Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...
[linux-2.6] / drivers / staging / vt6655 / wmgr.c
1 /*
2  * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
3  * All rights reserved.
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 2 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License along
16  * with this program; if not, write to the Free Software Foundation, Inc.,
17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18  *
19  * File: wmgr.c
20  *
21  * Purpose: Handles the 802.11 management functions
22  *
23  * Author: Lyndon Chen
24  *
25  * Date: May 8, 2002
26  *
27  * Functions:
28  *      nsMgrObjectInitial - Initialize Management Objet data structure
29  *      vMgrObjectReset - Reset Management Objet data structure
30  *      vMgrAssocBeginSta - Start associate function
31  *      vMgrReAssocBeginSta - Start reassociate function
32  *      vMgrDisassocBeginSta - Start disassociate function
33  *      s_vMgrRxAssocRequest - Handle Rcv associate_request
34  *      s_vMgrRxAssocResponse - Handle Rcv associate_response
35  *      vMrgAuthenBeginSta - Start authentication function
36  *      vMgrDeAuthenDeginSta - Start deauthentication function
37  *      s_vMgrRxAuthentication - Handle Rcv authentication
38  *      s_vMgrRxAuthenSequence_1 - Handle Rcv authentication sequence 1
39  *      s_vMgrRxAuthenSequence_2 - Handle Rcv authentication sequence 2
40  *      s_vMgrRxAuthenSequence_3 - Handle Rcv authentication sequence 3
41  *      s_vMgrRxAuthenSequence_4 - Handle Rcv authentication sequence 4
42  *      s_vMgrRxDisassociation - Handle Rcv disassociation
43  *      s_vMgrRxBeacon - Handle Rcv Beacon
44  *      vMgrCreateOwnIBSS - Create ad_hoc IBSS or AP BSS
45  *      vMgrJoinBSSBegin - Join BSS function
46  *      s_vMgrSynchBSS - Synch & adopt BSS parameters
47  *      s_MgrMakeBeacon - Create Baecon frame
48  *      s_MgrMakeProbeResponse - Create Probe Response frame
49  *      s_MgrMakeAssocRequest - Create Associate Request frame
50  *      s_MgrMakeReAssocRequest - Create ReAssociate Request frame
51  *      s_vMgrRxProbeResponse - Handle Rcv probe_response
52  *      s_vMrgRxProbeRequest - Handle Rcv probe_request
53  *      bMgrPrepareBeaconToSend - Prepare Beacon frame
54  *      s_vMgrLogStatus - Log 802.11 Status
55  *      vMgrRxManagePacket - Rcv management frame dispatch function
56  *      s_vMgrFormatTIM- Assember TIM field of beacon
57  *      vMgrTimerInit- Initial 1-sec and command call back funtions
58  *
59  * Revision History:
60  *
61  */
62
63
64 #if !defined(__TMACRO_H__)
65 #include "tmacro.h"
66 #endif
67 #if !defined(__TBIT_H__)
68 #include "tbit.h"
69 #endif
70 #if !defined(__DESC_H__)
71 #include "desc.h"
72 #endif
73 #if !defined(__DEVICE_H__)
74 #include "device.h"
75 #endif
76 #if !defined(__CARD_H__)
77 #include "card.h"
78 #endif
79 #if !defined(__80211HDR_H__)
80 #include "80211hdr.h"
81 #endif
82 #if !defined(__80211MGR_H__)
83 #include "80211mgr.h"
84 #endif
85 #if !defined(__WMGR_H__)
86 #include "wmgr.h"
87 #endif
88 #if !defined(__WCMD_H__)
89 #include "wcmd.h"
90 #endif
91 #if !defined(__MAC_H__)
92 #include "mac.h"
93 #endif
94 #if !defined(__BSSDB_H__)
95 #include "bssdb.h"
96 #endif
97 #if !defined(__POWER_H__)
98 #include "power.h"
99 #endif
100 #if !defined(__DATARATE_H__)
101 #include "datarate.h"
102 #endif
103 #if !defined(__BASEBAND_H__)
104 #include "baseband.h"
105 #endif
106 #if !defined(__RXTX_H__)
107 #include "rxtx.h"
108 #endif
109 #if !defined(__WPA_H__)
110 #include "wpa.h"
111 #endif
112 #if !defined(__RF_H__)
113 #include "rf.h"
114 #endif
115 #if !defined(__UMEM_H__)
116 #include "umem.h"
117 #endif
118 #if !defined(__IOWPA_H__)
119 #include "iowpa.h"
120 #endif
121
122 #define PLICE_DEBUG
123
124 /*---------------------  Static Definitions -------------------------*/
125
126
127
128 /*---------------------  Static Classes  ----------------------------*/
129
130 /*---------------------  Static Variables  --------------------------*/
131 static int          msglevel                =MSG_LEVEL_INFO;
132 //static int          msglevel                =MSG_LEVEL_DEBUG;
133
134 /*---------------------  Static Functions  --------------------------*/
135 //2008-8-4 <add> by chester
136 static BOOL ChannelExceedZoneType(
137     IN PSDevice pDevice,
138     IN BYTE byCurrChannel
139     );
140 // Association/diassociation functions
141 static
142 PSTxMgmtPacket
143 s_MgrMakeAssocRequest(
144     IN PSDevice pDevice,
145     IN PSMgmtObject pMgmt,
146     IN PBYTE pDAddr,
147     IN WORD wCurrCapInfo,
148     IN WORD wListenInterval,
149     IN PWLAN_IE_SSID pCurrSSID,
150     IN PWLAN_IE_SUPP_RATES pCurrRates,
151     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
152     );
153
154 static
155 VOID
156 s_vMgrRxAssocRequest(
157     IN PSDevice pDevice,
158     IN PSMgmtObject pMgmt,
159     IN PSRxMgmtPacket pRxPacket,
160     IN UINT  uNodeIndex
161     );
162
163 static
164 PSTxMgmtPacket
165 s_MgrMakeReAssocRequest(
166     IN PSDevice pDevice,
167     IN PSMgmtObject pMgmt,
168     IN PBYTE pDAddr,
169     IN WORD wCurrCapInfo,
170     IN WORD wListenInterval,
171     IN PWLAN_IE_SSID pCurrSSID,
172     IN PWLAN_IE_SUPP_RATES pCurrRates,
173     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
174     );
175
176 static
177 VOID
178 s_vMgrRxAssocResponse(
179     IN PSDevice pDevice,
180     IN PSMgmtObject pMgmt,
181     IN PSRxMgmtPacket pRxPacket,
182     IN BOOL bReAssocType
183     );
184
185 static
186 VOID
187 s_vMgrRxDisassociation(
188     IN PSDevice pDevice,
189     IN PSMgmtObject pMgmt,
190     IN PSRxMgmtPacket pRxPacket
191     );
192
193 // Authentication/deauthen functions
194 static
195 VOID
196 s_vMgrRxAuthenSequence_1(
197     IN PSDevice pDevice,
198     IN PSMgmtObject pMgmt,
199     IN PWLAN_FR_AUTHEN pFrame
200     );
201
202 static
203 VOID
204 s_vMgrRxAuthenSequence_2(
205     IN PSDevice pDevice,
206     IN PSMgmtObject pMgmt,
207     IN PWLAN_FR_AUTHEN pFrame
208     );
209
210 static
211 VOID
212 s_vMgrRxAuthenSequence_3(
213     IN PSDevice pDevice,
214     IN PSMgmtObject pMgmt,
215     IN PWLAN_FR_AUTHEN pFrame
216     );
217
218 static
219 VOID
220 s_vMgrRxAuthenSequence_4(
221     IN PSDevice pDevice,
222     IN PSMgmtObject pMgmt,
223     IN PWLAN_FR_AUTHEN pFrame
224     );
225
226 static
227 VOID
228 s_vMgrRxAuthentication(
229     IN PSDevice pDevice,
230     IN PSMgmtObject pMgmt,
231     IN PSRxMgmtPacket pRxPacket
232     );
233
234 static
235 VOID
236 s_vMgrRxDeauthentication(
237     IN PSDevice pDevice,
238     IN PSMgmtObject pMgmt,
239     IN PSRxMgmtPacket pRxPacket
240     );
241
242 // Scan functions
243 // probe request/response functions
244 static
245 VOID
246 s_vMgrRxProbeRequest(
247     IN PSDevice pDevice,
248     IN PSMgmtObject pMgmt,
249     IN PSRxMgmtPacket pRxPacket
250     );
251
252 static
253 VOID
254 s_vMgrRxProbeResponse(
255     IN PSDevice pDevice,
256     IN PSMgmtObject pMgmt,
257     IN PSRxMgmtPacket pRxPacket
258     );
259
260 // beacon functions
261 static
262 VOID
263 s_vMgrRxBeacon(
264     IN PSDevice pDevice,
265     IN PSMgmtObject pMgmt,
266     IN PSRxMgmtPacket pRxPacket,
267     IN BOOL bInScan
268     );
269
270 static
271 VOID
272 s_vMgrFormatTIM(
273     IN PSMgmtObject pMgmt,
274     IN PWLAN_IE_TIM pTIM
275     );
276
277 static
278 PSTxMgmtPacket
279 s_MgrMakeBeacon(
280     IN PSDevice pDevice,
281     IN PSMgmtObject pMgmt,
282     IN WORD wCurrCapInfo,
283     IN WORD wCurrBeaconPeriod,
284     IN UINT uCurrChannel,
285     IN WORD wCurrATIMWinodw,
286     IN PWLAN_IE_SSID pCurrSSID,
287     IN PBYTE pCurrBSSID,
288     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
289     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
290     );
291
292
293 // Association response
294 static
295 PSTxMgmtPacket
296 s_MgrMakeAssocResponse(
297     IN PSDevice pDevice,
298     IN PSMgmtObject pMgmt,
299     IN WORD wCurrCapInfo,
300     IN WORD wAssocStatus,
301     IN WORD wAssocAID,
302     IN PBYTE pDstAddr,
303     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
304     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
305     );
306
307 // ReAssociation response
308 static
309 PSTxMgmtPacket
310 s_MgrMakeReAssocResponse(
311     IN PSDevice pDevice,
312     IN PSMgmtObject pMgmt,
313     IN WORD wCurrCapInfo,
314     IN WORD wAssocStatus,
315     IN WORD wAssocAID,
316     IN PBYTE pDstAddr,
317     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
318     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
319     );
320
321 // Probe response
322 static
323 PSTxMgmtPacket
324 s_MgrMakeProbeResponse(
325     IN PSDevice pDevice,
326     IN PSMgmtObject pMgmt,
327     IN WORD wCurrCapInfo,
328     IN WORD wCurrBeaconPeriod,
329     IN UINT uCurrChannel,
330     IN WORD wCurrATIMWinodw,
331     IN PBYTE pDstAddr,
332     IN PWLAN_IE_SSID pCurrSSID,
333     IN PBYTE pCurrBSSID,
334     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
335     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates,
336     IN BYTE byPHYType
337     );
338
339 // received status
340 static
341 VOID
342 s_vMgrLogStatus(
343     IN PSMgmtObject pMgmt,
344     IN WORD wStatus
345     );
346
347
348 static
349 VOID
350 s_vMgrSynchBSS (
351     IN PSDevice      pDevice,
352     IN UINT          uBSSMode,
353     IN PKnownBSS     pCurr,
354     OUT PCMD_STATUS  pStatus
355     );
356
357
358 static BOOL
359 s_bCipherMatch (
360     IN PKnownBSS                        pBSSNode,
361     IN NDIS_802_11_ENCRYPTION_STATUS    EncStatus,
362     OUT PBYTE                           pbyCCSPK,
363     OUT PBYTE                           pbyCCSGK
364     );
365
366
367  static VOID  Encyption_Rebuild(
368     IN PSDevice pDevice,
369     IN PKnownBSS pCurr
370  );
371 /*
372 static
373 VOID
374 s_vProbeChannel(
375     IN PSDevice pDevice
376     );
377
378 static
379 VOID
380 s_vListenChannel(
381     IN PSDevice pDevice
382     );
383
384 static
385 PSTxMgmtPacket
386 s_MgrMakeProbeRequest(
387     IN PSMgmtObject pMgmt,
388     IN PBYTE pScanBSSID,
389     IN PWLAN_IE_SSID pSSID,
390     IN PWLAN_IE_SUPP_RATES pCurrRates
391     );
392 */
393
394
395
396 /*---------------------  Export Variables  --------------------------*/
397
398
399 /*---------------------  Export Functions  --------------------------*/
400
401
402 /*+
403  *
404  * Routine Description:
405  *    Allocates and initializes the Management object.
406  *
407  * Return Value:
408  *    Ndis_staus.
409  *
410 -*/
411
412 VOID
413 vMgrObjectInit(
414     IN  HANDLE hDeviceContext
415     )
416 {
417     PSDevice     pDevice = (PSDevice)hDeviceContext;
418     PSMgmtObject    pMgmt = pDevice->pMgmt;
419     int ii;
420
421
422     pMgmt->pbyPSPacketPool = &pMgmt->byPSPacketPool[0];
423     pMgmt->pbyMgmtPacketPool = &pMgmt->byMgmtPacketPool[0];
424     pMgmt->uCurrChannel = pDevice->uChannel;
425     for(ii=0;ii<WLAN_BSSID_LEN;ii++) {
426         pMgmt->abyDesireBSSID[ii] = 0xFF;
427     }
428     pMgmt->sAssocInfo.AssocInfo.Length = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
429     //memset(pMgmt->abyDesireSSID, 0, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN +1);
430     pMgmt->byCSSPK = KEY_CTL_NONE;
431     pMgmt->byCSSGK = KEY_CTL_NONE;
432     pMgmt->wIBSSBeaconPeriod = DEFAULT_IBSS_BI;
433     BSSvClearBSSList((HANDLE)pDevice, FALSE);
434
435     return;
436 }
437
438 /*+
439  *
440  * Routine Description:
441  *    Initializes timer object
442  *
443  * Return Value:
444  *    Ndis_staus.
445  *
446 -*/
447
448 void
449 vMgrTimerInit(
450     IN  HANDLE hDeviceContext
451     )
452 {
453     PSDevice     pDevice = (PSDevice)hDeviceContext;
454     PSMgmtObject    pMgmt = pDevice->pMgmt;
455
456
457     init_timer(&pMgmt->sTimerSecondCallback);
458     pMgmt->sTimerSecondCallback.data = (ULONG)pDevice;
459     pMgmt->sTimerSecondCallback.function = (TimerFunction)BSSvSecondCallBack;
460     pMgmt->sTimerSecondCallback.expires = RUN_AT(HZ);
461
462     init_timer(&pDevice->sTimerCommand);
463     pDevice->sTimerCommand.data = (ULONG)pDevice;
464     pDevice->sTimerCommand.function = (TimerFunction)vCommandTimer;
465     pDevice->sTimerCommand.expires = RUN_AT(HZ);
466
467    #ifdef TxInSleep
468     init_timer(&pDevice->sTimerTxData);
469     pDevice->sTimerTxData.data = (ULONG)pDevice;
470     pDevice->sTimerTxData.function = (TimerFunction)BSSvSecondTxData;
471     pDevice->sTimerTxData.expires = RUN_AT(10*HZ);      //10s callback
472     pDevice->fTxDataInSleep = FALSE;
473     pDevice->IsTxDataTrigger = FALSE;
474     pDevice->nTxDataTimeCout = 0;
475    #endif
476
477     pDevice->cbFreeCmdQueue = CMD_Q_SIZE;
478     pDevice->uCmdDequeueIdx = 0;
479     pDevice->uCmdEnqueueIdx = 0;
480
481     return;
482 }
483
484
485
486 /*+
487  *
488  * Routine Description:
489  *    Reset the management object  structure.
490  *
491  * Return Value:
492  *    None.
493  *
494 -*/
495
496 VOID
497 vMgrObjectReset(
498     IN  HANDLE hDeviceContext
499     )
500 {
501     PSDevice         pDevice = (PSDevice)hDeviceContext;
502     PSMgmtObject        pMgmt = pDevice->pMgmt;
503
504     pMgmt->eCurrMode = WMAC_MODE_STANDBY;
505     pMgmt->eCurrState = WMAC_STATE_IDLE;
506     pDevice->bEnablePSMode = FALSE;
507     // TODO: timer
508
509     return;
510 }
511
512
513 /*+
514  *
515  * Routine Description:
516  *    Start the station association procedure.  Namely, send an
517  *    association request frame to the AP.
518  *
519  * Return Value:
520  *    None.
521  *
522 -*/
523
524
525 VOID
526 vMgrAssocBeginSta(
527     IN  HANDLE hDeviceContext,
528     IN  PSMgmtObject pMgmt,
529     OUT PCMD_STATUS pStatus
530     )
531 {
532     PSDevice             pDevice = (PSDevice)hDeviceContext;
533     PSTxMgmtPacket          pTxPacket;
534
535
536     pMgmt->wCurrCapInfo = 0;
537     pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_ESS(1);
538     if (pDevice->bEncryptionEnable) {
539         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_PRIVACY(1);
540     }
541     // always allow receive short preamble
542     //if (pDevice->byPreambleType == 1) {
543     //    pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
544     //}
545     pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
546     if (pMgmt->wListenInterval == 0)
547         pMgmt->wListenInterval = 1;    // at least one.
548
549     // ERP Phy (802.11g) should support short preamble.
550     if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
551         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
552         if (CARDbIsShorSlotTime(pMgmt->pAdapter) == TRUE) {
553             pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTSLOTTIME(1);
554         }
555     } else if (pMgmt->eCurrentPHYMode == PHY_TYPE_11B) {
556         if (CARDbIsShortPreamble(pMgmt->pAdapter) == TRUE) {
557             pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
558         }
559     }
560     if (pMgmt->b11hEnable == TRUE)
561         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SPECTRUMMNG(1);
562
563     /* build an assocreq frame and send it */
564     pTxPacket = s_MgrMakeAssocRequest
565                 (
566                   pDevice,
567                   pMgmt,
568                   pMgmt->abyCurrBSSID,
569                   pMgmt->wCurrCapInfo,
570                   pMgmt->wListenInterval,
571                   (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
572                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
573                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
574                 );
575
576     if (pTxPacket != NULL ){
577         /* send the frame */
578         *pStatus = csMgmt_xmit(pDevice, pTxPacket);
579         if (*pStatus == CMD_STATUS_PENDING) {
580             pMgmt->eCurrState = WMAC_STATE_ASSOCPENDING;
581             *pStatus = CMD_STATUS_SUCCESS;
582         }
583     }
584     else
585         *pStatus = CMD_STATUS_RESOURCES;
586
587     return ;
588 }
589
590
591 /*+
592  *
593  * Routine Description:
594  *    Start the station re-association procedure.
595  *
596  * Return Value:
597  *    None.
598  *
599 -*/
600
601 VOID
602 vMgrReAssocBeginSta(
603     IN  HANDLE hDeviceContext,
604     IN  PSMgmtObject pMgmt,
605     OUT PCMD_STATUS pStatus
606     )
607 {
608     PSDevice             pDevice = (PSDevice)hDeviceContext;
609     PSTxMgmtPacket          pTxPacket;
610
611
612
613     pMgmt->wCurrCapInfo = 0;
614     pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_ESS(1);
615     if (pDevice->bEncryptionEnable) {
616         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_PRIVACY(1);
617     }
618
619     //if (pDevice->byPreambleType == 1) {
620     //    pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
621     //}
622     pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
623
624     if (pMgmt->wListenInterval == 0)
625         pMgmt->wListenInterval = 1;    // at least one.
626
627
628     // ERP Phy (802.11g) should support short preamble.
629     if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
630         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
631         if (CARDbIsShorSlotTime(pMgmt->pAdapter) == TRUE) {
632             pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTSLOTTIME(1);
633         }
634     } else if (pMgmt->eCurrentPHYMode == PHY_TYPE_11B) {
635         if (CARDbIsShortPreamble(pMgmt->pAdapter) == TRUE) {
636             pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
637         }
638     }
639     if (pMgmt->b11hEnable == TRUE)
640         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SPECTRUMMNG(1);
641
642
643     pTxPacket = s_MgrMakeReAssocRequest
644                 (
645                   pDevice,
646                   pMgmt,
647                   pMgmt->abyCurrBSSID,
648                   pMgmt->wCurrCapInfo,
649                   pMgmt->wListenInterval,
650                   (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
651                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
652                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
653                 );
654
655     if (pTxPacket != NULL ){
656         /* send the frame */
657         *pStatus = csMgmt_xmit(pDevice, pTxPacket);
658         if (*pStatus != CMD_STATUS_PENDING) {
659             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Reassociation tx failed.\n");
660         }
661         else {
662             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Reassociation tx sending.\n");
663         }
664     }
665
666
667     return ;
668 }
669
670 /*+
671  *
672  * Routine Description:
673  *    Send an dis-association request frame to the AP.
674  *
675  * Return Value:
676  *    None.
677  *
678 -*/
679
680 VOID
681 vMgrDisassocBeginSta(
682     IN  HANDLE hDeviceContext,
683     IN  PSMgmtObject pMgmt,
684     IN  PBYTE  abyDestAddress,
685     IN  WORD    wReason,
686     OUT PCMD_STATUS pStatus
687     )
688 {
689     PSDevice            pDevice = (PSDevice)hDeviceContext;
690     PSTxMgmtPacket      pTxPacket = NULL;
691     WLAN_FR_DISASSOC    sFrame;
692
693     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
694     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_DISASSOC_FR_MAXLEN);
695     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
696
697     // Setup the sFrame structure
698     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
699     sFrame.len = WLAN_DISASSOC_FR_MAXLEN;
700
701     // format fixed field frame structure
702     vMgrEncodeDisassociation(&sFrame);
703
704     // Setup the header
705     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
706         (
707         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
708         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_DISASSOC)
709         ));
710
711     memcpy( sFrame.pHdr->sA3.abyAddr1, abyDestAddress, WLAN_ADDR_LEN);
712     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
713     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
714
715     // Set reason code
716     *(sFrame.pwReason) = cpu_to_le16(wReason);
717     pTxPacket->cbMPDULen = sFrame.len;
718     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
719
720     // send the frame
721     *pStatus = csMgmt_xmit(pDevice, pTxPacket);
722     if (*pStatus == CMD_STATUS_PENDING) {
723         pMgmt->eCurrState = WMAC_STATE_IDLE;
724         *pStatus = CMD_STATUS_SUCCESS;
725     };
726
727     return;
728 }
729
730
731
732 /*+
733  *
734  * Routine Description:(AP function)
735  *    Handle incoming station association request frames.
736  *
737  * Return Value:
738  *    None.
739  *
740 -*/
741
742 static
743 VOID
744 s_vMgrRxAssocRequest(
745     IN PSDevice pDevice,
746     IN PSMgmtObject pMgmt,
747     IN PSRxMgmtPacket pRxPacket,
748     IN UINT uNodeIndex
749     )
750 {
751     WLAN_FR_ASSOCREQ    sFrame;
752     CMD_STATUS          Status;
753     PSTxMgmtPacket      pTxPacket;
754     WORD                wAssocStatus = 0;
755     WORD                wAssocAID = 0;
756     UINT                uRateLen = WLAN_RATES_MAXLEN;
757     BYTE                abyCurrSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
758     BYTE                abyCurrExtSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
759
760
761     if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP)
762         return;
763     //  node index not found
764     if (!uNodeIndex)
765         return;
766
767     //check if node is authenticated
768     //decode the frame
769     memset(&sFrame, 0, sizeof(WLAN_FR_ASSOCREQ));
770     memset(abyCurrSuppRates, 0, WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1);
771     memset(abyCurrExtSuppRates, 0, WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1);
772     sFrame.len = pRxPacket->cbMPDULen;
773     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
774
775     vMgrDecodeAssocRequest(&sFrame);
776
777     if (pMgmt->sNodeDBTable[uNodeIndex].eNodeState >= NODE_AUTH) {
778         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_ASSOC;
779         pMgmt->sNodeDBTable[uNodeIndex].wCapInfo = cpu_to_le16(*sFrame.pwCapInfo);
780         pMgmt->sNodeDBTable[uNodeIndex].wListenInterval = cpu_to_le16(*sFrame.pwListenInterval);
781         pMgmt->sNodeDBTable[uNodeIndex].bPSEnable =
782                 WLAN_GET_FC_PWRMGT(sFrame.pHdr->sA3.wFrameCtl) ? TRUE : FALSE;
783         // Todo: check sta basic rate, if ap can't support, set status code
784         if (pDevice->eCurrentPHYType == PHY_TYPE_11B) {
785             uRateLen = WLAN_RATES_MAXLEN_11B;
786         }
787         abyCurrSuppRates[0] = WLAN_EID_SUPP_RATES;
788         abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
789                                          (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
790                                          uRateLen);
791         abyCurrExtSuppRates[0] = WLAN_EID_EXTSUPP_RATES;
792         if (pDevice->eCurrentPHYType == PHY_TYPE_11G) {
793             abyCurrExtSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pExtSuppRates,
794                                                 (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
795                                                 uRateLen);
796         } else {
797             abyCurrExtSuppRates[1] = 0;
798         }
799
800
801         RATEvParseMaxRate((PVOID)pDevice,
802                            (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
803                            (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
804                            FALSE, // do not change our basic rate
805                            &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
806                            &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
807                            &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
808                            &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
809                            &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
810                           );
811
812         // set max tx rate
813         pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate =
814                 pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate;
815 #ifdef  PLICE_DEBUG
816         printk("RxAssocRequest:wTxDataRate is %d\n",pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate);
817 #endif
818                 // Todo: check sta preamble, if ap can't support, set status code
819         pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble =
820                 WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo);
821         pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime =
822                 WLAN_GET_CAP_INFO_SHORTSLOTTIME(*sFrame.pwCapInfo);
823         pMgmt->sNodeDBTable[uNodeIndex].wAID = (WORD)uNodeIndex;
824         wAssocStatus = WLAN_MGMT_STATUS_SUCCESS;
825         wAssocAID = (WORD)uNodeIndex;
826         // check if ERP support
827         if(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate > RATE_11M)
828            pMgmt->sNodeDBTable[uNodeIndex].bERPExist = TRUE;
829
830         if (pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate <= RATE_11M) {
831             // B only STA join
832             pDevice->bProtectMode = TRUE;
833             pDevice->bNonERPPresent = TRUE;
834         }
835         if (pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble == FALSE) {
836             pDevice->bBarkerPreambleMd = TRUE;
837         }
838
839         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "Associate AID= %d \n", wAssocAID);
840         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "MAC=%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X \n",
841                    sFrame.pHdr->sA3.abyAddr2[0],
842                    sFrame.pHdr->sA3.abyAddr2[1],
843                    sFrame.pHdr->sA3.abyAddr2[2],
844                    sFrame.pHdr->sA3.abyAddr2[3],
845                    sFrame.pHdr->sA3.abyAddr2[4],
846                    sFrame.pHdr->sA3.abyAddr2[5]
847                   ) ;
848         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "Max Support rate = %d \n",
849                    pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate);
850     }//else { TODO: received STA under state1 handle }
851     else {
852         return;
853     }
854
855
856     // assoc response reply..
