search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
added 2.6.29.6 aldebaran kernel
[nao-ulib.git] / kernel / 2.6.29.6-aldebaran-rt / drivers / staging / rt2860 / sta / assoc.c
blob42db753eed70f569bbbac89b0913844c46b5ad0f
1 /*
2 *************************************************************************
3 * Ralink Tech Inc.
4 * 5F., No.36, Taiyuan St., Jhubei City,
5 * Hsinchu County 302,
6 * Taiwan, R.O.C.
7 *
8 * (c) Copyright 2002-2007, Ralink Technology, Inc.
9 *
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
14 * *
15 * This program is distributed in the hope that it will be useful, *
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
18 * GNU General Public License for more details. *
19 * *
20 * You should have received a copy of the GNU General Public License *
21 * along with this program; if not, write to the *
22 * Free Software Foundation, Inc., *
23 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
24 * *
25 *************************************************************************
26
27 Module Name:
28 assoc.c
29
30 Abstract:
31
32 Revision History:
33 Who When What
34 -------- ---------- ----------------------------------------------
35 John 2004-9-3 porting from RT2500
36 */
37 #include "../rt_config.h"
38
39 UCHAR CipherWpaTemplate[] = {
40 0xdd, // WPA IE
41 0x16, // Length
42 0x00, 0x50, 0xf2, 0x01, // oui
43 0x01, 0x00, // Version
44 0x00, 0x50, 0xf2, 0x02, // Multicast
45 0x01, 0x00, // Number of unicast
46 0x00, 0x50, 0xf2, 0x02, // unicast
47 0x01, 0x00, // number of authentication method
48 0x00, 0x50, 0xf2, 0x01 // authentication
49 };
50
51 UCHAR CipherWpa2Template[] = {
52 0x30, // RSN IE
53 0x14, // Length
54 0x01, 0x00, // Version
55 0x00, 0x0f, 0xac, 0x02, // group cipher, TKIP
56 0x01, 0x00, // number of pairwise
57 0x00, 0x0f, 0xac, 0x02, // unicast
58 0x01, 0x00, // number of authentication method
59 0x00, 0x0f, 0xac, 0x02, // authentication
60 0x00, 0x00, // RSN capability
61 };
62
63 UCHAR Ccx2IeInfo[] = { 0x00, 0x40, 0x96, 0x03, 0x02};
64
65 /*
66 ==========================================================================
67 Description:
68 association state machine init, including state transition and timer init
69 Parameters:
70 S - pointer to the association state machine
71
72 IRQL = PASSIVE_LEVEL
73
74 ==========================================================================
75 */
76 VOID AssocStateMachineInit(
77 IN PRTMP_ADAPTER pAd,
78 IN STATE_MACHINE *S,
79 OUT STATE_MACHINE_FUNC Trans[])
80 {
81 StateMachineInit(S, Trans, MAX_ASSOC_STATE, MAX_ASSOC_MSG, (STATE_MACHINE_FUNC)Drop, ASSOC_IDLE, ASSOC_MACHINE_BASE);
82
83 // first column
84 StateMachineSetAction(S, ASSOC_IDLE, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)MlmeAssocReqAction);
85 StateMachineSetAction(S, ASSOC_IDLE, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)MlmeReassocReqAction);
86 StateMachineSetAction(S, ASSOC_IDLE, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)MlmeDisassocReqAction);
87 StateMachineSetAction(S, ASSOC_IDLE, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
88
89 // second column
90 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAssoc);
91 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenReassoc);
92 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenDisassociate);
93 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
94 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_PEER_ASSOC_RSP, (STATE_MACHINE_FUNC)PeerAssocRspAction);
95 //
96 // Patch 3Com AP MOde:3CRWE454G72
97 // We send Assoc request frame to this AP, it always send Reassoc Rsp not Associate Rsp.
98 //
99 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_PEER_REASSOC_RSP, (STATE_MACHINE_FUNC)PeerAssocRspAction);
100 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_ASSOC_TIMEOUT, (STATE_MACHINE_FUNC)AssocTimeoutAction);
101
102 // third column
103 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAssoc);
104 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenReassoc);
105 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenDisassociate);
106 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
107 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_PEER_REASSOC_RSP, (STATE_MACHINE_FUNC)PeerReassocRspAction);
108 //
109 // Patch, AP doesn't send Reassociate Rsp frame to Station.
110 //
111 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_PEER_ASSOC_RSP, (STATE_MACHINE_FUNC)PeerReassocRspAction);
112 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_REASSOC_TIMEOUT, (STATE_MACHINE_FUNC)ReassocTimeoutAction);
113
114 // fourth column
115 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAssoc);
116 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenReassoc);
117 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenDisassociate);
118 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
119 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_DISASSOC_TIMEOUT, (STATE_MACHINE_FUNC)DisassocTimeoutAction);
120
121 // initialize the timer
122 RTMPInitTimer(pAd, &pAd->MlmeAux.AssocTimer, GET_TIMER_FUNCTION(AssocTimeout), pAd, FALSE);
123 RTMPInitTimer(pAd, &pAd->MlmeAux.ReassocTimer, GET_TIMER_FUNCTION(ReassocTimeout), pAd, FALSE);
124 RTMPInitTimer(pAd, &pAd->MlmeAux.DisassocTimer, GET_TIMER_FUNCTION(DisassocTimeout), pAd, FALSE);
125 }
126
127 /*
128 ==========================================================================
129 Description:
130 Association timeout procedure. After association timeout, this function
131 will be called and it will put a message into the MLME queue
132 Parameters:
133 Standard timer parameters
134
135 IRQL = DISPATCH_LEVEL
136
137 ==========================================================================
138 */
139 VOID AssocTimeout(IN PVOID SystemSpecific1,
140 IN PVOID FunctionContext,
141 IN PVOID SystemSpecific2,
142 IN PVOID SystemSpecific3)
143 {
144 RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
145
146 // Do nothing if the driver is starting halt state.
147 // This might happen when timer already been fired before cancel timer with mlmehalt
148 if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
149 return;
150
151 MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_ASSOC_TIMEOUT, 0, NULL);
152 RT28XX_MLME_HANDLER(pAd);
153 }
154
155 /*
156 ==========================================================================
157 Description:
158 Reassociation timeout procedure. After reassociation timeout, this
159 function will be called and put a message into the MLME queue
160 Parameters:
161 Standard timer parameters
162
163 IRQL = DISPATCH_LEVEL
164
165 ==========================================================================
166 */
167 VOID ReassocTimeout(IN PVOID SystemSpecific1,
168 IN PVOID FunctionContext,
169 IN PVOID SystemSpecific2,
170 IN PVOID SystemSpecific3)
171 {
172 RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
173
174 // Do nothing if the driver is starting halt state.
175 // This might happen when timer already been fired before cancel timer with mlmehalt
176 if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
177 return;
178
179 MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_REASSOC_TIMEOUT, 0, NULL);
180 RT28XX_MLME_HANDLER(pAd);
181 }
182
183 /*
184 ==========================================================================
185 Description:
186 Disassociation timeout procedure. After disassociation timeout, this
187 function will be called and put a message into the MLME queue
188 Parameters:
189 Standard timer parameters
190
191 IRQL = DISPATCH_LEVEL
192
193 ==========================================================================
194 */
195 VOID DisassocTimeout(IN PVOID SystemSpecific1,
196 IN PVOID FunctionContext,
197 IN PVOID SystemSpecific2,
198 IN PVOID SystemSpecific3)
199 {
200 RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
201
202 // Do nothing if the driver is starting halt state.
