2 *************************************************************************
4 * 5F., No.36, Taiyuan St., Jhubei City,
8 * (c) Copyright 2002-2007, Ralink Technology, Inc.
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
15 * This program is distributed in the hope that it will be useful, *
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
18 * GNU General Public License for more details. *
20 * You should have received a copy of the GNU General Public License *
21 * along with this program; if not, write to the *
22 * Free Software Foundation, Inc., *
23 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 *************************************************************************
34 -------- ---------- ----------------------------------------------
35 John Chang 2004-09-01 add WMM support
37 #include "../rt_config.h"
40 extern UCHAR CISCO_OUI
[];
42 extern UCHAR WPA_OUI
[];
43 extern UCHAR RSN_OUI
[];
44 extern UCHAR WME_INFO_ELEM
[];
45 extern UCHAR WME_PARM_ELEM
[];
46 extern UCHAR Ccx2QosInfo
[];
47 extern UCHAR RALINK_OUI
[];
48 extern UCHAR BROADCOM_OUI
[];
49 extern UCHAR WPS_OUI
[];
52 ==========================================================================
54 MLME message sanity check
56 TRUE if all parameters are OK, FALSE otherwise
60 ==========================================================================
62 BOOLEAN
MlmeAddBAReqSanity(
68 PMLME_ADDBA_REQ_STRUCT pInfo
;
70 pInfo
= (MLME_ADDBA_REQ_STRUCT
*)Msg
;
72 if ((MsgLen
!= sizeof(MLME_ADDBA_REQ_STRUCT
)))
74 DBGPRINT(RT_DEBUG_TRACE
, ("MlmeAddBAReqSanity fail - message lenght not correct.\n"));
78 if ((pInfo
->Wcid
>= MAX_LEN_OF_MAC_TABLE
))
80 DBGPRINT(RT_DEBUG_TRACE
, ("MlmeAddBAReqSanity fail - The peer Mac is not associated yet.\n"));
84 if ((pInfo
->pAddr
[0]&0x01) == 0x01)
86 DBGPRINT(RT_DEBUG_TRACE
, ("MlmeAddBAReqSanity fail - broadcast address not support BA\n"));
94 ==========================================================================
96 MLME message sanity check
98 TRUE if all parameters are OK, FALSE otherwise
100 IRQL = DISPATCH_LEVEL
102 ==========================================================================
104 BOOLEAN
MlmeDelBAReqSanity(
105 IN PRTMP_ADAPTER pAd
,
109 MLME_DELBA_REQ_STRUCT
*pInfo
;
110 pInfo
= (MLME_DELBA_REQ_STRUCT
*)Msg
;
112 if ((MsgLen
!= sizeof(MLME_DELBA_REQ_STRUCT
)))
114 DBGPRINT(RT_DEBUG_ERROR
, ("MlmeDelBAReqSanity fail - message lenght not correct.\n"));
118 if ((pInfo
->Wcid
>= MAX_LEN_OF_MAC_TABLE
))
120 DBGPRINT(RT_DEBUG_ERROR
, ("MlmeDelBAReqSanity fail - The peer Mac is not associated yet.\n"));
124 if ((pInfo
->TID
& 0xf0))
126 DBGPRINT(RT_DEBUG_ERROR
, ("MlmeDelBAReqSanity fail - The peer TID is incorrect.\n"));
130 if (NdisEqualMemory(pAd
->MacTab
.Content
[pInfo
->Wcid
].Addr
, pInfo
->Addr
, MAC_ADDR_LEN
) == 0)
132 DBGPRINT(RT_DEBUG_ERROR
, ("MlmeDelBAReqSanity fail - the peer addr dosen't exist.\n"));
139 BOOLEAN
PeerAddBAReqActionSanity(
140 IN PRTMP_ADAPTER pAd
,
145 PFRAME_802_11 pFrame
= (PFRAME_802_11
)pMsg
;
146 PFRAME_ADDBA_REQ pAddFrame
;
147 pAddFrame
= (PFRAME_ADDBA_REQ
)(pMsg
);
148 if (MsgLen
< (sizeof(FRAME_ADDBA_REQ
)))
150 DBGPRINT(RT_DEBUG_ERROR
,("PeerAddBAReqActionSanity: ADDBA Request frame length size = %ld incorrect\n", MsgLen
));
153 // we support immediate BA.
