2 *************************************************************************
4 * 5F., No.36, Taiyuan St., Jhubei City,
8 * (c) Copyright 2002-2007, Ralink Technology, Inc.
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
15 * This program is distributed in the hope that it will be useful, *
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
18 * GNU General Public License for more details. *
20 * You should have received a copy of the GNU General Public License *
21 * along with this program; if not, write to the *
22 * Free Software Foundation, Inc., *
23 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 *************************************************************************
34 -------- ---------- ----------------------------------------------
35 John 2004-9-3 porting from RT2500
37 #include "../rt_config.h"
39 UCHAR CipherWpaTemplate[] = {
42 0x00, 0x50, 0xf2, 0x01, // oui
43 0x01, 0x00, // Version
44 0x00, 0x50, 0xf2, 0x02, // Multicast
45 0x01, 0x00, // Number of unicast
46 0x00, 0x50, 0xf2, 0x02, // unicast
47 0x01, 0x00, // number of authentication method
48 0x00, 0x50, 0xf2, 0x01 // authentication
51 UCHAR CipherWpa2Template[] = {
54 0x01, 0x00, // Version
55 0x00, 0x0f, 0xac, 0x02, // group cipher, TKIP
56 0x01, 0x00, // number of pairwise
57 0x00, 0x0f, 0xac, 0x02, // unicast
58 0x01, 0x00, // number of authentication method
59 0x00, 0x0f, 0xac, 0x02, // authentication
60 0x00, 0x00, // RSN capability
63 UCHAR Ccx2IeInfo[] = { 0x00, 0x40, 0x96, 0x03, 0x02};
66 ==========================================================================
68 association state machine init, including state transition and timer init
70 S - pointer to the association state machine
74 ==========================================================================
76 VOID AssocStateMachineInit(
79 OUT STATE_MACHINE_FUNC Trans[])
81 StateMachineInit(S, Trans, MAX_ASSOC_STATE, MAX_ASSOC_MSG, (STATE_MACHINE_FUNC)Drop, ASSOC_IDLE, ASSOC_MACHINE_BASE);
84 StateMachineSetAction(S, ASSOC_IDLE, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)MlmeAssocReqAction);
85 StateMachineSetAction(S, ASSOC_IDLE, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)MlmeReassocReqAction);
86 StateMachineSetAction(S, ASSOC_IDLE, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)MlmeDisassocReqAction);
87 StateMachineSetAction(S, ASSOC_IDLE, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
90 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAssoc);
91 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenReassoc);
92 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenDisassociate);
93 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
94 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_PEER_ASSOC_RSP, (STATE_MACHINE_FUNC)PeerAssocRspAction);
96 // Patch 3Com AP MOde:3CRWE454G72
97 // We send Assoc request frame to this AP, it always send Reassoc Rsp not Associate Rsp.
99 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_PEER_REASSOC_RSP, (STATE_MACHINE_FUNC)PeerAssocRspAction);
100 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_ASSOC_TIMEOUT, (STATE_MACHINE_FUNC)AssocTimeoutAction);
103 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAssoc);
104 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenReassoc);
105 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenDisassociate);
106 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
107 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_PEER_REASSOC_RSP, (STATE_MACHINE_FUNC)PeerReassocRspAction);
109 // Patch, AP doesn't send Reassociate Rsp frame to Station.
111 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_PEER_ASSOC_RSP, (STATE_MACHINE_FUNC)PeerReassocRspAction);
112 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_REASSOC_TIMEOUT, (STATE_MACHINE_FUNC)ReassocTimeoutAction);
115 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAssoc);
116 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenReassoc);
117 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenDisassociate);
118 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
119 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_DISASSOC_TIMEOUT, (STATE_MACHINE_FUNC)DisassocTimeoutAction);
121 // initialize the timer
122 RTMPInitTimer(pAd, &pAd->MlmeAux.AssocTimer, GET_TIMER_FUNCTION(AssocTimeout), pAd, FALSE);
123 RTMPInitTimer(pAd, &pAd->MlmeAux.ReassocTimer, GET_TIMER_FUNCTION(ReassocTimeout), pAd, FALSE);
124 RTMPInitTimer(pAd, &pAd->MlmeAux.DisassocTimer, GET_TIMER_FUNCTION(DisassocTimeout), pAd, FALSE);
128 ==========================================================================
130 Association timeout procedure. After association timeout, this function
131 will be called and it will put a message into the MLME queue
133 Standard timer parameters
135 IRQL = DISPATCH_LEVEL
137 ==========================================================================
139 VOID AssocTimeout(IN PVOID SystemSpecific1,
140 IN PVOID FunctionContext,
141 IN PVOID SystemSpecific2,
142 IN PVOID SystemSpecific3)
144 RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
146 // Do nothing if the driver is starting halt state.
147 // This might happen when timer already been fired before cancel timer with mlmehalt
148 if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
151 MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_ASSOC_TIMEOUT, 0, NULL);
152 RT28XX_MLME_HANDLER(pAd);
156 ==========================================================================
158 Reassociation timeout procedure. After reassociation timeout, this
159 function will be called and put a message into the MLME queue
161 Standard timer parameters
163 IRQL = DISPATCH_LEVEL
165 ==========================================================================
167 VOID ReassocTimeout(IN PVOID SystemSpecific1,
168 IN PVOID FunctionContext,
169 IN PVOID SystemSpecific2,
170 IN PVOID SystemSpecific3)
172 RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
174 // Do nothing if the driver is starting halt state.
175 // This might happen when timer already been fired before cancel timer with mlmehalt
176 if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
179 MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_REASSOC_TIMEOUT, 0, NULL);
180 RT28XX_MLME_HANDLER(pAd);
184 ==========================================================================
186 Disassociation timeout procedure. After disassociation timeout, this
187 function will be called and put a message into the MLME queue
189 Standard timer parameters
191 IRQL = DISPATCH_LEVEL
193 ==========================================================================
195 VOID DisassocTimeout(IN PVOID SystemSpecific1,
196 IN PVOID FunctionContext,
197 IN PVOID SystemSpecific2,
198 IN PVOID SystemSpecific3)
200 RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
202 // Do nothing if the driver is starting halt state.