203 // This might happen when timer already been fired before cancel timer with mlmehalt
204 if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
205 return;
206
207 MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_DISASSOC_TIMEOUT, 0, NULL);
208 RT28XX_MLME_HANDLER(pAd);
209 }
210
211 /*
212 ==========================================================================
213 Description:
214 mlme assoc req handling procedure
215 Parameters:
216 Adapter - Adapter pointer
217 Elem - MLME Queue Element
218 Pre:
219 the station has been authenticated and the following information is stored in the config
220 -# SSID
221 -# supported rates and their length
222 -# listen interval (Adapter->StaCfg.default_listen_count)
223 -# Transmit power (Adapter->StaCfg.tx_power)
224 Post :
225 -# An association request frame is generated and sent to the air
226 -# Association timer starts
227 -# Association state -> ASSOC_WAIT_RSP
228
229 IRQL = DISPATCH_LEVEL
230
231 ==========================================================================
232 */
233 VOID MlmeAssocReqAction(
234 IN PRTMP_ADAPTER pAd,
235 IN MLME_QUEUE_ELEM *Elem)
236 {
237 UCHAR ApAddr[6];
238 HEADER_802_11 AssocHdr;
239 UCHAR Ccx2Len = 5;
240 UCHAR WmeIe[9] = {IE_VENDOR_SPECIFIC, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00};
241 USHORT ListenIntv;
242 ULONG Timeout;
243 USHORT CapabilityInfo;
244 BOOLEAN TimerCancelled;
245 PUCHAR pOutBuffer = NULL;
246 NDIS_STATUS NStatus;
247 ULONG FrameLen = 0;
248 ULONG tmp;
249 USHORT VarIesOffset;
250 UCHAR CkipFlag;
251 UCHAR CkipNegotiationBuffer[CKIP_NEGOTIATION_LENGTH];
252 UCHAR AironetCkipIe = IE_AIRONET_CKIP;
253 UCHAR AironetCkipLen = CKIP_NEGOTIATION_LENGTH;
254 UCHAR AironetIPAddressIE = IE_AIRONET_IPADDRESS;
255 UCHAR AironetIPAddressLen = AIRONET_IPADDRESS_LENGTH;
256 UCHAR AironetIPAddressBuffer[AIRONET_IPADDRESS_LENGTH] = {0x00, 0x40, 0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00};
257 USHORT Status;
258
259 // Block all authentication request durning WPA block period
260 if (pAd->StaCfg.bBlockAssoc == TRUE)
261 {
262 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Block Assoc request durning WPA block period!\n"));
263 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
264 Status = MLME_STATE_MACHINE_REJECT;
265 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
266 }
267 // check sanity first
268 else if (MlmeAssocReqSanity(pAd, Elem->Msg, Elem->MsgLen, ApAddr, &CapabilityInfo, &Timeout, &ListenIntv))
269 {
270 RTMPCancelTimer(&pAd->MlmeAux.AssocTimer, &TimerCancelled);
271 COPY_MAC_ADDR(pAd->MlmeAux.Bssid, ApAddr);
272
273 // Get an unused nonpaged memory
274 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);
275 if (NStatus != NDIS_STATUS_SUCCESS)
276 {
277 DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeAssocReqAction() allocate memory failed \n"));
278 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
279 Status = MLME_FAIL_NO_RESOURCE;
280 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
281 return;
282 }
283
284 // Add by James 03/06/27
285 pAd->StaCfg.AssocInfo.Length = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
286 // Association don't need to report MAC address
287 pAd->StaCfg.AssocInfo.AvailableRequestFixedIEs =
288 NDIS_802_11_AI_REQFI_CAPABILITIES | NDIS_802_11_AI_REQFI_LISTENINTERVAL;
289 pAd->StaCfg.AssocInfo.RequestFixedIEs.Capabilities = CapabilityInfo;
290 pAd->StaCfg.AssocInfo.RequestFixedIEs.ListenInterval = ListenIntv;
291 // Only reassociate need this
292 //COPY_MAC_ADDR(pAd->StaCfg.AssocInfo.RequestFixedIEs.CurrentAPAddress, ApAddr);
293 pAd->StaCfg.AssocInfo.OffsetRequestIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
294
295 NdisZeroMemory(pAd->StaCfg.ReqVarIEs, MAX_VIE_LEN);
296 // First add SSID
297 VarIesOffset = 0;
298 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &SsidIe, 1);
299 VarIesOffset += 1;
300 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &pAd->MlmeAux.SsidLen, 1);
301 VarIesOffset += 1;
302 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen);
303 VarIesOffset += pAd->MlmeAux.SsidLen;
304
305 // Second add Supported rates
306 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &SupRateIe, 1);
307 VarIesOffset += 1;
308 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &pAd->MlmeAux.SupRateLen, 1);
309 VarIesOffset += 1;
310 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, pAd->MlmeAux.SupRate, pAd->MlmeAux.SupRateLen);
311 VarIesOffset += pAd->MlmeAux.SupRateLen;
312 // End Add by James
313
314 if ((pAd->CommonCfg.Channel > 14) &&
315 (pAd->CommonCfg.bIEEE80211H == TRUE))
316 CapabilityInfo |= 0x0100;
317
318 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Send ASSOC request...\n"));
319 MgtMacHeaderInit(pAd, &AssocHdr, SUBTYPE_ASSOC_REQ, 0, ApAddr, ApAddr);
320
321 // Build basic frame first
322 MakeOutgoingFrame(pOutBuffer, &FrameLen,
323 sizeof(HEADER_802_11), &AssocHdr,
324 2, &CapabilityInfo,
325 2, &ListenIntv,
326 1, &SsidIe,
327 1, &pAd->MlmeAux.SsidLen,
328 pAd->MlmeAux.SsidLen, pAd->MlmeAux.Ssid,
329 1, &SupRateIe,
330 1, &pAd->MlmeAux.SupRateLen,
331 pAd->MlmeAux.SupRateLen, pAd->MlmeAux.SupRate,
332 END_OF_ARGS);
333
334 if (pAd->MlmeAux.ExtRateLen != 0)
335 {
336 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
337 1, &ExtRateIe,
338 1, &pAd->MlmeAux.ExtRateLen,
339 pAd->MlmeAux.ExtRateLen, pAd->MlmeAux.ExtRate,
340 END_OF_ARGS);
341 FrameLen += tmp;
342 }
343
344 #ifdef DOT11_N_SUPPORT
345 // HT
346 if ((pAd->MlmeAux.HtCapabilityLen > 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
347 {
348 ULONG TmpLen;
349 UCHAR HtLen;
350 UCHAR BROADCOM[4] = {0x0, 0x90, 0x4c, 0x33};
351 if (pAd->StaActive.SupportedPhyInfo.bPreNHt == TRUE)
352 {
353 HtLen = SIZE_HT_CAP_IE + 4;
354 MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
355 1, &WpaIe,
356 1, &HtLen,
357 4, &BROADCOM[0],
358 pAd->MlmeAux.HtCapabilityLen, &pAd->MlmeAux.HtCapability,
359 END_OF_ARGS);
360 }
361 else
362 {
363 #ifdef RT_BIG_ENDIAN
364 HT_CAPABILITY_IE HtCapabilityTmp;
365 #endif
366
367 #ifndef RT_BIG_ENDIAN
368 MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
369 1, &HtCapIe,
370 1, &pAd->MlmeAux.HtCapabilityLen,
371 pAd->MlmeAux.HtCapabilityLen, &pAd->MlmeAux.HtCapability,
372 END_OF_ARGS);
373 #else
374 NdisZeroMemory(&HtCapabilityTmp, sizeof(HT_CAPABILITY_IE));
375 NdisMoveMemory(&HtCapabilityTmp, &pAd->MlmeAux.HtCapability, pAd->MlmeAux.HtCapabilityLen);
376 *(USHORT *)(&HtCapabilityTmp.HtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.HtCapInfo));
377 *(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo));
378
379 MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
380 1, &HtCapIe,
381 1, &pAd->MlmeAux.HtCapabilityLen,
382 pAd->MlmeAux.HtCapabilityLen,&HtCapabilityTmp,
383 END_OF_ARGS);
384 #endif
385 }
386 FrameLen += TmpLen;
387 }
388 #endif // DOT11_N_SUPPORT //
389
390 // add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION
391 // Case I: (Aggregation + Piggy-Back)
392 // 1. user enable aggregation, AND
393 // 2. Mac support piggy-back
394 // 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON
395 // Case II: (Aggregation)
396 // 1. user enable aggregation, AND
397 // 2. AP annouces it's AGGREGATION-capable in BEACON
398 if (pAd->CommonCfg.bAggregationCapable)
399 {
400 if ((pAd->CommonCfg.bPiggyBackCapable) && ((pAd->MlmeAux.APRalinkIe & 0x00000003) == 3))
401 {
402 ULONG TmpLen;
403 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00};
404 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
405 9, RalinkIe,
406 END_OF_ARGS);
407 FrameLen += TmpLen;
408 }
409 else if (pAd->MlmeAux.APRalinkIe & 0x00000001)
410 {
411 ULONG TmpLen;
412 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00};
413 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
414 9, RalinkIe,
415 END_OF_ARGS);
416 FrameLen += TmpLen;
417 }
418 }
419 else
420 {
421 ULONG TmpLen;
422 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x06, 0x00, 0x00, 0x00};
423 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
424 9, RalinkIe,
425 END_OF_ARGS);
426 FrameLen += TmpLen;
427 }
428
429 if (pAd->MlmeAux.APEdcaParm.bValid)
430 {
431 if (pAd->CommonCfg.bAPSDCapable && pAd->MlmeAux.APEdcaParm.bAPSDCapable)
432 {
433 QBSS_STA_INFO_PARM QosInfo;
434
435 NdisZeroMemory(&QosInfo, sizeof(QBSS_STA_INFO_PARM));
436 QosInfo.UAPSD_AC_BE = pAd->CommonCfg.bAPSDAC_BE;
437 QosInfo.UAPSD_AC_BK = pAd->CommonCfg.bAPSDAC_BK;
438 QosInfo.UAPSD_AC_VI = pAd->CommonCfg.bAPSDAC_VI;
439 QosInfo.UAPSD_AC_VO = pAd->CommonCfg.bAPSDAC_VO;
440 QosInfo.MaxSPLength = pAd->CommonCfg.MaxSPLength;
441 WmeIe[8] |= *(PUCHAR)&QosInfo;
442 }
443 else
444 {
445 // The Parameter Set Count is set to ¡§0¡¨ in the association request frames
446 // WmeIe[8] |= (pAd->MlmeAux.APEdcaParm.EdcaUpdateCount & 0x0f);
447 }
448
449 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
450 9, &WmeIe[0],
451 END_OF_ARGS);
452 FrameLen += tmp;
453 }
454
455 //
456 // Let WPA(#221) Element ID on the end of this association frame.
457 // Otherwise some AP will fail on parsing Element ID and set status fail on Assoc Rsp.
458 // For example: Put Vendor Specific IE on the front of WPA IE.