154 *(USHORT
*)(&pAddFrame
->BaParm
) = cpu2le16(*(USHORT
*)(&pAddFrame
->BaParm
));
155 pAddFrame
->TimeOutValue
= cpu2le16(pAddFrame
->TimeOutValue
);
156 pAddFrame
->BaStartSeq
.word
= cpu2le16(pAddFrame
->BaStartSeq
.word
);
158 if (pAddFrame
->BaParm
.BAPolicy
!= IMMED_BA
)
160 DBGPRINT(RT_DEBUG_ERROR
,("PeerAddBAReqActionSanity: ADDBA Request Ba Policy[%d] not support\n", pAddFrame
->BaParm
.BAPolicy
));
161 DBGPRINT(RT_DEBUG_ERROR
,("ADDBA Request. tid=%x, Bufsize=%x, AMSDUSupported=%x \n", pAddFrame
->BaParm
.TID
, pAddFrame
->BaParm
.BufSize
, pAddFrame
->BaParm
.AMSDUSupported
));
165 // we support immediate BA.
166 if (pAddFrame
->BaParm
.TID
&0xfff0)
168 DBGPRINT(RT_DEBUG_ERROR
,("PeerAddBAReqActionSanity: ADDBA Request incorrect TID = %d\n", pAddFrame
->BaParm
.TID
));
171 COPY_MAC_ADDR(pAddr2
, pFrame
->Hdr
.Addr2
);
175 BOOLEAN
PeerAddBARspActionSanity(
176 IN PRTMP_ADAPTER pAd
,
180 PFRAME_ADDBA_RSP pAddFrame
;
182 pAddFrame
= (PFRAME_ADDBA_RSP
)(pMsg
);
183 if (MsgLen
< (sizeof(FRAME_ADDBA_RSP
)))
185 DBGPRINT(RT_DEBUG_ERROR
,("PeerAddBARspActionSanity: ADDBA Response frame length size = %ld incorrect\n", MsgLen
));
188 // we support immediate BA.
189 *(USHORT
*)(&pAddFrame
->BaParm
) = cpu2le16(*(USHORT
*)(&pAddFrame
->BaParm
));
190 pAddFrame
->StatusCode
= cpu2le16(pAddFrame
->StatusCode
);
191 pAddFrame
->TimeOutValue
= cpu2le16(pAddFrame
->TimeOutValue
);
193 if (pAddFrame
->BaParm
.BAPolicy
!= IMMED_BA
)
195 DBGPRINT(RT_DEBUG_ERROR
,("PeerAddBAReqActionSanity: ADDBA Response Ba Policy[%d] not support\n", pAddFrame
->BaParm
.BAPolicy
));
199 // we support immediate BA.
200 if (pAddFrame
->BaParm
.TID
&0xfff0)
202 DBGPRINT(RT_DEBUG_ERROR
,("PeerAddBARspActionSanity: ADDBA Response incorrect TID = %d\n", pAddFrame
->BaParm
.TID
));
209 BOOLEAN
PeerDelBAActionSanity(
210 IN PRTMP_ADAPTER pAd
,
215 //PFRAME_802_11 pFrame = (PFRAME_802_11)pMsg;
216 PFRAME_DELBA_REQ pDelFrame
;
217 if (MsgLen
!= (sizeof(FRAME_DELBA_REQ
)))
220 if (Wcid
>= MAX_LEN_OF_MAC_TABLE
)
223 pDelFrame
= (PFRAME_DELBA_REQ
)(pMsg
);
225 *(USHORT
*)(&pDelFrame
->DelbaParm
) = cpu2le16(*(USHORT
*)(&pDelFrame
->DelbaParm
));
226 pDelFrame
->ReasonCode
= cpu2le16(pDelFrame
->ReasonCode
);
228 if (pDelFrame
->DelbaParm
.TID
&0xfff0)
235 ==========================================================================
237 MLME message sanity check
239 TRUE if all parameters are OK, FALSE otherwise
241 IRQL = DISPATCH_LEVEL
243 ==========================================================================
245 BOOLEAN
PeerBeaconAndProbeRspSanity(
246 IN PRTMP_ADAPTER pAd
,
255 OUT USHORT
*pBeaconPeriod
,
257 OUT UCHAR
*pNewChannel
,
258 OUT LARGE_INTEGER
*pTimestamp
,
259 OUT CF_PARM
*pCfParm
,
260 OUT USHORT
*pAtimWin
,
261 OUT USHORT
*pCapabilityInfo
,
263 OUT UCHAR
*pDtimCount
,
264 OUT UCHAR
*pDtimPeriod
,
265 OUT UCHAR
*pBcastFlag
,
266 OUT UCHAR
*pMessageToMe
,
268 OUT UCHAR
*pSupRateLen
,
270 OUT UCHAR
*pExtRateLen
,
271 OUT UCHAR
*pCkipFlag
,
272 OUT UCHAR
*pAironetCellPowerLimit
,
273 OUT PEDCA_PARM pEdcaParm
,
274 OUT PQBSS_LOAD_PARM pQbssLoad
,
275 OUT PQOS_CAPABILITY_PARM pQosCapability
,
276 OUT ULONG
*pRalinkIe
,
277 OUT UCHAR
*pHtCapabilityLen
,
278 OUT UCHAR
*pPreNHtCapabilityLen
,
279 OUT HT_CAPABILITY_IE
*pHtCapability
,
280 OUT UCHAR
*AddHtInfoLen
,
281 OUT ADD_HT_INFO_IE
*AddHtInfo
,
282 OUT UCHAR
*NewExtChannelOffset
, // Ht extension channel offset(above or below)
283 OUT USHORT
*LengthVIE
,
284 OUT PNDIS_802_11_VARIABLE_IEs pVIE
)
288 PFRAME_802_11 pFrame
;
292 //UCHAR ECWMin, ECWMax;
293 //MAC_CSR9_STRUC Csr9;
296 // For some 11a AP which didn't have DS_IE, we use two conditions to decide the channel
297 // 1. If the AP is 11n enabled, then check the control channel.
