
) ||
464 (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA2
)
468 UCHAR RSNIe
= IE_WPA
;
470 if ((pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA2PSK
) ||
471 (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA2
))
476 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
478 if (pAd
->StaCfg
.WpaSupplicantUP
!= 1)
479 #endif // SIOCSIWGENIE //
480 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
481 RTMPMakeRSNIE(pAd
, pAd
->StaCfg
.AuthMode
, pAd
->StaCfg
.WepStatus
, BSS0
);
483 // Check for WPA PMK cache list
484 if (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA2
)
487 BOOLEAN FoundPMK
= FALSE
;
488 // Search chched PMKID, append it if existed
489 for (idx
= 0; idx
< PMKID_NO
; idx
++)
491 if (NdisEqualMemory(ApAddr
, &pAd
->StaCfg
.SavedPMK
[idx
].BSSID
, 6))
501 *(PUSHORT
) &pAd
->StaCfg
.RSN_IE
[pAd
->StaCfg
.RSNIE_Len
] = 1;
502 NdisMoveMemory(&pAd
->StaCfg
.RSN_IE
[pAd
->StaCfg
.RSNIE_Len
+ 2], &pAd
->StaCfg
.SavedPMK
[idx
].PMKID
, 16);
503 pAd
->StaCfg
.RSNIE_Len
+= 18;
507 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
509 if (pAd
->StaCfg
.WpaSupplicantUP
== 1)
511 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
512 pAd
->StaCfg
.RSNIE_Len
, pAd
->StaCfg
.RSN_IE
,
517 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
519 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
521 1, &pAd
->StaCfg
.RSNIE_Len
,
522 pAd
->StaCfg
.RSNIE_Len
, pAd
->StaCfg
.RSN_IE
,
528 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
530 if (pAd
->StaCfg
.WpaSupplicantUP
!= 1)
532 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
534 // Append Variable IE
535 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, &RSNIe
, 1);
537 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, &pAd
->StaCfg
.RSNIE_Len
, 1);
540 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, pAd
->StaCfg
.RSN_IE
, pAd
->StaCfg
.RSNIE_Len
);
541 VarIesOffset
+= pAd
->StaCfg
.RSNIE_Len
;
543 // Set Variable IEs Length
544 pAd
->StaCfg
.ReqVarIELen
= VarIesOffset
;
547 // We have update that at PeerBeaconAtJoinRequest()
548 CkipFlag
= pAd
->StaCfg
.CkipFlag
;
551 NdisZeroMemory(CkipNegotiationBuffer
, CKIP_NEGOTIATION_LENGTH
);
552 CkipNegotiationBuffer
[2] = 0x66;
553 // Make it try KP & MIC, since we have to follow the result from AssocRsp
554 CkipNegotiationBuffer
[8] = 0x18;
555 CkipNegotiationBuffer
[CKIP_NEGOTIATION_LENGTH
- 1] = 0x22;
558 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
561 AironetCkipLen
, CkipNegotiationBuffer
,
566 // Add CCX v2 request if CCX2 admin state is on
567 if (pAd
->StaCfg
.CCXControl
.field
.Enable
== 1)
571 // Add AironetIPAddressIE for Cisco CCX 2.X
574 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
575 1, &AironetIPAddressIE
,
576 1, &AironetIPAddressLen
,
577 AironetIPAddressLen
, AironetIPAddressBuffer
,
585 // Add CipherSuite CCKM or LeapTkip if setting.
588 if (LEAP_CCKM_ON(pAd
))
590 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
591 CipherSuiteCiscoCCKMLen
, CipherSuiteCiscoCCKM
,
596 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, CipherSuiteCiscoCCKM
, CipherSuiteCiscoCCKMLen
); //Save CipherSuite
597 VarIesOffset
+= CipherSuiteCiscoCCKMLen
;
599 else if ((pAd
->StaCfg
.LeapAuthMode
== CISCO_AuthModeLEAP
) && (pAd
->StaCfg
.WepStatus
== Ndis802_11Encryption2Enabled
))
601 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
602 CipherSuiteCCXTkipLen
, CipherSuiteCCXTkip
,
607 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, CipherSuiteCCXTkip
, CipherSuiteCCXTkipLen
);
608 VarIesOffset
+= CipherSuiteCCXTkipLen
;
610 #endif // LEAP_SUPPORT //
612 // Add by James 03/06/27
613 // Set Variable IEs Length
614 pAd
->StaCfg
.ReqVarIELen
= VarIesOffset
;
615 pAd
->StaCfg
.AssocInfo
.RequestIELength
= VarIesOffset
;
617 // OffsetResponseIEs follow ReqVarIE
618 pAd
->StaCfg
.AssocInfo
.OffsetResponseIEs
= sizeof(NDIS_802_11_ASSOCIATION_INFORMATION
) + pAd
->StaCfg
.ReqVarIELen
;
623 MiniportMMRequest(pAd
, 0, pOutBuffer
, FrameLen
);
624 MlmeFreeMemory(pAd
, pOutBuffer
);
626 RTMPSetTimer(&pAd
->MlmeAux
.AssocTimer
, Timeout
);
627 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_WAIT_RSP
;
631 DBGPRINT(RT_DEBUG_TRACE
,("ASSOC - MlmeAssocReqAction() sanity check failed. BUG!!!!!! \n"));
632 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
633 Status
= MLME_INVALID_FORMAT
;
634 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_ASSOC_CONF
, 2, &Status
);
640 ==========================================================================
642 mlme reassoc req handling procedure
646 -# SSID (Adapter->StaCfg.ssid[])
647 -# BSSID (AP address, Adapter->StaCfg.bssid)
648 -# Supported rates (Adapter->StaCfg.supported_rates[])
649 -# Supported rates length (Adapter->StaCfg.supported_rates_len)
650 -# Tx power (Adapter->StaCfg.tx_power)
652 IRQL = DISPATCH_LEVEL
654 ==========================================================================
656 VOID
MlmeReassocReqAction(
657 IN PRTMP_ADAPTER pAd
,
658 IN MLME_QUEUE_ELEM
*Elem
)
661 HEADER_802_11 ReassocHdr
;
663 UCHAR WmeIe
[9] = {IE_VENDOR_SPECIFIC
, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00};
664 USHORT CapabilityInfo
, ListenIntv
;
667 BOOLEAN TimerCancelled
;
670 PUCHAR pOutBuffer
= NULL
;
674 UCHAR CkipNegotiationBuffer
[CKIP_NEGOTIATION_LENGTH
];
675 UCHAR AironetCkipIe
= IE_AIRONET_CKIP
;
676 UCHAR AironetCkipLen
= CKIP_NEGOTIATION_LENGTH
;
677 UCHAR AironetIPAddressIE
= IE_AIRONET_IPADDRESS
;
678 UCHAR AironetIPAddressLen
= AIRONET_IPADDRESS_LENGTH
;
679 UCHAR AironetIPAddressBuffer
[AIRONET_IPADDRESS_LENGTH
] = {0x00, 0x40, 0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00};
680 UCHAR AironetCCKMReassocIE
= IE_AIRONET_CCKMREASSOC
;
681 UCHAR AironetCCKMReassocLen
= AIRONET_CCKMREASSOC_LENGTH
;
682 UCHAR AironetCCKMReassocBuffer
[AIRONET_CCKMREASSOC_LENGTH
];
683 UCHAR AironetOUI
[] = {0x00, 0x40, 0x96, 0x00};
685 UCHAR CalcMicBuffer
[80];
686 ULONG CalcMicBufferLen
= 0;
687 #endif // LEAP_SUPPORT //
690 // Block all authentication request durning WPA block period
691 if (pAd
->StaCfg
.bBlockAssoc
== TRUE
)
693 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - Block ReAssoc request durning WPA block period!\n"));
694 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
695 Status
= MLME_STATE_MACHINE_REJECT
;
696 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_REASSOC_CONF
, 2, &Status
);
698 // the parameters are the same as the association
699 else if(MlmeAssocReqSanity(pAd
, Elem
->Msg
, Elem
->MsgLen
, ApAddr
, &CapabilityInfo
, &Timeout
, &ListenIntv
))
701 RTMPCancelTimer(&pAd
->MlmeAux
.ReassocTimer
, &TimerCancelled
);
703 NStatus
= MlmeAllocateMemory(pAd
, &pOutBuffer
); //Get an unused nonpaged memory
704 if(NStatus
!= NDIS_STATUS_SUCCESS
)
706 DBGPRINT(RT_DEBUG_TRACE
,("ASSOC - MlmeReassocReqAction() allocate memory failed \n"));
707 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
708 Status
= MLME_FAIL_NO_RESOURCE
;
709 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_REASSOC_CONF
, 2, &Status
);
713 COPY_MAC_ADDR(pAd
->MlmeAux
.Bssid
, ApAddr
);
715 // make frame, use bssid as the AP address??
