2 *************************************************************************
4 * 5F., No.36, Taiyuan St., Jhubei City,
8 * (c) Copyright 2002-2007, Ralink Technology, Inc.
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
15 * This program is distributed in the hope that it will be useful, *
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
18 * GNU General Public License for more details. *
20 * You should have received a copy of the GNU General Public License *
21 * along with this program; if not, write to the *
22 * Free Software Foundation, Inc., *
23 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 *************************************************************************
34 -------- ---------- ----------------------------------------------
35 John 2004-9-3 porting from RT2500
37 #include "../rt_config.h"
39 UCHAR CipherWpaTemplate[] = {
42 0x00, 0x50, 0xf2, 0x01, // oui
43 0x01, 0x00, // Version
44 0x00, 0x50, 0xf2, 0x02, // Multicast
45 0x01, 0x00, // Number of unicast
46 0x00, 0x50, 0xf2, 0x02, // unicast
47 0x01, 0x00, // number of authentication method
48 0x00, 0x50, 0xf2, 0x01 // authentication
51 UCHAR CipherWpa2Template[] = {
54 0x01, 0x00, // Version
55 0x00, 0x0f, 0xac, 0x02, // group cipher, TKIP
56 0x01, 0x00, // number of pairwise
57 0x00, 0x0f, 0xac, 0x02, // unicast
58 0x01, 0x00, // number of authentication method
59 0x00, 0x0f, 0xac, 0x02, // authentication
60 0x00, 0x00, // RSN capability
63 UCHAR Ccx2IeInfo[] = { 0x00, 0x40, 0x96, 0x03, 0x02};
66 ==========================================================================
68 association state machine init, including state transition and timer init
70 S - pointer to the association state machine
74 ==========================================================================
76 VOID AssocStateMachineInit(
79 OUT STATE_MACHINE_FUNC Trans[])
81 StateMachineInit(S, Trans, MAX_ASSOC_STATE, MAX_ASSOC_MSG, (STATE_MACHINE_FUNC)Drop, ASSOC_IDLE, ASSOC_MACHINE_BASE);
84 StateMachineSetAction(S, ASSOC_IDLE, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)MlmeAssocReqAction);
85 StateMachineSetAction(S, ASSOC_IDLE, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)MlmeReassocReqAction);
86 StateMachineSetAction(S, ASSOC_IDLE, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)MlmeDisassocReqAction);
87 StateMachineSetAction(S, ASSOC_IDLE, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
90 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAssoc);
91 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenReassoc);
92 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenDisassociate);
93 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
94 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_PEER_ASSOC_RSP, (STATE_MACHINE_FUNC)PeerAssocRspAction);
96 // Patch 3Com AP MOde:3CRWE454G72
97 // We send Assoc request frame to this AP, it always send Reassoc Rsp not Associate Rsp.
99 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_PEER_REASSOC_RSP, (STATE_MACHINE_FUNC)PeerAssocRspAction);
100 StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_ASSOC_TIMEOUT, (STATE_MACHINE_FUNC)AssocTimeoutAction);
103 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAssoc);
104 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenReassoc);
105 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenDisassociate);
106 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
107 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_PEER_REASSOC_RSP, (STATE_MACHINE_FUNC)PeerReassocRspAction);
109 // Patch, AP doesn't send Reassociate Rsp frame to Station.
111 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_PEER_ASSOC_RSP, (STATE_MACHINE_FUNC)PeerReassocRspAction);
112 StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_REASSOC_TIMEOUT, (STATE_MACHINE_FUNC)ReassocTimeoutAction);
115 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAssoc);
116 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenReassoc);
117 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenDisassociate);
118 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
119 StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_DISASSOC_TIMEOUT, (STATE_MACHINE_FUNC)DisassocTimeoutAction);
121 // initialize the timer
122 RTMPInitTimer(pAd, &pAd->MlmeAux.AssocTimer, GET_TIMER_FUNCTION(AssocTimeout), pAd, FALSE);
123 RTMPInitTimer(pAd, &pAd->MlmeAux.ReassocTimer, GET_TIMER_FUNCTION(ReassocTimeout), pAd, FALSE);
124 RTMPInitTimer(pAd, &pAd->MlmeAux.DisassocTimer, GET_TIMER_FUNCTION(DisassocTimeout), pAd, FALSE);
128 ==========================================================================
130 Association timeout procedure. After association timeout, this function
131 will be called and it will put a message into the MLME queue
133 Standard timer parameters
135 IRQL = DISPATCH_LEVEL
137 ==========================================================================
139 VOID AssocTimeout(IN PVOID SystemSpecific1,
140 IN PVOID FunctionContext,
141 IN PVOID SystemSpecific2,
142 IN PVOID SystemSpecific3)
144 RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
146 // Do nothing if the driver is starting halt state.
147 // This might happen when timer already been fired before cancel timer with mlmehalt
148 if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
151 MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_ASSOC_TIMEOUT, 0, NULL);
152 RT28XX_MLME_HANDLER(pAd);
156 ==========================================================================
158 Reassociation timeout procedure. After reassociation timeout, this
159 function will be called and put a message into the MLME queue
161 Standard timer parameters
163 IRQL = DISPATCH_LEVEL
165 ==========================================================================
167 VOID ReassocTimeout(IN PVOID SystemSpecific1,
168 IN PVOID FunctionContext,
169 IN PVOID SystemSpecific2,
170 IN PVOID SystemSpecific3)
172 RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
174 // Do nothing if the driver is starting halt state.
175 // This might happen when timer already been fired before cancel timer with mlmehalt
176 if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
179 MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_REASSOC_TIMEOUT, 0, NULL);
180 RT28XX_MLME_HANDLER(pAd);
184 ==========================================================================
186 Disassociation timeout procedure. After disassociation timeout, this
187 function will be called and put a message into the MLME queue
189 Standard timer parameters
191 IRQL = DISPATCH_LEVEL
193 ==========================================================================
195 VOID DisassocTimeout(IN PVOID SystemSpecific1,
196 IN PVOID FunctionContext,
197 IN PVOID SystemSpecific2,
198 IN PVOID SystemSpecific3)
200 RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
202 // Do nothing if the driver is starting halt state.
203 // This might happen when timer already been fired before cancel timer with mlmehalt
204 if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
207 MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_DISASSOC_TIMEOUT, 0, NULL);
208 RT28XX_MLME_HANDLER(pAd);
212 ==========================================================================
214 mlme assoc req handling procedure
216 Adapter - Adapter pointer
217 Elem - MLME Queue Element
219 the station has been authenticated and the following information is stored in the config
221 -# supported rates and their length
222 -# listen interval (Adapter->StaCfg.default_listen_count)
223 -# Transmit power (Adapter->StaCfg.tx_power)
225 -# An association request frame is generated and sent to the air
226 -# Association timer starts
227 -# Association state -> ASSOC_WAIT_RSP
229 IRQL = DISPATCH_LEVEL
231 ==========================================================================
233 VOID MlmeAssocReqAction(
234 IN PRTMP_ADAPTER pAd,
235 IN MLME_QUEUE_ELEM *Elem)
238 HEADER_802_11 AssocHdr;
240 UCHAR WmeIe[9] = {IE_VENDOR_SPECIFIC, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00};
243 USHORT CapabilityInfo;
244 BOOLEAN TimerCancelled;
245 PUCHAR pOutBuffer = NULL;
251 UCHAR CkipNegotiationBuffer[CKIP_NEGOTIATION_LENGTH];
252 UCHAR AironetCkipIe = IE_AIRONET_CKIP;
253 UCHAR AironetCkipLen = CKIP_NEGOTIATION_LENGTH;
254 UCHAR AironetIPAddressIE = IE_AIRONET_IPADDRESS;
255 UCHAR AironetIPAddressLen = AIRONET_IPADDRESS_LENGTH;
256 UCHAR AironetIPAddressBuffer[AIRONET_IPADDRESS_LENGTH] = {0x00, 0x40, 0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00};
259 // Block all authentication request durning WPA block period
260 if (pAd->StaCfg.bBlockAssoc == TRUE)
262 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Block Assoc request durning WPA block period!\n"));
263 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