298 // 2. If the AP didn't have any info about channel, use the channel we received this frame as the channel. (May inaccuracy!!)
299 UCHAR CtrlChannel
= 0;
301 // Add for 3 necessary EID field check
311 *pCkipFlag
= 0; // Default of CkipFlag is 0
312 *pAironetCellPowerLimit
= 0xFF; // Default of AironetCellPowerLimit is 0xFF
313 *LengthVIE
= 0; // Set the length of VIE to init value 0
314 *pHtCapabilityLen
= 0; // Set the length of VIE to init value 0
315 if (pAd
->OpMode
== OPMODE_STA
)
316 *pPreNHtCapabilityLen
= 0; // Set the length of VIE to init value 0
317 *AddHtInfoLen
= 0; // Set the length of VIE to init value 0
320 *NewExtChannelOffset
= 0xff; //Default 0xff means no such IE
321 pCfParm
->bValid
= FALSE
; // default: no IE_CF found
322 pQbssLoad
->bValid
= FALSE
; // default: no IE_QBSS_LOAD found
323 pEdcaParm
->bValid
= FALSE
; // default: no IE_EDCA_PARAMETER found
324 pQosCapability
->bValid
= FALSE
; // default: no IE_QOS_CAPABILITY found
326 pFrame
= (PFRAME_802_11
)Msg
;
328 // get subtype from header
329 SubType
= (UCHAR
)pFrame
->Hdr
.FC
.SubType
;
331 // get Addr2 and BSSID from header
332 COPY_MAC_ADDR(pAddr2
, pFrame
->Hdr
.Addr2
);
333 COPY_MAC_ADDR(pBssid
, pFrame
->Hdr
.Addr3
);
336 Length
+= LENGTH_802_11
;
338 // get timestamp from payload and advance the pointer
339 NdisMoveMemory(pTimestamp
, Ptr
, TIMESTAMP_LEN
);
341 pTimestamp
->u
.LowPart
= cpu2le32(pTimestamp
->u
.LowPart
);
342 pTimestamp
->u
.HighPart
= cpu2le32(pTimestamp
->u
.HighPart
);
344 Ptr
+= TIMESTAMP_LEN
;
345 Length
+= TIMESTAMP_LEN
;
347 // get beacon interval from payload and advance the pointer
348 NdisMoveMemory(pBeaconPeriod
, Ptr
, 2);
352 // get capability info from payload and advance the pointer
353 NdisMoveMemory(pCapabilityInfo
, Ptr
, 2);
357 if (CAP_IS_ESS_ON(*pCapabilityInfo
))
358 *pBssType
= BSS_INFRA
;
360 *pBssType
= BSS_ADHOC
;
362 pEid
= (PEID_STRUCT
) Ptr
;
364 // get variable fields from payload and advance the pointer
365 while ((Length
+ 2 + pEid
->Len
) <= MsgLen
)
368 // Secure copy VIE to VarIE[MAX_VIE_LEN] didn't overflow.
