2 *************************************************************************
4 * 5F., No.36, Taiyuan St., Jhubei City,
8 * (c) Copyright 2002-2007, Ralink Technology, Inc.
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
15 * This program is distributed in the hope that it will be useful, *
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
18 * GNU General Public License for more details. *
20 * You should have received a copy of the GNU General Public License *
21 * along with this program; if not, write to the *
22 * Free Software Foundation, Inc., *
23 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 *************************************************************************
34 -------- ---------- ----------------------------------------------
35 John 2004-9-3 porting from RT2500
37 #include "../rt_config.h"
39 UCHAR CipherWpaTemplate
[] = {
42 0x00, 0x50, 0xf2, 0x01, // oui
43 0x01, 0x00, // Version
44 0x00, 0x50, 0xf2, 0x02, // Multicast
45 0x01, 0x00, // Number of unicast
46 0x00, 0x50, 0xf2, 0x02, // unicast
47 0x01, 0x00, // number of authentication method
48 0x00, 0x50, 0xf2, 0x01 // authentication
51 UCHAR CipherWpa2Template
[] = {
54 0x01, 0x00, // Version
55 0x00, 0x0f, 0xac, 0x02, // group cipher, TKIP
56 0x01, 0x00, // number of pairwise
57 0x00, 0x0f, 0xac, 0x02, // unicast
58 0x01, 0x00, // number of authentication method
59 0x00, 0x0f, 0xac, 0x02, // authentication
60 0x00, 0x00, // RSN capability
63 UCHAR Ccx2IeInfo
[] = { 0x00, 0x40, 0x96, 0x03, 0x02};
66 ==========================================================================
68 association state machine init, including state transition and timer init
70 S - pointer to the association state machine
74 ==========================================================================
76 VOID
AssocStateMachineInit(
79 OUT STATE_MACHINE_FUNC Trans
[])
81 StateMachineInit(S
, Trans
, MAX_ASSOC_STATE
, MAX_ASSOC_MSG
, (STATE_MACHINE_FUNC
)Drop
, ASSOC_IDLE
, ASSOC_MACHINE_BASE
);
84 StateMachineSetAction(S
, ASSOC_IDLE
, MT2_MLME_ASSOC_REQ
, (STATE_MACHINE_FUNC
)MlmeAssocReqAction
);
85 StateMachineSetAction(S
, ASSOC_IDLE
, MT2_MLME_REASSOC_REQ
, (STATE_MACHINE_FUNC
)MlmeReassocReqAction
);
86 StateMachineSetAction(S
, ASSOC_IDLE
, MT2_MLME_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)MlmeDisassocReqAction
);
87 StateMachineSetAction(S
, ASSOC_IDLE
, MT2_PEER_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)PeerDisassocAction
);
90 StateMachineSetAction(S
, ASSOC_WAIT_RSP
, MT2_MLME_ASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenAssoc
);
91 StateMachineSetAction(S
, ASSOC_WAIT_RSP
, MT2_MLME_REASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenReassoc
);
92 StateMachineSetAction(S
, ASSOC_WAIT_RSP
, MT2_MLME_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenDisassociate
);
93 StateMachineSetAction(S
, ASSOC_WAIT_RSP
, MT2_PEER_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)PeerDisassocAction
);
94 StateMachineSetAction(S
, ASSOC_WAIT_RSP
, MT2_PEER_ASSOC_RSP
, (STATE_MACHINE_FUNC
)PeerAssocRspAction
);
96 // Patch 3Com AP MOde:3CRWE454G72
97 // We send Assoc request frame to this AP, it always send Reassoc Rsp not Associate Rsp.
99 StateMachineSetAction(S
, ASSOC_WAIT_RSP
, MT2_PEER_REASSOC_RSP
, (STATE_MACHINE_FUNC
)PeerAssocRspAction
);
100 StateMachineSetAction(S
, ASSOC_WAIT_RSP
, MT2_ASSOC_TIMEOUT
, (STATE_MACHINE_FUNC
)AssocTimeoutAction
);
103 StateMachineSetAction(S
, REASSOC_WAIT_RSP
, MT2_MLME_ASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenAssoc
);
104 StateMachineSetAction(S
, REASSOC_WAIT_RSP
, MT2_MLME_REASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenReassoc
);
105 StateMachineSetAction(S
, REASSOC_WAIT_RSP
, MT2_MLME_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenDisassociate
);
106 StateMachineSetAction(S
, REASSOC_WAIT_RSP
, MT2_PEER_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)PeerDisassocAction
);
107 StateMachineSetAction(S
, REASSOC_WAIT_RSP
, MT2_PEER_REASSOC_RSP
, (STATE_MACHINE_FUNC
)PeerReassocRspAction
);
109 // Patch, AP doesn't send Reassociate Rsp frame to Station.
111 StateMachineSetAction(S
, REASSOC_WAIT_RSP
, MT2_PEER_ASSOC_RSP
, (STATE_MACHINE_FUNC
)PeerReassocRspAction
);
112 StateMachineSetAction(S
, REASSOC_WAIT_RSP
, MT2_REASSOC_TIMEOUT
, (STATE_MACHINE_FUNC
)ReassocTimeoutAction
);
115 StateMachineSetAction(S
, DISASSOC_WAIT_RSP
, MT2_MLME_ASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenAssoc
);
116 StateMachineSetAction(S
, DISASSOC_WAIT_RSP
, MT2_MLME_REASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenReassoc
);
117 StateMachineSetAction(S
, DISASSOC_WAIT_RSP
, MT2_MLME_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)InvalidStateWhenDisassociate
);
118 StateMachineSetAction(S
, DISASSOC_WAIT_RSP
, MT2_PEER_DISASSOC_REQ
, (STATE_MACHINE_FUNC
)PeerDisassocAction
);
119 StateMachineSetAction(S
, DISASSOC_WAIT_RSP
, MT2_DISASSOC_TIMEOUT
, (STATE_MACHINE_FUNC
)DisassocTimeoutAction
);
121 // initialize the timer
122 RTMPInitTimer(pAd
, &pAd
->MlmeAux
.AssocTimer
, GET_TIMER_FUNCTION(AssocTimeout
), pAd
, FALSE
);
123 RTMPInitTimer(pAd
, &pAd
->MlmeAux
.ReassocTimer
, GET_TIMER_FUNCTION(ReassocTimeout
), pAd
, FALSE
);
124 RTMPInitTimer(pAd
, &pAd
->MlmeAux
.DisassocTimer
, GET_TIMER_FUNCTION(DisassocTimeout
), pAd
, FALSE
);
128 ==========================================================================
130 Association timeout procedure. After association timeout, this function
131 will be called and it will put a message into the MLME queue
133 Standard timer parameters
135 IRQL = DISPATCH_LEVEL
137 ==========================================================================
139 VOID
AssocTimeout(IN PVOID SystemSpecific1
,
140 IN PVOID FunctionContext
,
141 IN PVOID SystemSpecific2
,
142 IN PVOID SystemSpecific3
)
144 RTMP_ADAPTER
*pAd
= (RTMP_ADAPTER
*)FunctionContext
;
146 // Do nothing if the driver is starting halt state.
147 // This might happen when timer already been fired before cancel timer with mlmehalt
148 if (RTMP_TEST_FLAG(pAd
, fRTMP_ADAPTER_HALT_IN_PROGRESS
| fRTMP_ADAPTER_NIC_NOT_EXIST
))
151 MlmeEnqueue(pAd
, ASSOC_STATE_MACHINE
, MT2_ASSOC_TIMEOUT
, 0, NULL
);
152 RT28XX_MLME_HANDLER(pAd
);
156 ==========================================================================
158 Reassociation timeout procedure. After reassociation timeout, this
159 function will be called and put a message into the MLME queue
161 Standard timer parameters
163 IRQL = DISPATCH_LEVEL
165 ==========================================================================
167 VOID
ReassocTimeout(IN PVOID SystemSpecific1
,
168 IN PVOID FunctionContext
,
169 IN PVOID SystemSpecific2
,
170 IN PVOID SystemSpecific3
)
172 RTMP_ADAPTER
*pAd
= (RTMP_ADAPTER
*)FunctionContext
;
174 // Do nothing if the driver is starting halt state.