264 Status = MLME_STATE_MACHINE_REJECT;
265 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
267 // check sanity first
268 else if (MlmeAssocReqSanity(pAd, Elem->Msg, Elem->MsgLen, ApAddr, &CapabilityInfo, &Timeout, &ListenIntv))
270 RTMPCancelTimer(&pAd->MlmeAux.AssocTimer, &TimerCancelled);
271 COPY_MAC_ADDR(pAd->MlmeAux.Bssid, ApAddr);
273 // Get an unused nonpaged memory
274 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);
275 if (NStatus != NDIS_STATUS_SUCCESS)
277 DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeAssocReqAction() allocate memory failed \n"));
278 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
279 Status = MLME_FAIL_NO_RESOURCE;
280 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
284 // Add by James 03/06/27
285 pAd->StaCfg.AssocInfo.Length = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
286 // Association don't need to report MAC address
287 pAd->StaCfg.AssocInfo.AvailableRequestFixedIEs =
288 NDIS_802_11_AI_REQFI_CAPABILITIES | NDIS_802_11_AI_REQFI_LISTENINTERVAL;
289 pAd->StaCfg.AssocInfo.RequestFixedIEs.Capabilities = CapabilityInfo;
290 pAd->StaCfg.AssocInfo.RequestFixedIEs.ListenInterval = ListenIntv;
291 // Only reassociate need this
292 //COPY_MAC_ADDR(pAd->StaCfg.AssocInfo.RequestFixedIEs.CurrentAPAddress, ApAddr);
293 pAd->StaCfg.AssocInfo.OffsetRequestIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
295 NdisZeroMemory(pAd->StaCfg.ReqVarIEs, MAX_VIE_LEN);
298 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &SsidIe, 1);
300 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &pAd->MlmeAux.SsidLen, 1);
302 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen);
303 VarIesOffset += pAd->MlmeAux.SsidLen;
305 // Second add Supported rates
306 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &SupRateIe, 1);
308 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &pAd->MlmeAux.SupRateLen, 1);
310 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, pAd->MlmeAux.SupRate, pAd->MlmeAux.SupRateLen);
311 VarIesOffset += pAd->MlmeAux.SupRateLen;
314 if ((pAd->CommonCfg.Channel > 14) &&
315 (pAd->CommonCfg.bIEEE80211H == TRUE))
316 CapabilityInfo |= 0x0100;
318 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Send ASSOC request...\n"));
319 MgtMacHeaderInit(pAd, &AssocHdr, SUBTYPE_ASSOC_REQ, 0, ApAddr, ApAddr);
321 // Build basic frame first
322 MakeOutgoingFrame(pOutBuffer, &FrameLen,
323 sizeof(HEADER_802_11), &AssocHdr,
327 1, &pAd->MlmeAux.SsidLen,
328 pAd->MlmeAux.SsidLen, pAd->MlmeAux.Ssid,
330 1, &pAd->MlmeAux.SupRateLen,
331 pAd->MlmeAux.SupRateLen, pAd->MlmeAux.SupRate,
334 if (pAd->MlmeAux.ExtRateLen != 0)
336 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
338 1, &pAd->MlmeAux.ExtRateLen,
339 pAd->MlmeAux.ExtRateLen, pAd->MlmeAux.ExtRate,
344 #ifdef DOT11_N_SUPPORT
346 if ((pAd->MlmeAux.HtCapabilityLen > 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
350 UCHAR BROADCOM[4] = {0x0, 0x90, 0x4c, 0x33};
351 if (pAd->StaActive.SupportedPhyInfo.bPreNHt == TRUE)
353 HtLen = SIZE_HT_CAP_IE + 4;
354 MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
358 pAd->MlmeAux.HtCapabilityLen, &pAd->MlmeAux.HtCapability,
364 HT_CAPABILITY_IE HtCapabilityTmp;
367 #ifndef RT_BIG_ENDIAN
368 MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
370 1, &pAd->MlmeAux.HtCapabilityLen,
371 pAd->MlmeAux.HtCapabilityLen, &pAd->MlmeAux.HtCapability,
374 NdisZeroMemory(&HtCapabilityTmp, sizeof(HT_CAPABILITY_IE));
375 NdisMoveMemory(&HtCapabilityTmp, &pAd->MlmeAux.HtCapability, pAd->MlmeAux.HtCapabilityLen);
376 *(USHORT *)(&HtCapabilityTmp.HtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.HtCapInfo));
377 *(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo));
379 MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
381 1, &pAd->MlmeAux.HtCapabilityLen,
382 pAd->MlmeAux.HtCapabilityLen,&HtCapabilityTmp,
388 #endif // DOT11_N_SUPPORT //
390 // add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION
391 // Case I: (Aggregation + Piggy-Back)
392 // 1. user enable aggregation, AND
393 // 2. Mac support piggy-back
394 // 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON
395 // Case II: (Aggregation)
396 // 1. user enable aggregation, AND
397 // 2. AP annouces it's AGGREGATION-capable in BEACON
398 if (pAd->CommonCfg.bAggregationCapable)
400 if ((pAd->CommonCfg.bPiggyBackCapable) && ((pAd->MlmeAux.APRalinkIe & 0x00000003) == 3))
403 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00};
404 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
409 else if (pAd->MlmeAux.APRalinkIe & 0x00000001)
412 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00};
413 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
422 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x06, 0x00, 0x00, 0x00};
423 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
429 if (pAd->MlmeAux.APEdcaParm.bValid)
431 if (pAd->CommonCfg.bAPSDCapable && pAd->MlmeAux.APEdcaParm.bAPSDCapable)
433 QBSS_STA_INFO_PARM QosInfo;
435 NdisZeroMemory(&QosInfo, sizeof(QBSS_STA_INFO_PARM));
436 QosInfo.UAPSD_AC_BE = pAd->CommonCfg.bAPSDAC_BE;
437 QosInfo.UAPSD_AC_BK = pAd->CommonCfg.bAPSDAC_BK;
438 QosInfo.UAPSD_AC_VI = pAd->CommonCfg.bAPSDAC_VI;
439 QosInfo.UAPSD_AC_VO = pAd->CommonCfg.bAPSDAC_VO;
440 QosInfo.MaxSPLength = pAd->CommonCfg.MaxSPLength;
441 WmeIe[8] |= *(PUCHAR)&QosInfo;
445 // The Parameter Set Count is set to ¡§0¡¨ in the association request frames
446 // WmeIe[8] |= (pAd->MlmeAux.APEdcaParm.EdcaUpdateCount & 0x0f);
449 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
456 // Let WPA(#221) Element ID on the end of this association frame.
457 // Otherwise some AP will fail on parsing Element ID and set status fail on Assoc Rsp.
458 // For example: Put Vendor Specific IE on the front of WPA IE.
459 // This happens on AP (Model No:Linksys WRK54G)
461 if (((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK) ||
462 (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK) ||
463 (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA) ||
464 (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2)
468 UCHAR RSNIe = IE_WPA;
470 if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK) ||
471 (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2))
476 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
478 if (pAd->StaCfg.WpaSupplicantUP != 1)
479 #endif // SIOCSIWGENIE //
480 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
481 RTMPMakeRSNIE(pAd, pAd->StaCfg.AuthMode, pAd->StaCfg.WepStatus, BSS0);
483 // Check for WPA PMK cache list
484 if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2)
487 BOOLEAN FoundPMK = FALSE;
488 // Search chched PMKID, append it if existed
489 for (idx = 0; idx < PMKID_NO; idx++)
491 if (NdisEqualMemory(ApAddr, &pAd->StaCfg.SavedPMK[idx].BSSID, 6))
501 *(PUSHORT) &pAd->StaCfg.RSN_IE[pAd->StaCfg.RSNIE_Len] = 1;
502 NdisMoveMemory(&pAd->StaCfg.RSN_IE[pAd->StaCfg.RSNIE_Len + 2], &pAd->StaCfg.SavedPMK[idx].PMKID, 16);
503 pAd->StaCfg.RSNIE_Len += 18;
507 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
509 if (pAd->StaCfg.WpaSupplicantUP == 1)
511 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
512 pAd->StaCfg.RSNIE_Len, pAd->StaCfg.RSN_IE,
517 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
519 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
521 1, &pAd->StaCfg.RSNIE_Len,
522 pAd->StaCfg.RSNIE_Len, pAd->StaCfg.RSN_IE,
528 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
530 if (pAd->StaCfg.WpaSupplicantUP != 1)
532 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
534 // Append Variable IE
535 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &RSNIe, 1);
537 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &pAd->StaCfg.RSNIE_Len, 1);
540 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, pAd->StaCfg.RSN_IE, pAd->StaCfg.RSNIE_Len);
541 VarIesOffset += pAd->StaCfg.RSNIE_Len;
543 // Set Variable IEs Length
544 pAd->StaCfg.ReqVarIELen = VarIesOffset;
547 // We have update that at PeerBeaconAtJoinRequest()
548 CkipFlag = pAd->StaCfg.CkipFlag;
551 NdisZeroMemory(CkipNegotiationBuffer, CKIP_NEGOTIATION_LENGTH);
552 CkipNegotiationBuffer[2] = 0x66;
553 // Make it try KP & MIC, since we have to follow the result from AssocRsp
554 CkipNegotiationBuffer[8] = 0x18;
555 CkipNegotiationBuffer[CKIP_NEGOTIATION_LENGTH - 1] = 0x22;
558 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
561 AironetCkipLen, CkipNegotiationBuffer,
566 // Add CCX v2 request if CCX2 admin state is on
567 if (pAd->StaCfg.CCXControl.field.Enable == 1)
571 // Add AironetIPAddressIE for Cisco CCX 2.X
574 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
575 1, &AironetIPAddressIE,
576 1, &AironetIPAddressLen,
577 AironetIPAddressLen, AironetIPAddressBuffer,
585 // Add CipherSuite CCKM or LeapTkip if setting.