370 if ((*LengthVIE
+ pEid
->Len
+ 2) >= MAX_VIE_LEN
)
372 DBGPRINT(RT_DEBUG_WARN
, ("PeerBeaconAndProbeRspSanity - Variable IEs out of resource [len(=%d) > MAX_VIE_LEN(=%d)]\n",
373 (*LengthVIE
+ pEid
->Len
+ 2), MAX_VIE_LEN
));
380 // Already has one SSID EID in this beacon, ignore the second one
383 if(pEid
->Len
<= MAX_LEN_OF_SSID
)
385 NdisMoveMemory(Ssid
, pEid
->Octet
, pEid
->Len
);
386 *pSsidLen
= pEid
->Len
;
391 DBGPRINT(RT_DEBUG_TRACE
, ("PeerBeaconAndProbeRspSanity - wrong IE_SSID (len=%d)\n",pEid
->Len
));
397 if(pEid
->Len
<= MAX_LEN_OF_SUPPORTED_RATES
)
400 NdisMoveMemory(SupRate
, pEid
->Octet
, pEid
->Len
);
401 *pSupRateLen
= pEid
->Len
;
403 // TODO: 2004-09-14 not a good design here, cause it exclude extra rates
404 // from ScanTab. We should report as is. And filter out unsupported
406 // Check against the supported rates
407 // RTMPCheckRates(pAd, SupRate, pSupRateLen);
411 DBGPRINT(RT_DEBUG_TRACE
, ("PeerBeaconAndProbeRspSanity - wrong IE_SUPP_RATES (len=%d)\n",pEid
->Len
));
417 if (pEid
->Len
>= SIZE_HT_CAP_IE
) //Note: allow extension.!!
419 NdisMoveMemory(pHtCapability
, pEid
->Octet
, sizeof(HT_CAPABILITY_IE
));
420 *pHtCapabilityLen
= SIZE_HT_CAP_IE
; // Nnow we only support 26 bytes.
422 *(USHORT
*)(&pHtCapability
->HtCapInfo
) = cpu2le16(*(USHORT
*)(&pHtCapability
->HtCapInfo
));
423 *(USHORT
*)(&pHtCapability
->ExtHtCapInfo
) = cpu2le16(*(USHORT
*)(&pHtCapability
->ExtHtCapInfo
));
426 *pPreNHtCapabilityLen
= 0; // Nnow we only support 26 bytes.
429 NdisMoveMemory(Ptr
+ *LengthVIE
, &pEid
->Eid
, pEid
->Len
+ 2);
430 *LengthVIE
+= (pEid
->Len
+ 2);
435 DBGPRINT(RT_DEBUG_WARN
, ("PeerBeaconAndProbeRspSanity - wrong IE_HT_CAP. pEid->Len = %d\n", pEid
->Len
));
440 if (pEid
->Len
>= sizeof(ADD_HT_INFO_IE
))
442 // This IE allows extension, but we can ignore extra bytes beyond our knowledge , so only
443 // copy first sizeof(ADD_HT_INFO_IE)
444 NdisMoveMemory(AddHtInfo
, pEid
->Octet
, sizeof(ADD_HT_INFO_IE
));
445 *AddHtInfoLen
= SIZE_ADD_HT_INFO_IE
;
447 CtrlChannel
= AddHtInfo
->ControlChan
;
449 *(USHORT
*)(&AddHtInfo
->AddHtInfo2
) = cpu2le16(*(USHORT
*)(&AddHtInfo
->AddHtInfo2
));
450 *(USHORT
*)(&AddHtInfo
->AddHtInfo3
) = cpu2le16(*(USHORT
*)(&AddHtInfo
->AddHtInfo3
));
454 NdisMoveMemory(Ptr
+ *LengthVIE
, &pEid
->Eid
, pEid
->Len
+ 2);
455 *LengthVIE
+= (pEid
->Len
+ 2);
460 DBGPRINT(RT_DEBUG_WARN
, ("PeerBeaconAndProbeRspSanity - wrong IE_ADD_HT. \n"));
464 case IE_SECONDARY_CH_OFFSET
:
467 *NewExtChannelOffset
= pEid
->Octet
[0];
471 DBGPRINT(RT_DEBUG_WARN
, ("PeerBeaconAndProbeRspSanity - wrong IE_SECONDARY_CH_OFFSET. \n"));
476 DBGPRINT(RT_DEBUG_TRACE
, ("PeerBeaconAndProbeRspSanity(IE_FH_PARM) \n"));
482 *pChannel
= *pEid
->Octet
;
485 if (ChannelSanity(pAd
, *pChannel
) == 0)
496 DBGPRINT(RT_DEBUG_TRACE
, ("PeerBeaconAndProbeRspSanity - wrong IE_DS_PARM (len=%d)\n",pEid
->Len
));
504 pCfParm
->bValid
= TRUE
;
505 pCfParm
->CfpCount
= pEid
->Octet
[0];
506 pCfParm
->CfpPeriod