175 // This might happen when timer already been fired before cancel timer with mlmehalt
176 if (RTMP_TEST_FLAG(pAd
, fRTMP_ADAPTER_HALT_IN_PROGRESS
| fRTMP_ADAPTER_NIC_NOT_EXIST
))
179 MlmeEnqueue(pAd
, ASSOC_STATE_MACHINE
, MT2_REASSOC_TIMEOUT
, 0, NULL
);
180 RT28XX_MLME_HANDLER(pAd
);
184 ==========================================================================
186 Disassociation timeout procedure. After disassociation timeout, this
187 function will be called and put a message into the MLME queue
189 Standard timer parameters
191 IRQL = DISPATCH_LEVEL
193 ==========================================================================
195 VOID
DisassocTimeout(IN PVOID SystemSpecific1
,
196 IN PVOID FunctionContext
,
197 IN PVOID SystemSpecific2
,
198 IN PVOID SystemSpecific3
)
200 RTMP_ADAPTER
*pAd
= (RTMP_ADAPTER
*)FunctionContext
;
202 // Do nothing if the driver is starting halt state.
203 // This might happen when timer already been fired before cancel timer with mlmehalt
204 if (RTMP_TEST_FLAG(pAd
, fRTMP_ADAPTER_HALT_IN_PROGRESS
| fRTMP_ADAPTER_NIC_NOT_EXIST
))
207 MlmeEnqueue(pAd
, ASSOC_STATE_MACHINE
, MT2_DISASSOC_TIMEOUT
, 0, NULL
);
208 RT28XX_MLME_HANDLER(pAd
);
212 ==========================================================================
214 mlme assoc req handling procedure
216 Adapter - Adapter pointer
217 Elem - MLME Queue Element
219 the station has been authenticated and the following information is stored in the config
221 -# supported rates and their length
222 -# listen interval (Adapter->StaCfg.default_listen_count)
223 -# Transmit power (Adapter->StaCfg.tx_power)
225 -# An association request frame is generated and sent to the air
226 -# Association timer starts
227 -# Association state -> ASSOC_WAIT_RSP
229 IRQL = DISPATCH_LEVEL
231 ==========================================================================
233 VOID
MlmeAssocReqAction(
234 IN PRTMP_ADAPTER pAd
,
235 IN MLME_QUEUE_ELEM
*Elem
)
238 HEADER_802_11 AssocHdr
;
240 UCHAR WmeIe
[9] = {IE_VENDOR_SPECIFIC
, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00};
243 USHORT CapabilityInfo
;
244 BOOLEAN TimerCancelled
;
245 PUCHAR pOutBuffer
= NULL
;
251 UCHAR CkipNegotiationBuffer
[CKIP_NEGOTIATION_LENGTH
];
252 UCHAR AironetCkipIe
= IE_AIRONET_CKIP
;
253 UCHAR AironetCkipLen
= CKIP_NEGOTIATION_LENGTH
;
254 UCHAR AironetIPAddressIE
= IE_AIRONET_IPADDRESS
;
255 UCHAR AironetIPAddressLen
= AIRONET_IPADDRESS_LENGTH
;
256 UCHAR AironetIPAddressBuffer
[AIRONET_IPADDRESS_LENGTH
] = {0x00, 0x40, 0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00};
259 // Block all authentication request durning WPA block period
260 if (pAd
->StaCfg
.bBlockAssoc
== TRUE
)
262 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - Block Assoc request durning WPA block period!\n"));
263 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
264 Status
= MLME_STATE_MACHINE_REJECT
;
265 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_ASSOC_CONF
, 2, &Status
);
267 // check sanity first
268 else if (MlmeAssocReqSanity(pAd
, Elem
->Msg
, Elem
->MsgLen
, ApAddr
, &CapabilityInfo
, &Timeout
, &ListenIntv
))
270 RTMPCancelTimer(&pAd
->MlmeAux
.AssocTimer
, &TimerCancelled
);
271 COPY_MAC_ADDR(pAd
->MlmeAux
.Bssid
, ApAddr
);
273 // Get an unused nonpaged memory
274 NStatus
= MlmeAllocateMemory(pAd
, &pOutBuffer
);
275 if (NStatus
!= NDIS_STATUS_SUCCESS
)
277 DBGPRINT(RT_DEBUG_TRACE
,("ASSOC - MlmeAssocReqAction() allocate memory failed \n"));
278 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
279 Status
= MLME_FAIL_NO_RESOURCE
;
280 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_ASSOC_CONF
, 2, &Status
);
284 // Add by James 03/06/27
285 pAd
->StaCfg
.AssocInfo
.Length
= sizeof(NDIS_802_11_ASSOCIATION_INFORMATION
);
286 // Association don't need to report MAC address
287 pAd
->StaCfg
.AssocInfo
.AvailableRequestFixedIEs
=
288 NDIS_802_11_AI_REQFI_CAPABILITIES
| NDIS_802_11_AI_REQFI_LISTENINTERVAL
;
289 pAd
->StaCfg
.AssocInfo
.RequestFixedIEs
.Capabilities
= CapabilityInfo
;
290 pAd
->StaCfg
.AssocInfo
.RequestFixedIEs
.ListenInterval
= ListenIntv
;
291 // Only reassociate need this
292 //COPY_MAC_ADDR(pAd->StaCfg.AssocInfo.RequestFixedIEs.CurrentAPAddress, ApAddr);
293 pAd
->StaCfg
.AssocInfo
.OffsetRequestIEs
= sizeof(NDIS_802_11_ASSOCIATION_INFORMATION
);
295 NdisZeroMemory(pAd
->StaCfg
.ReqVarIEs
, MAX_VIE_LEN
);
298 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, &SsidIe
, 1);
300 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, &pAd
->MlmeAux
.SsidLen
, 1);
302 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, pAd
->MlmeAux
.Ssid
, pAd
->MlmeAux
.SsidLen
);
303 VarIesOffset
+= pAd
->MlmeAux
.SsidLen
;
305 // Second add Supported rates
306 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, &SupRateIe
, 1);
308 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, &pAd
->MlmeAux
.SupRateLen
, 1);
310 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, pAd
->MlmeAux
.SupRate
, pAd
->MlmeAux
.SupRateLen
);
311 VarIesOffset
+= pAd
->MlmeAux
.SupRateLen
;
314 if ((pAd
->CommonCfg
.Channel
> 14) &&
315 (pAd
->CommonCfg
.bIEEE80211H
== TRUE
))
316 CapabilityInfo
|= 0x0100;
318 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - Send ASSOC request...\n"));
319 MgtMacHeaderInit(pAd
, &AssocHdr
, SUBTYPE_ASSOC_REQ
, 0, ApAddr
, ApAddr
);
321 // Build basic frame first
322 MakeOutgoingFrame(pOutBuffer
, &FrameLen
,
323 sizeof(HEADER_802_11
), &AssocHdr
,
327 1, &pAd
->MlmeAux
.SsidLen
,
328 pAd
->MlmeAux
.SsidLen
, pAd
->MlmeAux
.Ssid
,
330 1, &pAd
->MlmeAux
.SupRateLen
,
331 pAd
->MlmeAux
.SupRateLen
, pAd
->MlmeAux
.SupRate
,
334 if (pAd
->MlmeAux
.ExtRateLen
!= 0)
336 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
338 1, &pAd
->MlmeAux
.ExtRateLen
,
339 pAd
->MlmeAux
.ExtRateLen
, pAd
->MlmeAux
.ExtRate
,
344 #ifdef DOT11_N_SUPPORT
346 if ((pAd
->MlmeAux
.HtCapabilityLen
> 0) && (pAd
->CommonCfg
.PhyMode
>= PHY_11ABGN_MIXED
))
350 UCHAR BROADCOM
[4] = {0x0, 0x90, 0x4c, 0x33};
351 if (pAd
->StaActive
.SupportedPhyInfo
.bPreNHt
== TRUE
)
353 HtLen
= SIZE_HT_CAP_IE
+ 4;
354 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &TmpLen
,
358 pAd
->MlmeAux
.HtCapabilityLen
, &pAd
->MlmeAux
.HtCapability
,
363 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &TmpLen
,
365 1, &pAd
->MlmeAux
.HtCapabilityLen
,
366 pAd
->MlmeAux
.HtCapabilityLen
, &pAd
->MlmeAux
.HtCapability
,
371 #endif // DOT11_N_SUPPORT //
373 // add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION
374 // Case I: (Aggregation + Piggy-Back)
375 // 1. user enable aggregation, AND
376 // 2. Mac support piggy-back
377 // 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON
378 // Case II: (Aggregation)
379 // 1. user enable aggregation, AND
380 // 2. AP annouces it's AGGREGATION-capable in BEACON
381 if (pAd
->CommonCfg
.bAggregationCapable
)