857     pTxPacket = s_MgrMakeAssocResponse
858                 (
859                   pDevice,
860                   pMgmt,
861                   pMgmt->wCurrCapInfo,
862                   wAssocStatus,
863                   wAssocAID,
864                   sFrame.pHdr->sA3.abyAddr2,
865                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
866                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
867                 );
868     if (pTxPacket != NULL ){
869
870         if (pDevice->bEnableHostapd) {
871             return;
872         }
873         /* send the frame */
874         Status = csMgmt_xmit(pDevice, pTxPacket);
875         if (Status != CMD_STATUS_PENDING) {
876             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Assoc response tx failed\n");
877         }
878         else {
879             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Assoc response tx sending..\n");
880         }
881
882     }
883
884     return;
885 }
886
887
888 /*+
889  *
890  * Description:(AP function)
891  *      Handle incoming station re-association request frames.
892  *
893  * Parameters:
894  *  In:
895  *      pMgmt           - Management Object structure
896  *      pRxPacket       - Received Packet
897  *  Out:
898  *      none
899  *
900  * Return Value: None.
901  *
902 -*/
903
904 static
905 VOID
906 s_vMgrRxReAssocRequest(
907     IN PSDevice pDevice,
908     IN PSMgmtObject pMgmt,
909     IN PSRxMgmtPacket pRxPacket,
910     IN UINT uNodeIndex
911     )
912 {
913     WLAN_FR_REASSOCREQ    sFrame;
914     CMD_STATUS          Status;
915     PSTxMgmtPacket      pTxPacket;
916     WORD                wAssocStatus = 0;
917     WORD                wAssocAID = 0;
918     UINT                uRateLen = WLAN_RATES_MAXLEN;
919     BYTE                abyCurrSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
920     BYTE                abyCurrExtSuppRates[WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1];
921
922     if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP)
923         return;
924     //  node index not found
925     if (!uNodeIndex)
926         return;
927     //check if node is authenticated
928     //decode the frame
929     memset(&sFrame, 0, sizeof(WLAN_FR_REASSOCREQ));
930     sFrame.len = pRxPacket->cbMPDULen;
931     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
932     vMgrDecodeReassocRequest(&sFrame);
933
934     if (pMgmt->sNodeDBTable[uNodeIndex].eNodeState >= NODE_AUTH) {
935         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_ASSOC;
936         pMgmt->sNodeDBTable[uNodeIndex].wCapInfo = cpu_to_le16(*sFrame.pwCapInfo);
937         pMgmt->sNodeDBTable[uNodeIndex].wListenInterval = cpu_to_le16(*sFrame.pwListenInterval);
938         pMgmt->sNodeDBTable[uNodeIndex].bPSEnable =
939                 WLAN_GET_FC_PWRMGT(sFrame.pHdr->sA3.wFrameCtl) ? TRUE : FALSE;
940         // Todo: check sta basic rate, if ap can't support, set status code
941
942         if (pDevice->eCurrentPHYType == PHY_TYPE_11B) {
943             uRateLen = WLAN_RATES_MAXLEN_11B;
944         }
945
946         abyCurrSuppRates[0] = WLAN_EID_SUPP_RATES;
947         abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
948                                          (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
949                                          uRateLen);
950         abyCurrExtSuppRates[0] = WLAN_EID_EXTSUPP_RATES;
951         if (pDevice->eCurrentPHYType == PHY_TYPE_11G) {
952             abyCurrExtSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pExtSuppRates,
953                                                 (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
954                                                 uRateLen);
955         } else {
956             abyCurrExtSuppRates[1] = 0;
957         }
958
959
960         RATEvParseMaxRate((PVOID)pDevice,
961                           (PWLAN_IE_SUPP_RATES)abyCurrSuppRates,
962                           (PWLAN_IE_SUPP_RATES)abyCurrExtSuppRates,
963                            FALSE, // do not change our basic rate
964                            &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
965                            &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
966                            &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
967                            &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
968                            &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
969                           );
970
971         // set max tx rate
972         pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate =
973                 pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate;
974 #ifdef  PLICE_DEBUG
975         printk("RxReAssocRequest:TxDataRate is %d\n",pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate);
976 #endif
977                 // Todo: check sta preamble, if ap can't support, set status code
978         pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble =
979                 WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo);
980         pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime =
981                 WLAN_GET_CAP_INFO_SHORTSLOTTIME(*sFrame.pwCapInfo);
982         pMgmt->sNodeDBTable[uNodeIndex].wAID = (WORD)uNodeIndex;
983         wAssocStatus = WLAN_MGMT_STATUS_SUCCESS;
984         wAssocAID = (WORD)uNodeIndex;
985
986         // if suppurt ERP
987         if(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate > RATE_11M)
988            pMgmt->sNodeDBTable[uNodeIndex].bERPExist = TRUE;
989
990         if (pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate <= RATE_11M) {
991             // B only STA join
992             pDevice->bProtectMode = TRUE;
993             pDevice->bNonERPPresent = TRUE;
994         }
995         if (pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble == FALSE) {
996             pDevice->bBarkerPreambleMd = TRUE;
997         }
998
999         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "Rx ReAssociate AID= %d \n", wAssocAID);
1000         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "MAC=%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X \n",
1001                    sFrame.pHdr->sA3.abyAddr2[0],
1002                    sFrame.pHdr->sA3.abyAddr2[1],
1003                    sFrame.pHdr->sA3.abyAddr2[2],
1004                    sFrame.pHdr->sA3.abyAddr2[3],
1005                    sFrame.pHdr->sA3.abyAddr2[4],
1006                    sFrame.pHdr->sA3.abyAddr2[5]
1007                   ) ;
1008         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "Max Support rate = %d \n",
1009                    pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate);
1010
1011     }
1012
1013
1014     // assoc response reply..
1015     pTxPacket = s_MgrMakeReAssocResponse
1016                 (
1017                   pDevice,
1018                   pMgmt,
1019                   pMgmt->wCurrCapInfo,
1020                   wAssocStatus,
1021                   wAssocAID,
1022                   sFrame.pHdr->sA3.abyAddr2,
1023                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
1024                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
1025                 );
1026
1027     if (pTxPacket != NULL ){
1028         /* send the frame */
1029         if (pDevice->bEnableHostapd) {
1030             return;
1031         }
1032         Status = csMgmt_xmit(pDevice, pTxPacket);
1033         if (Status != CMD_STATUS_PENDING) {
1034             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:ReAssoc response tx failed\n");
1035         }
1036         else {
1037             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:ReAssoc response tx sending..\n");
1038         }
1039     }
1040     return;
1041 }
1042
1043
1044 /*+
1045  *
1046  * Routine Description:
1047  *    Handle incoming association response frames.
1048  *
1049  * Return Value:
1050  *    None.
1051  *
1052 -*/
1053
1054 static
1055 VOID
1056 s_vMgrRxAssocResponse(
1057     IN PSDevice pDevice,
1058     IN PSMgmtObject pMgmt,
1059     IN PSRxMgmtPacket pRxPacket,
1060     IN BOOL bReAssocType
1061     )
1062 {
1063     WLAN_FR_ASSOCRESP   sFrame;
1064     PWLAN_IE_SSID   pItemSSID;
1065     PBYTE   pbyIEs;
1066     viawget_wpa_header *wpahdr;
1067
1068
1069
1070     if (pMgmt->eCurrState == WMAC_STATE_ASSOCPENDING ||
1071          pMgmt->eCurrState == WMAC_STATE_ASSOC) {
1072
1073         sFrame.len = pRxPacket->cbMPDULen;
1074         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1075         // decode the frame
1076         vMgrDecodeAssocResponse(&sFrame);
1077         if ((sFrame.pwCapInfo == 0) ||
1078             (sFrame.pwStatus == 0) ||
1079             (sFrame.pwAid == 0) ||
1080             (sFrame.pSuppRates == 0)){
1081             DBG_PORT80(0xCC);
1082             return;
1083         };
1084
1085         pMgmt->sAssocInfo.AssocInfo.ResponseFixedIEs.Capabilities = *(sFrame.pwCapInfo);
1086         pMgmt->sAssocInfo.AssocInfo.ResponseFixedIEs.StatusCode = *(sFrame.pwStatus);
1087         pMgmt->sAssocInfo.AssocInfo.ResponseFixedIEs.AssociationId = *(sFrame.pwAid);
1088         pMgmt->sAssocInfo.AssocInfo.AvailableResponseFixedIEs |= 0x07;
1089
1090         pMgmt->sAssocInfo.AssocInfo.ResponseIELength = sFrame.len - 24 - 6;
1091         pMgmt->sAssocInfo.AssocInfo.OffsetResponseIEs = pMgmt->sAssocInfo.AssocInfo.OffsetRequestIEs + pMgmt->sAssocInfo.AssocInfo.RequestIELength;
1092         pbyIEs = pMgmt->sAssocInfo.abyIEs;
1093         pbyIEs += pMgmt->sAssocInfo.AssocInfo.RequestIELength;
1094         memcpy(pbyIEs, (sFrame.pBuf + 24 +6), pMgmt->sAssocInfo.AssocInfo.ResponseIELength);
1095
1096         // save values and set current BSS state
1097         if (cpu_to_le16((*(sFrame.pwStatus))) == WLAN_MGMT_STATUS_SUCCESS ){
1098             // set AID
1099             pMgmt->wCurrAID = cpu_to_le16((*(sFrame.pwAid)));
1100             if ( (pMgmt->wCurrAID >> 14) != (BIT0 | BIT1) )
1101             {
1102                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "AID from AP, has two msb clear.\n");
1103             };
1104             DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "Association Successful, AID=%d.\n", pMgmt->wCurrAID & ~(BIT14|BIT15));
1105             pMgmt->eCurrState = WMAC_STATE_ASSOC;
1106             BSSvUpdateAPNode((HANDLE)pDevice, sFrame.pwCapInfo, sFrame.pSuppRates, sFrame.pExtSuppRates);
1107             pItemSSID = (PWLAN_IE_SSID)pMgmt->abyCurrSSID;
1108             DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "Link with AP(SSID): %s\n", pItemSSID->abySSID);
1109             pDevice->bLinkPass = TRUE;
1110             pDevice->uBBVGADiffCount = 0;
1111             if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
1112           if(skb_tailroom(pDevice->skb) <(sizeof(viawget_wpa_header)+pMgmt->sAssocInfo.AssocInfo.ResponseIELength+
1113                                                                          pMgmt->sAssocInfo.AssocInfo.RequestIELength)) {    //data room not enough
1114                      dev_kfree_skb(pDevice->skb);
1115                    pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1116                 }
1117                 wpahdr = (viawget_wpa_header *)pDevice->skb->data;
1118                 wpahdr->type = VIAWGET_ASSOC_MSG;
1119                 wpahdr->resp_ie_len = pMgmt->sAssocInfo.AssocInfo.ResponseIELength;
1120                 wpahdr->req_ie_len = pMgmt->sAssocInfo.AssocInfo.RequestIELength;
1121                 memcpy(pDevice->skb->data + sizeof(viawget_wpa_header), pMgmt->sAssocInfo.abyIEs, wpahdr->req_ie_len);
1122                 memcpy(pDevice->skb->data + sizeof(viawget_wpa_header) + wpahdr->req_ie_len,
1123                        pbyIEs,
1124                        wpahdr->resp_ie_len
1125                        );
1126                 skb_put(pDevice->skb, sizeof(viawget_wpa_header) + wpahdr->resp_ie_len + wpahdr->req_ie_len);
1127                 pDevice->skb->dev = pDevice->wpadev;
1128                 pDevice->skb->mac_header = pDevice->skb->data;
1129                 pDevice->skb->pkt_type = PACKET_HOST;
1130                 pDevice->skb->protocol = htons(ETH_P_802_2);
1131                 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
1132                 netif_rx(pDevice->skb);
1133                 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1134             }
1135
1136 //2008-0409-07, <Add> by Einsn Liu
1137 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1138         //if(pDevice->bWPADevEnable == TRUE)
1139                 {
1140                 BYTE buf[512];
1141                 size_t len;
1142                 union iwreq_data  wrqu;
1143                 int we_event;
1144
1145                 memset(buf, 0, 512);
1146
1147                 len = pMgmt->sAssocInfo.AssocInfo.RequestIELength;
1148                 if(len) {
1149                         memcpy(buf, pMgmt->sAssocInfo.abyIEs, len);
1150                         memset(&wrqu, 0, sizeof (wrqu));
1151                         wrqu.data.length = len;
1152                         we_event = IWEVASSOCREQIE;
1153                         wireless_send_event(pDevice->dev, we_event, &wrqu, buf);
1154                 }
1155
1156                 memset(buf, 0, 512);
1157                 len = pMgmt->sAssocInfo.AssocInfo.ResponseIELength;
1158
1159                 if(len) {
1160                         memcpy(buf, pbyIEs, len);
1161                         memset(&wrqu, 0, sizeof (wrqu));
1162                         wrqu.data.length = len;
1163                         we_event = IWEVASSOCRESPIE;
1164                         wireless_send_event(pDevice->dev, we_event, &wrqu, buf);
1165                 }
1166
1167
1168   memset(&wrqu, 0, sizeof (wrqu));
1169         memcpy(wrqu.ap_addr.sa_data, &pMgmt->abyCurrBSSID[0], ETH_ALEN);
1170         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1171         wireless_send_event(pDevice->dev, SIOCGIWAP, &wrqu, NULL);
1172         }
1173 #endif //#ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1174 //End Add -- //2008-0409-07, <Add> by Einsn Liu
1175                 }
1176         else {
1177             if (bReAssocType) {
1178                 pMgmt->eCurrState = WMAC_STATE_IDLE;
1179             }
1180             else {
1181                 // jump back to the auth state and indicate the error
1182                 pMgmt->eCurrState = WMAC_STATE_AUTH;
1183             }
1184             s_vMgrLogStatus(pMgmt,cpu_to_le16((*(sFrame.pwStatus))));
1185         }
1186
1187     }
1188
1189 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1190 //need clear flags related to Networkmanager
1191
1192               pDevice->bwextcount = 0;
1193               pDevice->bWPASuppWextEnabled = FALSE;
1194 #endif
1195
1196
1197 if(pMgmt->eCurrState == WMAC_STATE_ASSOC)
1198       timer_expire(pDevice->sTimerCommand, 0);
1199     return;
1200 }
1201
1202
1203
1204 /*+
1205  *
1206  * Routine Description:
1207  *    Start the station authentication procedure.  Namely, send an
1208  *    authentication frame to the AP.
1209  *
1210  * Return Value:
1211  *    None.
1212  *
1213 -*/
1214
1215 VOID
1216 vMgrAuthenBeginSta(
1217     IN  HANDLE hDeviceContext,
1218     IN  PSMgmtObject  pMgmt,
1219     OUT PCMD_STATUS pStatus
1220     )
1221 {
1222     PSDevice     pDevice = (PSDevice)hDeviceContext;
1223     WLAN_FR_AUTHEN  sFrame;
1224     PSTxMgmtPacket  pTxPacket = NULL;
1225
1226     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1227     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1228     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1229     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1230     sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1231     vMgrEncodeAuthen(&sFrame);
1232     /* insert values */
1233     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1234         (
1235         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1236         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)
1237         ));
1238     memcpy( sFrame.pHdr->sA3.abyAddr1, pMgmt->abyCurrBSSID, WLAN_ADDR_LEN);
1239     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1240     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1241     if (pMgmt->bShareKeyAlgorithm)
1242         *(sFrame.pwAuthAlgorithm) = cpu_to_le16(WLAN_AUTH_ALG_SHAREDKEY);
1243     else
1244         *(sFrame.pwAuthAlgorithm) = cpu_to_le16(WLAN_AUTH_ALG_OPENSYSTEM);
1245
1246     *(sFrame.pwAuthSequence) = cpu_to_le16(1);
1247     /* Adjust the length fields */
1248     pTxPacket->cbMPDULen = sFrame.len;
1249     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1250
1251     *pStatus = csMgmt_xmit(pDevice, pTxPacket);
1252     if (*pStatus == CMD_STATUS_PENDING){
1253         pMgmt->eCurrState = WMAC_STATE_AUTHPENDING;
1254         *pStatus = CMD_STATUS_SUCCESS;
1255     }
1256
1257     return ;
1258 }
1259
1260
1261
1262 /*+
1263  *
1264  * Routine Description:
1265  *    Start the station(AP) deauthentication procedure.  Namely, send an
1266  *    deauthentication frame to the AP or Sta.
1267  *
1268  * Return Value:
1269  *    None.
1270  *
1271 -*/
1272
1273 VOID
1274 vMgrDeAuthenBeginSta(
1275     IN  HANDLE hDeviceContext,
1276     IN  PSMgmtObject  pMgmt,
1277     IN  PBYTE  abyDestAddress,
1278     IN  WORD    wReason,
1279     OUT PCMD_STATUS pStatus
1280     )
1281 {
1282     PSDevice            pDevice = (PSDevice)hDeviceContext;
1283     WLAN_FR_DEAUTHEN    sFrame;
1284     PSTxMgmtPacket      pTxPacket = NULL;
1285
1286
1287     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1288     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_DEAUTHEN_FR_MAXLEN);
1289     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1290     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1291     sFrame.len = WLAN_DEAUTHEN_FR_MAXLEN;
1292     vMgrEncodeDeauthen(&sFrame);
1293     /* insert values */
1294     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1295         (
1296         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1297         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_DEAUTHEN)
1298         ));
1299
1300     memcpy( sFrame.pHdr->sA3.abyAddr1, abyDestAddress, WLAN_ADDR_LEN);
1301     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1302     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1303
1304     *(sFrame.pwReason) = cpu_to_le16(wReason);       // deauthen. bcs left BSS
1305     /* Adjust the length fields */
1306     pTxPacket->cbMPDULen = sFrame.len;
1307     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1308
1309     *pStatus = csMgmt_xmit(pDevice, pTxPacket);
1310     if (*pStatus == CMD_STATUS_PENDING){
1311         *pStatus = CMD_STATUS_SUCCESS;
1312     }
1313
1314
1315     return ;
1316 }
1317
1318
1319 /*+
1320  *
1321  * Routine Description:
1322  *    Handle incoming authentication frames.
1323  *
1324  * Return Value:
1325  *    None.
1326  *
1327 -*/
1328
1329 static
1330 VOID
1331 s_vMgrRxAuthentication(
1332     IN PSDevice pDevice,
1333     IN PSMgmtObject pMgmt,
1334     IN PSRxMgmtPacket pRxPacket
1335     )
1336 {
1337     WLAN_FR_AUTHEN  sFrame;
1338
1339     // we better be an AP or a STA in AUTHPENDING otherwise ignore
1340     if (!(pMgmt->eCurrMode == WMAC_MODE_ESS_AP ||
1341           pMgmt->eCurrState == WMAC_STATE_AUTHPENDING)) {
1342         return;
1343     }
1344
1345     // decode the frame
1346     sFrame.len = pRxPacket->cbMPDULen;
1347     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1348     vMgrDecodeAuthen(&sFrame);
1349     switch (cpu_to_le16((*(sFrame.pwAuthSequence )))){
1350         case 1:
1351             //AP funciton
1352             s_vMgrRxAuthenSequence_1(pDevice,pMgmt, &sFrame);
1353             break;
1354         case 2:
1355             s_vMgrRxAuthenSequence_2(pDevice, pMgmt, &sFrame);
1356             break;
1357         case 3:
1358             //AP funciton
1359             s_vMgrRxAuthenSequence_3(pDevice, pMgmt, &sFrame);
1360             break;
1361         case 4:
1362             s_vMgrRxAuthenSequence_4(pDevice, pMgmt, &sFrame);
1363             break;
1364         default:
1365             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Auth Sequence error, seq = %d\n",
1366                         cpu_to_le16((*(sFrame.pwAuthSequence))));
1367             break;
1368     }
1369     return;
1370 }
1371
1372
1373
1374 /*+
1375  *
1376  * Routine Description:
1377  *   Handles incoming authen frames with sequence 1.  Currently
1378  *   assumes we're an AP.  So far, no one appears to use authentication
1379  *   in Ad-Hoc mode.
1380  *
1381  * Return Value:
1382  *    None.
1383  *
1384 -*/
1385
1386
1387 static
1388 VOID
1389 s_vMgrRxAuthenSequence_1(
1390     IN PSDevice pDevice,
1391     IN PSMgmtObject pMgmt,
1392     IN PWLAN_FR_AUTHEN pFrame
1393      )
1394 {
1395     PSTxMgmtPacket      pTxPacket = NULL;
1396     UINT                uNodeIndex;
1397     WLAN_FR_AUTHEN      sFrame;
1398     PSKeyItem           pTransmitKey;
1399
1400     // Insert a Node entry
1401     if (!BSSDBbIsSTAInNodeDB(pMgmt, pFrame->pHdr->sA3.abyAddr2, &uNodeIndex)) {
1402         BSSvCreateOneNode((PSDevice)pDevice, &uNodeIndex);
1403         memcpy(pMgmt->sNodeDBTable[uNodeIndex].abyMACAddr, pFrame->pHdr->sA3.abyAddr2,
1404                WLAN_ADDR_LEN);
1405     }
1406
1407     if (pMgmt->bShareKeyAlgorithm) {
1408         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_KNOWN;
1409         pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence = 1;
1410     }
1411     else {
1412         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_AUTH;
1413     }
1414
1415     // send auth reply
1416     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1417     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1418     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1419     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1420     sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1421     // format buffer structure
1422     vMgrEncodeAuthen(&sFrame);
1423     // insert values
1424     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1425          (
1426          WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1427          WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)|
1428          WLAN_SET_FC_ISWEP(0)
1429          ));
1430     memcpy( sFrame.pHdr->sA3.abyAddr1, pFrame->pHdr->sA3.abyAddr2, WLAN_ADDR_LEN);
1431     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1432     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1433     *(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
1434     *(sFrame.pwAuthSequence) = cpu_to_le16(2);
1435
1436     if (cpu_to_le16(*(pFrame->pwAuthAlgorithm)) == WLAN_AUTH_ALG_SHAREDKEY) {
1437         if (pMgmt->bShareKeyAlgorithm)
1438             *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_SUCCESS);
1439         else
1440             *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_UNSUPPORTED_AUTHALG);
1441     }
1442     else {
1443         if (pMgmt->bShareKeyAlgorithm)
1444             *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_UNSUPPORTED_AUTHALG);
1445         else
1446             *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_SUCCESS);
1447     }
1448
1449     if (pMgmt->bShareKeyAlgorithm &&
1450         (cpu_to_le16(*(sFrame.pwStatus)) == WLAN_MGMT_STATUS_SUCCESS)) {
1451
1452         sFrame.pChallenge = (PWLAN_IE_CHALLENGE)(sFrame.pBuf + sFrame.len);
1453         sFrame.len += WLAN_CHALLENGE_IE_LEN;
1454         sFrame.pChallenge->byElementID = WLAN_EID_CHALLENGE;
1455         sFrame.pChallenge->len = WLAN_CHALLENGE_LEN;
1456         memset(pMgmt->abyChallenge, 0, WLAN_CHALLENGE_LEN);
1457         // get group key
1458         if(KeybGetTransmitKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, GROUP_KEY, &pTransmitKey) == TRUE) {
1459             rc4_init(&pDevice->SBox, pDevice->abyPRNG, pTransmitKey->uKeyLength+3);
1460             rc4_encrypt(&pDevice->SBox, pMgmt->abyChallenge, pMgmt->abyChallenge, WLAN_CHALLENGE_LEN);
1461         }
1462         memcpy(sFrame.pChallenge->abyChallenge, pMgmt->abyChallenge , WLAN_CHALLENGE_LEN);
1463     }
1464
1465     /* Adjust the length fields */
1466     pTxPacket->cbMPDULen = sFrame.len;
1467     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1468     // send the frame
1469     if (pDevice->bEnableHostapd) {
1470         return;
1471     }
1472     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_1 tx.. \n");
1473     if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
1474         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_1 tx failed.\n");
1475     }
1476     return;
1477 }
1478
1479
1480
1481 /*+
1482  *
1483  * Routine Description:
1484  *   Handles incoming auth frames with sequence number 2.  Currently
1485  *   assumes we're a station.
1486  *
1487  *
1488  * Return Value:
1489  *    None.
1490  *
1491 -*/
1492
1493 static
1494 VOID
1495 s_vMgrRxAuthenSequence_2(
1496     IN PSDevice pDevice,
1497     IN PSMgmtObject pMgmt,
1498     IN PWLAN_FR_AUTHEN pFrame
1499     )
1500 {
1501     WLAN_FR_AUTHEN      sFrame;
1502     PSTxMgmtPacket      pTxPacket = NULL;
1503
1504
1505     switch (cpu_to_le16((*(pFrame->pwAuthAlgorithm))))
1506     {
1507         case WLAN_AUTH_ALG_OPENSYSTEM:
1508             if ( cpu_to_le16((*(pFrame->pwStatus))) == WLAN_MGMT_STATUS_SUCCESS ){
1509                 DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (OPEN) Successful.\n");
1510                 pMgmt->eCurrState = WMAC_STATE_AUTH;
1511          timer_expire(pDevice->sTimerCommand, 0);
1512             }
1513             else {
1514                 DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (OPEN) Failed.\n");
1515                 s_vMgrLogStatus(pMgmt, cpu_to_le16((*(pFrame->pwStatus))));
1516                 pMgmt->eCurrState = WMAC_STATE_IDLE;
1517             }
1518             if (pDevice->eCommandState == WLAN_AUTHENTICATE_WAIT ) {
1519 //                spin_unlock_irq(&pDevice->lock);
1520 //                vCommandTimerWait((HANDLE)pDevice, 0);
1521 //                spin_lock_irq(&pDevice->lock);
1522             }
1523
1524             break;
1525
1526         case WLAN_AUTH_ALG_SHAREDKEY:
1527
1528             if (cpu_to_le16((*(pFrame->pwStatus))) == WLAN_MGMT_STATUS_SUCCESS) {
1529                 pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1530                 memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1531                 pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1532                 sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1533                 sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1534                 // format buffer structure
1535                 vMgrEncodeAuthen(&sFrame);
1536                 // insert values
1537                 sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1538                      (
1539                      WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1540                      WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)|
1541                      WLAN_SET_FC_ISWEP(1)
1542                      ));
1543                 memcpy( sFrame.pHdr->sA3.abyAddr1, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1544                 memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1545                 memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1546                 *(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
1547                 *(sFrame.pwAuthSequence) = cpu_to_le16(3);
1548                 *(sFrame.pwStatus) = cpu_to_le16(WLAN_MGMT_STATUS_SUCCESS);
1549                 sFrame.pChallenge = (PWLAN_IE_CHALLENGE)(sFrame.pBuf + sFrame.len);
1550                 sFrame.len += WLAN_CHALLENGE_IE_LEN;
1551                 sFrame.pChallenge->byElementID = WLAN_EID_CHALLENGE;
1552                 sFrame.pChallenge->len = WLAN_CHALLENGE_LEN;
1553                 memcpy( sFrame.pChallenge->abyChallenge, pFrame->pChallenge->abyChallenge, WLAN_CHALLENGE_LEN);
1554                 // Adjust the length fields
1555                 pTxPacket->cbMPDULen = sFrame.len;
1556                 pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1557                 // send the frame
1558                 if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
1559                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Auth_reply sequence_2 tx failed.\n");
1560                 }
1561                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Auth_reply sequence_2 tx ...\n");
1562             }
1563             else {
1564                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:rx Auth_reply sequence_2 status error ...\n");
1565                 if ( pDevice->eCommandState == WLAN_AUTHENTICATE_WAIT ) {
1566 //                    spin_unlock_irq(&pDevice->lock);
1567 //                    vCommandTimerWait((HANDLE)pDevice, 0);
1568 //                    spin_lock_irq(&pDevice->lock);
1569                 }
1570                 s_vMgrLogStatus(pMgmt, cpu_to_le16((*(pFrame->pwStatus))));
1571             }
1572             break;
1573         default:
1574             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt: rx auth.seq = 2 unknown AuthAlgorithm=%d\n", cpu_to_le16((*(pFrame->pwAuthAlgorithm))));
1575             break;
1576     }
1577     return;
1578 }
1579
1580
1581
1582 /*+
1583  *
1584  * Routine Description:
1585  *   Handles incoming authen frames with sequence 3.  Currently
1586  *   assumes we're an AP.  This function assumes the frame has
1587  *   already been successfully decrypted.