= pEid
->Octet
[1];
507 pCfParm
->CfpMaxDuration
= pEid
->Octet
[2] + 256 * pEid
->Octet
[3];
508 pCfParm
->CfpDurRemaining
= pEid
->Octet
[4] + 256 * pEid
->Octet
[5];
512 DBGPRINT(RT_DEBUG_TRACE
, ("PeerBeaconAndProbeRspSanity - wrong IE_CF_PARM\n"));
520 NdisMoveMemory(pAtimWin
, pEid
->Octet
, pEid
->Len
);
524 DBGPRINT(RT_DEBUG_TRACE
, ("PeerBeaconAndProbeRspSanity - wrong IE_IBSS_PARM\n"));
530 if(INFRA_ON(pAd
) && SubType
== SUBTYPE_BEACON
)
532 GetTimBit((PUCHAR
)pEid
, pAd
->StaActive
.Aid
, &TimLen
, pBcastFlag
, pDtimCount
, pDtimPeriod
, pMessageToMe
);
536 case IE_CHANNEL_SWITCH_ANNOUNCEMENT
:
539 *pNewChannel
= pEid
->Octet
[1]; //extract new channel number
544 // CCX v2 has the same IE, we need to parse that too
545 // Wifi WMM use the same IE vale, need to parse that too
547 case IE_VENDOR_SPECIFIC
:
548 // Check the OUI version, filter out non-standard usage
549 if (NdisEqualMemory(pEid
->Octet
, RALINK_OUI
, 3) && (pEid
->Len
== 7))
551 //*pRalinkIe = pEid->Octet[3];
552 if (pEid
->Octet
[3] != 0)
553 *pRalinkIe
= pEid
->Octet
[3];
555 *pRalinkIe
= 0xf0000000; // Set to non-zero value (can't set bit0-2) to represent this is Ralink Chip. So at linkup, we will set ralinkchip flag.
557 // This HT IE is before IEEE draft set HT IE value.2006-09-28 by Jan.
559 // Other vendors had production before IE_HT_CAP value is assigned. To backward support those old-firmware AP,
560 // Check broadcom-defiend pre-802.11nD1.0 OUI for HT related IE, including HT Capatilities IE and HT Information IE
561 else if ((*pHtCapabilityLen
== 0) && NdisEqualMemory(pEid
->Octet
, PRE_N_HT_OUI
, 3) && (pEid
->Len
>= 4) && (pAd
->OpMode
== OPMODE_STA
))
563 if ((pEid
->Octet
[3] == OUI_PREN_HT_CAP
) && (pEid
->Len
>= 30) && (*pHtCapabilityLen
== 0))
565 NdisMoveMemory(pHtCapability
, &pEid
->Octet
[4], sizeof(HT_CAPABILITY_IE
));
566 *pPreNHtCapabilityLen
= SIZE_HT_CAP_IE
;
569 if ((pEid
->Octet
[3] == OUI_PREN_ADD_HT
) && (pEid
->Len
>= 26))
571 NdisMoveMemory(AddHtInfo
, &pEid
->Octet
[4], sizeof(ADD_HT_INFO_IE
));
572 *AddHtInfoLen
= SIZE_ADD_HT_INFO_IE
;
575 else if (NdisEqualMemory(pEid
->Octet
, WPA_OUI
, 4))
577 // Copy to pVIE which will report to microsoft bssid list.
579 NdisMoveMemory(Ptr
+ *LengthVIE
, &pEid
->Eid
, pEid
->Len
+ 2);
580 *LengthVIE
+= (pEid
->Len
+ 2);
582 else if (NdisEqualMemory(pEid
->Octet
, WME_PARM_ELEM
, 6) && (pEid
->Len
== 24))
587 // parsing EDCA parameters
588 pEdcaParm
->bValid
= TRUE
;
589 pEdcaParm
->bQAck
= FALSE
; // pEid->Octet[0] & 0x10;
590 pEdcaParm
->bQueueRequest
= FALSE
; // pEid->Octet[0] & 0x20;
591 pEdcaParm
->bTxopRequest
= FALSE
; // pEid->Octet[0] & 0x40;
592 pEdcaParm
->EdcaUpdateCount
= pEid
->Octet
[6] & 0x0f;
593 pEdcaParm
->bAPSDCapable
= (pEid
->Octet
[6] & 0x80) ? 1 : 0;
594 ptr
= &pEid
->Octet
[8];
597 UCHAR aci
= (*ptr
& 0x60) >> 5; // b5~6 is AC INDEX
598 pEdcaParm
->bACM
[aci
] = (((*ptr
) & 0x10) == 0x10); // b5 is ACM
599 pEdcaParm
->Aifsn
[aci
] = (*ptr