588 if (LEAP_CCKM_ON(pAd))
590 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
591 CipherSuiteCiscoCCKMLen, CipherSuiteCiscoCCKM,
596 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, CipherSuiteCiscoCCKM, CipherSuiteCiscoCCKMLen); //Save CipherSuite
597 VarIesOffset += CipherSuiteCiscoCCKMLen;
599 else if ((pAd->StaCfg.LeapAuthMode == CISCO_AuthModeLEAP) && (pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled))
601 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
602 CipherSuiteCCXTkipLen, CipherSuiteCCXTkip,
607 NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, CipherSuiteCCXTkip, CipherSuiteCCXTkipLen);
608 VarIesOffset += CipherSuiteCCXTkipLen;
610 #endif // LEAP_SUPPORT //
612 // Add by James 03/06/27
613 // Set Variable IEs Length
614 pAd->StaCfg.ReqVarIELen = VarIesOffset;
615 pAd->StaCfg.AssocInfo.RequestIELength = VarIesOffset;
617 // OffsetResponseIEs follow ReqVarIE
618 pAd->StaCfg.AssocInfo.OffsetResponseIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION) + pAd->StaCfg.ReqVarIELen;
623 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
624 MlmeFreeMemory(pAd, pOutBuffer);
626 RTMPSetTimer(&pAd->MlmeAux.AssocTimer, Timeout);
627 pAd->Mlme.AssocMachine.CurrState = ASSOC_WAIT_RSP;
631 DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeAssocReqAction() sanity check failed. BUG!!!!!! \n"));
632 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
633 Status = MLME_INVALID_FORMAT;
634 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
640 ==========================================================================
642 mlme reassoc req handling procedure
646 -# SSID (Adapter->StaCfg.ssid[])
647 -# BSSID (AP address, Adapter->StaCfg.bssid)
648 -# Supported rates (Adapter->StaCfg.supported_rates[])
649 -# Supported rates length (Adapter->StaCfg.supported_rates_len)
650 -# Tx power (Adapter->StaCfg.tx_power)
652 IRQL = DISPATCH_LEVEL
654 ==========================================================================
656 VOID MlmeReassocReqAction(
657 IN PRTMP_ADAPTER pAd,
658 IN MLME_QUEUE_ELEM *Elem)
661 HEADER_802_11 ReassocHdr;
663 UCHAR WmeIe[9] = {IE_VENDOR_SPECIFIC, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00};
664 USHORT CapabilityInfo, ListenIntv;
667 BOOLEAN TimerCancelled;
670 PUCHAR pOutBuffer = NULL;
674 UCHAR CkipNegotiationBuffer[CKIP_NEGOTIATION_LENGTH];
675 UCHAR AironetCkipIe = IE_AIRONET_CKIP;
676 UCHAR AironetCkipLen = CKIP_NEGOTIATION_LENGTH;
677 UCHAR AironetIPAddressIE = IE_AIRONET_IPADDRESS;
678 UCHAR AironetIPAddressLen = AIRONET_IPADDRESS_LENGTH;
679 UCHAR AironetIPAddressBuffer[AIRONET_IPADDRESS_LENGTH] = {0x00, 0x40, 0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00};
680 UCHAR AironetCCKMReassocIE = IE_AIRONET_CCKMREASSOC;
681 UCHAR AironetCCKMReassocLen = AIRONET_CCKMREASSOC_LENGTH;
682 UCHAR AironetCCKMReassocBuffer[AIRONET_CCKMREASSOC_LENGTH];
683 UCHAR AironetOUI[] = {0x00, 0x40, 0x96, 0x00};
685 UCHAR CalcMicBuffer[80];
686 ULONG CalcMicBufferLen = 0;
687 #endif // LEAP_SUPPORT //
690 // Block all authentication request durning WPA block period
691 if (pAd->StaCfg.bBlockAssoc == TRUE)
693 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Block ReAssoc request durning WPA block period!\n"));
694 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
695 Status = MLME_STATE_MACHINE_REJECT;
696 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
698 // the parameters are the same as the association
699 else if(MlmeAssocReqSanity(pAd, Elem->Msg, Elem->MsgLen, ApAddr, &CapabilityInfo, &Timeout, &ListenIntv))
701 RTMPCancelTimer(&pAd->MlmeAux.ReassocTimer, &TimerCancelled);
703 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); //Get an unused nonpaged memory
704 if(NStatus != NDIS_STATUS_SUCCESS)
706 DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeReassocReqAction() allocate memory failed \n"));
707 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
708 Status = MLME_FAIL_NO_RESOURCE;
709 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
713 COPY_MAC_ADDR(pAd->MlmeAux.Bssid, ApAddr);
715 // make frame, use bssid as the AP address??
716 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Send RE-ASSOC request...\n"));
717 MgtMacHeaderInit(pAd, &ReassocHdr, SUBTYPE_REASSOC_REQ, 0, ApAddr, ApAddr);
718 MakeOutgoingFrame(pOutBuffer, &FrameLen,
719 sizeof(HEADER_802_11), &ReassocHdr,
722 MAC_ADDR_LEN, ApAddr,
724 1, &pAd->MlmeAux.SsidLen,
725 pAd->MlmeAux.SsidLen, pAd->MlmeAux.Ssid,
727 1, &pAd->MlmeAux.SupRateLen,
728 pAd->MlmeAux.SupRateLen, pAd->MlmeAux.SupRate,
731 if (pAd->MlmeAux.ExtRateLen != 0)
733 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
735 1, &pAd->MlmeAux.ExtRateLen,
736 pAd->MlmeAux.ExtRateLen, pAd->MlmeAux.ExtRate,
741 if (pAd->MlmeAux.APEdcaParm.bValid)
743 if (pAd->CommonCfg.bAPSDCapable && pAd->MlmeAux.APEdcaParm.bAPSDCapable)
745 QBSS_STA_INFO_PARM QosInfo;
747 NdisZeroMemory(&QosInfo, sizeof(QBSS_STA_INFO_PARM));
748 QosInfo.UAPSD_AC_BE = pAd->CommonCfg.bAPSDAC_BE;
749 QosInfo.UAPSD_AC_BK = pAd->CommonCfg.bAPSDAC_BK;
750 QosInfo.UAPSD_AC_VI = pAd->CommonCfg.bAPSDAC_VI;
751 QosInfo.UAPSD_AC_VO = pAd->CommonCfg.bAPSDAC_VO;
752 QosInfo.MaxSPLength = pAd->CommonCfg.MaxSPLength;
753 WmeIe[8] |= *(PUCHAR)&QosInfo;
756 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
762 #ifdef DOT11_N_SUPPORT
764 if ((pAd->MlmeAux.HtCapabilityLen > 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
768 UCHAR BROADCOM[4] = {0x0, 0x90, 0x4c, 0x33};
769 if (pAd->StaActive.SupportedPhyInfo.bPreNHt == TRUE)
771 HtLen = SIZE_HT_CAP_IE + 4;
772 MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
776 pAd->MlmeAux.HtCapabilityLen, &pAd->MlmeAux.HtCapability,
781 MakeOutgoingFrame(pOutBuffer + FrameLen, &TmpLen,
783 1, &pAd->MlmeAux.HtCapabilityLen,
784 pAd->MlmeAux.HtCapabilityLen, &pAd->MlmeAux.HtCapability,
789 #endif // DOT11_N_SUPPORT //
791 // add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION
792 // Case I: (Aggregation + Piggy-Back)
793 // 1. user enable aggregation, AND
794 // 2. Mac support piggy-back
795 // 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON
796 // Case II: (Aggregation)
797 // 1. user enable aggregation, AND
798 // 2. AP annouces it's AGGREGATION-capable in BEACON
799 if (pAd->CommonCfg.bAggregationCapable)
801 if ((pAd->CommonCfg.bPiggyBackCapable) && ((pAd->MlmeAux.APRalinkIe & 0x00000003) == 3))
804 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00};
805 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
810 else if (pAd->MlmeAux.APRalinkIe & 0x00000001)
813 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00};
814 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
823 UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x04, 0x00, 0x00, 0x00};
824 MakeOutgoingFrame(pOutBuffer+FrameLen, &TmpLen,
830 if (LEAP_CCKM_ON(pAd) && (pAd->StaCfg.CCKMLinkUpFlag == TRUE))
832 CkipFlag = pAd->StaCfg.CkipFlag; // We have update that at PeerBeaconAtJoinRequest()
835 NdisZeroMemory(CkipNegotiationBuffer, CKIP_NEGOTIATION_LENGTH);
836 CkipNegotiationBuffer[2] = 0x66;
837 // Make it try KP & MIC, since we have to follow the result from AssocRsp
838 CkipNegotiationBuffer[8] = 0x18;
839 CkipNegotiationBuffer[CKIP_NEGOTIATION_LENGTH - 1] = 0x22;
841 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
844 AironetCkipLen, CkipNegotiationBuffer,
849 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
850 1, &AironetIPAddressIE,
851 1, &AironetIPAddressLen,
852 AironetIPAddressLen, AironetIPAddressBuffer,
857 // The RN is incremented before each reassociation request.