203 // This might happen when timer already been fired before cancel timer with mlmehalt
204 if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
207 MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_DISASSOC_TIMEOUT, 0, NULL);
208 RT28XX_MLME_HANDLER(pAd);
212 ==========================================================================
214 mlme assoc req handling procedure
216 Adapter - Adapter pointer
217 Elem - MLME Queue Element
219 the station has been authenticated and the following information is stored in the config
221 -# supported rates and their length
222 -# listen interval (Adapter->StaCfg.default_listen_count)
223 -# Transmit power (Adapter->StaCfg.tx_power)
225 -# An association request frame is generated and sent to the air
226 -# Association timer starts
227 -# Association state -> ASSOC_WAIT_RSP
229 IRQL = DISPATCH_LEVEL
231 ==========================================================================
233 VOID MlmeAssocReqAction(
234 IN PRTMP_ADAPTER pAd,
235 IN MLME_QUEUE_ELEM *Elem)
238 HEADER_802_11 AssocHdr;
240 UCHAR WmeIe[9] = {IE_VENDOR_SPECIFIC, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00};
243 USHORT CapabilityInfo;
244 BOOLEAN TimerCancelled;
245 PUCHAR pOutBuffer = NULL;
251 UCHAR CkipNegotiationBuffer[CKIP_NEGOTIATION_LENGTH];
252 UCHAR AironetCkipIe = IE_AIRONET_CKIP;
253 UCHAR AironetCkipLen = CKIP_NEGOTIATION_LENGTH;
254 UCHAR AironetIPAddressIE = IE_AIRONET_IPADDRESS;
255 UCHAR AironetIPAddressLen = AIRONET_IPADDRESS_LENGTH;
256 UCHAR AironetIPAddressBuffer[AIRONET_IPADDRESS_LENGTH] = {0x00, 0x40, 0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00};
259 // Block all authentication request durning WPA block period
260 if (pAd->StaCfg.bBlockAssoc == TRUE)
262 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Block Assoc request durning WPA block period!\n"));
263 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
264 Status = MLME_STATE_MACHINE_REJECT;
265 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
267 // check sanity first
268 else if (MlmeAssocReqSanity(pAd, Elem->Msg, Elem->MsgLen, ApAddr, &CapabilityInfo, &Timeout, &ListenIntv))
270 RTMPCancelTimer(&pAd->MlmeAux.AssocTimer, &TimerCancelled);
271 COPY_MAC_ADDR(pAd->MlmeAux.Bssid, ApAddr);
273 // Get an unused nonpaged memory
274 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);
275 if (NStatus != NDIS_STATUS_SUCCESS)
277 DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeAssocReqAction() allocate memory failed \n"));
278 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
279 Status = MLME_FAIL_NO_RESOURCE;
280 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
284 // Add by James 03/06/27
285 pAd->StaCfg.AssocInfo.Length = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
286 // Association don't need to report MAC address
287 pAd->StaCfg.AssocInfo.AvailableRequestFixedIEs =
288 NDIS_802_11_AI_REQFI_CAPABILITIES | NDIS_802_11_AI_REQFI_LISTENINTERVAL;
289 pAd->StaCfg.AssocInfo.RequestFixedIEs.Capabilities = CapabilityInfo;
290 pAd->StaCfg.AssocInfo.RequestFixedIEs.ListenInterval = ListenIntv;
291 // Only reassociate need this
292 //COPY_MAC_ADDR(pAd->StaCfg.AssocInfo.RequestFixedIEs.CurrentAPAddress, ApAddr);
293 pAd->StaCfg.AssocInfo.OffsetRequestIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
295 NdisZeroMemory(pAd->StaCfg.ReqVarIEs, MAX_VIE_LEN);
298 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &SsidIe, 1);
300 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &pAd->MlmeAux.SsidLen, 1);
302 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen);
303 VarIesOffset += pAd->MlmeAux.SsidLen;
305 // Second add Supported rates
306 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &SupRateIe, 1);
308 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &pAd->MlmeAux.SupRateLen, 1);
310 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, pAd->MlmeAux.SupRate, pAd->MlmeAux.SupRateLen);
311 VarIesOffset += pAd->MlmeAux.SupRateLen;
314 if ((pAd->CommonCfg.Channel > 14) &&
315 (pAd->CommonCfg.bIEEE80211H == TRUE))
316 CapabilityInfo |= 0x0100;
318 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Send ASSOC request...\n"));
319 MgtMacHeaderInit(pAd, &AssocHdr, SUBTYPE_ASSOC_REQ, 0, ApAddr, ApAddr);
321 // Build basic frame first
322 MakeOutgoingFrame(pOutBuffer, &FrameLen,
323 sizeof(HEADER_802_11), &AssocHdr,
327 1, &pAd->MlmeAux.SsidLen,
328 pAd->MlmeAux.SsidLen, pAd->MlmeAux.Ssid,
330 1, &pAd->MlmeAux.SupRateLen,
331 pAd->MlmeAux.SupRateLen, pAd->MlmeAux.SupRate,
334 if (pAd->MlmeAux.ExtRateLen != 0)
336 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
338 1, &pAd->MlmeAux.ExtRateLen,
339 pAd->MlmeAux.ExtRateLen, pAd->MlmeAux.ExtRate,
345 if ((pAd->MlmeAux.HtCapabilityLen > 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
349 UCHAR BROADCOM[4] = {0x0, 0x90, 0x4c, 0x33};
350 if (pAd->StaActive.SupportedPhyInfo.bPreNHt == TRUE)
352 HtLen = SIZE_HT_CAP_IE + 4;
353 MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
357 pAd->MlmeAux.HtCapabilityLen, &pAd->MlmeAux.HtCapability,
362 MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
364 1, &pAd->MlmeAux.HtCapabilityLen,
365 pAd->MlmeAux.HtCapabilityLen, &pAd->MlmeAux.HtCapability,
371 // add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION
372 // Case I: (Aggregation + Piggy-Back)
373 // 1. user enable aggregation, AND
374 // 2. Mac support piggy-back
375 // 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON
376 // Case II: (Aggregation)
377 // 1. user enable aggregation, AND
378 // 2. AP annouces it's AGGREGATION-capable in BEACON
379 if (pAd->CommonCfg.bAggregationCapable)
381 if ((pAd->CommonCfg.bPiggyBackCapable) && ((pAd->MlmeAux.APRalinkIe & 0x00000003) == 3))
384 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00};
385 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
390 else if (pAd->MlmeAux.APRalinkIe & 0x00000001)
393 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00};
394 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
403 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x06, 0x00, 0x00, 0x00};
404 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
410 if (pAd->MlmeAux.APEdcaParm.bValid)
412 if (pAd->CommonCfg.bAPSDCapable && pAd->MlmeAux.APEdcaParm.bAPSDCapable)
414 QBSS_STA_INFO_PARM QosInfo;
416 NdisZeroMemory(&QosInfo, sizeof(QBSS_STA_INFO_PARM));
417 QosInfo.UAPSD_AC_BE = pAd->CommonCfg.bAPSDAC_BE;
418 QosInfo.UAPSD_AC_BK = pAd->CommonCfg.bAPSDAC_BK;
419 QosInfo.UAPSD_AC_VI = pAd->CommonCfg.bAPSDAC_VI;
420 QosInfo.UAPSD_AC_VO = pAd->CommonCfg.bAPSDAC_VO;
421 QosInfo.MaxSPLength = pAd->CommonCfg.MaxSPLength;
422 WmeIe[8] |= *(PUCHAR)&QosInfo;
426 // The Parameter Set Count is set to ¡§0¡¨ in the association request frames
427 // WmeIe[8] |= (pAd->MlmeAux.APEdcaParm.EdcaUpdateCount & 0x0f);
430 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
437 // Let WPA(#221) Element ID on the end of this association frame.