716 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - Send RE-ASSOC request...\n"));
717 MgtMacHeaderInit(pAd
, &ReassocHdr
, SUBTYPE_REASSOC_REQ
, 0, ApAddr
, ApAddr
);
718 MakeOutgoingFrame(pOutBuffer
, &FrameLen
,
719 sizeof(HEADER_802_11
), &ReassocHdr
,
722 MAC_ADDR_LEN
, ApAddr
,
724 1, &pAd
->MlmeAux
.SsidLen
,
725 pAd
->MlmeAux
.SsidLen
, pAd
->MlmeAux
.Ssid
,
727 1, &pAd
->MlmeAux
.SupRateLen
,
728 pAd
->MlmeAux
.SupRateLen
, pAd
->MlmeAux
.SupRate
,
731 if (pAd
->MlmeAux
.ExtRateLen
!= 0)
733 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
735 1, &pAd
->MlmeAux
.ExtRateLen
,
736 pAd
->MlmeAux
.ExtRateLen
, pAd
->MlmeAux
.ExtRate
,
741 if (pAd
->MlmeAux
.APEdcaParm
.bValid
)
743 if (pAd
->CommonCfg
.bAPSDCapable
&& pAd
->MlmeAux
.APEdcaParm
.bAPSDCapable
)
745 QBSS_STA_INFO_PARM QosInfo
;
747 NdisZeroMemory(&QosInfo
, sizeof(QBSS_STA_INFO_PARM
));
748 QosInfo
.UAPSD_AC_BE
= pAd
->CommonCfg
.bAPSDAC_BE
;
749 QosInfo
.UAPSD_AC_BK
= pAd
->CommonCfg
.bAPSDAC_BK
;
750 QosInfo
.UAPSD_AC_VI
= pAd
->CommonCfg
.bAPSDAC_VI
;
751 QosInfo
.UAPSD_AC_VO
= pAd
->CommonCfg
.bAPSDAC_VO
;
752 QosInfo
.MaxSPLength
= pAd
->CommonCfg
.MaxSPLength
;
753 WmeIe
[8] |= *(PUCHAR
)&QosInfo
;
756 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
762 #ifdef DOT11_N_SUPPORT
764 if ((pAd
->MlmeAux
.HtCapabilityLen
> 0) && (pAd
->CommonCfg
.PhyMode
>= PHY_11ABGN_MIXED
))
768 UCHAR BROADCOM
[4] = {0x0, 0x90, 0x4c, 0x33};
769 if (pAd
->StaActive
.SupportedPhyInfo
.bPreNHt
== TRUE
)
771 HtLen
= SIZE_HT_CAP_IE
+ 4;
772 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &TmpLen
,
776 pAd
->MlmeAux
.HtCapabilityLen
, &pAd
->MlmeAux
.HtCapability
,
781 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &TmpLen
,
783 1, &pAd
->MlmeAux
.HtCapabilityLen
,
784 pAd
->MlmeAux
.HtCapabilityLen
, &pAd
->MlmeAux
.HtCapability
,
789 #endif // DOT11_N_SUPPORT //
791 // add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION
792 // Case I: (Aggregation + Piggy-Back)
793 // 1. user enable aggregation, AND
794 // 2. Mac support piggy-back
795 // 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON
796 // Case II: (Aggregation)
797 // 1. user enable aggregation, AND
798 // 2. AP annouces it's AGGREGATION-capable in BEACON
799 if (pAd
->CommonCfg
.bAggregationCapable
)
801 if ((pAd
->CommonCfg
.bPiggyBackCapable
) && ((pAd
->MlmeAux
.APRalinkIe
& 0x00000003) == 3))
804 UCHAR RalinkIe
[9] = {IE_VENDOR_SPECIFIC
, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00};
805 MakeOutgoingFrame(pOutBuffer
+FrameLen
, &TmpLen
,
810 else if (pAd
->MlmeAux
.APRalinkIe
& 0x00000001)
813 UCHAR RalinkIe
[9] = {IE_VENDOR_SPECIFIC
, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00};
814 MakeOutgoingFrame(pOutBuffer
+FrameLen
, &TmpLen
,
823 UCHAR RalinkIe
[9] = {IE_VENDOR_SPECIFIC
, 7, 0x00, 0x0c, 0x43, 0x04, 0x00, 0x00, 0x00};
824 MakeOutgoingFrame(pOutBuffer
+FrameLen
, &TmpLen
,
830 if (LEAP_CCKM_ON(pAd
) && (pAd
->StaCfg
.CCKMLinkUpFlag
== TRUE
))
832 CkipFlag
= pAd
->StaCfg
.CkipFlag
; // We have update that at PeerBeaconAtJoinRequest()
835 NdisZeroMemory(CkipNegotiationBuffer
, CKIP_NEGOTIATION_LENGTH
);
836 CkipNegotiationBuffer
[2] = 0x66;
837 // Make it try KP & MIC, since we have to follow the result from AssocRsp
838 CkipNegotiationBuffer
[8] = 0x18;
839 CkipNegotiationBuffer
[CKIP_NEGOTIATION_LENGTH
- 1] = 0x22;
841 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
844 AironetCkipLen
, CkipNegotiationBuffer
,
849 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
850 1, &AironetIPAddressIE
,
851 1, &AironetIPAddressLen
,
852 AironetIPAddressLen
, AironetIPAddressBuffer
,
857 // The RN is incremented before each reassociation request.