859 pAd->StaCfg.CCKMRN++;
861 // Calculate MIC = hmac-md5(krk, STA-ID|BSSID|RSNIE|TSF|RN);
863 COPY_MAC_ADDR(CalcMicBuffer, pAd->CurrentAddress);
864 CalcMicBufferLen = MAC_ADDR_LEN;
865 COPY_MAC_ADDR(CalcMicBuffer + CalcMicBufferLen, pAd->MlmeAux.Bssid);
866 CalcMicBufferLen += MAC_ADDR_LEN;
867 NdisMoveMemory(CalcMicBuffer + CalcMicBufferLen, CipherSuiteCiscoCCKM, CipherSuiteCiscoCCKMLen);
868 CalcMicBufferLen += CipherSuiteCiscoCCKMLen;
869 NdisMoveMemory(CalcMicBuffer + CalcMicBufferLen, (PUCHAR) &pAd->StaCfg.CCKMBeaconAtJoinTimeStamp, sizeof(pAd->StaCfg.CCKMBeaconAtJoinTimeStamp));
870 CalcMicBufferLen += sizeof(pAd->StaCfg.CCKMBeaconAtJoinTimeStamp);
871 NdisMoveMemory(CalcMicBuffer + CalcMicBufferLen, (PUCHAR)&pAd->StaCfg.CCKMRN, sizeof(pAd->StaCfg.CCKMRN));
872 CalcMicBufferLen += sizeof(pAd->StaCfg.CCKMRN);
873 hmac_md5(pAd->StaCfg.KRK, LEN_EAP_MICK, CalcMicBuffer, CalcMicBufferLen, MICMN);
876 // fill up CCKM reassociation request element
878 NdisMoveMemory(AironetCCKMReassocBuffer, AironetOUI, 4);
879 NdisMoveMemory(AironetCCKMReassocBuffer + 4, (PUCHAR)&pAd->StaCfg.CCKMBeaconAtJoinTimeStamp, 8);
880 NdisMoveMemory(AironetCCKMReassocBuffer + 12, (PUCHAR) &pAd->StaCfg.CCKMRN, 4);
881 NdisMoveMemory(AironetCCKMReassocBuffer +16, MICMN, 8);
883 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
884 1, &AironetCCKMReassocIE,
885 1, &AironetCCKMReassocLen,
886 AironetCCKMReassocLen, AironetCCKMReassocBuffer,
890 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
891 CipherSuiteCiscoCCKMLen,CipherSuiteCiscoCCKM,
895 #endif // LEAP_SUPPORT //
897 // Add CCX v2 request if CCX2 admin state is on
898 if (pAd->StaCfg.CCXControl.field.Enable == 1)
903 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
911 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
912 MlmeFreeMemory(pAd, pOutBuffer);
914 RTMPSetTimer(&pAd->MlmeAux.ReassocTimer, Timeout); /* in mSec */
915 pAd->Mlme.AssocMachine.CurrState = REASSOC_WAIT_RSP;
919 DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeReassocReqAction() sanity check failed. BUG!!!! \n"));
920 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
921 Status = MLME_INVALID_FORMAT;
922 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
927 ==========================================================================
929 Upper layer issues disassoc request
935 ==========================================================================
937 VOID MlmeDisassocReqAction(
938 IN PRTMP_ADAPTER pAd,
939 IN MLME_QUEUE_ELEM *Elem)
941 PMLME_DISASSOC_REQ_STRUCT pDisassocReq;
942 HEADER_802_11 DisassocHdr;
943 PHEADER_802_11 pDisassocHdr;
944 PUCHAR pOutBuffer = NULL;
947 BOOLEAN TimerCancelled;
951 #ifdef QOS_DLS_SUPPORT
952 // send DLS-TEAR_DOWN message,
953 if (pAd->CommonCfg.bDLSCapable)
957 // tear down local dls table entry
958 for (i=0; i<MAX_NUM_OF_INIT_DLS_ENTRY; i++)
960 if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH))
962 RTMPSendDLSTearDownFrame(pAd, pAd->StaCfg.DLSEntry[i].MacAddr);
963 pAd->StaCfg.DLSEntry[i].Status = DLS_NONE;
964 pAd->StaCfg.DLSEntry[i].Valid = FALSE;
968 // tear down peer dls table entry
969 for (i=MAX_NUM_OF_INIT_DLS_ENTRY; i<MAX_NUM_OF_DLS_ENTRY; i++)
971 if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH))
973 RTMPSendDLSTearDownFrame(pAd, pAd->StaCfg.DLSEntry[i].MacAddr);
974 pAd->StaCfg.DLSEntry[i].Status = DLS_NONE;
975 pAd->StaCfg.DLSEntry[i].Valid = FALSE;
979 #endif // QOS_DLS_SUPPORT //
982 pDisassocReq = (PMLME_DISASSOC_REQ_STRUCT)(Elem->Msg);
984 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); //Get an unused nonpaged memory
985 if (NStatus != NDIS_STATUS_SUCCESS)
987 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - MlmeDisassocReqAction() allocate memory failed\n"));
988 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
989 Status = MLME_FAIL_NO_RESOURCE;
990 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DISASSOC_CONF, 2, &Status);
996 RTMPCancelTimer(&pAd->MlmeAux.DisassocTimer, &TimerCancelled);
998 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Send DISASSOC request[BSSID::%02x:%02x:%02x:%02x:%02x:%02x (Reason=%d)\n",
999 pDisassocReq->Addr[0], pDisassocReq->Addr[1], pDisassocReq->Addr[2],
1000 pDisassocReq->Addr[3], pDisassocReq->Addr[4], pDisassocReq->Addr[5], pDisassocReq->Reason));
1001 MgtMacHeaderInit(pAd, &DisassocHdr, SUBTYPE_DISASSOC, 0, pDisassocReq->Addr, pDisassocReq->Addr); // patch peap ttls switching issue
1002 MakeOutgoingFrame(pOutBuffer, &FrameLen,
1003 sizeof(HEADER_802_11),&DisassocHdr,
1004 2, &pDisassocReq->Reason,
1006 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
1008 // To patch Instance and Buffalo(N) AP
1009 // Driver has to send deauth to Instance AP, but Buffalo(N) needs to send disassoc to reset Authenticator's state machine
1010 // Therefore, we send both of them.
1011 pDisassocHdr = (PHEADER_802_11)pOutBuffer;
1012 pDisassocHdr->FC.SubType = SUBTYPE_DEAUTH;
1013 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
1015 MlmeFreeMemory(pAd, pOutBuffer);
1017 pAd->StaCfg.DisassocReason = REASON_DISASSOC_STA_LEAVING;
1018 COPY_MAC_ADDR(pAd->StaCfg.DisassocSta, pDisassocReq->Addr);
1020 RTMPSetTimer(&pAd->MlmeAux.DisassocTimer, Timeout); /* in mSec */
1021 pAd->Mlme.AssocMachine.CurrState = DISASSOC_WAIT_RSP;
1023 #ifdef WPA_SUPPLICANT_SUPPORT
1024 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
1025 if (pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE)
1027 union iwreq_data wrqu;
1028 //send disassociate event to wpa_supplicant
1029 memset(&wrqu, 0, sizeof(wrqu));
1030 wrqu.data.flags = RT_DISASSOC_EVENT_FLAG;
1031 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, NULL);
1033 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1034 #endif // WPA_SUPPLICANT_SUPPORT //
1036 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
1038 union iwreq_data wrqu;
1039 memset(wrqu.ap_addr.sa_data, 0, MAC_ADDR_LEN);
1040 wireless_send_event(pAd->net_dev, SIOCGIWAP, &wrqu, NULL);
1042 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1047 ==========================================================================
1049 peer sends assoc rsp back
1051 Elme - MLME message containing the received frame
1053 IRQL = DISPATCH_LEVEL
1055 ==========================================================================
1057 VOID PeerAssocRspAction(
1058 IN PRTMP_ADAPTER pAd,
1059 IN MLME_QUEUE_ELEM *Elem)
1061 USHORT CapabilityInfo, Status, Aid;
1062 UCHAR SupRate[MAX_LEN_OF_SUPPORTED_RATES], SupRateLen;
1063 UCHAR ExtRate[MAX_LEN_OF_SUPPORTED_RATES], ExtRateLen;
1064 UCHAR Addr2[MAC_ADDR_LEN];
1065 BOOLEAN TimerCancelled;
1068 HT_CAPABILITY_IE HtCapability;
1069 ADD_HT_INFO_IE AddHtInfo; // AP might use this additional ht info IE
1070 UCHAR HtCapabilityLen;
1072 UCHAR NewExtChannelOffset = 0xff;
1074 if (PeerAssocRspSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &CapabilityInfo, &Status, &Aid, SupRate, &SupRateLen, ExtRate, &ExtRateLen,
1075 &HtCapability,&AddHtInfo, &HtCapabilityLen,&AddHtInfoLen,&NewExtChannelOffset, &EdcaParm, &CkipFlag))
1077 // The frame is for me ?
1078 if(MAC_ADDR_EQUAL(Addr2, pAd->MlmeAux.Bssid))
1080 DBGPRINT(RT_DEBUG_TRACE, ("PeerAssocRspAction():ASSOC - receive ASSOC_RSP to me (status=%d)\n", Status));
1081 #ifdef DOT11_N_SUPPORT
1082 DBGPRINT(RT_DEBUG_TRACE, ("PeerAssocRspAction():MacTable [%d].AMsduSize = %d. ClientStatusFlags = 0x%lx \n",Elem->Wcid, pAd->MacTab.Content[BSSID_WCID].AMsduSize, pAd->MacTab.Content[BSSID_WCID].ClientStatusFlags));
1083 #endif // DOT11_N_SUPPORT //
1084 RTMPCancelTimer(&pAd->MlmeAux.AssocTimer, &TimerCancelled);
1085 if(Status == MLME_SUCCESS)
1087 UCHAR MaxSupportedRateIn500Kbps = 0;
1090 // supported rates array may not be sorted. sort it and find the maximum rate
1091 for (idx=0; idx<SupRateLen; idx++)
1093 if (MaxSupportedRateIn500Kbps < (SupRate[idx] & 0x7f))
1094 MaxSupportedRateIn500Kbps = SupRate[idx] & 0x7f;
1097 for (idx=0; idx<ExtRateLen; idx++)
1099 if (MaxSupportedRateIn500Kbps < (ExtRate[idx] & 0x7f))
1100 MaxSupportedRateIn500Kbps = ExtRate[idx] & 0x7f;
1102 // go to procedure listed on page 376
1103 AssocPostProc(pAd, Addr2, CapabilityInfo, Aid, SupRate, SupRateLen, ExtRate, ExtRateLen,
1104 &EdcaParm, &HtCapability, HtCapabilityLen, &AddHtInfo);
1106 StaAddMacTableEntry(pAd, &pAd->MacTab.Content[BSSID_WCID], MaxSupportedRateIn500Kbps, &HtCapability, HtCapabilityLen, CapabilityInfo);
1108 pAd->StaCfg.CkipFlag = CkipFlag;
1109 if (CkipFlag & 0x18)
1111 NdisZeroMemory(pAd->StaCfg.TxSEQ, 4);
1112 NdisZeroMemory(pAd->StaCfg.RxSEQ, 4);
1113 NdisZeroMemory(pAd->StaCfg.CKIPMIC, 4);
1114 pAd->StaCfg.GIV[0] = RandomByte(pAd);
1115 pAd->StaCfg.GIV[1] = RandomByte(pAd);
1116 pAd->StaCfg.GIV[2] = RandomByte(pAd);
1117 pAd->StaCfg.bCkipOn = TRUE;
1118 DBGPRINT(RT_DEBUG_TRACE, ("<CCX> pAd->StaCfg.CkipFlag = 0x%02x\n", pAd->StaCfg.CkipFlag));
1123 // Faile on Association, we need to check the status code
1124 // Is that a Rogue AP?