438 // Otherwise some AP will fail on parsing Element ID and set status fail on Assoc Rsp.
439 // For example: Put Vendor Specific IE on the front of WPA IE.
440 // This happens on AP (Model No:Linksys WRK54G)
442 if (((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK) ||
443 (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK) ||
444 (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA) ||
445 (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2)
449 UCHAR RSNIe = IE_WPA;
451 if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK) ||
452 (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2))
457 RTMPMakeRSNIE(pAd, pAd->StaCfg.AuthMode, pAd->StaCfg.WepStatus, BSS0);
459 // Check for WPA PMK cache list
460 if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2)
463 BOOLEAN FoundPMK = FALSE;
464 // Search chched PMKID, append it if existed
465 for (idx = 0; idx < PMKID_NO; idx++)
467 if (NdisEqualMemory(ApAddr, &pAd->StaCfg.SavedPMK[idx].BSSID, 6))
477 *(PUSHORT) &pAd->StaCfg.RSN_IE[pAd->StaCfg.RSNIE_Len] = 1;
478 NdisMoveMemory(&pAd->StaCfg.RSN_IE[pAd->StaCfg.RSNIE_Len + 2], &pAd->StaCfg.SavedPMK[idx].PMKID, 16);
479 pAd->StaCfg.RSNIE_Len += 18;
484 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
486 1, &pAd->StaCfg.RSNIE_Len,
487 pAd->StaCfg.RSNIE_Len, pAd->StaCfg.RSN_IE,
494 // Append Variable IE
495 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &RSNIe, 1);
497 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &pAd->StaCfg.RSNIE_Len, 1);
500 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, pAd->StaCfg.RSN_IE, pAd->StaCfg.RSNIE_Len);
501 VarIesOffset += pAd->StaCfg.RSNIE_Len;
503 // Set Variable IEs Length
504 pAd->StaCfg.ReqVarIELen = VarIesOffset;
507 // We have update that at PeerBeaconAtJoinRequest()
508 CkipFlag = pAd->StaCfg.CkipFlag;
511 NdisZeroMemory(CkipNegotiationBuffer, CKIP_NEGOTIATION_LENGTH);
512 CkipNegotiationBuffer[2] = 0x66;
513 // Make it try KP & MIC, since we have to follow the result from AssocRsp
514 CkipNegotiationBuffer[8] = 0x18;
515 CkipNegotiationBuffer[CKIP_NEGOTIATION_LENGTH - 1] = 0x22;
518 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
521 AironetCkipLen, CkipNegotiationBuffer,
526 // Add CCX v2 request if CCX2 admin state is on
527 if (pAd->StaCfg.CCXControl.field.Enable == 1)
531 // Add AironetIPAddressIE for Cisco CCX 2.X
534 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
535 1, &AironetIPAddressIE,
536 1, &AironetIPAddressLen,
537 AironetIPAddressLen, AironetIPAddressBuffer,
544 // Add by James 03/06/27
545 // Set Variable IEs Length
546 pAd->StaCfg.ReqVarIELen = VarIesOffset;
547 pAd->StaCfg.AssocInfo.RequestIELength = VarIesOffset;
549 // OffsetResponseIEs follow ReqVarIE
550 pAd->StaCfg.AssocInfo.OffsetResponseIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION) + pAd->StaCfg.ReqVarIELen;
555 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
556 MlmeFreeMemory(pAd, pOutBuffer);
558 RTMPSetTimer(&pAd->MlmeAux.AssocTimer, Timeout);
559 pAd->Mlme.AssocMachine.CurrState = ASSOC_WAIT_RSP;
563 DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeAssocReqAction() sanity check failed. BUG!!!!!! \n"));
564 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
565 Status = MLME_INVALID_FORMAT;
566 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
572 ==========================================================================
574 mlme reassoc req handling procedure
578 -# SSID (Adapter->StaCfg.ssid[])
579 -# BSSID (AP address, Adapter->StaCfg.bssid)
580 -# Supported rates (Adapter->StaCfg.supported_rates[])
581 -# Supported rates length (Adapter->StaCfg.supported_rates_len)
582 -# Tx power (Adapter->StaCfg.tx_power)
584 IRQL = DISPATCH_LEVEL
586 ==========================================================================
588 VOID MlmeReassocReqAction(
589 IN PRTMP_ADAPTER pAd,
590 IN MLME_QUEUE_ELEM *Elem)
593 HEADER_802_11 ReassocHdr;
595 UCHAR WmeIe[9] = {IE_VENDOR_SPECIFIC, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00};
596 USHORT CapabilityInfo, ListenIntv;
599 BOOLEAN TimerCancelled;
602 PUCHAR pOutBuffer = NULL;
605 // Block all authentication request durning WPA block period
606 if (pAd->StaCfg.bBlockAssoc == TRUE)
608 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Block ReAssoc request durning WPA block period!\n"));
609 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
610 Status = MLME_STATE_MACHINE_REJECT;
611 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
613 // the parameters are the same as the association
614 else if(MlmeAssocReqSanity(pAd, Elem->Msg, Elem->MsgLen, ApAddr, &CapabilityInfo, &Timeout, &ListenIntv))
616 RTMPCancelTimer(&pAd->MlmeAux.ReassocTimer, &TimerCancelled);
618 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); //Get an unused nonpaged memory
619 if(NStatus != NDIS_STATUS_SUCCESS)
621 DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeReassocReqAction() allocate memory failed \n"));
622 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
623 Status = MLME_FAIL_NO_RESOURCE;
624 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
628 COPY_MAC_ADDR(pAd->MlmeAux.Bssid, ApAddr);
630 // make frame, use bssid as the AP address??