459 // This happens on AP (Model No:Linksys WRK54G)
460 //
461 if (((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK) ||
462 (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK) ||
463 (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA) ||
464 (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2)
465 )
466 )
467 {
468 UCHAR RSNIe = IE_WPA;
469
470 if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK) ||
471 (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2))
472 {
473 RSNIe = IE_WPA2;
474 }
475
476 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
477 #ifdef SIOCSIWGENIE
478 if (pAd->StaCfg.WpaSupplicantUP != 1)
479 #endif // SIOCSIWGENIE //
480 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
481 RTMPMakeRSNIE(pAd, pAd->StaCfg.AuthMode, pAd->StaCfg.WepStatus, BSS0);
482
483 // Check for WPA PMK cache list
484 if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2)
485 {
486 INT idx;
487 BOOLEAN FoundPMK = FALSE;
488 // Search chched PMKID, append it if existed
489 for (idx = 0; idx < PMKID_NO; idx++)
490 {
491 if (NdisEqualMemory(ApAddr, &pAd->StaCfg.SavedPMK[idx].BSSID, 6))
492 {
493 FoundPMK = TRUE;
494 break;
495 }
496 }
497
498 if (FoundPMK)
499 {
500 // Set PMK number
501 *(PUSHORT) &pAd->StaCfg.RSN_IE[pAd->StaCfg.RSNIE_Len] = 1;
502 NdisMoveMemory(&pAd->StaCfg.RSN_IE[pAd->StaCfg.RSNIE_Len + 2], &pAd->StaCfg.SavedPMK[idx].PMKID, 16);
503 pAd->StaCfg.RSNIE_Len += 18;
504 }
505 }
506
507 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
508 #ifdef SIOCSIWGENIE
509 if (pAd->StaCfg.WpaSupplicantUP == 1)
510 {
511 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
512 pAd->StaCfg.RSNIE_Len, pAd->StaCfg.RSN_IE,
513 END_OF_ARGS);
514 }
515 else
516 #endif
517 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
518 {
519 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
520 1, &RSNIe,
521 1, &pAd->StaCfg.RSNIE_Len,
522 pAd->StaCfg.RSNIE_Len, pAd->StaCfg.RSN_IE,
523 END_OF_ARGS);
524 }
525
526 FrameLen += tmp;
527
528 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
529 #ifdef SIOCSIWGENIE
530 if (pAd->StaCfg.WpaSupplicantUP != 1)
531 #endif
532 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
533 {
534 // Append Variable IE
535 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &RSNIe, 1);
536 VarIesOffset += 1;
537 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &pAd->StaCfg.RSNIE_Len, 1);
538 VarIesOffset += 1;
539 }
540 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, pAd->StaCfg.RSN_IE, pAd->StaCfg.RSNIE_Len);
541 VarIesOffset += pAd->StaCfg.RSNIE_Len;
542
543 // Set Variable IEs Length
544 pAd->StaCfg.ReqVarIELen = VarIesOffset;
545 }
546
547 // We have update that at PeerBeaconAtJoinRequest()
548 CkipFlag = pAd->StaCfg.CkipFlag;
549 if (CkipFlag != 0)
550 {
551 NdisZeroMemory(CkipNegotiationBuffer, CKIP_NEGOTIATION_LENGTH);
552 CkipNegotiationBuffer[2] = 0x66;
553 // Make it try KP & MIC, since we have to follow the result from AssocRsp
554 CkipNegotiationBuffer[8] = 0x18;
555 CkipNegotiationBuffer[CKIP_NEGOTIATION_LENGTH - 1] = 0x22;
556 CkipFlag = 0x18;
557
558 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
559 1, &AironetCkipIe,
560 1, &AironetCkipLen,
561 AironetCkipLen, CkipNegotiationBuffer,
562 END_OF_ARGS);
563 FrameLen += tmp;
564 }
565
566 // Add CCX v2 request if CCX2 admin state is on
567 if (pAd->StaCfg.CCXControl.field.Enable == 1)
568 {
569
570 //
571 // Add AironetIPAddressIE for Cisco CCX 2.X
572 // Add CCX Version
573 //
574 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
575 1, &AironetIPAddressIE,
576 1, &AironetIPAddressLen,
577 AironetIPAddressLen, AironetIPAddressBuffer,
578 1, &Ccx2Ie,
579 1, &Ccx2Len,
580 Ccx2Len, Ccx2IeInfo,
581 END_OF_ARGS);
582 FrameLen += tmp;
583
584 //
585 // Add CipherSuite CCKM or LeapTkip if setting.
586 //
587 #ifdef LEAP_SUPPORT
588 if (LEAP_CCKM_ON(pAd))
589 {
590 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
591 CipherSuiteCiscoCCKMLen, CipherSuiteCiscoCCKM,
592 END_OF_ARGS);
593 FrameLen += tmp;
594
595 // Third add RSN
596 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, CipherSuiteCiscoCCKM, CipherSuiteCiscoCCKMLen); //Save CipherSuite
597 VarIesOffset += CipherSuiteCiscoCCKMLen;
598 }
599 else if ((pAd->StaCfg.LeapAuthMode == CISCO_AuthModeLEAP) && (pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled))
600 {
601 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
602 CipherSuiteCCXTkipLen, CipherSuiteCCXTkip,
603 END_OF_ARGS);
604 FrameLen += tmp;
605
606 // Third add RSN
607 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, CipherSuiteCCXTkip, CipherSuiteCCXTkipLen);
608 VarIesOffset += CipherSuiteCCXTkipLen;
609 }
610 #endif // LEAP_SUPPORT //
611
612 // Add by James 03/06/27
613 // Set Variable IEs Length
614 pAd->StaCfg.ReqVarIELen = VarIesOffset;
615 pAd->StaCfg.AssocInfo.RequestIELength = VarIesOffset;
616
617 // OffsetResponseIEs follow ReqVarIE
618 pAd->StaCfg.AssocInfo.OffsetResponseIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION) + pAd->StaCfg.ReqVarIELen;
619 // End Add by James
620 }
621
622
623 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
624 MlmeFreeMemory(pAd, pOutBuffer);
625
626 RTMPSetTimer(&pAd->MlmeAux.AssocTimer, Timeout);
627 pAd->Mlme.AssocMachine.CurrState = ASSOC_WAIT_RSP;
628 }
629 else
630 {
631 DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeAssocReqAction() sanity check failed. BUG!!!!!! \n"));
632 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
633 Status = MLME_INVALID_FORMAT;
634 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
635 }
636
637 }
638
639 /*
640 ==========================================================================
641 Description:
642 mlme reassoc req handling procedure
643 Parameters:
644 Elem -
645 Pre:
646 -# SSID (Adapter->StaCfg.ssid[])
647 -# BSSID (AP address, Adapter->StaCfg.bssid)
648 -# Supported rates (Adapter->StaCfg.supported_rates[])
649 -# Supported rates length (Adapter->StaCfg.supported_rates_len)
650 -# Tx power (Adapter->StaCfg.tx_power)
651
652 IRQL = DISPATCH_LEVEL
653
654 ==========================================================================
655 */
656 VOID MlmeReassocReqAction(
657 IN PRTMP_ADAPTER pAd,
658 IN MLME_QUEUE_ELEM *Elem)
659 {
660 UCHAR ApAddr[6];
661 HEADER_802_11 ReassocHdr;
662 UCHAR Ccx2Len = 5;
663 UCHAR WmeIe[9] = {IE_VENDOR_SPECIFIC, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00};
664 USHORT CapabilityInfo, ListenIntv;
665 ULONG Timeout;
666 ULONG FrameLen = 0;
667 BOOLEAN TimerCancelled;
668 NDIS_STATUS NStatus;
669 ULONG tmp;
670 PUCHAR pOutBuffer = NULL;
671 //CCX 2.X
672 #ifdef LEAP_SUPPORT
673 UCHAR CkipFlag;
674 UCHAR CkipNegotiationBuffer[CKIP_NEGOTIATION_LENGTH];
675 UCHAR AironetCkipIe = IE_AIRONET_CKIP;
676 UCHAR AironetCkipLen = CKIP_NEGOTIATION_LENGTH;
677 UCHAR AironetIPAddressIE = IE_AIRONET_IPADDRESS;
678 UCHAR AironetIPAddressLen = AIRONET_IPADDRESS_LENGTH;
679 UCHAR AironetIPAddressBuffer[AIRONET_IPADDRESS_LENGTH] = {0x00, 0x40, 0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00};
680 UCHAR AironetCCKMReassocIE = IE_AIRONET_CCKMREASSOC;
681 UCHAR AironetCCKMReassocLen = AIRONET_CCKMREASSOC_LENGTH;
682 UCHAR AironetCCKMReassocBuffer[AIRONET_CCKMREASSOC_LENGTH];
683 UCHAR AironetOUI[] = {0x00, 0x40, 0x96, 0x00};
684 UCHAR MICMN[16];
685 UCHAR CalcMicBuffer[80];
686 ULONG CalcMicBufferLen = 0;
687 #endif // LEAP_SUPPORT //
688 USHORT Status;
689
690 // Block all authentication request durning WPA block period
691 if (pAd->StaCfg.bBlockAssoc == TRUE)
692 {
693 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Block ReAssoc request durning WPA block period!\n"));
694 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
695 Status = MLME_STATE_MACHINE_REJECT;
696 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
697 }
698 // the parameters are the same as the association
699 else if(MlmeAssocReqSanity(pAd, Elem->Msg, Elem->MsgLen, ApAddr, &CapabilityInfo, &Timeout, &ListenIntv))
700 {
701 RTMPCancelTimer(&pAd->MlmeAux.ReassocTimer, &TimerCancelled);
702
703 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); //Get an unused nonpaged memory
704 if(NStatus != NDIS_STATUS_SUCCESS)
705 {
706 DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeReassocReqAction() allocate memory failed \n"));
707 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
708 Status = MLME_FAIL_NO_RESOURCE;
709 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
710 return;
711 }
712
713 COPY_MAC_ADDR(pAd->MlmeAux.Bssid, ApAddr);
714
715 // make frame, use bssid as the AP address??