859 pAd
->StaCfg
.CCKMRN
++;
861 // Calculate MIC = hmac-md5(krk, STA-ID|BSSID|RSNIE|TSF|RN);
863 COPY_MAC_ADDR(CalcMicBuffer
, pAd
->CurrentAddress
);
864 CalcMicBufferLen
= MAC_ADDR_LEN
;
865 COPY_MAC_ADDR(CalcMicBuffer
+ CalcMicBufferLen
, pAd
->MlmeAux
.Bssid
);
866 CalcMicBufferLen
+= MAC_ADDR_LEN
;
867 NdisMoveMemory(CalcMicBuffer
+ CalcMicBufferLen
, CipherSuiteCiscoCCKM
, CipherSuiteCiscoCCKMLen
);
868 CalcMicBufferLen
+= CipherSuiteCiscoCCKMLen
;
869 NdisMoveMemory(CalcMicBuffer
+ CalcMicBufferLen
, (PUCHAR
) &pAd
->StaCfg
.CCKMBeaconAtJoinTimeStamp
, sizeof(pAd
->StaCfg
.CCKMBeaconAtJoinTimeStamp
));
870 CalcMicBufferLen
+= sizeof(pAd
->StaCfg
.CCKMBeaconAtJoinTimeStamp
);
871 NdisMoveMemory(CalcMicBuffer
+ CalcMicBufferLen
, (PUCHAR
)&pAd
->StaCfg
.CCKMRN
, sizeof(pAd
->StaCfg
.CCKMRN
));
872 CalcMicBufferLen
+= sizeof(pAd
->StaCfg
.CCKMRN
);
873 hmac_md5(pAd
->StaCfg
.KRK
, LEN_EAP_MICK
, CalcMicBuffer
, CalcMicBufferLen
, MICMN
);
876 // fill up CCKM reassociation request element
878 NdisMoveMemory(AironetCCKMReassocBuffer
, AironetOUI
, 4);
879 NdisMoveMemory(AironetCCKMReassocBuffer
+ 4, (PUCHAR
)&pAd
->StaCfg
.CCKMBeaconAtJoinTimeStamp
, 8);
880 NdisMoveMemory(AironetCCKMReassocBuffer
+ 12, (PUCHAR
) &pAd
->StaCfg
.CCKMRN
, 4);
881 NdisMoveMemory(AironetCCKMReassocBuffer
+16, MICMN
, 8);
883 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
884 1, &AironetCCKMReassocIE
,
885 1, &AironetCCKMReassocLen
,
886 AironetCCKMReassocLen
, AironetCCKMReassocBuffer
,
890 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
891 CipherSuiteCiscoCCKMLen
,CipherSuiteCiscoCCKM
,
895 #endif // LEAP_SUPPORT //
897 // Add CCX v2 request if CCX2 admin state is on
898 if (pAd
->StaCfg
.CCXControl
.field
.Enable
== 1)
903 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
911 MiniportMMRequest(pAd
, 0, pOutBuffer
, FrameLen
);
912 MlmeFreeMemory(pAd
, pOutBuffer
);
914 RTMPSetTimer(&pAd
->MlmeAux
.ReassocTimer
, Timeout
); /* in mSec */
915 pAd
->Mlme
.AssocMachine
.CurrState
= REASSOC_WAIT_RSP
;
919 DBGPRINT(RT_DEBUG_TRACE
,("ASSOC - MlmeReassocReqAction() sanity check failed. BUG!!!! \n"));
920 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
921 Status
= MLME_INVALID_FORMAT
;
922 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_REASSOC_CONF
, 2, &Status
);
927 ==========================================================================
929 Upper layer issues disassoc request
935 ==========================================================================
937 VOID
MlmeDisassocReqAction(
938 IN PRTMP_ADAPTER pAd
,
939 IN MLME_QUEUE_ELEM
*Elem
)
941 PMLME_DISASSOC_REQ_STRUCT pDisassocReq
;
942 HEADER_802_11 DisassocHdr
;
943 PHEADER_802_11 pDisassocHdr
;
944 PUCHAR pOutBuffer
= NULL
;
947 BOOLEAN TimerCancelled
;
951 #ifdef QOS_DLS_SUPPORT
952 // send DLS-TEAR_DOWN message,
953 if (pAd
->CommonCfg
.bDLSCapable
)
957 // tear down local dls table entry
958 for (i
=0; i
<MAX_NUM_OF_INIT_DLS_ENTRY
; i
++)
960 if (pAd
->StaCfg
.DLSEntry
[i
].Valid
&& (pAd
->StaCfg
.DLSEntry
[i
].Status
== DLS_FINISH
))
962 RTMPSendDLSTearDownFrame(pAd
, pAd
->StaCfg
.DLSEntry
[i
].MacAddr
);
963 pAd
->StaCfg
.DLSEntry
[i
].Status
= DLS_NONE
;
964 pAd
->StaCfg
.DLSEntry
[i
].Valid
= FALSE
;
968 // tear down peer dls table entry
969 for (i
=MAX_NUM_OF_INIT_DLS_ENTRY
; i
<MAX_NUM_OF_DLS_ENTRY
; i
++)
971 if (pAd
->StaCfg
.DLSEntry
[i
].Valid
&& (pAd
->StaCfg
.DLSEntry
[i
].Status
== DLS_FINISH
))
973 RTMPSendDLSTearDownFrame(pAd
, pAd
->StaCfg
.DLSEntry
[i
].MacAddr
);
974 pAd
->StaCfg
.DLSEntry
[i
].Status
= DLS_NONE
;
975 pAd
->StaCfg
.DLSEntry
[i
].Valid
= FALSE
;
979 #endif // QOS_DLS_SUPPORT //
982 pDisassocReq
= (PMLME_DISASSOC_REQ_STRUCT
)(Elem
->Msg
);
984 NStatus
= MlmeAllocateMemory(pAd
, &pOutBuffer
); //Get an unused nonpaged memory
985 if (NStatus
!= NDIS_STATUS_SUCCESS
)
987 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - MlmeDisassocReqAction() allocate memory failed\n"));
988 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
989 Status
= MLME_FAIL_NO_RESOURCE
;
990 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_DISASSOC_CONF
, 2, &Status
);
996 RTMPCancelTimer(&pAd
->MlmeAux
.DisassocTimer
, &TimerCancelled
);
998 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - Send DISASSOC request[BSSID::%02x:%02x:%02x:%02x:%02x:%02x (Reason=%d)\n",
999 pDisassocReq
->Addr
[0], pDisassocReq
->Addr
[1], pDisassocReq
->Addr
[2],
1000 pDisassocReq
->Addr
[3], pDisassocReq
->Addr
[4], pDisassocReq
->Addr
[5], pDisassocReq
->Reason
));
1001 MgtMacHeaderInit(pAd
, &DisassocHdr
, SUBTYPE_DISASSOC
, 0, pDisassocReq
->Addr
, pDisassocReq
->Addr
); // patch peap ttls switching issue
1002 MakeOutgoingFrame(pOutBuffer
, &FrameLen
,
1003 sizeof(HEADER_802_11
),&DisassocHdr
,
1004 2, &pDisassocReq
->Reason
,
1006 MiniportMMRequest(pAd
, 0, pOutBuffer
, FrameLen
);
1008 // To patch Instance and Buffalo(N) AP
1009 // Driver has to send deauth to Instance AP, but Buffalo(N) needs to send disassoc to reset Authenticator's state machine
1010 // Therefore, we send both of them.