631 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Send RE-ASSOC request...\n"));
632 MgtMacHeaderInit(pAd, &ReassocHdr, SUBTYPE_REASSOC_REQ, 0, ApAddr, ApAddr);
633 MakeOutgoingFrame(pOutBuffer, &FrameLen,
634 sizeof(HEADER_802_11), &ReassocHdr,
637 MAC_ADDR_LEN, ApAddr,
639 1, &pAd->MlmeAux.SsidLen,
640 pAd->MlmeAux.SsidLen, pAd->MlmeAux.Ssid,
642 1, &pAd->MlmeAux.SupRateLen,
643 pAd->MlmeAux.SupRateLen, pAd->MlmeAux.SupRate,
646 if (pAd->MlmeAux.ExtRateLen != 0)
648 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
650 1, &pAd->MlmeAux.ExtRateLen,
651 pAd->MlmeAux.ExtRateLen, pAd->MlmeAux.ExtRate,
656 if (pAd->MlmeAux.APEdcaParm.bValid)
658 if (pAd->CommonCfg.bAPSDCapable && pAd->MlmeAux.APEdcaParm.bAPSDCapable)
660 QBSS_STA_INFO_PARM QosInfo;
662 NdisZeroMemory(&QosInfo, sizeof(QBSS_STA_INFO_PARM));
663 QosInfo.UAPSD_AC_BE = pAd->CommonCfg.bAPSDAC_BE;
664 QosInfo.UAPSD_AC_BK = pAd->CommonCfg.bAPSDAC_BK;
665 QosInfo.UAPSD_AC_VI = pAd->CommonCfg.bAPSDAC_VI;
666 QosInfo.UAPSD_AC_VO = pAd->CommonCfg.bAPSDAC_VO;
667 QosInfo.MaxSPLength = pAd->CommonCfg.MaxSPLength;
668 WmeIe[8] |= *(PUCHAR)&QosInfo;
671 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
678 if ((pAd->MlmeAux.HtCapabilityLen > 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
682 UCHAR BROADCOM[4] = {0x0, 0x90, 0x4c, 0x33};
683 if (pAd->StaActive.SupportedPhyInfo.bPreNHt == TRUE)
685 HtLen = SIZE_HT_CAP_IE + 4;
686 MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
690 pAd->MlmeAux.HtCapabilityLen, &pAd->MlmeAux.HtCapability,
695 MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
697 1, &pAd->MlmeAux.HtCapabilityLen,
698 pAd->MlmeAux.HtCapabilityLen, &pAd->MlmeAux.HtCapability,
704 // add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION
705 // Case I: (Aggregation + Piggy-Back)
706 // 1. user enable aggregation, AND
707 // 2. Mac support piggy-back
708 // 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON
709 // Case II: (Aggregation)
710 // 1. user enable aggregation, AND
711 // 2. AP annouces it's AGGREGATION-capable in BEACON
712 if (pAd->CommonCfg.bAggregationCapable)
714 if ((pAd->CommonCfg.bPiggyBackCapable) && ((pAd->MlmeAux.APRalinkIe & 0x00000003) == 3))
717 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00};
718 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
723 else if (pAd->MlmeAux.APRalinkIe & 0x00000001)
726 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00};
727 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
736 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x04, 0x00, 0x00, 0x00};
737 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
743 // Add CCX v2 request if CCX2 admin state is on
744 if (pAd->StaCfg.CCXControl.field.Enable == 1)
749 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
757 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
758 MlmeFreeMemory(pAd, pOutBuffer);
760 RTMPSetTimer(&pAd->MlmeAux.ReassocTimer, Timeout); /* in mSec */
761 pAd->Mlme.AssocMachine.CurrState = REASSOC_WAIT_RSP;
765 DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeReassocReqAction() sanity check failed. BUG!!!! \n"));
766 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
767 Status = MLME_INVALID_FORMAT;
768 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
773 ==========================================================================
775 Upper layer issues disassoc request
781 ==========================================================================
783 VOID MlmeDisassocReqAction(
784 IN PRTMP_ADAPTER pAd,
785 IN MLME_QUEUE_ELEM *Elem)
787 PMLME_DISASSOC_REQ_STRUCT pDisassocReq;
788 HEADER_802_11 DisassocHdr;
789 PHEADER_802_11 pDisassocHdr;
790 PUCHAR pOutBuffer = NULL;
793 BOOLEAN TimerCancelled;
798 pDisassocReq = (PMLME_DISASSOC_REQ_STRUCT)(Elem->Msg);
800 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); //Get an unused nonpaged memory
801 if (NStatus != NDIS_STATUS_SUCCESS)
803 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - MlmeDisassocReqAction() allocate memory failed\n"));
804 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
805 Status = MLME_FAIL_NO_RESOURCE;
806 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DISASSOC_CONF, 2, &Status);
812 RTMPCancelTimer(&pAd->MlmeAux.DisassocTimer, &TimerCancelled);
814 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Send DISASSOC request[BSSID::%02x:%02x:%02x:%02x:%02x:%02x (Reason=%d)\n",
815 pDisassocReq->Addr[0], pDisassocReq->Addr[1], pDisassocReq->Addr[2],
816 pDisassocReq->Addr[3], pDisassocReq->Addr[4], pDisassocReq->Addr[5], pDisassocReq->Reason));
817 MgtMacHeaderInit(pAd, &DisassocHdr, SUBTYPE_DISASSOC, 0, pDisassocReq->Addr, pDisassocReq->Addr); // patch peap ttls switching issue
818 MakeOutgoingFrame(pOutBuffer, &FrameLen,
819 sizeof(HEADER_802_11),&DisassocHdr,
820 2, &pDisassocReq->Reason,
822 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
824 // To patch Instance and Buffalo(N) AP
825 // Driver has to send deauth to Instance AP, but Buffalo(N) needs to send disassoc to reset Authenticator's state machine
826 // Therefore, we send both of them.
