1 /** \file mlmeBuilder.c 2 * \brief 802.11 MLME Builder 3 * 4 * \see mlmeBuilder.h 5 */ 6 7 /**************************************************************************** 8 **+-----------------------------------------------------------------------+** 9 **| |** 10 **| Copyright(c) 1998 - 2008 Texas Instruments. All rights reserved. |** 11 **| All rights reserved. |** 12 **| |** 13 **| Redistribution and use in source and binary forms, with or without |** 14 **| modification, are permitted provided that the following conditions |** 15 **| are met: |** 16 **| |** 17 **| * Redistributions of source code must retain the above copyright |** 18 **| notice, this list of conditions and the following disclaimer. |** 19 **| * Redistributions in binary form must reproduce the above copyright |** 20 **| notice, this list of conditions and the following disclaimer in |** 21 **| the documentation and/or other materials provided with the |** 22 **| distribution. |** 23 **| * Neither the name Texas Instruments nor the names of its |** 24 **| contributors may be used to endorse or promote products derived |** 25 **| from this software without specific prior written permission. |** 26 **| |** 27 **| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |** 28 **| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |** 29 **| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |** 30 **| A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |** 31 **| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |** 32 **| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |** 33 **| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |** 34 **| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |** 35 **| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |** 36 **| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |** 37 **| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |** 38 **| |** 39 **+-----------------------------------------------------------------------+** 40 ****************************************************************************/ 41 42 /***************************************************************************/ 43 /* */ 44 /* MODULE: mlmeBuilder.c */ 45 /* PURPOSE: 802.11 MLME Builder */ 46 /* */ 47 /***************************************************************************/ 48 49 50 51 #include "802_11Defs.h" 52 53 #include "osApi.h" 54 55 #include "paramOut.h" 56 #include "paramIn.h" 57 58 #include "utils.h" 59 #include "memMngrEx.h" 60 #include "report.h" 61 62 #include "DataCtrl_Api.h" 63 #include "smeApi.h" 64 65 #include "mlmeApi.h" 66 #include "mlmeSm.h" 67 #include "Assoc/AssocSM.h" 68 #include "Auth/authSm.h" 69 70 #include "mlmeParser.h" 71 #include "measurementMgrApi.h" 72 #include "siteMgrApi.h" 73 #include "spectrumMngmntMgr.h" 74 #include "currBss.h" 75 #include "apConn.h" 76 #include "SwitchChannelApi.h" 77 #include "regulatoryDomainApi.h" 78 #include "qosMngr_API.h" 79 80 81 /* Constants */ 82 83 /* Enumerations */ 84 85 /* Typedefs */ 86 87 /* Structures */ 88 89 /* External data definitions */ 90 91 /* External functions definitions */ 92 93 /* Local function prototypes */ 94 95 /* Functions */ 96 97 #define BcnMissTst 0 98 #define BcnMissTstWithScrPad7 0 99 #define CHECK_PARSING_ERROR_CONDITION_PRINT 0 100 101 #if BcnMissTst 102 static void mlmeParser_printBeaconDebugInfo(TI_HANDLE theMlmeHandle, 103 mlmeFrameInfo_t theFrame); 104 #endif 105 106 BOOL MissingBcnInt = FALSE ; 107 extern int WMEQosTagToACTable[MAX_NUM_OF_802_1d_TAGS]; 108 109 TI_STATUS mlmeParser_recv(TI_HANDLE hMlme, mem_MSDU_T *pMsdu, Rx_attr_t* pRxAttr) 110 { 111 TI_STATUS status = NOK; 112 mlme_t *pHandle; 113 UINT8 *pData; 114 INT32 bodyDataLen; 115 UINT32 readLen; 116 dot11_eleHdr_t *pEleHdr; 117 dot11_mgmtFrame_t *pMgmtFrame; 118 dot11MgmtSubType_e msgType; 119 paramInfo_t param; 120 macAddress_t recvBssid; 121 macAddress_t recvSa; 122 UINT8 rsnIeIdx = 0; 123 UINT8 wpaIeOuiIe[] = WPA_IE_OUI; 124 UINT8 ti_oui[] = TI_OUI; 125 #ifdef EXC_MODULE_INCLUDED 126 UINT8 exc_oui[] = EXC_OUI; 127 EXCv4IEs_t *pExcIeParameter; 128 #endif 129 BOOL ciscoIEPresent = FALSE; 130 #if BcnMissTst 131 /* debug info */ 132 UINT32 currProbeRspTSFTime = 0; 133 UINT32 deltaProbeRspTSFTime = 0; 134 #endif 135 136 137 if (hMlme == NULL) 138 { 139 return NOK; 140 } 141 142 pHandle = (mlme_t*)hMlme; 143 144 if (pMsdu == NULL) 145 { 146 return NOK; 147 } 148 149 /* zero frame content */ 150 os_memoryZero(pHandle->hOs, &(pHandle->tempFrameInfo), sizeof(mlmeIEParsingParams_t)); 151 152 pMgmtFrame = (dot11_mgmtFrame_t*)(memMgr_BufData(pMsdu->firstBDPtr) + memMgr_BufOffset(pMsdu->firstBDPtr)) ; 153 154 /* get frame type */ 155 status = mlmeParser_getFrameType(pHandle, (UINT16 *)&pMgmtFrame->hdr.fc, &msgType); 156 if (status != OK) 157 { 158 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 159 return OK; 160 } 161 162 pHandle->tempFrameInfo.frame.subType = msgType; 163 164 /* We have to ignore management frames from other BSSIDs (except beacons & probe responses) */ 165 param.paramType = CTRL_DATA_CURRENT_BSSID_PARAM; 166 ctrlData_getParam(pHandle->hCtrlData, ¶m); 167 168 os_memoryCopy(pHandle->hOs, &(recvBssid.addr), &(pMgmtFrame->hdr.BSSID), MAC_ADDR_LEN); 169 170 os_memoryCopy(pHandle->hOs, &(recvSa.addr), &(pMgmtFrame->hdr.SA), MAC_ADDR_LEN); 171 172 if (MAC_EQUAL((&(param.content.ctrlDataCurrentBSSID)), (&(recvBssid)))) 173 pHandle->tempFrameInfo.myBssid = TRUE; 174 else 175 pHandle->tempFrameInfo.myBssid = FALSE; 176 177 if (MAC_EQUAL((&(param.content.ctrlDataCurrentBSSID)), (&(recvSa)))) 178 pHandle->tempFrameInfo.mySa = TRUE; 179 else 180 pHandle->tempFrameInfo.mySa = FALSE; 181 182 /* The Default value of the myDst flag is false, only in case of unicast packet with the STA's destination address, the flag is set to True */ 183 pHandle->tempFrameInfo.myDst = FALSE; 184 185 /* check destination MAC address for broadcast */ 186 187 if (MAC_BROADCAST((&pMgmtFrame->hdr.DA))) 188 { 189 pHandle->tempFrameInfo.frame.extesion.destType = MSG_BROADCAST; 190 } 191 else 192 { 193 if (MAC_MULTICAST((&pMgmtFrame->hdr.DA))) 194 { 195 pHandle->tempFrameInfo.frame.extesion.destType = MSG_MULTICAST; 196 } 197 else 198 { 199 pHandle->tempFrameInfo.frame.extesion.destType = MSG_UNICAST; 200 201 param.paramType = CTRL_DATA_MAC_ADDRESS; 202 ctrlData_getParam(pHandle->hCtrlData, ¶m); 203 204 /* Verifying whether the received unicast packet is for the STA, if yes we set the flag to True */ 205 if (MAC_EQUAL( (&(param.content.ctrlDataDeviceMacAddress)), (&(pMgmtFrame->hdr.DA)) ) ) 206 pHandle->tempFrameInfo.myDst = TRUE; 207 208 209 } 210 } 211 212 MAC_COPY(pHandle->hOs, (&(pHandle->tempFrameInfo.bssid)), (&pMgmtFrame->hdr.BSSID)); 213 214 pData = (UINT8 *)(pMgmtFrame->body); 215 216 /* length of body (msdu without 802.11 header and FCS) */ 217 bodyDataLen = pMsdu->dataLen - WLAN_HDR_LEN; 218 219 switch (msgType) 220 { 221 case ASSOC_REQUEST: 222 WLAN_REPORT_SM(pHandle->hReport, MLME_SM_MODULE_LOG, 223 ("MLME_PARSER: recieved ASSOC_REQ message \n")); 224 break; 225 case RE_ASSOC_REQUEST: 226 WLAN_REPORT_SM(pHandle->hReport, MLME_SM_MODULE_LOG, 227 ("MLME_PARSER: recieved RE_ASSOC_REQ message \n")); 228 break; 229 case RE_ASSOC_RESPONSE: 230 WLAN_REPORT_SM(pHandle->hReport, MLME_SM_MODULE_LOG, 231 ("MLME_PARSER: recieved RE_ASSOC_RSP message \n")); 232 /* break;*/ 233 case ASSOC_RESPONSE: 234 /* if the assoc response is not directed to our STA or not from the current AP */ 235 if ((!pHandle->tempFrameInfo.myBssid) || (!pHandle->tempFrameInfo.mySa) || (pHandle->tempFrameInfo.myDst == FALSE)) 236 break; 237 238 /* Save the association response message */ 239 assoc_saveAssocRespMessage(pHandle->hAssoc, (UINT8 *)(pMgmtFrame->body), bodyDataLen); 240 241 /* init frame fields */ 242 pHandle->tempFrameInfo.frame.content.assocRsp.barkerPreambleMode = PREAMBLE_UNSPECIFIED; 243 244 /* read capabilities */ 245 pHandle->tempFrameInfo.frame.content.assocRsp.capabilities = ENDIAN_HANDLE_WORD(*(UINT16*)pData); 246 pData += 2; 247 /* read status */ 248 pHandle->tempFrameInfo.frame.content.assocRsp.status = ENDIAN_HANDLE_WORD(*(UINT16*)pData); 249 pData += 2; 250 /* read AID */ 251 pHandle->tempFrameInfo.frame.content.assocRsp.aid = ENDIAN_HANDLE_WORD(*(UINT16*)pData); 252 pData += 2; 253 254 bodyDataLen -= ASSOC_RESP_FIXED_DATA_LEN; 255 /***************************/ 256 257 pHandle->tempFrameInfo.frame.content.assocRsp.pRsnIe = NULL; 258 pHandle->tempFrameInfo.frame.content.assocRsp.rsnIeLen = 0; 259 while (bodyDataLen > 2) 260 { 261 pEleHdr = (dot11_eleHdr_t*)pData; 262 263 if (pEleHdr->eleLen > (bodyDataLen - 2)) 264 { 265 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, 266 ("MLME_PARSER: IE %d with length %d out of bounds %d\n", pEleHdr->eleId, pEleHdr->eleLen, (bodyDataLen - 2))); 267 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 268 return NOK; 269 } 270 271 switch (pEleHdr->eleId) 272 { 273 /* read rates */ 274 case SUPPORTED_RATES_IE_ID: 275 pHandle->tempFrameInfo.frame.content.assocRsp.pRates = &(pHandle->tempFrameInfo.rates); 276 status = mlmeParser_readRates(pHandle, pData, bodyDataLen, &readLen, &(pHandle->tempFrameInfo.rates)); 277 if (status != OK) 278 { 279 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, 280 ("MLME_PARSER: error reading RATES\n")); 281 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 282 return NOK; 283 } 284 break; 285 286 case EXT_SUPPORTED_RATES_IE_ID: 287 /* read rates */ 288 pHandle->tempFrameInfo.frame.content.assocRsp.pExtRates = &(pHandle->tempFrameInfo.extRates); 289 status = mlmeParser_readRates(pHandle, pData, bodyDataLen, &readLen, &(pHandle->tempFrameInfo.extRates)); 290 if (status != OK) 291 { 292 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 293 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,("MLME_PARSER: error reading RATES\n")); 294 return NOK; 295 } 296 break; 297 298 case ERP_IE_ID: 299 status = mlmeParser_readERP(pHandle, pData, bodyDataLen, &readLen, 300 (BOOL *)&(pHandle->tempFrameInfo.frame.content.assocRsp.useProtection), 301 (preamble_e *)&(pHandle->tempFrameInfo.frame.content.assocRsp.barkerPreambleMode)); 302 if (status != OK) 303 { 304 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 305 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,("MLME_PARSER: error reading ERP\n")); 306 return NOK; 307 } 308 break; 309 310 case DOT11_4X_ELE_ID: 311 /* Note : WPA, WME, TSRS, MSDU lifetime and 4X use the same Element ID */ 312 /* Its assumes that: 313 4X - uses OUI = 0x08,0x00,0x28; 314 TSRS and MSDU lifetime use OUI = 0x00,0x40,0x96 (=Cisco) but 315 use different OUI Type: 316 TSRS uses OUI Type 8 317 MSDU lifetime uses OUI Type 9; 318 WPA and WME use the same OUI = 0x00,0x50,0xf2 but 319 use different OUI Type: 320 WPA - uses OUI Type with value - 1 321 WME - uses OUI Type with value - 2. 322 */ 323 324 /* check if this is 4X IE */ 325 if(os_memoryCompare(pHandle->hOs ,ti_oui, pData+2, DOT11_OUI_LEN) == 0) 326 { 327 pHandle->tempFrameInfo.frame.content.assocRsp.fourXParams = &(pHandle->tempFrameInfo.fourXParams); 328 status = mlmeParser_read4Xxarams(pHandle, pData, bodyDataLen, &readLen, 329 &(pHandle->tempFrameInfo.fourXParams)); 330 if (status != OK) 331 { 332 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, 333 ("MLME_PARSER: error reading 4X parameters\n")); 334 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 335 return NOK; 336 } 337 } 338 /* check if this is WME IE */ 339 else if((os_memoryCompare(pHandle->hOs, wpaIeOuiIe, pData+2, DOT11_OUI_LEN) == 0) && 340 ((*(UINT8*)(pData+5)) == dot11_WME_OUI_TYPE)) 341 { 342 pHandle->tempFrameInfo.frame.content.assocRsp.WMEParams = &(pHandle->tempFrameInfo.WMEParams); 343 status = mlmeParser_readWMEParams(pHandle, pData, bodyDataLen, &readLen, 344 &(pHandle->tempFrameInfo.WMEParams), 345 &(pHandle->tempFrameInfo.frame.content.assocRsp)); 346 if (status != OK) 347 { 348 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, 349 ("MLME_PARSER: error reading WME parameters\n")); 350 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 351 return NOK; 352 } 353 } 354 #ifdef EXC_MODULE_INCLUDED 355 /* check if this is EXC vendor specific OUI */ 356 else if (os_memoryCompare(pHandle->hOs, exc_oui, pData+2, DOT11_OUI_LEN) == 0) 357 { 358 pExcIeParameter = &(pHandle->tempFrameInfo.frame.content.assocRsp.excIEs[WMEQosTagToACTable[*(pData+6)]]); 359 mlmeParser_readExcOui(pData, bodyDataLen, &readLen, pExcIeParameter); 360 } 361 #endif 362 else 363 { 364 /* skip this IE */ 365 readLen = pEleHdr->eleLen + 2; 366 } 367 break; 368 case EXC_EXT_1_IE_ID: 369 ciscoIEPresent = TRUE; 370 pHandle->tempFrameInfo.frame.content.assocRsp.pRsnIe = &(pHandle->tempFrameInfo.rsnIe[0]); 371 status = mlmeParser_readRsnIe(pHandle, pData, bodyDataLen, &readLen, 372 &(pHandle->tempFrameInfo.rsnIe[rsnIeIdx])); 373 if (status != OK) 374 { 375 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, 376 ("MLME_PARSER: error reading EXC EXT1 IE\n")); 377 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 378 return NOK; 379 } 380 381 pHandle->tempFrameInfo.frame.content.assocRsp.rsnIeLen += readLen; 382 rsnIeIdx ++; 383 break; 384 385 case EXC_EXT_2_IE_ID: 386 ciscoIEPresent = TRUE; 387 pHandle->tempFrameInfo.frame.content.assocRsp.pRsnIe = &(pHandle->tempFrameInfo.rsnIe[0]); 388 status = mlmeParser_readRsnIe(pHandle, pData, bodyDataLen, &readLen, 389 &(pHandle->tempFrameInfo.rsnIe[rsnIeIdx])); 390 if (status != OK) 391 { 392 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, 393 ("MLME_PARSER: error reading RSN IP ADDR IE\n")); 394 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 395 return NOK; 396 } 397 398 pHandle->tempFrameInfo.frame.content.assocRsp.rsnIeLen += readLen; 399 rsnIeIdx ++; 400 break; 401 402 case DOT11_QOS_CAPABILITY_ELE_ID: 403 pHandle->tempFrameInfo.frame.content.assocRsp.QoSCapParameters = &(pHandle->tempFrameInfo.QosCapParams); 404 status = mlmeParser_readQosCapabilityIE(pHandle, pData, bodyDataLen, &readLen, 405 &(pHandle->tempFrameInfo.QosCapParams)); 406 if (status != OK) 407 { 408 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 409 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,("MLME_PARSER: error reading QOS\n")); 410 return NOK; 411 } 412 break; 413 414 default: 415 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG, 416 ("MLME_PARSER: unsupported IE found (%d)\n", pEleHdr->eleId)); 417 readLen = pEleHdr->eleLen + 2; 418 status = OK; 419 break; 420 } 421 422 pData += readLen; 423 bodyDataLen -= readLen; 424 } 425 /***************************/ 426 427 /* set the appropriate flag in the association response frame */ 428 /* to indicate whether or not we encountered a Cisco IE, i.e., */ 429 /* if we have any indication as to whether the AP we've associated */ 430 /* with is a Cisco AP. */ 431 pHandle->tempFrameInfo.frame.content.assocRsp.ciscoIEPresent = ciscoIEPresent; 432 433 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG, 434 ("MLME_PARSER: ciscoIEPresent = %d\n", ciscoIEPresent)); 435 436 status = assoc_recv(pHandle->hAssoc, &(pHandle->tempFrameInfo.frame)); 437 break; 438 439 case PROBE_REQUEST: 440 WLAN_REPORT_SM(pHandle->hReport, MLME_SM_MODULE_LOG, 441 ("MLME_PARSER: recieved PROBE_REQ message \n")); 442 break; 443 case PROBE_RESPONSE: 444 445 WLAN_REPORT_SM(pHandle->hReport, MLME_SM_MODULE_LOG, 446 ("MLME_PARSER: recieved PROBE_RESPONSE message \n")); 447 448 if(pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4 > MAX_BEACON_BODY_LENGTH) 449 { 450 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG, 451 ("mlmeParser_recv: probe response length out of range. length=%d, band=%d, channel=%d\n", pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4, pRxAttr->band, pRxAttr->channel)); 452 /* Error in parsing probe response packet - exit */ 453 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 454 return NOK; 455 456 } 457 458 /* init frame fields */ 459 pHandle->tempFrameInfo.frame.content.iePacket.barkerPreambleMode = PREAMBLE_UNSPECIFIED; 460 461 /* read time stamp */ 462 os_memoryCopy(pHandle->hOs, (void *)pHandle->tempFrameInfo.frame.content.iePacket.timestamp, pData, TIME_STAMP_LEN); 463 pData += TIME_STAMP_LEN; 464 465 bodyDataLen -= TIME_STAMP_LEN; 466 /* read beacon interval */ 467 pHandle->tempFrameInfo.frame.content.iePacket.beaconInerval = ENDIAN_HANDLE_WORD(*(UINT16*)pData); 468 pData += 2; 469 /* read capabilities */ 470 pHandle->tempFrameInfo.frame.content.iePacket.capabilities = ENDIAN_HANDLE_WORD(*(UINT16*)pData); 471 pData += 2; 472 473 bodyDataLen -= 4; 474 pHandle->tempFrameInfo.frame.content.iePacket.pRsnIe = NULL; 475 pHandle->tempFrameInfo.frame.content.iePacket.rsnIeLen = 0; 476 477 pHandle->tempFrameInfo.band = pRxAttr->band; 478 pHandle->tempFrameInfo.rxChannel = pRxAttr->channel; 479 480 if ((pRxAttr->band == RADIO_BAND_2_4_GHZ) && (pRxAttr->channel > NUM_OF_CHANNELS_24)) 481 { 482 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, 483 ("mlmeParser_recv, band=%d, channel=%d\n", pRxAttr->band, pRxAttr->channel)); 484 /* Error in parsing Probe response packet - exit */ 485 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 486 return NOK; 487 488 } 489 else if ((pRxAttr->band == RADIO_BAND_5_0_GHZ) && (pRxAttr->channel <= NUM_OF_CHANNELS_24)) 490 { 491 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, 492 ("mlmeParser_recv, band=%d, channel=%d\n", pRxAttr->band, pRxAttr->channel)); 493 /* Error in parsing Probe response packet - exit */ 494 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 495 return NOK; 496 497 } 498 if (mlmeParser_parseIEs(hMlme, pData, bodyDataLen, &(pHandle->tempFrameInfo)) != OK) 499 { 500 /* Error in parsing Probe response packet - exit */ 501 WLAN_REPORT_WARNING(pHandle->hReport, MLME_SM_MODULE_LOG,("mlmeParser_parseIEs: Error in parsing probe response \n")); 502 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 503 return NOK; 504 } 505 506 /* Check if there is a scan in progress */ 507 if ( NULL != pHandle->resultCBFunc ) 508 { 509 /* result CB is registered - results are sent to the registered callback */ 510 pHandle->resultCBFunc( pHandle->resultCBObj, &(pHandle->tempFrameInfo.bssid), &(pHandle->tempFrameInfo.frame), pRxAttr, 511 (UINT8 *)(pMgmtFrame->body+TIME_STAMP_LEN+4), 512 pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4 ); 513 } 514 currBSS_probRespReceivedCallb(pHandle->hCurrBss, pRxAttr, &(pHandle->tempFrameInfo.bssid), 515 &(pHandle->tempFrameInfo.frame), 516 (char *)pMgmtFrame->body+TIME_STAMP_LEN+4, 517 pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4); 518 519 /* For Debug */ 520 #if BcnMissTst 521 522 /* Printing all the required parameters of the received ProbeRsp */ 523 currProbeRspTSFTime = (UINT32)ENDIAN_HANDLE_LONG(*(INT32*)(pHandle->tempFrameInfo.frame.content.iePacket.timestamp)); 524 deltaProbeRspTSFTime = (UINT32)((UINT32)currProbeRspTSFTime - (UINT32)pHandle->debug_lastProbeRspTSFTime); 525 526 if(pHandle->tempFrameInfo.frame.content.iePacket.pSsid != NULL) 527 { 528 WLAN_REPORT_INFORMATION(pHandle->hReport, 529 MLME_SM_MODULE_LOG, 530 ("ProbeRsp ssid=%8s TS=0x%x TSDelta=0x%x beaconInt=%d HostTime = %d\n", 531 pHandle->tempFrameInfo.frame.content.iePacket.pSsid->serviceSetId, 532 currProbeRspTSFTime, 533 deltaProbeRspTSFTime, 534 pHandle->tempFrameInfo.frame.content.iePacket.beaconInerval, 535 os_timeStampMs(pHandle))); 536 } 537 538 if(pHandle->tempFrameInfo.frame.content.iePacket.pSsid == NULL) 539 WLAN_REPORT_INFORMATION(pHandle->hReport, 540 MLME_SM_MODULE_LOG, 541 ("SSID null\n")); 542 543 pHandle->debug_lastProbeRspTSFTime = currProbeRspTSFTime; 544 545 #endif /* BcnMissTst */ 546 if(pHandle->tempFrameInfo.recvChannelSwitchAnnoncIE == FALSE) 547 { 548 switchChannel_recvCmd(pHandle->hSwitchChannel, NULL, pRxAttr->channel); 549 } 550 551 break; 552 case BEACON: 553 554 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG, 555 ("MLME_PARSER: recieved BEACON message, TS= %ld\n", os_timeStampMs(pHandle->hOs))); 556 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG, ("beacon MSDU") ); 557 558 if(pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4 > MAX_BEACON_BODY_LENGTH) 559 { 560 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, 561 ("mlmeParser_recv: beacon length out of range. length=%d, band=%d, channel=%d\n", pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4, pRxAttr->band, pRxAttr->channel)); 562 /* Error in parsing beacon packet - exit */ 563 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 564 return NOK; 565 566 } 567 568 /* init frame fields */ 569 pHandle->tempFrameInfo.frame.content.iePacket.barkerPreambleMode = PREAMBLE_UNSPECIFIED; 570 571 /* read time stamp */ 572 os_memoryCopy(pHandle->hOs, (void *)pHandle->tempFrameInfo.frame.content.iePacket.timestamp, pData, TIME_STAMP_LEN); 573 pData += TIME_STAMP_LEN; 574 575 bodyDataLen -= TIME_STAMP_LEN; 576 /* read beacon interval */ 577 pHandle->tempFrameInfo.frame.content.iePacket.beaconInerval = ENDIAN_HANDLE_WORD(*(UINT16*)pData); 578 pData += 2; 579 /* read capabilities */ 580 pHandle->tempFrameInfo.frame.content.iePacket.capabilities = ENDIAN_HANDLE_WORD(*(UINT16*)pData); 581 pData += 2; 582 583 bodyDataLen -= 4; 584 pHandle->tempFrameInfo.frame.content.iePacket.pRsnIe = NULL; 585 pHandle->tempFrameInfo.frame.content.iePacket.rsnIeLen = 0; 586 587 if ((pRxAttr->band == RADIO_BAND_2_4_GHZ) && (pRxAttr->channel > NUM_OF_CHANNELS_24)) 588 { 589 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, 590 ("mlmeParser_recv, band=%d, channel=%d\n", pRxAttr->band, pRxAttr->channel)); 591 /* Error in parsing Probe response packet - exit */ 592 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 593 return NOK; 594 595 } 596 else if ((pRxAttr->band == RADIO_BAND_5_0_GHZ) && (pRxAttr->channel <= NUM_OF_CHANNELS_24)) 597 { 598 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, 599 ("mlmeParser_recv, band=%d, channel=%d\n", pRxAttr->band, pRxAttr->channel)); 600 /* Error in parsing Probe response packet - exit */ 601 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 602 return NOK; 603 604 } 605 pHandle->tempFrameInfo.band = pRxAttr->band; 606 pHandle->tempFrameInfo.rxChannel = pRxAttr->channel; 607 608 if (mlmeParser_parseIEs(hMlme, pData, bodyDataLen, &(pHandle->tempFrameInfo)) != OK) 609 { 610 WLAN_REPORT_WARNING(pHandle->hReport, MLME_SM_MODULE_LOG,("mlmeParser_parseIEs - Error in parsing Beacon \n")); 611 /* Error in parsing Beacon packet - exit */ 612 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle); 613 return NOK; 614 } 615 616 /* Check if there is a scan in progress */ 617 if ( NULL != pHandle->resultCBFunc ) 618 { 619 /* result CB is registered - results are sent to the registered callback */ 620 pHandle->resultCBFunc( pHandle->resultCBObj, &(pHandle->tempFrameInfo.bssid), &(pHandle->tempFrameInfo.frame), pRxAttr, 621 (UINT8 *)(pMgmtFrame->body+TIME_STAMP_LEN+4), 622 pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4 ); 623 } 624 625 /* Counting the number of recieved beacons - used for statistics */ 626 pHandle->BeaconsCounterPS++; 627 628 currBSS_beaconReceivedCallb(pHandle->hCurrBss, pRxAttr, &(pHandle->tempFrameInfo.bssid), 629 &(pHandle->tempFrameInfo.frame), (char *)pMgmtFrame->body+TIME_STAMP_LEN+4, 630 pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4); 631 632 #if BcnMissTst 633 if ( pHandle->tempFrameInfo.myBssid ) 634 { 635 mlmeParser_printBeaconDebugInfo(hMlme, 636 pHandle->tempFrameInfo.frame); 637 } 638 #endif 639 if (pHandle->tempFrameInfo.recvChannelSwitchAnnoncIE == FALSE) 640 { 641 switchChannel_recvCmd(pHandle->hSwitchChannel, NULL, pRxAttr->channel); 642 } 643 644 break; 645 case ATIM: 646 if (!pHandle->tempFrameInfo.myBssid) 647 break; 648 649 WLAN_REPORT_SM(pHandle->hReport, MLME_SM_MODULE_LOG, 650 ("MLME_PARSER: recieved ATIM message \n")); 651 break; 652 case DIS_ASSOC: 653 if ((!pHandle->tempFrameInfo.myBssid) || (!pHandle->tempFrameInfo.mySa)) 654 break; 655 656 /* consider the DisAssoc frame if it is one of the following: 657 1) unicast frame and directed to our STA 658 2) broadcast frame 659 */ 660 if((pHandle->tempFrameInfo.frame.extesion.destType == MSG_UNICAST) && 661 (pHandle->tempFrameInfo.myDst == FALSE)) 662 break; 663 664 /* read Reason interval */ 665 pHandle->tempFrameInfo.frame.content.disAssoc.reason = ENDIAN_HANDLE_WORD(*(UINT16*)pData); 666 667 { /* Send roaming trigger */ 668 roamingEventData_u RoamingEventData; 669 RoamingEventData.APDisconnect.uStatusCode = pHandle->tempFrameInfo.frame.content.disAssoc.reason; 670 RoamingEventData.APDisconnect.bDeAuthenticate = FALSE; /* i.e. This is not DeAuth packet */ 671 apConn_reportRoamingEvent(pHandle->hApConn, ROAMING_TRIGGER_AP_DISCONNECT, &RoamingEventData); 672 } 673 674 break; 675 case AUTH: 676 /* Auth response frame is should be directed to our STA, and from the current AP */ 677 if ((!pHandle->tempFrameInfo.myBssid) || (!pHandle->tempFrameInfo.mySa) || (pHandle->tempFrameInfo.myDst == FALSE)) 678 break; 679 680 /* read Algorithm interval */ 681 pHandle->tempFrameInfo.frame.content.auth.authAlgo = ENDIAN_HANDLE_WORD(*(UINT16*)pData); 682 pData += 2; 683 /* read Sequence number */ 684 pHandle->tempFrameInfo.frame.content.auth.seqNum = ENDIAN_HANDLE_WORD(*(UINT16*)pData); 685 pData += 2; 686 /* read status */ 687 pHandle->tempFrameInfo.frame.content.auth.status = ENDIAN_HANDLE_WORD(*(UINT16*)pData); 688 pData += 2; 689 690 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG, 691 ("MLME_PARSER: Read Auth: algo=%d, seq=%d, status=%d\n", 692 pHandle->tempFrameInfo.frame.content.auth.authAlgo, 693 pHandle->tempFrameInfo.frame.content.auth.seqNum, 694 pHandle->tempFrameInfo.frame.content.auth.status)); 695 bodyDataLen -= 6; 696 /* read Challenge */ 697 pHandle->tempFrameInfo.frame.content.auth.pChallenge = &(pHandle->tempFrameInfo.challenge); 698 status = mlmeParser_readChallange(pHandle, pData, bodyDataLen, &readLen, &(pHandle->tempFrameInfo.challenge)); 699 if (status != OK) 700 { 701 pHandle->tempFrameInfo.challenge.hdr.eleLen = 0; 702 readLen = 0; 703 } 704 pData += readLen; 705 706 status = auth_recv(pHandle->hAuth, &(pHandle->tempFrameInfo.frame)); 707 break; 708 case DE_AUTH: 709 if ((!pHandle->tempFrameInfo.myBssid) || (!pHandle->tempFrameInfo.mySa)) 710 break; 711 712 /* consider the Assoc frame if it is one of the following: 713 1) unicast frame and directed to our STA 714 2) broadcast frame 715 */ 716 if((pHandle->tempFrameInfo.frame.extesion.destType == MSG_UNICAST) && 717 (pHandle->tempFrameInfo.myDst == FALSE)) 718 break; 719 720 /* read Reason */ 721 pHandle->tempFrameInfo.frame.content.deAuth.reason = ENDIAN_HANDLE_WORD(*(UINT16*)pData); 722 723 { /* Send roaming trigger */ 724 roamingEventData_u RoamingEventData; 725 RoamingEventData.APDisconnect.uStatusCode = pHandle->tempFrameInfo.frame.content.disAssoc.reason; 726 RoamingEventData.APDisconnect.bDeAuthenticate = TRUE; /* i.e. This is DeAuth packet */ 727 apConn_reportRoamingEvent(pHandle->hApConn, ROAMING_TRIGGER_AP_DISCONNECT, &RoamingEventData); 728 } 729 break; 730 731 case ACTION: 732 param.paramType = CTRL_DATA_CURRENT_BSS_TYPE_PARAM; 733 ctrlData_getParam(pHandle->hCtrlData, ¶m); 734 735 if ((!pHandle->tempFrameInfo.myBssid) || 736 ((!pHandle->tempFrameInfo.mySa) && (param.content.ctrlDataCurrentBssType == BSS_INFRASTRUCTURE))) 737 break; 738 739 /* if the action frame is unicast and not directed to our STA, we should ignore it */ 740 if((pHandle->tempFrameInfo.frame.extesion.destType == MSG_UNICAST) && 741 (pHandle->tempFrameInfo.myDst == FALSE)) 742 break; 743 744 745 /* read Category field */ 746 pHandle->tempFrameInfo.frame.content.action.category = *pData; 747 pData ++; 748 bodyDataLen --; 749 750 /* Checking if the category field is valid */ 751 if(( pHandle->tempFrameInfo.frame.content.action.category != CATAGORY_SPECTRUM_MANAGEMENT) && 752 (pHandle->tempFrameInfo.frame.content.action.category != CATAGORY_QOS) && 753 (pHandle->tempFrameInfo.frame.content.action.category != WME_CATAGORY_QOS) ) 754 { 755 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, 756 ("MLME_PARSER: Error category is invalid for action management frame %d \n", 757 pHandle->tempFrameInfo.frame.content.action.category )); 758 break; 759 } 760 761 switch(pHandle->tempFrameInfo.frame.content.action.category) 762 { 763 case CATAGORY_QOS: 764 case WME_CATAGORY_QOS: 765 /* read action field */ 766 pHandle->tempFrameInfo.frame.content.action.action = *pData; 767 pData ++; 768 bodyDataLen --; 769 770 QosMngr_receiveActionFrames(pHandle->hQosMngr, pData, pHandle->tempFrameInfo.frame.content.action.action, bodyDataLen); 771 break; 772 773 case CATAGORY_SPECTRUM_MANAGEMENT: 774 /* read action field */ 775 pHandle->tempFrameInfo.frame.content.action.action = *pData; 776 pData ++; 777 bodyDataLen --; 778 779 switch(pHandle->tempFrameInfo.frame.content.action.action) 780 { 781 case MEASUREMENT_REQUEST: 782 /* Checking the frame type */ 783 if(pHandle->tempFrameInfo.frame.extesion.destType == MSG_BROADCAST) 784 pHandle->tempFrameInfo.frame.content.action.frameType = MSR_FRAME_TYPE_BROADCAST; 785 else 786 pHandle->tempFrameInfo.frame.content.action.frameType = MSR_FRAME_TYPE_UNICAST; 787 788 /*measurementMgr_receiveFrameRequest(pHandle->hMeasurementMgr, 789 pHandle->tempFrameInfo.frame.content.action.frameType, 790 bodyDataLen,pData);*/ 791 break; 792 793 case TPC_REQUEST: 794 /*measurementMgr_receiveTPCRequest(pHandle->hMeasurementMgr,(UINT8)bodyDataLen,pData);*/ 795 break; 796 797 case CHANNEL_SWITCH_ANNOUNCEMENT: 798 if (pHandle->tempFrameInfo.myBssid) 799 { /* Ignore Switch Channel commands from non my BSSID */ 800 mlmeParser_readChannelSwitch(pHandle,pData,bodyDataLen,&readLen,&(pHandle->tempFrameInfo.channelSwitch), 801 pRxAttr->channel); 802 } 803 break; 804 805 default: 806 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, 807 ("MLME_PARSER: Error, category is invalid for action management frame %d \n", 808 pHandle->tempFrameInfo.frame.content.action.category )); 809 break; 810 } 811 812 break; 813 814 815 default: 816 status = NOK; 817 break; 818 819 } 820 } 821 822 /* release MSDU */ 823 if (wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle) != OK) 824 { 825 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, 826 ("MLME_PARSER: Error releasing MSDU handle %d \n", pMsdu->handle)); 827 } 828 829 return OK; 830 } 831 832 TI_STATUS mlmeParser_getFrameType(mlme_t *pMlme, UINT16* pFrameCtrl, dot11MgmtSubType_e *pType) 833 { 834 if ((*pFrameCtrl & DOT11_FC_PROT_VERSION_MASK) != DOT11_FC_PROT_VERSION) 835 { 836 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG, 837 ("MLME_PARSER: Error Wrong protocol version (not %d) \n", DOT11_FC_PROT_VERSION)); 838 return NOK; 839 } 840 841 if ((*pFrameCtrl & DOT11_FC_TYPE_MASK) != DOT11_FC_TYPE_MGMT) 842 { 843 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG, 844 ("MLME_PARSER: Error not MANAGEMENT frame\n")); 845 return NOK; 846 } 847 848 *pType = (dot11MgmtSubType_e)((*pFrameCtrl & DOT11_FC_SUB_MASK) >> 4); 849 850 return OK; 851 } 852 853 TI_STATUS mlmeParser_read4Xxarams(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_4X_t *fourXParams) 854 { 855 fourXParams->hdr.eleId = *pData; 856 fourXParams->hdr.eleLen = *(pData+1); 857 858 *pReadLen = fourXParams->hdr.eleLen + 2; 859 860 if ((dataLen < 2) || (dataLen < (UINT32)(fourXParams->hdr.eleLen + 2))) 861 { 862 return NOK; 863 } 864 865 if (fourXParams->hdr.eleLen > DOT11_4X_MAX_LEN) 866 { 867 return NOK; 868 } 869 870 os_memoryCopy(pMlme->hOs, (void *)fourXParams->fourXCapabilities, pData+2, fourXParams->hdr.eleLen); 871 872 return OK; 873 } 874 875 876 #ifdef EXC_MODULE_INCLUDED 877 void mlmeParser_readExcOui (UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, EXCv4IEs_t *excIEs) 878 { 879 UINT8 ieLen; 880 UINT8 ouiType; 881 882 ieLen = *(pData+1) + 2; 883 884 if (dataLen < ieLen) 885 { 886 /* Wrong length of info-element, skip to the end of the packet */ 887 *pReadLen = dataLen; 888 return; 889 } 890 891 *pReadLen = ieLen; 892 ouiType = *(pData+5); 893 894 switch (ouiType) 895 { 896 case TS_METRIX_OUI_TYPE: 897 excIEs->tsMetrixParameter = (dot11_TS_METRICS_IE_t *)pData; 898 break; 899 case TS_RATE_SET_OUI_TYPE: 900 excIEs->trafficStreamParameter = (dot11_TSRS_IE_t *)pData; 901 break; 902 case EDCA_LIFETIME_OUI_TYPE: 903 excIEs->edcaLifetimeParameter = (dot11_MSDU_LIFE_TIME_IE_t *)pData; 904 break; 905 } 906 return; 907 } 908 #endif 909 910 911 TI_STATUS mlmeParser_readERP(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, 912 BOOL *useProtection, preamble_e *barkerPreambleMode) 913 { 914 915 UINT32 erpIElen; 916 UINT16 ctrl; 917 UINT16 ShortData=0; 918 919 erpIElen = *(pData+1); 920 *pReadLen = erpIElen + 2; 921 922 if (dataLen < (UINT32)(erpIElen + 2)) 923 { 924 return NOK; 925 } 926 #ifdef FOUR_ALIGNMENT /*fix for un-aligned exception on ARM */ 927 ((UINT8 *)&ShortData)[0] = pData[2]; 928 ((UINT8 *)&ShortData)[1] = pData[3]; 929 ctrl = ENDIAN_HANDLE_WORD(ShortData); 930 #else 931 ctrl = ENDIAN_HANDLE_WORD(*(UINT16*)(pData+2)); 932 #endif 933 934 *useProtection = (ctrl & 0x2) >>1; 935 *barkerPreambleMode = ((ctrl & 0x4) >>2) ? PREAMBLE_LONG : PREAMBLE_SHORT; 936 937 return OK; 