1011 pDisassocHdr
= (PHEADER_802_11
)pOutBuffer
;
1012 pDisassocHdr
->FC
.SubType
= SUBTYPE_DEAUTH
;
1013 MiniportMMRequest(pAd
, 0, pOutBuffer
, FrameLen
);
1015 MlmeFreeMemory(pAd
, pOutBuffer
);
1017 pAd
->StaCfg
.DisassocReason
= REASON_DISASSOC_STA_LEAVING
;
1018 COPY_MAC_ADDR(pAd
->StaCfg
.DisassocSta
, pDisassocReq
->Addr
);
1020 RTMPSetTimer(&pAd
->MlmeAux
.DisassocTimer
, Timeout
); /* in mSec */
1021 pAd
->Mlme
.AssocMachine
.CurrState
= DISASSOC_WAIT_RSP
;
1023 #ifdef WPA_SUPPLICANT_SUPPORT
1024 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
1025 if (pAd
->StaCfg
.WpaSupplicantUP
!= WPA_SUPPLICANT_DISABLE
)
1027 union iwreq_data wrqu
;
1028 //send disassociate event to wpa_supplicant
1029 memset(&wrqu
, 0, sizeof(wrqu
));
1030 wrqu
.data
.flags
= RT_DISASSOC_EVENT_FLAG
;
1031 wireless_send_event(pAd
->net_dev
, IWEVCUSTOM
, &wrqu
, NULL
);
1033 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1034 #endif // WPA_SUPPLICANT_SUPPORT //
1036 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
1038 union iwreq_data wrqu
;
1039 memset(wrqu
.ap_addr
.sa_data
, 0, MAC_ADDR_LEN
);
1040 wireless_send_event(pAd
->net_dev
, SIOCGIWAP
, &wrqu
, NULL
);
1042 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1047 ==========================================================================
1049 peer sends assoc rsp back
1051 Elme - MLME message containing the received frame
1053 IRQL = DISPATCH_LEVEL
1055 ==========================================================================
1057 VOID
PeerAssocRspAction(
1058 IN PRTMP_ADAPTER pAd
,
1059 IN MLME_QUEUE_ELEM
*Elem
)
1061 USHORT CapabilityInfo
, Status
, Aid
;
1062 UCHAR SupRate
[MAX_LEN_OF_SUPPORTED_RATES
], SupRateLen
;
1063 UCHAR ExtRate
[MAX_LEN_OF_SUPPORTED_RATES
], ExtRateLen
;
1064 UCHAR Addr2
[MAC_ADDR_LEN
];
1065 BOOLEAN TimerCancelled
;
1068 HT_CAPABILITY_IE HtCapability
;
1069 ADD_HT_INFO_IE AddHtInfo
; // AP might use this additional ht info IE
1070 UCHAR HtCapabilityLen
;
1072 UCHAR NewExtChannelOffset
= 0xff;
1074 if (PeerAssocRspSanity(pAd
, Elem
->Msg
, Elem
->MsgLen
, Addr2
, &CapabilityInfo
, &Status
, &Aid
, SupRate
, &SupRateLen
, ExtRate
, &ExtRateLen
,
1075 &HtCapability
,&AddHtInfo
, &HtCapabilityLen
,&AddHtInfoLen
,&NewExtChannelOffset
, &EdcaParm
, &CkipFlag
))
1077 // The frame is for me ?
1078 if(MAC_ADDR_EQUAL(Addr2
, pAd
->MlmeAux
.Bssid
))
1080 DBGPRINT(RT_DEBUG_TRACE
, ("PeerAssocRspAction():ASSOC - receive ASSOC_RSP to me (status=%d)\n", Status
));
1081 #ifdef DOT11_N_SUPPORT
1082 DBGPRINT(RT_DEBUG_TRACE
, ("PeerAssocRspAction():MacTable [%d].AMsduSize = %d. ClientStatusFlags = 0x%lx \n",Elem
->Wcid
, pAd
->MacTab
.Content
[BSSID_WCID
].AMsduSize
, pAd
->MacTab
.Content
[BSSID_WCID
].ClientStatusFlags
));
1083 #endif // DOT11_N_SUPPORT //
1084 RTMPCancelTimer(&pAd
->MlmeAux
.AssocTimer
, &TimerCancelled
);
1085 if(Status
== MLME_SUCCESS
)
1087 // go to procedure listed on page 376
1088 AssocPostProc(pAd
, Addr2
, CapabilityInfo
, Aid
, SupRate
, SupRateLen
, ExtRate
, ExtRateLen
,
1089 &EdcaParm
, &HtCapability
, HtCapabilityLen
, &AddHtInfo
);
1091 #ifdef WPA_SUPPLICANT_SUPPORT
1092 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
1093 if (pAd
->StaCfg
.WpaSupplicantUP
!= WPA_SUPPLICANT_DISABLE
)
1095 union iwreq_data wrqu
;
1097 SendAssocIEsToWpaSupplicant(pAd
);
1098 memset(&wrqu
, 0, sizeof(wrqu
));
1099 wrqu
.data
.flags
= RT_ASSOC_EVENT_FLAG
;
1100 wireless_send_event(pAd
->net_dev
, IWEVCUSTOM
, &wrqu
, NULL
);
1102 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1103 #endif // WPA_SUPPLICANT_SUPPORT //
1105 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
1107 union iwreq_data wrqu
;
1108 wext_notify_event_assoc(pAd
);
1110 memset(wrqu
.ap_addr
.sa_data
, 0, MAC_ADDR_LEN
);
1111 memcpy(wrqu
.ap_addr
.sa_data
, pAd
->MlmeAux
.Bssid
, MAC_ADDR_LEN
);
1112 wireless_send_event(pAd
->net_dev
, SIOCGIWAP
, &wrqu
, NULL
);
1115 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1118 pAd
->StaCfg
.CkipFlag
= CkipFlag
;
1119 if (CkipFlag
& 0x18)
1121 NdisZeroMemory(pAd
->StaCfg
.TxSEQ
, 4);
1122 NdisZeroMemory(pAd
->StaCfg
.RxSEQ
, 4);
1123 NdisZeroMemory(pAd
->StaCfg
.CKIPMIC
, 4);
1124 pAd
->StaCfg
.GIV
[0] = RandomByte(pAd
);
1125 pAd
->StaCfg
.GIV
[1] = RandomByte(pAd
);
1126 pAd
->StaCfg
.GIV
[2] = RandomByte(pAd
);
1127 pAd
->StaCfg
.bCkipOn
= TRUE
;
1128 DBGPRINT(RT_DEBUG_TRACE
, ("<CCX> pAd->StaCfg.CkipFlag = 0x%02x\n", pAd
->StaCfg
.CkipFlag
));
1133 // Faile on Association, we need to check the status code
1134 // Is that a Rogue AP?
1136 if ((pAd
->StaCfg
.LeapAuthMode
== CISCO_AuthModeLEAP
) && (Status
== MLME_ALG_NOT_SUPPORT
))
1137 { //Possibly Rogue AP
1138 RogueApTableSetEntry(pAd
, &pAd
->StaCfg
.RogueApTab
, pAd
->MlmeAux
.Bssid
, LEAP_REASON_INVALID_AUTH
);
1140 #endif // LEAP_SUPPORT //
1142 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1143 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_ASSOC_CONF
, 2, &Status
);
1148 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - PeerAssocRspAction() sanity check fail\n"));
1153 ==========================================================================
1155 peer sends reassoc rsp
1157 Elem - MLME message cntaining the received frame
1159 IRQL = DISPATCH_LEVEL
1161 ==========================================================================
1163 VOID
PeerReassocRspAction(
1164 IN PRTMP_ADAPTER pAd
,
1165 IN MLME_QUEUE_ELEM
*Elem
)
1167 USHORT CapabilityInfo
;
1170 UCHAR SupRate
[MAX_LEN_OF_SUPPORTED_RATES
], SupRateLen
;
1171 UCHAR ExtRate
[MAX_LEN_OF_SUPPORTED_RATES
], ExtRateLen
;
1172 UCHAR Addr2
[MAC_ADDR_LEN
];
1174 BOOLEAN TimerCancelled
;
1176 HT_CAPABILITY_IE HtCapability
;
1177 ADD_HT_INFO_IE AddHtInfo
; // AP might use this additional ht info IE
1178 UCHAR HtCapabilityLen
;
1180 UCHAR NewExtChannelOffset
= 0xff;
1182 if(PeerAssocRspSanity(pAd
, Elem
->Msg
, Elem
->MsgLen
, Addr2
, &CapabilityInfo
, &Status
, &Aid
, SupRate
, &SupRateLen
, ExtRate
, &ExtRateLen
,
1183 &HtCapability
, &AddHtInfo
, &HtCapabilityLen
, &AddHtInfoLen
,&NewExtChannelOffset
, &EdcaParm
, &CkipFlag
))
1185 if(MAC_ADDR_EQUAL(Addr2
, pAd
->MlmeAux
.Bssid
)) // The frame is for me ?