383 if ((pAd
->CommonCfg
.bPiggyBackCapable
) && ((pAd
->MlmeAux
.APRalinkIe
& 0x00000003) == 3))
386 UCHAR RalinkIe
[9] = {IE_VENDOR_SPECIFIC
, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00};
387 MakeOutgoingFrame(pOutBuffer
+FrameLen
, &TmpLen
,
392 else if (pAd
->MlmeAux
.APRalinkIe
& 0x00000001)
395 UCHAR RalinkIe
[9] = {IE_VENDOR_SPECIFIC
, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00};
396 MakeOutgoingFrame(pOutBuffer
+FrameLen
, &TmpLen
,
405 UCHAR RalinkIe
[9] = {IE_VENDOR_SPECIFIC
, 7, 0x00, 0x0c, 0x43, 0x06, 0x00, 0x00, 0x00};
406 MakeOutgoingFrame(pOutBuffer
+FrameLen
, &TmpLen
,
412 if (pAd
->MlmeAux
.APEdcaParm
.bValid
)
414 if (pAd
->CommonCfg
.bAPSDCapable
&& pAd
->MlmeAux
.APEdcaParm
.bAPSDCapable
)
416 QBSS_STA_INFO_PARM QosInfo
;
418 NdisZeroMemory(&QosInfo
, sizeof(QBSS_STA_INFO_PARM
));
419 QosInfo
.UAPSD_AC_BE
= pAd
->CommonCfg
.bAPSDAC_BE
;
420 QosInfo
.UAPSD_AC_BK
= pAd
->CommonCfg
.bAPSDAC_BK
;
421 QosInfo
.UAPSD_AC_VI
= pAd
->CommonCfg
.bAPSDAC_VI
;
422 QosInfo
.UAPSD_AC_VO
= pAd
->CommonCfg
.bAPSDAC_VO
;
423 QosInfo
.MaxSPLength
= pAd
->CommonCfg
.MaxSPLength
;
424 WmeIe
[8] |= *(PUCHAR
)&QosInfo
;
428 // The Parameter Set Count is set to ¡§0¡¨ in the association request frames
429 // WmeIe[8] |= (pAd->MlmeAux.APEdcaParm.EdcaUpdateCount & 0x0f);
432 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
439 // Let WPA(#221) Element ID on the end of this association frame.
440 // Otherwise some AP will fail on parsing Element ID and set status fail on Assoc Rsp.
441 // For example: Put Vendor Specific IE on the front of WPA IE.
442 // This happens on AP (Model No:Linksys WRK54G)
444 if (((pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPAPSK
) ||
445 (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA2PSK
) ||
446 (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA
) ||
447 (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA2
)
451 UCHAR RSNIe
= IE_WPA
;
453 if ((pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA2PSK
) ||
454 (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA2
))
459 RTMPMakeRSNIE(pAd
, pAd
->StaCfg
.AuthMode
, pAd
->StaCfg
.WepStatus
, BSS0
);
461 // Check for WPA PMK cache list
462 if (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA2
)
465 BOOLEAN FoundPMK
= FALSE
;
466 // Search chched PMKID, append it if existed
467 for (idx
= 0; idx
< PMKID_NO
; idx
++)
469 if (NdisEqualMemory(ApAddr
, &pAd
->StaCfg
.SavedPMK
[idx
].BSSID
, 6))
479 *(PUSHORT
) &pAd
->StaCfg
.RSN_IE
[pAd
->StaCfg
.RSNIE_Len
] = 1;
480 NdisMoveMemory(&pAd
->StaCfg
.RSN_IE
[pAd
->StaCfg
.RSNIE_Len
+ 2], &pAd
->StaCfg
.SavedPMK
[idx
].PMKID
, 16);
481 pAd
->StaCfg
.RSNIE_Len
+= 18;
486 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
488 1, &pAd
->StaCfg
.RSNIE_Len
,
489 pAd
->StaCfg
.RSNIE_Len
, pAd
->StaCfg
.RSN_IE
,
496 // Append Variable IE
497 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, &RSNIe
, 1);
499 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, &pAd
->StaCfg
.RSNIE_Len
, 1);
502 NdisMoveMemory(pAd
->StaCfg
.ReqVarIEs
+ VarIesOffset
, pAd
->StaCfg
.RSN_IE
, pAd
->StaCfg
.RSNIE_Len
);
503 VarIesOffset
+= pAd
->StaCfg
.RSNIE_Len
;
505 // Set Variable IEs Length
506 pAd
->StaCfg
.ReqVarIELen
= VarIesOffset
;
509 // We have update that at PeerBeaconAtJoinRequest()
510 CkipFlag
= pAd
->StaCfg
.CkipFlag
;
513 NdisZeroMemory(CkipNegotiationBuffer
, CKIP_NEGOTIATION_LENGTH
);
514 CkipNegotiationBuffer
[2] = 0x66;
515 // Make it try KP & MIC, since we have to follow the result from AssocRsp
516 CkipNegotiationBuffer
[8] = 0x18;
517 CkipNegotiationBuffer
[CKIP_NEGOTIATION_LENGTH
- 1] = 0x22;
520 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
523 AironetCkipLen
, CkipNegotiationBuffer
,
528 // Add CCX v2 request if CCX2 admin state is on
529 if (pAd
->StaCfg
.CCXControl
.field
.Enable
== 1)
533 // Add AironetIPAddressIE for Cisco CCX 2.X
536 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
537 1, &AironetIPAddressIE
,
538 1, &AironetIPAddressLen
,
539 AironetIPAddressLen
, AironetIPAddressBuffer
,
546 // Add by James 03/06/27
547 // Set Variable IEs Length
548 pAd
->StaCfg
.ReqVarIELen
= VarIesOffset
;
549 pAd
->StaCfg
.AssocInfo
.RequestIELength
= VarIesOffset
;
551 // OffsetResponseIEs follow ReqVarIE
552 pAd
->StaCfg
.AssocInfo
.OffsetResponseIEs
= sizeof(NDIS_802_11_ASSOCIATION_INFORMATION
) + pAd
->StaCfg
.ReqVarIELen
;
557 MiniportMMRequest(pAd
, 0, pOutBuffer
, FrameLen
);
558 MlmeFreeMemory(pAd
, pOutBuffer
);
560 RTMPSetTimer(&pAd
->MlmeAux
.AssocTimer
, Timeout
);
561 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_WAIT_RSP
;
565 DBGPRINT(RT_DEBUG_TRACE
,("ASSOC - MlmeAssocReqAction() sanity check failed. BUG!!!!!! \n"));
566 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
567 Status
= MLME_INVALID_FORMAT
;
568 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_ASSOC_CONF
, 2, &Status
);
574 ==========================================================================
576 mlme reassoc req handling procedure
580 -# SSID (Adapter->StaCfg.ssid[])
581 -# BSSID (AP address, Adapter->StaCfg.bssid)
582 -# Supported rates (Adapter->StaCfg.supported_rates[])
583 -# Supported rates length (Adapter->StaCfg.supported_rates_len)
584 -# Tx power (Adapter->StaCfg.tx_power)
586 IRQL = DISPATCH_LEVEL
588 ==========================================================================
590 VOID
MlmeReassocReqAction(
591 IN PRTMP_ADAPTER pAd
,
592 IN MLME_QUEUE_ELEM
*Elem
)
595 HEADER_802_11 ReassocHdr
;
597 UCHAR WmeIe
[9] = {IE_VENDOR_SPECIFIC
, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00};
598 USHORT CapabilityInfo
, ListenIntv
;
601 BOOLEAN TimerCancelled
;
604 PUCHAR pOutBuffer
= NULL
;
607 // Block all authentication request durning WPA block period
608 if (pAd
->StaCfg
.bBlockAssoc
== TRUE
)
610 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - Block ReAssoc request durning WPA block period!\n"));
611 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
612 Status
= MLME_STATE_MACHINE_REJECT
;
613 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_REASSOC_CONF
, 2, &Status
);
615 // the parameters are the same as the association
616 else if(MlmeAssocReqSanity(pAd
, Elem
->Msg
, Elem
->MsgLen
, ApAddr
, &CapabilityInfo
, &Timeout
, &ListenIntv
))
618 RTMPCancelTimer(&pAd
->MlmeAux
.ReassocTimer
, &TimerCancelled
);
620 NStatus
= MlmeAllocateMemory(pAd
, &pOutBuffer
); //Get an unused nonpaged memory
621 if(NStatus
!= NDIS_STATUS_SUCCESS
)
623 DBGPRINT(RT_DEBUG_TRACE
,("ASSOC - MlmeReassocReqAction() allocate memory failed \n"));
624 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
625 Status
= MLME_FAIL_NO_RESOURCE
;
626 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_REASSOC_CONF
, 2, &Status
);
630 COPY_MAC_ADDR(pAd
->MlmeAux
.Bssid
, ApAddr
);
632 // make frame, use bssid as the AP address??