716 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Send RE-ASSOC request...\n"));
717 MgtMacHeaderInit(pAd, &ReassocHdr, SUBTYPE_REASSOC_REQ, 0, ApAddr, ApAddr);
718 MakeOutgoingFrame(pOutBuffer, &FrameLen,
719 sizeof(HEADER_802_11), &ReassocHdr,
720 2, &CapabilityInfo,
721 2, &ListenIntv,
722 MAC_ADDR_LEN, ApAddr,
723 1, &SsidIe,
724 1, &pAd->MlmeAux.SsidLen,
725 pAd->MlmeAux.SsidLen, pAd->MlmeAux.Ssid,
726 1, &SupRateIe,
727 1, &pAd->MlmeAux.SupRateLen,
728 pAd->MlmeAux.SupRateLen, pAd->MlmeAux.SupRate,
729 END_OF_ARGS);
730
731 if (pAd->MlmeAux.ExtRateLen != 0)
732 {
733 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
734 1, &ExtRateIe,
735 1, &pAd->MlmeAux.ExtRateLen,
736 pAd->MlmeAux.ExtRateLen, pAd->MlmeAux.ExtRate,
737 END_OF_ARGS);
738 FrameLen += tmp;
739 }
740
741 if (pAd->MlmeAux.APEdcaParm.bValid)
742 {
743 if (pAd->CommonCfg.bAPSDCapable && pAd->MlmeAux.APEdcaParm.bAPSDCapable)
744 {
745 QBSS_STA_INFO_PARM QosInfo;
746
747 NdisZeroMemory(&QosInfo, sizeof(QBSS_STA_INFO_PARM));
748 QosInfo.UAPSD_AC_BE = pAd->CommonCfg.bAPSDAC_BE;
749 QosInfo.UAPSD_AC_BK = pAd->CommonCfg.bAPSDAC_BK;
750 QosInfo.UAPSD_AC_VI = pAd->CommonCfg.bAPSDAC_VI;
751 QosInfo.UAPSD_AC_VO = pAd->CommonCfg.bAPSDAC_VO;
752 QosInfo.MaxSPLength = pAd->CommonCfg.MaxSPLength;
753 WmeIe[8] |= *(PUCHAR)&QosInfo;
754 }
755
756 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
757 9, &WmeIe[0],
758 END_OF_ARGS);
759 FrameLen += tmp;
760 }
761
762 #ifdef DOT11_N_SUPPORT
763 // HT
764 if ((pAd->MlmeAux.HtCapabilityLen > 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
765 {
766 ULONG TmpLen;
767 UCHAR HtLen;
768 UCHAR BROADCOM[4] = {0x0, 0x90, 0x4c, 0x33};
769 if (pAd->StaActive.SupportedPhyInfo.bPreNHt == TRUE)
770 {
771 HtLen = SIZE_HT_CAP_IE + 4;
772 MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
773 1, &WpaIe,
774 1, &HtLen,
775 4, &BROADCOM[0],
776 pAd->MlmeAux.HtCapabilityLen, &pAd->MlmeAux.HtCapability,
777 END_OF_ARGS);
778 }
779 else
780 {
781 MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
782 1, &HtCapIe,
783 1, &pAd->MlmeAux.HtCapabilityLen,
784 pAd->MlmeAux.HtCapabilityLen, &pAd->MlmeAux.HtCapability,
785 END_OF_ARGS);
786 }
787 FrameLen += TmpLen;
788 }
789 #endif // DOT11_N_SUPPORT //
790
791 // add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION
792 // Case I: (Aggregation + Piggy-Back)
793 // 1. user enable aggregation, AND
794 // 2. Mac support piggy-back
795 // 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON
796 // Case II: (Aggregation)
797 // 1. user enable aggregation, AND
798 // 2. AP annouces it's AGGREGATION-capable in BEACON
799 if (pAd->CommonCfg.bAggregationCapable)
800 {
801 if ((pAd->CommonCfg.bPiggyBackCapable) && ((pAd->MlmeAux.APRalinkIe & 0x00000003) == 3))
802 {
803 ULONG TmpLen;
804 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00};
805 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
806 9, RalinkIe,
807 END_OF_ARGS);
808 FrameLen += TmpLen;
809 }
810 else if (pAd->MlmeAux.APRalinkIe & 0x00000001)
811 {
812 ULONG TmpLen;
813 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00};
814 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
815 9, RalinkIe,
816 END_OF_ARGS);
817 FrameLen += TmpLen;
818 }
819 }
820 else
821 {
822 ULONG TmpLen;
823 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x04, 0x00, 0x00, 0x00};
824 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
825 9, RalinkIe,
826 END_OF_ARGS);
827 FrameLen += TmpLen;
828 }
829 #ifdef LEAP_SUPPORT
830 if (LEAP_CCKM_ON(pAd) && (pAd->StaCfg.CCKMLinkUpFlag == TRUE))
831 {
832 CkipFlag = pAd->StaCfg.CkipFlag; // We have update that at PeerBeaconAtJoinRequest()
833 if (CkipFlag != 0)
834 {
835 NdisZeroMemory(CkipNegotiationBuffer, CKIP_NEGOTIATION_LENGTH);
836 CkipNegotiationBuffer[2] = 0x66;
837 // Make it try KP & MIC, since we have to follow the result from AssocRsp
838 CkipNegotiationBuffer[8] = 0x18;
839 CkipNegotiationBuffer[CKIP_NEGOTIATION_LENGTH - 1] = 0x22;
840
841 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
842 1, &AironetCkipIe,
843 1, &AironetCkipLen,
844 AironetCkipLen, CkipNegotiationBuffer,
845 END_OF_ARGS);
846 FrameLen += tmp;
847 }
848
849 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
850 1, &AironetIPAddressIE,
851 1, &AironetIPAddressLen,
852 AironetIPAddressLen, AironetIPAddressBuffer,
853 END_OF_ARGS);
854 FrameLen += tmp;
855
856 //
857 // The RN is incremented before each reassociation request.
858 //
859 pAd->StaCfg.CCKMRN++;
860 //
861 // Calculate MIC = hmac-md5(krk, STA-ID|BSSID|RSNIE|TSF|RN);
862 //
863 COPY_MAC_ADDR(CalcMicBuffer, pAd->CurrentAddress);
864 CalcMicBufferLen = MAC_ADDR_LEN;
865 COPY_MAC_ADDR(CalcMicBuffer + CalcMicBufferLen, pAd->MlmeAux.Bssid);
866 CalcMicBufferLen += MAC_ADDR_LEN;
867 NdisMoveMemory(CalcMicBuffer + CalcMicBufferLen, CipherSuiteCiscoCCKM, CipherSuiteCiscoCCKMLen);
868 CalcMicBufferLen += CipherSuiteCiscoCCKMLen;
869 NdisMoveMemory(CalcMicBuffer + CalcMicBufferLen, (PUCHAR) &pAd->StaCfg.CCKMBeaconAtJoinTimeStamp, sizeof(pAd->StaCfg.CCKMBeaconAtJoinTimeStamp));
870 CalcMicBufferLen += sizeof(pAd->StaCfg.CCKMBeaconAtJoinTimeStamp);
871 NdisMoveMemory(CalcMicBuffer + CalcMicBufferLen, (PUCHAR)&pAd->StaCfg.CCKMRN, sizeof(pAd->StaCfg.CCKMRN));
872 CalcMicBufferLen += sizeof(pAd->StaCfg.CCKMRN);
873 hmac_md5(pAd->StaCfg.KRK, LEN_EAP_MICK, CalcMicBuffer, CalcMicBufferLen, MICMN);
874
875 //
876 // fill up CCKM reassociation request element
877 //
878 NdisMoveMemory(AironetCCKMReassocBuffer, AironetOUI, 4);
879 NdisMoveMemory(AironetCCKMReassocBuffer + 4, (PUCHAR)&pAd->StaCfg.CCKMBeaconAtJoinTimeStamp, 8);
880 NdisMoveMemory(AironetCCKMReassocBuffer + 12, (PUCHAR) &pAd->StaCfg.CCKMRN, 4);
881 NdisMoveMemory(AironetCCKMReassocBuffer +16, MICMN, 8);
882
883 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
884 1, &AironetCCKMReassocIE,
885 1, &AironetCCKMReassocLen,
886 AironetCCKMReassocLen, AironetCCKMReassocBuffer,
887 END_OF_ARGS);
888 FrameLen += tmp;
889
890 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
891 CipherSuiteCiscoCCKMLen,CipherSuiteCiscoCCKM,
892 END_OF_ARGS);
893 FrameLen += tmp;
894 }
895 #endif // LEAP_SUPPORT //
896
897 // Add CCX v2 request if CCX2 admin state is on
898 if (pAd->StaCfg.CCXControl.field.Enable == 1)
899 {
900 //
901 // Add CCX Version
902 //
903 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
904 1, &Ccx2Ie,
905 1, &Ccx2Len,
906 Ccx2Len, Ccx2IeInfo,
907 END_OF_ARGS);
908 FrameLen += tmp;
909 }
910
911 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
912 MlmeFreeMemory(pAd, pOutBuffer);
913
914 RTMPSetTimer(&pAd->MlmeAux.ReassocTimer, Timeout); /* in mSec */
915 pAd->Mlme.AssocMachine.CurrState = REASSOC_WAIT_RSP;
916 }
917 else
918 {
919 DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeReassocReqAction() sanity check failed. BUG!!!! \n"));
920 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
921 Status = MLME_INVALID_FORMAT;
922 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
923 }
924 }
925
926 /*
927 ==========================================================================
928 Description:
929 Upper layer issues disassoc request
930 Parameters:
931 Elem -
932
933 IRQL = PASSIVE_LEVEL
934
935 ==========================================================================
936 */
937 VOID MlmeDisassocReqAction(
938 IN PRTMP_ADAPTER pAd,
939 IN MLME_QUEUE_ELEM *Elem)
940 {
941 PMLME_DISASSOC_REQ_STRUCT pDisassocReq;
942 HEADER_802_11 DisassocHdr;
943 PHEADER_802_11 pDisassocHdr;
944 PUCHAR pOutBuffer = NULL;
945 ULONG FrameLen = 0;
946 NDIS_STATUS NStatus;
947 BOOLEAN TimerCancelled;
948 ULONG Timeout = 0;
949 USHORT Status;
950
951 #ifdef QOS_DLS_SUPPORT
952 // send DLS-TEAR_DOWN message,
953 if (pAd->CommonCfg.bDLSCapable)
954 {
955 UCHAR i;
956
957 // tear down local dls table entry
958 for (i=0; i<MAX_NUM_OF_INIT_DLS_ENTRY; i++)
959 {
960 if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH))
961 {
962 RTMPSendDLSTearDownFrame(pAd, pAd->StaCfg.DLSEntry[i].MacAddr);
963 pAd->StaCfg.DLSEntry[i].Status = DLS_NONE;
964 pAd->StaCfg.DLSEntry[i].Valid = FALSE;
965 }
966 }
967
968 // tear down peer dls table entry
969 for (i=MAX_NUM_OF_INIT_DLS_ENTRY; i<MAX_NUM_OF_DLS_ENTRY; i++)
970 {
971 if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH))
972 {
973 RTMPSendDLSTearDownFrame(pAd, pAd->StaCfg.DLSEntry[i].MacAddr);
974 pAd->StaCfg.DLSEntry[i].Status = DLS_NONE;
975 pAd->StaCfg.DLSEntry[i].Valid = FALSE;
976 }
977 }
978 }
979 #endif // QOS_DLS_SUPPORT //
980
981 // skip sanity check
982 pDisassocReq = (PMLME_DISASSOC_REQ_STRUCT)(Elem->Msg);
983
984 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); //Get an unused nonpaged memory
985 if (NStatus != NDIS_STATUS_SUCCESS)
986 {
987 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - MlmeDisassocReqAction() allocate memory failed\n"));
988 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
989 Status = MLME_FAIL_NO_RESOURCE;
990 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DISASSOC_CONF, 2, &Status);
991 return;
992 }
993
994
995
996 RTMPCancelTimer(&pAd->MlmeAux.DisassocTimer, &TimerCancelled);
997
998 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Send DISASSOC request[BSSID::%02x:%02x:%02x:%02x:%02x:%02x (Reason=%d)\n",
999 pDisassocReq->Addr[0], pDisassocReq->Addr[1], pDisassocReq->Addr[2],
1000 pDisassocReq->Addr[3], pDisassocReq->Addr[4], pDisassocReq->Addr[5], pDisassocReq->Reason));
1001 MgtMacHeaderInit(pAd, &DisassocHdr, SUBTYPE_DISASSOC, 0, pDisassocReq->Addr, pDisassocReq->Addr); // patch peap ttls switching issue
1002 MakeOutgoingFrame(pOutBuffer, &FrameLen,
1003 sizeof(HEADER_802_11),&DisassocHdr,
1004 2, &pDisassocReq->Reason,
1005 END_OF_ARGS);
1006 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
1007
1008 // To patch Instance and Buffalo(N) AP
1009 // Driver has to send deauth to Instance AP, but Buffalo(N) needs to send disassoc to reset Authenticator's state machine
1010 // Therefore, we send both of them.