1588  *
1589  *
1590  * Return Value:
1591  *    None.
1592  *
1593 -*/
1594
1595 static
1596 VOID
1597 s_vMgrRxAuthenSequence_3(
1598     IN PSDevice pDevice,
1599     IN PSMgmtObject pMgmt,
1600     IN PWLAN_FR_AUTHEN pFrame
1601     )
1602 {
1603     PSTxMgmtPacket      pTxPacket = NULL;
1604     UINT                uStatusCode = 0 ;
1605     UINT                uNodeIndex = 0;
1606     WLAN_FR_AUTHEN      sFrame;
1607
1608     if (!WLAN_GET_FC_ISWEP(pFrame->pHdr->sA3.wFrameCtl)) {
1609         uStatusCode = WLAN_MGMT_STATUS_CHALLENGE_FAIL;
1610         goto reply;
1611     }
1612     if (BSSDBbIsSTAInNodeDB(pMgmt, pFrame->pHdr->sA3.abyAddr2, &uNodeIndex)) {
1613          if (pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence != 1) {
1614             uStatusCode = WLAN_MGMT_STATUS_RX_AUTH_NOSEQ;
1615             goto reply;
1616          }
1617          if (memcmp(pMgmt->abyChallenge, pFrame->pChallenge->abyChallenge, WLAN_CHALLENGE_LEN) != 0) {
1618             uStatusCode = WLAN_MGMT_STATUS_CHALLENGE_FAIL;
1619             goto reply;
1620          }
1621     }
1622     else {
1623         uStatusCode = WLAN_MGMT_STATUS_UNSPEC_FAILURE;
1624         goto reply;
1625     }
1626
1627     if (uNodeIndex) {
1628         pMgmt->sNodeDBTable[uNodeIndex].eNodeState = NODE_AUTH;
1629         pMgmt->sNodeDBTable[uNodeIndex].byAuthSequence = 0;
1630     }
1631     uStatusCode = WLAN_MGMT_STATUS_SUCCESS;
1632     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Challenge text check ok..\n");
1633
1634 reply:
1635     // send auth reply
1636     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
1637     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_AUTHEN_FR_MAXLEN);
1638     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
1639     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
1640     sFrame.len = WLAN_AUTHEN_FR_MAXLEN;
1641     // format buffer structure
1642     vMgrEncodeAuthen(&sFrame);
1643     /* insert values */
1644     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
1645          (
1646          WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
1647          WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_AUTHEN)|
1648          WLAN_SET_FC_ISWEP(0)
1649          ));
1650     memcpy( sFrame.pHdr->sA3.abyAddr1, pFrame->pHdr->sA3.abyAddr2, WLAN_ADDR_LEN);
1651     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
1652     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
1653     *(sFrame.pwAuthAlgorithm) = *(pFrame->pwAuthAlgorithm);
1654     *(sFrame.pwAuthSequence) = cpu_to_le16(4);
1655     *(sFrame.pwStatus) = cpu_to_le16(uStatusCode);
1656
1657     /* Adjust the length fields */
1658     pTxPacket->cbMPDULen = sFrame.len;
1659     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
1660     // send the frame
1661     if (pDevice->bEnableHostapd) {
1662         return;
1663     }
1664     if (csMgmt_xmit(pDevice, pTxPacket) != CMD_STATUS_PENDING) {
1665         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Authreq_reply sequence_4 tx failed.\n");
1666     }
1667     return;
1668
1669 }
1670
1671
1672
1673 /*+
1674  *
1675  * Routine Description:
1676  *   Handles incoming authen frames with sequence 4
1677  *
1678  *
1679  * Return Value:
1680  *    None.
1681  *
1682 -*/
1683 static
1684 VOID
1685 s_vMgrRxAuthenSequence_4(
1686     IN PSDevice pDevice,
1687     IN PSMgmtObject pMgmt,
1688     IN PWLAN_FR_AUTHEN pFrame
1689     )
1690 {
1691
1692     if ( cpu_to_le16((*(pFrame->pwStatus))) == WLAN_MGMT_STATUS_SUCCESS ){
1693         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (SHAREDKEY) Successful.\n");
1694         pMgmt->eCurrState = WMAC_STATE_AUTH;
1695           timer_expire(pDevice->sTimerCommand, 0);
1696     }
1697     else{
1698         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO "802.11 Authen (SHAREDKEY) Failed.\n");
1699         s_vMgrLogStatus(pMgmt, cpu_to_le16((*(pFrame->pwStatus))) );
1700         pMgmt->eCurrState = WMAC_STATE_IDLE;
1701     }
1702
1703     if ( pDevice->eCommandState == WLAN_AUTHENTICATE_WAIT ) {
1704 //        spin_unlock_irq(&pDevice->lock);
1705 //        vCommandTimerWait((HANDLE)pDevice, 0);
1706 //        spin_lock_irq(&pDevice->lock);
1707     }
1708
1709 }
1710
1711 /*+
1712  *
1713  * Routine Description:
1714  *   Handles incoming disassociation frames
1715  *
1716  *
1717  * Return Value:
1718  *    None.
1719  *
1720 -*/
1721
1722 static
1723 VOID
1724 s_vMgrRxDisassociation(
1725     IN PSDevice pDevice,
1726     IN PSMgmtObject pMgmt,
1727     IN PSRxMgmtPacket pRxPacket
1728     )
1729 {
1730     WLAN_FR_DISASSOC    sFrame;
1731     UINT        uNodeIndex = 0;
1732 //    CMD_STATUS          CmdStatus;
1733     viawget_wpa_header *wpahdr;
1734
1735     if ( pMgmt->eCurrMode == WMAC_MODE_ESS_AP ){
1736         // if is acting an AP..
1737         // a STA is leaving this BSS..
1738         sFrame.len = pRxPacket->cbMPDULen;
1739         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1740         if (BSSDBbIsSTAInNodeDB(pMgmt, pRxPacket->p80211Header->sA3.abyAddr2, &uNodeIndex)) {
1741             BSSvRemoveOneNode(pDevice, uNodeIndex);
1742         }
1743         else {
1744             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rx disassoc, sta not found\n");
1745         }
1746     }
1747     else if (pMgmt->eCurrMode == WMAC_MODE_ESS_STA ){
1748         sFrame.len = pRxPacket->cbMPDULen;
1749         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1750         vMgrDecodeDisassociation(&sFrame);
1751         DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "AP disassociated me, reason=%d.\n", cpu_to_le16(*(sFrame.pwReason)));
1752         //TODO: do something let upper layer know or
1753         //try to send associate packet again because of inactivity timeout
1754       //  if (pMgmt->eCurrState == WMAC_STATE_ASSOC) {
1755        //     vMgrReAssocBeginSta((PSDevice)pDevice, pMgmt, &CmdStatus);
1756       //  };
1757         if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
1758              wpahdr = (viawget_wpa_header *)pDevice->skb->data;
1759              wpahdr->type = VIAWGET_DISASSOC_MSG;
1760              wpahdr->resp_ie_len = 0;
1761              wpahdr->req_ie_len = 0;
1762              skb_put(pDevice->skb, sizeof(viawget_wpa_header));
1763              pDevice->skb->dev = pDevice->wpadev;
1764                  pDevice->skb->mac_header = pDevice->skb->data;
1765
1766              pDevice->skb->pkt_type = PACKET_HOST;
1767              pDevice->skb->protocol = htons(ETH_P_802_2);
1768              memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
1769              netif_rx(pDevice->skb);
1770              pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1771          };
1772
1773  #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1774   // if(pDevice->bWPASuppWextEnabled == TRUE)
1775       {
1776         union iwreq_data  wrqu;
1777         memset(&wrqu, 0, sizeof (wrqu));
1778         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1779         printk("wireless_send_event--->SIOCGIWAP(disassociated)\n");
1780         wireless_send_event(pDevice->dev, SIOCGIWAP, &wrqu, NULL);
1781      }
1782   #endif
1783
1784     }
1785     /* else, ignore it */
1786
1787     return;
1788 }
1789
1790
1791 /*+
1792  *
1793  * Routine Description:
1794  *   Handles incoming deauthentication frames
1795  *
1796  *
1797  * Return Value:
1798  *    None.
1799  *
1800 -*/
1801
1802 static
1803 VOID
1804 s_vMgrRxDeauthentication(
1805     IN PSDevice pDevice,
1806     IN PSMgmtObject pMgmt,
1807     IN PSRxMgmtPacket pRxPacket
1808     )
1809 {
1810     WLAN_FR_DEAUTHEN    sFrame;
1811     UINT        uNodeIndex = 0;
1812     viawget_wpa_header *wpahdr;
1813
1814
1815     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP ){
1816         //Todo:
1817         // if is acting an AP..
1818         // a STA is leaving this BSS..
1819         sFrame.len = pRxPacket->cbMPDULen;
1820         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1821         if (BSSDBbIsSTAInNodeDB(pMgmt, pRxPacket->p80211Header->sA3.abyAddr2, &uNodeIndex)) {
1822             BSSvRemoveOneNode(pDevice, uNodeIndex);
1823         }
1824         else {
1825             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Rx deauth, sta not found\n");
1826         }
1827     }
1828     else {
1829         if (pMgmt->eCurrMode == WMAC_MODE_ESS_STA ) {
1830             sFrame.len = pRxPacket->cbMPDULen;
1831             sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1832             vMgrDecodeDeauthen(&sFrame);
1833             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO  "AP deauthed me, reason=%d.\n", cpu_to_le16((*(sFrame.pwReason))));
1834             // TODO: update BSS list for specific BSSID if pre-authentication case
1835             if (IS_ETH_ADDRESS_EQUAL(sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID)) {
1836                 if (pMgmt->eCurrState >= WMAC_STATE_AUTHPENDING) {
1837                     pMgmt->sNodeDBTable[0].bActive = FALSE;
1838                     pMgmt->eCurrMode = WMAC_MODE_STANDBY;
1839                     pMgmt->eCurrState = WMAC_STATE_IDLE;
1840                     netif_stop_queue(pDevice->dev);
1841                     pDevice->bLinkPass = FALSE;
1842                 }
1843             };
1844
1845             if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) {
1846                  wpahdr = (viawget_wpa_header *)pDevice->skb->data;
1847                  wpahdr->type = VIAWGET_DISASSOC_MSG;
1848                  wpahdr->resp_ie_len = 0;
1849                  wpahdr->req_ie_len = 0;
1850                  skb_put(pDevice->skb, sizeof(viawget_wpa_header));
1851                  pDevice->skb->dev = pDevice->wpadev;
1852                  pDevice->skb->mac_header = pDevice->skb->data;
1853                  pDevice->skb->pkt_type = PACKET_HOST;
1854                  pDevice->skb->protocol = htons(ETH_P_802_2);
1855                  memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb));
1856                  netif_rx(pDevice->skb);
1857                  pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
1858            };
1859
1860            #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
1861   // if(pDevice->bWPASuppWextEnabled == TRUE)
1862       {
1863         union iwreq_data  wrqu;
1864         memset(&wrqu, 0, sizeof (wrqu));
1865         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1866         printk("wireless_send_event--->SIOCGIWAP(disauthen)\n");
1867         wireless_send_event(pDevice->dev, SIOCGIWAP, &wrqu, NULL);
1868      }
1869   #endif
1870
1871         }
1872         /* else, ignore it.  TODO: IBSS authentication service
1873             would be implemented here */
1874     };
1875     return;
1876 }
1877
1878
1879 //2008-8-4 <add> by chester
1880 /*+
1881  *
1882  * Routine Description:
1883  * check if current channel is match ZoneType.
1884  *for USA:1~11;
1885  *      Japan:1~13;
1886  *      Europe:1~13
1887  * Return Value:
1888  *               True:exceed;
1889  *                False:normal case
1890 -*/
1891 static BOOL
1892 ChannelExceedZoneType(
1893     IN PSDevice pDevice,
1894     IN BYTE byCurrChannel
1895     )
1896 {
1897   BOOL exceed=FALSE;
1898
1899   switch(pDevice->byZoneType) {
1900         case 0x00:                  //USA:1~11
1901                      if((byCurrChannel<1) ||(byCurrChannel>11))
1902                         exceed = TRUE;
1903                  break;
1904         case 0x01:                  //Japan:1~13
1905         case 0x02:                  //Europe:1~13
1906                      if((byCurrChannel<1) ||(byCurrChannel>13))
1907                         exceed = TRUE;
1908                  break;
1909         default:                    //reserve for other zonetype
1910                 break;
1911   }
1912
1913   return exceed;
1914 }
1915
1916
1917 /*+
1918  *
1919  * Routine Description:
1920  *   Handles and analysis incoming beacon frames.
1921  *
1922  *
1923  * Return Value:
1924  *    None.
1925  *
1926 -*/
1927
1928 static
1929 VOID
1930 s_vMgrRxBeacon(
1931     IN PSDevice pDevice,
1932     IN PSMgmtObject pMgmt,
1933     IN PSRxMgmtPacket pRxPacket,
1934     IN BOOL bInScan
1935     )
1936 {
1937
1938     PKnownBSS           pBSSList;
1939     WLAN_FR_BEACON      sFrame;
1940     QWORD               qwTSFOffset;
1941     BOOL                bIsBSSIDEqual = FALSE;
1942     BOOL                bIsSSIDEqual = FALSE;
1943     BOOL                bTSFLargeDiff = FALSE;
1944     BOOL                bTSFOffsetPostive = FALSE;
1945     BOOL                bUpdateTSF = FALSE;
1946     BOOL                bIsAPBeacon = FALSE;
1947     BOOL                bIsChannelEqual = FALSE;
1948     UINT                uLocateByteIndex;
1949     BYTE                byTIMBitOn = 0;
1950     WORD                wAIDNumber = 0;
1951     UINT                uNodeIndex;
1952     QWORD               qwTimestamp, qwLocalTSF;
1953     QWORD               qwCurrTSF;
1954     WORD                wStartIndex = 0;
1955     WORD                wAIDIndex = 0;
1956     BYTE                byCurrChannel = pRxPacket->byRxChannel;
1957     ERPObject           sERP;
1958     UINT                uRateLen = WLAN_RATES_MAXLEN;
1959     BOOL                bChannelHit = FALSE;
1960     BOOL                bUpdatePhyParameter = FALSE;
1961     BYTE                byIEChannel = 0;
1962
1963
1964     memset(&sFrame, 0, sizeof(WLAN_FR_BEACON));
1965     sFrame.len = pRxPacket->cbMPDULen;
1966     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
1967
1968     // decode the beacon frame
1969     vMgrDecodeBeacon(&sFrame);
1970
1971     if ((sFrame.pwBeaconInterval == 0) ||
1972         (sFrame.pwCapInfo == 0) ||
1973         (sFrame.pSSID == 0) ||
1974         (sFrame.pSuppRates == 0) ) {
1975         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rx beacon frame error\n");
1976         return;
1977     };
1978
1979
1980     if (sFrame.pDSParms != NULL) {
1981         if (byCurrChannel > CB_MAX_CHANNEL_24G) {
1982             // channel remapping to
1983             byIEChannel = CARDbyGetChannelMapping(pDevice, sFrame.pDSParms->byCurrChannel, PHY_TYPE_11A);
1984         } else {
1985             byIEChannel = sFrame.pDSParms->byCurrChannel;
1986         }
1987         if (byCurrChannel != byIEChannel) {
1988             // adjust channel info. bcs we rcv adjcent channel pakckets
1989             bChannelHit = FALSE;
1990             byCurrChannel = byIEChannel;
1991         }
1992     } else {
1993         // no DS channel info
1994         bChannelHit = TRUE;
1995     }
1996 //2008-0730-01<Add>by MikeLiu
1997 if(ChannelExceedZoneType(pDevice,byCurrChannel)==TRUE)
1998       return;
1999
2000     if (sFrame.pERP != NULL) {
2001         sERP.byERP = sFrame.pERP->byContext;
2002         sERP.bERPExist = TRUE;
2003
2004     } else {
2005         sERP.bERPExist = FALSE;
2006         sERP.byERP = 0;
2007     }
2008
2009     pBSSList = BSSpAddrIsInBSSList((HANDLE)pDevice, sFrame.pHdr->sA3.abyAddr3, sFrame.pSSID);
2010     if (pBSSList == NULL) {
2011         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Beacon/insert: RxChannel = : %d\n", byCurrChannel);
2012         BSSbInsertToBSSList((HANDLE)pDevice,
2013                             sFrame.pHdr->sA3.abyAddr3,
2014                             *sFrame.pqwTimestamp,
2015                             *sFrame.pwBeaconInterval,
2016                             *sFrame.pwCapInfo,
2017                             byCurrChannel,
2018                             sFrame.pSSID,
2019                             sFrame.pSuppRates,
2020                             sFrame.pExtSuppRates,
2021                             &sERP,
2022                             sFrame.pRSN,
2023                             sFrame.pRSNWPA,
2024                             sFrame.pIE_Country,
2025                             sFrame.pIE_Quiet,
2026                             sFrame.len - WLAN_HDR_ADDR3_LEN,
2027                             sFrame.pHdr->sA4.abyAddr4,   // payload of beacon
2028                             (HANDLE)pRxPacket
2029                            );
2030     }
2031     else {
2032 //        DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"update bcn: RxChannel = : %d\n", byCurrChannel);
2033         BSSbUpdateToBSSList((HANDLE)pDevice,
2034                             *sFrame.pqwTimestamp,
2035                             *sFrame.pwBeaconInterval,
2036                             *sFrame.pwCapInfo,
2037                             byCurrChannel,
2038                             bChannelHit,
2039                             sFrame.pSSID,
2040                             sFrame.pSuppRates,
2041                             sFrame.pExtSuppRates,
2042                             &sERP,
2043                             sFrame.pRSN,
2044                             sFrame.pRSNWPA,
2045                             sFrame.pIE_Country,
2046                             sFrame.pIE_Quiet,
2047                             pBSSList,
2048                             sFrame.len - WLAN_HDR_ADDR3_LEN,
2049                             sFrame.pHdr->sA4.abyAddr4,   // payload of probresponse
2050                             (HANDLE)pRxPacket
2051                            );
2052
2053     }
2054
2055     if (bInScan) {
2056         return;
2057     }
2058
2059     if(byCurrChannel == (BYTE)pMgmt->uCurrChannel)
2060        bIsChannelEqual = TRUE;
2061
2062     if (bIsChannelEqual && (pMgmt->eCurrMode == WMAC_MODE_ESS_AP)) {
2063
2064         // if rx beacon without ERP field
2065         if (sERP.bERPExist) {
2066             if (WLAN_GET_ERP_USE_PROTECTION(sERP.byERP)){
2067                 pDevice->byERPFlag |= WLAN_SET_ERP_USE_PROTECTION(1);
2068                 pDevice->wUseProtectCntDown = USE_PROTECT_PERIOD;
2069             }
2070         }
2071         else {
2072             pDevice->byERPFlag |= WLAN_SET_ERP_USE_PROTECTION(1);
2073             pDevice->wUseProtectCntDown = USE_PROTECT_PERIOD;
2074         }
2075
2076         if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
2077             if(!WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo))
2078                 pDevice->byERPFlag |= WLAN_SET_ERP_BARKER_MODE(1);
2079             if(!sERP.bERPExist)
2080                 pDevice->byERPFlag |= WLAN_SET_ERP_NONERP_PRESENT(1);
2081         }
2082
2083         // set to MAC&BBP
2084         if (WLAN_GET_ERP_USE_PROTECTION(pDevice->byERPFlag)){
2085             if (!pDevice->bProtectMode) {
2086                  MACvEnableProtectMD(pDevice->PortOffset);
2087                  pDevice->bProtectMode = TRUE;
2088             }
2089         }
2090     }
2091
2092
2093     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP)
2094         return;
2095
2096     // check if BSSID the same
2097     if (memcmp(sFrame.pHdr->sA3.abyAddr3,
2098                pMgmt->abyCurrBSSID,
2099                WLAN_BSSID_LEN) == 0) {
2100
2101         bIsBSSIDEqual = TRUE;
2102
2103 // 2008-05-21 <add> by Richardtai
2104         pDevice->uCurrRSSI = pRxPacket->uRSSI;
2105         pDevice->byCurrSQ = pRxPacket->bySQ;
2106
2107         if (pMgmt->sNodeDBTable[0].uInActiveCount != 0) {
2108             pMgmt->sNodeDBTable[0].uInActiveCount = 0;
2109             //DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"BCN:Wake Count= [%d]\n", pMgmt->wCountToWakeUp);
2110         }
2111     }
2112     // check if SSID the same
2113     if (sFrame.pSSID->len == ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len) {
2114         if (memcmp(sFrame.pSSID->abySSID,
2115                    ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->abySSID,
2116                    sFrame.pSSID->len
2117                    ) == 0) {
2118             bIsSSIDEqual = TRUE;
2119         };
2120     }
2121
2122     if ((WLAN_GET_CAP_INFO_ESS(*sFrame.pwCapInfo)== TRUE) &&
2123         (bIsBSSIDEqual == TRUE) &&
2124         (bIsSSIDEqual == TRUE) &&
2125         (pMgmt->eCurrMode == WMAC_MODE_ESS_STA) &&
2126         (pMgmt->eCurrState == WMAC_STATE_ASSOC)) {
2127         // add state check to prevent reconnect fail since we'll receive Beacon
2128
2129         bIsAPBeacon = TRUE;
2130
2131         if (pBSSList != NULL) {
2132
2133             // Compare PHY paramater setting
2134             if (pMgmt->wCurrCapInfo != pBSSList->wCapInfo) {
2135                 bUpdatePhyParameter = TRUE;
2136                 pMgmt->wCurrCapInfo = pBSSList->wCapInfo;
2137             }
2138             if (sFrame.pERP != NULL) {
2139                 if ((sFrame.pERP->byElementID == WLAN_EID_ERP) &&
2140                     (pMgmt->byERPContext != sFrame.pERP->byContext)) {
2141                     bUpdatePhyParameter = TRUE;
2142                     pMgmt->byERPContext = sFrame.pERP->byContext;
2143                 }
2144             }
2145             //
2146             // Basic Rate Set may change dynamiclly
2147             //
2148             if (pBSSList->eNetworkTypeInUse == PHY_TYPE_11B) {
2149                 uRateLen = WLAN_RATES_MAXLEN_11B;
2150             }
2151             pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)pBSSList->abySuppRates,
2152                                                     (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2153                                                     uRateLen);
2154             pMgmt->abyCurrExtSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)pBSSList->abyExtSuppRates,
2155                                                     (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates,
2156                                                     uRateLen);
2157             RATEvParseMaxRate( (PVOID)pDevice,
2158                                (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2159                                (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates,
2160                                TRUE,
2161                                &(pMgmt->sNodeDBTable[0].wMaxBasicRate),
2162                                &(pMgmt->sNodeDBTable[0].wMaxSuppRate),
2163                                &(pMgmt->sNodeDBTable[0].wSuppRate),
2164                                &(pMgmt->sNodeDBTable[0].byTopCCKBasicRate),
2165                                &(pMgmt->sNodeDBTable[0].byTopOFDMBasicRate)
2166                               );
2167 #ifdef  PLICE_DEBUG
2168                 //printk("RxBeacon:MaxSuppRate is %d\n",pMgmt->sNodeDBTable[0].wMaxSuppRate);
2169 #endif
2170                         if (bUpdatePhyParameter == TRUE) {
2171                 CARDbSetPhyParameter( pMgmt->pAdapter,
2172                                       pMgmt->eCurrentPHYMode,
2173                                       pMgmt->wCurrCapInfo,
2174                                       pMgmt->byERPContext,
2175                                       pMgmt->abyCurrSuppRates,
2176                                       pMgmt->abyCurrExtSuppRates
2177                                       );
2178             }
2179             if (sFrame.pIE_PowerConstraint != NULL) {
2180                 CARDvSetPowerConstraint(pMgmt->pAdapter,
2181                                         (BYTE) pBSSList->uChannel,
2182                                         sFrame.pIE_PowerConstraint->byPower
2183                                         );
2184             }
2185             if (sFrame.pIE_CHSW != NULL) {
2186                 CARDbChannelSwitch( pMgmt->pAdapter,
2187                                     sFrame.pIE_CHSW->byMode,
2188                                     CARDbyGetChannelMapping(pMgmt->pAdapter, sFrame.pIE_CHSW->byMode, pMgmt->eCurrentPHYMode),
2189                                     sFrame.pIE_CHSW->byCount
2190                                     );
2191
2192             } else if (bIsChannelEqual == FALSE) {
2193                 CARDbSetChannel(pMgmt->pAdapter, pBSSList->uChannel);
2194             }
2195         }
2196     }
2197
2198 //    DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Beacon 2 \n");
2199     // check if CF field exisit
2200     if (WLAN_GET_CAP_INFO_ESS(*sFrame.pwCapInfo)) {
2201         if (sFrame.pCFParms->wCFPDurRemaining > 0) {
2202             // TODO: deal with CFP period to set NAV
2203         };
2204     };
2205
2206     HIDWORD(qwTimestamp) = cpu_to_le32(HIDWORD(*sFrame.pqwTimestamp));
2207     LODWORD(qwTimestamp) = cpu_to_le32(LODWORD(*sFrame.pqwTimestamp));
2208     HIDWORD(qwLocalTSF) = HIDWORD(pRxPacket->qwLocalTSF);
2209     LODWORD(qwLocalTSF) = LODWORD(pRxPacket->qwLocalTSF);
2210
2211     // check if beacon TSF larger or small than our local TSF
2212     if (HIDWORD(qwTimestamp) == HIDWORD(qwLocalTSF)) {
2213         if (LODWORD(qwTimestamp) >= LODWORD(qwLocalTSF)) {
2214             bTSFOffsetPostive = TRUE;
2215         }
2216         else {
2217             bTSFOffsetPostive = FALSE;
2218         }
2219     }
2220     else if (HIDWORD(qwTimestamp) > HIDWORD(qwLocalTSF)) {
2221         bTSFOffsetPostive = TRUE;
2222     }
2223     else if (HIDWORD(qwTimestamp) < HIDWORD(qwLocalTSF)) {
2224         bTSFOffsetPostive = FALSE;
2225     };
2226
2227     if (bTSFOffsetPostive) {
2228         qwTSFOffset = CARDqGetTSFOffset(pRxPacket->byRxRate, (qwTimestamp), (qwLocalTSF));
2229     }
2230     else {
2231         qwTSFOffset = CARDqGetTSFOffset(pRxPacket->byRxRate, (qwLocalTSF), (qwTimestamp));
2232     }
2233
2234     if (HIDWORD(qwTSFOffset) != 0 ||
2235         (LODWORD(qwTSFOffset) > TRIVIAL_SYNC_DIFFERENCE )) {
2236          bTSFLargeDiff = TRUE;
2237     }
2238
2239
2240     // if infra mode
2241     if (bIsAPBeacon == TRUE) {
2242
2243         // Infra mode: Local TSF always follow AP's TSF if Difference huge.