633 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - Send RE-ASSOC request...\n"));
634 MgtMacHeaderInit(pAd
, &ReassocHdr
, SUBTYPE_REASSOC_REQ
, 0, ApAddr
, ApAddr
);
635 MakeOutgoingFrame(pOutBuffer
, &FrameLen
,
636 sizeof(HEADER_802_11
), &ReassocHdr
,
639 MAC_ADDR_LEN
, ApAddr
,
641 1, &pAd
->MlmeAux
.SsidLen
,
642 pAd
->MlmeAux
.SsidLen
, pAd
->MlmeAux
.Ssid
,
644 1, &pAd
->MlmeAux
.SupRateLen
,
645 pAd
->MlmeAux
.SupRateLen
, pAd
->MlmeAux
.SupRate
,
648 if (pAd
->MlmeAux
.ExtRateLen
!= 0)
650 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
652 1, &pAd
->MlmeAux
.ExtRateLen
,
653 pAd
->MlmeAux
.ExtRateLen
, pAd
->MlmeAux
.ExtRate
,
658 if (pAd
->MlmeAux
.APEdcaParm
.bValid
)
660 if (pAd
->CommonCfg
.bAPSDCapable
&& pAd
->MlmeAux
.APEdcaParm
.bAPSDCapable
)
662 QBSS_STA_INFO_PARM QosInfo
;
664 NdisZeroMemory(&QosInfo
, sizeof(QBSS_STA_INFO_PARM
));
665 QosInfo
.UAPSD_AC_BE
= pAd
->CommonCfg
.bAPSDAC_BE
;
666 QosInfo
.UAPSD_AC_BK
= pAd
->CommonCfg
.bAPSDAC_BK
;
667 QosInfo
.UAPSD_AC_VI
= pAd
->CommonCfg
.bAPSDAC_VI
;
668 QosInfo
.UAPSD_AC_VO
= pAd
->CommonCfg
.bAPSDAC_VO
;
669 QosInfo
.MaxSPLength
= pAd
->CommonCfg
.MaxSPLength
;
670 WmeIe
[8] |= *(PUCHAR
)&QosInfo
;
673 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
679 #ifdef DOT11_N_SUPPORT
681 if ((pAd
->MlmeAux
.HtCapabilityLen
> 0) && (pAd
->CommonCfg
.PhyMode
>= PHY_11ABGN_MIXED
))
685 UCHAR BROADCOM
[4] = {0x0, 0x90, 0x4c, 0x33};
686 if (pAd
->StaActive
.SupportedPhyInfo
.bPreNHt
== TRUE
)
688 HtLen
= SIZE_HT_CAP_IE
+ 4;
689 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &TmpLen
,
693 pAd
->MlmeAux
.HtCapabilityLen
, &pAd
->MlmeAux
.HtCapability
,
698 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &TmpLen
,
700 1, &pAd
->MlmeAux
.HtCapabilityLen
,
701 pAd
->MlmeAux
.HtCapabilityLen
, &pAd
->MlmeAux
.HtCapability
,
706 #endif // DOT11_N_SUPPORT //
708 // add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION
709 // Case I: (Aggregation + Piggy-Back)
710 // 1. user enable aggregation, AND
711 // 2. Mac support piggy-back
712 // 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON
713 // Case II: (Aggregation)
714 // 1. user enable aggregation, AND
715 // 2. AP annouces it's AGGREGATION-capable in BEACON
716 if (pAd
->CommonCfg
.bAggregationCapable
)
718 if ((pAd
->CommonCfg
.bPiggyBackCapable
) && ((pAd
->MlmeAux
.APRalinkIe
& 0x00000003) == 3))
721 UCHAR RalinkIe
[9] = {IE_VENDOR_SPECIFIC
, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00};
722 MakeOutgoingFrame(pOutBuffer
+FrameLen
, &TmpLen
,
727 else if (pAd
->MlmeAux
.APRalinkIe
& 0x00000001)
730 UCHAR RalinkIe
[9] = {IE_VENDOR_SPECIFIC
, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00};
731 MakeOutgoingFrame(pOutBuffer
+FrameLen
, &TmpLen
,
740 UCHAR RalinkIe
[9] = {IE_VENDOR_SPECIFIC
, 7, 0x00, 0x0c, 0x43, 0x04, 0x00, 0x00, 0x00};
741 MakeOutgoingFrame(pOutBuffer
+FrameLen
, &TmpLen
,
747 // Add CCX v2 request if CCX2 admin state is on
748 if (pAd
->StaCfg
.CCXControl
.field
.Enable
== 1)
753 MakeOutgoingFrame(pOutBuffer
+ FrameLen
, &tmp
,
761 MiniportMMRequest(pAd
, 0, pOutBuffer
, FrameLen
);
762 MlmeFreeMemory(pAd
, pOutBuffer
);
764 RTMPSetTimer(&pAd
->MlmeAux
.ReassocTimer
, Timeout
); /* in mSec */
765 pAd
->Mlme
.AssocMachine
.CurrState
= REASSOC_WAIT_RSP
;
769 DBGPRINT(RT_DEBUG_TRACE
,("ASSOC - MlmeReassocReqAction() sanity check failed. BUG!!!! \n"));
770 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
771 Status
= MLME_INVALID_FORMAT
;
772 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_REASSOC_CONF
, 2, &Status
);
777 ==========================================================================
779 Upper layer issues disassoc request
785 ==========================================================================
787 VOID
MlmeDisassocReqAction(
788 IN PRTMP_ADAPTER pAd
,
789 IN MLME_QUEUE_ELEM
*Elem
)
791 PMLME_DISASSOC_REQ_STRUCT pDisassocReq
;
792 HEADER_802_11 DisassocHdr
;
793 PHEADER_802_11 pDisassocHdr
;
794 PUCHAR pOutBuffer
= NULL
;
797 BOOLEAN TimerCancelled
;
802 pDisassocReq
= (PMLME_DISASSOC_REQ_STRUCT
)(Elem
->Msg
);
804 NStatus
= MlmeAllocateMemory(pAd
, &pOutBuffer
); //Get an unused nonpaged memory
805 if (NStatus
!= NDIS_STATUS_SUCCESS
)
807 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - MlmeDisassocReqAction() allocate memory failed\n"));
808 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
809 Status
= MLME_FAIL_NO_RESOURCE
;
810 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_DISASSOC_CONF
, 2, &Status
);
816 RTMPCancelTimer(&pAd
->MlmeAux
.DisassocTimer
, &TimerCancelled
);
818 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - Send DISASSOC request[BSSID::%02x:%02x:%02x:%02x:%02x:%02x (Reason=%d)\n",
819 pDisassocReq
->Addr
[0], pDisassocReq
->Addr
[1], pDisassocReq
->Addr
[2],
820 pDisassocReq
->Addr
[3], pDisassocReq
->Addr
[4], pDisassocReq
->Addr
[5], pDisassocReq
->Reason
));
821 MgtMacHeaderInit(pAd
, &DisassocHdr
, SUBTYPE_DISASSOC
, 0, pDisassocReq
->Addr
, pDisassocReq
->Addr
); // patch peap ttls switching issue
822 MakeOutgoingFrame(pOutBuffer
, &FrameLen
,
823 sizeof(HEADER_802_11
),&DisassocHdr
,
824 2, &pDisassocReq
->Reason
,
826 MiniportMMRequest(pAd
, 0, pOutBuffer
, FrameLen
);
828 // To patch Instance and Buffalo(N) AP
829 // Driver has to send deauth to Instance AP, but Buffalo(N) needs to send disassoc to reset Authenticator's state machine
830 // Therefore, we send both of them.