827 pDisassocHdr = (PHEADER_802_11)pOutBuffer;
828 pDisassocHdr->FC.SubType = SUBTYPE_DEAUTH;
829 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
831 MlmeFreeMemory(pAd, pOutBuffer);
833 pAd->StaCfg.DisassocReason = REASON_DISASSOC_STA_LEAVING;
834 COPY_MAC_ADDR(pAd->StaCfg.DisassocSta, pDisassocReq->Addr);
836 RTMPSetTimer(&pAd->MlmeAux.DisassocTimer, Timeout); /* in mSec */
837 pAd->Mlme.AssocMachine.CurrState = DISASSOC_WAIT_RSP;
840 union iwreq_data wrqu;
841 memset(wrqu.ap_addr.sa_data, 0, MAC_ADDR_LEN);
842 wireless_send_event(pAd->net_dev, SIOCGIWAP, &wrqu, NULL);
847 ==========================================================================
849 peer sends assoc rsp back
851 Elme - MLME message containing the received frame
853 IRQL = DISPATCH_LEVEL
855 ==========================================================================
857 VOID PeerAssocRspAction(
858 IN PRTMP_ADAPTER pAd,
859 IN MLME_QUEUE_ELEM *Elem)
861 USHORT CapabilityInfo, Status, Aid;
862 UCHAR SupRate[MAX_LEN_OF_SUPPORTED_RATES], SupRateLen;
863 UCHAR ExtRate[MAX_LEN_OF_SUPPORTED_RATES], ExtRateLen;
864 UCHAR Addr2[MAC_ADDR_LEN];
865 BOOLEAN TimerCancelled;
868 HT_CAPABILITY_IE HtCapability;
869 ADD_HT_INFO_IE AddHtInfo; // AP might use this additional ht info IE
870 UCHAR HtCapabilityLen;
872 UCHAR NewExtChannelOffset = 0xff;
874 if (PeerAssocRspSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &CapabilityInfo, &Status, &Aid, SupRate, &SupRateLen, ExtRate, &ExtRateLen,
875 &HtCapability,&AddHtInfo, &HtCapabilityLen,&AddHtInfoLen,&NewExtChannelOffset, &EdcaParm, &CkipFlag))
877 // The frame is for me ?
878 if(MAC_ADDR_EQUAL(Addr2, pAd->MlmeAux.Bssid))
880 DBGPRINT(RT_DEBUG_TRACE, ("PeerAssocRspAction():ASSOC - receive ASSOC_RSP to me (status=%d)\n", Status));
881 DBGPRINT(RT_DEBUG_TRACE, ("PeerAssocRspAction():MacTable [%d].AMsduSize = %d. ClientStatusFlags = 0x%lx \n",Elem->Wcid, pAd->MacTab.Content[BSSID_WCID].AMsduSize, pAd->MacTab.Content[BSSID_WCID].ClientStatusFlags));
882 RTMPCancelTimer(&pAd->MlmeAux.AssocTimer, &TimerCancelled);
883 if(Status == MLME_SUCCESS)
885 // go to procedure listed on page 376
886 AssocPostProc(pAd, Addr2, CapabilityInfo, Aid, SupRate, SupRateLen, ExtRate, ExtRateLen,
887 &EdcaParm, &HtCapability, HtCapabilityLen, &AddHtInfo);
890 union iwreq_data wrqu;
891 wext_notify_event_assoc(pAd);
893 memset(wrqu.ap_addr.sa_data, 0, MAC_ADDR_LEN);
894 memcpy(wrqu.ap_addr.sa_data, pAd->MlmeAux.Bssid, MAC_ADDR_LEN);
895 wireless_send_event(pAd->net_dev, SIOCGIWAP, &wrqu, NULL);
899 pAd->StaCfg.CkipFlag = CkipFlag;
902 NdisZeroMemory(pAd->StaCfg.TxSEQ, 4);
903 NdisZeroMemory(pAd->StaCfg.RxSEQ, 4);
904 NdisZeroMemory(pAd->StaCfg.CKIPMIC, 4);
905 pAd->StaCfg.GIV[0] = RandomByte(pAd);
906 pAd->StaCfg.GIV[1] = RandomByte(pAd);
907 pAd->StaCfg.GIV[2] = RandomByte(pAd);
908 pAd->StaCfg.bCkipOn = TRUE;
909 DBGPRINT(RT_DEBUG_TRACE, ("<CCX> pAd->StaCfg.CkipFlag = 0x%02x\n", pAd->StaCfg.CkipFlag));
915 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
916 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
921 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerAssocRspAction() sanity check fail\n"));
926 ==========================================================================
928 peer sends reassoc rsp
930 Elem - MLME message cntaining the received frame
932 IRQL = DISPATCH_LEVEL
934 ==========================================================================
936 VOID PeerReassocRspAction(
937 IN PRTMP_ADAPTER pAd,
938 IN MLME_QUEUE_ELEM *Elem)
940 USHORT CapabilityInfo;
943 UCHAR SupRate[MAX_LEN_OF_SUPPORTED_RATES], SupRateLen;
944 UCHAR ExtRate[MAX_LEN_OF_SUPPORTED_RATES], ExtRateLen;
945 UCHAR Addr2[MAC_ADDR_LEN];
947 BOOLEAN TimerCancelled;
949 HT_CAPABILITY_IE HtCapability;
950 ADD_HT_INFO_IE AddHtInfo; // AP might use this additional ht info IE
951 UCHAR HtCapabilityLen;
953 UCHAR NewExtChannelOffset = 0xff;
955 if(PeerAssocRspSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &CapabilityInfo, &Status, &Aid, SupRate, &SupRateLen, ExtRate, &ExtRateLen,
956 &HtCapability, &AddHtInfo, &HtCapabilityLen, &AddHtInfoLen,&NewExtChannelOffset, &EdcaParm, &CkipFlag))
958 if(MAC_ADDR_EQUAL(Addr2, pAd->MlmeAux.Bssid)) // The frame is for me ?
960 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - receive REASSOC_RSP to me (status=%d)\n", Status));
961 RTMPCancelTimer(&pAd->MlmeAux.ReassocTimer, &TimerCancelled);
963 if(Status == MLME_SUCCESS)
965 // go to procedure listed on page 376
966 AssocPostProc(pAd, Addr2, CapabilityInfo, Aid, SupRate, SupRateLen, ExtRate, ExtRateLen,
967 &EdcaParm, &HtCapability, HtCapabilityLen, &AddHtInfo);
970 union iwreq_data wrqu;
971 wext_notify_event_assoc(pAd);
973 memset(wrqu.ap_addr.sa_data, 0, MAC_ADDR_LEN);
974 memcpy(wrqu.ap_addr.sa_data, pAd->MlmeAux.Bssid, MAC_ADDR_LEN);
975 wireless_send_event(pAd->net_dev, SIOCGIWAP, &wrqu, NULL);
982 // CkipFlag is no use for reassociate
983 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
984 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
990 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerReassocRspAction() sanity check fail\n"));
996 ==========================================================================
998 procedures on IEEE 802.11/1999 p.376
1001 IRQL = DISPATCH_LEVEL
1003 ==========================================================================
1006 IN PRTMP_ADAPTER pAd,
1008 IN USHORT CapabilityInfo,
1011 IN UCHAR SupRateLen,
1013 IN UCHAR ExtRateLen,
1014 IN PEDCA_PARM pEdcaParm,
1015 IN HT_CAPABILITY_IE *pHtCapability,
1016 IN UCHAR HtCapabilityLen,
1017 IN ADD_HT_INFO_IE *pAddHtInfo) // AP might use this additional ht info IE
1021 pAd->MlmeAux.BssType = BSS_INFRA;
1022 COPY_MAC_ADDR(pAd->MlmeAux.Bssid, pAddr2);
1023 pAd->MlmeAux.Aid = Aid;
1024 pAd->MlmeAux.CapabilityInfo = CapabilityInfo & SUPPORTED_CAPABILITY_INFO;
1026 // Some HT AP might lost WMM IE. We add WMM ourselves. beacuase HT requires QoS on.