) & 0x0f; // b0~3 is AIFSN
600 pEdcaParm
->Cwmin
[aci
] = *(ptr
+1) & 0x0f; // b0~4 is Cwmin
601 pEdcaParm
->Cwmax
[aci
] = *(ptr
+1) >> 4; // b5~8 is Cwmax
602 pEdcaParm
->Txop
[aci
] = *(ptr
+2) + 256 * (*(ptr
+3)); // in unit of 32-us
603 ptr
+= 4; // point to next AC
606 else if (NdisEqualMemory(pEid
->Octet
, WME_INFO_ELEM
, 6) && (pEid
->Len
== 7))
608 // parsing EDCA parameters
609 pEdcaParm
->bValid
= TRUE
;
610 pEdcaParm
->bQAck
= FALSE
; // pEid->Octet[0] & 0x10;
611 pEdcaParm
->bQueueRequest
= FALSE
; // pEid->Octet[0] & 0x20;
612 pEdcaParm
->bTxopRequest
= FALSE
; // pEid->Octet[0] & 0x40;
613 pEdcaParm
->EdcaUpdateCount
= pEid
->Octet
[6] & 0x0f;
614 pEdcaParm
->bAPSDCapable
= (pEid
->Octet
[6] & 0x80) ? 1 : 0;
616 // use default EDCA parameter
617 pEdcaParm
->bACM
[QID_AC_BE
] = 0;
618 pEdcaParm
->Aifsn
[QID_AC_BE
] = 3;
619 pEdcaParm
->Cwmin
[QID_AC_BE
] = CW_MIN_IN_BITS
;
620 pEdcaParm
->Cwmax
[QID_AC_BE
] = CW_MAX_IN_BITS
;
621 pEdcaParm
->Txop
[QID_AC_BE
] = 0;
623 pEdcaParm
->bACM
[QID_AC_BK
] = 0;
624 pEdcaParm
->Aifsn
[QID_AC_BK
] = 7;
625 pEdcaParm
->Cwmin
[QID_AC_BK
] = CW_MIN_IN_BITS
;
626 pEdcaParm
->Cwmax
[QID_AC_BK
] = CW_MAX_IN_BITS
;
627 pEdcaParm
->Txop
[QID_AC_BK
] = 0;
629 pEdcaParm
->bACM
[QID_AC_VI
] = 0;
630 pEdcaParm
->Aifsn
[QID_AC_VI
] = 2;
631 pEdcaParm
->Cwmin
[QID_AC_VI
] = CW_MIN_IN_BITS
-1;
632 pEdcaParm
->Cwmax
[QID_AC_VI
] = CW_MAX_IN_BITS
;
633 pEdcaParm
->Txop
[QID_AC_VI
] = 96; // AC_VI: 96*32us ~= 3ms
635 pEdcaParm
->bACM
[QID_AC_VO
] = 0;
636 pEdcaParm
->Aifsn
[QID_AC_VO
] = 2;
637 pEdcaParm
->Cwmin
[QID_AC_VO
] = CW_MIN_IN_BITS
-2;
638 pEdcaParm
->Cwmax
[QID_AC_VO
] = CW_MAX_IN_BITS
-1;
639 pEdcaParm
->Txop
[QID_AC_VO
] = 48; // AC_VO: 48*32us ~= 1.5ms
643 case IE_EXT_SUPP_RATES
:
644 if (pEid
->Len
<= MAX_LEN_OF_SUPPORTED_RATES
)
646 NdisMoveMemory(ExtRate
, pEid
->Octet
, pEid
->Len
);
647 *pExtRateLen
= pEid
->Len
;
649 // TODO: 2004-09-14 not a good design here, cause it exclude extra rates
650 // from ScanTab. We should report as is. And filter out unsupported
652 // Check against the supported rates
653 // RTMPCheckRates(pAd, ExtRate, pExtRateLen);
660 *pErp
= (UCHAR
)pEid
->Octet
[0];
664 case IE_AIRONET_CKIP
:
665 // 0. Check Aironet IE length, it must be larger or equal to 28
666 // Cisco AP350 used length as 28
667 // Cisco AP12XX used length as 30
668 if (pEid
->Len
< (CKIP_NEGOTIATION_LENGTH
- 2))
671 // 1. Copy CKIP flag byte to buffer for process
672 *pCkipFlag
= *(pEid
->Octet
+ 8);
676 // AP Control of Client Transmit Power
677 //0. Check Aironet IE length, it must be 6
678 if (pEid
->Len
!= 0x06)
681 // Get cell power limit in dBm
682 if (NdisEqualMemory(pEid
->Octet
, CISCO_OUI
, 3) == 1)
683 *pAironetCellPowerLimit
= *(pEid
->Octet
+ 4);
686 // WPA2 & 802.11i RSN
688 // There is no OUI for version anymore, check the group cipher OUI before copying
689 if (RTMPEqualMemory(pEid
->Octet
+ 2, RSN_OUI
, 3))
691 // Copy to pVIE which will report to microsoft bssid list.