831 pDisassocHdr
= (PHEADER_802_11
)pOutBuffer
;
832 pDisassocHdr
->FC
.SubType
= SUBTYPE_DEAUTH
;
833 MiniportMMRequest(pAd
, 0, pOutBuffer
, FrameLen
);
835 MlmeFreeMemory(pAd
, pOutBuffer
);
837 pAd
->StaCfg
.DisassocReason
= REASON_DISASSOC_STA_LEAVING
;
838 COPY_MAC_ADDR(pAd
->StaCfg
.DisassocSta
, pDisassocReq
->Addr
);
840 RTMPSetTimer(&pAd
->MlmeAux
.DisassocTimer
, Timeout
); /* in mSec */
841 pAd
->Mlme
.AssocMachine
.CurrState
= DISASSOC_WAIT_RSP
;
844 union iwreq_data wrqu
;
845 memset(wrqu
.ap_addr
.sa_data
, 0, MAC_ADDR_LEN
);
846 wireless_send_event(pAd
->net_dev
, SIOCGIWAP
, &wrqu
, NULL
);
851 ==========================================================================
853 peer sends assoc rsp back
855 Elme - MLME message containing the received frame
857 IRQL = DISPATCH_LEVEL
859 ==========================================================================
861 VOID
PeerAssocRspAction(
862 IN PRTMP_ADAPTER pAd
,
863 IN MLME_QUEUE_ELEM
*Elem
)
865 USHORT CapabilityInfo
, Status
, Aid
;
866 UCHAR SupRate
[MAX_LEN_OF_SUPPORTED_RATES
], SupRateLen
;
867 UCHAR ExtRate
[MAX_LEN_OF_SUPPORTED_RATES
], ExtRateLen
;
868 UCHAR Addr2
[MAC_ADDR_LEN
];
869 BOOLEAN TimerCancelled
;
872 HT_CAPABILITY_IE HtCapability
;
873 ADD_HT_INFO_IE AddHtInfo
; // AP might use this additional ht info IE
874 UCHAR HtCapabilityLen
;
876 UCHAR NewExtChannelOffset
= 0xff;
878 if (PeerAssocRspSanity(pAd
, Elem
->Msg
, Elem
->MsgLen
, Addr2
, &CapabilityInfo
, &Status
, &Aid
, SupRate
, &SupRateLen
, ExtRate
, &ExtRateLen
,
879 &HtCapability
,&AddHtInfo
, &HtCapabilityLen
,&AddHtInfoLen
,&NewExtChannelOffset
, &EdcaParm
, &CkipFlag
))
881 // The frame is for me ?
882 if(MAC_ADDR_EQUAL(Addr2
, pAd
->MlmeAux
.Bssid
))
884 DBGPRINT(RT_DEBUG_TRACE
, ("PeerAssocRspAction():ASSOC - receive ASSOC_RSP to me (status=%d)\n", Status
));
885 #ifdef DOT11_N_SUPPORT
886 DBGPRINT(RT_DEBUG_TRACE
, ("PeerAssocRspAction():MacTable [%d].AMsduSize = %d. ClientStatusFlags = 0x%lx \n",Elem
->Wcid
, pAd
->MacTab
.Content
[BSSID_WCID
].AMsduSize
, pAd
->MacTab
.Content
[BSSID_WCID
].ClientStatusFlags
));
887 #endif // DOT11_N_SUPPORT //
888 RTMPCancelTimer(&pAd
->MlmeAux
.AssocTimer
, &TimerCancelled
);
889 if(Status
== MLME_SUCCESS
)
891 // go to procedure listed on page 376
892 AssocPostProc(pAd
, Addr2
, CapabilityInfo
, Aid
, SupRate
, SupRateLen
, ExtRate
, ExtRateLen
,
893 &EdcaParm
, &HtCapability
, HtCapabilityLen
, &AddHtInfo
);
896 union iwreq_data wrqu
;
897 wext_notify_event_assoc(pAd
);
899 memset(wrqu
.ap_addr
.sa_data
, 0, MAC_ADDR_LEN
);
900 memcpy(wrqu
.ap_addr
.sa_data
, pAd
->MlmeAux
.Bssid
, MAC_ADDR_LEN
);
901 wireless_send_event(pAd
->net_dev
, SIOCGIWAP
, &wrqu
, NULL
);
905 pAd
->StaCfg
.CkipFlag
= CkipFlag
;
908 NdisZeroMemory(pAd
->StaCfg
.TxSEQ
, 4);
909 NdisZeroMemory(pAd
->StaCfg
.RxSEQ
, 4);
910 NdisZeroMemory(pAd
->StaCfg
.CKIPMIC
, 4);
911 pAd
->StaCfg
.GIV
[0] = RandomByte(pAd
);
912 pAd
->StaCfg
.GIV
[1] = RandomByte(pAd
);
913 pAd
->StaCfg
.GIV
[2] = RandomByte(pAd
);
914 pAd
->StaCfg
.bCkipOn
= TRUE
;
915 DBGPRINT(RT_DEBUG_TRACE
, ("<CCX> pAd->StaCfg.CkipFlag = 0x%02x\n", pAd
->StaCfg
.CkipFlag
));
921 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
922 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_ASSOC_CONF
, 2, &Status
);
927 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - PeerAssocRspAction() sanity check fail\n"));
932 ==========================================================================
934 peer sends reassoc rsp
936 Elem - MLME message cntaining the received frame
938 IRQL = DISPATCH_LEVEL
940 ==========================================================================
942 VOID
PeerReassocRspAction(
943 IN PRTMP_ADAPTER pAd
,
944 IN MLME_QUEUE_ELEM
*Elem
)
946 USHORT CapabilityInfo
;
949 UCHAR SupRate
[MAX_LEN_OF_SUPPORTED_RATES
], SupRateLen
;
950 UCHAR ExtRate
[MAX_LEN_OF_SUPPORTED_RATES
], ExtRateLen
;
951 UCHAR Addr2
[MAC_ADDR_LEN
];
953 BOOLEAN TimerCancelled
;
955 HT_CAPABILITY_IE HtCapability
;
956 ADD_HT_INFO_IE AddHtInfo
; // AP might use this additional ht info IE
957 UCHAR HtCapabilityLen
;
959 UCHAR NewExtChannelOffset
= 0xff;
961 if(PeerAssocRspSanity(pAd
, Elem
->Msg
, Elem
->MsgLen
, Addr2
, &CapabilityInfo
, &Status
, &Aid
, SupRate
, &SupRateLen
, ExtRate
, &ExtRateLen
,
962 &HtCapability
, &AddHtInfo
, &HtCapabilityLen
, &AddHtInfoLen
,&NewExtChannelOffset
, &EdcaParm
, &CkipFlag
))
964 if(MAC_ADDR_EQUAL(Addr2
, pAd
->MlmeAux
.Bssid
)) // The frame is for me ?