1126 if ((pAd->StaCfg.LeapAuthMode == CISCO_AuthModeLEAP) && (Status == MLME_ALG_NOT_SUPPORT))
1127 { //Possibly Rogue AP
1128 RogueApTableSetEntry(pAd, &pAd->StaCfg.RogueApTab, pAd->MlmeAux.Bssid, LEAP_REASON_INVALID_AUTH);
1130 #endif // LEAP_SUPPORT //
1132 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1133 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
1138 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerAssocRspAction() sanity check fail\n"));
1143 ==========================================================================
1145 peer sends reassoc rsp
1147 Elem - MLME message cntaining the received frame
1149 IRQL = DISPATCH_LEVEL
1151 ==========================================================================
1153 VOID PeerReassocRspAction(
1154 IN PRTMP_ADAPTER pAd,
1155 IN MLME_QUEUE_ELEM *Elem)
1157 USHORT CapabilityInfo;
1160 UCHAR SupRate[MAX_LEN_OF_SUPPORTED_RATES], SupRateLen;
1161 UCHAR ExtRate[MAX_LEN_OF_SUPPORTED_RATES], ExtRateLen;
1162 UCHAR Addr2[MAC_ADDR_LEN];
1164 BOOLEAN TimerCancelled;
1166 HT_CAPABILITY_IE HtCapability;
1167 ADD_HT_INFO_IE AddHtInfo; // AP might use this additional ht info IE
1168 UCHAR HtCapabilityLen;
1170 UCHAR NewExtChannelOffset = 0xff;
1172 if(PeerAssocRspSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &CapabilityInfo, &Status, &Aid, SupRate, &SupRateLen, ExtRate, &ExtRateLen,
1173 &HtCapability, &AddHtInfo, &HtCapabilityLen, &AddHtInfoLen,&NewExtChannelOffset, &EdcaParm, &CkipFlag))
1175 if(MAC_ADDR_EQUAL(Addr2, pAd->MlmeAux.Bssid)) // The frame is for me ?
1177 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - receive REASSOC_RSP to me (status=%d)\n", Status));
1178 RTMPCancelTimer(&pAd->MlmeAux.ReassocTimer, &TimerCancelled);
1180 if(Status == MLME_SUCCESS)
1182 // go to procedure listed on page 376
1183 AssocPostProc(pAd, Addr2, CapabilityInfo, Aid, SupRate, SupRateLen, ExtRate, ExtRateLen,
1184 &EdcaParm, &HtCapability, HtCapabilityLen, &AddHtInfo);
1186 #ifdef WPA_SUPPLICANT_SUPPORT
1187 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
1188 if (pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE)
1190 union iwreq_data wrqu;
1192 SendAssocIEsToWpaSupplicant(pAd);
1193 memset(&wrqu, 0, sizeof(wrqu));
1194 wrqu.data.flags = RT_ASSOC_EVENT_FLAG;
1195 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, NULL);
1197 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1198 #endif // WPA_SUPPLICANT_SUPPORT //
1200 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
1202 union iwreq_data wrqu;
1203 wext_notify_event_assoc(pAd);
1205 memset(wrqu.ap_addr.sa_data, 0, MAC_ADDR_LEN);
1206 memcpy(wrqu.ap_addr.sa_data, pAd->MlmeAux.Bssid, MAC_ADDR_LEN);
1207 wireless_send_event(pAd->net_dev, SIOCGIWAP, &wrqu, NULL);
1210 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1215 // Cisco Leap CCKM supported Re-association.
1218 if (LEAP_CCKM_ON(pAd) && (pAd->StaCfg.CCKMLinkUpFlag == TRUE))
1220 if (CCKMAssocRspSanity(pAd, Elem->Msg, Elem->MsgLen) == TRUE)
1222 pAd->StaCfg.CkipFlag = CkipFlag;
1223 if (CkipFlag & 0x18)
1225 NdisZeroMemory(pAd->StaCfg.TxSEQ, 4);
1226 NdisZeroMemory(pAd->StaCfg.RxSEQ, 4);
1227 NdisZeroMemory(pAd->StaCfg.CKIPMIC, 4);
1228 pAd->StaCfg.GIV[0] = RandomByte(pAd);
1229 pAd->StaCfg.GIV[1] = RandomByte(pAd);
1230 pAd->StaCfg.GIV[2] = RandomByte(pAd);
1231 pAd->StaCfg.bCkipOn = TRUE;
1232 DBGPRINT(RT_DEBUG_TRACE, ("<CCX> pAd->StaCfg.CkipFlag = 0x%02x\n", pAd->StaCfg.CkipFlag));
1235 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1236 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
1240 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - CCKMAssocRspSanity() sanity check fail\n"));
1244 #endif // LEAP_SUPPORT //
1246 // CkipFlag is no use for reassociate
1247 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1248 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
1254 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerReassocRspAction() sanity check fail\n"));
1260 ==========================================================================
1262 procedures on IEEE 802.11/1999 p.376
1265 IRQL = DISPATCH_LEVEL
1267 ==========================================================================
1270 IN PRTMP_ADAPTER pAd,
1272 IN USHORT CapabilityInfo,
1275 IN UCHAR SupRateLen,
1277 IN UCHAR ExtRateLen,
1278 IN PEDCA_PARM pEdcaParm,
1279 IN HT_CAPABILITY_IE *pHtCapability,
1280 IN UCHAR HtCapabilityLen,
1281 IN ADD_HT_INFO_IE *pAddHtInfo) // AP might use this additional ht info IE
1285 pAd->MlmeAux.BssType = BSS_INFRA;
1286 COPY_MAC_ADDR(pAd->MlmeAux.Bssid, pAddr2);
1287 pAd->MlmeAux.Aid = Aid;
1288 pAd->MlmeAux.CapabilityInfo = CapabilityInfo & SUPPORTED_CAPABILITY_INFO;
1289 #ifdef DOT11_N_SUPPORT
1290 // Some HT AP might lost WMM IE. We add WMM ourselves. beacuase HT requires QoS on.
1291 if ((HtCapabilityLen > 0) && (pEdcaParm->bValid == FALSE))
1293 pEdcaParm->bValid = TRUE;
1294 pEdcaParm->Aifsn[0] = 3;
1295 pEdcaParm->Aifsn[1] = 7;
1296 pEdcaParm->Aifsn[2] = 2;
1297 pEdcaParm->Aifsn[3] = 2;
1299 pEdcaParm->Cwmin[0] = 4;
1300 pEdcaParm->Cwmin[1] = 4;
1301 pEdcaParm->Cwmin[2] = 3;
1302 pEdcaParm->Cwmin[3] = 2;
1304 pEdcaParm->Cwmax[0] = 10;
1305 pEdcaParm->Cwmax[1] = 10;
1306 pEdcaParm->Cwmax[2] = 4;
1307 pEdcaParm->Cwmax[3] = 3;
1309 pEdcaParm->Txop[0] = 0;
1310 pEdcaParm->Txop[1] = 0;
1311 pEdcaParm->Txop[2] = 96;
1312 pEdcaParm->Txop[3] = 48;
1315 #endif // DOT11_N_SUPPORT //
1317 NdisMoveMemory(&pAd->MlmeAux.APEdcaParm, pEdcaParm, sizeof(EDCA_PARM));
1319 // filter out un-supported rates
1320 pAd->MlmeAux.SupRateLen = SupRateLen;
1321 NdisMoveMemory(pAd->MlmeAux.SupRate, SupRate, SupRateLen);
1322 RTMPCheckRates(pAd, pAd->MlmeAux.SupRate, &pAd->MlmeAux.SupRateLen);
1324 // filter out un-supported rates
1325 pAd->MlmeAux.ExtRateLen = ExtRateLen;
1326 NdisMoveMemory(pAd->MlmeAux.ExtRate, ExtRate, ExtRateLen);
1327 RTMPCheckRates(pAd, pAd->MlmeAux.ExtRate, &pAd->MlmeAux.ExtRateLen);
1329 #ifdef DOT11_N_SUPPORT
1330 if (HtCapabilityLen > 0)
1332 RTMPCheckHt(pAd, BSSID_WCID, pHtCapability, pAddHtInfo);
1334 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> AP.AMsduSize = %d. ClientStatusFlags = 0x%lx \n", pAd->MacTab.Content[BSSID_WCID].AMsduSize, pAd->MacTab.Content[BSSID_WCID].ClientStatusFlags));
1336 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> (Mmps=%d, AmsduSize=%d, )\n",
1337 pAd->MacTab.Content[BSSID_WCID].MmpsMode, pAd->MacTab.Content[BSSID_WCID].AMsduSize));
1338 #endif // DOT11_N_SUPPORT //
1340 // Set New WPA information
1341 Idx = BssTableSearch(&pAd->ScanTab, pAddr2, pAd->MlmeAux.Channel);
1342 if (Idx == BSS_NOT_FOUND)
1344 DBGPRINT_ERR(("ASSOC - Can't find BSS after receiving Assoc response\n"));
1349 pAd->MacTab.Content[BSSID_WCID].RSNIE_Len = 0;
1350 NdisZeroMemory(pAd->MacTab.Content[BSSID_WCID].RSN_IE, MAX_LEN_OF_RSNIE);
1352 // Store appropriate RSN_IE for WPA SM negotiation later
1353 if ((pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA) && (pAd->ScanTab.BssEntry[Idx].VarIELen != 0))
1359 pVIE = pAd->ScanTab.BssEntry[Idx].VarIEs;
1360 len = pAd->ScanTab.BssEntry[Idx].VarIELen;
1364 pEid = (PEID_STRUCT) pVIE;
1366 if ((pEid->Eid == IE_WPA) && (NdisEqualMemory(pEid->Octet, WPA_OUI, 4))
1367 && (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA || pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK))
1369 NdisMoveMemory(pAd->MacTab.Content[BSSID_WCID].RSN_IE, pVIE, (pEid->Len + 2));
1370 pAd->MacTab.Content[BSSID_WCID].RSNIE_Len = (pEid->Len + 2);
1371 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> Store RSN_IE for WPA SM negotiation \n"));
1374 else if ((pEid->Eid == IE_RSN) && (NdisEqualMemory(pEid->Octet + 2, RSN_OUI, 3))
1375 && (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2 || pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK))
1377 NdisMoveMemory(pAd->MacTab.Content[BSSID_WCID].RSN_IE, pVIE, (pEid->Len + 2));
1378 pAd->MacTab.Content[BSSID_WCID].RSNIE_Len = (pEid->Len + 2);
1379 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> Store RSN_IE for WPA2 SM negotiation \n"));
1382 pVIE += (pEid->Len + 2);
1383 len -= (pEid->Len + 2);
1387 if (pAd->MacTab.Content[BSSID_WCID].RSNIE_Len == 0)
1389 DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> no RSN_IE \n"));
1393 hex_dump("RSN_IE", pAd->MacTab.Content[BSSID_WCID].RSN_IE, pAd->MacTab.Content[BSSID_WCID].RSNIE_Len);
1399 ==========================================================================
1401 left part of IEEE 802.11/1999 p.374
1403 Elem - MLME message containing the received frame
1405 IRQL = DISPATCH_LEVEL
1407 ==========================================================================
1409 VOID PeerDisassocAction(
1410 IN PRTMP_ADAPTER pAd,
1411 IN MLME_QUEUE_ELEM *Elem)
1413 UCHAR Addr2[MAC_ADDR_LEN];
1416 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerDisassocAction()\n"));
1417 if(PeerDisassocSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Reason))
1419 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerDisassocAction() Reason = %d\n", Reason));
1420 if (INFRA_ON(pAd) && MAC_ADDR_EQUAL(pAd->CommonCfg.Bssid, Addr2))
1423 if (pAd->CommonCfg.bWirelessEvent)
1425 RTMPSendWirelessEvent(pAd, IW_DISASSOC_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
1430 if (pAd->StaCfg.LeapAuthMode == CISCO_AuthModeLEAP)
1432 // Cisco_LEAP has start a timer
1433 // We should cancel it if using LEAP
1434 RTMPCancelTimer(&pAd->StaCfg.LeapAuthTimer, &TimerCancelled);
1435 //Check is it mach the LEAP Authentication failed as possible a Rogue AP
1436 //on it's PortSecured not equal to WPA_802_1X_PORT_SECURED while process the Association.