2244         if (bTSFLargeDiff)
2245             bUpdateTSF = TRUE;
2246
2247         if ((pDevice->bEnablePSMode == TRUE) &&(sFrame.pTIM != 0)) {
2248
2249             // deal with DTIM, analysis TIM
2250             pMgmt->bMulticastTIM = WLAN_MGMT_IS_MULTICAST_TIM(sFrame.pTIM->byBitMapCtl) ? TRUE : FALSE ;
2251             pMgmt->byDTIMCount = sFrame.pTIM->byDTIMCount;
2252             pMgmt->byDTIMPeriod = sFrame.pTIM->byDTIMPeriod;
2253             wAIDNumber = pMgmt->wCurrAID & ~(BIT14|BIT15);
2254
2255             // check if AID in TIM field bit on
2256             // wStartIndex = N1
2257             wStartIndex = WLAN_MGMT_GET_TIM_OFFSET(sFrame.pTIM->byBitMapCtl) << 1;
2258             // AIDIndex = N2
2259             wAIDIndex = (wAIDNumber >> 3);
2260             if ((wAIDNumber > 0) && (wAIDIndex >= wStartIndex)) {
2261                 uLocateByteIndex = wAIDIndex - wStartIndex;
2262                 // len = byDTIMCount + byDTIMPeriod + byDTIMPeriod + byVirtBitMap[0~250]
2263                 if (sFrame.pTIM->len >= (uLocateByteIndex + 4)) {
2264                     byTIMBitOn  = (0x01) << ((wAIDNumber) % 8);
2265                     pMgmt->bInTIM = sFrame.pTIM->byVirtBitMap[uLocateByteIndex] & byTIMBitOn ? TRUE : FALSE;
2266                 }
2267                 else {
2268                     pMgmt->bInTIM = FALSE;
2269                 };
2270             }
2271             else {
2272                 pMgmt->bInTIM = FALSE;
2273             };
2274
2275             if (pMgmt->bInTIM ||
2276                 (pMgmt->bMulticastTIM && (pMgmt->byDTIMCount == 0))) {
2277                 pMgmt->bInTIMWake = TRUE;
2278                 // send out ps-poll packet
2279 //                DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN:In TIM\n");
2280                 if (pMgmt->bInTIM) {
2281                     PSvSendPSPOLL((PSDevice)pDevice);
2282 //                    DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN:PS-POLL sent..\n");
2283                 };
2284
2285             }
2286             else {
2287                 pMgmt->bInTIMWake = FALSE;
2288                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN: Not In TIM..\n");
2289                 if (pDevice->bPWBitOn == FALSE) {
2290                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN: Send Null Packet\n");
2291                     if (PSbSendNullPacket(pDevice))
2292                         pDevice->bPWBitOn = TRUE;
2293                 }
2294                 if(PSbConsiderPowerDown(pDevice, FALSE, FALSE)) {
2295                    DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BCN: Power down now...\n");
2296                 };
2297             }
2298
2299         }
2300
2301     }
2302     // if adhoc mode
2303     if ((pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) && !bIsAPBeacon && bIsChannelEqual) {
2304         if (bIsBSSIDEqual) {
2305             // Use sNodeDBTable[0].uInActiveCount as IBSS beacons received count.
2306                     if (pMgmt->sNodeDBTable[0].uInActiveCount != 0)
2307                             pMgmt->sNodeDBTable[0].uInActiveCount = 0;
2308
2309             // adhoc mode:TSF updated only when beacon larger then local TSF
2310             if (bTSFLargeDiff && bTSFOffsetPostive &&
2311                 (pMgmt->eCurrState == WMAC_STATE_JOINTED))
2312                 bUpdateTSF = TRUE;
2313
2314             // During dpc, already in spinlocked.
2315             if (BSSDBbIsSTAInNodeDB(pMgmt, sFrame.pHdr->sA3.abyAddr2, &uNodeIndex)) {
2316
2317                 // Update the STA, (Techically the Beacons of all the IBSS nodes
2318                         // should be identical, but that's not happening in practice.
2319                 pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
2320                                                         (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2321                                                         WLAN_RATES_MAXLEN_11B);
2322                 RATEvParseMaxRate( (PVOID)pDevice,
2323                                    (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2324                                    NULL,
2325                                    TRUE,
2326                                    &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
2327                                    &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
2328                                    &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
2329                                    &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
2330                                    &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
2331                                   );
2332                 pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble = WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo);
2333                 pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime = WLAN_GET_CAP_INFO_SHORTSLOTTIME(*sFrame.pwCapInfo);
2334                 pMgmt->sNodeDBTable[uNodeIndex].uInActiveCount = 0;
2335             }
2336             else {
2337                 // Todo, initial Node content
2338                 BSSvCreateOneNode((PSDevice)pDevice, &uNodeIndex);
2339
2340                 pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
2341                                                         (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2342                                                         WLAN_RATES_MAXLEN_11B);
2343                 RATEvParseMaxRate( (PVOID)pDevice,
2344                                    (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2345                                    NULL,
2346                                    TRUE,
2347                                    &(pMgmt->sNodeDBTable[uNodeIndex].wMaxBasicRate),
2348                                    &(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate),
2349                                    &(pMgmt->sNodeDBTable[uNodeIndex].wSuppRate),
2350                                    &(pMgmt->sNodeDBTable[uNodeIndex].byTopCCKBasicRate),
2351                                    &(pMgmt->sNodeDBTable[uNodeIndex].byTopOFDMBasicRate)
2352                                  );
2353
2354                 memcpy(pMgmt->sNodeDBTable[uNodeIndex].abyMACAddr, sFrame.pHdr->sA3.abyAddr2, WLAN_ADDR_LEN);
2355                 pMgmt->sNodeDBTable[uNodeIndex].bShortPreamble = WLAN_GET_CAP_INFO_SHORTPREAMBLE(*sFrame.pwCapInfo);
2356                 pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate = pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate;
2357 #ifdef  PLICE_DEBUG
2358                 //if (uNodeIndex == 0)
2359                 {
2360                         printk("s_vMgrRxBeacon:TxDataRate is %d,Index is %d\n",pMgmt->sNodeDBTable[uNodeIndex].wTxDataRate,uNodeIndex);
2361                 }
2362 #endif
2363 /*
2364                 pMgmt->sNodeDBTable[uNodeIndex].bShortSlotTime = WLAN_GET_CAP_INFO_SHORTSLOTTIME(*sFrame.pwCapInfo);
2365                 if(pMgmt->sNodeDBTable[uNodeIndex].wMaxSuppRate > RATE_11M)
2366                        pMgmt->sNodeDBTable[uNodeIndex].bERPExist = TRUE;
2367 */
2368             }
2369
2370             // if other stations jointed, indicate connect to upper layer..
2371             if (pMgmt->eCurrState == WMAC_STATE_STARTED) {
2372                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Current IBSS State: [Started]........to: [Jointed] \n");
2373                 pMgmt->eCurrState = WMAC_STATE_JOINTED;
2374                 pDevice->bLinkPass = TRUE;
2375                 if (netif_queue_stopped(pDevice->dev)){
2376                     netif_wake_queue(pDevice->dev);
2377                 }
2378                 pMgmt->sNodeDBTable[0].bActive = TRUE;
2379                 pMgmt->sNodeDBTable[0].uInActiveCount = 0;
2380
2381             };
2382         }
2383         else if (bIsSSIDEqual) {
2384
2385             // See other adhoc sta with the same SSID but BSSID is different.
2386             // adpot this vars only when TSF larger then us.
2387             if (bTSFLargeDiff && bTSFOffsetPostive) {
2388                  // we don't support ATIM under adhoc mode
2389                // if ( sFrame.pIBSSParms->wATIMWindow == 0) {
2390                      // adpot this vars
2391                      // TODO: check sFrame cap if privacy on, and support rate syn
2392                      memcpy(pMgmt->abyCurrBSSID, sFrame.pHdr->sA3.abyAddr3, WLAN_BSSID_LEN);
2393                      memcpy(pDevice->abyBSSID, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
2394                      pMgmt->wCurrATIMWindow = cpu_to_le16(sFrame.pIBSSParms->wATIMWindow);
2395                      pMgmt->wCurrBeaconPeriod = cpu_to_le16(*sFrame.pwBeaconInterval);
2396                      pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)sFrame.pSuppRates,
2397                                                       (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2398                                                       WLAN_RATES_MAXLEN_11B);
2399                      // set HW beacon interval and re-synchronizing....
2400                      DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rejoining to Other Adhoc group with same SSID........\n");
2401                      VNSvOutPortW(pDevice->PortOffset + MAC_REG_BI, pMgmt->wCurrBeaconPeriod);
2402                      CARDbUpdateTSF(pDevice, pRxPacket->byRxRate, qwTimestamp, qwLocalTSF);
2403                      CARDvUpdateNextTBTT(pDevice->PortOffset, qwTimestamp, pMgmt->wCurrBeaconPeriod);
2404                      // Turn off bssid filter to avoid filter others adhoc station which bssid is different.
2405                      MACvWriteBSSIDAddress(pDevice->PortOffset, pMgmt->abyCurrBSSID);
2406
2407                      CARDbSetPhyParameter (  pMgmt->pAdapter,
2408                                             pMgmt->eCurrentPHYMode,
2409                                             pMgmt->wCurrCapInfo,
2410                                             pMgmt->byERPContext,
2411                                             pMgmt->abyCurrSuppRates,
2412                                             pMgmt->abyCurrExtSuppRates);
2413
2414
2415                      // MACvRegBitsOff(pDevice->PortOffset, MAC_REG_RCR, RCR_BSSID);
2416                      // set highest basic rate
2417                      // s_vSetHighestBasicRate(pDevice, (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates);
2418                      // Prepare beacon frame
2419                      bMgrPrepareBeaconToSend((HANDLE)pDevice, pMgmt);
2420               //  }
2421             };
2422         }
2423     };
2424     // endian issue ???
2425     // Update TSF
2426     if (bUpdateTSF) {
2427         CARDbGetCurrentTSF(pDevice->PortOffset, &qwCurrTSF);
2428         CARDbUpdateTSF(pDevice, pRxPacket->byRxRate, qwTimestamp, pRxPacket->qwLocalTSF);
2429         CARDbGetCurrentTSF(pDevice->PortOffset, &qwCurrTSF);
2430         CARDvUpdateNextTBTT(pDevice->PortOffset, qwTimestamp, pMgmt->wCurrBeaconPeriod);
2431     }
2432
2433     return;
2434 }
2435
2436
2437
2438 /*+
2439  *
2440  * Routine Description:
2441  *   Instructs the hw to create a bss using the supplied
2442  *   attributes. Note that this implementation only supports Ad-Hoc
2443  *   BSS creation.
2444  *
2445  *
2446  * Return Value:
2447  *    CMD_STATUS
2448  *
2449 -*/
2450 VOID
2451 vMgrCreateOwnIBSS(
2452     IN  HANDLE hDeviceContext,
2453     OUT PCMD_STATUS pStatus
2454     )
2455 {
2456     PSDevice            pDevice = (PSDevice)hDeviceContext;
2457     PSMgmtObject        pMgmt = pDevice->pMgmt;
2458     WORD                wMaxBasicRate;
2459     WORD                wMaxSuppRate;
2460     BYTE                byTopCCKBasicRate;
2461     BYTE                byTopOFDMBasicRate;
2462     QWORD               qwCurrTSF;
2463     UINT                ii;
2464     BYTE    abyRATE[] = {0x82, 0x84, 0x8B, 0x96, 0x24, 0x30, 0x48, 0x6C, 0x0C, 0x12, 0x18, 0x60};
2465     BYTE    abyCCK_RATE[] = {0x82, 0x84, 0x8B, 0x96};
2466     BYTE    abyOFDM_RATE[] = {0x0C, 0x12, 0x18, 0x24, 0x30, 0x48, 0x60, 0x6C};
2467     WORD                wSuppRate;
2468
2469     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Create Basic Service Set .......\n");
2470
2471     if (pMgmt->eConfigMode == WMAC_CONFIG_IBSS_STA) {
2472         if ((pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) &&
2473             (pDevice->eEncryptionStatus != Ndis802_11Encryption2Enabled) &&
2474             (pDevice->eEncryptionStatus != Ndis802_11Encryption3Enabled)) {
2475             // encryption mode error
2476             *pStatus = CMD_STATUS_FAILURE;
2477             return;
2478         }
2479     }
2480
2481     pMgmt->abyCurrSuppRates[0] = WLAN_EID_SUPP_RATES;
2482     pMgmt->abyCurrExtSuppRates[0] = WLAN_EID_EXTSUPP_RATES;
2483
2484     if (pMgmt->eConfigMode == WMAC_CONFIG_AP) {
2485         pMgmt->eCurrentPHYMode = pMgmt->byAPBBType;
2486     } else {
2487         if (pDevice->byBBType == BB_TYPE_11G)
2488             pMgmt->eCurrentPHYMode = PHY_TYPE_11G;
2489         if (pDevice->byBBType == BB_TYPE_11B)
2490             pMgmt->eCurrentPHYMode = PHY_TYPE_11B;
2491         if (pDevice->byBBType == BB_TYPE_11A)
2492             pMgmt->eCurrentPHYMode = PHY_TYPE_11A;
2493     }
2494
2495     if (pMgmt->eCurrentPHYMode != PHY_TYPE_11A) {
2496         pMgmt->abyCurrSuppRates[1] = WLAN_RATES_MAXLEN_11B;
2497         pMgmt->abyCurrExtSuppRates[1] = 0;
2498         for (ii = 0; ii < 4; ii++)
2499             pMgmt->abyCurrSuppRates[2+ii] = abyRATE[ii];
2500     } else {
2501         pMgmt->abyCurrSuppRates[1] = 8;
2502         pMgmt->abyCurrExtSuppRates[1] = 0;
2503         for (ii = 0; ii < 8; ii++)
2504             pMgmt->abyCurrSuppRates[2+ii] = abyRATE[ii];
2505     }
2506
2507
2508     if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
2509         pMgmt->abyCurrSuppRates[1] = 8;
2510         pMgmt->abyCurrExtSuppRates[1] = 4;
2511         for (ii = 0; ii < 4; ii++)
2512             pMgmt->abyCurrSuppRates[2+ii] =  abyCCK_RATE[ii];
2513         for (ii = 4; ii < 8; ii++)
2514             pMgmt->abyCurrSuppRates[2+ii] =  abyOFDM_RATE[ii-4];
2515         for (ii = 0; ii < 4; ii++)
2516             pMgmt->abyCurrExtSuppRates[2+ii] =  abyOFDM_RATE[ii+4];
2517     }
2518
2519
2520     // Disable Protect Mode
2521     pDevice->bProtectMode = 0;
2522     MACvDisableProtectMD(pDevice->PortOffset);
2523
2524     pDevice->bBarkerPreambleMd = 0;
2525     MACvDisableBarkerPreambleMd(pDevice->PortOffset);
2526
2527     // Kyle Test 2003.11.04
2528
2529     // set HW beacon interval
2530     if (pMgmt->wIBSSBeaconPeriod == 0)
2531         pMgmt->wIBSSBeaconPeriod = DEFAULT_IBSS_BI;
2532
2533
2534     CARDbGetCurrentTSF(pDevice->PortOffset, &qwCurrTSF);
2535     // clear TSF counter
2536     VNSvOutPortB(pDevice->PortOffset + MAC_REG_TFTCTL, TFTCTL_TSFCNTRST);
2537     // enable TSF counter
2538     VNSvOutPortB(pDevice->PortOffset + MAC_REG_TFTCTL, TFTCTL_TSFCNTREN);
2539
2540     // set Next TBTT
2541     CARDvSetFirstNextTBTT(pDevice->PortOffset, pMgmt->wIBSSBeaconPeriod);
2542
2543     pMgmt->uIBSSChannel = pDevice->uChannel;
2544
2545     if (pMgmt->uIBSSChannel == 0)
2546         pMgmt->uIBSSChannel = DEFAULT_IBSS_CHANNEL;
2547
2548
2549     // set basic rate
2550
2551     RATEvParseMaxRate((PVOID)pDevice, (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2552                       (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates, TRUE,
2553                       &wMaxBasicRate, &wMaxSuppRate, &wSuppRate,
2554                       &byTopCCKBasicRate, &byTopOFDMBasicRate);
2555
2556
2557     if (pMgmt->eConfigMode == WMAC_CONFIG_AP) {
2558         pMgmt->eCurrMode = WMAC_MODE_ESS_AP;
2559     }
2560
2561     if (pMgmt->eConfigMode == WMAC_CONFIG_IBSS_STA) {
2562         MEMvCopy(pMgmt->abyIBSSDFSOwner, pDevice->abyCurrentNetAddr, 6);
2563         pMgmt->byIBSSDFSRecovery = 10;
2564         pMgmt->eCurrMode = WMAC_MODE_IBSS_STA;
2565     }
2566
2567     // Adopt pre-configured IBSS vars to current vars
2568     pMgmt->eCurrState = WMAC_STATE_STARTED;
2569     pMgmt->wCurrBeaconPeriod = pMgmt->wIBSSBeaconPeriod;
2570     pMgmt->uCurrChannel = pMgmt->uIBSSChannel;
2571     pMgmt->wCurrATIMWindow = pMgmt->wIBSSATIMWindow;
2572     MACvWriteATIMW(pDevice->PortOffset, pMgmt->wCurrATIMWindow);
2573     pDevice->uCurrRSSI = 0;
2574     pDevice->byCurrSQ = 0;
2575     //memcpy(pMgmt->abyDesireSSID,pMgmt->abyAdHocSSID,
2576                      // ((PWLAN_IE_SSID)pMgmt->abyAdHocSSID)->len + WLAN_IEHDR_LEN);
2577     memset(pMgmt->abyCurrSSID, 0, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN + 1);
2578     memcpy(pMgmt->abyCurrSSID,
2579            pMgmt->abyDesireSSID,
2580            ((PWLAN_IE_SSID)pMgmt->abyDesireSSID)->len + WLAN_IEHDR_LEN
2581           );
2582
2583     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
2584         // AP mode BSSID = MAC addr
2585         memcpy(pMgmt->abyCurrBSSID, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
2586         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO"AP beacon created BSSID:%02x-%02x-%02x-%02x-%02x-%02x \n",
2587                       pMgmt->abyCurrBSSID[0],
2588                       pMgmt->abyCurrBSSID[1],
2589                       pMgmt->abyCurrBSSID[2],
2590                       pMgmt->abyCurrBSSID[3],
2591                       pMgmt->abyCurrBSSID[4],
2592                       pMgmt->abyCurrBSSID[5]
2593                     );
2594     }
2595
2596     if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
2597
2598         // BSSID selected must be randomized as spec 11.1.3
2599         pMgmt->abyCurrBSSID[5] = (BYTE) (LODWORD(qwCurrTSF)& 0x000000ff);
2600         pMgmt->abyCurrBSSID[4] = (BYTE)((LODWORD(qwCurrTSF)& 0x0000ff00) >> 8);
2601         pMgmt->abyCurrBSSID[3] = (BYTE)((LODWORD(qwCurrTSF)& 0x00ff0000) >> 16);
2602         pMgmt->abyCurrBSSID[2] = (BYTE)((LODWORD(qwCurrTSF)& 0x00000ff0) >> 4);
2603         pMgmt->abyCurrBSSID[1] = (BYTE)((LODWORD(qwCurrTSF)& 0x000ff000) >> 12);
2604         pMgmt->abyCurrBSSID[0] = (BYTE)((LODWORD(qwCurrTSF)& 0x0ff00000) >> 20);
2605         pMgmt->abyCurrBSSID[5] ^= pMgmt->abyMACAddr[0];
2606         pMgmt->abyCurrBSSID[4] ^= pMgmt->abyMACAddr[1];
2607         pMgmt->abyCurrBSSID[3] ^= pMgmt->abyMACAddr[2];
2608         pMgmt->abyCurrBSSID[2] ^= pMgmt->abyMACAddr[3];
2609         pMgmt->abyCurrBSSID[1] ^= pMgmt->abyMACAddr[4];
2610         pMgmt->abyCurrBSSID[0] ^= pMgmt->abyMACAddr[5];
2611         pMgmt->abyCurrBSSID[0] &= ~IEEE_ADDR_GROUP;
2612         pMgmt->abyCurrBSSID[0] |= IEEE_ADDR_UNIVERSAL;
2613
2614
2615         DEVICE_PRT(MSG_LEVEL_INFO, KERN_INFO"Adhoc beacon created bssid:%02x-%02x-%02x-%02x-%02x-%02x \n",
2616                       pMgmt->abyCurrBSSID[0],
2617                       pMgmt->abyCurrBSSID[1],
2618                       pMgmt->abyCurrBSSID[2],
2619                       pMgmt->abyCurrBSSID[3],
2620                       pMgmt->abyCurrBSSID[4],
2621                       pMgmt->abyCurrBSSID[5]
2622                     );
2623     }
2624
2625     // Set Capability Info
2626     pMgmt->wCurrCapInfo = 0;
2627
2628     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
2629         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_ESS(1);
2630         pMgmt->byDTIMPeriod = DEFAULT_DTIM_PERIOD;
2631         pMgmt->byDTIMCount = pMgmt->byDTIMPeriod - 1;
2632     }
2633
2634     if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
2635         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_IBSS(1);
2636     }
2637
2638     if (pDevice->bEncryptionEnable) {
2639         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_PRIVACY(1);
2640         if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
2641             if (pDevice->eEncryptionStatus == Ndis802_11Encryption3Enabled) {
2642                 pMgmt->byCSSPK = KEY_CTL_CCMP;
2643                 pMgmt->byCSSGK = KEY_CTL_CCMP;
2644             } else if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled) {
2645                 pMgmt->byCSSPK = KEY_CTL_TKIP;
2646                 pMgmt->byCSSGK = KEY_CTL_TKIP;
2647             } else {
2648                 pMgmt->byCSSPK = KEY_CTL_NONE;
2649                 pMgmt->byCSSGK = KEY_CTL_WEP;
2650             }
2651         } else {
2652             pMgmt->byCSSPK = KEY_CTL_WEP;
2653             pMgmt->byCSSGK = KEY_CTL_WEP;
2654         }
2655     };
2656
2657     pMgmt->byERPContext = 0;
2658
2659 //    memcpy(pDevice->abyBSSID, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
2660
2661     if (pMgmt->eConfigMode == WMAC_CONFIG_AP) {
2662         CARDbSetBSSID(pMgmt->pAdapter, pMgmt->abyCurrBSSID, OP_MODE_AP);
2663     } else {
2664         CARDbSetBSSID(pMgmt->pAdapter, pMgmt->abyCurrBSSID, OP_MODE_ADHOC);
2665     }
2666
2667     CARDbSetPhyParameter(   pMgmt->pAdapter,
2668                             pMgmt->eCurrentPHYMode,
2669                             pMgmt->wCurrCapInfo,
2670                             pMgmt->byERPContext,
2671                             pMgmt->abyCurrSuppRates,
2672                             pMgmt->abyCurrExtSuppRates
2673                             );
2674
2675     CARDbSetBeaconPeriod(pMgmt->pAdapter, pMgmt->wIBSSBeaconPeriod);
2676     // set channel and clear NAV
2677     CARDbSetChannel(pMgmt->pAdapter, pMgmt->uIBSSChannel);
2678     pMgmt->uCurrChannel = pMgmt->uIBSSChannel;
2679
2680     if (CARDbIsShortPreamble(pMgmt->pAdapter)) {
2681         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SHORTPREAMBLE(1);
2682     } else {
2683         pMgmt->wCurrCapInfo &= (~WLAN_SET_CAP_INFO_SHORTPREAMBLE(1));
2684     }
2685
2686     if ((pMgmt->b11hEnable == TRUE) &&
2687         (pMgmt->eCurrentPHYMode == PHY_TYPE_11A)) {
2688         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_SPECTRUMMNG(1);
2689     } else {
2690         pMgmt->wCurrCapInfo &= (~WLAN_SET_CAP_INFO_SPECTRUMMNG(1));
2691     }
2692
2693     pMgmt->eCurrState = WMAC_STATE_STARTED;
2694     // Prepare beacon to send
2695     if (bMgrPrepareBeaconToSend((HANDLE)pDevice, pMgmt)) {
2696         *pStatus = CMD_STATUS_SUCCESS;
2697     }
2698
2699     return ;
2700 }
2701
2702
2703
2704 /*+
2705  *
2706  * Routine Description:
2707  *   Instructs wmac to join a bss using the supplied attributes.
2708  *   The arguments may the BSSID or SSID and the rest of the
2709  *   attributes are obtained from the scan result of known bss list.
2710  *
2711  *
2712  * Return Value:
2713  *    None.