693 NdisMoveMemory(Ptr
+ *LengthVIE
, &pEid
->Eid
, pEid
->Len
+ 2);
694 *LengthVIE
+= (pEid
->Len
+ 2);
702 Length
= Length
+ 2 + pEid
->Len
; // Eid[1] + Len[1]+ content[Len]
703 pEid
= (PEID_STRUCT
)((UCHAR
*)pEid
+ 2 + pEid
->Len
);
706 // For some 11a AP. it did not have the channel EID, patch here
708 UCHAR LatchRfChannel
= MsgChannel
;
709 if ((pAd
->LatchRfRegs
.Channel
> 14) && ((Sanity
& 0x4) == 0))
711 if (CtrlChannel
!= 0)
712 *pChannel
= CtrlChannel
;
714 *pChannel
= LatchRfChannel
;
721 DBGPRINT(RT_DEBUG_WARN
, ("PeerBeaconAndProbeRspSanity - missing field, Sanity=0x%02x\n", Sanity
));
732 ==========================================================================
734 MLME message sanity check
736 TRUE if all parameters are OK, FALSE otherwise
737 ==========================================================================
739 BOOLEAN
MlmeScanReqSanity(
740 IN PRTMP_ADAPTER pAd
,
746 OUT UCHAR
*pScanType
)
748 MLME_SCAN_REQ_STRUCT
*Info
;
750 Info
= (MLME_SCAN_REQ_STRUCT
*)(Msg
);
751 *pBssType
= Info
->BssType
;
752 *pSsidLen
= Info
->SsidLen
;
753 NdisMoveMemory(Ssid
, Info
->Ssid
, *pSsidLen
);
754 *pScanType
= Info
->ScanType
;
756 if ((*pBssType
== BSS_INFRA
|| *pBssType
== BSS_ADHOC
|| *pBssType
== BSS_ANY
)
757 && (*pScanType
== SCAN_ACTIVE
|| *pScanType
== SCAN_PASSIVE
758 || *pScanType
== SCAN_CISCO_PASSIVE
|| *pScanType
== SCAN_CISCO_ACTIVE
759 || *pScanType
== SCAN_CISCO_CHANNEL_LOAD
|| *pScanType
== SCAN_CISCO_NOISE
766 DBGPRINT(RT_DEBUG_TRACE
, ("MlmeScanReqSanity fail - wrong BssType or ScanType\n"));
771 // IRQL = DISPATCH_LEVEL
773 IN PRTMP_ADAPTER pAd
,
778 for (i
= 0; i
< pAd
->ChannelListNum
; i
++)
780 if (channel
== pAd
->ChannelList
[i
].Channel
)
787 ==========================================================================
789 MLME message sanity check
791 TRUE if all parameters are OK, FALSE otherwise
793 IRQL = DISPATCH_LEVEL
795 ==========================================================================
797 BOOLEAN
PeerDeauthSanity(
798 IN PRTMP_ADAPTER pAd
,
804 PFRAME_802_11 pFrame
= (PFRAME_802_11
)Msg
;
806 COPY_MAC_ADDR(pAddr2
, pFrame
->Hdr
.Addr2
);
807 NdisMoveMemory(pReason
, &pFrame
->Octet
[0], 2);
813 ==========================================================================
815 MLME message sanity check
817 TRUE if all parameters are OK, FALSE otherwise
819 IRQL = DISPATCH_LEVEL
821 ==========================================================================
823 BOOLEAN
PeerAuthSanity(
824 IN PRTMP_ADAPTER pAd
,
833 PFRAME_802_11 pFrame
= (PFRAME_802_11
)Msg
;
835 COPY_MAC_ADDR(pAddr
, pFrame
->Hdr
.Addr2
);
836 NdisMoveMemory(pAlg
, &pFrame
->Octet
[0], 2);
837 NdisMoveMemory(pSeq
, &pFrame
->Octet
[2], 2);
838 NdisMoveMemory(pStatus
, &pFrame
->Octet
[4], 2);
840 if ((*pAlg
== Ndis802_11AuthModeOpen
)
843 if (*pSeq
== 1 || *pSeq
== 2)
849 DBGPRINT(RT_DEBUG_TRACE
, ("PeerAuthSanity fail - wrong Seg#\n"));
853 else if (*pAlg
== Ndis802_11AuthModeShared
)
855 if (*pSeq
== 1 || *pSeq
== 4)
859 else if (*pSeq
== 2 || *pSeq
== 3)
861 NdisMoveMemory(pChlgText
, &pFrame
->Octet
[8], CIPHER_TEXT_LEN
);
866 DBGPRINT(RT_DEBUG_TRACE
, ("PeerAuthSanity fail - wrong Seg#\n"));
872 DBGPRINT(RT_DEBUG_TRACE