1437 if ((pAd->Mlme.LeapMachine.CurrState != LEAP_IDLE) && (pAd->StaCfg.PortSecured != WPA_802_1X_PORT_SECURED))
1439 RogueApTableSetEntry(pAd, &pAd->StaCfg.RogueApTab, Addr2, LEAP_REASON_AUTH_TIMEOUT);
1442 #endif // LEAP_SUPPORT //
1444 // Get Current System time and Turn on AdjacentAPReport
1446 NdisGetSystemUpTime(&pAd->StaCfg.CCXAdjacentAPLinkDownTime);
1447 pAd->StaCfg.CCXAdjacentAPReportFlag = TRUE;
1448 LinkDown(pAd, TRUE);
1449 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1451 #ifdef WPA_SUPPLICANT_SUPPORT
1452 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
1453 if (pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE)
1455 union iwreq_data wrqu;
1456 //send disassociate event to wpa_supplicant
1457 memset(&wrqu, 0, sizeof(wrqu));
1458 wrqu.data.flags = RT_DISASSOC_EVENT_FLAG;
1459 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, NULL);
1461 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1462 #endif // WPA_SUPPLICANT_SUPPORT //
1464 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
1466 union iwreq_data wrqu;
1467 memset(wrqu.ap_addr.sa_data, 0, MAC_ADDR_LEN);
1468 wireless_send_event(pAd->net_dev, SIOCGIWAP, &wrqu, NULL);
1470 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1475 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerDisassocAction() sanity check fail\n"));
1481 ==========================================================================
1483 what the state machine will do after assoc timeout
1487 IRQL = DISPATCH_LEVEL
1489 ==========================================================================
1491 VOID AssocTimeoutAction(
1492 IN PRTMP_ADAPTER pAd,
1493 IN MLME_QUEUE_ELEM *Elem)
1496 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - AssocTimeoutAction\n"));
1497 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1498 Status = MLME_REJ_TIMEOUT;
1499 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
1503 ==========================================================================
1505 what the state machine will do after reassoc timeout
1507 IRQL = DISPATCH_LEVEL
1509 ==========================================================================
1511 VOID ReassocTimeoutAction(
1512 IN PRTMP_ADAPTER pAd,
1513 IN MLME_QUEUE_ELEM *Elem)
1516 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - ReassocTimeoutAction\n"));
1517 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1518 Status = MLME_REJ_TIMEOUT;
1519 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
1523 ==========================================================================
1525 what the state machine will do after disassoc timeout
1527 IRQL = DISPATCH_LEVEL
1529 ==========================================================================
1531 VOID DisassocTimeoutAction(
1532 IN PRTMP_ADAPTER pAd,
1533 IN MLME_QUEUE_ELEM *Elem)
1536 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - DisassocTimeoutAction\n"));
1537 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1538 Status = MLME_SUCCESS;
1539 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DISASSOC_CONF, 2, &Status);
1542 VOID InvalidStateWhenAssoc(
1543 IN PRTMP_ADAPTER pAd,
1544 IN MLME_QUEUE_ELEM *Elem)
1547 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - InvalidStateWhenAssoc(state=%ld), reset ASSOC state machine\n",
1548 pAd->Mlme.AssocMachine.CurrState));
1549 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1550 Status = MLME_STATE_MACHINE_REJECT;
1551 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
1554 VOID InvalidStateWhenReassoc(
1555 IN PRTMP_ADAPTER pAd,
1556 IN MLME_QUEUE_ELEM *Elem)
1559 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - InvalidStateWhenReassoc(state=%ld), reset ASSOC state machine\n",
1560 pAd->Mlme.AssocMachine.CurrState));
1561 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1562 Status = MLME_STATE_MACHINE_REJECT;
1563 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
1566 VOID InvalidStateWhenDisassociate(
1567 IN PRTMP_ADAPTER pAd,
1568 IN MLME_QUEUE_ELEM *Elem)
1571 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - InvalidStateWhenDisassoc(state=%ld), reset ASSOC state machine\n",
1572 pAd->Mlme.AssocMachine.CurrState));
1573 pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
1574 Status = MLME_STATE_MACHINE_REJECT;
1575 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DISASSOC_CONF, 2, &Status);
1579 ==========================================================================
1581 right part of IEEE 802.11/1999 page 374
1583 This event should never cause ASSOC state machine perform state
1584 transition, and has no relationship with CNTL machine. So we separate
1585 this routine as a service outside of ASSOC state transition table.
1587 IRQL = DISPATCH_LEVEL
1589 ==========================================================================
1592 IN PRTMP_ADAPTER pAd,
1595 HEADER_802_11 DisassocHdr;
1596 PHEADER_802_11 pDisassocHdr;
1597 PUCHAR pOutBuffer = NULL;
1599 NDIS_STATUS NStatus;
1600 USHORT Reason = REASON_CLS3ERR;
1602 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); //Get an unused nonpaged memory
1603 if (NStatus != NDIS_STATUS_SUCCESS)
1606 DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Class 3 Error, Send DISASSOC frame\n"));
1607 MgtMacHeaderInit(pAd, &DisassocHdr, SUBTYPE_DISASSOC, 0, pAddr, pAd->CommonCfg.Bssid); // patch peap ttls switching issue
1608 MakeOutgoingFrame(pOutBuffer, &FrameLen,
1609 sizeof(HEADER_802_11),&DisassocHdr,
1612 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
1614 // To patch Instance and Buffalo(N) AP
1615 // Driver has to send deauth to Instance AP, but Buffalo(N) needs to send disassoc to reset Authenticator's state machine
1616 // Therefore, we send both of them.
1617 pDisassocHdr = (PHEADER_802_11)pOutBuffer;
1618 pDisassocHdr->FC.SubType = SUBTYPE_DEAUTH;
1619 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
1621 MlmeFreeMemory(pAd, pOutBuffer);
1623 pAd->StaCfg.DisassocReason = REASON_CLS3ERR;