2714  *
2715 -*/
2716
2717 VOID
2718 vMgrJoinBSSBegin(
2719     IN  HANDLE hDeviceContext,
2720     OUT PCMD_STATUS pStatus
2721     )
2722 {
2723
2724     PSDevice     pDevice = (PSDevice)hDeviceContext;
2725     PSMgmtObject    pMgmt = pDevice->pMgmt;
2726     PKnownBSS       pCurr = NULL;
2727     UINT            ii, uu;
2728     PWLAN_IE_SUPP_RATES pItemRates = NULL;
2729     PWLAN_IE_SUPP_RATES pItemExtRates = NULL;
2730     PWLAN_IE_SSID   pItemSSID;
2731     UINT            uRateLen = WLAN_RATES_MAXLEN;
2732     WORD            wMaxBasicRate = RATE_1M;
2733     WORD            wMaxSuppRate = RATE_1M;
2734     WORD            wSuppRate;
2735     BYTE            byTopCCKBasicRate = RATE_1M;
2736     BYTE            byTopOFDMBasicRate = RATE_1M;
2737
2738
2739     for (ii = 0; ii < MAX_BSS_NUM; ii++) {
2740         if (pMgmt->sBSSList[ii].bActive == TRUE)
2741             break;
2742     }
2743
2744     if (ii == MAX_BSS_NUM) {
2745        *pStatus = CMD_STATUS_RESOURCES;
2746         DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "BSS finding:BSS list is empty.\n");
2747        return;
2748     };
2749
2750     // memset(pMgmt->abyDesireBSSID, 0,  WLAN_BSSID_LEN);
2751     // Search known BSS list for prefer BSSID or SSID
2752
2753     pCurr = BSSpSearchBSSList(pDevice,
2754                               pMgmt->abyDesireBSSID,
2755                               pMgmt->abyDesireSSID,
2756                               pMgmt->eConfigPHYMode
2757                               );
2758
2759     if (pCurr == NULL){
2760        *pStatus = CMD_STATUS_RESOURCES;
2761        pItemSSID = (PWLAN_IE_SSID)pMgmt->abyDesireSSID;
2762        DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Scanning [%s] not found, disconnected !\n", pItemSSID->abySSID);
2763        return;
2764     };
2765
2766     DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "AP(BSS) finding:Found a AP(BSS)..\n");
2767     if (WLAN_GET_CAP_INFO_ESS(cpu_to_le16(pCurr->wCapInfo))){
2768
2769         if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA)||(pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK)) {
2770
2771     // patch for CISCO migration mode
2772 /*
2773             if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled) {
2774                 if (WPA_SearchRSN(0, WPA_TKIP, pCurr) == FALSE) {
2775                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"No match RSN info. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
2776                     // encryption mode error
2777                     pMgmt->eCurrState = WMAC_STATE_IDLE;
2778                     return;
2779                 }
2780             } else if (pDevice->eEncryptionStatus == Ndis802_11Encryption3Enabled) {
2781                 if (WPA_SearchRSN(0, WPA_AESCCMP, pCurr) == FALSE) {
2782                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"No match RSN info. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
2783                     // encryption mode error
2784                     pMgmt->eCurrState = WMAC_STATE_IDLE;
2785                     return;
2786                 }
2787             }
2788 */
2789         }
2790
2791 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
2792         //if(pDevice->bWPASuppWextEnabled == TRUE)
2793             Encyption_Rebuild(pDevice, pCurr);
2794 #endif
2795         // Infrastructure BSS
2796         s_vMgrSynchBSS(pDevice,
2797                        WMAC_MODE_ESS_STA,
2798                        pCurr,
2799                        pStatus
2800                        );
2801
2802         if (*pStatus == CMD_STATUS_SUCCESS){
2803
2804             // Adopt this BSS state vars in Mgmt Object
2805             pMgmt->uCurrChannel = pCurr->uChannel;
2806
2807             memset(pMgmt->abyCurrSuppRates, 0 , WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1);
2808             memset(pMgmt->abyCurrExtSuppRates, 0 , WLAN_IEHDR_LEN + WLAN_RATES_MAXLEN + 1);
2809
2810             if (pCurr->eNetworkTypeInUse == PHY_TYPE_11B) {
2811                 uRateLen = WLAN_RATES_MAXLEN_11B;
2812             }
2813
2814             pItemRates = (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates;
2815             pItemExtRates = (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates;
2816
2817             // Parse Support Rate IE
2818             pItemRates->byElementID = WLAN_EID_SUPP_RATES;
2819             pItemRates->len = RATEuSetIE((PWLAN_IE_SUPP_RATES)pCurr->abySuppRates,
2820                                          pItemRates,
2821                                          uRateLen);
2822
2823             // Parse Extension Support Rate IE
2824             pItemExtRates->byElementID = WLAN_EID_EXTSUPP_RATES;
2825             pItemExtRates->len = RATEuSetIE((PWLAN_IE_SUPP_RATES)pCurr->abyExtSuppRates,
2826                                             pItemExtRates,
2827                                             uRateLen);
2828             // Stuffing Rate IE
2829             if ((pItemExtRates->len > 0) && (pItemRates->len < 8)) {
2830                 for (ii = 0; ii < (UINT)(8 - pItemRates->len); ) {
2831                     pItemRates->abyRates[pItemRates->len + ii] = pItemExtRates->abyRates[ii];
2832                     ii ++;
2833                     if (pItemExtRates->len <= ii)
2834                         break;
2835                 }
2836                 pItemRates->len += (BYTE)ii;
2837                 if (pItemExtRates->len - ii > 0) {
2838                     pItemExtRates->len -= (BYTE)ii;
2839                     for (uu = 0; uu < pItemExtRates->len; uu ++) {
2840                         pItemExtRates->abyRates[uu] = pItemExtRates->abyRates[uu + ii];
2841                     }
2842                 } else {
2843                     pItemExtRates->len = 0;
2844                 }
2845             }
2846
2847             RATEvParseMaxRate((PVOID)pDevice, pItemRates, pItemExtRates, TRUE,
2848                               &wMaxBasicRate, &wMaxSuppRate, &wSuppRate,
2849                               &byTopCCKBasicRate, &byTopOFDMBasicRate);
2850
2851             // TODO: deal with if wCapInfo the privacy is on, but station WEP is off
2852             // TODO: deal with if wCapInfo the PS-Pollable is on.
2853             pMgmt->wCurrBeaconPeriod = pCurr->wBeaconInterval;
2854             memset(pMgmt->abyCurrSSID, 0, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN + 1);
2855             memcpy(pMgmt->abyCurrBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2856             memcpy(pMgmt->abyCurrSSID, pCurr->abySSID, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN + 1);
2857
2858             pMgmt->eCurrMode = WMAC_MODE_ESS_STA;
2859
2860             pMgmt->eCurrState = WMAC_STATE_JOINTED;
2861             // Adopt BSS state in Adapter Device Object
2862             //pDevice->byOpMode = OP_MODE_INFRASTRUCTURE;
2863 //            memcpy(pDevice->abyBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2864
2865             // Add current BSS to Candidate list
2866             // This should only works for WPA2 BSS, and WPA2 BSS check must be done before.
2867             if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
2868                 BOOL bResult = bAdd_PMKID_Candidate((HANDLE)pDevice, pMgmt->abyCurrBSSID, &pCurr->sRSNCapObj);
2869                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"bAdd_PMKID_Candidate: 1(%d)\n", bResult);
2870                 if (bResult == FALSE) {
2871                     vFlush_PMKID_Candidate((HANDLE)pDevice);
2872                     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"vFlush_PMKID_Candidate: 4\n");
2873                     bAdd_PMKID_Candidate((HANDLE)pDevice, pMgmt->abyCurrBSSID, &pCurr->sRSNCapObj);
2874                 }
2875             }
2876
2877             // Preamble type auto-switch: if AP can receive short-preamble cap,
2878             // we can turn on too.
2879
2880             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Join ESS\n");
2881
2882
2883
2884             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"End of Join AP -- A/B/G Action\n");
2885         }
2886         else {
2887             pMgmt->eCurrState = WMAC_STATE_IDLE;
2888         };
2889
2890
2891      }
2892      else {
2893         // ad-hoc mode BSS
2894         if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
2895
2896             if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled) {
2897                 if (WPA_SearchRSN(0, WPA_TKIP, pCurr) == FALSE) {
2898                     // encryption mode error
2899                     pMgmt->eCurrState = WMAC_STATE_IDLE;
2900                     return;
2901                 }
2902             } else if (pDevice->eEncryptionStatus == Ndis802_11Encryption3Enabled) {
2903                 if (WPA_SearchRSN(0, WPA_AESCCMP, pCurr) == FALSE) {
2904                     // encryption mode error
2905                     pMgmt->eCurrState = WMAC_STATE_IDLE;
2906                     return;
2907                 }
2908             } else {
2909                 // encryption mode error
2910                 pMgmt->eCurrState = WMAC_STATE_IDLE;
2911                 return;
2912             }
2913         }
2914
2915         s_vMgrSynchBSS(pDevice,
2916                        WMAC_MODE_IBSS_STA,
2917                        pCurr,
2918                        pStatus
2919                        );
2920
2921         if (*pStatus == CMD_STATUS_SUCCESS){
2922             // Adopt this BSS state vars in Mgmt Object
2923             // TODO: check if CapInfo privacy on, but we don't..
2924             pMgmt->uCurrChannel = pCurr->uChannel;
2925
2926
2927             // Parse Support Rate IE
2928             pMgmt->abyCurrSuppRates[0] = WLAN_EID_SUPP_RATES;
2929             pMgmt->abyCurrSuppRates[1] = RATEuSetIE((PWLAN_IE_SUPP_RATES)pCurr->abySuppRates,
2930                                                     (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2931                                                     WLAN_RATES_MAXLEN_11B);
2932             // set basic rate
2933             RATEvParseMaxRate((PVOID)pDevice, (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
2934                               NULL, TRUE, &wMaxBasicRate, &wMaxSuppRate, &wSuppRate,
2935                               &byTopCCKBasicRate, &byTopOFDMBasicRate);
2936
2937             pMgmt->wCurrCapInfo = pCurr->wCapInfo;
2938             pMgmt->wCurrBeaconPeriod = pCurr->wBeaconInterval;
2939             memset(pMgmt->abyCurrSSID, 0, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN);
2940             memcpy(pMgmt->abyCurrBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2941             memcpy(pMgmt->abyCurrSSID, pCurr->abySSID, WLAN_IEHDR_LEN + WLAN_SSID_MAXLEN);
2942 //          pMgmt->wCurrATIMWindow = pCurr->wATIMWindow;
2943             MACvWriteATIMW(pDevice->PortOffset, pMgmt->wCurrATIMWindow);
2944             pMgmt->eCurrMode = WMAC_MODE_IBSS_STA;
2945
2946             pMgmt->eCurrState = WMAC_STATE_STARTED;
2947             // Adopt BSS state in Adapter Device Object
2948             //pDevice->byOpMode = OP_MODE_ADHOC;
2949 //            pDevice->bLinkPass = TRUE;
2950 //            memcpy(pDevice->abyBSSID, pCurr->abyBSSID, WLAN_BSSID_LEN);
2951
2952             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Join IBSS ok:%02x-%02x-%02x-%02x-%02x-%02x \n",
2953                   pMgmt->abyCurrBSSID[0],
2954                   pMgmt->abyCurrBSSID[1],
2955                   pMgmt->abyCurrBSSID[2],
2956                   pMgmt->abyCurrBSSID[3],
2957                   pMgmt->abyCurrBSSID[4],
2958                   pMgmt->abyCurrBSSID[5]
2959                 );
2960             // Preamble type auto-switch: if AP can receive short-preamble cap,
2961             // and if registry setting is short preamble we can turn on too.
2962
2963             // Prepare beacon
2964             bMgrPrepareBeaconToSend((HANDLE)pDevice, pMgmt);
2965         }
2966         else {
2967             pMgmt->eCurrState = WMAC_STATE_IDLE;
2968         };
2969      };
2970     return;
2971 }
2972
2973
2974
2975 /*+
2976  *
2977  * Routine Description:
2978  * Set HW to synchronize a specific BSS from known BSS list.
2979  *
2980  *
2981  * Return Value:
2982  *    PCM_STATUS
2983  *
2984 -*/
2985 static
2986 VOID
2987 s_vMgrSynchBSS (
2988     IN PSDevice      pDevice,
2989     IN UINT          uBSSMode,
2990     IN PKnownBSS     pCurr,
2991     OUT PCMD_STATUS  pStatus
2992     )
2993 {
2994     CARD_PHY_TYPE   ePhyType = PHY_TYPE_11B;
2995     PSMgmtObject  pMgmt = pDevice->pMgmt;
2996 //    int     ii;
2997                                                      //1M,   2M,   5M,   11M,  18M,  24M,  36M,  54M
2998     BYTE abyCurrSuppRatesG[] = {WLAN_EID_SUPP_RATES, 8, 0x02, 0x04, 0x0B, 0x16, 0x24, 0x30, 0x48, 0x6C};
2999     BYTE abyCurrExtSuppRatesG[] = {WLAN_EID_EXTSUPP_RATES, 4, 0x0C, 0x12, 0x18, 0x60};
3000                                                            //6M,   9M,   12M,  48M
3001     BYTE abyCurrSuppRatesA[] = {WLAN_EID_SUPP_RATES, 8, 0x0C, 0x12, 0x18, 0x24, 0x30, 0x48, 0x60, 0x6C};
3002     BYTE abyCurrSuppRatesB[] = {WLAN_EID_SUPP_RATES, 4, 0x02, 0x04, 0x0B, 0x16};
3003
3004
3005     *pStatus = CMD_STATUS_FAILURE;
3006
3007     if (s_bCipherMatch(pCurr,
3008                        pDevice->eEncryptionStatus,
3009                        &(pMgmt->byCSSPK),
3010                        &(pMgmt->byCSSGK)) == FALSE) {
3011         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "s_bCipherMatch Fail .......\n");
3012         return;
3013     }
3014
3015     pMgmt->pCurrBSS = pCurr;
3016
3017     // if previous mode is IBSS.
3018     if(pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
3019         MACvRegBitsOff(pDevice->PortOffset, MAC_REG_BCNDMACTL, BEACON_READY);
3020         MACvRegBitsOff(pDevice->PortOffset, MAC_REG_TCR, TCR_AUTOBCNTX);
3021     }
3022
3023     // Init the BSS informations
3024     pDevice->bCCK = TRUE;
3025     pDevice->bProtectMode = FALSE;
3026     MACvDisableProtectMD(pDevice->PortOffset);
3027     pDevice->bBarkerPreambleMd = FALSE;
3028     MACvDisableBarkerPreambleMd(pDevice->PortOffset);
3029     pDevice->bNonERPPresent = FALSE;
3030     pDevice->byPreambleType = 0;
3031     pDevice->wBasicRate = 0;
3032     // Set Basic Rate
3033     CARDbAddBasicRate((PVOID)pDevice, RATE_1M);
3034     // calculate TSF offset
3035     // TSF Offset = Received Timestamp TSF - Marked Local's TSF
3036     CARDbUpdateTSF(pDevice, pCurr->byRxRate, pCurr->qwBSSTimestamp, pCurr->qwLocalTSF);
3037
3038     CARDbSetBeaconPeriod(pDevice, pCurr->wBeaconInterval);
3039
3040     // set Next TBTT
3041     // Next TBTT = ((local_current_TSF / beacon_interval) + 1 ) * beacon_interval
3042     CARDvSetFirstNextTBTT(pDevice->PortOffset, pCurr->wBeaconInterval);
3043
3044     // set BSSID
3045     MACvWriteBSSIDAddress(pDevice->PortOffset, pCurr->abyBSSID);
3046
3047     MACvReadBSSIDAddress(pDevice->PortOffset, pMgmt->abyCurrBSSID);
3048
3049     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Sync:set CurrBSSID address = %02x-%02x-%02x=%02x-%02x-%02x\n",
3050         pMgmt->abyCurrBSSID[0],
3051         pMgmt->abyCurrBSSID[1],
3052         pMgmt->abyCurrBSSID[2],
3053         pMgmt->abyCurrBSSID[3],
3054         pMgmt->abyCurrBSSID[4],
3055         pMgmt->abyCurrBSSID[5]);
3056
3057     if (pCurr->eNetworkTypeInUse == PHY_TYPE_11A) {
3058         if ((pMgmt->eConfigPHYMode == PHY_TYPE_11A) ||
3059             (pMgmt->eConfigPHYMode == PHY_TYPE_AUTO)) {
3060             ePhyType = PHY_TYPE_11A;
3061         } else {
3062             return;
3063         }
3064     } else if (pCurr->eNetworkTypeInUse == PHY_TYPE_11B) {
3065         if ((pMgmt->eConfigPHYMode == PHY_TYPE_11B) ||
3066             (pMgmt->eConfigPHYMode == PHY_TYPE_11G) ||
3067             (pMgmt->eConfigPHYMode == PHY_TYPE_AUTO)) {
3068             ePhyType = PHY_TYPE_11B;
3069         } else {
3070             return;
3071         }
3072     } else {
3073         if ((pMgmt->eConfigPHYMode == PHY_TYPE_11G) ||
3074             (pMgmt->eConfigPHYMode == PHY_TYPE_AUTO)) {
3075             ePhyType = PHY_TYPE_11G;
3076         } else if (pMgmt->eConfigPHYMode == PHY_TYPE_11B) {
3077             ePhyType = PHY_TYPE_11B;
3078         } else {
3079             return;
3080         }
3081     }
3082
3083     if (ePhyType == PHY_TYPE_11A) {
3084         MEMvCopy(pMgmt->abyCurrSuppRates, &abyCurrSuppRatesA[0], sizeof(abyCurrSuppRatesA));
3085         pMgmt->abyCurrExtSuppRates[1] = 0;
3086     } else if (ePhyType == PHY_TYPE_11B) {
3087         MEMvCopy(pMgmt->abyCurrSuppRates, &abyCurrSuppRatesB[0], sizeof(abyCurrSuppRatesB));
3088         pMgmt->abyCurrExtSuppRates[1] = 0;
3089     } else {
3090         MEMvCopy(pMgmt->abyCurrSuppRates, &abyCurrSuppRatesG[0], sizeof(abyCurrSuppRatesG));
3091         MEMvCopy(pMgmt->abyCurrExtSuppRates, &abyCurrExtSuppRatesG[0], sizeof(abyCurrExtSuppRatesG));
3092     }
3093
3094
3095     if (WLAN_GET_CAP_INFO_ESS(pCurr->wCapInfo)) {
3096         CARDbSetBSSID(pMgmt->pAdapter, pCurr->abyBSSID, OP_MODE_INFRASTRUCTURE);
3097         // Add current BSS to Candidate list
3098         // This should only works for WPA2 BSS, and WPA2 BSS check must be done before.
3099         if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
3100             CARDbAdd_PMKID_Candidate(pMgmt->pAdapter, pMgmt->abyCurrBSSID, pCurr->sRSNCapObj.bRSNCapExist, pCurr->sRSNCapObj.wRSNCap);
3101         }
3102     } else {
3103         CARDbSetBSSID(pMgmt->pAdapter, pCurr->abyBSSID, OP_MODE_ADHOC);
3104     }
3105
3106     if (CARDbSetPhyParameter(   pMgmt->pAdapter,
3107                                 ePhyType,
3108                                 pCurr->wCapInfo,
3109                                 pCurr->sERP.byERP,
3110                                 pMgmt->abyCurrSuppRates,
3111                                 pMgmt->abyCurrExtSuppRates
3112                             ) != TRUE) {
3113         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "<----s_bSynchBSS Set Phy Mode Fail [%d]\n", ePhyType);
3114         return;
3115     }
3116     // set channel and clear NAV
3117     if (CARDbSetChannel(pMgmt->pAdapter, pCurr->uChannel) == FALSE) {
3118         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "<----s_bSynchBSS Set Channel [%d]\n", pCurr->uChannel);
3119         return;
3120     }
3121
3122 /*
3123     for (ii=0;ii<BB_VGA_LEVEL;ii++) {
3124         if (pCurr->ldBmMAX< pDevice->ldBmThreshold[ii]) {
3125             pDevice->byBBVGANew = pDevice->abyBBVGA[ii];
3126             break;
3127         }
3128     }
3129
3130     if (pDevice->byBBVGANew != pDevice->byBBVGACurrent) {
3131         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RSSI[%d] NewGain[%d] OldGain[%d] \n",
3132                         (int)pCurr->ldBmMAX, pDevice->byBBVGANew, pDevice->byBBVGACurrent);
3133         printk("RSSI[%d] NewGain[%d] OldGain[%d] \n",
3134                         (int)pCurr->ldBmMAX, pDevice->byBBVGANew, pDevice->byBBVGACurrent);
3135         BBvSetVGAGainOffset(pDevice, pDevice->byBBVGANew);
3136     }
3137     printk("ldBmMAX[%d] NewGain[%d] OldGain[%d] \n",
3138            (int)pCurr->ldBmMAX, pDevice->byBBVGANew, pDevice->byBBVGACurrent);
3139 */
3140     pMgmt->uCurrChannel = pCurr->uChannel;
3141     pMgmt->eCurrentPHYMode = ePhyType;
3142     pMgmt->byERPContext = pCurr->sERP.byERP;
3143     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Sync:Set to channel = [%d]\n", (INT)pCurr->uChannel);
3144
3145
3146     *pStatus = CMD_STATUS_SUCCESS;
3147
3148
3149     return;
3150 };
3151
3152 //mike add: fix NetworkManager 0.7.0 hidden ssid mode in WPA encryption
3153 //                   ,need reset eAuthenMode and eEncryptionStatus
3154  static VOID  Encyption_Rebuild(
3155     IN PSDevice pDevice,
3156     IN PKnownBSS pCurr
3157  )
3158  {
3159   PSMgmtObject  pMgmt = &(pDevice->sMgmtObj);
3160  // UINT            ii , uSameBssidNum=0;
3161
3162         //  for (ii = 0; ii < MAX_BSS_NUM; ii++) {
3163           //   if (pMgmt->sBSSList[ii].bActive &&
3164             //      IS_ETH_ADDRESS_EQUAL(pMgmt->sBSSList[ii].abyBSSID, pCurr->abyBSSID)) {
3165              //       uSameBssidNum++;
3166                //   }
3167            // }
3168   //   if( uSameBssidNum>=2) {   //we only check AP in hidden sssid  mode
3169         if ((pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||           //networkmanager 0.7.0 does not give the pairwise-key selsection,
3170              (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {         // so we need re-selsect it according to real pairwise-key info.
3171                if(pCurr->bWPAValid == TRUE)  {   //WPA-PSK
3172                           pMgmt->eAuthenMode = WMAC_AUTH_WPAPSK;
3173                     if(pCurr->abyPKType[0] == WPA_TKIP) {
3174                         pDevice->eEncryptionStatus = Ndis802_11Encryption2Enabled;    //TKIP
3175                         printk("Encyption_Rebuild--->ssid reset config to [WPAPSK-TKIP]\n");
3176                       }
3177                    else if(pCurr->abyPKType[0] == WPA_AESCCMP) {
3178                         pDevice->eEncryptionStatus = Ndis802_11Encryption3Enabled;    //AES
3179                           printk("Encyption_Rebuild--->ssid reset config to [WPAPSK-AES]\n");
3180                      }
3181                 }
3182                else if(pCurr->bWPA2Valid == TRUE) {  //WPA2-PSK
3183                          pMgmt->eAuthenMode = WMAC_AUTH_WPA2PSK;
3184                        if(pCurr->abyCSSPK[0] == WLAN_11i_CSS_TKIP) {
3185                            pDevice->eEncryptionStatus = Ndis802_11Encryption2Enabled;     //TKIP
3186                              printk("Encyption_Rebuild--->ssid reset config to [WPA2PSK-TKIP]\n");
3187                         }
3188                        else if(pCurr->abyCSSPK[0] == WLAN_11i_CSS_CCMP) {
3189                            pDevice->eEncryptionStatus = Ndis802_11Encryption3Enabled;    //AES
3190                             printk("Encyption_Rebuild--->ssid reset config to [WPA2PSK-AES]\n");
3191                         }
3192                 }
3193               }
3194         //  }
3195       return;
3196  }
3197
3198
3199 /*+
3200  *
3201  * Routine Description:
3202  *  Format TIM field
3203  *
3204  *
3205  * Return Value:
3206  *    VOID
3207  *
3208 -*/
3209
3210 static
3211 VOID
3212 s_vMgrFormatTIM(
3213     IN PSMgmtObject pMgmt,
3214     IN PWLAN_IE_TIM pTIM
3215     )
3216 {
3217     BYTE        byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
3218     BYTE        byMap;
3219     UINT        ii, jj;
3220     BOOL        bStartFound = FALSE;
3221     BOOL        bMulticast = FALSE;
3222     WORD        wStartIndex = 0;
3223     WORD        wEndIndex = 0;
3224
3225
3226     // Find size of partial virtual bitmap
3227     for (ii = 0; ii < (MAX_NODE_NUM + 1); ii++) {
3228         byMap = pMgmt->abyPSTxMap[ii];
3229         if (!ii) {
3230             // Mask out the broadcast bit which is indicated separately.
3231             bMulticast = (byMap & byMask[0]) != 0;
3232             if(bMulticast) {
3233                pMgmt->sNodeDBTable[0].bRxPSPoll = TRUE;
3234             }
3235             byMap = 0;
3236         }
3237         if (byMap) {
3238             if (!bStartFound) {
3239                 bStartFound = TRUE;
3240                 wStartIndex = ii;
3241             }
3242             wEndIndex = ii;
3243         }
3244     };
3245
3246
3247     // Round start index down to nearest even number
3248     wStartIndex &=  ~BIT0;
3249
3250     // Round end index up to nearest even number
3251     wEndIndex = ((wEndIndex + 1) & ~BIT0);
3252
3253     // Size of element payload
3254
3255     pTIM->len =  3 + (wEndIndex - wStartIndex) + 1;
3256
3257     // Fill in the Fixed parts of the TIM
3258     pTIM->byDTIMCount = pMgmt->byDTIMCount;
3259     pTIM->byDTIMPeriod = pMgmt->byDTIMPeriod;
3260     pTIM->byBitMapCtl = (bMulticast ? TIM_MULTICAST_MASK : 0) |
3261         (((wStartIndex >> 1) << 1) & TIM_BITMAPOFFSET_MASK);
3262
3263     // Append variable part of TIM
3264
3265     for (ii = wStartIndex, jj =0 ; ii <= wEndIndex; ii++, jj++) {
3266          pTIM->byVirtBitMap[jj] = pMgmt->abyPSTxMap[ii];
3267     }
3268
3269     // Aid = 0 don't used.