1027 if ((HtCapabilityLen > 0) && (pEdcaParm->bValid == FALSE))
1029 pEdcaParm->bValid = TRUE;
1030 pEdcaParm->Aifsn[0] = 3;
1031 pEdcaParm->Aifsn[1] = 7;
1032 pEdcaParm->Aifsn[2] = 2;
1033 pEdcaParm->Aifsn[3] = 2;
1035 pEdcaParm->Cwmin[0] = 4;
1036 pEdcaParm->Cwmin[1] = 4;
1037 pEdcaParm->Cwmin[2] = 3;
1038 pEdcaParm->Cwmin[3] = 2;
1040 pEdcaParm->Cwmax[0] = 10;
1041 pEdcaParm->Cwmax[1] = 10;
1042 pEdcaParm->Cwmax[2] = 4;
1043 pEdcaParm->Cwmax[3] = 3;
1045 pEdcaParm->Txop[0] = 0;
1046 pEdcaParm->Txop[1] = 0;
1047 pEdcaParm->Txop[2] = 96;
1048 pEdcaParm->Txop[3] = 48;
1052 NdisMoveMemory(&pAd->MlmeAux.APEdcaParm, pEdcaParm, sizeof(EDCA_PARM));
1054 // filter out un-supported rates
1055 pAd->MlmeAux.SupRateLen = SupRateLen;
1056 NdisMoveMemory(pAd->MlmeAux.SupRate, SupRate, SupRateLen);
1057 RTMPCheckRates(pAd, pAd->MlmeAux.SupRate, &pAd->MlmeAux.SupRateLen);
1059 // filter out un-supported rates
1060 pAd->MlmeAux.ExtRateLen = ExtRateLen;
1061 NdisMoveMemory(pAd->MlmeAux.ExtRate, ExtRate, ExtRateLen);
1062 RTMPCheckRates(pAd, pAd->MlmeAux.ExtRate, &pAd->MlmeAux.ExtRateLen);
1064 if (HtCapabilityLen > 0)
1066 RTMPCheckHt(pAd, BSSID_WCID, pHtCapability, pAddHtInfo);
1068 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> AP.AMsduSize = %d. ClientStatusFlags = 0x%lx \n", pAd->MacTab.Content[BSSID_WCID].AMsduSize, pAd->MacTab.Content[BSSID_WCID].ClientStatusFlags));
1070 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> (Mmps=%d, AmsduSize=%d, )\n",
1071 pAd->MacTab.Content[BSSID_WCID].MmpsMode, pAd->MacTab.Content[BSSID_WCID].AMsduSize));
1073 // Set New WPA information
1074 Idx = BssTableSearch(&pAd->ScanTab, pAddr2, pAd->MlmeAux.Channel);
1075 if (Idx == BSS_NOT_FOUND)
1077 DBGPRINT_ERR(("ASSOC - Can't find BSS after receiving Assoc response\n"));
1082 pAd->MacTab.Content[BSSID_WCID].RSNIE_Len = 0;
1083 NdisZeroMemory(pAd->MacTab.Content[BSSID_WCID].RSN_IE, MAX_LEN_OF_RSNIE);
1085 // Store appropriate RSN_IE for WPA SM negotiation later
1086 if ((pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA) && (pAd->ScanTab.BssEntry[Idx].VarIELen != 0))
1092 pVIE = pAd->ScanTab.BssEntry[Idx].VarIEs;
1093 len = pAd->ScanTab.BssEntry[Idx].VarIELen;
1097 pEid = (PEID_STRUCT) pVIE;
1099 if ((pEid->Eid == IE_WPA) && (NdisEqualMemory(pEid->Octet, WPA_OUI, 4))
1100 && (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA || pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK))
1102 NdisMoveMemory(pAd->MacTab.Content[BSSID_WCID].RSN_IE, pVIE, (pEid->Len + 2));
1103 pAd->MacTab.Content[BSSID_WCID].RSNIE_Len = (pEid->Len + 2);
1104 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> Store RSN_IE for WPA SM negotiation \n"));
1107 else if ((pEid->Eid == IE_RSN) && (NdisEqualMemory(pEid->Octet + 2, RSN_OUI, 3))
1108 && (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2 || pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK))
1110 NdisMoveMemory(pAd->MacTab.Content[BSSID_WCID].RSN_IE, pVIE, (pEid->Len + 2));
1111 pAd->MacTab.Content[BSSID_WCID].RSNIE_Len = (pEid->Len + 2);
1112 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> Store RSN_IE for WPA2 SM negotiation \n"));
1115 pVIE += (pEid->Len + 2);
1116 len -= (pEid->Len + 2);
1120 if (pAd->MacTab.Content[BSSID_WCID].RSNIE_Len == 0)
1122 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> no RSN_IE \n"));
1126 hex_dump("RSN_IE", pAd->MacTab.Content[BSSID_WCID].RSN_IE, pAd->MacTab.Content[BSSID_WCID].RSNIE_Len);
1132 ==========================================================================
1134 left part of IEEE 802.11/1999 p.374
1136 Elem - MLME message containing the received frame
1138 IRQL = DISPATCH_LEVEL
1140 ==========================================================================
1142 VOID PeerDisassocAction(
1143 IN PRTMP_ADAPTER pAd,
1144 IN MLME_QUEUE_ELEM *Elem)
1146 UCHAR Addr2[MAC_ADDR_LEN];
1149 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerDisassocAction()\n"));
1150 if(PeerDisassocSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Reason))
1152 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerDisassocAction() Reason = %d\n", Reason));
1153 if (INFRA_ON(pAd) && MAC_ADDR_EQUAL(pAd->CommonCfg.Bssid, Addr2))
1156 if (pAd->CommonCfg.bWirelessEvent)
1158 RTMPSendWirelessEvent(pAd, IW_DISASSOC_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
1162 // Get Current System time and Turn on AdjacentAPReport
1164 NdisGetSystemUpTime(&pAd->StaCfg.CCXAdjacentAPLinkDownTime);
1165 pAd->StaCfg.CCXAdjacentAPReportFlag = TRUE;
1166 LinkDown(pAd, TRUE);
1167 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1170 union iwreq_data wrqu;
1171 memset(wrqu.ap_addr.sa_data, 0, MAC_ADDR_LEN);
1172 wireless_send_event(pAd->net_dev, SIOCGIWAP, &wrqu, NULL);