1624 COPY_MAC_ADDR(pAd->StaCfg.DisassocSta, pAddr);
1628 ==========================================================================
1630 Switch between WEP and CKIP upon new association up.
1633 IRQL = DISPATCH_LEVEL
1635 ==========================================================================
1637 VOID SwitchBetweenWepAndCkip(
1638 IN PRTMP_ADAPTER pAd)
1641 SHAREDKEY_MODE_STRUC csr1;
1643 // if KP is required. change the CipherAlg in hardware shard key table from WEP
1644 // to CKIP. else remain as WEP
1645 if (pAd->StaCfg.bCkipOn && (pAd->StaCfg.CkipFlag & 0x10))
1647 // modify hardware key table so that MAC use correct algorithm to decrypt RX
1648 RTMP_IO_READ32(pAd, SHARED_KEY_MODE_BASE, &csr1.word);
1649 if (csr1.field.Bss0Key0CipherAlg == CIPHER_WEP64)
1650 csr1.field.Bss0Key0CipherAlg = CIPHER_CKIP64;
1651 else if (csr1.field.Bss0Key0CipherAlg == CIPHER_WEP128)
1652 csr1.field.Bss0Key0CipherAlg = CIPHER_CKIP128;
1654 if (csr1.field.Bss0Key1CipherAlg == CIPHER_WEP64)
1655 csr1.field.Bss0Key1CipherAlg = CIPHER_CKIP64;
1656 else if (csr1.field.Bss0Key1CipherAlg == CIPHER_WEP128)
1657 csr1.field.Bss0Key1CipherAlg = CIPHER_CKIP128;
1659 if (csr1.field.Bss0Key2CipherAlg == CIPHER_WEP64)
1660 csr1.field.Bss0Key2CipherAlg = CIPHER_CKIP64;
1661 else if (csr1.field.Bss0Key2CipherAlg == CIPHER_WEP128)
1662 csr1.field.Bss0Key2CipherAlg = CIPHER_CKIP128;
1664 if (csr1.field.Bss0Key3CipherAlg == CIPHER_WEP64)
1665 csr1.field.Bss0Key3CipherAlg = CIPHER_CKIP64;
1666 else if (csr1.field.Bss0Key3CipherAlg == CIPHER_WEP128)
1667 csr1.field.Bss0Key3CipherAlg = CIPHER_CKIP128;
1668 RTMP_IO_WRITE32(pAd, SHARED_KEY_MODE_BASE, csr1.word);
1669 DBGPRINT(RT_DEBUG_TRACE, ("SwitchBetweenWepAndCkip: modify BSS0 cipher to %s\n", CipherName[csr1.field.Bss0Key0CipherAlg]));
1671 // modify software key table so that driver can specify correct algorithm in TXD upon TX
1672 for (i=0; i<SHARE_KEY_NUM; i++)
1674 if (pAd->SharedKey[BSS0][i].CipherAlg == CIPHER_WEP64)
1675 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_CKIP64;
1676 else if (pAd->SharedKey[BSS0][i].CipherAlg == CIPHER_WEP128)
1677 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_CKIP128;
1681 // else if KP NOT inused. change the CipherAlg in hardware shard key table from CKIP
1685 // modify hardware key table so that MAC use correct algorithm to decrypt RX
1686 RTMP_IO_READ32(pAd, SHARED_KEY_MODE_BASE, &csr1.word);
1687 if (csr1.field.Bss0Key0CipherAlg == CIPHER_CKIP64)
1688 csr1.field.Bss0Key0CipherAlg = CIPHER_WEP64;
1689 else if (csr1.field.Bss0Key0CipherAlg == CIPHER_CKIP128)
1690 csr1.field.Bss0Key0CipherAlg = CIPHER_WEP128;
1692 if (csr1.field.Bss0Key1CipherAlg == CIPHER_CKIP64)
1693 csr1.field.Bss0Key1CipherAlg = CIPHER_WEP64;
1694 else if (csr1.field.Bss0Key1CipherAlg == CIPHER_CKIP128)
1695 csr1.field.Bss0Key1CipherAlg = CIPHER_WEP128;
1697 if (csr1.field.Bss0Key2CipherAlg == CIPHER_CKIP64)
1698 csr1.field.Bss0Key2CipherAlg = CIPHER_WEP64;
1699 else if (csr1.field.Bss0Key2CipherAlg == CIPHER_CKIP128)
1700 csr1.field.Bss0Key2CipherAlg = CIPHER_WEP128;
1702 if (csr1.field.Bss0Key3CipherAlg == CIPHER_CKIP64)
1703 csr1.field.Bss0Key3CipherAlg = CIPHER_WEP64;
1704 else if (csr1.field.Bss0Key3CipherAlg == CIPHER_CKIP128)
1705 csr1.field.Bss0Key3CipherAlg = CIPHER_WEP128;
1707 // modify software key table so that driver can specify correct algorithm in TXD upon TX
1708 for (i=0; i<SHARE_KEY_NUM; i++)
1710 if (pAd->SharedKey[BSS0][i].CipherAlg == CIPHER_CKIP64)
1711 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_WEP64;
1712 else if (pAd->SharedKey[BSS0][i].CipherAlg == CIPHER_CKIP128)
1713 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_WEP128;
1717 // On WPA-NONE, must update CipherAlg.
1718 // Because the OID_802_11_WEP_STATUS was been set after OID_802_11_ADD_KEY
1719 // and CipherAlg will be CIPHER_NONE by Windows ZeroConfig.
1720 // So we need to update CipherAlg after connect.
1722 if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPANone)
1724 for (i = 0; i < SHARE_KEY_NUM; i++)
1726 if (pAd->SharedKey[BSS0][i].KeyLen != 0)
1728 if (pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled)
1730 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_TKIP;
1732 else if (pAd->StaCfg.WepStatus == Ndis802_11Encryption3Enabled)
1734 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_AES;
1739 pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_NONE;
1743 csr1.field.Bss0Key0CipherAlg = pAd->SharedKey[BSS0][0].CipherAlg;
1744 csr1.field.Bss0Key1CipherAlg = pAd->SharedKey[BSS0][1].CipherAlg;
1745 csr1.field.Bss0Key2CipherAlg = pAd->SharedKey[BSS0][2].CipherAlg;
1746 csr1.field.Bss0Key3CipherAlg = pAd->SharedKey[BSS0][3].CipherAlg;
1748 RTMP_IO_WRITE32(pAd, SHARED_KEY_MODE_BASE, csr1.word);
1749 DBGPRINT(RT_DEBUG_TRACE, ("SwitchBetweenWepAndCkip: modify BSS0 cipher to %s\n", CipherName[csr1.field.Bss0Key0CipherAlg]));
1753 #ifdef WPA_SUPPLICANT_SUPPORT
1754 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
1755 VOID SendAssocIEsToWpaSupplicant(
1756 IN PRTMP_ADAPTER pAd)
1758 union iwreq_data wrqu;
1759 unsigned char custom[IW_CUSTOM_MAX] = {0};
1761 if ((pAd->StaCfg.ReqVarIELen + 17) <= IW_CUSTOM_MAX)
1763 sprintf(custom, "ASSOCINFO_ReqIEs=");
1764 NdisMoveMemory(custom+17, pAd->StaCfg.ReqVarIEs, pAd->StaCfg.ReqVarIELen);
1765 memset(&wrqu, 0, sizeof(wrqu));
1766 wrqu.data.length = pAd->StaCfg.ReqVarIELen + 17;
1767 wrqu.data.flags = RT_REQIE_EVENT_FLAG;
1768 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, custom);
1770 memset(&wrqu, 0, sizeof(wrqu));
1771 wrqu.data.flags = RT_ASSOCINFO_EVENT_FLAG;
1772 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, NULL);
1775 DBGPRINT(RT_DEBUG_TRACE, ("pAd->StaCfg.ReqVarIELen + 17 > MAX_CUSTOM_LEN\n"));
1779 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1780 #endif // WPA_SUPPLICANT_SUPPORT //
1782 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
1783 int wext_notify_event_assoc(
1784 IN RTMP_ADAPTER *pAd)
1786 union iwreq_data wrqu;
1787 char custom[IW_CUSTOM_MAX] = {0};
1789 #if WIRELESS_EXT > 17
1790 if (pAd->StaCfg.ReqVarIELen <= IW_CUSTOM_MAX)
1792 wrqu.data.length = pAd->StaCfg.ReqVarIELen;
1793 memcpy(custom, pAd->StaCfg.ReqVarIEs, pAd->StaCfg.ReqVarIELen);
1794 wireless_send_event(pAd->net_dev, IWEVASSOCREQIE, &wrqu, custom);
1797 DBGPRINT(RT_DEBUG_TRACE, ("pAd->StaCfg.ReqVarIELen > MAX_CUSTOM_LEN\n"));
1799 if (((pAd->StaCfg.ReqVarIELen*2) + 17) <= IW_CUSTOM_MAX)
1802 wrqu.data.length = (pAd->StaCfg.ReqVarIELen*2) + 17;
1803 sprintf(custom, "ASSOCINFO(ReqIEs=");
1804 for (idx=0; idx<pAd->StaCfg.ReqVarIELen; idx++)
1805 sprintf(custom, "%s%02x", custom, pAd->StaCfg.ReqVarIEs[idx]);
1806 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, custom);
1809 DBGPRINT(RT_DEBUG_TRACE, ("(pAd->StaCfg.ReqVarIELen*2) + 17 > MAX_CUSTOM_LEN\n"));
1815 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
1818 BOOLEAN StaAddMacTableEntry(
1819 IN PRTMP_ADAPTER pAd,
1820 IN PMAC_TABLE_ENTRY pEntry,
1821 IN UCHAR MaxSupportedRateIn500Kbps,
1822 IN HT_CAPABILITY_IE *pHtCapability,
1823 IN UCHAR HtCapabilityLen,
1824 IN USHORT CapabilityInfo)
1826 UCHAR MaxSupportedRate = RATE_11;
1829 CLIENT_STATUS_CLEAR_FLAG(pEntry, fCLIENT_STATUS_WMM_CAPABLE);
1831 switch (MaxSupportedRateIn500Kbps)
1833 case 108: MaxSupportedRate = RATE_54; break;
1834 case 96: MaxSupportedRate = RATE_48; break;
1835 case 72: MaxSupportedRate = RATE_36; break;
1836 case 48: MaxSupportedRate = RATE_24; break;
1837 case 36: MaxSupportedRate = RATE_18; break;
1838 case 24: MaxSupportedRate = RATE_12; break;
1839 case 18: MaxSupportedRate = RATE_9; break;
1840 case 12: MaxSupportedRate = RATE_6; break;
1841 case 22: MaxSupportedRate = RATE_11; break;
1842 case 11: MaxSupportedRate = RATE_5_5; break;
1843 case 4: MaxSupportedRate = RATE_2; break;
1844 case 2: MaxSupportedRate = RATE_1; break;
1845 default: MaxSupportedRate = RATE_11; break;
1848 if ((pAd->CommonCfg.PhyMode == PHY_11G) && (MaxSupportedRate < RATE_FIRST_OFDM_RATE))
1851 #ifdef DOT11_N_SUPPORT
1853 if (((pAd->CommonCfg.PhyMode == PHY_11N_2_4G) || (pAd->CommonCfg.PhyMode == PHY_11N_5G))&& (HtCapabilityLen == 0))
1855 #endif // DOT11_N_SUPPORT //
1860 NdisAcquireSpinLock(&pAd->MacTabLock);
1863 pEntry->PortSecured = WPA_802_1X_PORT_SECURED;
1864 if ((MaxSupportedRate < RATE_FIRST_OFDM_RATE) ||
1865 (pAd->CommonCfg.PhyMode == PHY_11B))
1867 pEntry->RateLen = 4;
1868 if (MaxSupportedRate >= RATE_FIRST_OFDM_RATE)
1869 MaxSupportedRate = RATE_11;
1872 pEntry->RateLen = 12;
1874 pEntry->MaxHTPhyMode.word = 0;
1875 pEntry->MinHTPhyMode.word = 0;
1876 pEntry->HTPhyMode.word = 0;
1877 pEntry->MaxSupportedRate = MaxSupportedRate;
1878 if (pEntry->MaxSupportedRate < RATE_FIRST_OFDM_RATE)
1880 pEntry->MaxHTPhyMode.field.MODE = MODE_CCK;
1881 pEntry->MaxHTPhyMode.field.MCS = pEntry->MaxSupportedRate;
1882 pEntry->MinHTPhyMode.field.MODE = MODE_CCK;
1883 pEntry->MinHTPhyMode.field.MCS = pEntry->MaxSupportedRate;
1884 pEntry->HTPhyMode.field.MODE = MODE_CCK;
1885 pEntry->HTPhyMode.field.MCS = pEntry->MaxSupportedRate;
1889 pEntry->MaxHTPhyMode.field.MODE = MODE_OFDM;
1890 pEntry->MaxHTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
1891 pEntry->MinHTPhyMode.field.MODE = MODE_OFDM;
1892 pEntry->MinHTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
1893 pEntry->HTPhyMode.field.MODE = MODE_OFDM;
1894 pEntry->HTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
1896 pEntry->CapabilityInfo = CapabilityInfo;
1897 CLIENT_STATUS_CLEAR_FLAG(pEntry, fCLIENT_STATUS_AGGREGATION_CAPABLE);
1898 CLIENT_STATUS_CLEAR_FLAG(pEntry, fCLIENT_STATUS_PIGGYBACK_CAPABLE);
1901 #ifdef DOT11_N_SUPPORT
1902 // If this Entry supports 802.11n, upgrade to HT rate.