1187 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - receive REASSOC_RSP to me (status=%d)\n", Status
));
1188 RTMPCancelTimer(&pAd
->MlmeAux
.ReassocTimer
, &TimerCancelled
);
1190 if(Status
== MLME_SUCCESS
)
1192 // go to procedure listed on page 376
1193 AssocPostProc(pAd
, Addr2
, CapabilityInfo
, Aid
, SupRate
, SupRateLen
, ExtRate
, ExtRateLen
,
1194 &EdcaParm
, &HtCapability
, HtCapabilityLen
, &AddHtInfo
);
1196 #ifdef WPA_SUPPLICANT_SUPPORT
1197 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
1198 if (pAd
->StaCfg
.WpaSupplicantUP
!= WPA_SUPPLICANT_DISABLE
)
1200 union iwreq_data wrqu
;
1202 SendAssocIEsToWpaSupplicant(pAd
);
1203 memset(&wrqu
, 0, sizeof(wrqu
));
1204 wrqu
.data
.flags
= RT_ASSOC_EVENT_FLAG
;
1205 wireless_send_event(pAd
->net_dev
, IWEVCUSTOM
, &wrqu
, NULL
);
1207 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1208 #endif // WPA_SUPPLICANT_SUPPORT //
1210 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
1212 union iwreq_data wrqu
;
1213 wext_notify_event_assoc(pAd
);
1215 memset(wrqu
.ap_addr
.sa_data
, 0, MAC_ADDR_LEN
);
1216 memcpy(wrqu
.ap_addr
.sa_data
, pAd
->MlmeAux
.Bssid
, MAC_ADDR_LEN
);
1217 wireless_send_event(pAd
->net_dev
, SIOCGIWAP
, &wrqu
, NULL
);
1220 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1225 // Cisco Leap CCKM supported Re-association.
1228 if (LEAP_CCKM_ON(pAd
) && (pAd
->StaCfg
.CCKMLinkUpFlag
== TRUE
))
1230 if (CCKMAssocRspSanity(pAd
, Elem
->Msg
, Elem
->MsgLen
) == TRUE
)
1232 pAd
->StaCfg
.CkipFlag
= CkipFlag
;
1233 if (CkipFlag
& 0x18)
1235 NdisZeroMemory(pAd
->StaCfg
.TxSEQ
, 4);
1236 NdisZeroMemory(pAd
->StaCfg
.RxSEQ
, 4);
1237 NdisZeroMemory(pAd
->StaCfg
.CKIPMIC
, 4);
1238 pAd
->StaCfg
.GIV
[0] = RandomByte(pAd
);
1239 pAd
->StaCfg
.GIV
[1] = RandomByte(pAd
);
1240 pAd
->StaCfg
.GIV
[2] = RandomByte(pAd
);
1241 pAd
->StaCfg
.bCkipOn
= TRUE
;
1242 DBGPRINT(RT_DEBUG_TRACE
, ("<CCX> pAd->StaCfg.CkipFlag = 0x%02x\n", pAd
->StaCfg
.CkipFlag
));
1245 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1246 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_REASSOC_CONF
, 2, &Status
);
1250 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - CCKMAssocRspSanity() sanity check fail\n"));
1254 #endif // LEAP_SUPPORT //
1256 // CkipFlag is no use for reassociate
1257 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1258 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_REASSOC_CONF
, 2, &Status
);
1264 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - PeerReassocRspAction() sanity check fail\n"));
1270 ==========================================================================
1272 procedures on IEEE 802.11/1999 p.376
1275 IRQL = DISPATCH_LEVEL
1277 ==========================================================================
1280 IN PRTMP_ADAPTER pAd
,
1282 IN USHORT CapabilityInfo
,
1285 IN UCHAR SupRateLen
,
1287 IN UCHAR ExtRateLen
,
1288 IN PEDCA_PARM pEdcaParm
,
1289 IN HT_CAPABILITY_IE
*pHtCapability
,
1290 IN UCHAR HtCapabilityLen
,
1291 IN ADD_HT_INFO_IE
*pAddHtInfo
) // AP might use this additional ht info IE
1295 pAd
->MlmeAux
.BssType
= BSS_INFRA
;
1296 COPY_MAC_ADDR(pAd
->MlmeAux
.Bssid
, pAddr2
);
1297 pAd
->MlmeAux
.Aid
= Aid
;
1298 pAd
->MlmeAux
.CapabilityInfo
= CapabilityInfo
& SUPPORTED_CAPABILITY_INFO
;
1299 #ifdef DOT11_N_SUPPORT
1300 // Some HT AP might lost WMM IE. We add WMM ourselves. beacuase HT requires QoS on.
1301 if ((HtCapabilityLen
> 0) && (pEdcaParm
->bValid
== FALSE
))
1303 pEdcaParm
->bValid
= TRUE
;
1304 pEdcaParm
->Aifsn
[0] = 3;
1305 pEdcaParm
->Aifsn
[1] = 7;
1306 pEdcaParm
->Aifsn
[2] = 2;
1307 pEdcaParm
->Aifsn
[3] = 2;
1309 pEdcaParm
->Cwmin
[0] = 4;
1310 pEdcaParm
->Cwmin
[1] = 4;
1311 pEdcaParm
->Cwmin
[2] = 3;
1312 pEdcaParm
->Cwmin
[3] = 2;
1314 pEdcaParm
->Cwmax
[0] = 10;
1315 pEdcaParm
->Cwmax
[1] = 10;
1316 pEdcaParm
->Cwmax
[2] = 4;
1317 pEdcaParm
->Cwmax
[3] = 3;
1319 pEdcaParm
->Txop
[0] = 0;
1320 pEdcaParm
->Txop
[1] = 0;
1321 pEdcaParm
->Txop
[2] = 96;
1322 pEdcaParm
->Txop
[3] = 48;
1325 #endif // DOT11_N_SUPPORT //
1327 NdisMoveMemory(&pAd
->MlmeAux
.APEdcaParm
, pEdcaParm
, sizeof(EDCA_PARM
));
1329 // filter out un-supported rates
1330 pAd
->MlmeAux
.SupRateLen
= SupRateLen
;
1331 NdisMoveMemory(pAd
->MlmeAux
.SupRate
, SupRate
, SupRateLen
);
1332 RTMPCheckRates(pAd
, pAd
->MlmeAux
.SupRate
, &pAd
->MlmeAux
.SupRateLen
);
1334 // filter out un-supported rates
1335 pAd
->MlmeAux
.ExtRateLen
= ExtRateLen
;
1336 NdisMoveMemory(pAd
->MlmeAux
.ExtRate
, ExtRate
, ExtRateLen
);
1337 RTMPCheckRates(pAd
, pAd
->MlmeAux
.ExtRate
, &pAd
->MlmeAux
.ExtRateLen
);
1339 #ifdef DOT11_N_SUPPORT
1340 if (HtCapabilityLen
> 0)
1342 RTMPCheckHt(pAd
, BSSID_WCID
, pHtCapability
, pAddHtInfo
);
1344 DBGPRINT(RT_DEBUG_TRACE
, ("AssocPostProc===> AP.AMsduSize = %d. ClientStatusFlags = 0x%lx \n", pAd
->MacTab
.Content
[BSSID_WCID
].AMsduSize
, pAd
->MacTab
.Content
[BSSID_WCID
].ClientStatusFlags
));
1346 DBGPRINT(RT_DEBUG_TRACE
, ("AssocPostProc===> (Mmps=%d, AmsduSize=%d, )\n",
1347 pAd
->MacTab
.Content
[BSSID_WCID
].MmpsMode
, pAd
->MacTab
.Content
[BSSID_WCID
].AMsduSize
));
1348 #endif // DOT11_N_SUPPORT //
1350 // Set New WPA information
1351 Idx
= BssTableSearch(&pAd
->ScanTab
, pAddr2
, pAd
->MlmeAux
.Channel
);
1352 if (Idx
== BSS_NOT_FOUND
)
1354 DBGPRINT_ERR(("ASSOC - Can't find BSS after receiving Assoc response\n"));
1359 pAd
->MacTab
.Content
[BSSID_WCID
].RSNIE_Len
= 0;
1360 NdisZeroMemory(pAd
->MacTab
.Content
[BSSID_WCID
].RSN_IE
, MAX_LEN_OF_RSNIE
);
1362 // Store appropriate RSN_IE for WPA SM negotiation later
1363 if ((pAd
->StaCfg
.AuthMode
>= Ndis802_11AuthModeWPA
) && (pAd
->ScanTab
.BssEntry
[Idx
].VarIELen
!= 0))
1369 pVIE
= pAd
->ScanTab
.BssEntry
[Idx
].VarIEs
;
1370 len
= pAd
->ScanTab
.BssEntry
[Idx
].VarIELen
;
1374 pEid
= (PEID_STRUCT
) pVIE
;
1376 if ((pEid
->Eid
== IE_WPA
) && (NdisEqualMemory(pEid
->Octet
, WPA_OUI
, 4))
1377 && (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA
|| pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPAPSK
))
1379 NdisMoveMemory(pAd
->MacTab
.Content
[BSSID_WCID
].RSN_IE
, pVIE
, (pEid
->Len
+ 2));
1380 pAd
->MacTab
.Content
[BSSID_WCID
].RSNIE_Len
= (pEid
->Len
+ 2);
1381 DBGPRINT(RT_DEBUG_TRACE
, ("AssocPostProc===> Store RSN_IE for WPA SM negotiation \n"));
1384 else if ((pEid
->Eid
== IE_RSN
) && (NdisEqualMemory(pEid
->Octet
+ 2, RSN_OUI
, 3))
1385 && (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA2
|| pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA2PSK
))
1387 NdisMoveMemory(pAd
->MacTab
.Content
[BSSID_WCID
].RSN_IE
, pVIE
, (pEid
->Len
+ 2));
1388 pAd
->MacTab
.Content