1011 pDisassocHdr = (PHEADER_802_11)pOutBuffer;
1012 pDisassocHdr->FC.SubType = SUBTYPE_DEAUTH;
1013 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
1014
1015 MlmeFreeMemory(pAd, pOutBuffer);
1016
1017 pAd->StaCfg.DisassocReason = REASON_DISASSOC_STA_LEAVING;
1018 COPY_MAC_ADDR(pAd->StaCfg.DisassocSta, pDisassocReq->Addr);
1019
1020 RTMPSetTimer(&pAd->MlmeAux.DisassocTimer, Timeout); /* in mSec */
1021 pAd->Mlme.AssocMachine.CurrState = DISASSOC_WAIT_RSP;
1022
1023 #ifdef WPA_SUPPLICANT_SUPPORT
1024 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
1025 if (pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE)
1026 {
1027 union iwreq_data wrqu;
1028 //send disassociate event to wpa_supplicant
1029 memset(&wrqu, 0, sizeof(wrqu));
1030 wrqu.data.flags = RT_DISASSOC_EVENT_FLAG;
1031 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, NULL);
1032 }
1033 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1034 #endif // WPA_SUPPLICANT_SUPPORT //
1035
1036 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
1037 {
1038 union iwreq_data wrqu;
1039 memset(wrqu.ap_addr.sa_data, 0, MAC_ADDR_LEN);
1040 wireless_send_event(pAd->net_dev, SIOCGIWAP, &wrqu, NULL);
1041 }
1042 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1043
1044 }
1045
1046 /*
1047 ==========================================================================
1048 Description:
1049 peer sends assoc rsp back
1050 Parameters:
1051 Elme - MLME message containing the received frame
1052
1053 IRQL = DISPATCH_LEVEL
1054
1055 ==========================================================================
1056 */
1057 VOID PeerAssocRspAction(
1058 IN PRTMP_ADAPTER pAd,
1059 IN MLME_QUEUE_ELEM *Elem)
1060 {
1061 USHORT CapabilityInfo, Status, Aid;
1062 UCHAR SupRate[MAX_LEN_OF_SUPPORTED_RATES], SupRateLen;
1063 UCHAR ExtRate[MAX_LEN_OF_SUPPORTED_RATES], ExtRateLen;
1064 UCHAR Addr2[MAC_ADDR_LEN];
1065 BOOLEAN TimerCancelled;
1066 UCHAR CkipFlag;
1067 EDCA_PARM EdcaParm;
1068 HT_CAPABILITY_IE HtCapability;
1069 ADD_HT_INFO_IE AddHtInfo; // AP might use this additional ht info IE
1070 UCHAR HtCapabilityLen;
1071 UCHAR AddHtInfoLen;
1072 UCHAR NewExtChannelOffset = 0xff;
1073
1074 if (PeerAssocRspSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &CapabilityInfo, &Status, &Aid, SupRate, &SupRateLen, ExtRate, &ExtRateLen,
1075 &HtCapability,&AddHtInfo, &HtCapabilityLen,&AddHtInfoLen,&NewExtChannelOffset, &EdcaParm, &CkipFlag))
1076 {
1077 // The frame is for me ?
1078 if(MAC_ADDR_EQUAL(Addr2, pAd->MlmeAux.Bssid))
1079 {
1080 DBGPRINT(RT_DEBUG_TRACE, ("PeerAssocRspAction():ASSOC - receive ASSOC_RSP to me (status=%d)\n", Status));
1081 #ifdef DOT11_N_SUPPORT
1082 DBGPRINT(RT_DEBUG_TRACE, ("PeerAssocRspAction():MacTable [%d].AMsduSize = %d. ClientStatusFlags = 0x%lx \n",Elem->Wcid, pAd->MacTab.Content[BSSID_WCID].AMsduSize, pAd->MacTab.Content[BSSID_WCID].ClientStatusFlags));
1083 #endif // DOT11_N_SUPPORT //
1084 RTMPCancelTimer(&pAd->MlmeAux.AssocTimer, &TimerCancelled);
1085 if(Status == MLME_SUCCESS)
1086 {
1087 // go to procedure listed on page 376
1088 AssocPostProc(pAd, Addr2, CapabilityInfo, Aid, SupRate, SupRateLen, ExtRate, ExtRateLen,
1089 &EdcaParm, &HtCapability, HtCapabilityLen, &AddHtInfo);
1090
1091 #ifdef WPA_SUPPLICANT_SUPPORT
1092 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
1093 if (pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE)
1094 {
1095 union iwreq_data wrqu;
1096
1097 SendAssocIEsToWpaSupplicant(pAd);
1098 memset(&wrqu, 0, sizeof(wrqu));
1099 wrqu.data.flags = RT_ASSOC_EVENT_FLAG;
1100 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, NULL);
1101 }
1102 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1103 #endif // WPA_SUPPLICANT_SUPPORT //
1104
1105 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
1106 {
1107 union iwreq_data wrqu;
1108 wext_notify_event_assoc(pAd);
1109
1110 memset(wrqu.ap_addr.sa_data, 0, MAC_ADDR_LEN);
1111 memcpy(wrqu.ap_addr.sa_data, pAd->MlmeAux.Bssid, MAC_ADDR_LEN);
1112 wireless_send_event(pAd->net_dev, SIOCGIWAP, &wrqu, NULL);
1113
1114 }
1115 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1116
1117
1118 pAd->StaCfg.CkipFlag = CkipFlag;
1119 if (CkipFlag & 0x18)
1120 {
1121 NdisZeroMemory(pAd->StaCfg.TxSEQ, 4);
1122 NdisZeroMemory(pAd->StaCfg.RxSEQ, 4);
1123 NdisZeroMemory(pAd->StaCfg.CKIPMIC, 4);
1124 pAd->StaCfg.GIV[0] = RandomByte(pAd);
1125 pAd->StaCfg.GIV[1] = RandomByte(pAd);
1126 pAd->StaCfg.GIV[2] = RandomByte(pAd);
1127 pAd->StaCfg.bCkipOn = TRUE;
1128 DBGPRINT(RT_DEBUG_TRACE, ("<CCX> pAd->StaCfg.CkipFlag = 0x%02x\n", pAd->StaCfg.CkipFlag));
1129 }
1130 }
1131 else
1132 {
1133 // Faile on Association, we need to check the status code
1134 // Is that a Rogue AP?
1135 #ifdef LEAP_SUPPORT
1136 if ((pAd->StaCfg.LeapAuthMode == CISCO_AuthModeLEAP) && (Status == MLME_ALG_NOT_SUPPORT))
1137 { //Possibly Rogue AP
1138 RogueApTableSetEntry(pAd, &pAd->StaCfg.RogueApTab, pAd->MlmeAux.Bssid, LEAP_REASON_INVALID_AUTH);
1139 }
1140 #endif // LEAP_SUPPORT //
1141 }
1142 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1143 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
1144 }
1145 }
1146 else
1147 {
1148 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerAssocRspAction() sanity check fail\n"));
1149 }
1150 }
1151
1152 /*
1153 ==========================================================================
1154 Description:
1155 peer sends reassoc rsp
1156 Parametrs:
1157 Elem - MLME message cntaining the received frame
1158
1159 IRQL = DISPATCH_LEVEL
1160
1161 ==========================================================================
1162 */
1163 VOID PeerReassocRspAction(
1164 IN PRTMP_ADAPTER pAd,
1165 IN MLME_QUEUE_ELEM *Elem)
1166 {
1167 USHORT CapabilityInfo;
1168 USHORT Status;
1169 USHORT Aid;
1170 UCHAR SupRate[MAX_LEN_OF_SUPPORTED_RATES], SupRateLen;
1171 UCHAR ExtRate[MAX_LEN_OF_SUPPORTED_RATES], ExtRateLen;
1172 UCHAR Addr2[MAC_ADDR_LEN];
1173 UCHAR CkipFlag;
1174 BOOLEAN TimerCancelled;
1175 EDCA_PARM EdcaParm;
1176 HT_CAPABILITY_IE HtCapability;
1177 ADD_HT_INFO_IE AddHtInfo; // AP might use this additional ht info IE
1178 UCHAR HtCapabilityLen;
1179 UCHAR AddHtInfoLen;
1180 UCHAR NewExtChannelOffset = 0xff;
1181
1182 if(PeerAssocRspSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &CapabilityInfo, &Status, &Aid, SupRate, &SupRateLen, ExtRate, &ExtRateLen,
1183 &HtCapability, &AddHtInfo, &HtCapabilityLen, &AddHtInfoLen,&NewExtChannelOffset, &EdcaParm, &CkipFlag))
1184 {
1185 if(MAC_ADDR_EQUAL(Addr2, pAd->MlmeAux.Bssid)) // The frame is for me ?