3270     pTIM->byVirtBitMap[0]  &= ~BIT0;
3271 }
3272
3273
3274 /*+
3275  *
3276  * Routine Description:
3277  *  Constructs an Beacon frame( Ad-hoc mode)
3278  *
3279  *
3280  * Return Value:
3281  *    PTR to frame; or NULL on allocation failue
3282  *
3283 -*/
3284
3285 static
3286 PSTxMgmtPacket
3287 s_MgrMakeBeacon(
3288     IN PSDevice pDevice,
3289     IN PSMgmtObject pMgmt,
3290     IN WORD wCurrCapInfo,
3291     IN WORD wCurrBeaconPeriod,
3292     IN UINT uCurrChannel,
3293     IN WORD wCurrATIMWinodw,
3294     IN PWLAN_IE_SSID pCurrSSID,
3295     IN PBYTE pCurrBSSID,
3296     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
3297     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
3298     )
3299 {
3300     PSTxMgmtPacket      pTxPacket = NULL;
3301     WLAN_FR_BEACON      sFrame;
3302     BYTE                abyBroadcastAddr[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
3303     PBYTE               pbyBuffer;
3304     UINT                uLength = 0;
3305     PWLAN_IE_IBSS_DFS   pIBSSDFS = NULL;
3306     UINT                ii;
3307
3308     // prepare beacon frame
3309     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3310     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_BEACON_FR_MAXLEN);
3311     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3312     // Setup the sFrame structure.
3313     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3314     sFrame.len = WLAN_BEACON_FR_MAXLEN;
3315     vMgrEncodeBeacon(&sFrame);
3316     // Setup the header
3317     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
3318         (
3319         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
3320         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_BEACON)
3321         ));
3322
3323     if (pDevice->bEnablePSMode) {
3324         sFrame.pHdr->sA3.wFrameCtl |= cpu_to_le16((WORD)WLAN_SET_FC_PWRMGT(1));
3325     }
3326
3327     memcpy( sFrame.pHdr->sA3.abyAddr1, abyBroadcastAddr, WLAN_ADDR_LEN);
3328     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
3329     memcpy( sFrame.pHdr->sA3.abyAddr3, pCurrBSSID, WLAN_BSSID_LEN);
3330     *sFrame.pwBeaconInterval = cpu_to_le16(wCurrBeaconPeriod);
3331     *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
3332     // Copy SSID
3333     sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
3334     sFrame.len += ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len + WLAN_IEHDR_LEN;
3335     memcpy(sFrame.pSSID,
3336              pCurrSSID,
3337              ((PWLAN_IE_SSID)pCurrSSID)->len + WLAN_IEHDR_LEN
3338             );
3339     // Copy the rate set
3340     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3341     sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
3342     memcpy(sFrame.pSuppRates,
3343            pCurrSuppRates,
3344            ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
3345           );
3346     // DS parameter
3347     if (pDevice->eCurrentPHYType != PHY_TYPE_11A) {
3348         sFrame.pDSParms = (PWLAN_IE_DS_PARMS)(sFrame.pBuf + sFrame.len);
3349         sFrame.len += (1) + WLAN_IEHDR_LEN;
3350         sFrame.pDSParms->byElementID = WLAN_EID_DS_PARMS;
3351         sFrame.pDSParms->len = 1;
3352         sFrame.pDSParms->byCurrChannel = (BYTE)uCurrChannel;
3353     }
3354     // TIM field
3355     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
3356         sFrame.pTIM = (PWLAN_IE_TIM)(sFrame.pBuf + sFrame.len);
3357         sFrame.pTIM->byElementID = WLAN_EID_TIM;
3358         s_vMgrFormatTIM(pMgmt, sFrame.pTIM);
3359         sFrame.len += (WLAN_IEHDR_LEN + sFrame.pTIM->len);
3360     }
3361
3362     if (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) {
3363
3364         // IBSS parameter
3365         sFrame.pIBSSParms = (PWLAN_IE_IBSS_PARMS)(sFrame.pBuf + sFrame.len);
3366         sFrame.len += (2) + WLAN_IEHDR_LEN;
3367         sFrame.pIBSSParms->byElementID = WLAN_EID_IBSS_PARMS;
3368         sFrame.pIBSSParms->len = 2;
3369         sFrame.pIBSSParms->wATIMWindow = wCurrATIMWinodw;
3370         if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
3371             /* RSN parameter */
3372             sFrame.pRSNWPA = (PWLAN_IE_RSN_EXT)(sFrame.pBuf + sFrame.len);
3373             sFrame.pRSNWPA->byElementID = WLAN_EID_RSN_WPA;
3374             sFrame.pRSNWPA->len = 12;
3375             sFrame.pRSNWPA->abyOUI[0] = 0x00;
3376             sFrame.pRSNWPA->abyOUI[1] = 0x50;
3377             sFrame.pRSNWPA->abyOUI[2] = 0xf2;
3378             sFrame.pRSNWPA->abyOUI[3] = 0x01;
3379             sFrame.pRSNWPA->wVersion = 1;
3380             sFrame.pRSNWPA->abyMulticast[0] = 0x00;
3381             sFrame.pRSNWPA->abyMulticast[1] = 0x50;
3382             sFrame.pRSNWPA->abyMulticast[2] = 0xf2;
3383             if (pDevice->eEncryptionStatus == Ndis802_11Encryption3Enabled)
3384                 sFrame.pRSNWPA->abyMulticast[3] = 0x04;//AES
3385             else if (pDevice->eEncryptionStatus == Ndis802_11Encryption2Enabled)
3386                 sFrame.pRSNWPA->abyMulticast[3] = 0x02;//TKIP
3387             else if (pDevice->eEncryptionStatus == Ndis802_11Encryption1Enabled)
3388                 sFrame.pRSNWPA->abyMulticast[3] = 0x01;//WEP40
3389             else
3390                 sFrame.pRSNWPA->abyMulticast[3] = 0x00;//NONE
3391
3392             // Pairwise Key Cipher Suite
3393             sFrame.pRSNWPA->wPKCount = 0;
3394             // Auth Key Management Suite
3395             *((PWORD)(sFrame.pBuf + sFrame.len + sFrame.pRSNWPA->len))=0;
3396             sFrame.pRSNWPA->len +=2;
3397
3398             // RSN Capabilites
3399             *((PWORD)(sFrame.pBuf + sFrame.len + sFrame.pRSNWPA->len))=0;
3400             sFrame.pRSNWPA->len +=2;
3401             sFrame.len += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3402         }
3403     }
3404
3405     if ((pMgmt->b11hEnable == TRUE) &&
3406         (pMgmt->eCurrentPHYMode == PHY_TYPE_11A)) {
3407         // Country IE
3408         pbyBuffer = (PBYTE)(sFrame.pBuf + sFrame.len);
3409         CARDvSetCountryIE(pMgmt->pAdapter, pbyBuffer);
3410         CARDvSetCountryInfo(pMgmt->pAdapter, PHY_TYPE_11A, pbyBuffer);
3411         uLength += ((PWLAN_IE_COUNTRY) pbyBuffer)->len + WLAN_IEHDR_LEN;
3412         pbyBuffer += (((PWLAN_IE_COUNTRY) pbyBuffer)->len + WLAN_IEHDR_LEN);
3413         // Power Constrain IE
3414         ((PWLAN_IE_PW_CONST) pbyBuffer)->byElementID = WLAN_EID_PWR_CONSTRAINT;
3415         ((PWLAN_IE_PW_CONST) pbyBuffer)->len = 1;
3416         ((PWLAN_IE_PW_CONST) pbyBuffer)->byPower = 0;
3417         pbyBuffer += (1) + WLAN_IEHDR_LEN;
3418         uLength += (1) + WLAN_IEHDR_LEN;
3419         if (pMgmt->bSwitchChannel == TRUE) {
3420             // Channel Switch IE
3421             ((PWLAN_IE_CH_SW) pbyBuffer)->byElementID = WLAN_EID_CH_SWITCH;
3422             ((PWLAN_IE_CH_SW) pbyBuffer)->len = 3;
3423             ((PWLAN_IE_CH_SW) pbyBuffer)->byMode = 1;
3424             ((PWLAN_IE_CH_SW) pbyBuffer)->byChannel = CARDbyGetChannelNumber(pMgmt->pAdapter, pMgmt->byNewChannel);
3425             ((PWLAN_IE_CH_SW) pbyBuffer)->byCount = 0;
3426             pbyBuffer += (3) + WLAN_IEHDR_LEN;
3427             uLength += (3) + WLAN_IEHDR_LEN;
3428         }
3429         // TPC report
3430         ((PWLAN_IE_TPC_REP) pbyBuffer)->byElementID = WLAN_EID_TPC_REP;
3431         ((PWLAN_IE_TPC_REP) pbyBuffer)->len = 2;
3432         ((PWLAN_IE_TPC_REP) pbyBuffer)->byTxPower = CARDbyGetTransmitPower(pMgmt->pAdapter);
3433         ((PWLAN_IE_TPC_REP) pbyBuffer)->byLinkMargin = 0;
3434         pbyBuffer += (2) + WLAN_IEHDR_LEN;
3435         uLength += (2) + WLAN_IEHDR_LEN;
3436         // IBSS DFS
3437         if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP) {
3438             pIBSSDFS = (PWLAN_IE_IBSS_DFS) pbyBuffer;
3439             pIBSSDFS->byElementID = WLAN_EID_IBSS_DFS;
3440             pIBSSDFS->len = 7;
3441             MEMvCopy(   pIBSSDFS->abyDFSOwner,
3442                         pMgmt->abyIBSSDFSOwner,
3443                         6);
3444             pIBSSDFS->byDFSRecovery = pMgmt->byIBSSDFSRecovery;
3445             pbyBuffer += (7) + WLAN_IEHDR_LEN;
3446             uLength += (7) + WLAN_IEHDR_LEN;
3447             for(ii=CB_MAX_CHANNEL_24G+1; ii<=CB_MAX_CHANNEL; ii++ ) {
3448                 if (CARDbGetChannelMapInfo(pMgmt->pAdapter, ii, pbyBuffer, pbyBuffer+1) == TRUE) {
3449                     pbyBuffer += 2;
3450                     uLength += 2;
3451                     pIBSSDFS->len += 2;
3452                 }
3453             }
3454         }
3455         sFrame.len += uLength;
3456     }
3457
3458     if (pMgmt->eCurrentPHYMode == PHY_TYPE_11G) {
3459         sFrame.pERP = (PWLAN_IE_ERP)(sFrame.pBuf + sFrame.len);
3460         sFrame.len += 1 + WLAN_IEHDR_LEN;
3461         sFrame.pERP->byElementID = WLAN_EID_ERP;
3462         sFrame.pERP->len = 1;
3463         sFrame.pERP->byContext = 0;
3464         if (pDevice->bProtectMode == TRUE)
3465             sFrame.pERP->byContext |= WLAN_EID_ERP_USE_PROTECTION;
3466         if (pDevice->bNonERPPresent == TRUE)
3467             sFrame.pERP->byContext |= WLAN_EID_ERP_NONERP_PRESENT;
3468         if (pDevice->bBarkerPreambleMd == TRUE)
3469             sFrame.pERP->byContext |= WLAN_EID_ERP_BARKER_MODE;
3470     }
3471     if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
3472         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3473         sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
3474         MEMvCopy(sFrame.pExtSuppRates,
3475              pCurrExtSuppRates,
3476              ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
3477              );
3478     }
3479     // hostapd wpa/wpa2 IE
3480     if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnableHostapd == TRUE)) {
3481          if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
3482              if (pMgmt->wWPAIELen != 0) {
3483                  sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
3484                  memcpy(sFrame.pRSN, pMgmt->abyWPAIE, pMgmt->wWPAIELen);
3485                  sFrame.len += pMgmt->wWPAIELen;
3486              }
3487          }
3488     }
3489
3490     /* Adjust the length fields */
3491     pTxPacket->cbMPDULen = sFrame.len;
3492     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
3493
3494     return pTxPacket;
3495 }
3496
3497
3498
3499
3500
3501 /*+
3502  *
3503  * Routine Description:
3504  *  Constructs an Prob-response frame
3505  *
3506  *
3507  * Return Value:
3508  *    PTR to frame; or NULL on allocation failue
3509  *
3510 -*/
3511
3512
3513
3514
3515 PSTxMgmtPacket
3516 s_MgrMakeProbeResponse(
3517     IN PSDevice pDevice,
3518     IN PSMgmtObject pMgmt,
3519     IN WORD wCurrCapInfo,
3520     IN WORD wCurrBeaconPeriod,
3521     IN UINT uCurrChannel,
3522     IN WORD wCurrATIMWinodw,
3523     IN PBYTE pDstAddr,
3524     IN PWLAN_IE_SSID pCurrSSID,
3525     IN PBYTE pCurrBSSID,
3526     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
3527     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates,
3528     IN BYTE byPHYType
3529     )
3530 {
3531     PSTxMgmtPacket      pTxPacket = NULL;
3532     WLAN_FR_PROBERESP   sFrame;
3533     PBYTE               pbyBuffer;
3534     UINT                uLength = 0;
3535     PWLAN_IE_IBSS_DFS   pIBSSDFS = NULL;
3536     UINT                ii;
3537
3538
3539     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3540     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_PROBERESP_FR_MAXLEN);
3541     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3542     // Setup the sFrame structure.
3543     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3544     sFrame.len = WLAN_PROBERESP_FR_MAXLEN;
3545     vMgrEncodeProbeResponse(&sFrame);
3546     // Setup the header
3547     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
3548         (
3549         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
3550         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_PROBERESP)
3551         ));
3552     memcpy( sFrame.pHdr->sA3.abyAddr1, pDstAddr, WLAN_ADDR_LEN);
3553     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
3554     memcpy( sFrame.pHdr->sA3.abyAddr3, pCurrBSSID, WLAN_BSSID_LEN);
3555     *sFrame.pwBeaconInterval = cpu_to_le16(wCurrBeaconPeriod);
3556     *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
3557
3558     if (byPHYType == BB_TYPE_11B) {
3559         *sFrame.pwCapInfo &= cpu_to_le16((WORD)~(WLAN_SET_CAP_INFO_SHORTSLOTTIME(1)));
3560     }
3561
3562     // Copy SSID
3563     sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
3564     sFrame.len += ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len + WLAN_IEHDR_LEN;
3565     memcpy(sFrame.pSSID,
3566            pCurrSSID,
3567            ((PWLAN_IE_SSID)pCurrSSID)->len + WLAN_IEHDR_LEN
3568            );
3569     // Copy the rate set
3570     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3571
3572     sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
3573     memcpy(sFrame.pSuppRates,
3574            pCurrSuppRates,
3575            ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
3576           );
3577
3578     // DS parameter
3579     if (pDevice->eCurrentPHYType != PHY_TYPE_11A) {
3580         sFrame.pDSParms = (PWLAN_IE_DS_PARMS)(sFrame.pBuf + sFrame.len);
3581         sFrame.len += (1) + WLAN_IEHDR_LEN;
3582         sFrame.pDSParms->byElementID = WLAN_EID_DS_PARMS;
3583         sFrame.pDSParms->len = 1;
3584         sFrame.pDSParms->byCurrChannel = (BYTE)uCurrChannel;
3585     }
3586
3587     if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP) {
3588         // IBSS parameter
3589         sFrame.pIBSSParms = (PWLAN_IE_IBSS_PARMS)(sFrame.pBuf + sFrame.len);
3590         sFrame.len += (2) + WLAN_IEHDR_LEN;
3591         sFrame.pIBSSParms->byElementID = WLAN_EID_IBSS_PARMS;
3592         sFrame.pIBSSParms->len = 2;
3593         sFrame.pIBSSParms->wATIMWindow = 0;
3594     }
3595     if (pDevice->eCurrentPHYType == PHY_TYPE_11G) {
3596         sFrame.pERP = (PWLAN_IE_ERP)(sFrame.pBuf + sFrame.len);
3597         sFrame.len += 1 + WLAN_IEHDR_LEN;
3598         sFrame.pERP->byElementID = WLAN_EID_ERP;
3599         sFrame.pERP->len = 1;
3600         sFrame.pERP->byContext = 0;
3601         if (pDevice->bProtectMode == TRUE)
3602             sFrame.pERP->byContext |= WLAN_EID_ERP_USE_PROTECTION;
3603         if (pDevice->bNonERPPresent == TRUE)
3604             sFrame.pERP->byContext |= WLAN_EID_ERP_NONERP_PRESENT;
3605         if (pDevice->bBarkerPreambleMd == TRUE)
3606             sFrame.pERP->byContext |= WLAN_EID_ERP_BARKER_MODE;
3607     }
3608
3609     if ((pMgmt->b11hEnable == TRUE) &&
3610         (pMgmt->eCurrentPHYMode == PHY_TYPE_11A)) {
3611         // Country IE
3612         pbyBuffer = (PBYTE)(sFrame.pBuf + sFrame.len);
3613         CARDvSetCountryIE(pMgmt->pAdapter, pbyBuffer);
3614         CARDvSetCountryInfo(pMgmt->pAdapter, PHY_TYPE_11A, pbyBuffer);
3615         uLength += ((PWLAN_IE_COUNTRY) pbyBuffer)->len + WLAN_IEHDR_LEN;
3616         pbyBuffer += (((PWLAN_IE_COUNTRY) pbyBuffer)->len + WLAN_IEHDR_LEN);
3617         // Power Constrain IE
3618         ((PWLAN_IE_PW_CONST) pbyBuffer)->byElementID = WLAN_EID_PWR_CONSTRAINT;
3619         ((PWLAN_IE_PW_CONST) pbyBuffer)->len = 1;
3620         ((PWLAN_IE_PW_CONST) pbyBuffer)->byPower = 0;
3621         pbyBuffer += (1) + WLAN_IEHDR_LEN;
3622         uLength += (1) + WLAN_IEHDR_LEN;
3623         if (pMgmt->bSwitchChannel == TRUE) {
3624             // Channel Switch IE
3625             ((PWLAN_IE_CH_SW) pbyBuffer)->byElementID = WLAN_EID_CH_SWITCH;
3626             ((PWLAN_IE_CH_SW) pbyBuffer)->len = 3;
3627             ((PWLAN_IE_CH_SW) pbyBuffer)->byMode = 1;
3628             ((PWLAN_IE_CH_SW) pbyBuffer)->byChannel = CARDbyGetChannelNumber(pMgmt->pAdapter, pMgmt->byNewChannel);
3629             ((PWLAN_IE_CH_SW) pbyBuffer)->byCount = 0;
3630             pbyBuffer += (3) + WLAN_IEHDR_LEN;
3631             uLength += (3) + WLAN_IEHDR_LEN;
3632         }
3633         // TPC report
3634         ((PWLAN_IE_TPC_REP) pbyBuffer)->byElementID = WLAN_EID_TPC_REP;
3635         ((PWLAN_IE_TPC_REP) pbyBuffer)->len = 2;
3636         ((PWLAN_IE_TPC_REP) pbyBuffer)->byTxPower = CARDbyGetTransmitPower(pMgmt->pAdapter);
3637         ((PWLAN_IE_TPC_REP) pbyBuffer)->byLinkMargin = 0;
3638         pbyBuffer += (2) + WLAN_IEHDR_LEN;
3639         uLength += (2) + WLAN_IEHDR_LEN;
3640         // IBSS DFS
3641         if (pMgmt->eCurrMode != WMAC_MODE_ESS_AP) {
3642             pIBSSDFS = (PWLAN_IE_IBSS_DFS) pbyBuffer;
3643             pIBSSDFS->byElementID = WLAN_EID_IBSS_DFS;
3644             pIBSSDFS->len = 7;
3645             MEMvCopy(   pIBSSDFS->abyDFSOwner,
3646                         pMgmt->abyIBSSDFSOwner,
3647                         6);
3648             pIBSSDFS->byDFSRecovery = pMgmt->byIBSSDFSRecovery;
3649             pbyBuffer += (7) + WLAN_IEHDR_LEN;
3650             uLength += (7) + WLAN_IEHDR_LEN;
3651             for(ii=CB_MAX_CHANNEL_24G+1; ii<=CB_MAX_CHANNEL; ii++ ) {
3652                 if (CARDbGetChannelMapInfo(pMgmt->pAdapter, ii, pbyBuffer, pbyBuffer+1) == TRUE) {
3653                     pbyBuffer += 2;
3654                     uLength += 2;
3655                     pIBSSDFS->len += 2;
3656                 }
3657             }
3658         }
3659         sFrame.len += uLength;
3660     }
3661
3662
3663     if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
3664         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3665         sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
3666         MEMvCopy(sFrame.pExtSuppRates,
3667              pCurrExtSuppRates,
3668              ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
3669              );
3670     }
3671
3672     // hostapd wpa/wpa2 IE
3673     if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnableHostapd == TRUE)) {
3674          if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) {
3675              if (pMgmt->wWPAIELen != 0) {
3676                  sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
3677                  memcpy(sFrame.pRSN, pMgmt->abyWPAIE, pMgmt->wWPAIELen);
3678                  sFrame.len += pMgmt->wWPAIELen;
3679              }
3680          }
3681     }
3682
3683     // Adjust the length fields
3684     pTxPacket->cbMPDULen = sFrame.len;
3685     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
3686
3687     return pTxPacket;
3688 }
3689
3690
3691
3692 /*+
3693  *
3694  * Routine Description:
3695  *  Constructs an association request frame
3696  *
3697  *
3698  * Return Value:
3699  *    A ptr to frame or NULL on allocation failue
3700  *
3701 -*/
3702
3703
3704 PSTxMgmtPacket
3705 s_MgrMakeAssocRequest(
3706     IN PSDevice pDevice,
3707     IN PSMgmtObject pMgmt,
3708     IN PBYTE pDAddr,
3709     IN WORD wCurrCapInfo,
3710     IN WORD wListenInterval,
3711     IN PWLAN_IE_SSID pCurrSSID,
3712     IN PWLAN_IE_SUPP_RATES pCurrRates,
3713     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
3714     )
3715 {
3716     PSTxMgmtPacket      pTxPacket = NULL;
3717     WLAN_FR_ASSOCREQ    sFrame;
3718     PBYTE               pbyIEs;
3719     PBYTE               pbyRSN;
3720
3721
3722     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3723     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_ASSOCREQ_FR_MAXLEN);
3724     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3725     // Setup the sFrame structure.
3726     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3727     sFrame.len = WLAN_ASSOCREQ_FR_MAXLEN;
3728     // format fixed field frame structure
3729     vMgrEncodeAssocRequest(&sFrame);
3730     // Setup the header
3731     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
3732         (
3733         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
3734         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_ASSOCREQ)
3735         ));
3736     memcpy( sFrame.pHdr->sA3.abyAddr1, pDAddr, WLAN_ADDR_LEN);
3737     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
3738     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
3739
3740     // Set the capibility and listen interval
3741     *(sFrame.pwCapInfo) = cpu_to_le16(wCurrCapInfo);
3742     *(sFrame.pwListenInterval) = cpu_to_le16(wListenInterval);
3743
3744     // sFrame.len point to end of fixed field
3745     sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
3746     sFrame.len += pCurrSSID->len + WLAN_IEHDR_LEN;
3747     memcpy(sFrame.pSSID, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
3748
3749     pMgmt->sAssocInfo.AssocInfo.RequestIELength = pCurrSSID->len + WLAN_IEHDR_LEN;
3750     pMgmt->sAssocInfo.AssocInfo.OffsetRequestIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
3751     pbyIEs = pMgmt->sAssocInfo.abyIEs;
3752     MEMvCopy(pbyIEs, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
3753     pbyIEs += pCurrSSID->len + WLAN_IEHDR_LEN;
3754
3755     // Copy the rate set
3756     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3757     if ((pDevice->eCurrentPHYType == PHY_TYPE_11B) && (pCurrRates->len > 4))
3758         sFrame.len += 4 + WLAN_IEHDR_LEN;
3759     else
3760         sFrame.len += pCurrRates->len + WLAN_IEHDR_LEN;
3761     memcpy(sFrame.pSuppRates, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
3762
3763     // Copy the extension rate set
3764     if ((pDevice->eCurrentPHYType == PHY_TYPE_11G) && (pCurrExtSuppRates->len > 0)) {
3765         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
3766         sFrame.len += pCurrExtSuppRates->len + WLAN_IEHDR_LEN;
3767         memcpy(sFrame.pExtSuppRates, pCurrExtSuppRates, pCurrExtSuppRates->len + WLAN_IEHDR_LEN);
3768     }
3769
3770     pMgmt->sAssocInfo.AssocInfo.RequestIELength += pCurrRates->len + WLAN_IEHDR_LEN;
3771     MEMvCopy(pbyIEs, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
3772     pbyIEs += pCurrRates->len + WLAN_IEHDR_LEN;
3773
3774     // for 802.11h
3775     if (pMgmt->b11hEnable == TRUE) {
3776         if (sFrame.pCurrPowerCap == NULL) {
3777             sFrame.pCurrPowerCap = (PWLAN_IE_PW_CAP)(sFrame.pBuf + sFrame.len);
3778             sFrame.len += (2 + WLAN_IEHDR_LEN);
3779             sFrame.pCurrPowerCap->byElementID = WLAN_EID_PWR_CAPABILITY;
3780             sFrame.pCurrPowerCap->len = 2;
3781             CARDvGetPowerCapability(pMgmt->pAdapter,
3782                                     &(sFrame.pCurrPowerCap->byMinPower),
3783                                     &(sFrame.pCurrPowerCap->byMaxPower)
3784                                     );
3785         }
3786         if (sFrame.pCurrSuppCh == NULL) {
3787             sFrame.pCurrSuppCh = (PWLAN_IE_SUPP_CH)(sFrame.pBuf + sFrame.len);
3788             sFrame.len += CARDbySetSupportChannels(pMgmt->pAdapter,(PBYTE)sFrame.pCurrSuppCh);
3789         }
3790     }
3791
3792     if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
3793          (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
3794          (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE)) &&
3795         (pMgmt->pCurrBSS != NULL)) {
3796         /* WPA IE */
3797         sFrame.pRSNWPA = (PWLAN_IE_RSN_EXT)(sFrame.pBuf + sFrame.len);
3798         sFrame.pRSNWPA->byElementID = WLAN_EID_RSN_WPA;
3799         sFrame.pRSNWPA->len = 16;
3800         sFrame.pRSNWPA->abyOUI[0] = 0x00;
3801         sFrame.pRSNWPA->abyOUI[1] = 0x50;
3802         sFrame.pRSNWPA->abyOUI[2] = 0xf2;
3803         sFrame.pRSNWPA->abyOUI[3] = 0x01;
3804         sFrame.pRSNWPA->wVersion = 1;
3805         //Group Key Cipher Suite
3806         sFrame.pRSNWPA->abyMulticast[0] = 0x00;
3807         sFrame.pRSNWPA->abyMulticast[1] = 0x50;
3808         sFrame.pRSNWPA->abyMulticast[2] = 0xf2;
3809         if (pMgmt->byCSSGK == KEY_CTL_WEP) {
3810             sFrame.pRSNWPA->abyMulticast[3] = pMgmt->pCurrBSS->byGKType;
3811         } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
3812             sFrame.pRSNWPA->abyMulticast[3] = WPA_TKIP;
3813         } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
3814             sFrame.pRSNWPA->abyMulticast[3] = WPA_AESCCMP;
3815         } else {
3816             sFrame.pRSNWPA->abyMulticast[3] = WPA_NONE;
3817         }
3818         // Pairwise Key Cipher Suite
3819         sFrame.pRSNWPA->wPKCount = 1;
3820         sFrame.pRSNWPA->PKSList[0].abyOUI[0] = 0x00;
3821         sFrame.pRSNWPA->PKSList[0].abyOUI[1] = 0x50;
3822         sFrame.pRSNWPA->PKSList[0].abyOUI[2] = 0xf2;
3823         if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
3824             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_TKIP;
3825         } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
3826             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_AESCCMP;
3827         } else {
3828             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_NONE;
3829         }
3830         // Auth Key Management Suite
3831         pbyRSN = (PBYTE)(sFrame.pBuf + sFrame.len + 2 + sFrame.pRSNWPA->len);
3832         *pbyRSN++=0x01;
3833         *pbyRSN++=0x00;
3834         *pbyRSN++=0x00;
3835         *pbyRSN++=0x50;
3836         *pbyRSN++=0xf2;
3837         if (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) {
3838             *pbyRSN++=WPA_AUTH_PSK;
3839         }
3840         else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA) {
3841             *pbyRSN++=WPA_AUTH_IEEE802_1X;
3842         }
3843         else {
3844             *pbyRSN++=WPA_NONE;
3845         }
3846         sFrame.pRSNWPA->len +=6;
3847
3848         // RSN Capabilites
3849         *pbyRSN++=0x00;
3850         *pbyRSN++=0x00;
3851         sFrame.pRSNWPA->len +=2;
3852         sFrame.len += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3853         // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
3854         pMgmt->sAssocInfo.AssocInfo.RequestIELength += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3855         MEMvCopy(pbyIEs, sFrame.pRSNWPA, sFrame.pRSNWPA->len + WLAN_IEHDR_LEN);
3856         pbyIEs += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
3857
3858     } else if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
3859                 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) &&
3860                (pMgmt->pCurrBSS != NULL)) {
3861         UINT                ii;
3862         PWORD               pwPMKID;
3863
3864         // WPA IE
3865         sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
3866         sFrame.pRSN->byElementID = WLAN_EID_RSN;
3867         sFrame.pRSN->len = 6; //Version(2)+GK(4)
3868         sFrame.pRSN->wVersion = 1;
3869         //Group Key Cipher Suite
3870         sFrame.pRSN->abyRSN[0] = 0x00;
3871         sFrame.pRSN->abyRSN[1] = 0x0F;
3872         sFrame.pRSN->abyRSN[2] = 0xAC;
3873         if (pMgmt->byCSSGK == KEY_CTL_WEP) {
3874             sFrame.pRSN->abyRSN[3] = pMgmt->pCurrBSS->byCSSGK;
3875         } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
3876             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_TKIP;
3877         } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
3878             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_CCMP;
3879         } else {
3880             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_UNKNOWN;
3881         }
3882
3883         // Pairwise Key Cipher Suite
3884         sFrame.pRSN->abyRSN[4] = 1;
3885         sFrame.pRSN->abyRSN[5] = 0;
3886         sFrame.pRSN->abyRSN[6] = 0x00;
3887         sFrame.pRSN->abyRSN[7] = 0x0F;
3888         sFrame.pRSN->abyRSN[8] = 0xAC;
3889         if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
3890             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_TKIP;
3891         } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
3892             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_CCMP;
3893         } else if (pMgmt->byCSSPK == KEY_CTL_NONE) {
3894             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_USE_GROUP;
3895         } else {
3896             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_UNKNOWN;
3897         }
3898         sFrame.pRSN->len += 6;
3899
3900         // Auth Key Management Suite
3901         sFrame.pRSN->abyRSN[10] = 1;
3902         sFrame.pRSN->abyRSN[11] = 0;
3903         sFrame.pRSN->abyRSN[12] = 0x00;
3904         sFrame.pRSN->abyRSN[13] = 0x0F;
3905         sFrame.pRSN->abyRSN[14] = 0xAC;
3906         if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK) {
3907             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_PSK;
3908         } else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
3909             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_802_1X;
3910         } else {
3911             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_UNKNOWN;
3912         }
3913         sFrame.pRSN->len +=6;
3914
3915         // RSN Capabilites
3916         if (pMgmt->pCurrBSS->sRSNCapObj.bRSNCapExist == TRUE) {
3917             MEMvCopy(&sFrame.pRSN->abyRSN[16], &pMgmt->pCurrBSS->sRSNCapObj.wRSNCap, 2);
3918         } else {
3919             sFrame.pRSN->abyRSN[16] = 0;
3920             sFrame.pRSN->abyRSN[17] = 0;
3921         }
3922         sFrame.pRSN->len +=2;
3923
3924         if ((pDevice->gsPMKID.BSSIDInfoCount > 0) && (pDevice->bRoaming == TRUE) && (pMgmt->eAuthenMode == WMAC_AUTH_WPA2)) {
3925             // RSN PMKID
3926             pbyRSN = &sFrame.pRSN->abyRSN[18];
3927             pwPMKID = (PWORD)pbyRSN; // Point to PMKID count
3928             *pwPMKID = 0;            // Initialize PMKID count
3929             pbyRSN += 2;             // Point to PMKID list
3930             for (ii = 0; ii < pDevice->gsPMKID.BSSIDInfoCount; ii++) {
3931                 if (MEMEqualMemory(&pDevice->gsPMKID.BSSIDInfo[ii].BSSID[0], pMgmt->abyCurrBSSID, U_ETHER_ADDR_LEN)) {
3932                     (*pwPMKID) ++;
3933                     MEMvCopy(pbyRSN, pDevice->gsPMKID.BSSIDInfo[ii].PMKID, 16);
3934                     pbyRSN += 16;
3935                 }
3936             }
3937             if (*pwPMKID != 0) {
3938                 sFrame.pRSN->len += (2 + (*pwPMKID)*16);
3939             }
3940         }
3941
3942         sFrame.len += sFrame.pRSN->len + WLAN_IEHDR_LEN;
3943         // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
3944         pMgmt->sAssocInfo.AssocInfo.RequestIELength += sFrame.pRSN->len + WLAN_IEHDR_LEN;
3945         MEMvCopy(pbyIEs, sFrame.pRSN, sFrame.pRSN->len + WLAN_IEHDR_LEN);
3946         pbyIEs += sFrame.pRSN->len + WLAN_IEHDR_LEN;
3947     }
3948
3949
3950     // Adjust the length fields
3951     pTxPacket->cbMPDULen = sFrame.len;
3952     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
3953     return pTxPacket;
3954 }
3955
3956
3957
3958
3959
3960
3961
3962
3963 /*+
3964  *
3965  * Routine Description:
3966  *  Constructs an re-association request frame
3967  *
3968  *
3969  * Return Value:
3970  *    A ptr to frame or NULL on allocation failue
3971  *
3972 -*/
3973
3974
3975 PSTxMgmtPacket
3976 s_MgrMakeReAssocRequest(
3977     IN PSDevice pDevice,
3978     IN PSMgmtObject pMgmt,
3979     IN PBYTE pDAddr,
3980     IN WORD wCurrCapInfo,
3981     IN WORD wListenInterval,
3982     IN PWLAN_IE_SSID pCurrSSID,
3983     IN PWLAN_IE_SUPP_RATES pCurrRates,
3984     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
3985     )
3986 {
3987     PSTxMgmtPacket      pTxPacket = NULL;
3988     WLAN_FR_REASSOCREQ  sFrame;
3989     PBYTE               pbyIEs;
3990     PBYTE               pbyRSN;
3991
3992
3993     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
3994     memset( pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_REASSOCREQ_FR_MAXLEN);
3995     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
3996     /* Setup the sFrame structure. */
3997     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
3998     sFrame.len = WLAN_REASSOCREQ_FR_MAXLEN;
3999
4000     // format fixed field frame structure
4001     vMgrEncodeReassocRequest(&sFrame);
4002
4003     /* Setup the header */
4004     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
4005         (
4006         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
4007         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_REASSOCREQ)
4008         ));
4009     memcpy( sFrame.pHdr->sA3.abyAddr1, pDAddr, WLAN_ADDR_LEN);
4010     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
4011     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
4012
4013     /* Set the capibility and listen interval */
4014     *(sFrame.pwCapInfo) = cpu_to_le16(wCurrCapInfo);
4015     *(sFrame.pwListenInterval) = cpu_to_le16(wListenInterval);
4016
4017     memcpy(sFrame.pAddrCurrAP, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
4018     /* Copy the SSID */
4019     /* sFrame.len point to end of fixed field */
4020     sFrame.pSSID = (PWLAN_IE_SSID)(sFrame.pBuf + sFrame.len);
4021     sFrame.len += pCurrSSID->len + WLAN_IEHDR_LEN;
4022     memcpy(sFrame.pSSID, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
4023
4024     pMgmt->sAssocInfo.AssocInfo.RequestIELength = pCurrSSID->len + WLAN_IEHDR_LEN;
4025     pMgmt->sAssocInfo.AssocInfo.OffsetRequestIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
4026     pbyIEs = pMgmt->sAssocInfo.abyIEs;
4027     MEMvCopy(pbyIEs, pCurrSSID, pCurrSSID->len + WLAN_IEHDR_LEN);
4028     pbyIEs += pCurrSSID->len + WLAN_IEHDR_LEN;
4029
4030     /* Copy the rate set */
4031     /* sFrame.len point to end of SSID */
4032     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4033     sFrame.len += pCurrRates->len + WLAN_IEHDR_LEN;
4034     memcpy(sFrame.pSuppRates, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
4035
4036     // Copy the extension rate set
4037     if ((pMgmt->eCurrentPHYMode == PHY_TYPE_11G) && (pCurrExtSuppRates->len > 0)) {
4038         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4039         sFrame.len += pCurrExtSuppRates->len + WLAN_IEHDR_LEN;
4040         memcpy(sFrame.pExtSuppRates, pCurrExtSuppRates, pCurrExtSuppRates->len + WLAN_IEHDR_LEN);
4041     }
4042
4043     pMgmt->sAssocInfo.AssocInfo.RequestIELength += pCurrRates->len + WLAN_IEHDR_LEN;
4044     MEMvCopy(pbyIEs, pCurrRates, pCurrRates->len + WLAN_IEHDR_LEN);
4045     pbyIEs += pCurrRates->len + WLAN_IEHDR_LEN;
4046
4047     if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
4048          (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
4049          (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE)) &&
4050         (pMgmt->pCurrBSS != NULL)) {
4051         /* WPA IE */
4052         sFrame.pRSNWPA = (PWLAN_IE_RSN_EXT)(sFrame.pBuf + sFrame.len);
4053         sFrame.pRSNWPA->byElementID = WLAN_EID_RSN_WPA;
4054         sFrame.pRSNWPA->len = 16;
4055         sFrame.pRSNWPA->abyOUI[0] = 0x00;
4056         sFrame.pRSNWPA->abyOUI[1] = 0x50;
4057         sFrame.pRSNWPA->abyOUI[2] = 0xf2;
4058         sFrame.pRSNWPA->abyOUI[3] = 0x01;
4059         sFrame.pRSNWPA->wVersion = 1;
4060         //Group Key Cipher Suite
4061         sFrame.pRSNWPA->abyMulticast[0] = 0x00;
4062         sFrame.pRSNWPA->abyMulticast[1] = 0x50;
4063         sFrame.pRSNWPA->abyMulticast[2] = 0xf2;
4064         if (pMgmt->byCSSGK == KEY_CTL_WEP) {
4065             sFrame.pRSNWPA->abyMulticast[3] = pMgmt->pCurrBSS->byGKType;
4066         } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
4067             sFrame.pRSNWPA->abyMulticast[3] = WPA_TKIP;
4068         } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
4069             sFrame.pRSNWPA->abyMulticast[3] = WPA_AESCCMP;
4070         } else {
4071             sFrame.pRSNWPA->abyMulticast[3] = WPA_NONE;
4072         }
4073         // Pairwise Key Cipher Suite
4074         sFrame.pRSNWPA->wPKCount = 1;
4075         sFrame.pRSNWPA->PKSList[0].abyOUI[0] = 0x00;
4076         sFrame.pRSNWPA->PKSList[0].abyOUI[1] = 0x50;
4077         sFrame.pRSNWPA->PKSList[0].abyOUI[2] = 0xf2;
4078         if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
4079             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_TKIP;
4080         } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
4081             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_AESCCMP;
4082         } else {
4083             sFrame.pRSNWPA->PKSList[0].abyOUI[3] = WPA_NONE;
4084         }
4085         // Auth Key Management Suite
4086         pbyRSN = (PBYTE)(sFrame.pBuf + sFrame.len + 2 + sFrame.pRSNWPA->len);
4087         *pbyRSN++=0x01;
4088         *pbyRSN++=0x00;
4089         *pbyRSN++=0x00;
4090         *pbyRSN++=0x50;
4091         *pbyRSN++=0xf2;
4092         if (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) {
4093             *pbyRSN++=WPA_AUTH_PSK;
4094         } else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA) {
4095             *pbyRSN++=WPA_AUTH_IEEE802_1X;
4096         } else {
4097             *pbyRSN++=WPA_NONE;
4098         }
4099         sFrame.pRSNWPA->len +=6;
4100
4101         // RSN Capabilites
4102         *pbyRSN++=0x00;
4103         *pbyRSN++=0x00;
4104         sFrame.pRSNWPA->len +=2;
4105         sFrame.len += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
4106         // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
4107         pMgmt->sAssocInfo.AssocInfo.RequestIELength += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
4108         MEMvCopy(pbyIEs, sFrame.pRSNWPA, sFrame.pRSNWPA->len + WLAN_IEHDR_LEN);
4109         pbyIEs += sFrame.pRSNWPA->len + WLAN_IEHDR_LEN;
4110
4111     } else if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
4112                 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) &&
4113                (pMgmt->pCurrBSS != NULL)) {
4114         UINT                ii;
4115         PWORD               pwPMKID;
4116
4117         /* WPA IE */
4118         sFrame.pRSN = (PWLAN_IE_RSN)(sFrame.pBuf + sFrame.len);
4119         sFrame.pRSN->byElementID = WLAN_EID_RSN;
4120         sFrame.pRSN->len = 6; //Version(2)+GK(4)
4121         sFrame.pRSN->wVersion = 1;
4122         //Group Key Cipher Suite
4123         sFrame.pRSN->abyRSN[0] = 0x00;
4124         sFrame.pRSN->abyRSN[1] = 0x0F;
4125         sFrame.pRSN->abyRSN[2] = 0xAC;
4126         if (pMgmt->byCSSGK == KEY_CTL_WEP) {
4127             sFrame.pRSN->abyRSN[3] = pMgmt->pCurrBSS->byCSSGK;
4128         } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
4129             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_TKIP;
4130         } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
4131             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_CCMP;
4132         } else {
4133             sFrame.pRSN->abyRSN[3] = WLAN_11i_CSS_UNKNOWN;
4134         }
4135
4136         // Pairwise Key Cipher Suite
4137         sFrame.pRSN->abyRSN[4] = 1;
4138         sFrame.pRSN->abyRSN[5] = 0;
4139         sFrame.pRSN->abyRSN[6] = 0x00;
4140         sFrame.pRSN->abyRSN[7] = 0x0F;
4141         sFrame.pRSN->abyRSN[8] = 0xAC;
4142         if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
4143             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_TKIP;
4144         } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
4145             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_CCMP;
4146         } else if (pMgmt->byCSSPK == KEY_CTL_NONE) {
4147             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_USE_GROUP;
4148         } else {
4149             sFrame.pRSN->abyRSN[9] = WLAN_11i_CSS_UNKNOWN;
4150         }
4151         sFrame.pRSN->len += 6;
4152
4153         // Auth Key Management Suite
4154         sFrame.pRSN->abyRSN[10] = 1;
4155         sFrame.pRSN->abyRSN[11] = 0;
4156         sFrame.pRSN->abyRSN[12] = 0x00;
4157         sFrame.pRSN->abyRSN[13] = 0x0F;
4158         sFrame.pRSN->abyRSN[14] = 0xAC;
4159         if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK) {
4160             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_PSK;
4161         } else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
4162             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_802_1X;
4163         } else {
4164             sFrame.pRSN->abyRSN[15] = WLAN_11i_AKMSS_UNKNOWN;
4165         }
4166         sFrame.pRSN->len +=6;
4167
4168         // RSN Capabilites
4169         if (pMgmt->pCurrBSS->sRSNCapObj.bRSNCapExist == TRUE) {
4170             MEMvCopy(&sFrame.pRSN->abyRSN[16], &pMgmt->pCurrBSS->sRSNCapObj.wRSNCap, 2);
4171         } else {
4172             sFrame.pRSN->abyRSN[16] = 0;
4173             sFrame.pRSN->abyRSN[17] = 0;
4174         }
4175         sFrame.pRSN->len +=2;
4176
4177         if ((pDevice->gsPMKID.BSSIDInfoCount > 0) && (pDevice->bRoaming == TRUE) && (pMgmt->eAuthenMode == WMAC_AUTH_WPA2)) {
4178             // RSN PMKID
4179             pbyRSN = &sFrame.pRSN->abyRSN[18];
4180             pwPMKID = (PWORD)pbyRSN; // Point to PMKID count
4181             *pwPMKID = 0;            // Initialize PMKID count
4182             pbyRSN += 2;             // Point to PMKID list
4183             for (ii = 0; ii < pDevice->gsPMKID.BSSIDInfoCount; ii++) {
4184                 if (MEMEqualMemory(&pDevice->gsPMKID.BSSIDInfo[ii].BSSID[0], pMgmt->abyCurrBSSID, U_ETHER_ADDR_LEN)) {
4185                     (*pwPMKID) ++;
4186                     MEMvCopy(pbyRSN, pDevice->gsPMKID.BSSIDInfo[ii].PMKID, 16);
4187                     pbyRSN += 16;
4188                 }
4189             }
4190             if (*pwPMKID != 0) {
4191                 sFrame.pRSN->len += (2 + (*pwPMKID)*16);
4192             }
4193         }
4194
4195         sFrame.len += sFrame.pRSN->len + WLAN_IEHDR_LEN;
4196         // copy to AssocInfo. for OID_802_11_ASSOCIATION_INFORMATION
4197         pMgmt->sAssocInfo.AssocInfo.RequestIELength += sFrame.pRSN->len + WLAN_IEHDR_LEN;
4198         MEMvCopy(pbyIEs, sFrame.pRSN, sFrame.pRSN->len + WLAN_IEHDR_LEN);
4199         pbyIEs += sFrame.pRSN->len + WLAN_IEHDR_LEN;
4200     }
4201
4202
4203     /* Adjust the length fields */
4204     pTxPacket->cbMPDULen = sFrame.len;
4205     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
4206
4207     return pTxPacket;
4208 }
4209
4210
4211
4212 /*+
4213  *
4214  * Routine Description:
4215  *  Constructs an assoc-response frame
4216  *
4217  *
4218  * Return Value:
4219  *    PTR to frame; or NULL on allocation failue
4220  *
4221 -*/
4222
4223
4224 PSTxMgmtPacket
4225 s_MgrMakeAssocResponse(
4226     IN PSDevice pDevice,
4227     IN PSMgmtObject pMgmt,
4228     IN WORD wCurrCapInfo,
4229     IN WORD wAssocStatus,
4230     IN WORD wAssocAID,
4231     IN PBYTE pDstAddr,
4232     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
4233     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
4234     )
4235 {
4236     PSTxMgmtPacket      pTxPacket = NULL;
4237     WLAN_FR_ASSOCRESP   sFrame;
4238
4239
4240     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
4241     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_ASSOCREQ_FR_MAXLEN);
4242     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
4243     // Setup the sFrame structure
4244     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
4245     sFrame.len = WLAN_REASSOCRESP_FR_MAXLEN;
4246     vMgrEncodeAssocResponse(&sFrame);
4247     // Setup the header
4248     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
4249         (
4250         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
4251         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_ASSOCRESP)
4252         ));
4253     memcpy( sFrame.pHdr->sA3.abyAddr1, pDstAddr, WLAN_ADDR_LEN);
4254     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
4255     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
4256
4257     *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
4258     *sFrame.pwStatus = cpu_to_le16(wAssocStatus);
4259     *sFrame.pwAid = cpu_to_le16((WORD)(wAssocAID | BIT14 | BIT15));
4260
4261     // Copy the rate set
4262     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4263     sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
4264     memcpy(sFrame.pSuppRates,
4265            pCurrSuppRates,
4266            ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
4267           );
4268
4269     if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
4270         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4271         sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
4272         MEMvCopy(sFrame.pExtSuppRates,
4273              pCurrExtSuppRates,
4274              ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
4275              );
4276     }
4277
4278     // Adjust the length fields
4279     pTxPacket->cbMPDULen = sFrame.len;
4280     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
4281
4282     return pTxPacket;
4283 }
4284
4285
4286 /*+
4287  *
4288  * Routine Description:
4289  *  Constructs an reassoc-response frame
4290  *
4291  *
4292  * Return Value:
4293  *    PTR to frame; or NULL on allocation failue
4294  *
4295 -*/
4296
4297
4298 PSTxMgmtPacket
4299 s_MgrMakeReAssocResponse(
4300     IN PSDevice pDevice,
4301     IN PSMgmtObject pMgmt,
4302     IN WORD wCurrCapInfo,
4303     IN WORD wAssocStatus,
4304     IN WORD wAssocAID,
4305     IN PBYTE pDstAddr,
4306     IN PWLAN_IE_SUPP_RATES pCurrSuppRates,
4307     IN PWLAN_IE_SUPP_RATES pCurrExtSuppRates
4308     )
4309 {
4310     PSTxMgmtPacket      pTxPacket = NULL;
4311     WLAN_FR_REASSOCRESP   sFrame;
4312
4313
4314     pTxPacket = (PSTxMgmtPacket)pMgmt->pbyMgmtPacketPool;
4315     memset(pTxPacket, 0, sizeof(STxMgmtPacket) + WLAN_ASSOCREQ_FR_MAXLEN);
4316     pTxPacket->p80211Header = (PUWLAN_80211HDR)((PBYTE)pTxPacket + sizeof(STxMgmtPacket));
4317     // Setup the sFrame structure
4318     sFrame.pBuf = (PBYTE)pTxPacket->p80211Header;
4319     sFrame.len = WLAN_REASSOCRESP_FR_MAXLEN;
4320     vMgrEncodeReassocResponse(&sFrame);
4321     // Setup the header
4322     sFrame.pHdr->sA3.wFrameCtl = cpu_to_le16(
4323         (
4324         WLAN_SET_FC_FTYPE(WLAN_TYPE_MGR) |
4325         WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_REASSOCRESP)
4326         ));
4327     memcpy( sFrame.pHdr->sA3.abyAddr1, pDstAddr, WLAN_ADDR_LEN);
4328     memcpy( sFrame.pHdr->sA3.abyAddr2, pMgmt->abyMACAddr, WLAN_ADDR_LEN);
4329     memcpy( sFrame.pHdr->sA3.abyAddr3, pMgmt->abyCurrBSSID, WLAN_BSSID_LEN);
4330
4331     *sFrame.pwCapInfo = cpu_to_le16(wCurrCapInfo);
4332     *sFrame.pwStatus = cpu_to_le16(wAssocStatus);
4333     *sFrame.pwAid = cpu_to_le16((WORD)(wAssocAID | BIT14 | BIT15));
4334
4335     // Copy the rate set
4336     sFrame.pSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4337     sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN;
4338     memcpy(sFrame.pSuppRates,
4339              pCurrSuppRates,
4340              ((PWLAN_IE_SUPP_RATES)pCurrSuppRates)->len + WLAN_IEHDR_LEN
4341              );
4342
4343     if (((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len != 0) {
4344         sFrame.pExtSuppRates = (PWLAN_IE_SUPP_RATES)(sFrame.pBuf + sFrame.len);
4345         sFrame.len += ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN;
4346         MEMvCopy(sFrame.pExtSuppRates,
4347              pCurrExtSuppRates,
4348              ((PWLAN_IE_SUPP_RATES)pCurrExtSuppRates)->len + WLAN_IEHDR_LEN
4349              );
4350     }
4351
4352     // Adjust the length fields
4353     pTxPacket->cbMPDULen = sFrame.len;
4354     pTxPacket->cbPayloadLen = sFrame.len - WLAN_HDR_ADDR3_LEN;
4355
4356     return pTxPacket;
4357 }
4358
4359
4360 /*+
4361  *
4362  * Routine Description:
4363  *  Handles probe response management frames.
4364  *
4365  *
4366  * Return Value:
4367  *    none.