1178 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerDisassocAction() sanity check fail\n"));
1184 ==========================================================================
1186 what the state machine will do after assoc timeout
1190 IRQL = DISPATCH_LEVEL
1192 ==========================================================================
1194 VOID AssocTimeoutAction(
1195 IN PRTMP_ADAPTER pAd,
1196 IN MLME_QUEUE_ELEM *Elem)
1199 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - AssocTimeoutAction\n"));
1200 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1201 Status = MLME_REJ_TIMEOUT;
1202 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
1206 ==========================================================================
1208 what the state machine will do after reassoc timeout
1210 IRQL = DISPATCH_LEVEL
1212 ==========================================================================
1214 VOID ReassocTimeoutAction(
1215 IN PRTMP_ADAPTER pAd,
1216 IN MLME_QUEUE_ELEM *Elem)
1219 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - ReassocTimeoutAction\n"));
1220 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1221 Status = MLME_REJ_TIMEOUT;
1222 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
1226 ==========================================================================
1228 what the state machine will do after disassoc timeout
1230 IRQL = DISPATCH_LEVEL
1232 ==========================================================================
1234 VOID DisassocTimeoutAction(
1235 IN PRTMP_ADAPTER pAd,
1236 IN MLME_QUEUE_ELEM *Elem)
1239 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - DisassocTimeoutAction\n"));
1240 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1241 Status = MLME_SUCCESS;
1242 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DISASSOC_CONF, 2, &Status);
1245 VOID InvalidStateWhenAssoc(
1246 IN PRTMP_ADAPTER pAd,
1247 IN MLME_QUEUE_ELEM *Elem)
1250 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - InvalidStateWhenAssoc(state=%ld), reset ASSOC state machine\n",
1251 pAd->Mlme.AssocMachine.CurrState));
1252 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1253 Status = MLME_STATE_MACHINE_REJECT;
1254 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
1257 VOID InvalidStateWhenReassoc(
1258 IN PRTMP_ADAPTER pAd,
1259 IN MLME_QUEUE_ELEM *Elem)
1262 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - InvalidStateWhenReassoc(state=%ld), reset ASSOC state machine\n",
1263 pAd->Mlme.AssocMachine.CurrState));
1264 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1265 Status = MLME_STATE_MACHINE_REJECT;
1266 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
1269 VOID InvalidStateWhenDisassociate(
1270 IN PRTMP_ADAPTER pAd,
1271 IN MLME_QUEUE_ELEM *Elem)
1274 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - InvalidStateWhenDisassoc(state=%ld), reset ASSOC state machine\n",
1275 pAd->Mlme.AssocMachine.CurrState));
1276 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1277 Status = MLME_STATE_MACHINE_REJECT;
1278 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DISASSOC_CONF, 2, &Status);
1282 ==========================================================================
1284 right part of IEEE 802.11/1999 page 374
1286 This event should never cause ASSOC state machine perform state
1287 transition, and has no relationship with CNTL machine. So we separate
1288 this routine as a service outside of ASSOC state transition table.
1290 IRQL = DISPATCH_LEVEL
1292 ==========================================================================
1295 IN PRTMP_ADAPTER pAd,
1298 HEADER_802_11 DisassocHdr;
1299 PHEADER_802_11 pDisassocHdr;
1300 PUCHAR pOutBuffer = NULL;
1302 NDIS_STATUS NStatus;
1303 USHORT Reason = REASON_CLS3ERR;
1305 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); //Get an unused nonpaged memory
1306 if (NStatus != NDIS_STATUS_SUCCESS)
1309 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Class 3 Error, Send DISASSOC frame\n"));
1310 MgtMacHeaderInit(pAd, &DisassocHdr, SUBTYPE_DISASSOC, 0, pAddr, pAd->CommonCfg.Bssid); // patch peap ttls switching issue
1311 MakeOutgoingFrame(pOutBuffer, &FrameLen,
1312 sizeof(HEADER_802_11),&DisassocHdr,
1315 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
1317 // To patch Instance and Buffalo(N) AP
1318 // Driver has to send deauth to Instance AP, but Buffalo(N) needs to send disassoc to reset Authenticator's state machine
1319 // Therefore, we send both of them.
1320 pDisassocHdr = (PHEADER_802_11)pOutBuffer;
1321 pDisassocHdr->FC.SubType = SUBTYPE_DEAUTH;
1322 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
1324 MlmeFreeMemory(pAd, pOutBuffer);
1326 pAd->StaCfg.DisassocReason = REASON_CLS3ERR;