[BSSID_WCID
].RSNIE_Len
= (pEid
->Len
+ 2);
1389 DBGPRINT(RT_DEBUG_TRACE
, ("AssocPostProc===> Store RSN_IE for WPA2 SM negotiation \n"));
1392 pVIE
+= (pEid
->Len
+ 2);
1393 len
-= (pEid
->Len
+ 2);
1397 if (pAd
->MacTab
.Content
[BSSID_WCID
].RSNIE_Len
== 0)
1399 DBGPRINT(RT_DEBUG_TRACE
, ("AssocPostProc===> no RSN_IE \n"));
1403 hex_dump("RSN_IE", pAd
->MacTab
.Content
[BSSID_WCID
].RSN_IE
, pAd
->MacTab
.Content
[BSSID_WCID
].RSNIE_Len
);
1409 ==========================================================================
1411 left part of IEEE 802.11/1999 p.374
1413 Elem - MLME message containing the received frame
1415 IRQL = DISPATCH_LEVEL
1417 ==========================================================================
1419 VOID
PeerDisassocAction(
1420 IN PRTMP_ADAPTER pAd
,
1421 IN MLME_QUEUE_ELEM
*Elem
)
1423 UCHAR Addr2
[MAC_ADDR_LEN
];
1426 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - PeerDisassocAction()\n"));
1427 if(PeerDisassocSanity(pAd
, Elem
->Msg
, Elem
->MsgLen
, Addr2
, &Reason
))
1429 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - PeerDisassocAction() Reason = %d\n", Reason
));
1430 if (INFRA_ON(pAd
) && MAC_ADDR_EQUAL(pAd
->CommonCfg
.Bssid
, Addr2
))
1433 if (pAd
->CommonCfg
.bWirelessEvent
)
1435 RTMPSendWirelessEvent(pAd
, IW_DISASSOC_EVENT_FLAG
, pAd
->MacTab
.Content
[BSSID_WCID
].Addr
, BSS0
, 0);
1440 if (pAd
->StaCfg
.LeapAuthMode
== CISCO_AuthModeLEAP
)
1442 // Cisco_LEAP has start a timer
1443 // We should cancel it if using LEAP
1444 RTMPCancelTimer(&pAd
->StaCfg
.LeapAuthTimer
, &TimerCancelled
);
1445 //Check is it mach the LEAP Authentication failed as possible a Rogue AP
1446 //on it's PortSecured not equal to WPA_802_1X_PORT_SECURED while process the Association.
1447 if ((pAd
->Mlme
.LeapMachine
.CurrState
!= LEAP_IDLE
) && (pAd
->StaCfg
.PortSecured
!= WPA_802_1X_PORT_SECURED
))
1449 RogueApTableSetEntry(pAd
, &pAd
->StaCfg
.RogueApTab
, Addr2
, LEAP_REASON_AUTH_TIMEOUT
);
1452 #endif // LEAP_SUPPORT //
1454 // Get Current System time and Turn on AdjacentAPReport
1456 NdisGetSystemUpTime(&pAd
->StaCfg
.CCXAdjacentAPLinkDownTime
);
1457 pAd
->StaCfg
.CCXAdjacentAPReportFlag
= TRUE
;
1458 LinkDown(pAd
, TRUE
);
1459 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1461 #ifdef WPA_SUPPLICANT_SUPPORT
1462 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
1463 if (pAd
->StaCfg
.WpaSupplicantUP
!= WPA_SUPPLICANT_DISABLE
)
1465 union iwreq_data wrqu
;
1466 //send disassociate event to wpa_supplicant
1467 memset(&wrqu
, 0, sizeof(wrqu
));
1468 wrqu
.data
.flags
= RT_DISASSOC_EVENT_FLAG
;
1469 wireless_send_event(pAd
->net_dev
, IWEVCUSTOM
, &wrqu
, NULL
);
1471 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1472 #endif // WPA_SUPPLICANT_SUPPORT //
1474 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
1476 union iwreq_data wrqu
;
1477 memset(wrqu
.ap_addr
.sa_data
, 0, MAC_ADDR_LEN
);
1478 wireless_send_event(pAd
->net_dev
, SIOCGIWAP
, &wrqu
, NULL
);
1480 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1485 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - PeerDisassocAction() sanity check fail\n"));
1491 ==========================================================================
1493 what the state machine will do after assoc timeout
1497 IRQL = DISPATCH_LEVEL
1499 ==========================================================================
1501 VOID
AssocTimeoutAction(
1502 IN PRTMP_ADAPTER pAd
,
1503 IN MLME_QUEUE_ELEM
*Elem
)
1506 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - AssocTimeoutAction\n"));
1507 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1508 Status
= MLME_REJ_TIMEOUT
;
1509 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_ASSOC_CONF
, 2, &Status
);
1513 ==========================================================================
1515 what the state machine will do after reassoc timeout
1517 IRQL = DISPATCH_LEVEL
1519 ==========================================================================
1521 VOID
ReassocTimeoutAction(
1522 IN PRTMP_ADAPTER pAd
,
1523 IN MLME_QUEUE_ELEM
*Elem
)
1526 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - ReassocTimeoutAction\n"));
1527 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1528 Status
= MLME_REJ_TIMEOUT
;
1529 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_REASSOC_CONF
, 2, &Status
);
1533 ==========================================================================
1535 what the state machine will do after disassoc timeout
1537 IRQL = DISPATCH_LEVEL
1539 ==========================================================================
1541 VOID
DisassocTimeoutAction(
1542 IN PRTMP_ADAPTER pAd
,
1543 IN MLME_QUEUE_ELEM
*Elem
)
1546 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - DisassocTimeoutAction\n"));
1547 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1548 Status
= MLME_SUCCESS
;
1549 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_DISASSOC_CONF
, 2, &Status
);
1552 VOID
InvalidStateWhenAssoc(
1553 IN PRTMP_ADAPTER pAd
,
1554 IN MLME_QUEUE_ELEM
*Elem
)
1557 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - InvalidStateWhenAssoc(state=%ld), reset ASSOC state machine\n",
1558 pAd
->Mlme
.AssocMachine
.CurrState
));
1559 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1560 Status
= MLME_STATE_MACHINE_REJECT
;
1561 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_ASSOC_CONF
, 2, &Status
);
1564 VOID
InvalidStateWhenReassoc(
1565 IN PRTMP_ADAPTER pAd
,
1566 IN MLME_QUEUE_ELEM
*Elem
)
1569 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - InvalidStateWhenReassoc(state=%ld), reset ASSOC state machine\n",
1570 pAd
->Mlme
.AssocMachine
.CurrState
));
1571 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1572 Status
= MLME_STATE_MACHINE_REJECT
;
1573 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_REASSOC_CONF
, 2, &Status
);
1576 VOID
InvalidStateWhenDisassociate(
1577 IN PRTMP_ADAPTER pAd
,
1578 IN MLME_QUEUE_ELEM
*Elem
)
1581 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - InvalidStateWhenDisassoc(state=%ld), reset ASSOC state machine\n",
1582 pAd
->Mlme
.AssocMachine
.CurrState
));
1583 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1584 Status
= MLME_STATE_MACHINE_REJECT
;
1585 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_DISASSOC_CONF
, 2, &Status
);
1589 ==========================================================================
1591 right part of IEEE 802.11/1999 page 374
1593 This event should never cause ASSOC state machine perform state
1594 transition, and has no relationship with CNTL machine. So we separate
1595 this routine as a service outside of ASSOC state transition table.