1186 {
1187 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - receive REASSOC_RSP to me (status=%d)\n", Status));
1188 RTMPCancelTimer(&pAd->MlmeAux.ReassocTimer, &TimerCancelled);
1189
1190 if(Status == MLME_SUCCESS)
1191 {
1192 // go to procedure listed on page 376
1193 AssocPostProc(pAd, Addr2, CapabilityInfo, Aid, SupRate, SupRateLen, ExtRate, ExtRateLen,
1194 &EdcaParm, &HtCapability, HtCapabilityLen, &AddHtInfo);
1195
1196 #ifdef WPA_SUPPLICANT_SUPPORT
1197 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
1198 if (pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE)
1199 {
1200 union iwreq_data wrqu;
1201
1202 SendAssocIEsToWpaSupplicant(pAd);
1203 memset(&wrqu, 0, sizeof(wrqu));
1204 wrqu.data.flags = RT_ASSOC_EVENT_FLAG;
1205 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, NULL);
1206 }
1207 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1208 #endif // WPA_SUPPLICANT_SUPPORT //
1209
1210 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
1211 {
1212 union iwreq_data wrqu;
1213 wext_notify_event_assoc(pAd);
1214
1215 memset(wrqu.ap_addr.sa_data, 0, MAC_ADDR_LEN);
1216 memcpy(wrqu.ap_addr.sa_data, pAd->MlmeAux.Bssid, MAC_ADDR_LEN);
1217 wireless_send_event(pAd->net_dev, SIOCGIWAP, &wrqu, NULL);
1218
1219 }
1220 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1221
1222 }
1223
1224 //
1225 // Cisco Leap CCKM supported Re-association.
1226 //
1227 #ifdef LEAP_SUPPORT
1228 if (LEAP_CCKM_ON(pAd) && (pAd->StaCfg.CCKMLinkUpFlag == TRUE))
1229 {
1230 if (CCKMAssocRspSanity(pAd, Elem->Msg, Elem->MsgLen) == TRUE)
1231 {
1232 pAd->StaCfg.CkipFlag = CkipFlag;
1233 if (CkipFlag & 0x18)
1234 {
1235 NdisZeroMemory(pAd->StaCfg.TxSEQ, 4);
1236 NdisZeroMemory(pAd->StaCfg.RxSEQ, 4);
1237 NdisZeroMemory(pAd->StaCfg.CKIPMIC, 4);
1238 pAd->StaCfg.GIV[0] = RandomByte(pAd);
1239 pAd->StaCfg.GIV[1] = RandomByte(pAd);
1240 pAd->StaCfg.GIV[2] = RandomByte(pAd);
1241 pAd->StaCfg.bCkipOn = TRUE;
1242 DBGPRINT(RT_DEBUG_TRACE, ("<CCX> pAd->StaCfg.CkipFlag = 0x%02x\n", pAd->StaCfg.CkipFlag));
1243 }
1244
1245 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1246 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
1247 }
1248 else
1249 {
1250 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - CCKMAssocRspSanity() sanity check fail\n"));
1251 }
1252 }
1253 else
1254 #endif // LEAP_SUPPORT //
1255 {
1256 // CkipFlag is no use for reassociate
1257 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1258 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
1259 }
1260 }
1261 }
1262 else
1263 {
1264 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerReassocRspAction() sanity check fail\n"));
1265 }
1266
1267 }
1268
1269 /*
1270 ==========================================================================
1271 Description:
1272 procedures on IEEE 802.11/1999 p.376
1273 Parametrs:
1274
1275 IRQL = DISPATCH_LEVEL
1276
1277 ==========================================================================
1278 */
1279 VOID AssocPostProc(
1280 IN PRTMP_ADAPTER pAd,
1281 IN PUCHAR pAddr2,
1282 IN USHORT CapabilityInfo,
1283 IN USHORT Aid,
1284 IN UCHAR SupRate[],
1285 IN UCHAR SupRateLen,
1286 IN UCHAR ExtRate[],
1287 IN UCHAR ExtRateLen,
1288 IN PEDCA_PARM pEdcaParm,
1289 IN HT_CAPABILITY_IE *pHtCapability,
1290 IN UCHAR HtCapabilityLen,
1291 IN ADD_HT_INFO_IE *pAddHtInfo) // AP might use this additional ht info IE
1292 {
1293 ULONG Idx;
1294
1295 pAd->MlmeAux.BssType = BSS_INFRA;
1296 COPY_MAC_ADDR(pAd->MlmeAux.Bssid, pAddr2);
1297 pAd->MlmeAux.Aid = Aid;
1298 pAd->MlmeAux.CapabilityInfo = CapabilityInfo & SUPPORTED_CAPABILITY_INFO;
1299 #ifdef DOT11_N_SUPPORT
1300 // Some HT AP might lost WMM IE. We add WMM ourselves. beacuase HT requires QoS on.
1301 if ((HtCapabilityLen > 0) && (pEdcaParm->bValid == FALSE))
1302 {
1303 pEdcaParm->bValid = TRUE;
1304 pEdcaParm->Aifsn[0] = 3;
1305 pEdcaParm->Aifsn[1] = 7;
1306 pEdcaParm->Aifsn[2] = 2;
1307 pEdcaParm->Aifsn[3] = 2;
1308
1309 pEdcaParm->Cwmin[0] = 4;
1310 pEdcaParm->Cwmin[1] = 4;
1311 pEdcaParm->Cwmin[2] = 3;
1312 pEdcaParm->Cwmin[3] = 2;
1313
1314 pEdcaParm->Cwmax[0] = 10;
1315 pEdcaParm->Cwmax[1] = 10;
1316 pEdcaParm->Cwmax[2] = 4;
1317 pEdcaParm->Cwmax[3] = 3;
1318
1319 pEdcaParm->Txop[0] = 0;
1320 pEdcaParm->Txop[1] = 0;
1321 pEdcaParm->Txop[2] = 96;
1322 pEdcaParm->Txop[3] = 48;
1323
1324 }
1325 #endif // DOT11_N_SUPPORT //
1326
1327 NdisMoveMemory(&pAd->MlmeAux.APEdcaParm, pEdcaParm, sizeof(EDCA_PARM));
1328
1329 // filter out un-supported rates
1330 pAd->MlmeAux.SupRateLen = SupRateLen;
1331 NdisMoveMemory(pAd->MlmeAux.SupRate, SupRate, SupRateLen);
1332 RTMPCheckRates(pAd, pAd->MlmeAux.SupRate, &pAd->MlmeAux.SupRateLen);
1333
1334 // filter out un-supported rates
1335 pAd->MlmeAux.ExtRateLen = ExtRateLen;
1336 NdisMoveMemory(pAd->MlmeAux.ExtRate, ExtRate, ExtRateLen);
1337 RTMPCheckRates(pAd, pAd->MlmeAux.ExtRate, &pAd->MlmeAux.ExtRateLen);
1338
1339 #ifdef DOT11_N_SUPPORT
1340 if (HtCapabilityLen > 0)
1341 {
1342 RTMPCheckHt(pAd, BSSID_WCID, pHtCapability, pAddHtInfo);
1343 }
1344 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> AP.AMsduSize = %d. ClientStatusFlags = 0x%lx \n", pAd->MacTab.Content[BSSID_WCID].AMsduSize, pAd->MacTab.Content[BSSID_WCID].ClientStatusFlags));
1345
1346 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> (Mmps=%d, AmsduSize=%d, )\n",
1347 pAd->MacTab.Content[BSSID_WCID].MmpsMode, pAd->MacTab.Content[BSSID_WCID].AMsduSize));
1348 #endif // DOT11_N_SUPPORT //
1349
1350 // Set New WPA information
1351 Idx = BssTableSearch(&pAd->ScanTab, pAddr2, pAd->MlmeAux.Channel);
1352 if (Idx == BSS_NOT_FOUND)
1353 {
1354 DBGPRINT_ERR(("ASSOC - Can't find BSS after receiving Assoc response\n"));
1355 }
1356 else
1357 {
1358 // Init variable
1359 pAd->MacTab.Content[BSSID_WCID].RSNIE_Len = 0;
1360 NdisZeroMemory(pAd->MacTab.Content[BSSID_WCID].RSN_IE, MAX_LEN_OF_RSNIE);
1361
1362 // Store appropriate RSN_IE for WPA SM negotiation later
1363 if ((pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA) && (pAd->ScanTab.BssEntry[Idx].VarIELen != 0))
1364 {
1365 PUCHAR pVIE;
1366 USHORT len;
1367 PEID_STRUCT pEid;
1368
1369 pVIE = pAd->ScanTab.BssEntry[Idx].VarIEs;
1370 len = pAd->ScanTab.BssEntry[Idx].VarIELen;
1371
1372 while (len > 0)
1373 {
1374 pEid = (PEID_STRUCT) pVIE;
1375 // For WPA/WPAPSK
1376 if ((pEid->Eid == IE_WPA) && (NdisEqualMemory(pEid->Octet, WPA_OUI, 4))
1377 && (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA || pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK))
1378 {
1379 NdisMoveMemory(pAd->MacTab.Content[BSSID_WCID].RSN_IE, pVIE, (pEid->Len + 2));
1380 pAd->MacTab.Content[BSSID_WCID].RSNIE_Len = (pEid->Len + 2);
1381 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> Store RSN_IE for WPA SM negotiation \n"));
1382 }
1383 // For WPA2/WPA2PSK
1384 else if ((pEid->Eid == IE_RSN) && (NdisEqualMemory(pEid->Octet + 2, RSN_OUI, 3))
1385 && (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2 || pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK))
1386 {
1387 NdisMoveMemory(pAd->MacTab.Content[BSSID_WCID].RSN_IE, pVIE, (pEid->Len + 2));
1388 pAd->MacTab.Content[BSSID_WCID].RSNIE_Len = (pEid->Len + 2);
1389 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> Store RSN_IE for WPA2 SM negotiation \n"));
1390 }
1391
1392 pVIE += (pEid->Len + 2);
1393 len -= (pEid->Len + 2);
1394 }
1395 }
1396
1397 if (pAd->MacTab.Content[BSSID_WCID].RSNIE_Len == 0)
1398 {
1399 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> no RSN_IE \n"));
1400 }
1401 else
1402 {
1403 hex_dump("RSN_IE", pAd->MacTab.Content[BSSID_WCID].RSN_IE, pAd->MacTab.Content[BSSID_WCID].RSNIE_Len);
1404 }
1405 }
1406 }
1407
1408 /*
1409 ==========================================================================
1410 Description:
1411 left part of IEEE 802.11/1999 p.374
1412 Parameters:
1413 Elem - MLME message containing the received frame
1414
1415 IRQL = DISPATCH_LEVEL
1416
1417 ==========================================================================
1418 */
1419 VOID PeerDisassocAction(
1420 IN PRTMP_ADAPTER pAd,
1421 IN MLME_QUEUE_ELEM *Elem)
1422 {
1423 UCHAR Addr2[MAC_ADDR_LEN];
1424 USHORT Reason;
1425
1426 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerDisassocAction()\n"));
1427 if(PeerDisassocSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Reason))
1428 {
1429 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerDisassocAction() Reason = %d\n", Reason));
1430 if (INFRA_ON(pAd) && MAC_ADDR_EQUAL(pAd->CommonCfg.Bssid, Addr2))
1431 {
1432
1433 if (pAd->CommonCfg.bWirelessEvent)
1434 {
1435 RTMPSendWirelessEvent(pAd, IW_DISASSOC_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
1436 }
1437
1438
1439 #ifdef LEAP_SUPPORT
1440 if (pAd->StaCfg.LeapAuthMode == CISCO_AuthModeLEAP)
1441 {
1442 // Cisco_LEAP has start a timer
1443 // We should cancel it if using LEAP
1444 RTMPCancelTimer(&pAd->StaCfg.LeapAuthTimer, &TimerCancelled);
1445 //Check is it mach the LEAP Authentication failed as possible a Rogue AP
1446 //on it's PortSecured not equal to WPA_802_1X_PORT_SECURED while process the Association.