, ("PeerAuthSanity fail - wrong algorithm\n"));
878 ==========================================================================
880 MLME message sanity check
882 TRUE if all parameters are OK, FALSE otherwise
883 ==========================================================================
885 BOOLEAN
MlmeAuthReqSanity(
886 IN PRTMP_ADAPTER pAd
,
893 MLME_AUTH_REQ_STRUCT
*pInfo
;
895 pInfo
= (MLME_AUTH_REQ_STRUCT
*)Msg
;
896 COPY_MAC_ADDR(pAddr
, pInfo
->Addr
);
897 *pTimeout
= pInfo
->Timeout
;
900 if (((*pAlg
== Ndis802_11AuthModeShared
) ||(*pAlg
== Ndis802_11AuthModeOpen
)
902 ((*pAddr
& 0x01) == 0))
908 DBGPRINT(RT_DEBUG_TRACE
, ("MlmeAuthReqSanity fail - wrong algorithm\n"));
914 ==========================================================================
916 MLME message sanity check
918 TRUE if all parameters are OK, FALSE otherwise
920 IRQL = DISPATCH_LEVEL
922 ==========================================================================
924 BOOLEAN
MlmeAssocReqSanity(
925 IN PRTMP_ADAPTER pAd
,
929 OUT USHORT
*pCapabilityInfo
,
931 OUT USHORT
*pListenIntv
)
933 MLME_ASSOC_REQ_STRUCT
*pInfo
;
935 pInfo
= (MLME_ASSOC_REQ_STRUCT
*)Msg
;
936 *pTimeout
= pInfo
->Timeout
; // timeout
937 COPY_MAC_ADDR(pApAddr
, pInfo
->Addr
); // AP address
938 *pCapabilityInfo
= pInfo
->CapabilityInfo
; // capability info
939 *pListenIntv
= pInfo
->ListenIntv
;
945 ==========================================================================
947 MLME message sanity check
949 TRUE if all parameters are OK, FALSE otherwise
951 IRQL = DISPATCH_LEVEL
953 ==========================================================================
955 BOOLEAN
PeerDisassocSanity(
956 IN PRTMP_ADAPTER pAd
,
962 PFRAME_802_11 pFrame
= (PFRAME_802_11
)Msg
;
964 COPY_MAC_ADDR(pAddr2
, pFrame
->Hdr
.Addr2
);
965 NdisMoveMemory(pReason
, &pFrame
->Octet
[0], 2);
971 ========================================================================
973 Sanity check NetworkType (11b, 11g or 11a)
976 pBss - Pointer to BSS table.
979 Ndis802_11DS .......(11b)
980 Ndis802_11OFDM24....(11g)
981 Ndis802_11OFDM5.....(11a)
983 IRQL = DISPATCH_LEVEL
985 ========================================================================
987 NDIS_802_11_NETWORK_TYPE
NetworkTypeInUseSanity(
990 NDIS_802_11_NETWORK_TYPE NetWorkType
;
993 NetWorkType
= Ndis802_11DS
;
995 if (pBss
->Channel
<= 14)
998 // First check support Rate.
1000 for (i
= 0; i
< pBss
->SupRateLen
; i
++)
1002 rate
= pBss
->SupRate
[i
] & 0x7f; // Mask out basic rate set bit
1003 if ((rate
== 2) || (rate
== 4) || (rate
== 11) || (rate
== 22))
1010 // Otherwise (even rate > 108) means Ndis802_11OFDM24
1012 NetWorkType
= Ndis802_11OFDM24
;
1018 // Second check Extend Rate.
1020 if (NetWorkType
!= Ndis802_11OFDM24
)
1022 for (i
= 0; i
< pBss
->ExtRateLen
; i
++)
1024 rate
= pBss
->SupRate
[i
] & 0x7f; // Mask out basic rate set bit
1025 if ((rate
== 2) || (rate
== 4) || (rate
== 11) || (rate
== 22))
1032 // Otherwise (even rate > 108) means Ndis802_11OFDM24
1034 NetWorkType
= Ndis802_11OFDM24
;
1042 NetWorkType
= Ndis802_11OFDM5
;
1045 if (pBss
->HtCapabilityLen
!= 0)
1047 if (NetWorkType
== Ndis802_11OFDM5
)
1048 NetWorkType
= Ndis802_11OFDM5_N
;
1050 NetWorkType
= Ndis802_11OFDM24_N
;