966 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - receive REASSOC_RSP to me (status=%d)\n", Status
));
967 RTMPCancelTimer(&pAd
->MlmeAux
.ReassocTimer
, &TimerCancelled
);
969 if(Status
== MLME_SUCCESS
)
971 // go to procedure listed on page 376
972 AssocPostProc(pAd
, Addr2
, CapabilityInfo
, Aid
, SupRate
, SupRateLen
, ExtRate
, ExtRateLen
,
973 &EdcaParm
, &HtCapability
, HtCapabilityLen
, &AddHtInfo
);
976 union iwreq_data wrqu
;
977 wext_notify_event_assoc(pAd
);
979 memset(wrqu
.ap_addr
.sa_data
, 0, MAC_ADDR_LEN
);
980 memcpy(wrqu
.ap_addr
.sa_data
, pAd
->MlmeAux
.Bssid
, MAC_ADDR_LEN
);
981 wireless_send_event(pAd
->net_dev
, SIOCGIWAP
, &wrqu
, NULL
);
988 // CkipFlag is no use for reassociate
989 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
990 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_REASSOC_CONF
, 2, &Status
);
996 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - PeerReassocRspAction() sanity check fail\n"));
1002 ==========================================================================
1004 procedures on IEEE 802.11/1999 p.376
1007 IRQL = DISPATCH_LEVEL
1009 ==========================================================================
1012 IN PRTMP_ADAPTER pAd
,
1014 IN USHORT CapabilityInfo
,
1017 IN UCHAR SupRateLen
,
1019 IN UCHAR ExtRateLen
,
1020 IN PEDCA_PARM pEdcaParm
,
1021 IN HT_CAPABILITY_IE
*pHtCapability
,
1022 IN UCHAR HtCapabilityLen
,
1023 IN ADD_HT_INFO_IE
*pAddHtInfo
) // AP might use this additional ht info IE
1027 pAd
->MlmeAux
.BssType
= BSS_INFRA
;
1028 COPY_MAC_ADDR(pAd
->MlmeAux
.Bssid
, pAddr2
);
1029 pAd
->MlmeAux
.Aid
= Aid
;
1030 pAd
->MlmeAux
.CapabilityInfo
= CapabilityInfo
& SUPPORTED_CAPABILITY_INFO
;
1031 #ifdef DOT11_N_SUPPORT
1032 // Some HT AP might lost WMM IE. We add WMM ourselves. beacuase HT requires QoS on.
1033 if ((HtCapabilityLen
> 0) && (pEdcaParm
->bValid
== FALSE
))
1035 pEdcaParm
->bValid
= TRUE
;
1036 pEdcaParm
->Aifsn
[0] = 3;
1037 pEdcaParm
->Aifsn
[1] = 7;
1038 pEdcaParm
->Aifsn
[2] = 2;
1039 pEdcaParm
->Aifsn
[3] = 2;
1041 pEdcaParm
->Cwmin
[0] = 4;
1042 pEdcaParm
->Cwmin
[1] = 4;
1043 pEdcaParm
->Cwmin
[2] = 3;
1044 pEdcaParm
->Cwmin
[3] = 2;
1046 pEdcaParm
->Cwmax
[0] = 10;
1047 pEdcaParm
->Cwmax
[1] = 10;
1048 pEdcaParm
->Cwmax
[2] = 4;
1049 pEdcaParm
->Cwmax
[3] = 3;
1051 pEdcaParm
->Txop
[0] = 0;
1052 pEdcaParm
->Txop
[1] = 0;
1053 pEdcaParm
->Txop
[2] = 96;
1054 pEdcaParm
->Txop
[3] = 48;
1057 #endif // DOT11_N_SUPPORT //
1059 NdisMoveMemory(&pAd
->MlmeAux
.APEdcaParm
, pEdcaParm
, sizeof(EDCA_PARM
));
1061 // filter out un-supported rates
1062 pAd
->MlmeAux
.SupRateLen
= SupRateLen
;
1063 NdisMoveMemory(pAd
->MlmeAux
.SupRate
, SupRate
, SupRateLen
);
1064 RTMPCheckRates(pAd
, pAd
->MlmeAux
.SupRate
, &pAd
->MlmeAux
.SupRateLen
);
1066 // filter out un-supported rates
1067 pAd
->MlmeAux
.ExtRateLen
= ExtRateLen
;
1068 NdisMoveMemory(pAd
->MlmeAux
.ExtRate
, ExtRate
, ExtRateLen
);
1069 RTMPCheckRates(pAd
, pAd
->MlmeAux
.ExtRate
, &pAd
->MlmeAux
.ExtRateLen
);
1071 #ifdef DOT11_N_SUPPORT
1072 if (HtCapabilityLen
> 0)
1074 RTMPCheckHt(pAd
, BSSID_WCID
, pHtCapability
, pAddHtInfo
);
1076 DBGPRINT(RT_DEBUG_TRACE
, ("AssocPostProc===> AP.AMsduSize = %d. ClientStatusFlags = 0x%lx \n", pAd
->MacTab
.Content
[BSSID_WCID
].AMsduSize
, pAd
->MacTab
.Content
[BSSID_WCID
].ClientStatusFlags
));
1078 DBGPRINT(RT_DEBUG_TRACE
, ("AssocPostProc===> (Mmps=%d, AmsduSize=%d, )\n",
1079 pAd
->MacTab
.Content
[BSSID_WCID
].MmpsMode
, pAd
->MacTab
.Content
[BSSID_WCID
].AMsduSize
));
1080 #endif // DOT11_N_SUPPORT //
1082 // Set New WPA information
1083 Idx
= BssTableSearch(&pAd
->ScanTab
, pAddr2
, pAd
->MlmeAux
.Channel
);
1084 if (Idx
== BSS_NOT_FOUND
)
1086 DBGPRINT_ERR(("ASSOC - Can't find BSS after receiving Assoc response\n"));
1091 pAd
->MacTab
.Content
[BSSID_WCID
].RSNIE_Len
= 0;
1092 NdisZeroMemory(pAd
->MacTab
.Content
[BSSID_WCID
].RSN_IE
, MAX_LEN_OF_RSNIE
);
1094 // Store appropriate RSN_IE for WPA SM negotiation later
1095 if ((pAd
->StaCfg
.AuthMode
>= Ndis802_11AuthModeWPA
) && (pAd
->ScanTab
.BssEntry
[Idx
].VarIELen
!= 0))
1101 pVIE
= pAd
->ScanTab
.BssEntry
[Idx
].VarIEs
;
1102 len
= pAd
->ScanTab
.BssEntry
[Idx
].VarIELen
;
1106 pEid
= (PEID_STRUCT
) pVIE
;
1108 if ((pEid
->Eid
== IE_WPA
) && (NdisEqualMemory(pEid
->Octet
, WPA_OUI
, 4))
1109 && (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA
|| pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPAPSK
))
1111 NdisMoveMemory(pAd
->MacTab
.Content
[BSSID_WCID
].RSN_IE
, pVIE
, (pEid
->Len
+ 2));
1112 pAd
->MacTab
.Content
[BSSID_WCID
].RSNIE_Len
= (pEid
->Len
+ 2);
1113 DBGPRINT(RT_DEBUG_TRACE
, ("AssocPostProc===> Store RSN_IE for WPA SM negotiation \n"));
1116 else if ((pEid
->Eid
== IE_RSN
) && (NdisEqualMemory(pEid
->Octet
+ 2, RSN_OUI
, 3))
1117 && (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA2
|| pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPA2PSK
))
1119 NdisMoveMemory(pAd
->MacTab
.Content
[BSSID_WCID
].RSN_IE
, pVIE
, (pEid
->Len
+ 2));
1120 pAd
->MacTab
.Content
[BSSID_WCID
].RSNIE_Len
= (pEid
->Len
+ 2);
1121 DBGPRINT(RT_DEBUG_TRACE
, ("AssocPostProc===> Store RSN_IE for WPA2 SM negotiation \n"));
1124 pVIE
+= (pEid
->Len
+ 2);
1125 len
-= (pEid
->Len
+ 2);
1129 if (pAd
->MacTab
.Content
[BSSID_WCID
].RSNIE_Len
== 0)
1131 DBGPRINT(RT_DEBUG_TRACE
, ("AssocPostProc===> no RSN_IE \n"));
1135 hex_dump("RSN_IE", pAd
->MacTab
.Content
[BSSID_WCID
].RSN_IE
, pAd
->MacTab
.Content
[BSSID_WCID
].RSNIE_Len
);
1141 ==========================================================================
1143 left part of IEEE 802.11/1999 p.374
1145 Elem - MLME message containing the received frame
1147 IRQL = DISPATCH_LEVEL
1149 ==========================================================================
1151 VOID
PeerDisassocAction(
1152 IN PRTMP_ADAPTER pAd
,
1153 IN MLME_QUEUE_ELEM
*Elem
)