1597 IRQL = DISPATCH_LEVEL
1599 ==========================================================================
1602 IN PRTMP_ADAPTER pAd
,
1605 HEADER_802_11 DisassocHdr
;
1606 PHEADER_802_11 pDisassocHdr
;
1607 PUCHAR pOutBuffer
= NULL
;
1609 NDIS_STATUS NStatus
;
1610 USHORT Reason
= REASON_CLS3ERR
;
1612 NStatus
= MlmeAllocateMemory(pAd
, &pOutBuffer
); //Get an unused nonpaged memory
1613 if (NStatus
!= NDIS_STATUS_SUCCESS
)
1616 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - Class 3 Error, Send DISASSOC frame\n"));
1617 MgtMacHeaderInit(pAd
, &DisassocHdr
, SUBTYPE_DISASSOC
, 0, pAddr
, pAd
->CommonCfg
.Bssid
); // patch peap ttls switching issue
1618 MakeOutgoingFrame(pOutBuffer
, &FrameLen
,
1619 sizeof(HEADER_802_11
),&DisassocHdr
,
1622 MiniportMMRequest(pAd
, 0, pOutBuffer
, FrameLen
);
1624 // To patch Instance and Buffalo(N) AP
1625 // Driver has to send deauth to Instance AP, but Buffalo(N) needs to send disassoc to reset Authenticator's state machine
1626 // Therefore, we send both of them.
1627 pDisassocHdr
= (PHEADER_802_11
)pOutBuffer
;
1628 pDisassocHdr
->FC
.SubType
= SUBTYPE_DEAUTH
;
1629 MiniportMMRequest(pAd
, 0, pOutBuffer
, FrameLen
);
1631 MlmeFreeMemory(pAd
, pOutBuffer
);
1633 pAd
->StaCfg
.DisassocReason
= REASON_CLS3ERR
;
1634 COPY_MAC_ADDR(pAd
->StaCfg
.DisassocSta
, pAddr
);
1638 ==========================================================================
1640 Switch between WEP and CKIP upon new association up.
1643 IRQL = DISPATCH_LEVEL
1645 ==========================================================================
1647 VOID
SwitchBetweenWepAndCkip(
1648 IN PRTMP_ADAPTER pAd
)
1651 SHAREDKEY_MODE_STRUC csr1
;
1653 // if KP is required. change the CipherAlg in hardware shard key table from WEP
1654 // to CKIP. else remain as WEP
1655 if (pAd
->StaCfg
.bCkipOn
&& (pAd
->StaCfg
.CkipFlag
& 0x10))
1657 // modify hardware key table so that MAC use correct algorithm to decrypt RX
1658 RTMP_IO_READ32(pAd
, SHARED_KEY_MODE_BASE
, &csr1
.word
);
1659 if (csr1
.field
.Bss0Key0CipherAlg
== CIPHER_WEP64
)
1660 csr1
.field
.Bss0Key0CipherAlg
= CIPHER_CKIP64
;
1661 else if (csr1
.field
.Bss0Key0CipherAlg
== CIPHER_WEP128
)
1662 csr1
.field
.Bss0Key0CipherAlg
= CIPHER_CKIP128
;
1664 if (csr1
.field
.Bss0Key1CipherAlg
== CIPHER_WEP64
)
1665 csr1
.field
.Bss0Key1CipherAlg
= CIPHER_CKIP64
;
1666 else if (csr1
.field
.Bss0Key1CipherAlg
== CIPHER_WEP128
)
1667 csr1
.field
.Bss0Key1CipherAlg
= CIPHER_CKIP128
;
1669 if (csr1
.field
.Bss0Key2CipherAlg
== CIPHER_WEP64
)
1670 csr1
.field
.Bss0Key2CipherAlg
= CIPHER_CKIP64
;
1671 else if (csr1
.field
.Bss0Key2CipherAlg
== CIPHER_WEP128
)
1672 csr1
.field
.Bss0Key2CipherAlg
= CIPHER_CKIP128
;
1674 if (csr1
.field
.Bss0Key3CipherAlg
== CIPHER_WEP64
)
1675 csr1
.field
.Bss0Key3CipherAlg
= CIPHER_CKIP64
;
1676 else if (csr1
.field
.Bss0Key3CipherAlg
== CIPHER_WEP128
)
1677 csr1
.field
.Bss0Key3CipherAlg
= CIPHER_CKIP128
;
1678 RTMP_IO_WRITE32(pAd
, SHARED_KEY_MODE_BASE
, csr1
.word
);
1679 DBGPRINT(RT_DEBUG_TRACE
, ("SwitchBetweenWepAndCkip: modify BSS0 cipher to %s\n", CipherName
[csr1
.field
.Bss0Key0CipherAlg
]));
1681 // modify software key table so that driver can specify correct algorithm in TXD upon TX
1682 for (i
=0; i
<SHARE_KEY_NUM
; i
++)
1684 if (pAd
->SharedKey
[BSS0
][i
].CipherAlg
== CIPHER_WEP64
)
1685 pAd
->SharedKey
[BSS0
][i
].CipherAlg
= CIPHER_CKIP64
;
1686 else if (pAd
->SharedKey
[BSS0
][i
].CipherAlg
== CIPHER_WEP128
)
1687 pAd
->SharedKey
[BSS0
][i
].CipherAlg
= CIPHER_CKIP128
;
1691 // else if KP NOT inused. change the CipherAlg in hardware shard key table from CKIP
1695 // modify hardware key table so that MAC use correct algorithm to decrypt RX
1696 RTMP_IO_READ32(pAd
, SHARED_KEY_MODE_BASE
, &csr1
.word
);
1697 if (csr1
.field
.Bss0Key0CipherAlg
== CIPHER_CKIP64
)
1698 csr1
.field
.Bss0Key0CipherAlg
= CIPHER_WEP64
;
1699 else if (csr1
.field
.Bss0Key0CipherAlg
== CIPHER_CKIP128
)
1700 csr1
.field
.Bss0Key0CipherAlg
= CIPHER_WEP128
;
1702 if (csr1
.field
.Bss0Key1CipherAlg
== CIPHER_CKIP64
)
1703 csr1
.field
.Bss0Key1CipherAlg
= CIPHER_WEP64
;
1704 else if (csr1
.field
.Bss0Key1CipherAlg
== CIPHER_CKIP128
)
1705 csr1
.field