4368  *
4369 -*/
4370
4371 static
4372 VOID
4373 s_vMgrRxProbeResponse(
4374     IN PSDevice pDevice,
4375     IN PSMgmtObject pMgmt,
4376     IN PSRxMgmtPacket pRxPacket
4377     )
4378 {
4379     PKnownBSS           pBSSList = NULL;
4380     WLAN_FR_PROBERESP   sFrame;
4381     BYTE                byCurrChannel = pRxPacket->byRxChannel;
4382     ERPObject           sERP;
4383     BYTE                byIEChannel = 0;
4384     BOOL                bChannelHit = TRUE;
4385
4386
4387     memset(&sFrame, 0, sizeof(WLAN_FR_PROBERESP));
4388     // decode the frame
4389     sFrame.len = pRxPacket->cbMPDULen;
4390     sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
4391     vMgrDecodeProbeResponse(&sFrame);
4392
4393     if ((sFrame.pqwTimestamp == 0) ||
4394         (sFrame.pwBeaconInterval == 0) ||
4395         (sFrame.pwCapInfo == 0) ||
4396         (sFrame.pSSID == 0) ||
4397         (sFrame.pSuppRates == 0)) {
4398         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Probe resp:Fail addr:[%p] \n", pRxPacket->p80211Header);
4399         DBG_PORT80(0xCC);
4400         return;
4401     };
4402
4403     if(sFrame.pSSID->len == 0)
4404        DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Rx Probe resp: SSID len = 0 \n");
4405
4406     if (sFrame.pDSParms != 0) {
4407         if (byCurrChannel > CB_MAX_CHANNEL_24G) {
4408             // channel remapping to
4409             byIEChannel = CARDbyGetChannelMapping(pMgmt->pAdapter, sFrame.pDSParms->byCurrChannel, PHY_TYPE_11A);
4410         } else {
4411             byIEChannel = sFrame.pDSParms->byCurrChannel;
4412         }
4413         if (byCurrChannel != byIEChannel) {
4414             // adjust channel info. bcs we rcv adjcent channel pakckets
4415             bChannelHit = FALSE;
4416             byCurrChannel = byIEChannel;
4417         }
4418     } else {
4419         // no DS channel info
4420         bChannelHit = TRUE;
4421     }
4422
4423 //2008-0730-01<Add>by MikeLiu
4424 if(ChannelExceedZoneType(pDevice,byCurrChannel)==TRUE)
4425       return;
4426
4427     if (sFrame.pERP != NULL) {
4428         sERP.byERP = sFrame.pERP->byContext;
4429         sERP.bERPExist = TRUE;
4430     } else {
4431         sERP.bERPExist = FALSE;
4432         sERP.byERP = 0;
4433     }
4434
4435
4436     // update or insert the bss
4437     pBSSList = BSSpAddrIsInBSSList((HANDLE)pDevice, sFrame.pHdr->sA3.abyAddr3, sFrame.pSSID);
4438     if (pBSSList) {
4439         BSSbUpdateToBSSList((HANDLE)pDevice,
4440                             *sFrame.pqwTimestamp,
4441                             *sFrame.pwBeaconInterval,
4442                             *sFrame.pwCapInfo,
4443                             byCurrChannel,
4444                             bChannelHit,
4445                             sFrame.pSSID,
4446                             sFrame.pSuppRates,
4447                             sFrame.pExtSuppRates,
4448                             &sERP,
4449                             sFrame.pRSN,
4450                             sFrame.pRSNWPA,
4451                             sFrame.pIE_Country,
4452                             sFrame.pIE_Quiet,
4453                             pBSSList,
4454                             sFrame.len - WLAN_HDR_ADDR3_LEN,
4455                             sFrame.pHdr->sA4.abyAddr4,   // payload of probresponse
4456                             (HANDLE)pRxPacket
4457                            );
4458     }
4459     else {
4460         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Probe resp/insert: RxChannel = : %d\n", byCurrChannel);
4461         BSSbInsertToBSSList((HANDLE)pDevice,
4462                             sFrame.pHdr->sA3.abyAddr3,
4463                             *sFrame.pqwTimestamp,
4464                             *sFrame.pwBeaconInterval,
4465                             *sFrame.pwCapInfo,
4466                             byCurrChannel,
4467                             sFrame.pSSID,
4468                             sFrame.pSuppRates,
4469                             sFrame.pExtSuppRates,
4470                             &sERP,
4471                             sFrame.pRSN,
4472                             sFrame.pRSNWPA,
4473                             sFrame.pIE_Country,
4474                             sFrame.pIE_Quiet,
4475                             sFrame.len - WLAN_HDR_ADDR3_LEN,
4476                             sFrame.pHdr->sA4.abyAddr4,   // payload of beacon
4477                             (HANDLE)pRxPacket
4478                            );
4479     }
4480     return;
4481
4482 }
4483
4484 /*+
4485  *
4486  * Routine Description:(AP)or(Ad-hoc STA)
4487  *  Handles probe request management frames.
4488  *
4489  *
4490  * Return Value:
4491  *    none.
4492  *
4493 -*/
4494
4495
4496 static
4497 VOID
4498 s_vMgrRxProbeRequest(
4499     IN PSDevice pDevice,
4500     IN PSMgmtObject pMgmt,
4501     IN PSRxMgmtPacket pRxPacket
4502     )
4503 {
4504     WLAN_FR_PROBEREQ    sFrame;
4505     CMD_STATUS          Status;
4506     PSTxMgmtPacket      pTxPacket;
4507     BYTE                byPHYType = BB_TYPE_11B;
4508
4509     // STA in Ad-hoc mode: when latest TBTT beacon transmit success,
4510     // STA have to response this request.
4511     if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) ||
4512         ((pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) && pDevice->bBeaconSent)) {
4513
4514         memset(&sFrame, 0, sizeof(WLAN_FR_PROBEREQ));
4515         // decode the frame
4516         sFrame.len = pRxPacket->cbMPDULen;
4517         sFrame.pBuf = (PBYTE)pRxPacket->p80211Header;
4518         vMgrDecodeProbeRequest(&sFrame);
4519 /*
4520         DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Probe request rx:MAC addr:%02x-%02x-%02x=%02x-%02x-%02x \n",
4521                   sFrame.pHdr->sA3.abyAddr2[0],
4522                   sFrame.pHdr->sA3.abyAddr2[1],
4523                   sFrame.pHdr->sA3.abyAddr2[2],
4524                   sFrame.pHdr->sA3.abyAddr2[3],
4525                   sFrame.pHdr->sA3.abyAddr2[4],
4526                   sFrame.pHdr->sA3.abyAddr2[5]
4527                 );
4528 */
4529         if (sFrame.pSSID->len != 0) {
4530             if (sFrame.pSSID->len != ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len)
4531                 return;
4532             if (memcmp(sFrame.pSSID->abySSID,
4533                        ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->abySSID,
4534                        ((PWLAN_IE_SSID)pMgmt->abyCurrSSID)->len) != 0) {
4535                        return;
4536             }
4537         }
4538
4539         if ((sFrame.pSuppRates->len > 4) || (sFrame.pExtSuppRates != NULL)) {
4540             byPHYType = BB_TYPE_11G;
4541         }
4542
4543         // Probe response reply..
4544         pTxPacket = s_MgrMakeProbeResponse
4545                     (
4546                       pDevice,
4547                       pMgmt,
4548                       pMgmt->wCurrCapInfo,
4549                       pMgmt->wCurrBeaconPeriod,
4550                       pMgmt->uCurrChannel,
4551                       0,
4552                       sFrame.pHdr->sA3.abyAddr2,
4553                       (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
4554                       (PBYTE)pMgmt->abyCurrBSSID,
4555                       (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
4556                       (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates,
4557                        byPHYType
4558                     );
4559         if (pTxPacket != NULL ){
4560             /* send the frame */
4561             Status = csMgmt_xmit(pDevice, pTxPacket);
4562             if (Status != CMD_STATUS_PENDING) {
4563                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Probe response tx failed\n");
4564             }
4565             else {
4566 //                DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Mgt:Probe response tx sending..\n");
4567             }
4568         }
4569     }
4570
4571     return;
4572 }
4573
4574
4575
4576
4577
4578 /*+
4579  *
4580  * Routine Description:
4581  *
4582  *  Entry point for the reception and handling of 802.11 management
4583  *  frames. Makes a determination of the frame type and then calls
4584  *  the appropriate function.
4585  *
4586  *
4587  * Return Value:
4588  *    none.
4589  *
4590 -*/
4591
4592
4593 VOID
4594 vMgrRxManagePacket(
4595     IN  HANDLE hDeviceContext,
4596     IN PSMgmtObject pMgmt,
4597     IN PSRxMgmtPacket pRxPacket
4598      )
4599 {
4600     PSDevice    pDevice = (PSDevice)hDeviceContext;
4601     BOOL        bInScan = FALSE;
4602     UINT        uNodeIndex = 0;
4603     NODE_STATE  eNodeState = 0;
4604     CMD_STATUS  Status;
4605
4606
4607     if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) {
4608         if (BSSDBbIsSTAInNodeDB(pMgmt, pRxPacket->p80211Header->sA3.abyAddr2, &uNodeIndex))
4609             eNodeState = pMgmt->sNodeDBTable[uNodeIndex].eNodeState;
4610     }
4611
4612     switch( WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) ){
4613
4614         case WLAN_FSTYPE_ASSOCREQ:
4615             // Frame Clase = 2
4616             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx assocreq\n");
4617             if (eNodeState < NODE_AUTH) {
4618                 // send deauth notification
4619                 // reason = (6) class 2 received from nonauth sta
4620                 vMgrDeAuthenBeginSta(pDevice,
4621                                      pMgmt,
4622                                      pRxPacket->p80211Header->sA3.abyAddr2,
4623                                      (6),
4624                                      &Status
4625                                      );
4626                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wmgr: send vMgrDeAuthenBeginSta 1\n");
4627             }
4628             else {
4629                 s_vMgrRxAssocRequest(pDevice, pMgmt, pRxPacket, uNodeIndex);
4630             }
4631             break;
4632
4633         case WLAN_FSTYPE_ASSOCRESP:
4634             // Frame Clase = 2
4635             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx assocresp1\n");
4636             s_vMgrRxAssocResponse(pDevice, pMgmt, pRxPacket, FALSE);
4637             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx assocresp2\n");
4638             break;
4639
4640         case WLAN_FSTYPE_REASSOCREQ:
4641             // Frame Clase = 2
4642             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx reassocreq\n");
4643             // Todo: reassoc
4644             if (eNodeState < NODE_AUTH) {
4645                 // send deauth notification
4646                 // reason = (6) class 2 received from nonauth sta
4647                 vMgrDeAuthenBeginSta(pDevice,
4648                                      pMgmt,
4649                                      pRxPacket->p80211Header->sA3.abyAddr2,
4650                                      (6),
4651                                      &Status
4652                                      );
4653                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wmgr: send vMgrDeAuthenBeginSta 2\n");
4654
4655             }
4656             s_vMgrRxReAssocRequest(pDevice, pMgmt, pRxPacket, uNodeIndex);
4657             break;
4658
4659         case WLAN_FSTYPE_REASSOCRESP:
4660             // Frame Clase = 2
4661             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx reassocresp\n");
4662             s_vMgrRxAssocResponse(pDevice, pMgmt, pRxPacket, TRUE);
4663             break;
4664
4665         case WLAN_FSTYPE_PROBEREQ:
4666             // Frame Clase = 0
4667             //DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx probereq\n");
4668             s_vMgrRxProbeRequest(pDevice, pMgmt, pRxPacket);
4669             break;
4670
4671         case WLAN_FSTYPE_PROBERESP:
4672             // Frame Clase = 0
4673             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx proberesp\n");
4674
4675             s_vMgrRxProbeResponse(pDevice, pMgmt, pRxPacket);
4676             break;
4677
4678         case WLAN_FSTYPE_BEACON:
4679             // Frame Clase = 0
4680             // DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx beacon\n");
4681             if (pMgmt->eScanState != WMAC_NO_SCANNING) {
4682                 bInScan = TRUE;
4683             };
4684             s_vMgrRxBeacon(pDevice, pMgmt, pRxPacket, bInScan);
4685             break;
4686
4687         case WLAN_FSTYPE_ATIM:
4688             // Frame Clase = 1
4689             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx atim\n");
4690             break;
4691
4692         case WLAN_FSTYPE_DISASSOC:
4693             // Frame Clase = 2
4694             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx disassoc\n");
4695             if (eNodeState < NODE_AUTH) {
4696                 // send deauth notification
4697                 // reason = (6) class 2 received from nonauth sta
4698                 vMgrDeAuthenBeginSta(pDevice,
4699                                      pMgmt,
4700                                      pRxPacket->p80211Header->sA3.abyAddr2,
4701                                      (6),
4702                                      &Status
4703                                      );
4704                 DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wmgr: send vMgrDeAuthenBeginSta 3\n");
4705             }
4706             s_vMgrRxDisassociation(pDevice, pMgmt, pRxPacket);
4707             break;
4708
4709         case WLAN_FSTYPE_AUTHEN:
4710             // Frame Clase = 1
4711             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO  "rx authen\n");
4712             s_vMgrRxAuthentication(pDevice, pMgmt, pRxPacket);
4713             break;
4714
4715         case WLAN_FSTYPE_DEAUTHEN:
4716             // Frame Clase = 1
4717             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx deauthen\n");
4718             s_vMgrRxDeauthentication(pDevice, pMgmt, pRxPacket);
4719             break;
4720
4721         default:
4722             DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "rx unknown mgmt\n");
4723     }
4724
4725     return;
4726 }
4727
4728
4729
4730
4731 /*+
4732  *
4733  * Routine Description:
4734  *
4735  *
4736  *  Prepare beacon to send
4737  *
4738  * Return Value:
4739  *    TRUE if success; FALSE if failed.
4740  *
4741 -*/
4742 BOOL
4743 bMgrPrepareBeaconToSend(
4744     IN HANDLE hDeviceContext,
4745     IN PSMgmtObject pMgmt
4746     )
4747 {
4748     PSDevice            pDevice = (PSDevice)hDeviceContext;
4749     PSTxMgmtPacket      pTxPacket;
4750
4751 //    pDevice->bBeaconBufReady = FALSE;
4752     if (pDevice->bEncryptionEnable || pDevice->bEnable8021x){
4753         pMgmt->wCurrCapInfo |= WLAN_SET_CAP_INFO_PRIVACY(1);
4754     }
4755     else {
4756         pMgmt->wCurrCapInfo &= ~WLAN_SET_CAP_INFO_PRIVACY(1);
4757     }
4758     pTxPacket = s_MgrMakeBeacon
4759                 (
4760                   pDevice,
4761                   pMgmt,
4762                   pMgmt->wCurrCapInfo,
4763                   pMgmt->wCurrBeaconPeriod,
4764                   pMgmt->uCurrChannel,
4765                   pMgmt->wCurrATIMWindow, //0,
4766                   (PWLAN_IE_SSID)pMgmt->abyCurrSSID,
4767                   (PBYTE)pMgmt->abyCurrBSSID,
4768                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrSuppRates,
4769                   (PWLAN_IE_SUPP_RATES)pMgmt->abyCurrExtSuppRates
4770                 );
4771
4772     if ((pMgmt->eCurrMode == WMAC_MODE_IBSS_STA) &&
4773         (pMgmt->abyCurrBSSID[0] == 0))
4774         return FALSE;
4775
4776     csBeacon_xmit(pDevice, pTxPacket);
4777
4778     return TRUE;
4779 }
4780
4781
4782
4783
4784 /*+
4785  *
4786  * Routine Description:
4787  *
4788  *  Log a warning message based on the contents of the Status
4789  *  Code field of an 802.11 management frame.  Defines are
4790  *  derived from 802.11-1997 SPEC.
4791  *
4792  * Return Value:
4793  *    none.
4794  *
4795 -*/
4796 static
4797 VOID
4798 s_vMgrLogStatus(
4799     IN PSMgmtObject pMgmt,
4800     IN WORD  wStatus
4801     )
4802 {
4803     switch( wStatus ){
4804         case WLAN_MGMT_STATUS_UNSPEC_FAILURE:
4805             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Unspecified error.\n");
4806             break;
4807         case WLAN_MGMT_STATUS_CAPS_UNSUPPORTED:
4808             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Can't support all requested capabilities.\n");
4809             break;
4810         case WLAN_MGMT_STATUS_REASSOC_NO_ASSOC:
4811             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Reassoc denied, can't confirm original Association.\n");
4812             break;
4813         case WLAN_MGMT_STATUS_ASSOC_DENIED_UNSPEC:
4814             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, undefine in spec\n");
4815             break;
4816         case WLAN_MGMT_STATUS_UNSUPPORTED_AUTHALG:
4817             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Peer doesn't support authen algorithm.\n");
4818             break;
4819         case WLAN_MGMT_STATUS_RX_AUTH_NOSEQ:
4820             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Authen frame received out of sequence.\n");
4821             break;
4822         case WLAN_MGMT_STATUS_CHALLENGE_FAIL:
4823             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Authen rejected, challenge  failure.\n");
4824             break;
4825         case WLAN_MGMT_STATUS_AUTH_TIMEOUT:
4826             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Authen rejected, timeout waiting for next frame.\n");
4827             break;
4828         case WLAN_MGMT_STATUS_ASSOC_DENIED_BUSY:
4829             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, AP too busy.\n");
4830             break;
4831         case WLAN_MGMT_STATUS_ASSOC_DENIED_RATES:
4832             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we haven't enough basic rates.\n");
4833             break;
4834         case WLAN_MGMT_STATUS_ASSOC_DENIED_SHORTPREAMBLE:
4835             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we do not support short preamble.\n");
4836             break;
4837         case WLAN_MGMT_STATUS_ASSOC_DENIED_PBCC:
4838             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we do not support PBCC.\n");
4839             break;
4840         case WLAN_MGMT_STATUS_ASSOC_DENIED_AGILITY:
4841             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Status code == Assoc denied, we do not support channel agility.\n");
4842             break;
4843         default:
4844             DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "Unknown status code %d.\n", wStatus);
4845             break;
4846     }
4847 }
4848
4849
4850 /*
4851  *
4852  * Description:
4853  *    Add BSSID in PMKID Candidate list.
4854  *
4855  * Parameters:
4856  *  In:
4857  *      hDeviceContext - device structure point
4858  *      pbyBSSID - BSSID address for adding
4859  *      wRSNCap - BSS's RSN capability
4860  *  Out:
4861  *      none
4862  *
4863  * Return Value: none.
4864  *
4865 -*/
4866 BOOL
4867 bAdd_PMKID_Candidate (
4868     IN HANDLE    hDeviceContext,
4869     IN PBYTE          pbyBSSID,
4870     IN PSRSNCapObject psRSNCapObj
4871     )
4872 {
4873     PSDevice         pDevice = (PSDevice)hDeviceContext;
4874     PPMKID_CANDIDATE pCandidateList;
4875     UINT             ii = 0;
4876
4877     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"bAdd_PMKID_Candidate START: (%d)\n", (int)pDevice->gsPMKIDCandidate.NumCandidates);
4878
4879     if ((pDevice == NULL) || (pbyBSSID == NULL) || (psRSNCapObj == NULL))
4880         return FALSE;
4881
4882     if (pDevice->gsPMKIDCandidate.NumCandidates >= MAX_PMKIDLIST)
4883         return FALSE;
4884
4885
4886
4887     // Update Old Candidate
4888     for (ii = 0; ii < pDevice->gsPMKIDCandidate.NumCandidates; ii++) {
4889         pCandidateList = &pDevice->gsPMKIDCandidate.CandidateList[ii];
4890         if (MEMEqualMemory(pCandidateList->BSSID, pbyBSSID, U_ETHER_ADDR_LEN)) {
4891             if ((psRSNCapObj->bRSNCapExist == TRUE) && (psRSNCapObj->wRSNCap & BIT0)) {
4892                 pCandidateList->Flags |= NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED;
4893             } else {
4894                 pCandidateList->Flags &= ~(NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED);
4895             }
4896             return TRUE;
4897         }
4898     }
4899
4900     // New Candidate
4901     pCandidateList = &pDevice->gsPMKIDCandidate.CandidateList[pDevice->gsPMKIDCandidate.NumCandidates];
4902     if ((psRSNCapObj->bRSNCapExist == TRUE) && (psRSNCapObj->wRSNCap & BIT0)) {
4903         pCandidateList->Flags |= NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED;
4904     } else {
4905         pCandidateList->Flags &= ~(NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED);
4906     }
4907     MEMvCopy(pCandidateList->BSSID, pbyBSSID, U_ETHER_ADDR_LEN);
4908     pDevice->gsPMKIDCandidate.NumCandidates++;
4909     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"NumCandidates:%d\n", (int)pDevice->gsPMKIDCandidate.NumCandidates);
4910     return TRUE;
4911 }
4912
4913 /*
4914  *
4915  * Description:
4916  *    Flush PMKID Candidate list.
4917  *
4918  * Parameters:
4919  *  In:
4920  *      hDeviceContext - device structure point
4921  *  Out:
4922  *      none
4923  *
4924  * Return Value: none.
4925  *
4926 -*/
4927 VOID
4928 vFlush_PMKID_Candidate (
4929     IN HANDLE hDeviceContext
4930     )
4931 {
4932     PSDevice        pDevice = (PSDevice)hDeviceContext;
4933
4934     if (pDevice == NULL)
4935         return;
4936
4937     ZERO_MEMORY(&pDevice->gsPMKIDCandidate, sizeof(SPMKIDCandidateEvent));
4938 }
4939
4940 static BOOL
4941 s_bCipherMatch (
4942     IN PKnownBSS                        pBSSNode,
4943     IN NDIS_802_11_ENCRYPTION_STATUS    EncStatus,
4944     OUT PBYTE                           pbyCCSPK,
4945     OUT PBYTE                           pbyCCSGK
4946     )
4947 {
4948     BYTE byMulticastCipher = KEY_CTL_INVALID;
4949     BYTE byCipherMask = 0x00;
4950     int i;
4951
4952     if (pBSSNode == NULL)
4953         return FALSE;
4954
4955     // check cap. of BSS
4956
4957     if ((WLAN_GET_CAP_INFO_PRIVACY(pBSSNode->wCapInfo) != 0) &&
4958          (EncStatus == Ndis802_11Encryption1Enabled)) {
4959         // default is WEP only
4960         byMulticastCipher = KEY_CTL_WEP;
4961     }
4962
4963     if ((WLAN_GET_CAP_INFO_PRIVACY(pBSSNode->wCapInfo) != 0) &&
4964         (pBSSNode->bWPA2Valid == TRUE) &&
4965         ((EncStatus == Ndis802_11Encryption3Enabled)||(EncStatus == Ndis802_11Encryption2Enabled))) {
4966
4967         //WPA2
4968         // check Group Key Cipher
4969         if ((pBSSNode->byCSSGK == WLAN_11i_CSS_WEP40) ||
4970             (pBSSNode->byCSSGK == WLAN_11i_CSS_WEP104)) {
4971             byMulticastCipher = KEY_CTL_WEP;
4972         } else if (pBSSNode->byCSSGK == WLAN_11i_CSS_TKIP) {
4973             byMulticastCipher = KEY_CTL_TKIP;
4974         } else if (pBSSNode->byCSSGK == WLAN_11i_CSS_CCMP) {
4975             byMulticastCipher = KEY_CTL_CCMP;
4976         } else {
4977             byMulticastCipher = KEY_CTL_INVALID;
4978         }
4979
4980         // check Pairwise Key Cipher
4981         for(i=0;i<pBSSNode->wCSSPKCount;i++) {
4982             if ((pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_WEP40) ||
4983                 (pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_WEP104)) {
4984                 // this should not happen as defined 802.11i
4985                 byCipherMask |= 0x01;
4986             } else if (pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_TKIP) {
4987                 byCipherMask |= 0x02;
4988             } else if (pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_CCMP) {
4989                 byCipherMask |= 0x04;
4990             } else if (pBSSNode->abyCSSPK[i] == WLAN_11i_CSS_USE_GROUP) {
4991                 // use group key only ignore all others
4992                 byCipherMask = 0;
4993                 i = pBSSNode->wCSSPKCount;
4994             }
4995         }
4996     } else if ((WLAN_GET_CAP_INFO_PRIVACY(pBSSNode->wCapInfo) != 0) &&
4997                 (pBSSNode->bWPAValid == TRUE) &&
4998                 ((EncStatus == Ndis802_11Encryption3Enabled)||(EncStatus == Ndis802_11Encryption2Enabled))) {
4999
5000         //WPA
5001         // check Group Key Cipher
5002         if ((pBSSNode->byGKType == WPA_WEP40) ||
5003             (pBSSNode->byGKType == WPA_WEP104)) {
5004             byMulticastCipher = KEY_CTL_WEP;
5005         } else if (pBSSNode->byGKType == WPA_TKIP) {
5006             byMulticastCipher = KEY_CTL_TKIP;
5007         } else if (pBSSNode->byGKType == WPA_AESCCMP) {
5008             byMulticastCipher = KEY_CTL_CCMP;
5009         } else {
5010             byMulticastCipher = KEY_CTL_INVALID;
5011         }
5012
5013         // check Pairwise Key Cipher
5014         for(i=0;i<pBSSNode->wPKCount;i++) {
5015             if (pBSSNode->abyPKType[i] == WPA_TKIP) {
5016                 byCipherMask |= 0x02;
5017             } else if (pBSSNode->abyPKType[i] == WPA_AESCCMP) {
5018                 byCipherMask |= 0x04;
5019             } else if (pBSSNode->abyPKType[i] == WPA_NONE) {
5020                 // use group key only ignore all others
5021                 byCipherMask = 0;
5022                 i = pBSSNode->wPKCount;
5023             }
5024         }
5025     }
5026
5027     DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"%d, %d, %d, %d, EncStatus:%d\n",
5028         byMulticastCipher, byCipherMask, pBSSNode->bWPAValid, pBSSNode->bWPA2Valid, EncStatus);
5029
5030     // mask our cap. with BSS
5031     if (EncStatus == Ndis802_11Encryption1Enabled) {
5032         // For supporting Cisco migration mode, don't care pairwise key cipher
5033         if ((byMulticastCipher == KEY_CTL_WEP) &&
5034             (byCipherMask == 0)) {
5035             *pbyCCSGK = KEY_CTL_WEP;
5036             *pbyCCSPK = KEY_CTL_NONE;
5037             return TRUE;
5038         } else {
5039             return FALSE;
5040         }
5041
5042     } else if (EncStatus == Ndis802_11Encryption2Enabled) {
5043         if ((byMulticastCipher == KEY_CTL_TKIP) &&
5044             (byCipherMask == 0)) {
5045             *pbyCCSGK = KEY_CTL_TKIP;
5046             *pbyCCSPK = KEY_CTL_NONE;
5047             return TRUE;
5048         } else if ((byMulticastCipher == KEY_CTL_WEP) &&
5049                    ((byCipherMask & 0x02) != 0)) {
5050             *pbyCCSGK = KEY_CTL_WEP;
5051             *pbyCCSPK = KEY_CTL_TKIP;
5052             return TRUE;
5053         } else if ((byMulticastCipher == KEY_CTL_TKIP) &&
5054                    ((byCipherMask & 0x02) != 0)) {
5055             *pbyCCSGK = KEY_CTL_TKIP;
5056             *pbyCCSPK = KEY_CTL_TKIP;
5057             return TRUE;
5058         } else {
5059             return FALSE;
5060         }
5061     } else if (EncStatus == Ndis802_11Encryption3Enabled) {
5062         if ((byMulticastCipher == KEY_CTL_CCMP) &&
5063             (byCipherMask == 0)) {
5064             // When CCMP is enable, "Use group cipher suite" shall not be a valid option.
5065             return FALSE;
5066         } else if ((byMulticastCipher == KEY_CTL_WEP) &&
5067                    ((byCipherMask & 0x04) != 0)) {
5068             *pbyCCSGK = KEY_CTL_WEP;
5069             *pbyCCSPK = KEY_CTL_CCMP;
5070             return TRUE;
5071         } else if ((byMulticastCipher == KEY_CTL_TKIP) &&
5072                    ((byCipherMask & 0x04) != 0)) {
5073             *pbyCCSGK = KEY_CTL_TKIP;
5074             *pbyCCSPK = KEY_CTL_CCMP;
5075             return TRUE;
5076         } else if ((byMulticastCipher == KEY_CTL_CCMP) &&
5077                    ((byCipherMask & 0x04) != 0)) {
5078             *pbyCCSGK = KEY_CTL_CCMP;
5079             *pbyCCSPK = KEY_CTL_CCMP;
5080             return TRUE;
5081         } else {
5082             return FALSE;
5083         }
5084     }
5085     return TRUE;
5086 }
5087
5088