1155 UCHAR Addr2
[MAC_ADDR_LEN
];
1158 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - PeerDisassocAction()\n"));
1159 if(PeerDisassocSanity(pAd
, Elem
->Msg
, Elem
->MsgLen
, Addr2
, &Reason
))
1161 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - PeerDisassocAction() Reason = %d\n", Reason
));
1162 if (INFRA_ON(pAd
) && MAC_ADDR_EQUAL(pAd
->CommonCfg
.Bssid
, Addr2
))
1165 if (pAd
->CommonCfg
.bWirelessEvent
)
1167 RTMPSendWirelessEvent(pAd
, IW_DISASSOC_EVENT_FLAG
, pAd
->MacTab
.Content
[BSSID_WCID
].Addr
, BSS0
, 0);
1171 // Get Current System time and Turn on AdjacentAPReport
1173 NdisGetSystemUpTime(&pAd
->StaCfg
.CCXAdjacentAPLinkDownTime
);
1174 pAd
->StaCfg
.CCXAdjacentAPReportFlag
= TRUE
;
1175 LinkDown(pAd
, TRUE
);
1176 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1179 union iwreq_data wrqu
;
1180 memset(wrqu
.ap_addr
.sa_data
, 0, MAC_ADDR_LEN
);
1181 wireless_send_event(pAd
->net_dev
, SIOCGIWAP
, &wrqu
, NULL
);
1187 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - PeerDisassocAction() sanity check fail\n"));
1193 ==========================================================================
1195 what the state machine will do after assoc timeout
1199 IRQL = DISPATCH_LEVEL
1201 ==========================================================================
1203 VOID
AssocTimeoutAction(
1204 IN PRTMP_ADAPTER pAd
,
1205 IN MLME_QUEUE_ELEM
*Elem
)
1208 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - AssocTimeoutAction\n"));
1209 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1210 Status
= MLME_REJ_TIMEOUT
;
1211 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_ASSOC_CONF
, 2, &Status
);
1215 ==========================================================================
1217 what the state machine will do after reassoc timeout
1219 IRQL = DISPATCH_LEVEL
1221 ==========================================================================
1223 VOID
ReassocTimeoutAction(
1224 IN PRTMP_ADAPTER pAd
,
1225 IN MLME_QUEUE_ELEM
*Elem
)
1228 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - ReassocTimeoutAction\n"));
1229 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1230 Status
= MLME_REJ_TIMEOUT
;
1231 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_REASSOC_CONF
, 2, &Status
);
1235 ==========================================================================
1237 what the state machine will do after disassoc timeout
1239 IRQL = DISPATCH_LEVEL
1241 ==========================================================================
1243 VOID
DisassocTimeoutAction(
1244 IN PRTMP_ADAPTER pAd
,
1245 IN MLME_QUEUE_ELEM
*Elem
)
1248 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - DisassocTimeoutAction\n"));
1249 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1250 Status
= MLME_SUCCESS
;
1251 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_DISASSOC_CONF
, 2, &Status
);
1254 VOID
InvalidStateWhenAssoc(
1255 IN PRTMP_ADAPTER pAd
,
1256 IN MLME_QUEUE_ELEM
*Elem
)
1259 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - InvalidStateWhenAssoc(state=%ld), reset ASSOC state machine\n",
1260 pAd
->Mlme
.AssocMachine
.CurrState
));
1261 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1262 Status
= MLME_STATE_MACHINE_REJECT
;
1263 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_ASSOC_CONF
, 2, &Status
);
1266 VOID
InvalidStateWhenReassoc(
1267 IN PRTMP_ADAPTER pAd
,
1268 IN MLME_QUEUE_ELEM
*Elem
)
1271 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - InvalidStateWhenReassoc(state=%ld), reset ASSOC state machine\n",
1272 pAd
->Mlme
.AssocMachine
.CurrState
));
1273 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1274 Status
= MLME_STATE_MACHINE_REJECT
;
1275 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_REASSOC_CONF
, 2, &Status
);
1278 VOID
InvalidStateWhenDisassociate(
1279 IN PRTMP_ADAPTER pAd
,
1280 IN MLME_QUEUE_ELEM
*Elem
)
1283 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - InvalidStateWhenDisassoc(state=%ld), reset ASSOC state machine\n",
1284 pAd
->Mlme
.AssocMachine
.CurrState
));
1285 pAd
->Mlme
.AssocMachine
.CurrState
= ASSOC_IDLE
;
1286 Status
= MLME_STATE_MACHINE_REJECT
;
1287 MlmeEnqueue(pAd
, MLME_CNTL_STATE_MACHINE
, MT2_DISASSOC_CONF
, 2, &Status
);
1291 ==========================================================================
1293 right part of IEEE 802.11/1999 page 374
1295 This event should never cause ASSOC state machine perform state
1296 transition, and has no relationship with CNTL machine. So we separate
1297 this routine as a service outside of ASSOC state transition table.
1299 IRQL = DISPATCH_LEVEL
1301 ==========================================================================
1304 IN PRTMP_ADAPTER pAd
,
1307 HEADER_802_11 DisassocHdr
;
1308 PHEADER_802_11 pDisassocHdr
;
1309 PUCHAR pOutBuffer
= NULL
;
1311 NDIS_STATUS NStatus
;
1312 USHORT Reason
= REASON_CLS3ERR
;
1314 NStatus
= MlmeAllocateMemory(pAd
, &pOutBuffer
); //Get an unused nonpaged memory
1315 if (NStatus
!= NDIS_STATUS_SUCCESS
)
1318 DBGPRINT(RT_DEBUG_TRACE
, ("ASSOC - Class 3 Error, Send DISASSOC frame\n"));
1319 MgtMacHeaderInit(pAd
, &DisassocHdr
, SUBTYPE_DISASSOC
, 0, pAddr
, pAd
->CommonCfg
.Bssid
); // patch peap ttls switching issue
1320 MakeOutgoingFrame(pOutBuffer
, &FrameLen
,
1321 sizeof(HEADER_802_11
),&DisassocHdr
,
1324 MiniportMMRequest(pAd
, 0, pOutBuffer
, FrameLen
);
1326 // To patch Instance and Buffalo(N) AP
1327 // Driver has to send deauth to Instance AP, but Buffalo(N) needs to send disassoc to reset Authenticator's state machine
1328 // Therefore, we send both of them.
1329 pDisassocHdr
= (PHEADER_802_11
)pOutBuffer
;
1330 pDisassocHdr
->FC
.SubType
= SUBTYPE_DEAUTH
;
1331 MiniportMMRequest(pAd
, 0, pOutBuffer
, FrameLen
);
1333 MlmeFreeMemory(pAd
, pOutBuffer
);
1335 pAd
->StaCfg
.DisassocReason
= REASON_CLS3ERR
;
1336 COPY_MAC_ADDR(pAd
->StaCfg
.DisassocSta
, pAddr
);