.Bss0Key1CipherAlg
= CIPHER_WEP128
;
1707 if (csr1
.field
.Bss0Key2CipherAlg
== CIPHER_CKIP64
)
1708 csr1
.field
.Bss0Key2CipherAlg
= CIPHER_WEP64
;
1709 else if (csr1
.field
.Bss0Key2CipherAlg
== CIPHER_CKIP128
)
1710 csr1
.field
.Bss0Key2CipherAlg
= CIPHER_WEP128
;
1712 if (csr1
.field
.Bss0Key3CipherAlg
== CIPHER_CKIP64
)
1713 csr1
.field
.Bss0Key3CipherAlg
= CIPHER_WEP64
;
1714 else if (csr1
.field
.Bss0Key3CipherAlg
== CIPHER_CKIP128
)
1715 csr1
.field
.Bss0Key3CipherAlg
= CIPHER_WEP128
;
1717 // modify software key table so that driver can specify correct algorithm in TXD upon TX
1718 for (i
=0; i
<SHARE_KEY_NUM
; i
++)
1720 if (pAd
->SharedKey
[BSS0
][i
].CipherAlg
== CIPHER_CKIP64
)
1721 pAd
->SharedKey
[BSS0
][i
].CipherAlg
= CIPHER_WEP64
;
1722 else if (pAd
->SharedKey
[BSS0
][i
].CipherAlg
== CIPHER_CKIP128
)
1723 pAd
->SharedKey
[BSS0
][i
].CipherAlg
= CIPHER_WEP128
;
1727 // On WPA-NONE, must update CipherAlg.
1728 // Because the OID_802_11_WEP_STATUS was been set after OID_802_11_ADD_KEY
1729 // and CipherAlg will be CIPHER_NONE by Windows ZeroConfig.
1730 // So we need to update CipherAlg after connect.
1732 if (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPANone
)
1734 for (i
= 0; i
< SHARE_KEY_NUM
; i
++)
1736 if (pAd
->SharedKey
[BSS0
][i
].KeyLen
!= 0)
1738 if (pAd
->StaCfg
.WepStatus
== Ndis802_11Encryption2Enabled
)
1740 pAd
->SharedKey
[BSS0
][i
].CipherAlg
= CIPHER_TKIP
;
1742 else if (pAd
->StaCfg
.WepStatus
== Ndis802_11Encryption3Enabled
)
1744 pAd
->SharedKey
[BSS0
][i
].CipherAlg
= CIPHER_AES
;
1749 pAd
->SharedKey
[BSS0
][i
].CipherAlg
= CIPHER_NONE
;
1753 csr1
.field
.Bss0Key0CipherAlg
= pAd
->SharedKey
[BSS0
][0].CipherAlg
;
1754 csr1
.field
.Bss0Key1CipherAlg
= pAd
->SharedKey
[BSS0
][1].CipherAlg
;
1755 csr1
.field
.Bss0Key2CipherAlg
= pAd
->SharedKey
[BSS0
][2].CipherAlg
;
1756 csr1
.field
.Bss0Key3CipherAlg
= pAd
->SharedKey
[BSS0
][3].CipherAlg
;
1758 RTMP_IO_WRITE32(pAd
, SHARED_KEY_MODE_BASE
, csr1
.word
);
1759 DBGPRINT(RT_DEBUG_TRACE
, ("SwitchBetweenWepAndCkip: modify BSS0 cipher to %s\n", CipherName
[csr1
.field
.Bss0Key0CipherAlg
]));
1763 #ifdef WPA_SUPPLICANT_SUPPORT
1764 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
1765 VOID
SendAssocIEsToWpaSupplicant(
1766 IN PRTMP_ADAPTER pAd
)
1768 union iwreq_data wrqu
;
1769 unsigned char custom
[IW_CUSTOM_MAX
] = {0};
1771 if ((pAd
->StaCfg
.ReqVarIELen
+ 17) <= IW_CUSTOM_MAX
)
1773 sprintf(custom
, "ASSOCINFO_ReqIEs=");
1774 NdisMoveMemory(custom
+17, pAd
->StaCfg
.ReqVarIEs
, pAd
->StaCfg
.ReqVarIELen
);
1775 memset(&wrqu
, 0, sizeof(wrqu
));
1776 wrqu
.data
.length
= pAd
->StaCfg
.ReqVarIELen
+ 17;
1777 wrqu
.data
.flags
= RT_REQIE_EVENT_FLAG
;
1778 wireless_send_event(pAd
->net_dev
, IWEVCUSTOM
, &wrqu
, custom
);
1780 memset(&wrqu
, 0, sizeof(wrqu
));
1781 wrqu
.data
.flags
= RT_ASSOCINFO_EVENT_FLAG
;
1782 wireless_send_event(pAd
->net_dev
, IWEVCUSTOM
, &wrqu
, NULL
);
1785 DBGPRINT(RT_DEBUG_TRACE
, ("pAd->StaCfg.ReqVarIELen + 17 > MAX_CUSTOM_LEN\n"));
1789 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1790 #endif // WPA_SUPPLICANT_SUPPORT //
1792 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
1793 int wext_notify_event_assoc(
1794 IN RTMP_ADAPTER
*pAd
)
1796 union iwreq_data wrqu
;
1797 char custom
[IW_CUSTOM_MAX
] = {0};
1799 #if WIRELESS_EXT > 17
1800 if (pAd
->StaCfg
.ReqVarIELen
<= IW_CUSTOM_MAX
)
1802 wrqu
.data
.length
= pAd
->StaCfg
.ReqVarIELen
;
1803 memcpy(custom
, pAd
->StaCfg
.ReqVarIEs
, pAd
->StaCfg
.ReqVarIELen
);
1804 wireless_send_event(pAd
->net_dev
, IWEVASSOCREQIE
, &wrqu
, custom
);
1807 DBGPRINT(RT_DEBUG_TRACE
, ("pAd->StaCfg.ReqVarIELen > MAX_CUSTOM_LEN\n"));
1809 if (((pAd
->StaCfg
.ReqVarIELen
*2) + 17) <= IW_CUSTOM_MAX
)
1812 wrqu
.data
.length
= (pAd
->StaCfg
.ReqVarIELen
*2) + 17;
1813 sprintf(custom
, "ASSOCINFO(ReqIEs=");
1814 for (idx
=0; idx
<pAd
->StaCfg
.ReqVarIELen
; idx
++)
1815 sprintf(custom
, "%s%02x", custom
, pAd
->StaCfg
.ReqVarIEs
[idx
]);
1816 wireless_send_event(pAd
->net_dev
, IWEVCUSTOM
, &wrqu
, custom
);
1819 DBGPRINT(RT_DEBUG_TRACE
, ("(pAd->StaCfg.ReqVarIELen*2) + 17 > MAX_CUSTOM_LEN\n"));
1825 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //