projects / linux-2.6 / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Staging: Add pristine upstream vt6655 driver sources
[linux-2.6] / drivers / staging / vt6655 / wmgr.c
1 /*
2  * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
3  * All rights reserved.
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 2 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License along
16  * with this program; if not, write to the Free Software Foundation, Inc.,
17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18  *
19  * File: wmgr.c
20  *
21  * Purpose: Handles the 802.11 management functions
22  *
23  * Author: Lyndon Chen
24  *
25  * Date: May 8, 2002
26  *
27  * Functions:
28  *      nsMgrObjectInitial - Initialize Management Objet data structure
29  *      vMgrObjectReset - Reset Management Objet data structure
30  *      vMgrAssocBeginSta - Start associate function
31  *      vMgrReAssocBeginSta - Start reassociate function
32  *      vMgrDisassocBeginSta - Start disassociate function
33  *      s_vMgrRxAssocRequest - Handle Rcv associate_request
34  *      s_vMgrRxAssocResponse - Handle Rcv associate_response
35  *      vMrgAuthenBeginSta - Start authentication function
36  *      vMgrDeAuthenDeginSta - Start deauthentication function
37  *      s_vMgrRxAuthentication - Handle Rcv authentication
38  *      s_vMgrRxAuthenSequence_1 - Handle Rcv authentication sequence 1
39  *      s_vMgrRxAuthenSequence_2 - Handle Rcv authentication sequence 2
40  *      s_vMgrRxAuthenSequence_3 - Handle Rcv authentication sequence 3
41  *      s_vMgrRxAuthenSequence_4 - Handle Rcv authentication sequence 4
42  *      s_vMgrRxDisassociation - Handle Rcv disassociation
43  *      s_vMgrRxBeacon - Handle Rcv Beacon
44  *      vMgrCreateOwnIBSS - Create ad_hoc IBSS or AP BSS
45  *      vMgrJoinBSSBegin - Join BSS function
46  *      s_vMgrSynchBSS - Synch & adopt BSS parameters
47  *      s_MgrMakeBeacon - Create Baecon frame
48  *      s_MgrMakeProbeResponse - Create Probe Response frame
49  *      s_MgrMakeAssocRequest - Create Associate Request frame
50  *      s_MgrMakeReAssocRequest - Create ReAssociate Request frame
51  *      s_vMgrRxProbeResponse - Handle Rcv probe_response
52  *      s_vMrgRxProbeRequest - Handle Rcv probe_request
53  *      bMgrPrepareBeaconToSend - Prepare Beacon frame
54  *      s_vMgrLogStatus - Log 802.11 Status
55  *      vMgrRxManagePacket - Rcv management frame dispatch function
56  *      s_vMgrFormatTIM- Assember TIM field of beacon
57  *      vMgrTimerInit- Initial 1-sec and command call back funtions
58  *
59  * Revision History:
60  *
61  */
62
63
64 #if !defined(__TMACRO_H__)
65 #include "tmacro.h"
66 #endif
67 #if !defined(__TBIT_H__)
68 #include "tbit.h"
69 #endif
70 #if !defined(__DESC_H__)
71 #include "desc.h"
72 #endif
73 #if !defined(__DEVICE_H__)
74 #include "device.h"
75 #endif
76 #if !defined(__CARD_H__)
77 #include "card.h"
78 #endif
79 #if !defined(__80211HDR_H__)
80 #include "80211hdr.h"
81 #endif
82 #if !defined(__80211MGR_H__)
83 #include "80211mgr.h"
84 #endif
85 #if !defined(__WMGR_H__)
86 #include "wmgr.h"
87 #endif
88 #if !defined(__WCMD_H__)
89 #include "wcmd.h"
90 #endif
91 #if !defined(__MAC_H__)
92 #include "mac.h"
93 #endif
94 #if !defined(__BSSDB_H__)
95 #include "bssdb.h"
96 #endif
97 #if !defined(__POWER_H__)
98 #include "power.h"
99 #endif
100 #if !defined(__DATARATE_H__)
101 #include "datarate.h"
102 #endif
103 #if !defined(__BASEBAND_H__)
104 #include "baseband.h"
105 #endif
106 #if !defined(__RXTX_H__)
107 #include "rxtx.h"
108 #endif
109 #if !defined(__WPA_H__)
110 #include "wpa.h"
111 #endif
112 #if !defined(__RF_H__)
113 #include "rf.h"
114 #endif
115 #if !defined(__UMEM_H__)
116 #include "umem.h"
117 #endif
118 #if !defined(__IOWPA_H__)
119 #include "iowpa.h"
120 #endif
121
122 #define PLICE_DEBUG
123
124 /*---------------------  Static Definitions -------------------------*/
125
126
127
128 /*---------------------  Static Classes  ----------------------------*/
129
130 /*---------------------  Static Variables  --------------------------*/
131 static int          msglevel                =MSG_LEVEL_INFO;
132 //static int          msglevel                =MSG_LEVEL_DEBUG;
133
134 /*---------------------  Static Functions  --------------------------*/
135 //2008-8-4 <add> by chester
136 static BOOL ChannelExceedZoneType(
137     IN PSDevice pDevice,
138     IN BYTE byCurrChannel
139     );
140 // Association/diassociation functions
141 static
142 PSTxMgmtPacket
143 s_MgrMakeAssocRequest(
144     IN PSDevice pDevice,
145     IN PSMgmtObject pMgmt,
146     IN PBYTE pDAddr,
147     IN WORD wCurrCapInfo,
148     IN WORD wListenInterval,
149     IN PWLAN_IE_SSID pCurrSSID,
150     IN PWLAN_IE_SUPP_RATES pCurrRates,
151     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
152     );
153
154 static
155 VOID
156 s_vMgrRxAssocRequest(
157     IN PSDevice pDevice,
158     IN PSMgmtObject pMgmt,
159     IN PSRxMgmtPacket pRxPacket,
160     IN UINT  uNodeIndex
161     );
162
163 static
164 PSTxMgmtPacket
165 s_MgrMakeReAssocRequest(
166     IN PSDevice pDevice,
167     IN PSMgmtObject pMgmt,
168     IN PBYTE pDAddr,
169     IN WORD wCurrCapInfo,
170     IN WORD wListenInterval,
171     IN PWLAN_IE_SSID pCurrSSID,
172     IN PWLAN_IE_SUPP_RATES pCurrRates,
173     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
174     );
175
176 static
177 VOID
178 s_vMgrRxAssocResponse(
179     IN PSDevice pDevice,
180     IN PSMgmtObject pMgmt,
181     IN PSRxMgmtPacket pRxPacket,
182     IN BOOL bReAssocType
183     );
184
185 static
186 VOID
187 s_vMgrRxDisassociation(
188     IN PSDevice pDevice,
189     IN PSMgmtObject pMgmt,
190     IN PSRxMgmtPacket pRxPacket
191     );
192
193 // Authentication/deauthen functions
194 static
195 VOID
196 s_vMgrRxAuthenSequence_1(
197     IN PSDevice pDevice,
198     IN PSMgmtObject pMgmt,
199     IN PWLAN_FR_AUTHEN pFrame
200     );
201
202 static
203 VOID
204 s_vMgrRxAuthenSequence_2(
205     IN PSDevice pDevice,
206     IN PSMgmtObject pMgmt,
207     IN PWLAN_FR_AUTHEN pFrame
208     );
209
210 static
211 VOID
212 s_vMgrRxAuthenSequence_3(
213     IN PSDevice pDevice,
214     IN PSMgmtObject pMgmt,
215     IN PWLAN_FR_AUTHEN pFrame
216     );
217
218 static
219 VOID
220 s_vMgrRxAuthenSequence_4(
221     IN PSDevice pDevice,
222     IN PSMgmtObject pMgmt,
223     IN PWLAN_FR_AUTHEN pFrame
224     );
225
226 static
227 VOID
228 s_vMgrRxAuthentication(
229     IN PSDevice pDevice,
230     IN PSMgmtObject pMgmt,
231     IN PSRxMgmtPacket pRxPacket
232     );
233
234 static
235 VOID
236 s_vMgrRxDeauthentication(
237     IN PSDevice pDevice,
238     IN PSMgmtObject pMgmt,
239     IN PSRxMgmtPacket pRxPacket
240     );
241
242 // Scan functions
243 // probe request/response functions
244 static
245 VOID
246 s_vMgrRxProbeRequest(
247     IN PSDevice pDevice,
248     IN PSMgmtObject pMgmt,
249     IN PSRxMgmtPacket pRxPacket
250     );
251
252 static
253 VOID
254 s_vMgrRxProbeResponse(
255     IN PSDevice pDevice,
256     IN PSMgmtObject pMgmt,
257     IN PSRxMgmtPacket pRxPacket
258     );
259
260 // beacon functions
261 static
262 VOID
263 s_vMgrRxBeacon(
264     IN PSDevice pDevice,
265     IN PSMgmtObject pMgmt,
266     IN PSRxMgmtPacket pRxPacket,
267     IN BOOL bInScan
268     );
269
270 static
271 VOID
272 s_vMgrFormatTIM(
273     IN PSMgmtObject pMgmt,
274     IN PWLAN_IE_TIM pTIM
275     );
276
277 static
278 PSTxMgmtPacket
279 s_MgrMakeBeacon(
280     IN PSDevice pDevice,
281     IN PSMgmtObject pMgmt,
282     IN WORD wCurrCapInfo,
283     IN WORD wCurrBeaconPeriod,
284     IN UINT uCurrChannel,
285     IN WORD wCurrATIMWinodw,
286     IN PWLAN_IE_SSID pCurrSSID,
287     IN PBYTE pCurrBSSID,
288     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
289     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
290     );
291
292
293 // Association response
294 static
295 PSTxMgmtPacket
296 s_MgrMakeAssocResponse(
297     IN PSDevice pDevice,
298     IN PSMgmtObject pMgmt,
299     IN WORD wCurrCapInfo,
300     IN WORD wAssocStatus,
301     IN WORD wAssocAID,
302     IN PBYTE pDstAddr,
303     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
304     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
305     );
306
307 // ReAssociation response
308 static
309 PSTxMgmtPacket
310 s_MgrMakeReAssocResponse(
311     IN PSDevice pDevice,
312     IN PSMgmtObject pMgmt,
313     IN WORD wCurrCapInfo,
314     IN WORD wAssocStatus,
315     IN WORD wAssocAID,
316     IN PBYTE pDstAddr,
317     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
318     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
319     );
320
321 // Probe response
322 static
323 PSTxMgmtPacket
324 s_MgrMakeProbeResponse(
325     IN PSDevice pDevice,
326     IN PSMgmtObject pMgmt,
327     IN WORD wCurrCapInfo,
328     IN WORD wCurrBeaconPeriod,
329     IN UINT uCurrChannel,
330     IN WORD wCurrATIMWinodw,
331     IN PBYTE pDstAddr,
332     IN PWLAN_IE_SSID pCurrSSID,
333     IN PBYTE pCurrBSSID,
334     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
335     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates,
336     IN BYTE byPHYType
337     );
338
339 // received status
340 static
341 VOID
342 s_vMgrLogStatus(
343     IN PSMgmtObject pMgmt,
344     IN WORD wStatus
345     );
346
347
348 static
349 VOID
350 s_vMgrSynchBSS (
351     IN PSDevice      pDevice,
352     IN UINT          uBSSMode,
353     IN PKnownBSS     pCurr,
354     OUT PCMD_STATUS  pStatus
355     );
356
357
358 static BOOL
359 s_bCipherMatch (
360     IN PKnownBSS                        pBSSNode,
361     IN NDIS_802_11_ENCRYPTION_STATUS    EncStatus,
362     OUT PBYTE                           pbyCCSPK,
363     OUT PBYTE                           pbyCCSGK
364     );
365
366
367  static VOID  Encyption_Rebuild(
368     IN PSDevice pDevice,
369     IN PKnownBSS pCurr
370  );
371 /*
372 static
373 VOID
374 s_vProbeChannel(
375     IN PSDevice pDevice
376     );
377
378 static
379 VOID
380 s_vListenChannel(
381     IN PSDevice pDevice
382     );
383
384 static
385 PSTxMgmtPacket
386 s_MgrMakeProbeRequest(
387     IN PSMgmtObject pMgmt,
388     IN PBYTE pScanBSSID,
389     IN PWLAN_IE_SSID pSSID,
390     IN PWLAN_IE_SUPP_RATES pCurrRates
391     );
392 */
393
394
395
396 /*---------------------  Export Variables  --------------------------*/
397
398
399 /*---------------------  Export Functions  --------------------------*/
400
401
402 /*+
403  *
404  * Routine Description:
405  *    Allocates and initializes the Management object.
406  *
407  * Return Value:
408  *    Ndis_staus.
409  *
410 -*/
411
412 VOID
413 vMgrObjectInit(
414     IN  HANDLE hDeviceContext
415     )
416 {
417     PSDevice     pDevice = (PSDevice)hDeviceContext;
418     PSMgmtObject    pMgmt = pDevice->pMgmt;
419     int ii;
420
421
422     pMgmt->pbyPSPacketPool = &pMgmt->byPSPacketPool[0];
423     pMgmt->pbyMgmtPacketPool = &pMgmt->byMgmtPacketPool[0];
424     pMgmt->uCurrChannel = pDevice->uChannel;
425     for(ii=0;ii<WLAN_BSSID_LEN;ii++) {
426         pMgmt->abyDesireBSSID[ii] = 0xFF;
427     }
428     pMgmt->sAssocInfo.AssocInfo.Length = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
429     //memset(pMgmt->abyDesireSSID, 0, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN +1);
430     pMgmt->byCSSPK = KEY_CTL_NONE;
431     pMgmt->byCSSGK = KEY_CTL_NONE;
432     pMgmt->wIBSSBeaconPeriod = DEFAULT_IBSS_BI;
433     BSSvClearBSSList((HANDLE)pDevice, FALSE);
434
435     return;
436 }
437
438 /*+
439  *
440  * Routine Description:
441  *    Initializes timer object
442  *
443  * Return Value:
444  *    Ndis_staus.
445  *
446 -*/
447
448 void
449 vMgrTimerInit(
450     IN  HANDLE hDeviceContext
451     )
452 {
453     PSDevice     pDevice = (PSDevice)hDeviceContext;
454     PSMgmtObject    pMgmt = pDevice->pMgmt;
455
456
457     init_timer(&pMgmt->sTimerSecondCallback);
458     pMgmt->sTimerSecondCallback.data = (ULONG)pDevice;
459     pMgmt->sTimerSecondCallback.function = (TimerFunction)BSSvSecondCallBack;
460     pMgmt->sTimerSecondCallback.expires = RUN_AT(HZ);
461
462     init_timer(&pDevice->sTimerCommand);
463     pDevice->sTimerCommand.data = (ULONG)pDevice;
464     pDevice->sTimerCommand.function = (TimerFunction)vCommandTimer;
465     pDevice->sTimerCommand.expires = RUN_AT(HZ);
466
467    #ifdef TxInSleep
468     init_timer(&pDevice->sTimerTxData);
469     pDevice->sTimerTxData.data = (ULONG)pDevice;
470     pDevice->sTimerTxData.function = (TimerFunction)BSSvSecondTxData;
471     pDevice->sTimerTxData.expires = RUN_AT(10*HZ);      //10s callback
472     pDevice->fTxDataInSleep = FALSE;
473     pDevice->IsTxDataTrigger = FALSE;
474     pDevice->nTxDataTimeCout = 0;
475    #endif
476
477     pDevice->cbFreeCmdQueue = CMD_Q_SIZE;
478     pDevice->uCmdDequeueIdx = 0;
479     pDevice->uCmdEnqueueIdx = 0;
480
481     return;
482 }
483
484
485
486 /*+
487  *
488  * Routine Description:
489  *    Reset the management object  structure.
490  *
491  * Return Value:
492  *    None.
493  *
494 -*/
495
496 VOID
497 vMgrObjectReset(
498     IN  HANDLE hDeviceContext
499     )
500 {
501     PSDevice         pDevice = (PSDevice)hDeviceContext;
502     PSMgmtObject        pMgmt = pDevice->pMgmt;
503
504     pMgmt->eCurrMode = WMAC_MODE_STANDBY;
505     pMgmt->eCurrState = WMAC_STATE_IDLE;
506     pDevice->bEnablePSMode = FALSE;
507     // TODO: timer
508
509     return;
510 }
511
512
513 /*+
514  *
515  * Routine Description:
516  *    Start the station association procedure.  Namely, send an
517  *    association request frame to the AP.
518  *
519  * Return Value:
520  *    None.
521  *
522 -*/
523
524
525 VOID
526 vMgrAssocBeginSta(
527     IN  HANDLE hDeviceContext,
528     IN  PSMgmtObject pMgmt,
529     OUT PCMD_STATUS pStatus
530     )
531 {
532     PSDevice             pDevice = (PSDevice)hDeviceContext;
533     PSTxMgmtPacket          pTxPacket;
534
535
536     pMgmt->wCurrCapInfo = 0;
537     pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_ESS(1);
538     if (pDevice->bEncryptionEnable) {
539         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_PRIVACY(1);
540     }
541     // always allow receive short preamble
542     //if (pDevice->byPreambleType == 1) {
543     //    pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
544     //}
545     pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
546     if (pMgmt->wListenInterval == 0)
547         pMgmt->wListenInterval = 1;    // at least one.
548
549     // ERP Phy (802.11g) should support short preamble.
550     if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
551         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
552         if (CARDbIsShorSlotTime(pMgmt->pAdapter) == TRUE) {
553             pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTSLOTTIME(1);
554         }
555     } else if (pMgmt->eCurrentPHYMode == PHY_TYPE_11B) {
556         if (CARDbIsShortPreamble(pMgmt->pAdapter) == TRUE) {
557             pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
558         }
559     }
560     if (pMgmt->b11hEnable == TRUE)
561         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SPECTRUMMNG(1);
562
563     /* build an assocreq frame and send it */
564     pTxPacket = s_MgrMakeAssocRequest
565                 (
566                   pDevice,
567                   pMgmt,
568                   pMgmt->abyCurrBSSID,
569                   pMgmt->wCurrCapInfo,
570                   pMgmt->wListenInterval,
571                   (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
572                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
573                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
574                 );
575
576     if (pTxPacket != NULL ){
577         /* send the frame */
578         *pStatus = csMgmt_xmit(pDevice, pTxPacket);
579         if (*pStatus == CMD_STATUS_PENDING) {
580             pMgmt->eCurrState = WMAC_STATE_ASSOCPENDING;
581             *pStatus = CMD_STATUS_SUCCESS;
582         }
583     }
584     else
585         *pStatus = CMD_STATUS_RESOURCES;
586
587     return ;
588 }
589
590
591 /*+
592  *
593  * Routine Description:
594  *    Start the station re-association procedure.
595  *
596  * Return Value:
597  *    None.
598  *
599 -*/
600
601 VOID
602 vMgrReAssocBeginSta(
603     IN  HANDLE hDeviceContext,
604     IN  PSMgmtObject pMgmt,
605     OUT PCMD_STATUS pStatus
606     )
607 {
608     PSDevice             pDevice = (PSDevice)hDeviceContext;
609     PSTxMgmtPacket          pTxPacket;
610
611
612
613     pMgmt->wCurrCapInfo = 0;
614     pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_ESS(1);
615     if (pDevice->bEncryptionEnable) {
616         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_PRIVACY(1);
617     }
618
619     //if (pDevice->byPreambleType == 1) {
620     //    pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
621     //}
622     pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
623
624     if (pMgmt->wListenInterval == 0)
625         pMgmt->wListenInterval = 1;    // at least one.
626
627
628     // ERP Phy (802.11g) should support short preamble.
629     if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
630         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
631         if (CARDbIsShorSlotTime(pMgmt->pAdapter) == TRUE) {
632             pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTSLOTTIME(1);
633         }
634     } else if (pMgmt->eCurrentPHYMode == PHY_TYPE_11B) {
635         if (CARDbIsShortPreamble(pMgmt->pAdapter) == TRUE) {
636             pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
637         }
638     }
639     if (pMgmt->b11hEnable == TRUE)
640         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SPECTRUMMNG(1);
641
642
643     pTxPacket = s_MgrMakeReAssocRequest
644                 (
645                   pDevice,
646                   pMgmt,
647                   pMgmt->abyCurrBSSID,
648                   pMgmt->wCurrCapInfo,
649                   pMgmt->wListenInterval,
650                   (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
651                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
652                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
653                 );
654
655     if (pTxPacket != NULL ){
656         /* send the frame */
657         *pStatus = csMgmt_xmit(pDevice, pTxPacket);
658         if (*pStatus != CMD_STATUS_PENDING) {
659             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Reassociation tx failed.\n");
660         }
661         else {
662             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Reassociation tx sending.\n");
663         }
664     }
665
666
667     return ;
668 }
669
670 /*+
671  *
672  * Routine Description:
673  *    Send an dis-association request frame to the AP.
674  *
675  * Return Value:
676  *    None.
677  *
678 -*/
679
680 VOID
681 vMgrDisassocBeginSta(
682     IN  HANDLE hDeviceContext,
683     IN  PSMgmtObject pMgmt,
684     IN  PBYTE  abyDestAddress,
685     IN  WORD    wReason,
686     OUT PCMD_STATUS pStatus
687     )
688 {
689     PSDevice            pDevice = (PSDevice)hDeviceContext;
690     PSTxMgmtPacket      pTxPacket = NULL;
691     WLAN_FR_DISASSOC    sFrame;
692
693     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
694     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_DISASSOC_FR_MAXLEN);
695     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
696
697     // Setup the sFrame structure
698     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
699     sFrame.len = WLAN_DISASSOC_FR_MAXLEN;
700
701     // format fixed field frame structure
702     vMgrEncodeDisassociation(&sFrame);
703
704     // Setup the header
705     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
706         (
707         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
708         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_DISASSOC)
709         ));
710
711     memcpy( sFrame.pHdr->sA3.abyAddr1, abyDestAddress, WLAN_ADDR_LEN);
712     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
713     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
714
715     // Set reason code
716     *(sFrame.pwReason) = cpu_to_le16(wReason);
717     pTxPacket->cbMPDULen = sFrame.len;
718     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
719
720     // send the frame
721     *pStatus = csMgmt_xmit(pDevice, pTxPacket);
722     if (*pStatus == CMD_STATUS_PENDING) {
723         pMgmt->eCurrState = WMAC_STATE_IDLE;
724         *pStatus = CMD_STATUS_SUCCESS;
725     };
726
727     return;
728 }
729
730
731
732 /*+
733  *
734  * Routine Description:(AP function)
735  *    Handle incoming station association request frames.
736  *
737  * Return Value:
738  *    None.
739  *
740 -*/
741
742 static
743 VOID
744 s_vMgrRxAssocRequest(
745     IN PSDevice pDevice,
746     IN PSMgmtObject pMgmt,
747     IN PSRxMgmtPacket pRxPacket,
748     IN UINT uNodeIndex
749     )
750 {
751     WLAN_FR_ASSOCREQ    sFrame;
752     CMD_STATUS          Status;
753     PSTxMgmtPacket      pTxPacket;
754     WORD                wAssocStatus = 0;
755     WORD                wAssocAID = 0;
756     UINT                uRateLen = WLAN_RATES_MAXLEN;
757     BYTE                abyCurrSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
758     BYTE                abyCurrExtSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
759
760
761     if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP)
762         return;
763     //  node index not found
764     if (!uNodeIndex)
765         return;
766
767     //check if node is authenticated
768     //decode the frame
769     memset(&sFrame, 0, sizeof(WLAN_FR_ASSOCREQ));
770     memset(abyCurrSuppRates, 0, WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1);
771     memset(abyCurrExtSuppRates, 0, WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1);
772     sFrame.len = pRxPacket->cbMPDULen;
773     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
774
775     vMgrDecodeAssocRequest(&sFrame);
776
777     if (pMgmt->sNodeDBTable[uNodeIndex].eNodeState >= NODE_AUTH) {
778         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_ASSOC;
779         pMgmt->sNodeDBTable[uNodeIndex].wCapInfo = cpu_to_le16(*sFrame.pwCapInfo);
780         pMgmt->sNodeDBTable[uNodeIndex].wListenInterval = cpu_to_le16(*sFrame.pwListenInterval);
781         pMgmt->sNodeDBTable[uNodeIndex].bPSEnable =
782                 WLAN_GET_FC_PWRMGT(sFrame.pHdr->sA3.wFrameCtl) ? TRUE : FALSE;
783         // Todo: check sta basic rate, if ap can't support, set status code
784         if (pDevice->eCurrentPHYType == PHY_TYPE_11B) {
785             uRateLen = WLAN_RATES_MAXLEN_11B;
786         }
787         abyCurrSuppRates[0] = WLAN_EID_SUPP_RATES;
788         abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
789                                          (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
790                                          uRateLen);
791         abyCurrExtSuppRates[0] = WLAN_EID_EXTSUPP_RATES;
792         if (pDevice->eCurrentPHYType == PHY_TYPE_11G) {
793             abyCurrExtSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pExtSuppRates,
794                                                 (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
795                                                 uRateLen);
796         } else {
797             abyCurrExtSuppRates[1] = 0;
798         }
799
800
801         RATEvParseMaxRate((PVOID)pDevice,
802                            (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
803                            (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
804                            FALSE, // do not change our basic rate
805                            &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
806                            &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
807                            &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
808                            &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
809                            &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
810                           );
811
812         // set max tx rate
813         pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate =
814                 pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate;
815 #ifdef  PLICE_DEBUG
816         printk("RxAssocRequest:wTxDataRate is %d\n",pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate);
817 #endif
818                 // Todo: check sta preamble, if ap can't support, set status code
819         pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble =
820                 WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo);
821         pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime =
822                 WLAN_GET_CAP_INFO_SHORTSLOTTIME(*sFrame.pwCapInfo);
823         pMgmt->sNodeDBTable[uNodeIndex].wAID = (WORD)uNodeIndex;
824         wAssocStatus = WLAN_MGMT_STATUS_SUCCESS;
825         wAssocAID = (WORD)uNodeIndex;
826         // check if ERP support
827         if(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate > RATE_11M)
828            pMgmt->sNodeDBTable[uNodeIndex].bERPExist = TRUE;
829
830         if (pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate <= RATE_11M) {
831             // B only STA join
832             pDevice->bProtectMode = TRUE;
833             pDevice->bNonERPPresent = TRUE;
834         }
835         if (pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble == FALSE) {
836             pDevice->bBarkerPreambleMd = TRUE;
837         }
838
839         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "Associate AID= %d \n", wAssocAID);
840         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "MAC=%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X \n",
841                    sFrame.pHdr->sA3.abyAddr2[0],
842                    sFrame.pHdr->sA3.abyAddr2[1],
843                    sFrame.pHdr->sA3.abyAddr2[2],
844                    sFrame.pHdr->sA3.abyAddr2[3],
845                    sFrame.pHdr->sA3.abyAddr2[4],
846                    sFrame.pHdr->sA3.abyAddr2[5]
847                   ) ;
848         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "Max Support rate = %d \n",
849                    pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate);
850     }//else { TODO: received STA under state1 handle }
851     else {
852         return;
853     }
854
855
856     // assoc response reply..
857     pTxPacket = s_MgrMakeAssocResponse
858                 (
859                   pDevice,
860                   pMgmt,
861                   pMgmt->wCurrCapInfo,
862                   wAssocStatus,
863                   wAssocAID,
864                   sFrame.pHdr->sA3.abyAddr2,
865                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
866                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
867                 );
868     if (pTxPacket != NULL ){
869
870         if (pDevice->bEnableHostapd) {
871             return;
872         }
873         /* send the frame */
874         Status = csMgmt_xmit(pDevice, pTxPacket);
875         if (Status != CMD_STATUS_PENDING) {
876             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Assoc response tx failed\n");
877         }
878         else {
879             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Assoc response tx sending..\n");
880         }
881
882     }
883
884     return;
885 }
886
887
888 /*+
889  *
890  * Description:(AP function)
891  *      Handle incoming station re-association request frames.
892  *
893  * Parameters:
894  *  In:
895  *      pMgmt           - Management Object structure
896  *      pRxPacket       - Received Packet
897  *  Out:
898  *      none
899  *
900  * Return Value: None.
901  *
902 -*/
903
904 static
905 VOID
906 s_vMgrRxReAssocRequest(
907     IN PSDevice pDevice,
908     IN PSMgmtObject pMgmt,
909     IN PSRxMgmtPacket pRxPacket,
910     IN UINT uNodeIndex
911     )
912 {
913     WLAN_FR_REASSOCREQ    sFrame;
914     CMD_STATUS          Status;
915     PSTxMgmtPacket      pTxPacket;
916     WORD                wAssocStatus = 0;
917     WORD                wAssocAID = 0;
918     UINT                uRateLen = WLAN_RATES_MAXLEN;
919     BYTE                abyCurrSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
920     BYTE                abyCurrExtSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
921
922     if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP)
923         return;
924     //  node index not found
925     if (!uNodeIndex)
926         return;
927     //check if node is authenticated
928     //decode the frame
929     memset(&sFrame, 0, sizeof(WLAN_FR_REASSOCREQ));
930     sFrame.len = pRxPacket->cbMPDULen;
931     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
932     vMgrDecodeReassocRequest(&sFrame);
933
934     if (pMgmt->sNodeDBTable[uNodeIndex].eNodeState >= NODE_AUTH) {
935         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_ASSOC;
936         pMgmt->sNodeDBTable[uNodeIndex].wCapInfo = cpu_to_le16(*sFrame.pwCapInfo);
937         pMgmt->sNodeDBTable[uNodeIndex].wListenInterval = cpu_to_le16(*sFrame.pwListenInterval);
938         pMgmt->sNodeDBTable[uNodeIndex].bPSEnable =
939                 WLAN_GET_FC_PWRMGT(sFrame.pHdr->sA3.wFrameCtl) ? TRUE : FALSE;
940         // Todo: check sta basic rate, if ap can't support, set status code
941
942         if (pDevice->eCurrentPHYType == PHY_TYPE_11B) {
943             uRateLen = WLAN_RATES_MAXLEN_11B;
944         }
945
946         abyCurrSuppRates[0] = WLAN_EID_SUPP_RATES;
947         abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
948                                          (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
949                                          uRateLen);
950         abyCurrExtSuppRates[0] = WLAN_EID_EXTSUPP_RATES;
951         if (pDevice->eCurrentPHYType == PHY_TYPE_11G) {
952             abyCurrExtSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pExtSuppRates,
953                                                 (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
954                                                 uRateLen);
955         } else {
956             abyCurrExtSuppRates[1] = 0;
957         }
958
959
960         RATEvParseMaxRate((PVOID)pDevice,
961                           (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
962                           (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
963                            FALSE, // do not change our basic rate
964                            &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
965                            &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
966                            &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
967                            &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
968                            &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
969                           );
970
971         // set max tx rate
972         pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate =
973                 pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate;
974 #ifdef  PLICE_DEBUG
975         printk("RxReAssocRequest:TxDataRate is %d\n",pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate);
976 #endif
977                 // Todo: check sta preamble, if ap can't support, set status code
978         pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble =
979                 WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo);
980         pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime =
981                 WLAN_GET_CAP_INFO_SHORTSLOTTIME(*sFrame.pwCapInfo);
982         pMgmt->sNodeDBTable[uNodeIndex].wAID = (WORD)uNodeIndex;
983         wAssocStatus = WLAN_MGMT_STATUS_SUCCESS;
984         wAssocAID = (WORD)uNodeIndex;
985
986         // if suppurt ERP
987         if(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate > RATE_11M)
988            pMgmt->sNodeDBTable[uNodeIndex].bERPExist = TRUE;
989
990         if (pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate <= RATE_11M) {
991             // B only STA join
992             pDevice->bProtectMode = TRUE;
993             pDevice->bNonERPPresent = TRUE;
994         }
995         if (pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble == FALSE) {
996             pDevice->bBarkerPreambleMd = TRUE;
997         }
998
999         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "Rx ReAssociate AID= %d \n", wAssocAID);
1000         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "MAC=%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X \n",
1001                    sFrame.pHdr->sA3.abyAddr2[0],
1002                    sFrame.pHdr->sA3.abyAddr2[1],
1003                    sFrame.pHdr->sA3.abyAddr2[2],
1004                    sFrame.pHdr->sA3.abyAddr2[3],
1005                    sFrame.pHdr->sA3.abyAddr2[4],
1006                    sFrame.pHdr->sA3.abyAddr2[5]
1007                   ) ;
1008         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "Max Support rate = %d \n",
1009                    pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate);
1010
1011     }
1012
1013
1014     // assoc response reply..
1015     pTxPacket = s_MgrMakeReAssocResponse
1016                 (
1017                   pDevice,
1018                   pMgmt,
1019                   pMgmt->wCurrCapInfo,
1020                   wAssocStatus,
1021                   wAssocAID,
1022                   sFrame.pHdr->sA3.abyAddr2,
1023                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
1024                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
1025                 );
1026
1027     if (pTxPacket != NULL ){
1028         /* send the frame */
1029         if (pDevice->bEnableHostapd) {
1030             return;
1031         }
1032         Status = csMgmt_xmit(pDevice, pTxPacket);
1033         if (Status != CMD_STATUS_PENDING) {
1034             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:ReAssoc response tx failed\n");
1035         }
1036         else {
1037             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:ReAssoc response tx sending..\n");
1038         }
1039     }
1040     return;
1041 }
1042
1043
1044 /*+
1045  *
1046  * Routine Description:
1047  *    Handle incoming association response frames.
1048  *
1049  * Return Value:
1050  *    None.
1051  *
1052 -*/
1053
1054 static
1055 VOID
1056 s_vMgrRxAssocResponse(
1057     IN PSDevice pDevice,
1058     IN PSMgmtObject pMgmt,
1059     IN PSRxMgmtPacket pRxPacket,
1060     IN BOOL bReAssocType
1061     )
1062 {
1063     WLAN_FR_ASSOCRESP   sFrame;
1064     PWLAN_IE_SSID   pItemSSID;
1065     PBYTE   pbyIEs;
1066     viawget_wpa_header *wpahdr;
1067
1068
1069
1070     if (pMgmt->eCurrState == WMAC_STATE_ASSOCPENDING ||
1071          pMgmt->eCurrState == WMAC_STATE_ASSOC) {
1072
1073         sFrame.len = pRxPacket->cbMPDULen;
1074         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1075         // decode the frame
1076         vMgrDecodeAssocResponse(&sFrame);
1077         if ((sFrame.pwCapInfo == 0) ||
1078             (sFrame.pwStatus == 0) ||
1079             (sFrame.pwAid == 0) ||
1080             (sFrame.pSuppRates == 0)){
1081             DBG_PORT80(0xCC);
1082             return;
1083         };
1084
1085         pMgmt->sAssocInfo.AssocInfo.ResponseFixedIEs.Capabilities = *(sFrame.pwCapInfo);
1086         pMgmt->sAssocInfo.AssocInfo.ResponseFixedIEs.StatusCode = *(sFrame.pwStatus);
1087         pMgmt->sAssocInfo.AssocInfo.ResponseFixedIEs.AssociationId = *(sFrame.pwAid);
1088         pMgmt->sAssocInfo.AssocInfo.AvailableResponseFixedIEs |= 0x07;
1089
1090         pMgmt->sAssocInfo.AssocInfo.ResponseIELength = sFrame.len - 24 - 6;
1091         pMgmt->sAssocInfo.AssocInfo.OffsetResponseIEs = pMgmt->sAssocInfo.AssocInfo.OffsetRequestIEs + pMgmt->sAssocInfo.AssocInfo.RequestIELength;
1092         pbyIEs = pMgmt->sAssocInfo.abyIEs;
1093         pbyIEs += pMgmt->sAssocInfo.AssocInfo.RequestIELength;
1094         memcpy(pbyIEs, (sFrame.pBuf + 24 +6), pMgmt->sAssocInfo.AssocInfo.ResponseIELength);
1095
1096         // save values and set current BSS state
1097         if (cpu_to_le16((*(sFrame.pwStatus))) == WLAN_MGMT_STATUS_SUCCESS ){
1098             // set AID
1099             pMgmt->wCurrAID = cpu_to_le16((*(sFrame.pwAid)));
1100             if ( (pMgmt->wCurrAID >> 14) != (BIT0 | BIT1) )
1101             {
1102                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AID from AP, has two msb clear.\n");
1103             };
1104             DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "Association Successful, AID=%d.\n", pMgmt->wCurrAID & ~(BIT14|BIT15));
1105             pMgmt->eCurrState = WMAC_STATE_ASSOC;
1106             BSSvUpdateAPNode((HANDLE)pDevice, sFrame.pwCapInfo, sFrame.pSuppRates, sFrame.pExtSuppRates);
1107             pItemSSID = (PWLAN_IE_SSID)pMgmt->abyCurrSSID;
1108             DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "Link with AP(SSID): %s\n", pItemSSID->abySSID);
1109             pDevice->bLinkPass = TRUE;
1110             pDevice->uBBVGADiffCount = 0;
1111             if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
1112           if(skb_tailroom(pDevice->skb) <(sizeof(viawget_wpa_header)+pMgmt->sAssocInfo.AssocInfo.ResponseIELength+
1113                                                                          pMgmt->sAssocInfo.AssocInfo.RequestIELength)) {    //data room not enough
1114                      dev_kfree_skb(pDevice->skb);
1115                    pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1116                 }
1117                 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
1118                 wpahdr->type = VIAWGET_ASSOC_MSG;
1119                 wpahdr->resp_ie_len = pMgmt->sAssocInfo.AssocInfo.ResponseIELength;
1120                 wpahdr->req_ie_len = pMgmt->sAssocInfo.AssocInfo.RequestIELength;
1121                 memcpy(pDevice->skb->data + sizeof(viawget_wpa_header), pMgmt->sAssocInfo.abyIEs, wpahdr->req_ie_len);
1122                 memcpy(pDevice->skb->data + sizeof(viawget_wpa_header) + wpahdr->req_ie_len,
1123                        pbyIEs,
1124                        wpahdr->resp_ie_len
1125                        );
1126                 skb_put(pDevice->skb, sizeof(viawget_wpa_header) + wpahdr->resp_ie_len + wpahdr->req_ie_len);
1127                 pDevice->skb->dev = pDevice->wpadev;
1128 #if     LINUX_VERSION_CODE      > KERNEL_VERSION(2,6,21)
1129                 pDevice->skb->mac_header = pDevice->skb->data;
1130 #else
1131                 pDevice->skb->mac.raw = pDevice->skb->data;
1132 #endif
1133                 pDevice->skb->pkt_type = PACKET_HOST;
1134                 pDevice->skb->protocol = htons(ETH_P_802_2);
1135                 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
1136                 netif_rx(pDevice->skb);
1137                 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1138             }
1139
1140 //2008-0409-07, <Add> by Einsn Liu
1141 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1142         //if(pDevice->bWPADevEnable == TRUE)
1143                 {
1144                 BYTE buf[512];
1145                 size_t len;
1146                 union iwreq_data  wrqu;
1147                 int we_event;
1148
1149                 memset(buf, 0, 512);
1150
1151                 len = pMgmt->sAssocInfo.AssocInfo.RequestIELength;
1152                 if(len) {
1153                         memcpy(buf, pMgmt->sAssocInfo.abyIEs, len);
1154                         memset(&wrqu, 0, sizeof (wrqu));
1155                         wrqu.data.length = len;
1156                         we_event = IWEVASSOCREQIE;
1157                         wireless_send_event(pDevice->dev, we_event, &wrqu, buf);
1158                 }
1159
1160                 memset(buf, 0, 512);
1161                 len = pMgmt->sAssocInfo.AssocInfo.ResponseIELength;
1162
1163                 if(len) {
1164                         memcpy(buf, pbyIEs, len);
1165                         memset(&wrqu, 0, sizeof (wrqu));
1166                         wrqu.data.length = len;
1167                         we_event = IWEVASSOCRESPIE;
1168                         wireless_send_event(pDevice->dev, we_event, &wrqu, buf);
1169                 }
1170
1171
1172   memset(&wrqu, 0, sizeof (wrqu));
1173         memcpy(wrqu.ap_addr.sa_data, &pMgmt->abyCurrBSSID[0], ETH_ALEN);
1174         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1175         wireless_send_event(pDevice->dev, SIOCGIWAP, &wrqu, NULL);
1176         }
1177 #endif //#ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1178 //End Add -- //2008-0409-07, <Add> by Einsn Liu
1179                 }
1180         else {
1181             if (bReAssocType) {
1182                 pMgmt->eCurrState = WMAC_STATE_IDLE;
1183             }
1184             else {
1185                 // jump back to the auth state and indicate the error
1186                 pMgmt->eCurrState = WMAC_STATE_AUTH;
1187             }
1188             s_vMgrLogStatus(pMgmt,cpu_to_le16((*(sFrame.pwStatus))));
1189         }
1190
1191     }
1192
1193 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1194 //need clear flags related to Networkmanager
1195
1196               pDevice->bwextcount = 0;
1197               pDevice->bWPASuppWextEnabled = FALSE;
1198 #endif
1199
1200
1201 if(pMgmt->eCurrState == WMAC_STATE_ASSOC)
1202       timer_expire(pDevice->sTimerCommand, 0);
1203     return;
1204 }
1205
1206
1207
1208 /*+
1209  *
1210  * Routine Description:
1211  *    Start the station authentication procedure.  Namely, send an
1212  *    authentication frame to the AP.
1213  *
1214  * Return Value:
1215  *    None.
1216  *
1217 -*/
1218
1219 VOID
1220 vMgrAuthenBeginSta(
1221     IN  HANDLE hDeviceContext,
1222     IN  PSMgmtObject  pMgmt,
1223     OUT PCMD_STATUS pStatus
1224     )
1225 {
1226     PSDevice     pDevice = (PSDevice)hDeviceContext;
1227     WLAN_FR_AUTHEN  sFrame;
1228     PSTxMgmtPacket  pTxPacket = NULL;
1229
1230     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1231     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1232     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1233     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1234     sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1235     vMgrEncodeAuthen(&sFrame);
1236     /* insert values */
1237     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1238         (
1239         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1240         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)
1241         ));
1242     memcpy( sFrame.pHdr->sA3.abyAddr1, pMgmt->abyCurrBSSID, WLAN_ADDR_LEN);
1243     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1244     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1245     if (pMgmt->bShareKeyAlgorithm)
1246         *(sFrame.pwAuthAlgorithm) = cpu_to_le16(WLAN_AUTH_ALG_SHAREDKEY);
1247     else
1248         *(sFrame.pwAuthAlgorithm) = cpu_to_le16(WLAN_AUTH_ALG_OPENSYSTEM);
1249
1250     *(sFrame.pwAuthSequence) = cpu_to_le16(1);
1251     /* Adjust the length fields */
1252     pTxPacket->cbMPDULen = sFrame.len;
1253     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1254
1255     *pStatus = csMgmt_xmit(pDevice, pTxPacket);
1256     if (*pStatus == CMD_STATUS_PENDING){
1257         pMgmt->eCurrState = WMAC_STATE_AUTHPENDING;
1258         *pStatus = CMD_STATUS_SUCCESS;
1259     }
1260
1261     return ;
1262 }
1263
1264
1265
1266 /*+
1267  *
1268  * Routine Description:
1269  *    Start the station(AP) deauthentication procedure.  Namely, send an
1270  *    deauthentication frame to the AP or Sta.
1271  *
1272  * Return Value:
1273  *    None.
1274  *
1275 -*/
1276
1277 VOID
1278 vMgrDeAuthenBeginSta(
1279     IN  HANDLE hDeviceContext,
1280     IN  PSMgmtObject  pMgmt,
1281     IN  PBYTE  abyDestAddress,
1282     IN  WORD    wReason,
1283     OUT PCMD_STATUS pStatus
1284     )
1285 {
1286     PSDevice            pDevice = (PSDevice)hDeviceContext;
1287     WLAN_FR_DEAUTHEN    sFrame;
1288     PSTxMgmtPacket      pTxPacket = NULL;
1289
1290
1291     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1292     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_DEAUTHEN_FR_MAXLEN);
1293     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1294     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1295     sFrame.len = WLAN_DEAUTHEN_FR_MAXLEN;
1296     vMgrEncodeDeauthen(&sFrame);
1297     /* insert values */
1298     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1299         (
1300         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1301         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_DEAUTHEN)
1302         ));
1303
1304     memcpy( sFrame.pHdr->sA3.abyAddr1, abyDestAddress, WLAN_ADDR_LEN);
1305     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1306     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1307
1308     *(sFrame.pwReason) = cpu_to_le16(wReason);       // deauthen. bcs left BSS
1309     /* Adjust the length fields */
1310     pTxPacket->cbMPDULen = sFrame.len;
1311     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1312
1313     *pStatus = csMgmt_xmit(pDevice, pTxPacket);
1314     if (*pStatus == CMD_STATUS_PENDING){
1315         *pStatus = CMD_STATUS_SUCCESS;
1316     }
1317
1318
1319     return ;
1320 }
1321
1322
1323 /*+
1324  *
1325  * Routine Description:
1326  *    Handle incoming authentication frames.
1327  *
1328  * Return Value:
1329  *    None.
1330  *
1331 -*/
1332
1333 static
1334 VOID
1335 s_vMgrRxAuthentication(
1336     IN PSDevice pDevice,
1337     IN PSMgmtObject pMgmt,
1338     IN PSRxMgmtPacket pRxPacket
1339     )
1340 {
1341     WLAN_FR_AUTHEN  sFrame;
1342
1343     // we better be an AP or a STA in AUTHPENDING otherwise ignore
1344     if (!(pMgmt->eCurrMode == WMAC_MODE_ESS_AP ||
1345           pMgmt->eCurrState == WMAC_STATE_AUTHPENDING)) {
1346         return;
1347     }
1348
1349     // decode the frame
1350     sFrame.len = pRxPacket->cbMPDULen;
1351     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1352     vMgrDecodeAuthen(&sFrame);
1353     switch (cpu_to_le16((*(sFrame.pwAuthSequence )))){
1354         case 1:
1355             //AP funciton
1356             s_vMgrRxAuthenSequence_1(pDevice,pMgmt, &sFrame);
1357             break;
1358         case 2:
1359             s_vMgrRxAuthenSequence_2(pDevice, pMgmt, &sFrame);
1360             break;
1361         case 3:
1362             //AP funciton
1363             s_vMgrRxAuthenSequence_3(pDevice, pMgmt, &sFrame);
1364             break;
1365         case 4:
1366             s_vMgrRxAuthenSequence_4(pDevice, pMgmt, &sFrame);
1367             break;
1368         default:
1369             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Auth Sequence error, seq = %d\n",
1370                         cpu_to_le16((*(sFrame.pwAuthSequence))));
1371             break;
1372     }
1373     return;
1374 }
1375
1376
1377
1378 /*+
1379  *
1380  * Routine Description:
1381  *   Handles incoming authen frames with sequence 1.  Currently
1382  *   assumes we're an AP.  So far, no one appears to use authentication
1383  *   in Ad-Hoc mode.
1384  *
1385  * Return Value:
1386  *    None.
1387  *
1388 -*/
1389
1390
1391 static
1392 VOID
1393 s_vMgrRxAuthenSequence_1(
1394     IN PSDevice pDevice,
1395     IN PSMgmtObject pMgmt,
1396     IN PWLAN_FR_AUTHEN pFrame
1397      )
1398 {
1399     PSTxMgmtPacket      pTxPacket = NULL;
1400     UINT                uNodeIndex;
1401     WLAN_FR_AUTHEN      sFrame;
1402     PSKeyItem           pTransmitKey;
1403
1404     // Insert a Node entry
1405     if (!BSSDBbIsSTAInNodeDB(pMgmt, pFrame->pHdr->sA3.abyAddr2, &uNodeIndex)) {
1406         BSSvCreateOneNode((PSDevice)pDevice, &uNodeIndex);
1407         memcpy(pMgmt->sNodeDBTable[uNodeIndex].abyMACAddr, pFrame->pHdr->sA3.abyAddr2,
1408                WLAN_ADDR_LEN);
1409     }
1410
1411     if (pMgmt->bShareKeyAlgorithm) {
1412         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_KNOWN;
1413         pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence = 1;
1414     }
1415     else {
1416         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_AUTH;
1417     }
1418
1419     // send auth reply
1420     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1421     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1422     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1423     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1424     sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1425     // format buffer structure
1426     vMgrEncodeAuthen(&sFrame);
1427     // insert values
1428     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1429          (
1430          WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1431          WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)|
1432          WLAN_SET_FC_ISWEP(0)
1433          ));
1434     memcpy( sFrame.pHdr->sA3.abyAddr1, pFrame->pHdr->sA3.abyAddr2, WLAN_ADDR_LEN);
1435     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1436     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1437     *(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
1438     *(sFrame.pwAuthSequence) = cpu_to_le16(2);
1439
1440     if (cpu_to_le16(*(pFrame->pwAuthAlgorithm)) == WLAN_AUTH_ALG_SHAREDKEY) {
1441         if (pMgmt->bShareKeyAlgorithm)
1442             *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_SUCCESS);
1443         else
1444             *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_UNSUPPORTED_AUTHALG);
1445     }
1446     else {
1447         if (pMgmt->bShareKeyAlgorithm)
1448             *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_UNSUPPORTED_AUTHALG);
1449         else
1450             *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_SUCCESS);
1451     }
1452
1453     if (pMgmt->bShareKeyAlgorithm &&
1454         (cpu_to_le16(*(sFrame.pwStatus)) == WLAN_MGMT_STATUS_SUCCESS)) {
1455
1456         sFrame.pChallenge = (PWLAN_IE_CHALLENGE)(sFrame.pBuf + sFrame.len);
1457         sFrame.len += WLAN_CHALLENGE_IE_LEN;
1458         sFrame.pChallenge->byElementID = WLAN_EID_CHALLENGE;
1459         sFrame.pChallenge->len = WLAN_CHALLENGE_LEN;
1460         memset(pMgmt->abyChallenge, 0, WLAN_CHALLENGE_LEN);
1461         // get group key
1462         if(KeybGetTransmitKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, GROUP_KEY, &pTransmitKey) == TRUE) {
1463             rc4_init(&pDevice->SBox, pDevice->abyPRNG, pTransmitKey->uKeyLength+3);
1464             rc4_encrypt(&pDevice->SBox, pMgmt->abyChallenge, pMgmt->abyChallenge, WLAN_CHALLENGE_LEN);
1465         }
1466         memcpy(sFrame.pChallenge->abyChallenge, pMgmt->abyChallenge , WLAN_CHALLENGE_LEN);
1467     }
1468
1469     /* Adjust the length fields */
1470     pTxPacket->cbMPDULen = sFrame.len;
1471     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1472     // send the frame
1473     if (pDevice->bEnableHostapd) {
1474         return;
1475     }
1476     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_1 tx.. \n");
1477     if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
1478         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_1 tx failed.\n");
1479     }
1480     return;
1481 }
1482
1483
1484
1485 /*+
1486  *
1487  * Routine Description:
1488  *   Handles incoming auth frames with sequence number 2.  Currently
1489  *   assumes we're a station.
1490  *
1491  *
1492  * Return Value:
1493  *    None.
1494  *
1495 -*/
1496
1497 static
1498 VOID
1499 s_vMgrRxAuthenSequence_2(
1500     IN PSDevice pDevice,
1501     IN PSMgmtObject pMgmt,
1502     IN PWLAN_FR_AUTHEN pFrame
1503     )
1504 {
1505     WLAN_FR_AUTHEN      sFrame;
1506     PSTxMgmtPacket      pTxPacket = NULL;
1507
1508
1509     switch (cpu_to_le16((*(pFrame->pwAuthAlgorithm))))
1510     {
1511         case WLAN_AUTH_ALG_OPENSYSTEM:
1512             if ( cpu_to_le16((*(pFrame->pwStatus))) == WLAN_MGMT_STATUS_SUCCESS ){
1513                 DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (OPEN) Successful.\n");
1514                 pMgmt->eCurrState = WMAC_STATE_AUTH;
1515          timer_expire(pDevice->sTimerCommand, 0);
1516             }
1517             else {
1518                 DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (OPEN) Failed.\n");
1519                 s_vMgrLogStatus(pMgmt, cpu_to_le16((*(pFrame->pwStatus))));
1520                 pMgmt->eCurrState = WMAC_STATE_IDLE;
1521             }
1522             if (pDevice->eCommandState == WLAN_AUTHENTICATE_WAIT ) {
1523 //                spin_unlock_irq(&pDevice->lock);
1524 //                vCommandTimerWait((HANDLE)pDevice, 0);
1525 //                spin_lock_irq(&pDevice->lock);
1526             }
1527
1528             break;
1529
1530         case WLAN_AUTH_ALG_SHAREDKEY:
1531
1532             if (cpu_to_le16((*(pFrame->pwStatus))) == WLAN_MGMT_STATUS_SUCCESS) {
1533                 pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1534                 memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1535                 pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1536                 sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1537                 sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1538                 // format buffer structure
1539                 vMgrEncodeAuthen(&sFrame);
1540                 // insert values
1541                 sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1542                      (
1543                      WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1544                      WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)|
1545                      WLAN_SET_FC_ISWEP(1)
1546                      ));
1547                 memcpy( sFrame.pHdr->sA3.abyAddr1, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1548                 memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1549                 memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1550                 *(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
1551                 *(sFrame.pwAuthSequence) = cpu_to_le16(3);
1552                 *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_SUCCESS);
1553                 sFrame.pChallenge = (PWLAN_IE_CHALLENGE)(sFrame.pBuf + sFrame.len);
1554                 sFrame.len += WLAN_CHALLENGE_IE_LEN;
1555                 sFrame.pChallenge->byElementID = WLAN_EID_CHALLENGE;
1556                 sFrame.pChallenge->len = WLAN_CHALLENGE_LEN;
1557                 memcpy( sFrame.pChallenge->abyChallenge, pFrame->pChallenge->abyChallenge, WLAN_CHALLENGE_LEN);
1558                 // Adjust the length fields
1559                 pTxPacket->cbMPDULen = sFrame.len;
1560                 pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1561                 // send the frame
1562                 if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
1563                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Auth_reply sequence_2 tx failed.\n");
1564                 }
1565                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Auth_reply sequence_2 tx ...\n");
1566             }
1567             else {
1568                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:rx Auth_reply sequence_2 status error ...\n");
1569                 if ( pDevice->eCommandState == WLAN_AUTHENTICATE_WAIT ) {
1570 //                    spin_unlock_irq(&pDevice->lock);
1571 //                    vCommandTimerWait((HANDLE)pDevice, 0);
1572 //                    spin_lock_irq(&pDevice->lock);
1573                 }
1574                 s_vMgrLogStatus(pMgmt, cpu_to_le16((*(pFrame->pwStatus))));
1575             }
1576             break;
1577         default:
1578             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt: rx auth.seq = 2 unknown AuthAlgorithm=%d\n", cpu_to_le16((*(pFrame->pwAuthAlgorithm))));
1579             break;
1580     }
1581     return;
1582 }
1583
1584
1585
1586 /*+
1587  *
1588  * Routine Description:
1589  *   Handles incoming authen frames with sequence 3.  Currently
1590  *   assumes we're an AP.  This function assumes the frame has
1591  *   already been successfully decrypted.
1592  *
1593  *
1594  * Return Value:
1595  *    None.
1596  *
1597 -*/
1598
1599 static
1600 VOID
1601 s_vMgrRxAuthenSequence_3(
1602     IN PSDevice pDevice,
1603     IN PSMgmtObject pMgmt,
1604     IN PWLAN_FR_AUTHEN pFrame
1605     )
1606 {
1607     PSTxMgmtPacket      pTxPacket = NULL;
1608     UINT                uStatusCode = 0 ;
1609     UINT                uNodeIndex = 0;
1610     WLAN_FR_AUTHEN      sFrame;
1611
1612     if (!WLAN_GET_FC_ISWEP(pFrame->pHdr->sA3.wFrameCtl)) {
1613         uStatusCode = WLAN_MGMT_STATUS_CHALLENGE_FAIL;
1614         goto reply;
1615     }
1616     if (BSSDBbIsSTAInNodeDB(pMgmt, pFrame->pHdr->sA3.abyAddr2, &uNodeIndex)) {
1617          if (pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence != 1) {
1618             uStatusCode = WLAN_MGMT_STATUS_RX_AUTH_NOSEQ;
1619             goto reply;
1620          }
1621          if (memcmp(pMgmt->abyChallenge, pFrame->pChallenge->abyChallenge, WLAN_CHALLENGE_LEN) != 0) {
1622             uStatusCode = WLAN_MGMT_STATUS_CHALLENGE_FAIL;
1623             goto reply;
1624          }
1625     }
1626     else {
1627         uStatusCode = WLAN_MGMT_STATUS_UNSPEC_FAILURE;
1628         goto reply;
1629     }
1630
1631     if (uNodeIndex) {
1632         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_AUTH;
1633         pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence = 0;
1634     }
1635     uStatusCode = WLAN_MGMT_STATUS_SUCCESS;
1636     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Challenge text check ok..\n");
1637
1638 reply:
1639     // send auth reply
1640     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1641     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1642     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1643     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1644     sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1645     // format buffer structure
1646     vMgrEncodeAuthen(&sFrame);
1647     /* insert values */
1648     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1649          (
1650          WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1651          WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)|
1652          WLAN_SET_FC_ISWEP(0)
1653          ));
1654     memcpy( sFrame.pHdr->sA3.abyAddr1, pFrame->pHdr->sA3.abyAddr2, WLAN_ADDR_LEN);
1655     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1656     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1657     *(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
1658     *(sFrame.pwAuthSequence) = cpu_to_le16(4);
1659     *(sFrame.pwStatus) = cpu_to_le16(uStatusCode);
1660
1661     /* Adjust the length fields */
1662     pTxPacket->cbMPDULen = sFrame.len;
1663     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1664     // send the frame
1665     if (pDevice->bEnableHostapd) {
1666         return;
1667     }
1668     if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
1669         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_4 tx failed.\n");
1670     }
1671     return;
1672
1673 }
1674
1675
1676
1677 /*+
1678  *
1679  * Routine Description:
1680  *   Handles incoming authen frames with sequence 4
1681  *
1682  *
1683  * Return Value:
1684  *    None.
1685  *
1686 -*/
1687 static
1688 VOID
1689 s_vMgrRxAuthenSequence_4(
1690     IN PSDevice pDevice,
1691     IN PSMgmtObject pMgmt,
1692     IN PWLAN_FR_AUTHEN pFrame
1693     )
1694 {
1695
1696     if ( cpu_to_le16((*(pFrame->pwStatus))) == WLAN_MGMT_STATUS_SUCCESS ){
1697         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (SHAREDKEY) Successful.\n");
1698         pMgmt->eCurrState = WMAC_STATE_AUTH;
1699           timer_expire(pDevice->sTimerCommand, 0);
1700     }
1701     else{
1702         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (SHAREDKEY) Failed.\n");
1703         s_vMgrLogStatus(pMgmt, cpu_to_le16((*(pFrame->pwStatus))) );
1704         pMgmt->eCurrState = WMAC_STATE_IDLE;
1705     }
1706
1707     if ( pDevice->eCommandState == WLAN_AUTHENTICATE_WAIT ) {
1708 //        spin_unlock_irq(&pDevice->lock);
1709 //        vCommandTimerWait((HANDLE)pDevice, 0);
1710 //        spin_lock_irq(&pDevice->lock);
1711     }
1712
1713 }
1714
1715 /*+
1716  *
1717  * Routine Description:
1718  *   Handles incoming disassociation frames
1719  *
1720  *
1721  * Return Value:
1722  *    None.
1723  *
1724 -*/
1725
1726 static
1727 VOID
1728 s_vMgrRxDisassociation(
1729     IN PSDevice pDevice,
1730     IN PSMgmtObject pMgmt,
1731     IN PSRxMgmtPacket pRxPacket
1732     )
1733 {
1734     WLAN_FR_DISASSOC    sFrame;
1735     UINT        uNodeIndex = 0;
1736 //    CMD_STATUS          CmdStatus;
1737     viawget_wpa_header *wpahdr;
1738
1739     if ( pMgmt->eCurrMode == WMAC_MODE_ESS_AP ){
1740         // if is acting an AP..
1741         // a STA is leaving this BSS..
1742         sFrame.len = pRxPacket->cbMPDULen;
1743         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1744         if (BSSDBbIsSTAInNodeDB(pMgmt, pRxPacket->p80211Header->sA3.abyAddr2, &uNodeIndex)) {
1745             BSSvRemoveOneNode(pDevice, uNodeIndex);
1746         }
1747         else {
1748             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rx disassoc, sta not found\n");
1749         }
1750     }
1751     else if (pMgmt->eCurrMode == WMAC_MODE_ESS_STA ){
1752         sFrame.len = pRxPacket->cbMPDULen;
1753         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1754         vMgrDecodeDisassociation(&sFrame);
1755         DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "AP disassociated me, reason=%d.\n", cpu_to_le16(*(sFrame.pwReason)));
1756         //TODO: do something let upper layer know or
1757         //try to send associate packet again because of inactivity timeout
1758       //  if (pMgmt->eCurrState == WMAC_STATE_ASSOC) {
1759        //     vMgrReAssocBeginSta((PSDevice)pDevice, pMgmt, &CmdStatus);
1760       //  };
1761         if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
1762              wpahdr = (viawget_wpa_header *)pDevice->skb->data;
1763              wpahdr->type = VIAWGET_DISASSOC_MSG;
1764              wpahdr->resp_ie_len = 0;
1765              wpahdr->req_ie_len = 0;
1766              skb_put(pDevice->skb, sizeof(viawget_wpa_header));
1767              pDevice->skb->dev = pDevice->wpadev;
1768 #if     LINUX_VERSION_CODE      > KERNEL_VERSION(2,6,21)
1769                  pDevice->skb->mac_header = pDevice->skb->data;
1770 #else
1771                 pDevice->skb->mac.raw = pDevice->skb->data;
1772 #endif
1773
1774              pDevice->skb->pkt_type = PACKET_HOST;
1775              pDevice->skb->protocol = htons(ETH_P_802_2);
1776              memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
1777              netif_rx(pDevice->skb);
1778              pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1779          };
1780
1781  #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1782   // if(pDevice->bWPASuppWextEnabled == TRUE)
1783       {
1784         union iwreq_data  wrqu;
1785         memset(&wrqu, 0, sizeof (wrqu));
1786         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1787         printk("wireless_send_event--->SIOCGIWAP(disassociated)\n");
1788         wireless_send_event(pDevice->dev, SIOCGIWAP, &wrqu, NULL);
1789      }
1790   #endif
1791
1792     }
1793     /* else, ignore it */
1794
1795     return;
1796 }
1797
1798
1799 /*+
1800  *
1801  * Routine Description:
1802  *   Handles incoming deauthentication frames
1803  *
1804  *
1805  * Return Value:
1806  *    None.
1807  *
1808 -*/
1809
1810 static
1811 VOID
1812 s_vMgrRxDeauthentication(
1813     IN PSDevice pDevice,
1814     IN PSMgmtObject pMgmt,
1815     IN PSRxMgmtPacket pRxPacket
1816     )
1817 {
1818     WLAN_FR_DEAUTHEN    sFrame;
1819     UINT        uNodeIndex = 0;
1820     viawget_wpa_header *wpahdr;
1821
1822
1823     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP ){
1824         //Todo:
1825         // if is acting an AP..
1826         // a STA is leaving this BSS..
1827         sFrame.len = pRxPacket->cbMPDULen;
1828         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1829         if (BSSDBbIsSTAInNodeDB(pMgmt, pRxPacket->p80211Header->sA3.abyAddr2, &uNodeIndex)) {
1830             BSSvRemoveOneNode(pDevice, uNodeIndex);
1831         }
1832         else {
1833             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Rx deauth, sta not found\n");
1834         }
1835     }
1836     else {
1837         if (pMgmt->eCurrMode == WMAC_MODE_ESS_STA ) {
1838             sFrame.len = pRxPacket->cbMPDULen;
1839             sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1840             vMgrDecodeDeauthen(&sFrame);
1841             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO  "AP deauthed me, reason=%d.\n", cpu_to_le16((*(sFrame.pwReason))));
1842             // TODO: update BSS list for specific BSSID if pre-authentication case
1843             if (IS_ETH_ADDRESS_EQUAL(sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID)) {
1844                 if (pMgmt->eCurrState >= WMAC_STATE_AUTHPENDING) {
1845                     pMgmt->sNodeDBTable[0].bActive = FALSE;
1846                     pMgmt->eCurrMode = WMAC_MODE_STANDBY;
1847                     pMgmt->eCurrState = WMAC_STATE_IDLE;
1848                     netif_stop_queue(pDevice->dev);
1849                     pDevice->bLinkPass = FALSE;
1850                 }
1851             };
1852
1853             if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
1854                  wpahdr = (viawget_wpa_header *)pDevice->skb->data;
1855                  wpahdr->type = VIAWGET_DISASSOC_MSG;
1856                  wpahdr->resp_ie_len = 0;
1857                  wpahdr->req_ie_len = 0;
1858                  skb_put(pDevice->skb, sizeof(viawget_wpa_header));
1859                  pDevice->skb->dev = pDevice->wpadev;
1860 #if     LINUX_VERSION_CODE      > KERNEL_VERSION(2,6,21)
1861                 pDevice->skb->mac_header = pDevice->skb->data;
1862 #else
1863                 pDevice->skb->mac.raw = pDevice->skb->data;
1864 #endif
1865                  pDevice->skb->pkt_type = PACKET_HOST;
1866                  pDevice->skb->protocol = htons(ETH_P_802_2);
1867                  memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
1868                  netif_rx(pDevice->skb);
1869                  pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1870            };
1871
1872            #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1873   // if(pDevice->bWPASuppWextEnabled == TRUE)
1874       {
1875         union iwreq_data  wrqu;
1876         memset(&wrqu, 0, sizeof (wrqu));
1877         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1878         printk("wireless_send_event--->SIOCGIWAP(disauthen)\n");
1879         wireless_send_event(pDevice->dev, SIOCGIWAP, &wrqu, NULL);
1880      }
1881   #endif
1882
1883         }
1884         /* else, ignore it.  TODO: IBSS authentication service
1885             would be implemented here */
1886     };
1887     return;
1888 }
1889
1890
1891 //2008-8-4 <add> by chester
1892 /*+
1893  *
1894  * Routine Description:
1895  * check if current channel is match ZoneType.
1896  *for USA:1~11;
1897  *      Japan:1~13;
1898  *      Europe:1~13
1899  * Return Value:
1900  *               True:exceed;
1901  *                False:normal case
1902 -*/
1903 static BOOL
1904 ChannelExceedZoneType(
1905     IN PSDevice pDevice,
1906     IN BYTE byCurrChannel
1907     )
1908 {
1909   BOOL exceed=FALSE;
1910
1911   switch(pDevice->byZoneType) {
1912         case 0x00:                  //USA:1~11
1913                      if((byCurrChannel<1) ||(byCurrChannel>11))
1914                         exceed = TRUE;
1915                  break;
1916         case 0x01:                  //Japan:1~13
1917         case 0x02:                  //Europe:1~13
1918                      if((byCurrChannel<1) ||(byCurrChannel>13))
1919                         exceed = TRUE;
1920                  break;
1921         default:                    //reserve for other zonetype
1922                 break;
1923   }
1924
1925   return exceed;
1926 }
1927
1928
1929 /*+
1930  *
1931  * Routine Description:
1932  *   Handles and analysis incoming beacon frames.
1933  *
1934  *
1935  * Return Value:
1936  *    None.
1937  *
1938 -*/
1939
1940 static
1941 VOID
1942 s_vMgrRxBeacon(
1943     IN PSDevice pDevice,
1944     IN PSMgmtObject pMgmt,
1945     IN PSRxMgmtPacket pRxPacket,
1946     IN BOOL bInScan
1947     )
1948 {
1949
1950     PKnownBSS           pBSSList;
1951     WLAN_FR_BEACON      sFrame;
1952     QWORD               qwTSFOffset;
1953     BOOL                bIsBSSIDEqual = FALSE;
1954     BOOL                bIsSSIDEqual = FALSE;
1955     BOOL                bTSFLargeDiff = FALSE;
1956     BOOL                bTSFOffsetPostive = FALSE;
1957     BOOL                bUpdateTSF = FALSE;
1958     BOOL                bIsAPBeacon = FALSE;
1959     BOOL                bIsChannelEqual = FALSE;
1960     UINT                uLocateByteIndex;
1961     BYTE                byTIMBitOn = 0;
1962     WORD                wAIDNumber = 0;
1963     UINT                uNodeIndex;
1964     QWORD               qwTimestamp, qwLocalTSF;
1965     QWORD               qwCurrTSF;
1966     WORD                wStartIndex = 0;
1967     WORD                wAIDIndex = 0;
1968     BYTE                byCurrChannel = pRxPacket->byRxChannel;
1969     ERPObject           sERP;
1970     UINT                uRateLen = WLAN_RATES_MAXLEN;
1971     BOOL                bChannelHit = FALSE;
1972     BOOL                bUpdatePhyParameter = FALSE;
1973     BYTE                byIEChannel = 0;
1974
1975
1976     memset(&sFrame, 0, sizeof(WLAN_FR_BEACON));
1977     sFrame.len = pRxPacket->cbMPDULen;
1978     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1979
1980     // decode the beacon frame
1981     vMgrDecodeBeacon(&sFrame);
1982
1983     if ((sFrame.pwBeaconInterval == 0) ||
1984         (sFrame.pwCapInfo == 0) ||
1985         (sFrame.pSSID == 0) ||
1986         (sFrame.pSuppRates == 0) ) {
1987         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rx beacon frame error\n");
1988         return;
1989     };
1990
1991
1992     if (sFrame.pDSParms != NULL) {
1993         if (byCurrChannel > CB_MAX_CHANNEL_24G) {
1994             // channel remapping to
1995             byIEChannel = CARDbyGetChannelMapping(pDevice, sFrame.pDSParms->byCurrChannel, PHY_TYPE_11A);
1996         } else {
1997             byIEChannel = sFrame.pDSParms->byCurrChannel;
1998         }
1999         if (byCurrChannel != byIEChannel) {
2000             // adjust channel info. bcs we rcv adjcent channel pakckets
2001             bChannelHit = FALSE;
2002             byCurrChannel = byIEChannel;
2003         }
2004     } else {
2005         // no DS channel info
2006         bChannelHit = TRUE;
2007     }
2008 //2008-0730-01<Add>by MikeLiu
2009 if(ChannelExceedZoneType(pDevice,byCurrChannel)==TRUE)
2010       return;
2011
2012     if (sFrame.pERP != NULL) {
2013         sERP.byERP = sFrame.pERP->byContext;
2014         sERP.bERPExist = TRUE;
2015
2016     } else {
2017         sERP.bERPExist = FALSE;
2018         sERP.byERP = 0;
2019     }
2020
2021     pBSSList = BSSpAddrIsInBSSList((HANDLE)pDevice, sFrame.pHdr->sA3.abyAddr3, sFrame.pSSID);
2022     if (pBSSList == NULL) {
2023         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Beacon/insert: RxChannel = : %d\n", byCurrChannel);
2024         BSSbInsertToBSSList((HANDLE)pDevice,
2025                             sFrame.pHdr->sA3.abyAddr3,
2026                             *sFrame.pqwTimestamp,
2027                             *sFrame.pwBeaconInterval,
2028                             *sFrame.pwCapInfo,
2029                             byCurrChannel,
2030                             sFrame.pSSID,
2031                             sFrame.pSuppRates,
2032                             sFrame.pExtSuppRates,
2033                             &sERP,
2034                             sFrame.pRSN,
2035                             sFrame.pRSNWPA,
2036                             sFrame.pIE_Country,
2037                             sFrame.pIE_Quiet,
2038                             sFrame.len - WLAN_HDR_ADDR3_LEN,
2039                             sFrame.pHdr->sA4.abyAddr4,   // payload of beacon
2040                             (HANDLE)pRxPacket
2041                            );
2042     }
2043     else {
2044 //        DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"update bcn: RxChannel = : %d\n", byCurrChannel);
2045         BSSbUpdateToBSSList((HANDLE)pDevice,
2046                             *sFrame.pqwTimestamp,
2047                             *sFrame.pwBeaconInterval,
2048                             *sFrame.pwCapInfo,
2049                             byCurrChannel,
2050                             bChannelHit,
2051                             sFrame.pSSID,
2052                             sFrame.pSuppRates,
2053                             sFrame.pExtSuppRates,
2054                             &sERP,
2055                             sFrame.pRSN,
2056                             sFrame.pRSNWPA,
2057                             sFrame.pIE_Country,
2058                             sFrame.pIE_Quiet,
2059                             pBSSList,
2060                             sFrame.len - WLAN_HDR_ADDR3_LEN,
2061                             sFrame.pHdr->sA4.abyAddr4,   // payload of probresponse
2062                             (HANDLE)pRxPacket
2063                            );
2064
2065     }
2066
2067     if (bInScan) {
2068         return;
2069     }
2070
2071     if(byCurrChannel == (BYTE)pMgmt->uCurrChannel)
2072        bIsChannelEqual = TRUE;
2073
2074     if (bIsChannelEqual && (pMgmt->eCurrMode == WMAC_MODE_ESS_AP)) {
2075
2076         // if rx beacon without ERP field
2077         if (sERP.bERPExist) {
2078             if (WLAN_GET_ERP_USE_PROTECTION(sERP.byERP)){
2079                 pDevice->byERPFlag |= WLAN_SET_ERP_USE_PROTECTION(1);
2080                 pDevice->wUseProtectCntDown = USE_PROTECT_PERIOD;
2081             }
2082         }
2083         else {
2084             pDevice->byERPFlag |= WLAN_SET_ERP_USE_PROTECTION(1);
2085             pDevice->wUseProtectCntDown = USE_PROTECT_PERIOD;
2086         }
2087
2088         if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
2089             if(!WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo))
2090                 pDevice->byERPFlag |= WLAN_SET_ERP_BARKER_MODE(1);
2091             if(!sERP.bERPExist)
2092                 pDevice->byERPFlag |= WLAN_SET_ERP_NONERP_PRESENT(1);
2093         }
2094
2095         // set to MAC&BBP
2096         if (WLAN_GET_ERP_USE_PROTECTION(pDevice->byERPFlag)){
2097             if (!pDevice->bProtectMode) {
2098                  MACvEnableProtectMD(pDevice->PortOffset);
2099                  pDevice->bProtectMode = TRUE;
2100             }
2101         }
2102     }
2103
2104
2105     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP)
2106         return;
2107
2108     // check if BSSID the same
2109     if (memcmp(sFrame.pHdr->sA3.abyAddr3,
2110                pMgmt->abyCurrBSSID,
2111                WLAN_BSSID_LEN) == 0) {
2112
2113         bIsBSSIDEqual = TRUE;
2114
2115 // 2008-05-21 <add> by Richardtai
2116         pDevice->uCurrRSSI = pRxPacket->uRSSI;
2117         pDevice->byCurrSQ = pRxPacket->bySQ;
2118
2119         if (pMgmt->sNodeDBTable[0].uInActiveCount != 0) {
2120             pMgmt->sNodeDBTable[0].uInActiveCount = 0;
2121             //DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"BCN:Wake Count= [%d]\n", pMgmt->wCountToWakeUp);
2122         }
2123     }
2124     // check if SSID the same
2125     if (sFrame.pSSID->len == ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len) {
2126         if (memcmp(sFrame.pSSID->abySSID,
2127                    ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->abySSID,
2128                    sFrame.pSSID->len
2129                    ) == 0) {
2130             bIsSSIDEqual = TRUE;
2131         };
2132     }
2133
2134     if ((WLAN_GET_CAP_INFO_ESS(*sFrame.pwCapInfo)== TRUE) &&
2135         (bIsBSSIDEqual == TRUE) &&
2136         (bIsSSIDEqual == TRUE) &&
2137         (pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
2138         (pMgmt->eCurrState == WMAC_STATE_ASSOC)) {
2139         // add state check to prevent reconnect fail since we'll receive Beacon
2140
2141         bIsAPBeacon = TRUE;
2142
2143         if (pBSSList != NULL) {
2144
2145             // Compare PHY paramater setting
2146             if (pMgmt->wCurrCapInfo != pBSSList->wCapInfo) {
2147                 bUpdatePhyParameter = TRUE;
2148                 pMgmt->wCurrCapInfo = pBSSList->wCapInfo;
2149             }
2150             if (sFrame.pERP != NULL) {
2151                 if ((sFrame.pERP->byElementID == WLAN_EID_ERP) &&
2152                     (pMgmt->byERPContext != sFrame.pERP->byContext)) {
2153                     bUpdatePhyParameter = TRUE;
2154                     pMgmt->byERPContext = sFrame.pERP->byContext;
2155                 }
2156             }
2157             //
2158             // Basic Rate Set may change dynamiclly
2159             //
2160             if (pBSSList->eNetworkTypeInUse == PHY_TYPE_11B) {
2161                 uRateLen = WLAN_RATES_MAXLEN_11B;
2162             }
2163             pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)pBSSList->abySuppRates,
2164                                                     (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2165                                                     uRateLen);
2166             pMgmt->abyCurrExtSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)pBSSList->abyExtSuppRates,
2167                                                     (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates,
2168                                                     uRateLen);
2169             RATEvParseMaxRate( (PVOID)pDevice,
2170                                (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2171                                (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates,
2172                                TRUE,
2173                                &(pMgmt->sNodeDBTable[0].wMaxBasicRate),
2174                                &(pMgmt->sNodeDBTable[0].wMaxSuppRate),
2175                                &(pMgmt->sNodeDBTable[0].wSuppRate),
2176                                &(pMgmt->sNodeDBTable[0].byTopCCKBasicRate),
2177                                &(pMgmt->sNodeDBTable[0].byTopOFDMBasicRate)
2178                               );
2179 #ifdef  PLICE_DEBUG
2180                 //printk("RxBeacon:MaxSuppRate is %d\n",pMgmt->sNodeDBTable[0].wMaxSuppRate);
2181 #endif
2182                         if (bUpdatePhyParameter == TRUE) {
2183                 CARDbSetPhyParameter( pMgmt->pAdapter,
2184                                       pMgmt->eCurrentPHYMode,
2185                                       pMgmt->wCurrCapInfo,
2186                                       pMgmt->byERPContext,
2187                                       pMgmt->abyCurrSuppRates,
2188                                       pMgmt->abyCurrExtSuppRates
2189                                       );
2190             }
2191             if (sFrame.pIE_PowerConstraint != NULL) {
2192                 CARDvSetPowerConstraint(pMgmt->pAdapter,
2193                                         (BYTE) pBSSList->uChannel,
2194                                         sFrame.pIE_PowerConstraint->byPower
2195                                         );
2196             }
2197             if (sFrame.pIE_CHSW != NULL) {
2198                 CARDbChannelSwitch( pMgmt->pAdapter,
2199                                     sFrame.pIE_CHSW->byMode,
2200                                     CARDbyGetChannelMapping(pMgmt->pAdapter, sFrame.pIE_CHSW->byMode, pMgmt->eCurrentPHYMode),
2201                                     sFrame.pIE_CHSW->byCount
2202                                     );
2203
2204             } else if (bIsChannelEqual == FALSE) {
2205                 CARDbSetChannel(pMgmt->pAdapter, pBSSList->uChannel);
2206             }
2207         }
2208     }
2209
2210 //    DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Beacon 2 \n");
2211     // check if CF field exisit
2212     if (WLAN_GET_CAP_INFO_ESS(*sFrame.pwCapInfo)) {
2213         if (sFrame.pCFParms->wCFPDurRemaining > 0) {
2214             // TODO: deal with CFP period to set NAV
2215         };
2216     };
2217
2218     HIDWORD(qwTimestamp) = cpu_to_le32(HIDWORD(*sFrame.pqwTimestamp));
2219     LODWORD(qwTimestamp) = cpu_to_le32(LODWORD(*sFrame.pqwTimestamp));
2220     HIDWORD(qwLocalTSF) = HIDWORD(pRxPacket->qwLocalTSF);
2221     LODWORD(qwLocalTSF) = LODWORD(pRxPacket->qwLocalTSF);
2222
2223     // check if beacon TSF larger or small than our local TSF
2224     if (HIDWORD(qwTimestamp) == HIDWORD(qwLocalTSF)) {
2225         if (LODWORD(qwTimestamp) >= LODWORD(qwLocalTSF)) {
2226             bTSFOffsetPostive = TRUE;
2227         }
2228         else {
2229             bTSFOffsetPostive = FALSE;
2230         }
2231     }
2232     else if (HIDWORD(qwTimestamp) > HIDWORD(qwLocalTSF)) {
2233         bTSFOffsetPostive = TRUE;
2234     }
2235     else if (HIDWORD(qwTimestamp) < HIDWORD(qwLocalTSF)) {
2236         bTSFOffsetPostive = FALSE;
2237     };
2238
2239     if (bTSFOffsetPostive) {
2240         qwTSFOffset = CARDqGetTSFOffset(pRxPacket->byRxRate, (qwTimestamp), (qwLocalTSF));
2241     }
2242     else {
2243         qwTSFOffset = CARDqGetTSFOffset(pRxPacket->byRxRate, (qwLocalTSF), (qwTimestamp));
2244     }
2245
2246     if (HIDWORD(qwTSFOffset) != 0 ||
2247         (LODWORD(qwTSFOffset) > TRIVIAL_SYNC_DIFFERENCE )) {
2248          bTSFLargeDiff = TRUE;
2249     }
2250
2251
2252     // if infra mode
2253     if (bIsAPBeacon == TRUE) {
2254
2255         // Infra mode: Local TSF always follow AP's TSF if Difference huge.
2256         if (bTSFLargeDiff)
2257             bUpdateTSF = TRUE;
2258
2259         if ((pDevice->bEnablePSMode == TRUE) &&(sFrame.pTIM != 0)) {
2260
2261             // deal with DTIM, analysis TIM
2262             pMgmt->bMulticastTIM = WLAN_MGMT_IS_MULTICAST_TIM(sFrame.pTIM->byBitMapCtl) ? TRUE : FALSE ;
2263             pMgmt->byDTIMCount = sFrame.pTIM->byDTIMCount;
2264             pMgmt->byDTIMPeriod = sFrame.pTIM->byDTIMPeriod;
2265             wAIDNumber = pMgmt->wCurrAID & ~(BIT14|BIT15);
2266
2267             // check if AID in TIM field bit on
2268             // wStartIndex = N1
2269             wStartIndex = WLAN_MGMT_GET_TIM_OFFSET(sFrame.pTIM->byBitMapCtl) << 1;
2270             // AIDIndex = N2
2271             wAIDIndex = (wAIDNumber >> 3);
2272             if ((wAIDNumber > 0) && (wAIDIndex >= wStartIndex)) {
2273                 uLocateByteIndex = wAIDIndex - wStartIndex;
2274                 // len = byDTIMCount + byDTIMPeriod + byDTIMPeriod + byVirtBitMap[0~250]
2275                 if (sFrame.pTIM->len >= (uLocateByteIndex + 4)) {
2276                     byTIMBitOn  = (0x01) << ((wAIDNumber) % 8);
2277                     pMgmt->bInTIM = sFrame.pTIM->byVirtBitMap[uLocateByteIndex] & byTIMBitOn ? TRUE : FALSE;
2278                 }
2279                 else {
2280                     pMgmt->bInTIM = FALSE;
2281                 };
2282             }
2283             else {
2284                 pMgmt->bInTIM = FALSE;
2285             };
2286
2287             if (pMgmt->bInTIM ||
2288                 (pMgmt->bMulticastTIM && (pMgmt->byDTIMCount == 0))) {
2289                 pMgmt->bInTIMWake = TRUE;
2290                 // send out ps-poll packet
2291 //                DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN:In TIM\n");
2292                 if (pMgmt->bInTIM) {
2293                     PSvSendPSPOLL((PSDevice)pDevice);
2294 //                    DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN:PS-POLL sent..\n");
2295                 };
2296
2297             }
2298             else {
2299                 pMgmt->bInTIMWake = FALSE;
2300                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN: Not In TIM..\n");
2301                 if (pDevice->bPWBitOn == FALSE) {
2302                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN: Send Null Packet\n");
2303                     if (PSbSendNullPacket(pDevice))
2304                         pDevice->bPWBitOn = TRUE;
2305                 }
2306                 if(PSbConsiderPowerDown(pDevice, FALSE, FALSE)) {
2307                    DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN: Power down now...\n");
2308                 };
2309             }
2310
2311         }
2312
2313     }
2314     // if adhoc mode
2315     if ((pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) && !bIsAPBeacon && bIsChannelEqual) {
2316         if (bIsBSSIDEqual) {
2317             // Use sNodeDBTable[0].uInActiveCount as IBSS beacons received count.
2318                     if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
2319                             pMgmt->sNodeDBTable[0].uInActiveCount = 0;
2320
2321             // adhoc mode:TSF updated only when beacon larger then local TSF
2322             if (bTSFLargeDiff && bTSFOffsetPostive &&
2323                 (pMgmt->eCurrState == WMAC_STATE_JOINTED))
2324                 bUpdateTSF = TRUE;
2325
2326             // During dpc, already in spinlocked.
2327             if (BSSDBbIsSTAInNodeDB(pMgmt, sFrame.pHdr->sA3.abyAddr2, &uNodeIndex)) {
2328
2329                 // Update the STA, (Techically the Beacons of all the IBSS nodes
2330                         // should be identical, but that's not happening in practice.
2331                 pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
2332                                                         (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2333                                                         WLAN_RATES_MAXLEN_11B);
2334                 RATEvParseMaxRate( (PVOID)pDevice,
2335                                    (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2336                                    NULL,
2337                                    TRUE,
2338                                    &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
2339                                    &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
2340                                    &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
2341                                    &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
2342                                    &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
2343                                   );
2344                 pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble = WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo);
2345                 pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime = WLAN_GET_CAP_INFO_SHORTSLOTTIME(*sFrame.pwCapInfo);
2346                 pMgmt->sNodeDBTable[uNodeIndex].uInActiveCount = 0;
2347             }
2348             else {
2349                 // Todo, initial Node content
2350                 BSSvCreateOneNode((PSDevice)pDevice, &uNodeIndex);
2351
2352                 pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
2353                                                         (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2354                                                         WLAN_RATES_MAXLEN_11B);
2355                 RATEvParseMaxRate( (PVOID)pDevice,
2356                                    (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2357                                    NULL,
2358                                    TRUE,
2359                                    &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
2360                                    &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
2361                                    &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
2362                                    &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
2363                                    &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
2364                                  );
2365
2366                 memcpy(pMgmt->sNodeDBTable[uNodeIndex].abyMACAddr, sFrame.pHdr->sA3.abyAddr2, WLAN_ADDR_LEN);
2367                 pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble = WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo);
2368                 pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate = pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate;
2369 #ifdef  PLICE_DEBUG
2370                 //if (uNodeIndex == 0)
2371                 {
2372                         printk("s_vMgrRxBeacon:TxDataRate is %d,Index is %d\n",pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate,uNodeIndex);
2373                 }
2374 #endif
2375 /*
2376                 pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime = WLAN_GET_CAP_INFO_SHORTSLOTTIME(*sFrame.pwCapInfo);
2377                 if(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate > RATE_11M)
2378                        pMgmt->sNodeDBTable[uNodeIndex].bERPExist = TRUE;
2379 */
2380             }
2381
2382             // if other stations jointed, indicate connect to upper layer..
2383             if (pMgmt->eCurrState == WMAC_STATE_STARTED) {
2384                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Current IBSS State: [Started]........to: [Jointed] \n");
2385                 pMgmt->eCurrState = WMAC_STATE_JOINTED;
2386                 pDevice->bLinkPass = TRUE;
2387                 if (netif_queue_stopped(pDevice->dev)){
2388                     netif_wake_queue(pDevice->dev);
2389                 }
2390                 pMgmt->sNodeDBTable[0].bActive = TRUE;
2391                 pMgmt->sNodeDBTable[0].uInActiveCount = 0;
2392
2393             };
2394         }
2395         else if (bIsSSIDEqual) {
2396
2397             // See other adhoc sta with the same SSID but BSSID is different.
2398             // adpot this vars only when TSF larger then us.
2399             if (bTSFLargeDiff && bTSFOffsetPostive) {
2400                  // we don't support ATIM under adhoc mode
2401                // if ( sFrame.pIBSSParms->wATIMWindow == 0) {
2402                      // adpot this vars
2403                      // TODO: check sFrame cap if privacy on, and support rate syn
2404                      memcpy(pMgmt->abyCurrBSSID, sFrame.pHdr->sA3.abyAddr3, WLAN_BSSID_LEN);
2405                      memcpy(pDevice->abyBSSID, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
2406                      pMgmt->wCurrATIMWindow = cpu_to_le16(sFrame.pIBSSParms->wATIMWindow);
2407                      pMgmt->wCurrBeaconPeriod = cpu_to_le16(*sFrame.pwBeaconInterval);
2408                      pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
2409                                                       (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2410                                                       WLAN_RATES_MAXLEN_11B);
2411                      // set HW beacon interval and re-synchronizing....
2412                      DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rejoining to Other Adhoc group with same SSID........\n");
2413                      VNSvOutPortW(pDevice->PortOffset + MAC_REG_BI, pMgmt->wCurrBeaconPeriod);
2414                      CARDbUpdateTSF(pDevice, pRxPacket->byRxRate, qwTimestamp, qwLocalTSF);
2415                      CARDvUpdateNextTBTT(pDevice->PortOffset, qwTimestamp, pMgmt->wCurrBeaconPeriod);
2416                      // Turn off bssid filter to avoid filter others adhoc station which bssid is different.
2417                      MACvWriteBSSIDAddress(pDevice->PortOffset, pMgmt->abyCurrBSSID);
2418
2419                      CARDbSetPhyParameter (  pMgmt->pAdapter,
2420                                             pMgmt->eCurrentPHYMode,
2421                                             pMgmt->wCurrCapInfo,
2422                                             pMgmt->byERPContext,
2423                                             pMgmt->abyCurrSuppRates,
2424                                             pMgmt->abyCurrExtSuppRates);
2425
2426
2427                      // MACvRegBitsOff(pDevice->PortOffset, MAC_REG_RCR, RCR_BSSID);
2428                      // set highest basic rate
2429                      // s_vSetHighestBasicRate(pDevice, (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates);
2430                      // Prepare beacon frame
2431                      bMgrPrepareBeaconToSend((HANDLE)pDevice, pMgmt);
2432               //  }
2433             };
2434         }
2435     };
2436     // endian issue ???
2437     // Update TSF
2438     if (bUpdateTSF) {
2439         CARDbGetCurrentTSF(pDevice->PortOffset, &qwCurrTSF);
2440         CARDbUpdateTSF(pDevice, pRxPacket->byRxRate, qwTimestamp, pRxPacket->qwLocalTSF);
2441         CARDbGetCurrentTSF(pDevice->PortOffset, &qwCurrTSF);
2442         CARDvUpdateNextTBTT(pDevice->PortOffset, qwTimestamp, pMgmt->wCurrBeaconPeriod);
2443     }
2444
2445     return;
2446 }
2447
2448
2449
2450 /*+
2451  *
2452  * Routine Description:
2453  *   Instructs the hw to create a bss using the supplied
2454  *   attributes. Note that this implementation only supports Ad-Hoc
2455  *   BSS creation.
2456  *
2457  *
2458  * Return Value:
2459  *    CMD_STATUS
2460  *
2461 -*/
2462 VOID
2463 vMgrCreateOwnIBSS(
2464     IN  HANDLE hDeviceContext,
2465     OUT PCMD_STATUS pStatus
2466     )
2467 {
2468     PSDevice            pDevice = (PSDevice)hDeviceContext;
2469     PSMgmtObject        pMgmt = pDevice->pMgmt;
2470     WORD                wMaxBasicRate;
2471     WORD                wMaxSuppRate;
2472     BYTE                byTopCCKBasicRate;
2473     BYTE                byTopOFDMBasicRate;
2474     QWORD               qwCurrTSF;
2475     UINT                ii;
2476     BYTE    abyRATE[] = {0x82, 0x84, 0x8B, 0x96, 0x24, 0x30, 0x48, 0x6C, 0x0C, 0x12, 0x18, 0x60};
2477     BYTE    abyCCK_RATE[] = {0x82, 0x84, 0x8B, 0x96};
2478     BYTE    abyOFDM_RATE[] = {0x0C, 0x12, 0x18, 0x24, 0x30, 0x48, 0x60, 0x6C};
2479     WORD                wSuppRate;
2480
2481     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Create Basic Service Set .......\n");
2482
2483     if (pMgmt->eConfigMode == WMAC_CONFIG_IBSS_STA) {
2484         if ((pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) &&
2485             (pDevice->eEncryptionStatus != Ndis802_11Encryption2Enabled) &&
2486             (pDevice->eEncryptionStatus != Ndis802_11Encryption3Enabled)) {
2487             // encryption mode error
2488             *pStatus = CMD_STATUS_FAILURE;
2489             return;
2490         }
2491     }
2492
2493     pMgmt->abyCurrSuppRates[0] = WLAN_EID_SUPP_RATES;
2494     pMgmt->abyCurrExtSuppRates[0] = WLAN_EID_EXTSUPP_RATES;
2495
2496     if (pMgmt->eConfigMode == WMAC_CONFIG_AP) {
2497         pMgmt->eCurrentPHYMode = pMgmt->byAPBBType;
2498     } else {
2499         if (pDevice->byBBType == BB_TYPE_11G)
2500             pMgmt->eCurrentPHYMode = PHY_TYPE_11G;
2501         if (pDevice->byBBType == BB_TYPE_11B)
2502             pMgmt->eCurrentPHYMode = PHY_TYPE_11B;
2503         if (pDevice->byBBType == BB_TYPE_11A)
2504             pMgmt->eCurrentPHYMode = PHY_TYPE_11A;
2505     }
2506
2507     if (pMgmt->eCurrentPHYMode != PHY_TYPE_11A) {
2508         pMgmt->abyCurrSuppRates[1] = WLAN_RATES_MAXLEN_11B;
2509         pMgmt->abyCurrExtSuppRates[1] = 0;
2510         for (ii = 0; ii < 4; ii++)
2511             pMgmt->abyCurrSuppRates[2+ii] = abyRATE[ii];
2512     } else {
2513         pMgmt->abyCurrSuppRates[1] = 8;
2514         pMgmt->abyCurrExtSuppRates[1] = 0;
2515         for (ii = 0; ii < 8; ii++)
2516             pMgmt->abyCurrSuppRates[2+ii] = abyRATE[ii];
2517     }
2518
2519
2520     if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
2521         pMgmt->abyCurrSuppRates[1] = 8;
2522         pMgmt->abyCurrExtSuppRates[1] = 4;
2523         for (ii = 0; ii < 4; ii++)
2524             pMgmt->abyCurrSuppRates[2+ii] =  abyCCK_RATE[ii];
2525         for (ii = 4; ii < 8; ii++)
2526             pMgmt->abyCurrSuppRates[2+ii] =  abyOFDM_RATE[ii-4];
2527         for (ii = 0; ii < 4; ii++)
2528             pMgmt->abyCurrExtSuppRates[2+ii] =  abyOFDM_RATE[ii+4];
2529     }
2530
2531
2532     // Disable Protect Mode
2533     pDevice->bProtectMode = 0;
2534     MACvDisableProtectMD(pDevice->PortOffset);
2535
2536     pDevice->bBarkerPreambleMd = 0;
2537     MACvDisableBarkerPreambleMd(pDevice->PortOffset);
2538
2539     // Kyle Test 2003.11.04
2540
2541     // set HW beacon interval
2542     if (pMgmt->wIBSSBeaconPeriod == 0)
2543         pMgmt->wIBSSBeaconPeriod = DEFAULT_IBSS_BI;
2544
2545
2546     CARDbGetCurrentTSF(pDevice->PortOffset, &qwCurrTSF);
2547     // clear TSF counter
2548     VNSvOutPortB(pDevice->PortOffset + MAC_REG_TFTCTL, TFTCTL_TSFCNTRST);
2549     // enable TSF counter
2550     VNSvOutPortB(pDevice->PortOffset + MAC_REG_TFTCTL, TFTCTL_TSFCNTREN);
2551
2552     // set Next TBTT
2553     CARDvSetFirstNextTBTT(pDevice->PortOffset, pMgmt->wIBSSBeaconPeriod);
2554
2555     pMgmt->uIBSSChannel = pDevice->uChannel;
2556
2557     if (pMgmt->uIBSSChannel == 0)
2558         pMgmt->uIBSSChannel = DEFAULT_IBSS_CHANNEL;
2559
2560
2561     // set basic rate
2562
2563     RATEvParseMaxRate((PVOID)pDevice, (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2564                       (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates, TRUE,
2565                       &wMaxBasicRate, &wMaxSuppRate, &wSuppRate,
2566                       &byTopCCKBasicRate, &byTopOFDMBasicRate);
2567
2568
2569     if (pMgmt->eConfigMode == WMAC_CONFIG_AP) {
2570         pMgmt->eCurrMode = WMAC_MODE_ESS_AP;
2571     }
2572
2573     if (pMgmt->eConfigMode == WMAC_CONFIG_IBSS_STA) {
2574         MEMvCopy(pMgmt->abyIBSSDFSOwner, pDevice->abyCurrentNetAddr, 6);
2575         pMgmt->byIBSSDFSRecovery = 10;
2576         pMgmt->eCurrMode = WMAC_MODE_IBSS_STA;
2577     }
2578
2579     // Adopt pre-configured IBSS vars to current vars
2580     pMgmt->eCurrState = WMAC_STATE_STARTED;
2581     pMgmt->wCurrBeaconPeriod = pMgmt->wIBSSBeaconPeriod;
2582     pMgmt->uCurrChannel = pMgmt->uIBSSChannel;
2583     pMgmt->wCurrATIMWindow = pMgmt->wIBSSATIMWindow;
2584     MACvWriteATIMW(pDevice->PortOffset, pMgmt->wCurrATIMWindow);
2585     pDevice->uCurrRSSI = 0;
2586     pDevice->byCurrSQ = 0;
2587     //memcpy(pMgmt->abyDesireSSID,pMgmt->abyAdHocSSID,
2588                      // ((PWLAN_IE_SSID)pMgmt->abyAdHocSSID)->len + WLAN_IEHDR_LEN);
2589     memset(pMgmt->abyCurrSSID, 0, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN + 1);
2590     memcpy(pMgmt->abyCurrSSID,
2591            pMgmt->abyDesireSSID,
2592            ((PWLAN_IE_SSID)pMgmt->abyDesireSSID)->len + WLAN_IEHDR_LEN
2593           );
2594
2595     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
2596         // AP mode BSSID = MAC addr
2597         memcpy(pMgmt->abyCurrBSSID, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
2598         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO"AP beacon created BSSID:%02x-%02x-%02x-%02x-%02x-%02x \n",
2599                       pMgmt->abyCurrBSSID[0],
2600                       pMgmt->abyCurrBSSID[1],
2601                       pMgmt->abyCurrBSSID[2],
2602                       pMgmt->abyCurrBSSID[3],
2603                       pMgmt->abyCurrBSSID[4],
2604                       pMgmt->abyCurrBSSID[5]
2605                     );
2606     }
2607
2608     if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
2609
2610         // BSSID selected must be randomized as spec 11.1.3
2611         pMgmt->abyCurrBSSID[5] = (BYTE) (LODWORD(qwCurrTSF)& 0x000000ff);
2612         pMgmt->abyCurrBSSID[4] = (BYTE)((LODWORD(qwCurrTSF)& 0x0000ff00) >> 8);
2613         pMgmt->abyCurrBSSID[3] = (BYTE)((LODWORD(qwCurrTSF)& 0x00ff0000) >> 16);
2614         pMgmt->abyCurrBSSID[2] = (BYTE)((LODWORD(qwCurrTSF)& 0x00000ff0) >> 4);
2615         pMgmt->abyCurrBSSID[1] = (BYTE)((LODWORD(qwCurrTSF)& 0x000ff000) >> 12);
2616         pMgmt->abyCurrBSSID[0] = (BYTE)((LODWORD(qwCurrTSF)& 0x0ff00000) >> 20);
2617         pMgmt->abyCurrBSSID[5] ^= pMgmt->abyMACAddr[0];
2618         pMgmt->abyCurrBSSID[4] ^= pMgmt->abyMACAddr[1];
2619         pMgmt->abyCurrBSSID[3] ^= pMgmt->abyMACAddr[2];
2620         pMgmt->abyCurrBSSID[2] ^= pMgmt->abyMACAddr[3];
2621         pMgmt->abyCurrBSSID[1] ^= pMgmt->abyMACAddr[4];
2622         pMgmt->abyCurrBSSID[0] ^= pMgmt->abyMACAddr[5];
2623         pMgmt->abyCurrBSSID[0] &= ~IEEE_ADDR_GROUP;
2624         pMgmt->abyCurrBSSID[0] |= IEEE_ADDR_UNIVERSAL;
2625
2626
2627         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO"Adhoc beacon created bssid:%02x-%02x-%02x-%02x-%02x-%02x \n",
2628                       pMgmt->abyCurrBSSID[0],
2629                       pMgmt->abyCurrBSSID[1],
2630                       pMgmt->abyCurrBSSID[2],
2631                       pMgmt->abyCurrBSSID[3],
2632                       pMgmt->abyCurrBSSID[4],
2633                       pMgmt->abyCurrBSSID[5]
2634                     );
2635     }
2636
2637     // Set Capability Info
2638     pMgmt->wCurrCapInfo = 0;
2639
2640     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
2641         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_ESS(1);
2642         pMgmt->byDTIMPeriod = DEFAULT_DTIM_PERIOD;
2643         pMgmt->byDTIMCount = pMgmt->byDTIMPeriod - 1;
2644     }
2645
2646     if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
2647         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_IBSS(1);
2648     }
2649
2650     if (pDevice->bEncryptionEnable) {
2651         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_PRIVACY(1);
2652         if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
2653             if (pDevice->eEncryptionStatus == Ndis802_11Encryption3Enabled) {
2654                 pMgmt->byCSSPK = KEY_CTL_CCMP;
2655                 pMgmt->byCSSGK = KEY_CTL_CCMP;
2656             } else if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled) {
2657                 pMgmt->byCSSPK = KEY_CTL_TKIP;
2658                 pMgmt->byCSSGK = KEY_CTL_TKIP;
2659             } else {
2660                 pMgmt->byCSSPK = KEY_CTL_NONE;
2661                 pMgmt->byCSSGK = KEY_CTL_WEP;
2662             }
2663         } else {
2664             pMgmt->byCSSPK = KEY_CTL_WEP;
2665             pMgmt->byCSSGK = KEY_CTL_WEP;
2666         }
2667     };
2668
2669     pMgmt->byERPContext = 0;
2670
2671 //    memcpy(pDevice->abyBSSID, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
2672
2673     if (pMgmt->eConfigMode == WMAC_CONFIG_AP) {
2674         CARDbSetBSSID(pMgmt->pAdapter, pMgmt->abyCurrBSSID, OP_MODE_AP);
2675     } else {
2676         CARDbSetBSSID(pMgmt->pAdapter, pMgmt->abyCurrBSSID, OP_MODE_ADHOC);
2677     }
2678
2679     CARDbSetPhyParameter(   pMgmt->pAdapter,
2680                             pMgmt->eCurrentPHYMode,
2681                             pMgmt->wCurrCapInfo,
2682                             pMgmt->byERPContext,
2683                             pMgmt->abyCurrSuppRates,
2684                             pMgmt->abyCurrExtSuppRates
2685                             );
2686
2687     CARDbSetBeaconPeriod(pMgmt->pAdapter, pMgmt->wIBSSBeaconPeriod);
2688     // set channel and clear NAV
2689     CARDbSetChannel(pMgmt->pAdapter, pMgmt->uIBSSChannel);
2690     pMgmt->uCurrChannel = pMgmt->uIBSSChannel;
2691
2692     if (CARDbIsShortPreamble(pMgmt->pAdapter)) {
2693         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
2694     } else {
2695         pMgmt->wCurrCapInfo &= (~WLAN_SET_CAP_INFO_SHORTPREAMBLE(1));
2696     }
2697
2698     if ((pMgmt->b11hEnable == TRUE) &&
2699         (pMgmt->eCurrentPHYMode == PHY_TYPE_11A)) {
2700         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SPECTRUMMNG(1);
2701     } else {
2702         pMgmt->wCurrCapInfo &= (~WLAN_SET_CAP_INFO_SPECTRUMMNG(1));
2703     }
2704
2705     pMgmt->eCurrState = WMAC_STATE_STARTED;
2706     // Prepare beacon to send
2707     if (bMgrPrepareBeaconToSend((HANDLE)pDevice, pMgmt)) {
2708         *pStatus = CMD_STATUS_SUCCESS;
2709     }
2710
2711     return ;
2712 }
2713
2714
2715
2716 /*+
2717  *
2718  * Routine Description:
2719  *   Instructs wmac to join a bss using the supplied attributes.
2720  *   The arguments may the BSSID or SSID and the rest of the
2721  *   attributes are obtained from the scan result of known bss list.
2722  *
2723  *
2724  * Return Value:
2725  *    None.
2726  *
2727 -*/
2728
2729 VOID
2730 vMgrJoinBSSBegin(
2731     IN  HANDLE hDeviceContext,
2732     OUT PCMD_STATUS pStatus
2733     )
2734 {
2735
2736     PSDevice     pDevice = (PSDevice)hDeviceContext;
2737     PSMgmtObject    pMgmt = pDevice->pMgmt;
2738     PKnownBSS       pCurr = NULL;
2739     UINT            ii, uu;
2740     PWLAN_IE_SUPP_RATES pItemRates = NULL;
2741     PWLAN_IE_SUPP_RATES pItemExtRates = NULL;
2742     PWLAN_IE_SSID   pItemSSID;
2743     UINT            uRateLen = WLAN_RATES_MAXLEN;
2744     WORD            wMaxBasicRate = RATE_1M;
2745     WORD            wMaxSuppRate = RATE_1M;
2746     WORD            wSuppRate;
2747     BYTE            byTopCCKBasicRate = RATE_1M;
2748     BYTE            byTopOFDMBasicRate = RATE_1M;
2749
2750
2751     for (ii = 0; ii < MAX_BSS_NUM; ii++) {
2752         if (pMgmt->sBSSList[ii].bActive == TRUE)
2753             break;
2754     }
2755
2756     if (ii == MAX_BSS_NUM) {
2757        *pStatus = CMD_STATUS_RESOURCES;
2758         DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "BSS finding:BSS list is empty.\n");
2759        return;
2760     };
2761
2762     // memset(pMgmt->abyDesireBSSID, 0,  WLAN_BSSID_LEN);
2763     // Search known BSS list for prefer BSSID or SSID
2764
2765     pCurr = BSSpSearchBSSList(pDevice,
2766                               pMgmt->abyDesireBSSID,
2767                               pMgmt->abyDesireSSID,
2768                               pMgmt->eConfigPHYMode
2769                               );
2770
2771     if (pCurr == NULL){
2772        *pStatus = CMD_STATUS_RESOURCES;
2773        pItemSSID = (PWLAN_IE_SSID)pMgmt->abyDesireSSID;
2774        DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Scanning [%s] not found, disconnected !\n", pItemSSID->abySSID);
2775        return;
2776     };
2777
2778     DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "AP(BSS) finding:Found a AP(BSS)..\n");
2779     if (WLAN_GET_CAP_INFO_ESS(cpu_to_le16(pCurr->wCapInfo))){
2780
2781         if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA)||(pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK)) {
2782
2783     // patch for CISCO migration mode
2784 /*
2785             if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled) {
2786                 if (WPA_SearchRSN(0, WPA_TKIP, pCurr) == FALSE) {
2787                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"No match RSN info. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
2788                     // encryption mode error
2789                     pMgmt->eCurrState = WMAC_STATE_IDLE;
2790                     return;
2791                 }
2792             } else if (pDevice->eEncryptionStatus == Ndis802_11Encryption3Enabled) {
2793                 if (WPA_SearchRSN(0, WPA_AESCCMP, pCurr) == FALSE) {
2794                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"No match RSN info. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
2795                     // encryption mode error
2796                     pMgmt->eCurrState = WMAC_STATE_IDLE;
2797                     return;
2798                 }
2799             }
2800 */
2801         }
2802
2803 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
2804         //if(pDevice->bWPASuppWextEnabled == TRUE)
2805             Encyption_Rebuild(pDevice, pCurr);
2806 #endif
2807         // Infrastructure BSS
2808         s_vMgrSynchBSS(pDevice,
2809                        WMAC_MODE_ESS_STA,
2810                        pCurr,
2811                        pStatus
2812                        );
2813
2814         if (*pStatus == CMD_STATUS_SUCCESS){
2815
2816             // Adopt this BSS state vars in Mgmt Object
2817             pMgmt->uCurrChannel = pCurr->uChannel;
2818
2819             memset(pMgmt->abyCurrSuppRates, 0 , WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1);
2820             memset(pMgmt->abyCurrExtSuppRates, 0 , WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1);
2821
2822             if (pCurr->eNetworkTypeInUse == PHY_TYPE_11B) {
2823                 uRateLen = WLAN_RATES_MAXLEN_11B;
2824             }
2825
2826             pItemRates = (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates;
2827             pItemExtRates = (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates;
2828
2829             // Parse Support Rate IE
2830             pItemRates->byElementID = WLAN_EID_SUPP_RATES;
2831             pItemRates->len = RATEuSetIE((PWLAN_IE_SUPP_RATES)pCurr->abySuppRates,
2832                                          pItemRates,
2833                                          uRateLen);
2834
2835             // Parse Extension Support Rate IE
2836             pItemExtRates->byElementID = WLAN_EID_EXTSUPP_RATES;
2837             pItemExtRates->len = RATEuSetIE((PWLAN_IE_SUPP_RATES)pCurr->abyExtSuppRates,
2838                                             pItemExtRates,
2839                                             uRateLen);
2840             // Stuffing Rate IE
2841             if ((pItemExtRates->len > 0) && (pItemRates->len < 8)) {
2842                 for (ii = 0; ii < (UINT)(8 - pItemRates->len); ) {
2843                     pItemRates->abyRates[pItemRates->len + ii] = pItemExtRates->abyRates[ii];
2844                     ii ++;
2845                     if (pItemExtRates->len <= ii)
2846                         break;
2847                 }
2848                 pItemRates->len += (BYTE)ii;
2849                 if (pItemExtRates->len - ii > 0) {
2850                     pItemExtRates->len -= (BYTE)ii;
2851                     for (uu = 0; uu < pItemExtRates->len; uu ++) {
2852                         pItemExtRates->abyRates[uu] = pItemExtRates->abyRates[uu + ii];
2853                     }
2854                 } else {
2855                     pItemExtRates->len = 0;
2856                 }
2857             }
2858
2859             RATEvParseMaxRate((PVOID)pDevice, pItemRates, pItemExtRates, TRUE,
2860                               &wMaxBasicRate, &wMaxSuppRate, &wSuppRate,
2861                               &byTopCCKBasicRate, &byTopOFDMBasicRate);
2862
2863             // TODO: deal with if wCapInfo the privacy is on, but station WEP is off
2864             // TODO: deal with if wCapInfo the PS-Pollable is on.
2865             pMgmt->wCurrBeaconPeriod = pCurr->wBeaconInterval;
2866             memset(pMgmt->abyCurrSSID, 0, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN + 1);
2867             memcpy(pMgmt->abyCurrBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2868             memcpy(pMgmt->abyCurrSSID, pCurr->abySSID, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN + 1);
2869
2870             pMgmt->eCurrMode = WMAC_MODE_ESS_STA;
2871
2872             pMgmt->eCurrState = WMAC_STATE_JOINTED;
2873             // Adopt BSS state in Adapter Device Object
2874             //pDevice->byOpMode = OP_MODE_INFRASTRUCTURE;
2875 //            memcpy(pDevice->abyBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2876
2877             // Add current BSS to Candidate list
2878             // This should only works for WPA2 BSS, and WPA2 BSS check must be done before.
2879             if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
2880                 BOOL bResult = bAdd_PMKID_Candidate((HANDLE)pDevice, pMgmt->abyCurrBSSID, &pCurr->sRSNCapObj);
2881                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"bAdd_PMKID_Candidate: 1(%d)\n", bResult);
2882                 if (bResult == FALSE) {
2883                     vFlush_PMKID_Candidate((HANDLE)pDevice);
2884                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"vFlush_PMKID_Candidate: 4\n");
2885                     bAdd_PMKID_Candidate((HANDLE)pDevice, pMgmt->abyCurrBSSID, &pCurr->sRSNCapObj);
2886                 }
2887             }
2888
2889             // Preamble type auto-switch: if AP can receive short-preamble cap,
2890             // we can turn on too.
2891
2892             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Join ESS\n");
2893
2894
2895
2896             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"End of Join AP -- A/B/G Action\n");
2897         }
2898         else {
2899             pMgmt->eCurrState = WMAC_STATE_IDLE;
2900         };
2901
2902
2903      }
2904      else {
2905         // ad-hoc mode BSS
2906         if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
2907
2908             if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled) {
2909                 if (WPA_SearchRSN(0, WPA_TKIP, pCurr) == FALSE) {
2910                     // encryption mode error
2911                     pMgmt->eCurrState = WMAC_STATE_IDLE;
2912                     return;
2913                 }
2914             } else if (pDevice->eEncryptionStatus == Ndis802_11Encryption3Enabled) {
2915                 if (WPA_SearchRSN(0, WPA_AESCCMP, pCurr) == FALSE) {
2916                     // encryption mode error
2917                     pMgmt->eCurrState = WMAC_STATE_IDLE;
2918                     return;
2919                 }
2920             } else {
2921                 // encryption mode error
2922                 pMgmt->eCurrState = WMAC_STATE_IDLE;
2923                 return;
2924             }
2925         }
2926
2927         s_vMgrSynchBSS(pDevice,
2928                        WMAC_MODE_IBSS_STA,
2929                        pCurr,
2930                        pStatus
2931                        );
2932
2933         if (*pStatus == CMD_STATUS_SUCCESS){
2934             // Adopt this BSS state vars in Mgmt Object
2935             // TODO: check if CapInfo privacy on, but we don't..
2936             pMgmt->uCurrChannel = pCurr->uChannel;
2937
2938
2939             // Parse Support Rate IE
2940             pMgmt->abyCurrSuppRates[0] = WLAN_EID_SUPP_RATES;
2941             pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)pCurr->abySuppRates,
2942                                                     (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2943                                                     WLAN_RATES_MAXLEN_11B);
2944             // set basic rate
2945             RATEvParseMaxRate((PVOID)pDevice, (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2946                               NULL, TRUE, &wMaxBasicRate, &wMaxSuppRate, &wSuppRate,
2947                               &byTopCCKBasicRate, &byTopOFDMBasicRate);
2948
2949             pMgmt->wCurrCapInfo = pCurr->wCapInfo;
2950             pMgmt->wCurrBeaconPeriod = pCurr->wBeaconInterval;
2951             memset(pMgmt->abyCurrSSID, 0, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN);
2952             memcpy(pMgmt->abyCurrBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2953             memcpy(pMgmt->abyCurrSSID, pCurr->abySSID, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN);
2954 //          pMgmt->wCurrATIMWindow = pCurr->wATIMWindow;
2955             MACvWriteATIMW(pDevice->PortOffset, pMgmt->wCurrATIMWindow);
2956             pMgmt->eCurrMode = WMAC_MODE_IBSS_STA;
2957
2958             pMgmt->eCurrState = WMAC_STATE_STARTED;
2959             // Adopt BSS state in Adapter Device Object
2960             //pDevice->byOpMode = OP_MODE_ADHOC;
2961 //            pDevice->bLinkPass = TRUE;
2962 //            memcpy(pDevice->abyBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2963
2964             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Join IBSS ok:%02x-%02x-%02x-%02x-%02x-%02x \n",
2965                   pMgmt->abyCurrBSSID[0],
2966                   pMgmt->abyCurrBSSID[1],
2967                   pMgmt->abyCurrBSSID[2],
2968                   pMgmt->abyCurrBSSID[3],
2969                   pMgmt->abyCurrBSSID[4],
2970                   pMgmt->abyCurrBSSID[5]
2971                 );
2972             // Preamble type auto-switch: if AP can receive short-preamble cap,
2973             // and if registry setting is short preamble we can turn on too.
2974
2975             // Prepare beacon
2976             bMgrPrepareBeaconToSend((HANDLE)pDevice, pMgmt);
2977         }
2978         else {
2979             pMgmt->eCurrState = WMAC_STATE_IDLE;
2980         };
2981      };
2982     return;
2983 }
2984
2985
2986
2987 /*+
2988  *
2989  * Routine Description:
2990  * Set HW to synchronize a specific BSS from known BSS list.
2991  *
2992  *
2993  * Return Value:
2994  *    PCM_STATUS
2995  *
2996 -*/
2997 static
2998 VOID
2999 s_vMgrSynchBSS (
3000     IN PSDevice      pDevice,
3001     IN UINT          uBSSMode,
3002     IN PKnownBSS     pCurr,
3003     OUT PCMD_STATUS  pStatus
3004     )
3005 {
3006     CARD_PHY_TYPE   ePhyType = PHY_TYPE_11B;
3007     PSMgmtObject  pMgmt = pDevice->pMgmt;
3008 //    int     ii;
3009                                                      //1M,   2M,   5M,   11M,  18M,  24M,  36M,  54M
3010     BYTE abyCurrSuppRatesG[] = {WLAN_EID_SUPP_RATES, 8, 0x02, 0x04, 0x0B, 0x16, 0x24, 0x30, 0x48, 0x6C};
3011     BYTE abyCurrExtSuppRatesG[] = {WLAN_EID_EXTSUPP_RATES, 4, 0x0C, 0x12, 0x18, 0x60};
3012                                                            //6M,   9M,   12M,  48M
3013     BYTE abyCurrSuppRatesA[] = {WLAN_EID_SUPP_RATES, 8, 0x0C, 0x12, 0x18, 0x24, 0x30, 0x48, 0x60, 0x6C};
3014     BYTE abyCurrSuppRatesB[] = {WLAN_EID_SUPP_RATES, 4, 0x02, 0x04, 0x0B, 0x16};
3015
3016
3017     *pStatus = CMD_STATUS_FAILURE;
3018
3019     if (s_bCipherMatch(pCurr,
3020                        pDevice->eEncryptionStatus,
3021                        &(pMgmt->byCSSPK),
3022                        &(pMgmt->byCSSGK)) == FALSE) {
3023         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "s_bCipherMatch Fail .......\n");
3024         return;
3025     }
3026
3027     pMgmt->pCurrBSS = pCurr;
3028
3029     // if previous mode is IBSS.
3030     if(pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
3031         MACvRegBitsOff(pDevice->PortOffset, MAC_REG_BCNDMACTL, BEACON_READY);
3032         MACvRegBitsOff(pDevice->PortOffset, MAC_REG_TCR, TCR_AUTOBCNTX);
3033     }
3034
3035     // Init the BSS informations
3036     pDevice->bCCK = TRUE;
3037     pDevice->bProtectMode = FALSE;
3038     MACvDisableProtectMD(pDevice->PortOffset);
3039     pDevice->bBarkerPreambleMd = FALSE;
3040     MACvDisableBarkerPreambleMd(pDevice->PortOffset);
3041     pDevice->bNonERPPresent = FALSE;
3042     pDevice->byPreambleType = 0;
3043     pDevice->wBasicRate = 0;
3044     // Set Basic Rate
3045     CARDbAddBasicRate((PVOID)pDevice, RATE_1M);
3046     // calculate TSF offset
3047     // TSF Offset = Received Timestamp TSF - Marked Local's TSF
3048     CARDbUpdateTSF(pDevice, pCurr->byRxRate, pCurr->qwBSSTimestamp, pCurr->qwLocalTSF);
3049
3050     CARDbSetBeaconPeriod(pDevice, pCurr->wBeaconInterval);
3051
3052     // set Next TBTT
3053     // Next TBTT = ((local_current_TSF / beacon_interval) + 1 ) * beacon_interval
3054     CARDvSetFirstNextTBTT(pDevice->PortOffset, pCurr->wBeaconInterval);
3055
3056     // set BSSID
3057     MACvWriteBSSIDAddress(pDevice->PortOffset, pCurr->abyBSSID);
3058
3059     MACvReadBSSIDAddress(pDevice->PortOffset, pMgmt->abyCurrBSSID);
3060
3061     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Sync:set CurrBSSID address = %02x-%02x-%02x=%02x-%02x-%02x\n",
3062         pMgmt->abyCurrBSSID[0],
3063         pMgmt->abyCurrBSSID[1],
3064         pMgmt->abyCurrBSSID[2],
3065         pMgmt->abyCurrBSSID[3],
3066         pMgmt->abyCurrBSSID[4],
3067         pMgmt->abyCurrBSSID[5]);
3068
3069     if (pCurr->eNetworkTypeInUse == PHY_TYPE_11A) {
3070         if ((pMgmt->eConfigPHYMode == PHY_TYPE_11A) ||
3071             (pMgmt->eConfigPHYMode == PHY_TYPE_AUTO)) {
3072             ePhyType = PHY_TYPE_11A;
3073         } else {
3074             return;
3075         }
3076     } else if (pCurr->eNetworkTypeInUse == PHY_TYPE_11B) {
3077         if ((pMgmt->eConfigPHYMode == PHY_TYPE_11B) ||
3078             (pMgmt->eConfigPHYMode == PHY_TYPE_11G) ||
3079             (pMgmt->eConfigPHYMode == PHY_TYPE_AUTO)) {
3080             ePhyType = PHY_TYPE_11B;
3081         } else {
3082             return;
3083         }
3084     } else {
3085         if ((pMgmt->eConfigPHYMode == PHY_TYPE_11G) ||
3086             (pMgmt->eConfigPHYMode == PHY_TYPE_AUTO)) {
3087             ePhyType = PHY_TYPE_11G;
3088         } else if (pMgmt->eConfigPHYMode == PHY_TYPE_11B) {
3089             ePhyType = PHY_TYPE_11B;
3090         } else {
3091             return;
3092         }
3093     }
3094
3095     if (ePhyType == PHY_TYPE_11A) {
3096         MEMvCopy(pMgmt->abyCurrSuppRates, &abyCurrSuppRatesA[0], sizeof(abyCurrSuppRatesA));
3097         pMgmt->abyCurrExtSuppRates[1] = 0;
3098     } else if (ePhyType == PHY_TYPE_11B) {
3099         MEMvCopy(pMgmt->abyCurrSuppRates, &abyCurrSuppRatesB[0], sizeof(abyCurrSuppRatesB));
3100         pMgmt->abyCurrExtSuppRates[1] = 0;
3101     } else {
3102         MEMvCopy(pMgmt->abyCurrSuppRates, &abyCurrSuppRatesG[0], sizeof(abyCurrSuppRatesG));
3103         MEMvCopy(pMgmt->abyCurrExtSuppRates, &abyCurrExtSuppRatesG[0], sizeof(abyCurrExtSuppRatesG));
3104     }
3105
3106
3107     if (WLAN_GET_CAP_INFO_ESS(pCurr->wCapInfo)) {
3108         CARDbSetBSSID(pMgmt->pAdapter, pCurr->abyBSSID, OP_MODE_INFRASTRUCTURE);
3109         // Add current BSS to Candidate list
3110         // This should only works for WPA2 BSS, and WPA2 BSS check must be done before.
3111         if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
3112             CARDbAdd_PMKID_Candidate(pMgmt->pAdapter, pMgmt->abyCurrBSSID, pCurr->sRSNCapObj.bRSNCapExist, pCurr->sRSNCapObj.wRSNCap);
3113         }
3114     } else {
3115         CARDbSetBSSID(pMgmt->pAdapter, pCurr->abyBSSID, OP_MODE_ADHOC);
3116     }
3117
3118     if (CARDbSetPhyParameter(   pMgmt->pAdapter,
3119                                 ePhyType,
3120                                 pCurr->wCapInfo,
3121                                 pCurr->sERP.byERP,
3122                                 pMgmt->abyCurrSuppRates,
3123                                 pMgmt->abyCurrExtSuppRates
3124                             ) != TRUE) {
3125         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "<----s_bSynchBSS Set Phy Mode Fail [%d]\n", ePhyType);
3126         return;
3127     }
3128     // set channel and clear NAV
3129     if (CARDbSetChannel(pMgmt->pAdapter, pCurr->uChannel) == FALSE) {
3130         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "<----s_bSynchBSS Set Channel [%d]\n", pCurr->uChannel);
3131         return;
3132     }
3133
3134 /*
3135     for (ii=0;ii<BB_VGA_LEVEL;ii++) {
3136         if (pCurr->ldBmMAX< pDevice->ldBmThreshold[ii]) {
3137             pDevice->byBBVGANew = pDevice->abyBBVGA[ii];
3138             break;
3139         }
3140     }
3141
3142     if (pDevice->byBBVGANew != pDevice->byBBVGACurrent) {
3143         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RSSI[%d] NewGain[%d] OldGain[%d] \n",
3144                         (int)pCurr->ldBmMAX, pDevice->byBBVGANew, pDevice->byBBVGACurrent);
3145         printk("RSSI[%d] NewGain[%d] OldGain[%d] \n",
3146                         (int)pCurr->ldBmMAX, pDevice->byBBVGANew, pDevice->byBBVGACurrent);
3147         BBvSetVGAGainOffset(pDevice, pDevice->byBBVGANew);
3148     }
3149     printk("ldBmMAX[%d] NewGain[%d] OldGain[%d] \n",
3150            (int)pCurr->ldBmMAX, pDevice->byBBVGANew, pDevice->byBBVGACurrent);
3151 */
3152     pMgmt->uCurrChannel = pCurr->uChannel;
3153     pMgmt->eCurrentPHYMode = ePhyType;
3154     pMgmt->byERPContext = pCurr->sERP.byERP;
3155     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Sync:Set to channel = [%d]\n", (INT)pCurr->uChannel);
3156
3157
3158     *pStatus = CMD_STATUS_SUCCESS;
3159
3160
3161     return;
3162 };
3163
3164 //mike add: fix NetworkManager 0.7.0 hidden ssid mode in WPA encryption
3165 //                   ,need reset eAuthenMode and eEncryptionStatus
3166  static VOID  Encyption_Rebuild(
3167     IN PSDevice pDevice,
3168     IN PKnownBSS pCurr
3169  )
3170  {
3171   PSMgmtObject  pMgmt = &(pDevice->sMgmtObj);
3172  // UINT            ii , uSameBssidNum=0;
3173
3174         //  for (ii = 0; ii < MAX_BSS_NUM; ii++) {
3175           //   if (pMgmt->sBSSList[ii].bActive &&
3176             //      IS_ETH_ADDRESS_EQUAL(pMgmt->sBSSList[ii].abyBSSID, pCurr->abyBSSID)) {
3177              //       uSameBssidNum++;
3178                //   }
3179            // }
3180   //   if( uSameBssidNum>=2) {   //we only check AP in hidden sssid  mode
3181         if ((pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||           //networkmanager 0.7.0 does not give the pairwise-key selsection,
3182              (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {         // so we need re-selsect it according to real pairwise-key info.
3183                if(pCurr->bWPAValid == TRUE)  {   //WPA-PSK
3184                           pMgmt->eAuthenMode = WMAC_AUTH_WPAPSK;
3185                     if(pCurr->abyPKType[0] == WPA_TKIP) {
3186                         pDevice->eEncryptionStatus = Ndis802_11Encryption2Enabled;    //TKIP
3187                         printk("Encyption_Rebuild--->ssid reset config to [WPAPSK-TKIP]\n");
3188                       }
3189                    else if(pCurr->abyPKType[0] == WPA_AESCCMP) {
3190                         pDevice->eEncryptionStatus = Ndis802_11Encryption3Enabled;    //AES
3191                           printk("Encyption_Rebuild--->ssid reset config to [WPAPSK-AES]\n");
3192                      }
3193                 }
3194                else if(pCurr->bWPA2Valid == TRUE) {  //WPA2-PSK
3195                          pMgmt->eAuthenMode = WMAC_AUTH_WPA2PSK;
3196                        if(pCurr->abyCSSPK[0] == WLAN_11i_CSS_TKIP) {
3197                            pDevice->eEncryptionStatus = Ndis802_11Encryption2Enabled;     //TKIP
3198                              printk("Encyption_Rebuild--->ssid reset config to [WPA2PSK-TKIP]\n");
3199                         }
3200                        else if(pCurr->abyCSSPK[0] == WLAN_11i_CSS_CCMP) {
3201                            pDevice->eEncryptionStatus = Ndis802_11Encryption3Enabled;    //AES
3202                             printk("Encyption_Rebuild--->ssid reset config to [WPA2PSK-AES]\n");
3203                         }
3204                 }
3205               }
3206         //  }
3207       return;
3208  }
3209
3210
3211 /*+
3212  *
3213  * Routine Description:
3214  *  Format TIM field
3215  *
3216  *
3217  * Return Value:
3218  *    VOID
3219  *
3220 -*/
3221
3222 static
3223 VOID
3224 s_vMgrFormatTIM(
3225     IN PSMgmtObject pMgmt,
3226     IN PWLAN_IE_TIM pTIM
3227     )
3228 {
3229     BYTE        byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
3230     BYTE        byMap;
3231     UINT        ii, jj;
3232     BOOL        bStartFound = FALSE;
3233     BOOL        bMulticast = FALSE;
3234     WORD        wStartIndex = 0;
3235     WORD        wEndIndex = 0;
3236
3237
3238     // Find size of partial virtual bitmap
3239     for (ii = 0; ii < (MAX_NODE_NUM + 1); ii++) {
3240         byMap = pMgmt->abyPSTxMap[ii];
3241         if (!ii) {
3242             // Mask out the broadcast bit which is indicated separately.
3243             bMulticast = (byMap & byMask[0]) != 0;
3244             if(bMulticast) {
3245                pMgmt->sNodeDBTable[0].bRxPSPoll = TRUE;
3246             }
3247             byMap = 0;
3248         }
3249         if (byMap) {
3250             if (!bStartFound) {
3251                 bStartFound = TRUE;
3252                 wStartIndex = ii;
3253             }
3254             wEndIndex = ii;
3255         }
3256     };
3257
3258
3259     // Round start index down to nearest even number
3260     wStartIndex &=  ~BIT0;
3261
3262     // Round end index up to nearest even number
3263     wEndIndex = ((wEndIndex + 1) & ~BIT0);
3264
3265     // Size of element payload
3266
3267     pTIM->len =  3 + (wEndIndex - wStartIndex) + 1;
3268
3269     // Fill in the Fixed parts of the TIM
3270     pTIM->byDTIMCount = pMgmt->byDTIMCount;
3271     pTIM->byDTIMPeriod = pMgmt->byDTIMPeriod;
3272     pTIM->byBitMapCtl = (bMulticast ? TIM_MULTICAST_MASK : 0) |
3273         (((wStartIndex >> 1) << 1) & TIM_BITMAPOFFSET_MASK);
3274
3275     // Append variable part of TIM
3276
3277     for (ii = wStartIndex, jj =0 ; ii <= wEndIndex; ii++, jj++) {
3278          pTIM->byVirtBitMap[jj] = pMgmt->abyPSTxMap[ii];
3279     }
3280
3281     // Aid = 0 don't used.
3282     pTIM->byVirtBitMap[0]  &= ~BIT0;
3283 }
3284
3285
3286 /*+
3287  *
3288  * Routine Description:
3289  *  Constructs an Beacon frame( Ad-hoc mode)
3290  *
3291  *
3292  * Return Value:
3293  *    PTR to frame; or NULL on allocation failue
3294  *
3295 -*/
3296
3297 static
3298 PSTxMgmtPacket
3299 s_MgrMakeBeacon(
3300     IN PSDevice pDevice,
3301     IN PSMgmtObject pMgmt,
3302     IN WORD wCurrCapInfo,
3303     IN WORD wCurrBeaconPeriod,
3304     IN UINT uCurrChannel,
3305     IN WORD wCurrATIMWinodw,
3306     IN PWLAN_IE_SSID pCurrSSID,
3307     IN PBYTE pCurrBSSID,
3308     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
3309     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
3310     )
3311 {
3312     PSTxMgmtPacket      pTxPacket = NULL;
3313     WLAN_FR_BEACON      sFrame;
3314     BYTE                abyBroadcastAddr[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
3315     PBYTE               pbyBuffer;
3316     UINT                uLength = 0;
3317     PWLAN_IE_IBSS_DFS   pIBSSDFS = NULL;
3318     UINT                ii;
3319
3320     // prepare beacon frame
3321     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3322     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_BEACON_FR_MAXLEN);
3323     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3324     // Setup the sFrame structure.
3325     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3326     sFrame.len = WLAN_BEACON_FR_MAXLEN;
3327     vMgrEncodeBeacon(&sFrame);
3328     // Setup the header
3329     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
3330         (
3331         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
3332         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_BEACON)
3333         ));
3334
3335     if (pDevice->bEnablePSMode) {
3336         sFrame.pHdr->sA3.wFrameCtl |= cpu_to_le16((WORD)WLAN_SET_FC_PWRMGT(1));
3337     }
3338
3339     memcpy( sFrame.pHdr->sA3.abyAddr1, abyBroadcastAddr, WLAN_ADDR_LEN);
3340     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
3341     memcpy( sFrame.pHdr->sA3.abyAddr3, pCurrBSSID, WLAN_BSSID_LEN);
3342     *sFrame.pwBeaconInterval = cpu_to_le16(wCurrBeaconPeriod);
3343     *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
3344     // Copy SSID
3345     sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
3346     sFrame.len += ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len + WLAN_IEHDR_LEN;
3347     memcpy(sFrame.pSSID,
3348              pCurrSSID,
3349              ((PWLAN_IE_SSID)pCurrSSID)->len + WLAN_IEHDR_LEN
3350             );
3351     // Copy the rate set
3352     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3353     sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
3354     memcpy(sFrame.pSuppRates,
3355            pCurrSuppRates,
3356            ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
3357           );
3358     // DS parameter
3359     if (pDevice->eCurrentPHYType != PHY_TYPE_11A) {
3360         sFrame.pDSParms = (PWLAN_IE_DS_PARMS)(sFrame.pBuf + sFrame.len);
3361         sFrame.len += (1) + WLAN_IEHDR_LEN;
3362         sFrame.pDSParms->byElementID = WLAN_EID_DS_PARMS;
3363         sFrame.pDSParms->len = 1;
3364         sFrame.pDSParms->byCurrChannel = (BYTE)uCurrChannel;
3365     }
3366     // TIM field
3367     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
3368         sFrame.pTIM = (PWLAN_IE_TIM)(sFrame.pBuf + sFrame.len);
3369         sFrame.pTIM->byElementID = WLAN_EID_TIM;
3370         s_vMgrFormatTIM(pMgmt, sFrame.pTIM);
3371         sFrame.len += (WLAN_IEHDR_LEN + sFrame.pTIM->len);
3372     }
3373
3374     if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
3375
3376         // IBSS parameter
3377         sFrame.pIBSSParms = (PWLAN_IE_IBSS_PARMS)(sFrame.pBuf + sFrame.len);
3378         sFrame.len += (2) + WLAN_IEHDR_LEN;
3379         sFrame.pIBSSParms->byElementID = WLAN_EID_IBSS_PARMS;
3380         sFrame.pIBSSParms->len = 2;
3381         sFrame.pIBSSParms->wATIMWindow = wCurrATIMWinodw;
3382         if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
3383             /* RSN parameter */
3384             sFrame.pRSNWPA = (PWLAN_IE_RSN_EXT)(sFrame.pBuf + sFrame.len);
3385             sFrame.pRSNWPA->byElementID = WLAN_EID_RSN_WPA;
3386             sFrame.pRSNWPA->len = 12;
3387             sFrame.pRSNWPA->abyOUI[0] = 0x00;
3388             sFrame.pRSNWPA->abyOUI[1] = 0x50;
3389             sFrame.pRSNWPA->abyOUI[2] = 0xf2;
3390             sFrame.pRSNWPA->abyOUI[3] = 0x01;
3391             sFrame.pRSNWPA->wVersion = 1;
3392             sFrame.pRSNWPA->abyMulticast[0] = 0x00;
3393             sFrame.pRSNWPA->abyMulticast[1] = 0x50;
3394             sFrame.pRSNWPA->abyMulticast[2] = 0xf2;
3395             if (pDevice->eEncryptionStatus == Ndis802_11Encryption3Enabled)
3396                 sFrame.pRSNWPA->abyMulticast[3] = 0x04;//AES
3397             else if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled)
3398                 sFrame.pRSNWPA->abyMulticast[3] = 0x02;//TKIP
3399             else if (pDevice->eEncryptionStatus == Ndis802_11Encryption1Enabled)
3400                 sFrame.pRSNWPA->abyMulticast[3] = 0x01;//WEP40
3401             else
3402                 sFrame.pRSNWPA->abyMulticast[3] = 0x00;//NONE
3403
3404             // Pairwise Key Cipher Suite
3405             sFrame.pRSNWPA->wPKCount = 0;
3406             // Auth Key Management Suite
3407             *((PWORD)(sFrame.pBuf + sFrame.len + sFrame.pRSNWPA->len))=0;
3408             sFrame.pRSNWPA->len +=2;
3409
3410             // RSN Capabilites
3411             *((PWORD)(sFrame.pBuf + sFrame.len + sFrame.pRSNWPA->len))=0;
3412             sFrame.pRSNWPA->len +=2;
3413             sFrame.len += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3414         }
3415     }
3416
3417     if ((pMgmt->b11hEnable == TRUE) &&
3418         (pMgmt->eCurrentPHYMode == PHY_TYPE_11A)) {
3419         // Country IE
3420         pbyBuffer = (PBYTE)(sFrame.pBuf + sFrame.len);
3421         CARDvSetCountryIE(pMgmt->pAdapter, pbyBuffer);
3422         CARDvSetCountryInfo(pMgmt->pAdapter, PHY_TYPE_11A, pbyBuffer);
3423         uLength += ((PWLAN_IE_COUNTRY) pbyBuffer)->len + WLAN_IEHDR_LEN;
3424         pbyBuffer += (((PWLAN_IE_COUNTRY) pbyBuffer)->len + WLAN_IEHDR_LEN);
3425         // Power Constrain IE
3426         ((PWLAN_IE_PW_CONST) pbyBuffer)->byElementID = WLAN_EID_PWR_CONSTRAINT;
3427         ((PWLAN_IE_PW_CONST) pbyBuffer)->len = 1;
3428         ((PWLAN_IE_PW_CONST) pbyBuffer)->byPower = 0;
3429         pbyBuffer += (1) + WLAN_IEHDR_LEN;
3430         uLength += (1) + WLAN_IEHDR_LEN;
3431         if (pMgmt->bSwitchChannel == TRUE) {
3432             // Channel Switch IE
3433             ((PWLAN_IE_CH_SW) pbyBuffer)->byElementID = WLAN_EID_CH_SWITCH;
3434             ((PWLAN_IE_CH_SW) pbyBuffer)->len = 3;
3435             ((PWLAN_IE_CH_SW) pbyBuffer)->byMode = 1;
3436             ((PWLAN_IE_CH_SW) pbyBuffer)->byChannel = CARDbyGetChannelNumber(pMgmt->pAdapter, pMgmt->byNewChannel);
3437             ((PWLAN_IE_CH_SW) pbyBuffer)->byCount = 0;
3438             pbyBuffer += (3) + WLAN_IEHDR_LEN;
3439             uLength += (3) + WLAN_IEHDR_LEN;
3440         }
3441         // TPC report
3442         ((PWLAN_IE_TPC_REP) pbyBuffer)->byElementID = WLAN_EID_TPC_REP;
3443         ((PWLAN_IE_TPC_REP) pbyBuffer)->len = 2;
3444         ((PWLAN_IE_TPC_REP) pbyBuffer)->byTxPower = CARDbyGetTransmitPower(pMgmt->pAdapter);
3445         ((PWLAN_IE_TPC_REP) pbyBuffer)->byLinkMargin = 0;
3446         pbyBuffer += (2) + WLAN_IEHDR_LEN;
3447         uLength += (2) + WLAN_IEHDR_LEN;
3448         // IBSS DFS
3449         if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP) {
3450             pIBSSDFS = (PWLAN_IE_IBSS_DFS) pbyBuffer;
3451             pIBSSDFS->byElementID = WLAN_EID_IBSS_DFS;
3452             pIBSSDFS->len = 7;
3453             MEMvCopy(   pIBSSDFS->abyDFSOwner,
3454                         pMgmt->abyIBSSDFSOwner,
3455                         6);
3456             pIBSSDFS->byDFSRecovery = pMgmt->byIBSSDFSRecovery;
3457             pbyBuffer += (7) + WLAN_IEHDR_LEN;
3458             uLength += (7) + WLAN_IEHDR_LEN;
3459             for(ii=CB_MAX_CHANNEL_24G+1; ii<=CB_MAX_CHANNEL; ii++ ) {
3460                 if (CARDbGetChannelMapInfo(pMgmt->pAdapter, ii, pbyBuffer, pbyBuffer+1) == TRUE) {
3461                     pbyBuffer += 2;
3462                     uLength += 2;
3463                     pIBSSDFS->len += 2;
3464                 }
3465             }
3466         }
3467         sFrame.len += uLength;
3468     }
3469
3470     if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
3471         sFrame.pERP = (PWLAN_IE_ERP)(sFrame.pBuf + sFrame.len);
3472         sFrame.len += 1 + WLAN_IEHDR_LEN;
3473         sFrame.pERP->byElementID = WLAN_EID_ERP;
3474         sFrame.pERP->len = 1;
3475         sFrame.pERP->byContext = 0;
3476         if (pDevice->bProtectMode == TRUE)
3477             sFrame.pERP->byContext |= WLAN_EID_ERP_USE_PROTECTION;
3478         if (pDevice->bNonERPPresent == TRUE)
3479             sFrame.pERP->byContext |= WLAN_EID_ERP_NONERP_PRESENT;
3480         if (pDevice->bBarkerPreambleMd == TRUE)
3481             sFrame.pERP->byContext |= WLAN_EID_ERP_BARKER_MODE;
3482     }
3483     if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
3484         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3485         sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
3486         MEMvCopy(sFrame.pExtSuppRates,
3487              pCurrExtSuppRates,
3488              ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
3489              );
3490     }
3491     // hostapd wpa/wpa2 IE
3492     if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnableHostapd == TRUE)) {
3493          if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
3494              if (pMgmt->wWPAIELen != 0) {
3495                  sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
3496                  memcpy(sFrame.pRSN, pMgmt->abyWPAIE, pMgmt->wWPAIELen);
3497                  sFrame.len += pMgmt->wWPAIELen;
3498              }
3499          }
3500     }
3501
3502     /* Adjust the length fields */
3503     pTxPacket->cbMPDULen = sFrame.len;
3504     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
3505
3506     return pTxPacket;
3507 }
3508
3509
3510
3511
3512
3513 /*+
3514  *
3515  * Routine Description:
3516  *  Constructs an Prob-response frame
3517  *
3518  *
3519  * Return Value:
3520  *    PTR to frame; or NULL on allocation failue
3521  *
3522 -*/
3523
3524
3525
3526
3527 PSTxMgmtPacket
3528 s_MgrMakeProbeResponse(
3529     IN PSDevice pDevice,
3530     IN PSMgmtObject pMgmt,
3531     IN WORD wCurrCapInfo,
3532     IN WORD wCurrBeaconPeriod,
3533     IN UINT uCurrChannel,
3534     IN WORD wCurrATIMWinodw,
3535     IN PBYTE pDstAddr,
3536     IN PWLAN_IE_SSID pCurrSSID,
3537     IN PBYTE pCurrBSSID,
3538     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
3539     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates,
3540     IN BYTE byPHYType
3541     )
3542 {
3543     PSTxMgmtPacket      pTxPacket = NULL;
3544     WLAN_FR_PROBERESP   sFrame;
3545     PBYTE               pbyBuffer;
3546     UINT                uLength = 0;
3547     PWLAN_IE_IBSS_DFS   pIBSSDFS = NULL;
3548     UINT                ii;
3549
3550
3551     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3552     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_PROBERESP_FR_MAXLEN);
3553     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3554     // Setup the sFrame structure.
3555     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3556     sFrame.len = WLAN_PROBERESP_FR_MAXLEN;
3557     vMgrEncodeProbeResponse(&sFrame);
3558     // Setup the header
3559     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
3560         (
3561         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
3562         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_PROBERESP)
3563         ));
3564     memcpy( sFrame.pHdr->sA3.abyAddr1, pDstAddr, WLAN_ADDR_LEN);
3565     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
3566     memcpy( sFrame.pHdr->sA3.abyAddr3, pCurrBSSID, WLAN_BSSID_LEN);
3567     *sFrame.pwBeaconInterval = cpu_to_le16(wCurrBeaconPeriod);
3568     *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
3569
3570     if (byPHYType == BB_TYPE_11B) {
3571         *sFrame.pwCapInfo &= cpu_to_le16((WORD)~(WLAN_SET_CAP_INFO_SHORTSLOTTIME(1)));
3572     }
3573
3574     // Copy SSID
3575     sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
3576     sFrame.len += ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len + WLAN_IEHDR_LEN;
3577     memcpy(sFrame.pSSID,
3578            pCurrSSID,
3579            ((PWLAN_IE_SSID)pCurrSSID)->len + WLAN_IEHDR_LEN
3580            );
3581     // Copy the rate set
3582     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3583
3584     sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
3585     memcpy(sFrame.pSuppRates,
3586            pCurrSuppRates,
3587            ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
3588           );
3589
3590     // DS parameter
3591     if (pDevice->eCurrentPHYType != PHY_TYPE_11A) {
3592         sFrame.pDSParms = (PWLAN_IE_DS_PARMS)(sFrame.pBuf + sFrame.len);
3593         sFrame.len += (1) + WLAN_IEHDR_LEN;
3594         sFrame.pDSParms->byElementID = WLAN_EID_DS_PARMS;
3595         sFrame.pDSParms->len = 1;
3596         sFrame.pDSParms->byCurrChannel = (BYTE)uCurrChannel;
3597     }
3598
3599     if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP) {
3600         // IBSS parameter
3601         sFrame.pIBSSParms = (PWLAN_IE_IBSS_PARMS)(sFrame.pBuf + sFrame.len);
3602         sFrame.len += (2) + WLAN_IEHDR_LEN;
3603         sFrame.pIBSSParms->byElementID = WLAN_EID_IBSS_PARMS;
3604         sFrame.pIBSSParms->len = 2;
3605         sFrame.pIBSSParms->wATIMWindow = 0;
3606     }
3607     if (pDevice->eCurrentPHYType == PHY_TYPE_11G) {
3608         sFrame.pERP = (PWLAN_IE_ERP)(sFrame.pBuf + sFrame.len);
3609         sFrame.len += 1 + WLAN_IEHDR_LEN;
3610         sFrame.pERP->byElementID = WLAN_EID_ERP;
3611         sFrame.pERP->len = 1;
3612         sFrame.pERP->byContext = 0;
3613         if (pDevice->bProtectMode == TRUE)
3614             sFrame.pERP->byContext |= WLAN_EID_ERP_USE_PROTECTION;
3615         if (pDevice->bNonERPPresent == TRUE)
3616             sFrame.pERP->byContext |= WLAN_EID_ERP_NONERP_PRESENT;
3617         if (pDevice->bBarkerPreambleMd == TRUE)
3618             sFrame.pERP->byContext |= WLAN_EID_ERP_BARKER_MODE;
3619     }
3620
3621     if ((pMgmt->b11hEnable == TRUE) &&
3622         (pMgmt->eCurrentPHYMode == PHY_TYPE_11A)) {
3623         // Country IE
3624         pbyBuffer = (PBYTE)(sFrame.pBuf + sFrame.len);
3625         CARDvSetCountryIE(pMgmt->pAdapter, pbyBuffer);
3626         CARDvSetCountryInfo(pMgmt->pAdapter, PHY_TYPE_11A, pbyBuffer);
3627         uLength += ((PWLAN_IE_COUNTRY) pbyBuffer)->len + WLAN_IEHDR_LEN;
3628         pbyBuffer += (((PWLAN_IE_COUNTRY) pbyBuffer)->len + WLAN_IEHDR_LEN);
3629         // Power Constrain IE
3630         ((PWLAN_IE_PW_CONST) pbyBuffer)->byElementID = WLAN_EID_PWR_CONSTRAINT;
3631         ((PWLAN_IE_PW_CONST) pbyBuffer)->len = 1;
3632         ((PWLAN_IE_PW_CONST) pbyBuffer)->byPower = 0;
3633         pbyBuffer += (1) + WLAN_IEHDR_LEN;
3634         uLength += (1) + WLAN_IEHDR_LEN;
3635         if (pMgmt->bSwitchChannel == TRUE) {
3636             // Channel Switch IE
3637             ((PWLAN_IE_CH_SW) pbyBuffer)->byElementID = WLAN_EID_CH_SWITCH;
3638             ((PWLAN_IE_CH_SW) pbyBuffer)->len = 3;
3639             ((PWLAN_IE_CH_SW) pbyBuffer)->byMode = 1;
3640             ((PWLAN_IE_CH_SW) pbyBuffer)->byChannel = CARDbyGetChannelNumber(pMgmt->pAdapter, pMgmt->byNewChannel);
3641             ((PWLAN_IE_CH_SW) pbyBuffer)->byCount = 0;
3642             pbyBuffer += (3) + WLAN_IEHDR_LEN;
3643             uLength += (3) + WLAN_IEHDR_LEN;
3644         }
3645         // TPC report
3646         ((PWLAN_IE_TPC_REP) pbyBuffer)->byElementID = WLAN_EID_TPC_REP;
3647         ((PWLAN_IE_TPC_REP) pbyBuffer)->len = 2;
3648         ((PWLAN_IE_TPC_REP) pbyBuffer)->byTxPower = CARDbyGetTransmitPower(pMgmt->pAdapter);
3649         ((PWLAN_IE_TPC_REP) pbyBuffer)->byLinkMargin = 0;
3650         pbyBuffer += (2) + WLAN_IEHDR_LEN;
3651         uLength += (2) + WLAN_IEHDR_LEN;
3652         // IBSS DFS
3653         if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP) {
3654             pIBSSDFS = (PWLAN_IE_IBSS_DFS) pbyBuffer;
3655             pIBSSDFS->byElementID = WLAN_EID_IBSS_DFS;
3656             pIBSSDFS->len = 7;
3657             MEMvCopy(   pIBSSDFS->abyDFSOwner,
3658                         pMgmt->abyIBSSDFSOwner,
3659                         6);
3660             pIBSSDFS->byDFSRecovery = pMgmt->byIBSSDFSRecovery;
3661             pbyBuffer += (7) + WLAN_IEHDR_LEN;
3662             uLength += (7) + WLAN_IEHDR_LEN;
3663             for(ii=CB_MAX_CHANNEL_24G+1; ii<=CB_MAX_CHANNEL; ii++ ) {
3664                 if (CARDbGetChannelMapInfo(pMgmt->pAdapter, ii, pbyBuffer, pbyBuffer+1) == TRUE) {
3665                     pbyBuffer += 2;
3666                     uLength += 2;
3667                     pIBSSDFS->len += 2;
3668                 }
3669             }
3670         }
3671         sFrame.len += uLength;
3672     }
3673
3674
3675     if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
3676         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3677         sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
3678         MEMvCopy(sFrame.pExtSuppRates,
3679              pCurrExtSuppRates,
3680              ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
3681              );
3682     }
3683
3684     // hostapd wpa/wpa2 IE
3685     if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnableHostapd == TRUE)) {
3686          if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
3687              if (pMgmt->wWPAIELen != 0) {
3688                  sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
3689                  memcpy(sFrame.pRSN, pMgmt->abyWPAIE, pMgmt->wWPAIELen);
3690                  sFrame.len += pMgmt->wWPAIELen;
3691              }
3692          }
3693     }
3694
3695     // Adjust the length fields
3696     pTxPacket->cbMPDULen = sFrame.len;
3697     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
3698
3699     return pTxPacket;
3700 }
3701
3702
3703
3704 /*+
3705  *
3706  * Routine Description:
3707  *  Constructs an association request frame
3708  *
3709  *
3710  * Return Value:
3711  *    A ptr to frame or NULL on allocation failue
3712  *
3713 -*/
3714
3715
3716 PSTxMgmtPacket
3717 s_MgrMakeAssocRequest(
3718     IN PSDevice pDevice,
3719     IN PSMgmtObject pMgmt,
3720     IN PBYTE pDAddr,
3721     IN WORD wCurrCapInfo,
3722     IN WORD wListenInterval,
3723     IN PWLAN_IE_SSID pCurrSSID,
3724     IN PWLAN_IE_SUPP_RATES pCurrRates,
3725     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
3726     )
3727 {
3728     PSTxMgmtPacket      pTxPacket = NULL;
3729     WLAN_FR_ASSOCREQ    sFrame;
3730     PBYTE               pbyIEs;
3731     PBYTE               pbyRSN;
3732
3733
3734     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3735     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_ASSOCREQ_FR_MAXLEN);
3736     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3737     // Setup the sFrame structure.