1340 ==========================================================================
1342 Switch between WEP and CKIP upon new association up.
1345 IRQL = DISPATCH_LEVEL
1347 ==========================================================================
1349 VOID
SwitchBetweenWepAndCkip(
1350 IN PRTMP_ADAPTER pAd
)
1353 SHAREDKEY_MODE_STRUC csr1
;
1355 // if KP is required. change the CipherAlg in hardware shard key table from WEP
1356 // to CKIP. else remain as WEP
1357 if (pAd
->StaCfg
.bCkipOn
&& (pAd
->StaCfg
.CkipFlag
& 0x10))
1359 // modify hardware key table so that MAC use correct algorithm to decrypt RX
1360 RTMP_IO_READ32(pAd
, SHARED_KEY_MODE_BASE
, &csr1
.word
);
1361 if (csr1
.field
.Bss0Key0CipherAlg
== CIPHER_WEP64
)
1362 csr1
.field
.Bss0Key0CipherAlg
= CIPHER_CKIP64
;
1363 else if (csr1
.field
.Bss0Key0CipherAlg
== CIPHER_WEP128
)
1364 csr1
.field
.Bss0Key0CipherAlg
= CIPHER_CKIP128
;
1366 if (csr1
.field
.Bss0Key1CipherAlg
== CIPHER_WEP64
)
1367 csr1
.field
.Bss0Key1CipherAlg
= CIPHER_CKIP64
;
1368 else if (csr1
.field
.Bss0Key1CipherAlg
== CIPHER_WEP128
)
1369 csr1
.field
.Bss0Key1CipherAlg
= CIPHER_CKIP128
;
1371 if (csr1
.field
.Bss0Key2CipherAlg
== CIPHER_WEP64
)
1372 csr1
.field
.Bss0Key2CipherAlg
= CIPHER_CKIP64
;
1373 else if (csr1
.field
.Bss0Key2CipherAlg
== CIPHER_WEP128
)
1374 csr1
.field
.Bss0Key2CipherAlg
= CIPHER_CKIP128
;
1376 if (csr1
.field
.Bss0Key3CipherAlg
== CIPHER_WEP64
)
1377 csr1
.field
.Bss0Key3CipherAlg
= CIPHER_CKIP64
;
1378 else if (csr1
.field
.Bss0Key3CipherAlg
== CIPHER_WEP128
)
1379 csr1
.field
.Bss0Key3CipherAlg
= CIPHER_CKIP128
;
1380 RTMP_IO_WRITE32(pAd
, SHARED_KEY_MODE_BASE
, csr1
.word
);
1381 DBGPRINT(RT_DEBUG_TRACE
, ("SwitchBetweenWepAndCkip: modify BSS0 cipher to %s\n", CipherName
[csr1
.field
.Bss0Key0CipherAlg
]));
1383 // modify software key table so that driver can specify correct algorithm in TXD upon TX
1384 for (i
=0; i
<SHARE_KEY_NUM
; i
++)
1386 if (pAd
->SharedKey
[BSS0
][i
].CipherAlg
== CIPHER_WEP64
)
1387 pAd
->SharedKey
[BSS0
][i
].CipherAlg
= CIPHER_CKIP64
;
1388 else if (pAd
->SharedKey
[BSS0
][i
].CipherAlg
== CIPHER_WEP128
)
1389 pAd
->SharedKey
[BSS0
][i
].CipherAlg
= CIPHER_CKIP128
;
1393 // else if KP NOT inused. change the CipherAlg in hardware shard key table from CKIP
1397 // modify hardware key table so that MAC use correct algorithm to decrypt RX
1398 RTMP_IO_READ32(pAd
, SHARED_KEY_MODE_BASE
, &csr1
.word
);
1399 if (csr1
.field
.Bss0Key0CipherAlg
== CIPHER_CKIP64
)
1400 csr1
.field
.Bss0Key0CipherAlg
= CIPHER_WEP64
;
1401 else if (csr1
.field
.Bss0Key0CipherAlg
== CIPHER_CKIP128
)
1402 csr1
.field
.Bss0Key0CipherAlg
= CIPHER_WEP128
;
1404 if (csr1
.field
.Bss0Key1CipherAlg
== CIPHER_CKIP64
)
1405 csr1
.field
.Bss0Key1CipherAlg
= CIPHER_WEP64
;
1406 else if (csr1
.field
.Bss0Key1CipherAlg
== CIPHER_CKIP128
)
1407 csr1
.field
.Bss0Key1CipherAlg
= CIPHER_WEP128
;
1409 if (csr1
.field
.Bss0Key2CipherAlg
== CIPHER_CKIP64
)
1410 csr1
.field
.Bss0Key2CipherAlg
= CIPHER_WEP64
;
1411 else if (csr1
.field
.Bss0Key2CipherAlg
== CIPHER_CKIP128
)
1412 csr1
.field
.Bss0Key2CipherAlg
= CIPHER_WEP128
;
1414 if (csr1
.field
.Bss0Key3CipherAlg
== CIPHER_CKIP64
)
1415 csr1
.field
.Bss0Key3CipherAlg
= CIPHER_WEP64
;
1416 else if (csr1
.field
.Bss0Key3CipherAlg
== CIPHER_CKIP128
)
1417 csr1
.field
.Bss0Key3CipherAlg
= CIPHER_WEP128
;
1419 // modify software key table so that driver can specify correct algorithm in TXD upon TX
1420 for (i
=0; i
<SHARE_KEY_NUM
; i
++)
1422 if (pAd
->SharedKey
[BSS0
][i
].CipherAlg
== CIPHER_CKIP64
)
1423 pAd
->SharedKey
[BSS0
][i
].CipherAlg
= CIPHER_WEP64
;
1424 else if (pAd
->SharedKey
[BSS0
][i
].CipherAlg
== CIPHER_CKIP128
)
1425 pAd
->SharedKey
[BSS0
][i
].CipherAlg
= CIPHER_WEP128
;
1429 // On WPA-NONE, must update CipherAlg.
1430 // Because the OID_802_11_WEP_STATUS was been set after OID_802_11_ADD_KEY
1431 // and CipherAlg will be CIPHER_NONE by Windows ZeroConfig.
1432 // So we need to update CipherAlg after connect.
1434 if (pAd
->StaCfg
.AuthMode
== Ndis802_11AuthModeWPANone
)
1436 for (i
= 0; i
< SHARE_KEY_NUM
; i
++)
1438 if (pAd
->SharedKey
[BSS0
][i
].KeyLen
!= 0)
1440 if (pAd
->StaCfg
.WepStatus
== Ndis802_11Encryption2Enabled
)
1442 pAd
->SharedKey
[BSS0
][i
].CipherAlg
= CIPHER_TKIP
;
1444 else if (pAd
->StaCfg
.WepStatus
== Ndis802_11Encryption3Enabled
)
1446 pAd
->SharedKey
[BSS0
][i
].CipherAlg
= CIPHER_AES
;
1451 pAd
->SharedKey
[BSS0
][i
].CipherAlg
= CIPHER_NONE
;
1455 csr1
.field
.Bss0Key0CipherAlg
= pAd
->SharedKey
[BSS0
][0].CipherAlg
;
1456 csr1
.field
.Bss0Key1CipherAlg
= pAd
->SharedKey
[BSS0
][1].CipherAlg
;
1457 csr1
.field
.Bss0Key2CipherAlg
= pAd
->SharedKey
[BSS0
][2].CipherAlg
;
1458 csr1
.field
.Bss0Key3CipherAlg
= pAd
->SharedKey
[BSS0
][3].CipherAlg
;
1460 RTMP_IO_WRITE32(pAd
, SHARED_KEY_MODE_BASE
, csr1
.word
);
1461 DBGPRINT(RT_DEBUG_TRACE
, ("SwitchBetweenWepAndCkip: modify BSS0 cipher to %s\n", CipherName
[csr1
.field
.Bss0Key0CipherAlg
]));
1465 int wext_notify_event_assoc(
1466 IN RTMP_ADAPTER
*pAd
)
1468 union iwreq_data wrqu
;
1469 char custom
[IW_CUSTOM_MAX
] = {0};
1471 #if WIRELESS_EXT > 17
1472 if (pAd
->StaCfg
.ReqVarIELen
<= IW_CUSTOM_MAX
)
1474 wrqu
.data
.length
= pAd
->StaCfg
.ReqVarIELen
;
1475 memcpy(custom
, pAd
->StaCfg
.ReqVarIEs
, pAd
->StaCfg
.ReqVarIELen
);
1476 wireless_send_event(pAd
->net_dev
, IWEVASSOCREQIE
, &wrqu
, custom
);
1479 DBGPRINT(RT_DEBUG_TRACE
, ("pAd->StaCfg.ReqVarIELen > MAX_CUSTOM_LEN\n"));
1481 if (((pAd
->StaCfg
.ReqVarIELen
*2) + 17) <= IW_CUSTOM_MAX
)
1484 wrqu
.data
.length
= (pAd
->StaCfg
.ReqVarIELen
*2) + 17;
1485 sprintf(custom
, "ASSOCINFO(ReqIEs=");
1486 for (idx
=0; idx
<pAd
->StaCfg
.ReqVarIELen
; idx
++)
1487 sprintf(custom
+ strlen(custom
), "%02x", pAd
->StaCfg
.ReqVarIEs
[idx
]);
1488 wireless_send_event(pAd
->net_dev
, IWEVCUSTOM
, &wrqu
, custom
);
1491 DBGPRINT(RT_DEBUG_TRACE
, ("(pAd->StaCfg.ReqVarIELen*2) + 17 > MAX_CUSTOM_LEN\n"));