1327 COPY_MAC_ADDR(pAd->StaCfg.DisassocSta, pAddr);
1331 ==========================================================================
1333 Switch between WEP and CKIP upon new association up.
1336 IRQL = DISPATCH_LEVEL
1338 ==========================================================================
1340 VOID SwitchBetweenWepAndCkip(
1341 IN PRTMP_ADAPTER pAd)
1344 SHAREDKEY_MODE_STRUC csr1;
1346 // if KP is required. change the CipherAlg in hardware shard key table from WEP
1347 // to CKIP. else remain as WEP
1348 if (pAd->StaCfg.bCkipOn && (pAd->StaCfg.CkipFlag & 0x10))
1350 // modify hardware key table so that MAC use correct algorithm to decrypt RX
1351 RTMP_IO_READ32(pAd, SHARED_KEY_MODE_BASE, &csr1.word);
1352 if (csr1.field.Bss0Key0CipherAlg == CIPHER_WEP64)
1353 csr1.field.Bss0Key0CipherAlg = CIPHER_CKIP64;
1354 else if (csr1.field.Bss0Key0CipherAlg == CIPHER_WEP128)
1355 csr1.field.Bss0Key0CipherAlg = CIPHER_CKIP128;
1357 if (csr1.field.Bss0Key1CipherAlg == CIPHER_WEP64)
1358 csr1.field.Bss0Key1CipherAlg = CIPHER_CKIP64;
1359 else if (csr1.field.Bss0Key1CipherAlg == CIPHER_WEP128)
1360 csr1.field.Bss0Key1CipherAlg = CIPHER_CKIP128;
1362 if (csr1.field.Bss0Key2CipherAlg == CIPHER_WEP64)
1363 csr1.field.Bss0Key2CipherAlg = CIPHER_CKIP64;
1364 else if (csr1.field.Bss0Key2CipherAlg == CIPHER_WEP128)
1365 csr1.field.Bss0Key2CipherAlg = CIPHER_CKIP128;
1367 if (csr1.field.Bss0Key3CipherAlg == CIPHER_WEP64)
1368 csr1.field.Bss0Key3CipherAlg = CIPHER_CKIP64;
1369 else if (csr1.field.Bss0Key3CipherAlg == CIPHER_WEP128)
1370 csr1.field.Bss0Key3CipherAlg = CIPHER_CKIP128;
1371 RTMP_IO_WRITE32(pAd, SHARED_KEY_MODE_BASE, csr1.word);
1372 DBGPRINT(RT_DEBUG_TRACE, ("SwitchBetweenWepAndCkip: modify BSS0 cipher to %s\n", CipherName[csr1.field.Bss0Key0CipherAlg]));
1374 // modify software key table so that driver can specify correct algorithm in TXD upon TX
1375 for (i=0; i<SHARE_KEY_NUM; i++)
1377 if (pAd->SharedKey[BSS0][i].CipherAlg == CIPHER_WEP64)
1378 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_CKIP64;
1379 else if (pAd->SharedKey[BSS0][i].CipherAlg == CIPHER_WEP128)
1380 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_CKIP128;
1384 // else if KP NOT inused. change the CipherAlg in hardware shard key table from CKIP
1388 // modify hardware key table so that MAC use correct algorithm to decrypt RX
1389 RTMP_IO_READ32(pAd, SHARED_KEY_MODE_BASE, &csr1.word);
1390 if (csr1.field.Bss0Key0CipherAlg == CIPHER_CKIP64)
1391 csr1.field.Bss0Key0CipherAlg = CIPHER_WEP64;
1392 else if (csr1.field.Bss0Key0CipherAlg == CIPHER_CKIP128)
1393 csr1.field.Bss0Key0CipherAlg = CIPHER_WEP128;
1395 if (csr1.field.Bss0Key1CipherAlg == CIPHER_CKIP64)
1396 csr1.field.Bss0Key1CipherAlg = CIPHER_WEP64;
1397 else if (csr1.field.Bss0Key1CipherAlg == CIPHER_CKIP128)
1398 csr1.field.Bss0Key1CipherAlg = CIPHER_WEP128;
1400 if (csr1.field.Bss0Key2CipherAlg == CIPHER_CKIP64)
1401 csr1.field.Bss0Key2CipherAlg = CIPHER_WEP64;
1402 else if (csr1.field.Bss0Key2CipherAlg == CIPHER_CKIP128)
1403 csr1.field.Bss0Key2CipherAlg = CIPHER_WEP128;
1405 if (csr1.field.Bss0Key3CipherAlg == CIPHER_CKIP64)
1406 csr1.field.Bss0Key3CipherAlg = CIPHER_WEP64;
1407 else if (csr1.field.Bss0Key3CipherAlg == CIPHER_CKIP128)
1408 csr1.field.Bss0Key3CipherAlg = CIPHER_WEP128;
1410 // modify software key table so that driver can specify correct algorithm in TXD upon TX
1411 for (i=0; i<SHARE_KEY_NUM; i++)
1413 if (pAd->SharedKey[BSS0][i].CipherAlg == CIPHER_CKIP64)
1414 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_WEP64;
1415 else if (pAd->SharedKey[BSS0][i].CipherAlg == CIPHER_CKIP128)
1416 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_WEP128;
1420 // On WPA-NONE, must update CipherAlg.
1421 // Because the OID_802_11_WEP_STATUS was been set after OID_802_11_ADD_KEY
1422 // and CipherAlg will be CIPHER_NONE by Windows ZeroConfig.
1423 // So we need to update CipherAlg after connect.
1425 if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPANone)
1427 for (i = 0; i < SHARE_KEY_NUM; i++)
1429 if (pAd->SharedKey[BSS0][i].KeyLen != 0)
1431 if (pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled)
1433 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_TKIP;
1435 else if (pAd->StaCfg.WepStatus == Ndis802_11Encryption3Enabled)
1437 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_AES;
1442 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_NONE;
1446 csr1.field.Bss0Key0CipherAlg = pAd->SharedKey[BSS0][0].CipherAlg;
1447 csr1.field.Bss0Key1CipherAlg = pAd->SharedKey[BSS0][1].CipherAlg;
1448 csr1.field.Bss0Key2CipherAlg = pAd->SharedKey[BSS0][2].CipherAlg;
1449 csr1.field.Bss0Key3CipherAlg = pAd->SharedKey[BSS0][3].CipherAlg;
1451 RTMP_IO_WRITE32(pAd, SHARED_KEY_MODE_BASE, csr1.word);
1452 DBGPRINT(RT_DEBUG_TRACE, ("SwitchBetweenWepAndCkip: modify BSS0 cipher to %s\n", CipherName[csr1.field.Bss0Key0CipherAlg]));
1456 int wext_notify_event_assoc(
1457 IN RTMP_ADAPTER *pAd)
1459 union iwreq_data wrqu;
1460 char custom[IW_CUSTOM_MAX] = {0};
1462 #if WIRELESS_EXT > 17
1463 if (pAd->StaCfg.ReqVarIELen <= IW_CUSTOM_MAX)
1465 wrqu.data.length = pAd->StaCfg.ReqVarIELen;
1466 memcpy(custom, pAd->StaCfg.ReqVarIEs, pAd->StaCfg.ReqVarIELen);
1467 wireless_send_event(pAd->net_dev, IWEVASSOCREQIE, &wrqu, custom);
1470 DBGPRINT(RT_DEBUG_TRACE, ("pAd->StaCfg.ReqVarIELen > MAX_CUSTOM_LEN\n"));
1472 if (((pAd->StaCfg.ReqVarIELen*2) + 17) <= IW_CUSTOM_MAX)
1475 wrqu.data.length = (pAd->StaCfg.ReqVarIELen*2) + 17;
1476 sprintf(custom, "ASSOCINFO(ReqIEs=");
1477 for (idx=0; idx<pAd->StaCfg.ReqVarIELen; idx++)
1478 sprintf(custom + strlen(custom), "%02x", pAd->StaCfg.ReqVarIEs[idx]);
1479 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, custom);
1482 DBGPRINT(RT_DEBUG_TRACE, ("(pAd->StaCfg.ReqVarIELen*2) + 17 > MAX_CUSTOM_LEN\n"));