3738     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3739     sFrame.len = WLAN_ASSOCREQ_FR_MAXLEN;
3740     // format fixed field frame structure
3741     vMgrEncodeAssocRequest(&sFrame);
3742     // Setup the header
3743     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
3744         (
3745         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
3746         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_ASSOCREQ)
3747         ));
3748     memcpy( sFrame.pHdr->sA3.abyAddr1, pDAddr, WLAN_ADDR_LEN);
3749     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
3750     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
3751
3752     // Set the capibility and listen interval
3753     *(sFrame.pwCapInfo) = cpu_to_le16(wCurrCapInfo);
3754     *(sFrame.pwListenInterval) = cpu_to_le16(wListenInterval);
3755
3756     // sFrame.len point to end of fixed field
3757     sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
3758     sFrame.len += pCurrSSID->len + WLAN_IEHDR_LEN;
3759     memcpy(sFrame.pSSID, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
3760
3761     pMgmt->sAssocInfo.AssocInfo.RequestIELength = pCurrSSID->len + WLAN_IEHDR_LEN;
3762     pMgmt->sAssocInfo.AssocInfo.OffsetRequestIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
3763     pbyIEs = pMgmt->sAssocInfo.abyIEs;
3764     MEMvCopy(pbyIEs, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
3765     pbyIEs += pCurrSSID->len + WLAN_IEHDR_LEN;
3766
3767     // Copy the rate set
3768     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3769     if ((pDevice->eCurrentPHYType == PHY_TYPE_11B) && (pCurrRates->len > 4))
3770         sFrame.len += 4 + WLAN_IEHDR_LEN;
3771     else
3772         sFrame.len += pCurrRates->len + WLAN_IEHDR_LEN;
3773     memcpy(sFrame.pSuppRates, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
3774
3775     // Copy the extension rate set
3776     if ((pDevice->eCurrentPHYType == PHY_TYPE_11G) && (pCurrExtSuppRates->len > 0)) {
3777         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3778         sFrame.len += pCurrExtSuppRates->len + WLAN_IEHDR_LEN;
3779         memcpy(sFrame.pExtSuppRates, pCurrExtSuppRates, pCurrExtSuppRates->len + WLAN_IEHDR_LEN);
3780     }
3781
3782     pMgmt->sAssocInfo.AssocInfo.RequestIELength += pCurrRates->len + WLAN_IEHDR_LEN;
3783     MEMvCopy(pbyIEs, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
3784     pbyIEs += pCurrRates->len + WLAN_IEHDR_LEN;
3785
3786     // for 802.11h
3787     if (pMgmt->b11hEnable == TRUE) {
3788         if (sFrame.pCurrPowerCap == NULL) {
3789             sFrame.pCurrPowerCap = (PWLAN_IE_PW_CAP)(sFrame.pBuf + sFrame.len);
3790             sFrame.len += (2 + WLAN_IEHDR_LEN);
3791             sFrame.pCurrPowerCap->byElementID = WLAN_EID_PWR_CAPABILITY;
3792             sFrame.pCurrPowerCap->len = 2;
3793             CARDvGetPowerCapability(pMgmt->pAdapter,
3794                                     &(sFrame.pCurrPowerCap->byMinPower),
3795                                     &(sFrame.pCurrPowerCap->byMaxPower)
3796                                     );
3797         }
3798         if (sFrame.pCurrSuppCh == NULL) {
3799             sFrame.pCurrSuppCh = (PWLAN_IE_SUPP_CH)(sFrame.pBuf + sFrame.len);
3800             sFrame.len += CARDbySetSupportChannels(pMgmt->pAdapter,(PBYTE)sFrame.pCurrSuppCh);
3801         }
3802     }
3803
3804     if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
3805          (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
3806          (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE)) &&
3807         (pMgmt->pCurrBSS != NULL)) {
3808         /* WPA IE */
3809         sFrame.pRSNWPA = (PWLAN_IE_RSN_EXT)(sFrame.pBuf + sFrame.len);
3810         sFrame.pRSNWPA->byElementID = WLAN_EID_RSN_WPA;
3811         sFrame.pRSNWPA->len = 16;
3812         sFrame.pRSNWPA->abyOUI[0] = 0x00;
3813         sFrame.pRSNWPA->abyOUI[1] = 0x50;
3814         sFrame.pRSNWPA->abyOUI[2] = 0xf2;
3815         sFrame.pRSNWPA->abyOUI[3] = 0x01;
3816         sFrame.pRSNWPA->wVersion = 1;
3817         //Group Key Cipher Suite
3818         sFrame.pRSNWPA->abyMulticast[0] = 0x00;
3819         sFrame.pRSNWPA->abyMulticast[1] = 0x50;
3820         sFrame.pRSNWPA->abyMulticast[2] = 0xf2;
3821         if (pMgmt->byCSSGK == KEY_CTL_WEP) {
3822             sFrame.pRSNWPA->abyMulticast[3] = pMgmt->pCurrBSS->byGKType;
3823         } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
3824             sFrame.pRSNWPA->abyMulticast[3] = WPA_TKIP;
3825         } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
3826             sFrame.pRSNWPA->abyMulticast[3] = WPA_AESCCMP;
3827         } else {
3828             sFrame.pRSNWPA->abyMulticast[3] = WPA_NONE;
3829         }
3830         // Pairwise Key Cipher Suite
3831         sFrame.pRSNWPA->wPKCount = 1;
3832         sFrame.pRSNWPA->PKSList[0].abyOUI[0] = 0x00;
3833         sFrame.pRSNWPA->PKSList[0].abyOUI[1] = 0x50;
3834         sFrame.pRSNWPA->PKSList[0].abyOUI[2] = 0xf2;
3835         if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
3836             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_TKIP;
3837         } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
3838             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_AESCCMP;
3839         } else {
3840             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_NONE;
3841         }
3842         // Auth Key Management Suite
3843         pbyRSN = (PBYTE)(sFrame.pBuf + sFrame.len + 2 + sFrame.pRSNWPA->len);
3844         *pbyRSN++=0x01;
3845         *pbyRSN++=0x00;
3846         *pbyRSN++=0x00;
3847         *pbyRSN++=0x50;
3848         *pbyRSN++=0xf2;
3849         if (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) {
3850             *pbyRSN++=WPA_AUTH_PSK;
3851         }
3852         else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA) {
3853             *pbyRSN++=WPA_AUTH_IEEE802_1X;
3854         }
3855         else {
3856             *pbyRSN++=WPA_NONE;
3857         }
3858         sFrame.pRSNWPA->len +=6;
3859
3860         // RSN Capabilites
3861         *pbyRSN++=0x00;
3862         *pbyRSN++=0x00;
3863         sFrame.pRSNWPA->len +=2;
3864         sFrame.len += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3865         // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
3866         pMgmt->sAssocInfo.AssocInfo.RequestIELength += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3867         MEMvCopy(pbyIEs, sFrame.pRSNWPA, sFrame.pRSNWPA->len + WLAN_IEHDR_LEN);
3868         pbyIEs += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3869
3870     } else if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
3871                 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) &&
3872                (pMgmt->pCurrBSS != NULL)) {
3873         UINT                ii;
3874         PWORD               pwPMKID;
3875
3876         // WPA IE
3877         sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
3878         sFrame.pRSN->byElementID = WLAN_EID_RSN;
3879         sFrame.pRSN->len = 6; //Version(2)+GK(4)
3880         sFrame.pRSN->wVersion = 1;
3881         //Group Key Cipher Suite
3882         sFrame.pRSN->abyRSN[0] = 0x00;
3883         sFrame.pRSN->abyRSN[1] = 0x0F;
3884         sFrame.pRSN->abyRSN[2] = 0xAC;
3885         if (pMgmt->byCSSGK == KEY_CTL_WEP) {
3886             sFrame.pRSN->abyRSN[3] = pMgmt->pCurrBSS->byCSSGK;
3887         } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
3888             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_TKIP;
3889         } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
3890             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_CCMP;
3891         } else {
3892             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_UNKNOWN;
3893         }
3894
3895         // Pairwise Key Cipher Suite
3896         sFrame.pRSN->abyRSN[4] = 1;
3897         sFrame.pRSN->abyRSN[5] = 0;
3898         sFrame.pRSN->abyRSN[6] = 0x00;
3899         sFrame.pRSN->abyRSN[7] = 0x0F;
3900         sFrame.pRSN->abyRSN[8] = 0xAC;
3901         if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
3902             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_TKIP;
3903         } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
3904             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_CCMP;
3905         } else if (pMgmt->byCSSPK == KEY_CTL_NONE) {
3906             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_USE_GROUP;
3907         } else {
3908             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_UNKNOWN;
3909         }
3910         sFrame.pRSN->len += 6;
3911
3912         // Auth Key Management Suite
3913         sFrame.pRSN->abyRSN[10] = 1;
3914         sFrame.pRSN->abyRSN[11] = 0;
3915         sFrame.pRSN->abyRSN[12] = 0x00;
3916         sFrame.pRSN->abyRSN[13] = 0x0F;
3917         sFrame.pRSN->abyRSN[14] = 0xAC;
3918         if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK) {
3919             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_PSK;
3920         } else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
3921             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_802_1X;
3922         } else {
3923             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_UNKNOWN;
3924         }
3925         sFrame.pRSN->len +=6;
3926
3927         // RSN Capabilites
3928         if (pMgmt->pCurrBSS->sRSNCapObj.bRSNCapExist == TRUE) {
3929             MEMvCopy(&sFrame.pRSN->abyRSN[16], &pMgmt->pCurrBSS->sRSNCapObj.wRSNCap, 2);
3930         } else {
3931             sFrame.pRSN->abyRSN[16] = 0;
3932             sFrame.pRSN->abyRSN[17] = 0;
3933         }
3934         sFrame.pRSN->len +=2;
3935
3936         if ((pDevice->gsPMKID.BSSIDInfoCount > 0) && (pDevice->bRoaming == TRUE) && (pMgmt->eAuthenMode == WMAC_AUTH_WPA2)) {
3937             // RSN PMKID
3938             pbyRSN = &sFrame.pRSN->abyRSN[18];
3939             pwPMKID = (PWORD)pbyRSN; // Point to PMKID count
3940             *pwPMKID = 0;            // Initialize PMKID count
3941             pbyRSN += 2;             // Point to PMKID list
3942             for (ii = 0; ii < pDevice->gsPMKID.BSSIDInfoCount; ii++) {
3943                 if (MEMEqualMemory(&pDevice->gsPMKID.BSSIDInfo[ii].BSSID[0], pMgmt->abyCurrBSSID, U_ETHER_ADDR_LEN)) {
3944                     (*pwPMKID) ++;
3945                     MEMvCopy(pbyRSN, pDevice->gsPMKID.BSSIDInfo[ii].PMKID, 16);
3946                     pbyRSN += 16;
3947                 }
3948             }
3949             if (*pwPMKID != 0) {
3950                 sFrame.pRSN->len += (2 + (*pwPMKID)*16);
3951             }
3952         }
3953
3954         sFrame.len += sFrame.pRSN->len + WLAN_IEHDR_LEN;
3955         // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
3956         pMgmt->sAssocInfo.AssocInfo.RequestIELength += sFrame.pRSN->len + WLAN_IEHDR_LEN;
3957         MEMvCopy(pbyIEs, sFrame.pRSN, sFrame.pRSN->len + WLAN_IEHDR_LEN);
3958         pbyIEs += sFrame.pRSN->len + WLAN_IEHDR_LEN;
3959     }
3960
3961
3962     // Adjust the length fields
3963     pTxPacket->cbMPDULen = sFrame.len;
3964     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
3965     return pTxPacket;
3966 }
3967
3968
3969
3970
3971
3972
3973
3974
3975 /*+
3976  *
3977  * Routine Description:
3978  *  Constructs an re-association request frame
3979  *
3980  *
3981  * Return Value:
3982  *    A ptr to frame or NULL on allocation failue
3983  *
3984 -*/
3985
3986
3987 PSTxMgmtPacket
3988 s_MgrMakeReAssocRequest(
3989     IN PSDevice pDevice,
3990     IN PSMgmtObject pMgmt,
3991     IN PBYTE pDAddr,
3992     IN WORD wCurrCapInfo,
3993     IN WORD wListenInterval,
3994     IN PWLAN_IE_SSID pCurrSSID,
3995     IN PWLAN_IE_SUPP_RATES pCurrRates,
3996     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
3997     )
3998 {
3999     PSTxMgmtPacket      pTxPacket = NULL;
4000     WLAN_FR_REASSOCREQ  sFrame;
4001     PBYTE               pbyIEs;
4002     PBYTE               pbyRSN;
4003
4004
4005     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
4006     memset( pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_REASSOCREQ_FR_MAXLEN);
4007     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
4008     /* Setup the sFrame structure. */
4009     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
4010     sFrame.len = WLAN_REASSOCREQ_FR_MAXLEN;
4011
4012     // format fixed field frame structure
4013     vMgrEncodeReassocRequest(&sFrame);
4014
4015     /* Setup the header */
4016     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
4017         (
4018         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
4019         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_REASSOCREQ)
4020         ));
4021     memcpy( sFrame.pHdr->sA3.abyAddr1, pDAddr, WLAN_ADDR_LEN);
4022     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
4023     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
4024
4025     /* Set the capibility and listen interval */
4026     *(sFrame.pwCapInfo) = cpu_to_le16(wCurrCapInfo);
4027     *(sFrame.pwListenInterval) = cpu_to_le16(wListenInterval);
4028
4029     memcpy(sFrame.pAddrCurrAP, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
4030     /* Copy the SSID */
4031     /* sFrame.len point to end of fixed field */
4032     sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
4033     sFrame.len += pCurrSSID->len + WLAN_IEHDR_LEN;
4034     memcpy(sFrame.pSSID, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
4035
4036     pMgmt->sAssocInfo.AssocInfo.RequestIELength = pCurrSSID->len + WLAN_IEHDR_LEN;
4037     pMgmt->sAssocInfo.AssocInfo.OffsetRequestIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
4038     pbyIEs = pMgmt->sAssocInfo.abyIEs;
4039     MEMvCopy(pbyIEs, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
4040     pbyIEs += pCurrSSID->len + WLAN_IEHDR_LEN;
4041
4042     /* Copy the rate set */
4043     /* sFrame.len point to end of SSID */
4044     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4045     sFrame.len += pCurrRates->len + WLAN_IEHDR_LEN;
4046     memcpy(sFrame.pSuppRates, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
4047
4048     // Copy the extension rate set
4049     if ((pMgmt->eCurrentPHYMode == PHY_TYPE_11G) && (pCurrExtSuppRates->len > 0)) {
4050         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4051         sFrame.len += pCurrExtSuppRates->len + WLAN_IEHDR_LEN;
4052         memcpy(sFrame.pExtSuppRates, pCurrExtSuppRates, pCurrExtSuppRates->len + WLAN_IEHDR_LEN);
4053     }
4054
4055     pMgmt->sAssocInfo.AssocInfo.RequestIELength += pCurrRates->len + WLAN_IEHDR_LEN;
4056     MEMvCopy(pbyIEs, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
4057     pbyIEs += pCurrRates->len + WLAN_IEHDR_LEN;
4058
4059     if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
4060          (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
4061          (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE)) &&
4062         (pMgmt->pCurrBSS != NULL)) {
4063         /* WPA IE */
4064         sFrame.pRSNWPA = (PWLAN_IE_RSN_EXT)(sFrame.pBuf + sFrame.len);
4065         sFrame.pRSNWPA->byElementID = WLAN_EID_RSN_WPA;
4066         sFrame.pRSNWPA->len = 16;
4067         sFrame.pRSNWPA->abyOUI[0] = 0x00;
4068         sFrame.pRSNWPA->abyOUI[1] = 0x50;
4069         sFrame.pRSNWPA->abyOUI[2] = 0xf2;
4070         sFrame.pRSNWPA->abyOUI[3] = 0x01;
4071         sFrame.pRSNWPA->wVersion = 1;
4072         //Group Key Cipher Suite
4073         sFrame.pRSNWPA->abyMulticast[0] = 0x00;
4074         sFrame.pRSNWPA->abyMulticast[1] = 0x50;
4075         sFrame.pRSNWPA->abyMulticast[2] = 0xf2;
4076         if (pMgmt->byCSSGK == KEY_CTL_WEP) {
4077             sFrame.pRSNWPA->abyMulticast[3] = pMgmt->pCurrBSS->byGKType;
4078         } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
4079             sFrame.pRSNWPA->abyMulticast[3] = WPA_TKIP;
4080         } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
4081             sFrame.pRSNWPA->abyMulticast[3] = WPA_AESCCMP;
4082         } else {
4083             sFrame.pRSNWPA->abyMulticast[3] = WPA_NONE;
4084         }
4085         // Pairwise Key Cipher Suite
4086         sFrame.pRSNWPA->wPKCount = 1;
4087         sFrame.pRSNWPA->PKSList[0].abyOUI[0] = 0x00;
4088         sFrame.pRSNWPA->PKSList[0].abyOUI[1] = 0x50;
4089         sFrame.pRSNWPA->PKSList[0].abyOUI[2] = 0xf2;
4090         if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
4091             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_TKIP;
4092         } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
4093             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_AESCCMP;
4094         } else {
4095             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_NONE;
4096         }
4097         // Auth Key Management Suite
4098         pbyRSN = (PBYTE)(sFrame.pBuf + sFrame.len + 2 + sFrame.pRSNWPA->len);
4099         *pbyRSN++=0x01;
4100         *pbyRSN++=0x00;
4101         *pbyRSN++=0x00;
4102         *pbyRSN++=0x50;
4103         *pbyRSN++=0xf2;
4104         if (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) {
4105             *pbyRSN++=WPA_AUTH_PSK;
4106         } else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA) {
4107             *pbyRSN++=WPA_AUTH_IEEE802_1X;
4108         } else {
4109             *pbyRSN++=WPA_NONE;
4110         }
4111         sFrame.pRSNWPA->len +=6;
4112
4113         // RSN Capabilites
4114         *pbyRSN++=0x00;
4115         *pbyRSN++=0x00;
4116         sFrame.pRSNWPA->len +=2;
4117         sFrame.len += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
4118         // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
4119         pMgmt->sAssocInfo.AssocInfo.RequestIELength += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
4120         MEMvCopy(pbyIEs, sFrame.pRSNWPA, sFrame.pRSNWPA->len + WLAN_IEHDR_LEN);
4121         pbyIEs += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
4122
4123     } else if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
4124                 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) &&
4125                (pMgmt->pCurrBSS != NULL)) {
4126         UINT                ii;
4127         PWORD               pwPMKID;
4128
4129         /* WPA IE */
4130         sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
4131         sFrame.pRSN->byElementID = WLAN_EID_RSN;
4132         sFrame.pRSN->len = 6; //Version(2)+GK(4)
4133         sFrame.pRSN->wVersion = 1;
4134         //Group Key Cipher Suite
4135         sFrame.pRSN->abyRSN[0] = 0x00;
4136         sFrame.pRSN->abyRSN[1] = 0x0F;
4137         sFrame.pRSN->abyRSN[2] = 0xAC;
4138         if (pMgmt->byCSSGK == KEY_CTL_WEP) {
4139             sFrame.pRSN->abyRSN[3] = pMgmt->pCurrBSS->byCSSGK;
4140         } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
4141             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_TKIP;
4142         } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
4143             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_CCMP;
4144         } else {
4145             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_UNKNOWN;
4146         }
4147
4148         // Pairwise Key Cipher Suite
4149         sFrame.pRSN->abyRSN[4] = 1;
4150         sFrame.pRSN->abyRSN[5] = 0;
4151         sFrame.pRSN->abyRSN[6] = 0x00;
4152         sFrame.pRSN->abyRSN[7] = 0x0F;
4153         sFrame.pRSN->abyRSN[8] = 0xAC;
4154         if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
4155             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_TKIP;
4156         } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
4157             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_CCMP;
4158         } else if (pMgmt->byCSSPK == KEY_CTL_NONE) {
4159             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_USE_GROUP;
4160         } else {
4161             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_UNKNOWN;
4162         }
4163         sFrame.pRSN->len += 6;
4164
4165         // Auth Key Management Suite
4166         sFrame.pRSN->abyRSN[10] = 1;
4167         sFrame.pRSN->abyRSN[11] = 0;
4168         sFrame.pRSN->abyRSN[12] = 0x00;
4169         sFrame.pRSN->abyRSN[13] = 0x0F;
4170         sFrame.pRSN->abyRSN[14] = 0xAC;
4171         if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK) {
4172             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_PSK;
4173         } else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
4174             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_802_1X;
4175         } else {
4176             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_UNKNOWN;
4177         }
4178         sFrame.pRSN->len +=6;
4179
4180         // RSN Capabilites
4181         if (pMgmt->pCurrBSS->sRSNCapObj.bRSNCapExist == TRUE) {
4182             MEMvCopy(&sFrame.pRSN->abyRSN[16], &pMgmt->pCurrBSS->sRSNCapObj.wRSNCap, 2);
4183         } else {
4184             sFrame.pRSN->abyRSN[16] = 0;
4185             sFrame.pRSN->abyRSN[17] = 0;
4186         }
4187         sFrame.pRSN->len +=2;
4188
4189         if ((pDevice->gsPMKID.BSSIDInfoCount > 0) && (pDevice->bRoaming == TRUE) && (pMgmt->eAuthenMode == WMAC_AUTH_WPA2)) {
4190             // RSN PMKID
4191             pbyRSN = &sFrame.pRSN->abyRSN[18];
4192             pwPMKID = (PWORD)pbyRSN; // Point to PMKID count
4193             *pwPMKID = 0;            // Initialize PMKID count
4194             pbyRSN += 2;             // Point to PMKID list
4195             for (ii = 0; ii < pDevice->gsPMKID.BSSIDInfoCount; ii++) {
4196                 if (MEMEqualMemory(&pDevice->gsPMKID.BSSIDInfo[ii].BSSID[0], pMgmt->abyCurrBSSID, U_ETHER_ADDR_LEN)) {
4197                     (*pwPMKID) ++;
4198                     MEMvCopy(pbyRSN, pDevice->gsPMKID.BSSIDInfo[ii].PMKID, 16);
4199                     pbyRSN += 16;
4200                 }
4201             }
4202             if (*pwPMKID != 0) {
4203                 sFrame.pRSN->len += (2 + (*pwPMKID)*16);
4204             }
4205         }
4206
4207         sFrame.len += sFrame.pRSN->len + WLAN_IEHDR_LEN;
4208         // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
4209         pMgmt->sAssocInfo.AssocInfo.RequestIELength += sFrame.pRSN->len + WLAN_IEHDR_LEN;
4210         MEMvCopy(pbyIEs, sFrame.pRSN, sFrame.pRSN->len + WLAN_IEHDR_LEN);
4211         pbyIEs += sFrame.pRSN->len + WLAN_IEHDR_LEN;
4212     }
4213
4214
4215     /* Adjust the length fields */
4216     pTxPacket->cbMPDULen = sFrame.len;
4217     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
4218
4219     return pTxPacket;
4220 }
4221
4222
4223
4224 /*+
4225  *
4226  * Routine Description:
4227  *  Constructs an assoc-response frame
4228  *
4229  *
4230  * Return Value:
4231  *    PTR to frame; or NULL on allocation failue
4232  *
4233 -*/
4234
4235
4236 PSTxMgmtPacket
4237 s_MgrMakeAssocResponse(
4238     IN PSDevice pDevice,
4239     IN PSMgmtObject pMgmt,
4240     IN WORD wCurrCapInfo,
4241     IN WORD wAssocStatus,
4242     IN WORD wAssocAID,
4243     IN PBYTE pDstAddr,
4244     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
4245     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
4246     )
4247 {
4248     PSTxMgmtPacket      pTxPacket = NULL;
4249     WLAN_FR_ASSOCRESP   sFrame;
4250
4251
4252     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
4253     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_ASSOCREQ_FR_MAXLEN);
4254     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
4255     // Setup the sFrame structure
4256     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
4257     sFrame.len = WLAN_REASSOCRESP_FR_MAXLEN;
4258     vMgrEncodeAssocResponse(&sFrame);
4259     // Setup the header
4260     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
4261         (
4262         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
4263         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_ASSOCRESP)
4264         ));
4265     memcpy( sFrame.pHdr->sA3.abyAddr1, pDstAddr, WLAN_ADDR_LEN);
4266     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
4267     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
4268
4269     *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
4270     *sFrame.pwStatus = cpu_to_le16(wAssocStatus);
4271     *sFrame.pwAid = cpu_to_le16((WORD)(wAssocAID | BIT14 | BIT15));
4272
4273     // Copy the rate set
4274     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4275     sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
4276     memcpy(sFrame.pSuppRates,
4277            pCurrSuppRates,
4278            ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
4279           );
4280
4281     if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
4282         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4283         sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
4284         MEMvCopy(sFrame.pExtSuppRates,
4285              pCurrExtSuppRates,
4286              ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
4287              );
4288     }
4289
4290     // Adjust the length fields
4291     pTxPacket->cbMPDULen = sFrame.len;
4292     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
4293
4294     return pTxPacket;
4295 }
4296
4297
4298 /*+
4299  *
4300  * Routine Description:
4301  *  Constructs an reassoc-response frame
4302  *
4303  *
4304  * Return Value:
4305  *    PTR to frame; or NULL on allocation failue
4306  *
4307 -*/
4308
4309
4310 PSTxMgmtPacket
4311 s_MgrMakeReAssocResponse(
4312     IN PSDevice pDevice,
4313     IN PSMgmtObject pMgmt,
4314     IN WORD wCurrCapInfo,
4315     IN WORD wAssocStatus,
4316     IN WORD wAssocAID,
4317     IN PBYTE pDstAddr,
4318     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
4319     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
4320     )
4321 {
4322     PSTxMgmtPacket      pTxPacket = NULL;
4323     WLAN_FR_REASSOCRESP   sFrame;
4324
4325
4326     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
4327     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_ASSOCREQ_FR_MAXLEN);
4328     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
4329     // Setup the sFrame structure
4330     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
4331     sFrame.len = WLAN_REASSOCRESP_FR_MAXLEN;
4332     vMgrEncodeReassocResponse(&sFrame);
4333     // Setup the header
4334     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
4335         (
4336         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
4337         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_REASSOCRESP)
4338         ));
4339     memcpy( sFrame.pHdr->sA3.abyAddr1, pDstAddr, WLAN_ADDR_LEN);
4340     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
4341     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
4342
4343     *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
4344     *sFrame.pwStatus = cpu_to_le16(wAssocStatus);
4345     *sFrame.pwAid = cpu_to_le16((WORD)(wAssocAID | BIT14 | BIT15));
4346
4347     // Copy the rate set
4348     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4349     sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
4350     memcpy(sFrame.pSuppRates,
4351              pCurrSuppRates,
4352              ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
4353              );
4354
4355     if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
4356         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4357         sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
4358         MEMvCopy(sFrame.pExtSuppRates,
4359              pCurrExtSuppRates,
4360              ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
4361              );
4362     }
4363
4364     // Adjust the length fields
4365     pTxPacket->cbMPDULen = sFrame.len;
4366     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
4367
4368     return pTxPacket;
4369 }
4370
4371
4372 /*+
4373  *
4374  * Routine Description:
4375  *  Handles probe response management frames.
4376  *
4377  *
4378  * Return Value:
4379  *    none.