1447 if ((pAd->Mlme.LeapMachine.CurrState != LEAP_IDLE) && (pAd->StaCfg.PortSecured != WPA_802_1X_PORT_SECURED))
1448 {
1449 RogueApTableSetEntry(pAd, &pAd->StaCfg.RogueApTab, Addr2, LEAP_REASON_AUTH_TIMEOUT);
1450 }
1451 }
1452 #endif // LEAP_SUPPORT //
1453 //
1454 // Get Current System time and Turn on AdjacentAPReport
1455 //
1456 NdisGetSystemUpTime(&pAd->StaCfg.CCXAdjacentAPLinkDownTime);
1457 pAd->StaCfg.CCXAdjacentAPReportFlag = TRUE;
1458 LinkDown(pAd, TRUE);
1459 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1460
1461 #ifdef WPA_SUPPLICANT_SUPPORT
1462 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
1463 if (pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE)
1464 {
1465 union iwreq_data wrqu;
1466 //send disassociate event to wpa_supplicant
1467 memset(&wrqu, 0, sizeof(wrqu));
1468 wrqu.data.flags = RT_DISASSOC_EVENT_FLAG;
1469 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, NULL);
1470 }
1471 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1472 #endif // WPA_SUPPLICANT_SUPPORT //
1473
1474 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
1475 {
1476 union iwreq_data wrqu;
1477 memset(wrqu.ap_addr.sa_data, 0, MAC_ADDR_LEN);
1478 wireless_send_event(pAd->net_dev, SIOCGIWAP, &wrqu, NULL);
1479 }
1480 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1481 }
1482 }
1483 else
1484 {
1485 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerDisassocAction() sanity check fail\n"));
1486 }
1487
1488 }
1489
1490 /*
1491 ==========================================================================
1492 Description:
1493 what the state machine will do after assoc timeout
1494 Parameters:
1495 Elme -
1496
1497 IRQL = DISPATCH_LEVEL
1498
1499 ==========================================================================
1500 */
1501 VOID AssocTimeoutAction(
1502 IN PRTMP_ADAPTER pAd,
1503 IN MLME_QUEUE_ELEM *Elem)
1504 {
1505 USHORT Status;
1506 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - AssocTimeoutAction\n"));
1507 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1508 Status = MLME_REJ_TIMEOUT;
1509 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
1510 }
1511
1512 /*
1513 ==========================================================================
1514 Description:
1515 what the state machine will do after reassoc timeout
1516
1517 IRQL = DISPATCH_LEVEL
1518
1519 ==========================================================================
1520 */
1521 VOID ReassocTimeoutAction(
1522 IN PRTMP_ADAPTER pAd,
1523 IN MLME_QUEUE_ELEM *Elem)
1524 {
1525 USHORT Status;
1526 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - ReassocTimeoutAction\n"));
1527 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1528 Status = MLME_REJ_TIMEOUT;
1529 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
1530 }
1531
1532 /*
1533 ==========================================================================
1534 Description:
1535 what the state machine will do after disassoc timeout
1536
1537 IRQL = DISPATCH_LEVEL
1538
1539 ==========================================================================
1540 */
1541 VOID DisassocTimeoutAction(
1542 IN PRTMP_ADAPTER pAd,
1543 IN MLME_QUEUE_ELEM *Elem)
1544 {
1545 USHORT Status;
1546 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - DisassocTimeoutAction\n"));
1547 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1548 Status = MLME_SUCCESS;
1549 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DISASSOC_CONF, 2, &Status);
1550 }
1551
1552 VOID InvalidStateWhenAssoc(
1553 IN PRTMP_ADAPTER pAd,
1554 IN MLME_QUEUE_ELEM *Elem)
1555 {
1556 USHORT Status;
1557 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - InvalidStateWhenAssoc(state=%ld), reset ASSOC state machine\n",
1558 pAd->Mlme.AssocMachine.CurrState));
1559 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1560 Status = MLME_STATE_MACHINE_REJECT;
1561 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
1562 }
1563
1564 VOID InvalidStateWhenReassoc(
1565 IN PRTMP_ADAPTER pAd,
1566 IN MLME_QUEUE_ELEM *Elem)
1567 {
1568 USHORT Status;
1569 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - InvalidStateWhenReassoc(state=%ld), reset ASSOC state machine\n",
1570 pAd->Mlme.AssocMachine.CurrState));
1571 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1572 Status = MLME_STATE_MACHINE_REJECT;
1573 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
1574 }
1575
1576 VOID InvalidStateWhenDisassociate(
1577 IN PRTMP_ADAPTER pAd,
1578 IN MLME_QUEUE_ELEM *Elem)
1579 {
1580 USHORT Status;
1581 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - InvalidStateWhenDisassoc(state=%ld), reset ASSOC state machine\n",
1582 pAd->Mlme.AssocMachine.CurrState));
1583 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1584 Status = MLME_STATE_MACHINE_REJECT;
1585 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DISASSOC_CONF, 2, &Status);
1586 }
1587
1588 /*
1589 ==========================================================================
1590 Description:
1591 right part of IEEE 802.11/1999 page 374
1592 Note:
1593 This event should never cause ASSOC state machine perform state
1594 transition, and has no relationship with CNTL machine. So we separate
1595 this routine as a service outside of ASSOC state transition table.
1596
1597 IRQL = DISPATCH_LEVEL
1598
1599 ==========================================================================
1600 */
1601 VOID Cls3errAction(
1602 IN PRTMP_ADAPTER pAd,
1603 IN PUCHAR pAddr)
1604 {
1605 HEADER_802_11 DisassocHdr;
1606 PHEADER_802_11 pDisassocHdr;
1607 PUCHAR pOutBuffer = NULL;
1608 ULONG FrameLen = 0;
1609 NDIS_STATUS NStatus;
1610 USHORT Reason = REASON_CLS3ERR;
1611
1612 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); //Get an unused nonpaged memory
1613 if (NStatus != NDIS_STATUS_SUCCESS)
1614 return;
1615
1616 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Class 3 Error, Send DISASSOC frame\n"));
1617 MgtMacHeaderInit(pAd, &DisassocHdr, SUBTYPE_DISASSOC, 0, pAddr, pAd->CommonCfg.Bssid); // patch peap ttls switching issue
1618 MakeOutgoingFrame(pOutBuffer, &FrameLen,
1619 sizeof(HEADER_802_11),&DisassocHdr,
1620 2, &Reason,
1621 END_OF_ARGS);
1622 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
1623
1624 // To patch Instance and Buffalo(N) AP
1625 // Driver has to send deauth to Instance AP, but Buffalo(N) needs to send disassoc to reset Authenticator's state machine
1626 // Therefore, we send both of them.