1903 if ((HtCapabilityLen != 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
1905 UCHAR j, bitmask; //k,bitmask;
1909 CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_WMM_CAPABLE);
1910 if ((pHtCapability->HtCapInfo.GF) && (pAd->CommonCfg.DesiredHtPhy.GF))
1912 pEntry->MaxHTPhyMode.field.MODE = MODE_HTGREENFIELD;
1916 pEntry->MaxHTPhyMode.field.MODE = MODE_HTMIX;
1917 pAd->MacTab.fAnyStationNonGF = TRUE;
1918 pAd->CommonCfg.AddHTInfo.AddHtInfo2.NonGfPresent = 1;
1921 if ((pHtCapability->HtCapInfo.ChannelWidth) && (pAd->CommonCfg.DesiredHtPhy.ChannelWidth))
1923 pEntry->MaxHTPhyMode.field.BW= BW_40;
1924 pEntry->MaxHTPhyMode.field.ShortGI = ((pAd->CommonCfg.DesiredHtPhy.ShortGIfor40)&(pHtCapability->HtCapInfo.ShortGIfor40));
1928 pEntry->MaxHTPhyMode.field.BW = BW_20;
1929 pEntry->MaxHTPhyMode.field.ShortGI = ((pAd->CommonCfg.DesiredHtPhy.ShortGIfor20)&(pHtCapability->HtCapInfo.ShortGIfor20));
1930 pAd->MacTab.fAnyStation20Only = TRUE;
1934 if (pAd->MACVersion >= RALINK_2883_VERSION && pAd->MACVersion < RALINK_3070_VERSION)
1935 pEntry->MaxHTPhyMode.field.TxBF = pAd->CommonCfg.RegTransmitSetting.field.TxBF;
1937 // find max fixed rate
1938 for (i=23; i>=0; i--) // 3*3
1941 bitmask = (1<<(i-(j*8)));
1942 if ((pAd->StaCfg.DesiredHtPhyInfo.MCSSet[j] & bitmask) && (pHtCapability->MCSSet[j] & bitmask))
1944 pEntry->MaxHTPhyMode.field.MCS = i;
1952 if (pAd->StaCfg.DesiredTransmitSetting.field.MCS != MCS_AUTO)
1954 if (pAd->StaCfg.DesiredTransmitSetting.field.MCS == 32)
1956 // Fix MCS as HT Duplicated Mode
1957 pEntry->MaxHTPhyMode.field.BW = 1;
1958 pEntry->MaxHTPhyMode.field.MODE = MODE_HTMIX;
1959 pEntry->MaxHTPhyMode.field.STBC = 0;
1960 pEntry->MaxHTPhyMode.field.ShortGI = 0;
1961 pEntry->MaxHTPhyMode.field.MCS = 32;
1963 else if (pEntry->MaxHTPhyMode.field.MCS > pAd->StaCfg.HTPhyMode.field.MCS)
1965 // STA supports fixed MCS
1966 pEntry->MaxHTPhyMode.field.MCS = pAd->StaCfg.HTPhyMode.field.MCS;
1970 pEntry->MaxHTPhyMode.field.STBC = (pHtCapability->HtCapInfo.RxSTBC & (pAd->CommonCfg.DesiredHtPhy.TxSTBC));
1971 pEntry->MpduDensity = pHtCapability->HtCapParm.MpduDensity;
1972 pEntry->MaxRAmpduFactor = pHtCapability->HtCapParm.MaxRAmpduFactor;
1973 pEntry->MmpsMode = (UCHAR)pHtCapability->HtCapInfo.MimoPs;
1974 pEntry->AMsduSize = (UCHAR)pHtCapability->HtCapInfo.AMsduSize;
1975 pEntry->HTPhyMode.word = pEntry->MaxHTPhyMode.word;
1977 if (pAd->CommonCfg.DesiredHtPhy.AmsduEnable && (pAd->CommonCfg.REGBACapability.field.AutoBA == FALSE))
1978 CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_AMSDU_INUSED);
1979 if (pHtCapability->HtCapInfo.ShortGIfor20)
1980 CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_SGI20_CAPABLE);
1981 if (pHtCapability->HtCapInfo.ShortGIfor40)
1982 CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_SGI40_CAPABLE);
1983 if (pHtCapability->HtCapInfo.TxSTBC)
1984 CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_TxSTBC_CAPABLE);
1985 if (pHtCapability->HtCapInfo.RxSTBC)
1986 CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_RxSTBC_CAPABLE);
1987 if (pHtCapability->ExtHtCapInfo.PlusHTC)
1988 CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_HTC_CAPABLE);
1989 if (pAd->CommonCfg.bRdg && pHtCapability->ExtHtCapInfo.RDGSupport)
1990 CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_RDG_CAPABLE);
1991 if (pHtCapability->ExtHtCapInfo.MCSFeedback == 0x03)
1992 CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_MCSFEEDBACK_CAPABLE);
1996 pAd->MacTab.fAnyStationIsLegacy = TRUE;
1999 NdisMoveMemory(&pEntry->HTCapability, pHtCapability, sizeof(HT_CAPABILITY_IE));
2000 #endif // DOT11_N_SUPPORT //
2002 pEntry->HTPhyMode.word = pEntry->MaxHTPhyMode.word;
2003 pEntry->CurrTxRate = pEntry->MaxSupportedRate;
2005 // Set asic auto fall back
2006 if (pAd->StaCfg.bAutoTxRateSwitch == TRUE)
2009 UCHAR TableSize = 0;
2011 MlmeSelectTxRateTable(pAd, pEntry, &pTable, &TableSize, &pEntry->CurrTxRateIndex);
2012 pEntry->bAutoTxRateSwitch = TRUE;
2016 pEntry->HTPhyMode.field.MODE = pAd->StaCfg.HTPhyMode.field.MODE;
2017 pEntry->HTPhyMode.field.MCS = pAd->StaCfg.HTPhyMode.field.MCS;
2018 pEntry->bAutoTxRateSwitch = FALSE;
2020 // If the legacy mode is set, overwrite the transmit setting of this entry.
2021 RTMPUpdateLegacyTxSetting((UCHAR)pAd->StaCfg.DesiredTransmitSetting.field.FixedTxMode, pEntry);
2024 pEntry->PortSecured = WPA_802_1X_PORT_SECURED;
2025 pEntry->Sst = SST_ASSOC;
2026 pEntry->AuthState = AS_AUTH_OPEN;
2027 pEntry->AuthMode = pAd->StaCfg.AuthMode;
2028 pEntry->WepStatus = pAd->StaCfg.WepStatus;
2030 NdisReleaseSpinLock(&pAd->MacTabLock);
2032 #ifdef WPA_SUPPLICANT_SUPPORT
2033 #ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
2034 if (pAd->StaCfg.WpaSupplicantUP)
2036 union iwreq_data wrqu;
2038 SendAssocIEsToWpaSupplicant(pAd);
2039 memset(&wrqu, 0, sizeof(wrqu));
2040 wrqu.data.flags = RT_ASSOC_EVENT_FLAG;
2041 wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, NULL);
2043 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
2044 #endif // WPA_SUPPLICANT_SUPPORT //
2046 #ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
2048 union iwreq_data wrqu;
2049 wext_notify_event_assoc(pAd);
2051 memset(wrqu.ap_addr.sa_data, 0, MAC_ADDR_LEN);
2052 memcpy(wrqu.ap_addr.sa_data, pAd->MlmeAux.Bssid, MAC_ADDR_LEN);
2053 wireless_send_event(pAd->net_dev, SIOCGIWAP, &wrqu, NULL);
2056 #endif // NATIVE_WPA_SUPPLICANT_SUPPORT //