4380  *
4381 -*/
4382
4383 static
4384 VOID
4385 s_vMgrRxProbeResponse(
4386     IN PSDevice pDevice,
4387     IN PSMgmtObject pMgmt,
4388     IN PSRxMgmtPacket pRxPacket
4389     )
4390 {
4391     PKnownBSS           pBSSList = NULL;
4392     WLAN_FR_PROBERESP   sFrame;
4393     BYTE                byCurrChannel = pRxPacket->byRxChannel;
4394     ERPObject           sERP;
4395     BYTE                byIEChannel = 0;
4396     BOOL                bChannelHit = TRUE;
4397
4398
4399     memset(&sFrame, 0, sizeof(WLAN_FR_PROBERESP));
4400     // decode the frame
4401     sFrame.len = pRxPacket->cbMPDULen;
4402     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
4403     vMgrDecodeProbeResponse(&sFrame);
4404
4405     if ((sFrame.pqwTimestamp == 0) ||
4406         (sFrame.pwBeaconInterval == 0) ||
4407         (sFrame.pwCapInfo == 0) ||
4408         (sFrame.pSSID == 0) ||
4409         (sFrame.pSuppRates == 0)) {
4410         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Probe resp:Fail addr:[%p] \n", pRxPacket->p80211Header);
4411         DBG_PORT80(0xCC);
4412         return;
4413     };
4414
4415     if(sFrame.pSSID->len == 0)
4416        DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rx Probe resp: SSID len = 0 \n");
4417
4418     if (sFrame.pDSParms != 0) {
4419         if (byCurrChannel > CB_MAX_CHANNEL_24G) {
4420             // channel remapping to
4421             byIEChannel = CARDbyGetChannelMapping(pMgmt->pAdapter, sFrame.pDSParms->byCurrChannel, PHY_TYPE_11A);
4422         } else {
4423             byIEChannel = sFrame.pDSParms->byCurrChannel;
4424         }
4425         if (byCurrChannel != byIEChannel) {
4426             // adjust channel info. bcs we rcv adjcent channel pakckets
4427             bChannelHit = FALSE;
4428             byCurrChannel = byIEChannel;
4429         }
4430     } else {
4431         // no DS channel info
4432         bChannelHit = TRUE;
4433     }
4434
4435 //2008-0730-01<Add>by MikeLiu
4436 if(ChannelExceedZoneType(pDevice,byCurrChannel)==TRUE)
4437       return;
4438
4439     if (sFrame.pERP != NULL) {
4440         sERP.byERP = sFrame.pERP->byContext;
4441         sERP.bERPExist = TRUE;
4442     } else {
4443         sERP.bERPExist = FALSE;
4444         sERP.byERP = 0;
4445     }
4446
4447
4448     // update or insert the bss
4449     pBSSList = BSSpAddrIsInBSSList((HANDLE)pDevice, sFrame.pHdr->sA3.abyAddr3, sFrame.pSSID);
4450     if (pBSSList) {
4451         BSSbUpdateToBSSList((HANDLE)pDevice,
4452                             *sFrame.pqwTimestamp,
4453                             *sFrame.pwBeaconInterval,
4454                             *sFrame.pwCapInfo,
4455                             byCurrChannel,
4456                             bChannelHit,
4457                             sFrame.pSSID,
4458                             sFrame.pSuppRates,
4459                             sFrame.pExtSuppRates,
4460                             &sERP,
4461                             sFrame.pRSN,
4462                             sFrame.pRSNWPA,
4463                             sFrame.pIE_Country,
4464                             sFrame.pIE_Quiet,
4465                             pBSSList,
4466                             sFrame.len - WLAN_HDR_ADDR3_LEN,
4467                             sFrame.pHdr->sA4.abyAddr4,   // payload of probresponse
4468                             (HANDLE)pRxPacket
4469                            );
4470     }
4471     else {
4472         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Probe resp/insert: RxChannel = : %d\n", byCurrChannel);
4473         BSSbInsertToBSSList((HANDLE)pDevice,
4474                             sFrame.pHdr->sA3.abyAddr3,
4475                             *sFrame.pqwTimestamp,
4476                             *sFrame.pwBeaconInterval,
4477                             *sFrame.pwCapInfo,
4478                             byCurrChannel,
4479                             sFrame.pSSID,
4480                             sFrame.pSuppRates,
4481                             sFrame.pExtSuppRates,
4482                             &sERP,
4483                             sFrame.pRSN,
4484                             sFrame.pRSNWPA,
4485                             sFrame.pIE_Country,
4486                             sFrame.pIE_Quiet,
4487                             sFrame.len - WLAN_HDR_ADDR3_LEN,
4488                             sFrame.pHdr->sA4.abyAddr4,   // payload of beacon
4489                             (HANDLE)pRxPacket
4490                            );
4491     }
4492     return;
4493
4494 }
4495
4496 /*+
4497  *
4498  * Routine Description:(AP)or(Ad-hoc STA)
4499  *  Handles probe request management frames.
4500  *
4501  *
4502  * Return Value:
4503  *    none.
4504  *
4505 -*/
4506
4507
4508 static
4509 VOID
4510 s_vMgrRxProbeRequest(
4511     IN PSDevice pDevice,
4512     IN PSMgmtObject pMgmt,
4513     IN PSRxMgmtPacket pRxPacket
4514     )
4515 {
4516     WLAN_FR_PROBEREQ    sFrame;
4517     CMD_STATUS          Status;
4518     PSTxMgmtPacket      pTxPacket;
4519     BYTE                byPHYType = BB_TYPE_11B;
4520
4521     // STA in Ad-hoc mode: when latest TBTT beacon transmit success,
4522     // STA have to response this request.
4523     if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) ||
4524         ((pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) && pDevice->bBeaconSent)) {
4525
4526         memset(&sFrame, 0, sizeof(WLAN_FR_PROBEREQ));
4527         // decode the frame
4528         sFrame.len = pRxPacket->cbMPDULen;
4529         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
4530         vMgrDecodeProbeRequest(&sFrame);
4531 /*
4532         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Probe request rx:MAC addr:%02x-%02x-%02x=%02x-%02x-%02x \n",
4533                   sFrame.pHdr->sA3.abyAddr2[0],
4534                   sFrame.pHdr->sA3.abyAddr2[1],
4535                   sFrame.pHdr->sA3.abyAddr2[2],
4536                   sFrame.pHdr->sA3.abyAddr2[3],
4537                   sFrame.pHdr->sA3.abyAddr2[4],
4538                   sFrame.pHdr->sA3.abyAddr2[5]
4539                 );
4540 */
4541         if (sFrame.pSSID->len != 0) {
4542             if (sFrame.pSSID->len != ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len)
4543                 return;
4544             if (memcmp(sFrame.pSSID->abySSID,
4545                        ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->abySSID,
4546                        ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len) != 0) {
4547                        return;
4548             }
4549         }
4550
4551         if ((sFrame.pSuppRates->len > 4) || (sFrame.pExtSuppRates != NULL)) {
4552             byPHYType = BB_TYPE_11G;
4553         }
4554
4555         // Probe response reply..
4556         pTxPacket = s_MgrMakeProbeResponse
4557                     (
4558                       pDevice,
4559                       pMgmt,
4560                       pMgmt->wCurrCapInfo,
4561                       pMgmt->wCurrBeaconPeriod,
4562                       pMgmt->uCurrChannel,
4563                       0,
4564                       sFrame.pHdr->sA3.abyAddr2,
4565                       (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
4566                       (PBYTE)pMgmt->abyCurrBSSID,
4567                       (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
4568                       (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates,
4569                        byPHYType
4570                     );
4571         if (pTxPacket != NULL ){
4572             /* send the frame */
4573             Status = csMgmt_xmit(pDevice, pTxPacket);
4574             if (Status != CMD_STATUS_PENDING) {
4575                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Probe response tx failed\n");
4576             }
4577             else {
4578 //                DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Probe response tx sending..\n");
4579             }
4580         }
4581     }
4582
4583     return;
4584 }
4585
4586
4587
4588
4589
4590 /*+
4591  *
4592  * Routine Description:
4593  *
4594  *  Entry point for the reception and handling of 802.11 management
4595  *  frames. Makes a determination of the frame type and then calls
4596  *  the appropriate function.
4597  *
4598  *
4599  * Return Value:
4600  *    none.
4601  *
4602 -*/
4603
4604
4605 VOID
4606 vMgrRxManagePacket(
4607     IN  HANDLE hDeviceContext,
4608     IN PSMgmtObject pMgmt,
4609     IN PSRxMgmtPacket pRxPacket
4610      )
4611 {
4612     PSDevice    pDevice = (PSDevice)hDeviceContext;
4613     BOOL        bInScan = FALSE;
4614     UINT        uNodeIndex = 0;
4615     NODE_STATE  eNodeState = 0;
4616     CMD_STATUS  Status;
4617
4618
4619     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
4620         if (BSSDBbIsSTAInNodeDB(pMgmt, pRxPacket->p80211Header->sA3.abyAddr2, &uNodeIndex))
4621             eNodeState = pMgmt->sNodeDBTable[uNodeIndex].eNodeState;
4622     }
4623
4624     switch( WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) ){
4625
4626         case WLAN_FSTYPE_ASSOCREQ:
4627             // Frame Clase = 2
4628             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx assocreq\n");
4629             if (eNodeState < NODE_AUTH) {
4630                 // send deauth notification
4631                 // reason = (6) class 2 received from nonauth sta
4632                 vMgrDeAuthenBeginSta(pDevice,
4633                                      pMgmt,
4634                                      pRxPacket->p80211Header->sA3.abyAddr2,
4635                                      (6),
4636                                      &Status
4637                                      );
4638                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wmgr: send vMgrDeAuthenBeginSta 1\n");
4639             }
4640             else {
4641                 s_vMgrRxAssocRequest(pDevice, pMgmt, pRxPacket, uNodeIndex);
4642             }
4643             break;
4644
4645         case WLAN_FSTYPE_ASSOCRESP:
4646             // Frame Clase = 2
4647             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx assocresp1\n");
4648             s_vMgrRxAssocResponse(pDevice, pMgmt, pRxPacket, FALSE);
4649             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx assocresp2\n");
4650             break;
4651
4652         case WLAN_FSTYPE_REASSOCREQ:
4653             // Frame Clase = 2
4654             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx reassocreq\n");
4655             // Todo: reassoc
4656             if (eNodeState < NODE_AUTH) {
4657                 // send deauth notification
4658                 // reason = (6) class 2 received from nonauth sta
4659                 vMgrDeAuthenBeginSta(pDevice,
4660                                      pMgmt,
4661                                      pRxPacket->p80211Header->sA3.abyAddr2,
4662                                      (6),
4663                                      &Status
4664                                      );
4665                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wmgr: send vMgrDeAuthenBeginSta 2\n");
4666
4667             }
4668             s_vMgrRxReAssocRequest(pDevice, pMgmt, pRxPacket, uNodeIndex);
4669             break;
4670
4671         case WLAN_FSTYPE_REASSOCRESP:
4672             // Frame Clase = 2
4673             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx reassocresp\n");
4674             s_vMgrRxAssocResponse(pDevice, pMgmt, pRxPacket, TRUE);
4675             break;
4676
4677         case WLAN_FSTYPE_PROBEREQ:
4678             // Frame Clase = 0
4679             //DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx probereq\n");
4680             s_vMgrRxProbeRequest(pDevice, pMgmt, pRxPacket);
4681             break;
4682
4683         case WLAN_FSTYPE_PROBERESP:
4684             // Frame Clase = 0
4685             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx proberesp\n");
4686
4687             s_vMgrRxProbeResponse(pDevice, pMgmt, pRxPacket);
4688             break;
4689
4690         case WLAN_FSTYPE_BEACON:
4691             // Frame Clase = 0
4692             // DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx beacon\n");
4693             if (pMgmt->eScanState != WMAC_NO_SCANNING) {
4694                 bInScan = TRUE;
4695             };
4696             s_vMgrRxBeacon(pDevice, pMgmt, pRxPacket, bInScan);
4697             break;
4698
4699         case WLAN_FSTYPE_ATIM:
4700             // Frame Clase = 1
4701             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx atim\n");
4702             break;
4703
4704         case WLAN_FSTYPE_DISASSOC:
4705             // Frame Clase = 2
4706             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx disassoc\n");
4707             if (eNodeState < NODE_AUTH) {
4708                 // send deauth notification
4709                 // reason = (6) class 2 received from nonauth sta
4710                 vMgrDeAuthenBeginSta(pDevice,
4711                                      pMgmt,
4712                                      pRxPacket->p80211Header->sA3.abyAddr2,
4713                                      (6),
4714                                      &Status
4715                                      );
4716                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wmgr: send vMgrDeAuthenBeginSta 3\n");
4717             }
4718             s_vMgrRxDisassociation(pDevice, pMgmt, pRxPacket);
4719             break;
4720
4721         case WLAN_FSTYPE_AUTHEN:
4722             // Frame Clase = 1
4723             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO  "rx authen\n");
4724             s_vMgrRxAuthentication(pDevice, pMgmt, pRxPacket);
4725             break;
4726
4727         case WLAN_FSTYPE_DEAUTHEN:
4728             // Frame Clase = 1
4729             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx deauthen\n");
4730             s_vMgrRxDeauthentication(pDevice, pMgmt, pRxPacket);
4731             break;
4732
4733         default:
4734             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx unknown mgmt\n");
4735     }
4736
4737     return;
4738 }
4739
4740
4741
4742
4743 /*+
4744  *
4745  * Routine Description:
4746  *
4747  *
4748  *  Prepare beacon to send
4749  *
4750  * Return Value:
4751  *    TRUE if success; FALSE if failed.
4752  *
4753 -*/
4754 BOOL
4755 bMgrPrepareBeaconToSend(
4756     IN HANDLE hDeviceContext,
4757     IN PSMgmtObject pMgmt
4758     )
4759 {
4760     PSDevice            pDevice = (PSDevice)hDeviceContext;
4761     PSTxMgmtPacket      pTxPacket;
4762
4763 //    pDevice->bBeaconBufReady = FALSE;
4764     if (pDevice->bEncryptionEnable || pDevice->bEnable8021x){
4765         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_PRIVACY(1);
4766     }
4767     else {
4768         pMgmt->wCurrCapInfo &= ~WLAN_SET_CAP_INFO_PRIVACY(1);
4769     }
4770     pTxPacket = s_MgrMakeBeacon
4771                 (
4772                   pDevice,
4773                   pMgmt,
4774                   pMgmt->wCurrCapInfo,
4775                   pMgmt->wCurrBeaconPeriod,
4776                   pMgmt->uCurrChannel,
4777                   pMgmt->wCurrATIMWindow, //0,
4778                   (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
4779                   (PBYTE)pMgmt->abyCurrBSSID,
4780                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
4781                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
4782                 );
4783
4784     if ((pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) &&
4785         (pMgmt->abyCurrBSSID[0] == 0))
4786         return FALSE;
4787
4788     csBeacon_xmit(pDevice, pTxPacket);
4789
4790     return TRUE;
4791 }
4792
4793
4794
4795
4796 /*+
4797  *
4798  * Routine Description:
4799  *
4800  *  Log a warning message based on the contents of the Status
4801  *  Code field of an 802.11 management frame.  Defines are
4802  *  derived from 802.11-1997 SPEC.
4803  *
4804  * Return Value:
4805  *    none.
4806  *
4807 -*/
4808 static
4809 VOID
4810 s_vMgrLogStatus(
4811     IN PSMgmtObject pMgmt,
4812     IN WORD  wStatus
4813     )
4814 {
4815     switch( wStatus ){
4816         case WLAN_MGMT_STATUS_UNSPEC_FAILURE:
4817             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Unspecified error.\n");
4818             break;
4819         case WLAN_MGMT_STATUS_CAPS_UNSUPPORTED:
4820             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Can't support all requested capabilities.\n");
4821             break;
4822         case WLAN_MGMT_STATUS_REASSOC_NO_ASSOC:
4823             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Reassoc denied, can't confirm original Association.\n");
4824             break;
4825         case WLAN_MGMT_STATUS_ASSOC_DENIED_UNSPEC:
4826             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, undefine in spec\n");
4827             break;
4828         case WLAN_MGMT_STATUS_UNSUPPORTED_AUTHALG:
4829             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Peer doesn't support authen algorithm.\n");
4830             break;
4831         case WLAN_MGMT_STATUS_RX_AUTH_NOSEQ:
4832             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Authen frame received out of sequence.\n");
4833             break;
4834         case WLAN_MGMT_STATUS_CHALLENGE_FAIL:
4835             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Authen rejected, challenge  failure.\n");
4836             break;
4837         case WLAN_MGMT_STATUS_AUTH_TIMEOUT:
4838             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Authen rejected, timeout waiting for next frame.\n");
4839             break;
4840         case WLAN_MGMT_STATUS_ASSOC_DENIED_BUSY:
4841             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, AP too busy.\n");
4842             break;
4843         case WLAN_MGMT_STATUS_ASSOC_DENIED_RATES:
4844             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we haven't enough basic rates.\n");
4845             break;
4846         case WLAN_MGMT_STATUS_ASSOC_DENIED_SHORTPREAMBLE:
4847             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we do not support short preamble.\n");
4848             break;
4849         case WLAN_MGMT_STATUS_ASSOC_DENIED_PBCC:
4850             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we do not support PBCC.\n");
4851             break;
4852         case WLAN_MGMT_STATUS_ASSOC_DENIED_AGILITY:
4853             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we do not support channel agility.\n");
4854             break;
4855         default:
4856             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Unknown status code %d.\n", wStatus);
4857             break;
4858     }
4859 }
4860
4861
4862 /*
4863  *
4864  * Description:
4865  *    Add BSSID in PMKID Candidate list.
4866  *
4867  * Parameters:
4868  *  In:
4869  *      hDeviceContext - device structure point
4870  *      pbyBSSID - BSSID address for adding
4871  *      wRSNCap - BSS's RSN capability
4872  *  Out:
4873  *      none
4874  *
4875  * Return Value: none.
4876  *
4877 -*/
4878 BOOL
4879 bAdd_PMKID_Candidate (
4880     IN HANDLE    hDeviceContext,
4881     IN PBYTE          pbyBSSID,
4882     IN PSRSNCapObject psRSNCapObj
4883     )
4884 {
4885     PSDevice         pDevice = (PSDevice)hDeviceContext;
4886     PPMKID_CANDIDATE pCandidateList;
4887     UINT             ii = 0;
4888
4889     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"bAdd_PMKID_Candidate START: (%d)\n", (int)pDevice->gsPMKIDCandidate.NumCandidates);
4890
4891     if ((pDevice == NULL) || (pbyBSSID == NULL) || (psRSNCapObj == NULL))
4892         return FALSE;
4893
4894     if (pDevice->gsPMKIDCandidate.NumCandidates >= MAX_PMKIDLIST)
4895         return FALSE;
4896
4897
4898
4899     // Update Old Candidate
4900     for (ii = 0; ii < pDevice->gsPMKIDCandidate.NumCandidates; ii++) {
4901         pCandidateList = &pDevice->gsPMKIDCandidate.CandidateList[ii];
4902         if (MEMEqualMemory(pCandidateList->BSSID, pbyBSSID, U_ETHER_ADDR_LEN)) {
4903             if ((psRSNCapObj->bRSNCapExist == TRUE) && (psRSNCapObj->wRSNCap & BIT0)) {
4904                 pCandidateList->Flags |= NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED;
4905             } else {
4906                 pCandidateList->Flags &= ~(NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED);
4907             }
4908             return TRUE;
4909         }
4910     }
4911
4912     // New Candidate
4913     pCandidateList = &pDevice->gsPMKIDCandidate.CandidateList[pDevice->gsPMKIDCandidate.NumCandidates];
4914     if ((psRSNCapObj->bRSNCapExist == TRUE) && (psRSNCapObj->wRSNCap & BIT0)) {
4915         pCandidateList->Flags |= NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED;
4916     } else {
4917         pCandidateList->Flags &= ~(NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED);
4918     }
4919     MEMvCopy(pCandidateList->BSSID, pbyBSSID, U_ETHER_ADDR_LEN);
4920     pDevice->gsPMKIDCandidate.NumCandidates++;
4921     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"NumCandidates:%d\n", (int)pDevice->gsPMKIDCandidate.NumCandidates);
4922     return TRUE;
4923 }
4924
4925 /*
4926  *
4927  * Description:
4928  *    Flush PMKID Candidate list.
4929  *
4930  * Parameters:
4931  *  In:
4932  *      hDeviceContext - device structure point
4933  *  Out:
4934  *      none
4935  *
4936  * Return Value: none.
4937  *
4938 -*/
4939 VOID
4940 vFlush_PMKID_Candidate (
4941     IN HANDLE hDeviceContext
4942     )
4943 {
4944     PSDevice        pDevice = (PSDevice)hDeviceContext;
4945
4946     if (pDevice == NULL)
4947         return;
4948
4949     ZERO_MEMORY(&pDevice->gsPMKIDCandidate, sizeof(SPMKIDCandidateEvent));
4950 }
4951
4952 static BOOL
4953 s_bCipherMatch (
4954     IN PKnownBSS                        pBSSNode,
4955     IN NDIS_802_11_ENCRYPTION_STATUS    EncStatus,
4956     OUT PBYTE                           pbyCCSPK,
4957     OUT PBYTE                           pbyCCSGK
4958     )
4959 {
4960     BYTE byMulticastCipher = KEY_CTL_INVALID;
4961     BYTE byCipherMask = 0x00;
4962     int i;
4963
4964     if (pBSSNode == NULL)
4965         return FALSE;
4966
4967     // check cap. of BSS
4968
4969     if ((WLAN_GET_CAP_INFO_PRIVACY(pBSSNode->wCapInfo) != 0) &&
4970          (EncStatus == Ndis802_11Encryption1Enabled)) {
4971         // default is WEP only
4972         byMulticastCipher = KEY_CTL_WEP;
4973     }
4974
4975     if ((WLAN_GET_CAP_INFO_PRIVACY(pBSSNode->wCapInfo) != 0) &&
4976         (pBSSNode->bWPA2Valid == TRUE) &&
4977         ((EncStatus == Ndis802_11Encryption3Enabled)||(EncStatus == Ndis802_11Encryption2Enabled))) {
4978
4979         //WPA2
4980         // check Group Key Cipher
4981         if ((pBSSNode->byCSSGK == WLAN_11i_CSS_WEP40) ||
4982             (pBSSNode->byCSSGK == WLAN_11i_CSS_WEP104)) {
4983             byMulticastCipher = KEY_CTL_WEP;
4984         } else if (pBSSNode->byCSSGK == WLAN_11i_CSS_TKIP) {
4985             byMulticastCipher = KEY_CTL_TKIP;
4986         } else if (pBSSNode->byCSSGK == WLAN_11i_CSS_CCMP) {
4987             byMulticastCipher = KEY_CTL_CCMP;
4988         } else {
4989             byMulticastCipher = KEY_CTL_INVALID;
4990         }
4991
4992         // check Pairwise Key Cipher
4993         for(i=0;i<pBSSNode->wCSSPKCount;i++) {
4994             if ((pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_WEP40) ||
4995                 (pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_WEP104)) {
4996                 // this should not happen as defined 802.11i
4997                 byCipherMask |= 0x01;
4998             } else if (pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_TKIP) {
4999                 byCipherMask |= 0x02;
5000             } else if (pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_CCMP) {
5001                 byCipherMask |= 0x04;
5002             } else if (pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_USE_GROUP) {
5003                 // use group key only ignore all others
5004                 byCipherMask = 0;
5005                 i = pBSSNode->wCSSPKCount;
5006             }
5007         }
5008     } else if ((WLAN_GET_CAP_INFO_PRIVACY(pBSSNode->wCapInfo) != 0) &&
5009                 (pBSSNode->bWPAValid == TRUE) &&
5010                 ((EncStatus == Ndis802_11Encryption3Enabled)||(EncStatus == Ndis802_11Encryption2Enabled))) {
5011
5012         //WPA
5013         // check Group Key Cipher
5014         if ((pBSSNode->byGKType == WPA_WEP40) ||
5015             (pBSSNode->byGKType == WPA_WEP104)) {
5016             byMulticastCipher = KEY_CTL_WEP;
5017         } else if (pBSSNode->byGKType == WPA_TKIP) {
5018             byMulticastCipher = KEY_CTL_TKIP;
5019         } else if (pBSSNode->byGKType == WPA_AESCCMP) {
5020             byMulticastCipher = KEY_CTL_CCMP;
5021         } else {
5022             byMulticastCipher = KEY_CTL_INVALID;
5023         }
5024
5025         // check Pairwise Key Cipher
5026         for(i=0;i<pBSSNode->wPKCount;i++) {
5027             if (pBSSNode->abyPKType[i] == WPA_TKIP) {
5028                 byCipherMask |= 0x02;
5029             } else if (pBSSNode->abyPKType[i] == WPA_AESCCMP) {
5030                 byCipherMask |= 0x04;
5031             } else if (pBSSNode->abyPKType[i] == WPA_NONE) {
5032                 // use group key only ignore all others
5033                 byCipherMask = 0;
5034                 i = pBSSNode->wPKCount;
5035             }
5036         }
5037     }
5038
5039     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"%d, %d, %d, %d, EncStatus:%d\n",
5040         byMulticastCipher, byCipherMask, pBSSNode->bWPAValid, pBSSNode->bWPA2Valid, EncStatus);
5041
5042     // mask our cap. with BSS
5043     if (EncStatus == Ndis802_11Encryption1Enabled) {
5044         // For supporting Cisco migration mode, don't care pairwise key cipher
5045         if ((byMulticastCipher == KEY_CTL_WEP) &&
5046             (byCipherMask == 0)) {
5047             *pbyCCSGK = KEY_CTL_WEP;
5048             *pbyCCSPK = KEY_CTL_NONE;
5049             return TRUE;
5050         } else {
5051             return FALSE;
5052         }
5053
5054     } else if (EncStatus == Ndis802_11Encryption2Enabled) {
5055         if ((byMulticastCipher == KEY_CTL_TKIP) &&
5056             (byCipherMask == 0)) {
5057             *pbyCCSGK = KEY_CTL_TKIP;
5058             *pbyCCSPK = KEY_CTL_NONE;
5059             return TRUE;
5060         } else if ((byMulticastCipher == KEY_CTL_WEP) &&
5061                    ((byCipherMask & 0x02) != 0)) {
5062             *pbyCCSGK = KEY_CTL_WEP;
5063             *pbyCCSPK = KEY_CTL_TKIP;
5064             return TRUE;
5065         } else if ((byMulticastCipher == KEY_CTL_TKIP) &&
5066                    ((byCipherMask & 0x02) != 0)) {
5067             *pbyCCSGK = KEY_CTL_TKIP;
5068             *pbyCCSPK = KEY_CTL_TKIP;
5069             return TRUE;
5070         } else {
5071             return FALSE;
5072         }
5073     } else if (EncStatus == Ndis802_11Encryption3Enabled) {
5074         if ((byMulticastCipher == KEY_CTL_CCMP) &&
5075             (byCipherMask == 0)) {
5076             // When CCMP is enable, "Use group cipher suite" shall not be a valid option.
5077             return FALSE;
5078         } else if ((byMulticastCipher == KEY_CTL_WEP) &&
5079                    ((byCipherMask & 0x04) != 0)) {
5080             *pbyCCSGK = KEY_CTL_WEP;
5081             *pbyCCSPK = KEY_CTL_CCMP;
5082             return TRUE;
5083         } else if ((byMulticastCipher == KEY_CTL_TKIP) &&
5084                    ((byCipherMask & 0x04) != 0)) {
5085             *pbyCCSGK = KEY_CTL_TKIP;
5086             *pbyCCSPK = KEY_CTL_CCMP;
5087             return TRUE;
5088         } else if ((byMulticastCipher == KEY_CTL_CCMP) &&
5089                    ((byCipherMask & 0x04) != 0)) {
5090             *pbyCCSGK = KEY_CTL_CCMP;
5091             *pbyCCSPK = KEY_CTL_CCMP;
5092             return TRUE;
5093         } else {
5094             return FALSE;
5095         }
5096     }
5097     return TRUE;
5098 }
5099
5100
Making Linux better for my computers