1627 pDisassocHdr = (PHEADER_802_11)pOutBuffer;
1628 pDisassocHdr->FC.SubType = SUBTYPE_DEAUTH;
1629 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
1630
1631 MlmeFreeMemory(pAd, pOutBuffer);
1632
1633 pAd->StaCfg.DisassocReason = REASON_CLS3ERR;
1634 COPY_MAC_ADDR(pAd->StaCfg.DisassocSta, pAddr);
1635 }
1636
1637 /*
1638 ==========================================================================
1639 Description:
1640 Switch between WEP and CKIP upon new association up.
1641 Parameters:
1642
1643 IRQL = DISPATCH_LEVEL
1644
1645 ==========================================================================
1646 */
1647 VOID SwitchBetweenWepAndCkip(
1648 IN PRTMP_ADAPTER pAd)
1649 {
1650 int i;
1651 SHAREDKEY_MODE_STRUC csr1;
1652
1653 // if KP is required. change the CipherAlg in hardware shard key table from WEP
1654 // to CKIP. else remain as WEP
1655 if (pAd->StaCfg.bCkipOn && (pAd->StaCfg.CkipFlag & 0x10))
1656 {
1657 // modify hardware key table so that MAC use correct algorithm to decrypt RX
1658 RTMP_IO_READ32(pAd, SHARED_KEY_MODE_BASE, &csr1.word);
1659 if (csr1.field.Bss0Key0CipherAlg == CIPHER_WEP64)
1660 csr1.field.Bss0Key0CipherAlg = CIPHER_CKIP64;
1661 else if (csr1.field.Bss0Key0CipherAlg == CIPHER_WEP128)
1662 csr1.field.Bss0Key0CipherAlg = CIPHER_CKIP128;
1663
1664 if (csr1.field.Bss0Key1CipherAlg == CIPHER_WEP64)
1665 csr1.field.Bss0Key1CipherAlg = CIPHER_CKIP64;
1666 else if (csr1.field.Bss0Key1CipherAlg == CIPHER_WEP128)
1667 csr1.field.Bss0Key1CipherAlg = CIPHER_CKIP128;
1668
1669 if (csr1.field.Bss0Key2CipherAlg == CIPHER_WEP64)
1670 csr1.field.Bss0Key2CipherAlg = CIPHER_CKIP64;
1671 else if (csr1.field.Bss0Key2CipherAlg == CIPHER_WEP128)
1672 csr1.field.Bss0Key2CipherAlg = CIPHER_CKIP128;
1673
1674 if (csr1.field.Bss0Key3CipherAlg == CIPHER_WEP64)
1675 csr1.field.Bss0Key3CipherAlg = CIPHER_CKIP64;
1676 else if (csr1.field.Bss0Key3CipherAlg == CIPHER_WEP128)
1677 csr1.field.Bss0Key3CipherAlg = CIPHER_CKIP128;
1678 RTMP_IO_WRITE32(pAd, SHARED_KEY_MODE_BASE, csr1.word);
1679 DBGPRINT(RT_DEBUG_TRACE, ("SwitchBetweenWepAndCkip: modify BSS0 cipher to %s\n", CipherName[csr1.field.Bss0Key0CipherAlg]));
1680
1681 // modify software key table so that driver can specify correct algorithm in TXD upon TX
1682 for (i=0; i<SHARE_KEY_NUM; i++)
1683 {
1684 if (pAd->SharedKey[BSS0][i].CipherAlg == CIPHER_WEP64)
1685 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_CKIP64;
1686 else if (pAd->SharedKey[BSS0][i].CipherAlg == CIPHER_WEP128)
1687 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_CKIP128;
1688 }
1689 }
1690
1691 // else if KP NOT inused. change the CipherAlg in hardware shard key table from CKIP
1692 // to WEP.
1693 else
1694 {
1695 // modify hardware key table so that MAC use correct algorithm to decrypt RX
1696 RTMP_IO_READ32(pAd, SHARED_KEY_MODE_BASE, &csr1.word);
1697 if (csr1.field.Bss0Key0CipherAlg == CIPHER_CKIP64)
1698 csr1.field.Bss0Key0CipherAlg = CIPHER_WEP64;
1699 else if (csr1.field.Bss0Key0CipherAlg == CIPHER_CKIP128)
1700 csr1.field.Bss0Key0CipherAlg = CIPHER_WEP128;
1701
1702 if (csr1.field.Bss0Key1CipherAlg == CIPHER_CKIP64)
1703 csr1.field.Bss0Key1CipherAlg = CIPHER_WEP64;
1704 else if (csr1.field.Bss0Key1CipherAlg == CIPHER_CKIP128)
1705 csr1.field.Bss0Key1CipherAlg = CIPHER_WEP128;
1706
1707 if (csr1.field.Bss0Key2CipherAlg == CIPHER_CKIP64)
1708 csr1.field.Bss0Key2CipherAlg = CIPHER_WEP64;
1709 else if (csr1.field.Bss0Key2CipherAlg == CIPHER_CKIP128)
1710 csr1.field.Bss0Key2CipherAlg = CIPHER_WEP128;
1711
1712 if (csr1.field.Bss0Key3CipherAlg == CIPHER_CKIP64)
1713 csr1.field.Bss0Key3CipherAlg = CIPHER_WEP64;
1714 else if (csr1.field.Bss0Key3CipherAlg == CIPHER_CKIP128)
1715 csr1.field.Bss0Key3CipherAlg = CIPHER_WEP128;
1716
1717 // modify software key table so that driver can specify correct algorithm in TXD upon TX
1718 for (i=0; i<SHARE_KEY_NUM; i++)
1719 {
1720 if (pAd->SharedKey[BSS0][i].CipherAlg == CIPHER_CKIP64)
1721 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_WEP64;
1722 else if (pAd->SharedKey[BSS0][i].CipherAlg == CIPHER_CKIP128)
1723 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_WEP128;
1724 }
1725
1726 //
1727 // On WPA-NONE, must update CipherAlg.
1728 // Because the OID_802_11_WEP_STATUS was been set after OID_802_11_ADD_KEY
1729 // and CipherAlg will be CIPHER_NONE by Windows ZeroConfig.
1730 // So we need to update CipherAlg after connect.
1731 //
1732 if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPANone)
1733 {
1734 for (i = 0; i < SHARE_KEY_NUM; i++)
1735 {
1736 if (pAd->SharedKey[BSS0][i].KeyLen != 0)
1737 {
1738 if (pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled)
1739 {
1740 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_TKIP;
1741 }
1742 else if (pAd->StaCfg.WepStatus == Ndis802_11Encryption3Enabled)
1743 {
1744 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_AES;
1745 }
1746 }
1747 else
1748 {
1749 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_NONE;
1750 }
1751 }
1752
1753 csr1.field.Bss0Key0CipherAlg = pAd->SharedKey[BSS0][0].CipherAlg;
1754 csr1.field.Bss0Key1CipherAlg = pAd->SharedKey[BSS0][1].CipherAlg;
1755 csr1.field.Bss0Key2CipherAlg = pAd->SharedKey[BSS0][2].CipherAlg;
1756 csr1.field.Bss0Key3CipherAlg = pAd->SharedKey[BSS0][3].CipherAlg;
1757 }
1758 RTMP_IO_WRITE32(pAd, SHARED_KEY_MODE_BASE, csr1.word);
1759 DBGPRINT(RT_DEBUG_TRACE, ("SwitchBetweenWepAndCkip: modify BSS0 cipher to %s\n", CipherName[csr1.field.Bss0Key0CipherAlg]));
1760 }
1761 }
1762
1763 #ifdef WPA_SUPPLICANT_SUPPORT
1764 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
1765 VOID SendAssocIEsToWpaSupplicant(
1766 IN PRTMP_ADAPTER pAd)
1767 {
1768 union iwreq_data wrqu;
1769 unsigned char custom[IW_CUSTOM_MAX] = {0};
1770
1771 if ((pAd->StaCfg.ReqVarIELen + 17) <= IW_CUSTOM_MAX)
1772 {
1773 sprintf(custom, "ASSOCINFO_ReqIEs=");
1774 NdisMoveMemory(custom+17, pAd->StaCfg.ReqVarIEs, pAd->StaCfg.ReqVarIELen);
1775 memset(&wrqu, 0, sizeof(wrqu));
1776 wrqu.data.length = pAd->StaCfg.ReqVarIELen + 17;
1777 wrqu.data.flags = RT_REQIE_EVENT_FLAG;
1778 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, custom);
1779
1780 memset(&wrqu, 0, sizeof(wrqu));
1781 wrqu.data.flags = RT_ASSOCINFO_EVENT_FLAG;
1782 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, NULL);
1783 }
1784 else
1785 DBGPRINT(RT_DEBUG_TRACE, ("pAd->StaCfg.ReqVarIELen + 17 > MAX_CUSTOM_LEN\n"));
1786
1787 return;
1788 }
1789 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1790 #endif // WPA_SUPPLICANT_SUPPORT //
1791
1792 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
1793 int wext_notify_event_assoc(
1794 IN RTMP_ADAPTER *pAd)
1795 {
1796 union iwreq_data wrqu;
1797 char custom[IW_CUSTOM_MAX] = {0};
1798
1799 #if WIRELESS_EXT > 17
1800 if (pAd->StaCfg.ReqVarIELen <= IW_CUSTOM_MAX)
1801 {
1802 wrqu.data.length = pAd->StaCfg.ReqVarIELen;
1803 memcpy(custom, pAd->StaCfg.ReqVarIEs, pAd->StaCfg.ReqVarIELen);
1804 wireless_send_event(pAd->net_dev, IWEVASSOCREQIE, &wrqu, custom);
1805 }
1806 else
1807 DBGPRINT(RT_DEBUG_TRACE, ("pAd->StaCfg.ReqVarIELen > MAX_CUSTOM_LEN\n"));
1808 #else
1809 if (((pAd->StaCfg.ReqVarIELen*2) + 17) <= IW_CUSTOM_MAX)
1810 {
1811 UCHAR idx;
1812 wrqu.data.length = (pAd->StaCfg.ReqVarIELen*2) + 17;
1813 sprintf(custom, "ASSOCINFO(ReqIEs=");
1814 for (idx=0; idx<pAd->StaCfg.ReqVarIELen; idx++)
1815 sprintf(custom, "%s%02x", custom, pAd->StaCfg.ReqVarIEs[idx]);
1816 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, custom);
1817 }
1818 else
1819 DBGPRINT(RT_DEBUG_TRACE, ("(pAd->StaCfg.ReqVarIELen*2) + 17 > MAX_CUSTOM_LEN\n"));
1820 #endif
1821
1822 return 0;
1823
1824 }
1825 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1826
Nao low-level kernelspace/userspace library that runs on our robots, Nao-Team HTWK