938 } 939 940 941 TI_STATUS mlmeParser_readRates(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_RATES_t *pRates) 942 { 943 pRates->hdr.eleId = *pData; 944 pRates->hdr.eleLen = *(pData+1); 945 946 *pReadLen = pRates->hdr.eleLen + 2; 947 948 if (dataLen < (UINT32)(pRates->hdr.eleLen + 2)) 949 { 950 return NOK; 951 } 952 953 if (pRates->hdr.eleLen > MAX_SUPPORTED_RATES) 954 { 955 return NOK; 956 } 957 958 os_memoryCopy(pMlme->hOs, (void *)pRates->rates, pData+2, pRates->hdr.eleLen); 959 960 return OK; 961 } 962 963 TI_STATUS mlmeParser_readSsid(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_SSID_t *pSsid) 964 { 965 pSsid->hdr.eleId = *pData; 966 pSsid->hdr.eleLen = *(pData+1); 967 968 *pReadLen = pSsid->hdr.eleLen + 2; 969 970 if ((dataLen < 2) || (dataLen < (UINT32)(pSsid->hdr.eleLen + 2))) 971 { 972 return NOK; 973 } 974 975 if (pSsid->hdr.eleLen > MAX_SSID_LEN) 976 { 977 return NOK; 978 } 979 980 os_memoryCopy(pMlme->hOs, (void *)pSsid->serviceSetId, pData+2, pSsid->hdr.eleLen); 981 982 return OK; 983 } 984 985 TI_STATUS mlmeParser_readFhParams(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_FH_PARAMS_t *pFhParams) 986 { 987 UINT16 ShortData=0; 988 pFhParams->hdr.eleId = *pData; 989 pFhParams->hdr.eleLen = *(pData+1); 990 pData += 2; 991 992 if ((dataLen < 2) || (dataLen < (UINT32)(pFhParams->hdr.eleLen + 2))) 993 { 994 return NOK; 995 } 996 997 #if 1 998 ((UINT8 *)&ShortData)[0] = pData[0]; 999 ((UINT8 *)&ShortData)[1] = pData[1]; 1000 #else 1001 /* Fix for possible alignment problem */ 1002 COPY_UNALIGNED_WORD(&ShortData , pData); 1003 #endif 1004 1005 pFhParams->dwellTime = ENDIAN_HANDLE_WORD(ShortData); 1006 pData += 2; 1007 1008 pFhParams->hopSet = *pData; 1009 pFhParams->hopPattern = *(pData+1); 1010 pFhParams->hopIndex = *(pData+2); 1011 1012 *pReadLen = pFhParams->hdr.eleLen + 2; 1013 1014 return OK; 1015 } 1016 1017 TI_STATUS mlmeParser_readDsParams(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_DS_PARAMS_t *pDsParams) 1018 { 1019 pDsParams->hdr.eleId = *pData; 1020 pDsParams->hdr.eleLen = *(pData+1); 1021 1022 if ((dataLen < 2) || (dataLen < (UINT32)(pDsParams->hdr.eleLen + 2))) 1023 { 1024 return NOK; 1025 } 1026 1027 pDsParams->currChannel = *(pData+2); 1028 1029 *pReadLen = pDsParams->hdr.eleLen + 2; 1030 1031 return OK; 1032 } 1033 1034 TI_STATUS mlmeParser_readCfParams(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_CF_PARAMS_t *pCfParams) 1035 { 1036 UINT16 ShortData=0; 1037 pCfParams->hdr.eleId = *pData; 1038 pCfParams->hdr.eleLen = *(pData+1); 1039 pData += 2; 1040 1041 if ((dataLen < 2) || (dataLen < (UINT32)(pCfParams->hdr.eleLen + 2))) 1042 { 1043 return NOK; 1044 } 1045 1046 pCfParams->cfpCount = *pData; 1047 pCfParams->cfpPeriod = *(pData+1); 1048 pData += 2; 1049 1050 #if 1 1051 /* Fix for possible alignment problem */ 1052 ((UINT8 *)&ShortData)[0] = pData[0]; 1053 ((UINT8 *)&ShortData)[1] = pData[1]; 1054 #else 1055 COPY_UNALIGNED_WORD(&ShortData, pData); 1056 #endif 1057 pCfParams->cfpMaxDuration = ENDIAN_HANDLE_WORD(ShortData); 1058 1059 pData += 2; 1060 1061 #if 1 1062 /* Fix for possible alignment problem */ 1063 ((UINT8 *)&ShortData)[0] = pData[0]; 1064 ((UINT8 *)&ShortData)[1] = pData[1]; 1065 #else 1066 /* Fix for possible alignment problem */ 1067 COPY_UNALIGNED_WORD(&ShortData, pData); 1068 #endif 1069 pCfParams->cfpDurRemain = ENDIAN_HANDLE_WORD(ShortData); 1070 1071 *pReadLen = pCfParams->hdr.eleLen + 2; 1072 1073 return OK; 1074 } 1075 1076 TI_STATUS mlmeParser_readIbssParams(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_IBSS_PARAMS_t *pIbssParams) 1077 { 1078 UINT16 ShortData=0; 1079 pIbssParams->hdr.eleId = *pData; 1080 pIbssParams->hdr.eleLen = *(pData+1); 1081 pData += 2; 1082 1083 if ((dataLen < 2) || (dataLen < (UINT32)(pIbssParams->hdr.eleLen + 2))) 1084 { 1085 return NOK; 1086 } 1087 1088 #if 1 1089 /* Fix for possible alignment problem */ 1090 ((UINT8 *)&ShortData)[0] = pData[0]; 1091 ((UINT8 *)&ShortData)[1] = pData[1]; 1092 #else 1093 /* Fix for possible alignment problem */ 1094 COPY_UNALIGNED_WORD(&ShortData, pData); 1095 #endif 1096 pIbssParams->atimWindow = ENDIAN_HANDLE_WORD(ShortData); 1097 1098 *pReadLen = pIbssParams->hdr.eleLen + 2; 1099 1100 return OK; 1101 } 1102 1103 TI_STATUS mlmeParser_readTim(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_TIM_t *pTim) 1104 { 1105 pTim->hdr.eleId = *pData; 1106 pTim->hdr.eleLen = *(pData+1); 1107 pData += 2; 1108 1109 if ((dataLen < 2) || (dataLen < (UINT32)(pTim->hdr.eleLen + 2)) || (pTim->hdr.eleLen < 3)) 1110 { 1111 return NOK; 1112 } 1113 1114 pTim->dtimCount = *pData; 1115 pTim->dtimPeriod = *(pData+1); 1116 pTim->bmapControl = *(pData+2); 1117 pData += 3; 1118 1119 if ((pTim->hdr.eleLen - 3) > DOT11_PARTIAL_VIRTUAL_BITMAP_MAX) /* Dm: Security fix */ 1120 { 1121 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG, 1122 ("MLME_PARSER: Security Error: eleLen=%d, maxLen=%d\n", 1123 pTim->hdr.eleLen, DOT11_PARTIAL_VIRTUAL_BITMAP_MAX)); 1124 return NOK; 1125 } 1126 os_memoryCopy(pMlme->hOs, (void *)pTim->partialVirtualBmap, pData, pTim->hdr.eleLen - 3); 1127 1128 *pReadLen = pTim->hdr.eleLen + 2; 1129 1130 return OK; 1131 } 1132 1133 TI_STATUS mlmeParser_readCountry(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_COUNTRY_t *countryIE) 1134 { 1135 countryIE->hdr.eleId = *pData; 1136 countryIE->hdr.eleLen = *(pData+1); 1137 1138 *pReadLen = countryIE->hdr.eleLen + 2; 1139 1140 if ((dataLen < 8) || (dataLen < (UINT32)(countryIE->hdr.eleLen + 2))) 1141 { 1142 return NOK; 1143 } 1144 1145 if (countryIE->hdr.eleLen > DOT11_COUNTRY_ELE_LEN_MAX) 1146 { 1147 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG, 1148 ("MLME_PARSER: country IE error: eleLen=%d, maxLen=%d\n", 1149 countryIE->hdr.eleLen, DOT11_COUNTRY_ELE_LEN_MAX)); 1150 return NOK; 1151 } 1152 1153 os_memoryCopy(pMlme->hOs,&(countryIE->countryIE), pData+2, countryIE->hdr.eleLen); 1154 1155 return OK; 1156 } 1157 1158 TI_STATUS mlmeParser_readWMEParams(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, 1159 UINT32 *pReadLen, dot11_WME_PARAM_t *pWMEParamIE, 1160 assocRsp_t *assocRsp) 1161 { 1162 UINT8 ieSubtype; 1163 UINT8 ac; 1164 1165 pWMEParamIE->hdr.eleId = *pData; 1166 pWMEParamIE->hdr.eleLen = *(pData+1); 1167 1168 *pReadLen = pWMEParamIE->hdr.eleLen + 2; 1169 1170 if (dataLen < *pReadLen) 1171 { 1172 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG, 1173 ("MLME_PARSER: WME Parameter: eleLen=%d is too long (%d)\n", *pReadLen, dataLen)); 1174 *pReadLen = dataLen; 1175 return NOK; 1176 } 1177 1178 if ((pWMEParamIE->hdr.eleLen > WME_TSPEC_IE_LEN) || (pWMEParamIE->hdr.eleLen < DOT11_WME_ELE_LEN)) 1179 { 1180 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG, 1181 ("MLME_PARSER: WME Parameter IE error: eleLen=%d\n", pWMEParamIE->hdr.eleLen)); 1182 return NOK; 1183 } 1184 1185 ieSubtype = *((UINT8*)(pData+6)); 1186 switch (ieSubtype) 1187 { 1188 case dot11_WME_OUI_SUB_TYPE_IE: 1189 case dot11_WME_OUI_SUB_TYPE_PARAMS_IE: 1190 /* Checking WME Version validity */ 1191 if (*((UINT8*)(pData+7)) != dot11_WME_VERSION ) 1192 { 1193 WLAN_REPORT_INFORMATION(pMlme->hReport, MLME_SM_MODULE_LOG, 1194 ("MLME_PARSER: WME Parameter IE error: Version =%d is unsupported\n", 1195 *((UINT8*)(pData+7)) )); 1196 return NOK; 1197 } 1198 /* Copy either the WME-Params IE or the WME-Info IE (Info is a subset of Params)! */ 1199 os_memoryCopy(pMlme->hOs,&(pWMEParamIE->OUI), pData+2, pWMEParamIE->hdr.eleLen); 1200 break; 1201 1202 case WME_TSPEC_IE_OUI_SUB_TYPE: 1203 /* Read renegotiated TSPEC parameters */ 1204 if (assocRsp == NULL) 1205 { 1206 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG, 1207 ("MLME_PARSER: WME Parameter IE error: TSPEC Sub Type in beacon or probe resp\n")); 1208 return NOK; 1209 } 1210 ac = WMEQosTagToACTable[((((dot11_WME_TSPEC_IE_t *)pData)->tHdr.tsInfoField.tsInfoArr[1]) & TS_INFO_1_USER_PRIORITY_MASK) >> USER_PRIORITY_SHIFT]; 1211 1212 if (ac == QOS_AC_VO) 1213 { 1214 assocRsp->tspecVoiceParameters = (dot11_WME_TSPEC_IE_t *)pData; 1215 } 1216 else if (ac == QOS_AC_VI) 1217 { 1218 assocRsp->tspecSignalParameters = (dot11_WME_TSPEC_IE_t *)pData; 1219 } 1220 break; 1221 1222 default: 1223 /* Checking OUI Sub Type validity */ 1224 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG, 1225 ("MLME_PARSER: WME Parameter IE error: Sub Type =%d is invalid\n", 1226 ieSubtype)); 1227 return NOK; 1228 } 1229 return OK; 1230 } 1231 1232 1233 TI_STATUS mlmeParser_readQosCapabilityIE(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_QOS_CAPABILITY_IE_t *QosCapParams) 1234 { 1235 QosCapParams->hdr.eleId = *pData; 1236 QosCapParams->hdr.eleLen = *(pData+1); 1237 1238 *pReadLen = QosCapParams->hdr.eleLen + 2; 1239 1240 if (dataLen < (UINT32)(QosCapParams->hdr.eleLen + 2)) 1241 { 1242 return NOK; 1243 } 1244 1245 if (QosCapParams->hdr.eleLen > DOT11_QOS_CAPABILITY_ELE_LEN) 1246 { 1247 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG, 1248 ("MLME_PARSER: QOS Capability IE error: eleLen=%d, maxLen=%d\n", 1249 QosCapParams->hdr.eleLen, DOT11_QOS_CAPABILITY_ELE_LEN)); 1250 return NOK; 1251 } 1252 1253 QosCapParams->QosInfoField = (*(pData+1)); 1254 return OK; 1255 } 1256 1257 1258 TI_STATUS mlmeParser_readChallange(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_CHALLENGE_t *pChallange) 1259 { 1260 if (dataLen < 2) 1261 { 1262 return NOK; 1263 } 1264 1265 pChallange->hdr.eleId = *pData; 1266 pChallange->hdr.eleLen = *(pData+1); 1267 pData += 2; 1268 1269 if ((dataLen < 2) || (dataLen < (UINT32)(pChallange->hdr.eleLen + 2))) 1270 { 1271 return NOK; 1272 } 1273 1274 if (pChallange->hdr.eleLen > DOT11_CHALLENGE_TEXT_MAX) 1275 { 1276 return NOK; 1277 } 1278 1279 os_memoryCopy(pMlme->hOs, (void *)pChallange->text, pData, pChallange->hdr.eleLen); 1280 1281 *pReadLen = pChallange->hdr.eleLen + 2; 1282 1283 return OK; 1284 } 1285 1286 TI_STATUS mlmeParser_readRsnIe(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_RSN_t *pRsnIe) 1287 { 1288 pRsnIe->hdr.eleId = *pData; 1289 pRsnIe->hdr.eleLen = *(pData+1); 1290 pData += 2; 1291 1292 if ((dataLen < 2) || (dataLen < (UINT32)(pRsnIe->hdr.eleLen + 2))) 1293 { 1294 return NOK; 1295 } 1296 1297 os_memoryCopy(pMlme->hOs, (void *)pRsnIe->rsnIeData, pData, pRsnIe->hdr.eleLen); 1298 1299 *pReadLen = pRsnIe->hdr.eleLen + 2; 1300 1301 return OK; 1302 } 1303 1304 TI_STATUS mlmeParser_readPowerConstraint(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_POWER_CONSTRAINT_t *powerConstraintIE) 1305 { 1306 powerConstraintIE->hdr.eleId = *pData; 1307 powerConstraintIE->hdr.eleLen = *(pData+1); 1308 1309 *pReadLen = powerConstraintIE->hdr.eleLen + 2; 1310 1311 if ((dataLen < 2) || (dataLen < (UINT32)(powerConstraintIE->hdr.eleLen + 2))) 1312 { 1313 return NOK; 1314 } 1315 1316 if (powerConstraintIE->hdr.eleLen > DOT11_POWER_CONSTRAINT_ELE_LEN) 1317 { 1318 return NOK; 1319 } 1320 1321 os_memoryCopy(pMlme->hOs,(void *)&(powerConstraintIE->powerConstraint), pData+2, powerConstraintIE->hdr.eleLen); 1322 1323 return OK; 1324 } 1325 1326 1327 TI_STATUS mlmeParser_readChannelSwitch(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_CHANNEL_SWITCH_t *channelSwitch, UINT8 channel) 1328 { 1329 channelSwitch->hdr.eleId = *pData++; 1330 channelSwitch->hdr.eleLen = *pData++; 1331 1332 *pReadLen = channelSwitch->hdr.eleLen + 2; 1333 1334 if ((dataLen < 2) || (dataLen < (UINT32)(channelSwitch->hdr.eleLen + 2))) 1335 { 1336 return NOK; 1337 } 1338 1339 if (channelSwitch->hdr.eleLen > DOT11_CHANNEL_SWITCH_ELE_LEN) 1340 { 1341 return NOK; 1342 } 1343 1344 channelSwitch->channelSwitchMode = *pData++; 1345 channelSwitch->channelNumber = *pData++; 1346 channelSwitch->channelSwitchCount = *pData; 1347 1348 1349 switchChannel_recvCmd(pMlme->hSwitchChannel, channelSwitch, channel); 1350 return OK; 1351 } 1352 1353 TI_STATUS mlmeParser_readQuiet(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_QUIET_t *quiet) 1354 { 1355 quiet->hdr.eleId = *pData++; 1356 quiet->hdr.eleLen = *pData++; 1357 1358 *pReadLen = quiet->hdr.eleLen + 2; 1359 1360 if ((dataLen < 2) || (dataLen < (UINT32)(quiet->hdr.eleLen + 2))) 1361 { 1362 return NOK; 1363 } 1364 1365 if (quiet->hdr.eleLen > DOT11_QUIET_ELE_LEN) 1366 { 1367 return NOK; 1368 } 1369 1370 quiet->quietCount = *pData++; 1371 quiet->quietPeriod = *pData++; 1372 quiet->quietDuration = *((UINT16*)pData); pData+=2; /* Dm: */ 1373 quiet->quietOffset = *((UINT16*)pData); 1374 1375 return OK; 1376 } 1377 1378 1379 TI_STATUS mlmeParser_readTPCReport(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_TPC_REPORT_t *TPCReport) 1380 { 1381 TPCReport->hdr.eleId = *pData; 1382 TPCReport->hdr.eleLen = *(pData+1); 1383 1384 *pReadLen = TPCReport->hdr.eleLen + 2; 1385 1386 if ((dataLen < 2) || (dataLen < (UINT32)(TPCReport->hdr.eleLen + 2))) 1387 { 1388 return NOK; 1389 } 1390 1391 if (TPCReport->hdr.eleLen > DOT11_TPC_REPORT_ELE_LEN) 1392 { 1393 return NOK; 1394 } 1395 1396 TPCReport->transmitPower = *(pData+2); 1397 1398 return OK; 1399 } 1400 1401 1402 #ifdef EXC_MODULE_INCLUDED 1403 TI_STATUS mlmeParser_readCellTP(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_CELL_TP_t *cellTP) 1404 { 1405 UINT8 exc_OUI[] = EXC_OUI; 1406 1407 cellTP->hdr.eleId = *pData++; 1408 cellTP->hdr.eleLen = *pData++; 1409 1410 *pReadLen = cellTP->hdr.eleLen + 2; 1411 1412 if ((dataLen < 2) || (dataLen < (UINT32)(cellTP->hdr.eleLen + 2))) 1413 { 1414 return NOK; 1415 } 1416 1417 if (cellTP->hdr.eleLen > DOT11_CELL_TP_ELE_LEN) 1418 { 1419 return NOK; 1420 } 1421 1422 os_memoryCopy(pMlme->hOs, (PVOID)cellTP->oui, pData, cellTP->hdr.eleLen); 1423 1424 if (os_memoryCompare(pMlme->hOs, (PVOID)cellTP->oui, exc_OUI, 3) != 0) 1425 { 1426 return NOK; 1427 } 1428 1429 return OK; 1430 } 1431 #endif 1432 1433 TI_STATUS mlmeParser_registerForBeaconAndProbeResp( TI_HANDLE hMlme, 1434 mlme_resultCB_t resultCBFunc, 1435 TI_HANDLE resultCBObj ) 1436 { 1437 mlme_t* pMlme = (mlme_t*)hMlme; 1438 1439 if ( NULL != pMlme->resultCBFunc ) 1440 { 1441 WLAN_REPORT_WARNING( pMlme->hReport, MLME_SM_MODULE_LOG, 1442 ("trying to register for beacons and probe responses when someone is already registered!.\n") ); 1443 return NOK; 1444 } 1445 1446 pMlme->resultCBFunc = resultCBFunc; 1447 pMlme->resultCBObj = resultCBObj; 1448 return OK; 1449 } 1450 1451 void mlmeParser_unregisterForBeaconAndProbeResp( TI_HANDLE hMlme ) 1452 { 1453 mlme_t* pMlme = (mlme_t*)hMlme; 1454 1455 pMlme->resultCBFunc = NULL; 1456 pMlme->resultCBObj = NULL; 1457 } 1458 1459 void mlme_beaconReceivedPrint(TI_HANDLE hMlme) 1460 { 1461 #if BcnMissTst 1462 mlme_t *pMlme = (mlme_t*) hMlme; 1463 WLAN_REPORT_INFORMATION(pMlme->hReport,MLME_SM_MODULE_LOG, 1464 ("Beacon Missed - FW interrupt\n")); 1465 #endif 1466 } 1467 #if BcnMissTst 1468 static void mlmeParser_printBeaconDebugInfo(TI_HANDLE theMlmeHandle, 1469 mlmeFrameInfo_t theFrame) 1470 { 1471 mlme_t *pHandle = (mlme_t*)theMlmeHandle; 1472 paramInfo_t param; 1473 UINT32 CurNumBcnMissed = 0; 1474 BOOL BeaconMissiedFlag = FALSE; 1475 UINT32 currBeaconTSFTime = 0; 1476 UINT32 deltaBeaconTSFTime = 0; 1477 INT32 dtimPeriod; 1478 INT32 dtimCount; 1479 UINT8 bmapControl = 0; 1480 UINT8 partialVirtualBmap = 0; 1481 UINT8 aid = 0; 1482 1483 1484 param.paramType = TX_DATA_PORT_STATUS_PARAM; 1485 txData_getParam(pHandle->hTxData,¶m); 1486 if(param.content.txDataPortStatus == CLOSE) 1487 { 1488 return; 1489 } 1490 1491 param.paramType = SITE_MGR_CURRENT_SSID_PARAM; 1492 siteMgr_getParam(pHandle->hSiteMgr,¶m); 1493 if(strcmp(theFrame.content.iePacket.pSsid->serviceSetId , param.content.siteMgrCurrentSSID.ssidString) != 0) 1494 { 1495 /* If the beacon is not from the primary site, ignore it */ 1496 return; 1497 } 1498 1499 1500 if(theFrame.content.iePacket.pTIM != NULL) 1501 { 1502 whalParamInfo_t whalParam; 1503 1504 dtimPeriod = theFrame.content.iePacket.pTIM->dtimPeriod; 1505 dtimCount = theFrame.content.iePacket.pTIM->dtimCount; 1506 bmapControl = theFrame.content.iePacket.pTIM->bmapControl; 1507 1508 whalParam.paramType = HAL_CTRL_AID_PARAM; 1509 whalCtrl_GetParam (pHandle->hHalCtrl, &whalParam) ; 1510 aid = whalParam.content.halCtrlAid; 1511 if (aid < DOT11_PARTIAL_VIRTUAL_BITMAP_MAX) 1512 { 1513 partialVirtualBmap = theFrame.content.iePacket.pTIM->partialVirtualBmap[aid/8] & (1 << (aid%8) ); 1514 } 1515 else 1516 { 1517 WLAN_REPORT_ERROR(pHandle->hReport, 1518 MLME_SM_MODULE_LOG, 1519 ("%s(%d) - Invalid AID (=%d)\n", 1520 __FILE__,__LINE__,aid)); 1521 } 1522 } 1523 else 1524 { 1525 WLAN_REPORT_INFORMATION(pHandle->hReport, 1526 MLME_SM_MODULE_LOG, 1527 ("Beacon without TIM element\n")); 1528 dtimPeriod = 1; 1529 dtimCount = 0; 1530 } 1531 1532 /* Printing all the required parameters of the received beacon only if the station is connected*/ 1533 currBeaconTSFTime = (UINT32)ENDIAN_HANDLE_LONG(*(INT32*)(theFrame.content.iePacket.timestamp)); 1534 1535 1536 /* 1537 ** in case Configured to wake up on DTIM 1538 ** --------------------------------------- 1539 ** in case received beacon is DTIM 1540 ** if delta time between the current DTIM and the former DTIM is Bigger then 1541 ** DTIM Time -> there is a beacon miss (DTIM) 1542 ** 1543 */ 1544 if ((theFrame.content.iePacket.pTIM != NULL) && (dtimPeriod > 1)) 1545 { 1546 if(pHandle->debug_isFunctionFirstTime == TRUE) 1547 { 1548 if( (dtimCount == 0) && (dtimPeriod > 1)) 1549 { 1550 pHandle->debug_isFunctionFirstTime = FALSE; 1551 pHandle->debug_lastDtimBcnTSFTime = currBeaconTSFTime ; 1552 } 1553 } 1554 1555 1556 /* to avoid dummy BeaconMiss, just until first DTIM received */ 1557 if((pHandle->debug_isFunctionFirstTime == TRUE) && (dtimPeriod > 1)) 1558 { 1559 return; 1560 } 1561 1562 if(dtimCount == 0) 1563 { 1564 deltaBeaconTSFTime = (UINT32)((UINT32)currBeaconTSFTime - (UINT32)pHandle->debug_lastDtimBcnTSFTime); 1565 1566 CurNumBcnMissed = (deltaBeaconTSFTime + ((UINT32)theFrame.content.iePacket.beaconInerval * 500) ) / 1567 ((UINT32)theFrame.content.iePacket.beaconInerval * dtimPeriod * 1000); 1568 1569 if(CurNumBcnMissed >=1) 1570 { 1571 CurNumBcnMissed -- ; 1572 } 1573 1574 if (CurNumBcnMissed != 0) 1575 { 1576 WLAN_REPORT_INFORMATION(pHandle->hReport, 1577 MLME_SM_MODULE_LOG, 1578 ("BeaconMiss : currBcnTS=0x%x TSDelta=0x%x DtimCnt=%d DtimPriod=%d beaconInt=%d lastDtimBcnTSFTime = 0x%x \n", 1579 currBeaconTSFTime, 1580 deltaBeaconTSFTime, 1581 dtimCount , 1582 dtimPeriod , 1583 theFrame.content.iePacket.beaconInerval, 1584 pHandle->debug_lastDtimBcnTSFTime)); 1585 } 1586 1587 pHandle->debug_lastDtimBcnTSFTime = currBeaconTSFTime ; 1588 } 1589 1590 else /* (dtimCount != 0) */ 1591 { 1592 deltaBeaconTSFTime = (UINT32)((UINT32)currBeaconTSFTime - (UINT32)pHandle->debug_lastDtimBcnTSFTime); 1593 1594 if (deltaBeaconTSFTime > ((UINT32)theFrame.content.iePacket.beaconInerval * dtimPeriod * 1000)) 1595 { 1596 CurNumBcnMissed = (deltaBeaconTSFTime - 1597 ((UINT32)(dtimPeriod - dtimCount) * (UINT32)theFrame.content.iePacket.beaconInerval * 1000) + 1598 ((UINT32)theFrame.content.iePacket.beaconInerval * 500) ) / 1599 ((UINT32)theFrame.content.iePacket.beaconInerval * dtimPeriod * 1000); 1600 1601 } 1602 else 1603 { 1604 CurNumBcnMissed = 0 ; 1605 } 1606 1607 if (CurNumBcnMissed != 0) 1608 { 1609 WLAN_REPORT_INFORMATION(pHandle->hReport, 1610 MLME_SM_MODULE_LOG, 1611 ("BeaconMiss : currBcnTS=0x%x TSDelta=0x%x DtimCnt=%d DtimPriod=%d beaconInt=%d lastDtimBcnTSFTime = 0x%x \n", 1612 currBeaconTSFTime, 1613 deltaBeaconTSFTime, 1614 dtimCount , 1615 dtimPeriod , 1616 theFrame.content.iePacket.beaconInerval, 1617 pHandle->debug_lastDtimBcnTSFTime)); 1618 } 1619 } 1620 1621 } /* Configured to wake up on DTIM */ 1622 1623 1624 /* 1625 ** in case Configured to wake up on Beacon 1626 ** --------------------------------------- 1627 */ 1628 else 1629 { 1630 if(pHandle->debug_isFunctionFirstTime == TRUE) 1631 { 1632 pHandle->debug_isFunctionFirstTime = FALSE; 1633 pHandle->debug_lastBeaconTSFTime = currBeaconTSFTime; 1634 } 1635 1636 deltaBeaconTSFTime = (UINT32)((UINT32)currBeaconTSFTime - (UINT32)pHandle->debug_lastBeaconTSFTime); 1637 1638 CurNumBcnMissed = (deltaBeaconTSFTime + ((UINT32)theFrame.content.iePacket.beaconInerval * 500) ) / 1639 ((UINT32)theFrame.content.iePacket.beaconInerval * dtimPeriod * 1000); 1640 1641 if(CurNumBcnMissed >=1) 1642 { 1643 CurNumBcnMissed -- ; 1644 } 1645 1646 if (CurNumBcnMissed != 0) 1647 { 1648 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG, 1649 ("BeaconMiss : currBcnTS=0x%x TSDelta=0x%x DtimCnt=%d DtimPriod=%d beaconInt=%d lastBcnTSFTime = 0x%x \n", 1650 currBeaconTSFTime, 1651 deltaBeaconTSFTime, 1652 dtimCount , 1653 dtimPeriod , 1654 theFrame.content.iePacket.beaconInerval, 1655 pHandle->debug_lastBeaconTSFTime)); 1656 } 1657 1658 pHandle->debug_lastBeaconTSFTime = currBeaconTSFTime; 1659 1660 } /* Configured to wake up on Beacon */ 1661 1662 1663 1664 if (CurNumBcnMissed != 0) 1665 { 1666 BeaconMissiedFlag = TRUE; 1667 } 1668 1669 /* in case DTIM beacon miss */ 1670 if (BeaconMissiedFlag == TRUE) 1671 { 1672 pHandle->totalMissingBeaconsCounter += CurNumBcnMissed; 1673 if(CurNumBcnMissed > pHandle->maxMissingBeaconSequence) 1674 { 1675 pHandle->maxMissingBeaconSequence = CurNumBcnMissed; 1676 } 1677 1678 WLAN_REPORT_INFORMATION(pHandle->hReport, 1679 MLME_SM_MODULE_LOG, 1680 ("Beacon Missed Total = %d and currently %d beacon missed\n",pHandle->totalMissingBeaconsCounter,CurNumBcnMissed)); 1681 } 1682 1683 1684 #if BcnMissTstWithScrPad7 1685 if (BeaconMissiedFlag == TRUE) 1686 { 1687 if (MissingBcnInt == TRUE) 1688 { 1689 WLAN_REPORT_INFORMATION(pHandle->hReport, 1690 MLME_SM_MODULE_LOG, 1691 ("Driver write to SCR_PAD7 0x1\n")); 1692 1693 whalCtrlWriteMacReg(pHandle->hHalCtrl, SCR_PAD7 ,0x1); 1694 } 1695 else 1696 { 1697 WLAN_REPORT_INFORMATION(pHandle->hReport, 1698 MLME_SM_MODULE_LOG, 1699 ("Driver write to SCR_PAD7 0x3\n")); 1700 1701 whalCtrlWriteMacReg(pHandle->hHalCtrl, SCR_PAD7 ,0x3); 1702 } 1703 } 1704 else 1705 { 1706 if (MissingBcnInt == TRUE) 1707 { 1708 WLAN_REPORT_INFORMATION(pHandle->hReport, 1709 MLME_SM_MODULE_LOG, 1710 ("Driver write to SCR_PAD7 0x4\n")); 1711 1712 whalCtrlWriteMacReg(pHandle->hHalCtrl, SCR_PAD7 ,0x4); 1713 } 1714 else 1715 { 1716 WLAN_REPORT_INFORMATION(pHandle->hReport, 1717 MLME_SM_MODULE_LOG, 1718 ("Driver write to SCR_PAD7 0x2\n")); 1719 1720 whalCtrlWriteMacReg(pHandle->hHalCtrl, SCR_PAD7 ,0x2); 1721 } 1722 } 1723 #endif 1724 1725 if(theFrame.content.iePacket.pTIM != NULL && theFrame.content.iePacket.pSsid != NULL) 1726 { 1727 WLAN_REPORT_INFORMATION(pHandle->hReport, 1728 MLME_SM_MODULE_LOG, 1729 ("Beacon ssid=%8s TS=0x%x TSDelta=0x%x DtimCnt=%d DtimPriod=%d bmapControl=0x%02X partialVirtualBmap=0x%02X beaconInt=%d HostTime=%d Total=%d\n", 1730 theFrame.content.iePacket.pSsid->serviceSetId, 1731 currBeaconTSFTime, 1732 deltaBeaconTSFTime, 1733 dtimCount , 1734 dtimPeriod , 1735 bmapControl, 1736 partialVirtualBmap, 1737 theFrame.content.iePacket.beaconInerval, 1738 os_timeStampMs(pHandle), 1739 ++(pHandle->totalRcvdBeaconsCounter))); 1740 1741 #if BcnMissTstWithScrPad7 1742 if(BeaconMissiedFlag != TRUE) 1743 { 1744 whalCtrlWriteMacReg(pHandle->hHalCtrl, SCR_PAD7 ,0x2); 1745 } 1746 #endif 1747 } 1748 1749 if(theFrame.content.iePacket.pTIM == NULL) 1750 { 1751 WLAN_REPORT_INFORMATION(pHandle->hReport, 1752 MLME_SM_MODULE_LOG, 1753 ("Tim null\n")); 1754 } 1755 if(theFrame.content.iePacket.pSsid == NULL) 1756 { 1757 WLAN_REPORT_INFORMATION(pHandle->hReport, 1758 MLME_SM_MODULE_LOG, 1759 ("SSID null\n")); 1760 } 1761 } 1762 1763 #endif 1764 1765 #if CHECK_PARSING_ERROR_CONDITION_PRINT 1766 #define CHECK_PARSING_ERROR_CONDITION(x, msg, bDump) \ 1767 if ((x)) \ 1768 { \ 1769 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, msg); \ 1770 if (bDump) {\ 1771 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, ("Buff len = %d \n", packetLength)); \ 1772 HexDumpData(pPacketBody, packetLength); }\ 1773 return NOK; \ 1774 } 1775 #else 1776 #define CHECK_PARSING_ERROR_CONDITION(x, msg, bDump) \ 1777 if ((x)) return NOK; 1778 #endif 1779 1780 TI_STATUS mlmeParser_parseIEs(TI_HANDLE *hMlme, 1781 UINT8 *pData, 1782 INT32 bodyDataLen, 1783 mlmeIEParsingParams_t *params) 1784 { 1785 dot11_eleHdr_t *pEleHdr; 1786 BOOL skipIE = FALSE; 1787 UINT32 readLen; 1788 TI_STATUS status = NOK; 1789 UINT8 rsnIeIdx = 0; 1790 UINT8 wpaIeOuiIe[4] = { 0x00, 0x50, 0xf2, 0x01}; 1791 UINT8 ti_oui[] = TI_OUI; 1792 UINT8 lastIE = 0; 1793 beacon_probeRsp_t *frame = &(params->frame.content.iePacket); 1794 mlme_t *pHandle = (mlme_t *)hMlme; 1795 #ifdef EXC_MODULE_INCLUDED 1796 BOOL allowCellTP = TRUE; 1797 #endif 1798 #if CHECK_PARSING_ERROR_CONDITION_PRINT 1799 INT32 packetLength = bodyDataLen; 1800 UINT8 *pPacketBody = pData; 1801 #endif 1802 1803 params->recvChannelSwitchAnnoncIE = FALSE; 1804 1805 while (bodyDataLen > 1) 1806 { 1807 pEleHdr = (dot11_eleHdr_t *)pData; 1808 1809 CHECK_PARSING_ERROR_CONDITION((pEleHdr->eleLen > (bodyDataLen - 2)), ("MLME_PARSER: IE %d with length %d out of bounds %d\n", pEleHdr->eleId, pEleHdr->eleLen, (bodyDataLen - 2)),TRUE); 1810 1811 /* IEs in the packet must be ordered in increased order */ 1812 /* exept of WPA and RSN IEs! I.e. if current IE id less than */ 1813 /* the last one , we just skip such element. */ 1814 /* If the current IE is more than the last IE id (and it is not*/ 1815 /* WPA or RSN one), we save its IE id as the last id. */ 1816 1817 skipIE = FALSE; 1818 if((pEleHdr->eleId != WPA_IE_ID) && (pEleHdr->eleId != RSN_IE_ID)) 1819 { 1820 if (pEleHdr->eleId < lastIE) 1821 { 1822 readLen = 2 + pEleHdr->eleLen; 1823 skipIE = TRUE; 1824 } 1825 else 1826 { 1827 lastIE = pEleHdr->eleId; 1828 } 1829 } 1830 1831 if(!skipIE) 1832 { 1833 switch (pEleHdr->eleId) 1834 { 1835 /* read SSID */ 1836 case SSID_IE_ID: 1837 frame->pSsid = ¶ms->ssid; 1838 status = mlmeParser_readSsid(pHandle, pData, bodyDataLen, &readLen, frame->pSsid); 1839 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading SSID\n"),TRUE); 1840 break; 1841 /* read rates */ 1842 case SUPPORTED_RATES_IE_ID: 1843 frame->pRates = ¶ms->rates; 1844 status = mlmeParser_readRates(pHandle, pData, bodyDataLen, &readLen, frame->pRates); 1845 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading RATES\n"),TRUE); 1846 break; 1847 case EXT_SUPPORTED_RATES_IE_ID: 1848 frame->pExtRates = ¶ms->extRates; 1849 status = mlmeParser_readRates(pHandle, pData, bodyDataLen, &readLen, frame->pExtRates); 1850 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading EXT RATES\n"),TRUE); 1851 break; 1852 1853 case ERP_IE_ID: 1854 status = mlmeParser_readERP(pHandle, pData, bodyDataLen, &readLen, 1855 (BOOL *)&frame->useProtection, 1856 (preamble_e *)&frame->barkerPreambleMode); 1857 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading ERP\n"),TRUE); 1858 break; 1859 /* read FH parameter set */ 1860 case FH_PARAMETER_SET_IE_ID: 1861 frame->pFHParamsSet = ¶ms->fhParams; 1862 status = mlmeParser_readFhParams(pHandle, pData, bodyDataLen, &readLen, frame->pFHParamsSet); 1863 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading FH parameters\n"),TRUE); 1864 break; 1865 /* read DS parameter set */ 1866 case DS_PARAMETER_SET_IE_ID: 1867 frame->pDSParamsSet = ¶ms->dsParams; 1868 status = mlmeParser_readDsParams(pHandle, pData, bodyDataLen, &readLen, frame->pDSParamsSet); 1869 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading DS parameters\n"),TRUE); 1870 if (RADIO_BAND_2_4_GHZ == params->band ) 1871 { 1872 CHECK_PARSING_ERROR_CONDITION((frame->pDSParamsSet->currChannel != params->rxChannel), 1873 ("Channel ERROR - incompatible channel source information: Frame=%d Vs Radio=%d.\n\ 1874 parser ABORTED!!!\n", 1875 frame->pDSParamsSet->currChannel , params->rxChannel),FALSE); 1876 } 1877 break; 1878 /* read CF parameter set */ 1879 case CF_PARAMETER_SET_IE_ID: 1880 frame->pCFParamsSet = ¶ms->cfParams; 1881 status = mlmeParser_readCfParams(pHandle, pData, bodyDataLen, &readLen, frame->pCFParamsSet); 1882 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading CF parameters\n"),TRUE); 1883 break; 1884 /* read IBSS parameter set */ 1885 case IBSS_PARAMETER_SET_IE_ID: 1886 frame->pIBSSParamsSet = ¶ms->ibssParams; 1887 status = mlmeParser_readIbssParams(pHandle, pData, bodyDataLen, &readLen, frame->pIBSSParamsSet); 1888 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading IBSS parameters\n"),TRUE); 1889 break; 1890 1891 /* read TIM */ 1892 case TIM_IE_ID: 1893 frame->pTIM = ¶ms->tim; 1894 status = mlmeParser_readTim(pHandle, pData, bodyDataLen, &readLen, frame->pTIM); 1895 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading TIM\n"),TRUE); 1896 break; 1897 1898 /* read Country */ 1899 case COUNTRY_IE_ID: 1900 frame->country = ¶ms->country; 1901 status = mlmeParser_readCountry(pHandle, pData, bodyDataLen, &readLen, frame->country); 1902 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading country parameters\n"),TRUE); 1903 break; 1904 1905 /* read Power Constraint */ 1906 case POWER_CONSTRAINT_IE_ID: 1907 #ifdef EXC_MODULE_INCLUDED 1908 allowCellTP = FALSE; 1909 #endif 1910 frame->powerConstraint = ¶ms->powerConstraint; 1911 status = mlmeParser_readPowerConstraint(pHandle, pData, bodyDataLen, &readLen, frame->powerConstraint); 1912 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading Power Constraint parameters\n"),TRUE); 1913 break; 1914 1915 /* read Channel Switch Mode */ 1916 case CHANNEL_SWITCH_ANNOUNCEMENT_IE_ID: 1917 if (params->myBssid) 1918 { /* Ignore Switch Channel commands from non my BSSID */ 1919 params->recvChannelSwitchAnnoncIE = TRUE; 1920 frame->channelSwitch = ¶ms->channelSwitch; 1921 status = mlmeParser_readChannelSwitch(pHandle, pData, bodyDataLen, &readLen, frame->channelSwitch, params->rxChannel); 1922 if (status != OK) 1923 { 1924 /* 1925 * PATCH for working with AP-DK 4.0.51 that use IE 37 (with length 20) for RSNE 1926 * Ignore the IE instead of rejecting the whole Msdu (beacon or probe response) 1927 */ 1928 WLAN_REPORT_WARNING(pHandle->hReport, MLME_SM_MODULE_LOG, 1929 ("MLME_PARSER: error reading Channel Switch announcement parameters - ignore IE\n")); 1930 } 1931 } 1932 break; 1933 1934 /* read Quiet IE */ 1935 case QUIET_IE_ID: 1936 frame->quiet = ¶ms->quiet; 1937 status = mlmeParser_readQuiet(pHandle, pData, bodyDataLen, &readLen, frame->quiet); 1938 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading Quiet parameters\n"),TRUE); 1939 break; 1940 1941 /* read TPC report IE */ 1942 case TPC_REPORT_IE_ID: 1943 frame->TPCReport = ¶ms->TPCReport; 1944 status = mlmeParser_readTPCReport(pHandle, pData, bodyDataLen, &readLen, frame->TPCReport); 1945 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading TPC report parameters\n"),TRUE); 1946 break; 1947 1948 case EXC_EXT_1_IE_ID: 1949 frame->pRsnIe = ¶ms->rsnIe[0]; 1950 status = mlmeParser_readRsnIe(pHandle, pData, bodyDataLen, &readLen, ¶ms->rsnIe[rsnIeIdx]); 1951 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading RSN IE\n"),TRUE); 1952 1953 frame->rsnIeLen += readLen; 1954 rsnIeIdx ++; 1955 break; 1956 1957 case RSN_IE_ID: 1958 frame->pRsnIe = ¶ms->rsnIe[0]; 1959 status = mlmeParser_readRsnIe(pHandle, pData, bodyDataLen, &readLen, ¶ms->rsnIe[rsnIeIdx]); 1960 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading RSN IE\n"),TRUE); 1961 1962 frame->rsnIeLen += readLen; 1963 rsnIeIdx ++; 1964 break; 1965 1966 case DOT11_QOS_CAPABILITY_ELE_ID: 1967 frame->QoSCapParameters = ¶ms->QosCapParams; 1968 status = mlmeParser_readQosCapabilityIE(pHandle, pData, bodyDataLen, &readLen, ¶ms->QosCapParams); 1969 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading QOS CapabilityIE\n"),TRUE); 1970 break; 1971 1972 case WPA_IE_ID: 1973 if (!os_memoryCompare(pHandle->hOs, pData+2, wpaIeOuiIe, 3)) 1974 { 1975 /* Note : WPA and WME use the same OUI */ 1976 /* Its assumes that: 1977 WPA uses OUI Type with value - 1 1978 WME uses OUI Type with value - 2 1979 */ 1980 1981 /* Check the OUI sub Type to verify whether this is a WME IE or WPA IE*/ 1982 if( (*(UINT8*)(pData+5)) == dot11_WPA_OUI_TYPE) 1983 { 1984 /* If we are here - the following is WPA IE */ 1985 frame->pRsnIe = ¶ms->rsnIe[0]; 1986 status = mlmeParser_readRsnIe(pHandle, pData, bodyDataLen, 1987 &readLen, ¶ms->rsnIe[rsnIeIdx]); 1988 frame->rsnIeLen += readLen; 1989 rsnIeIdx ++; 1990 1991 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading RSN IE\n"),TRUE); 1992 } 1993 if( ( (*(UINT8*)(pData+5)) == dot11_WME_OUI_TYPE ) && 1994 ( ( (*(UINT8*)(pData+6)) == dot11_WME_OUI_SUB_TYPE_PARAMS_IE) || 1995 ( (*(UINT8*)(pData+6)) == dot11_WME_OUI_SUB_TYPE_IE) ) ) 1996 { 1997 /* If we are here - the following is WME-Params IE, WME-Info IE or TSPEC IE. */ 1998 /* Note that we are using the WMEParams struct also to hold the WME-Info IE 1999 which is a subset of WMEParams, and only one of them is sent in a frame. */ 2000 frame->WMEParams = ¶ms->WMEParams; 2001 status = mlmeParser_readWMEParams(pHandle, pData, bodyDataLen, &readLen, frame->WMEParams, NULL); 2002 2003 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading WME params\n"),TRUE); 2004 } 2005 else 2006 { 2007 /* Unrecognized OUI type */ 2008 readLen = pEleHdr->eleLen + 2; 2009 } 2010 } 2011 else 2012 /* check if this is 4X IE */ 2013 if(os_memoryCompare(pHandle->hOs, ti_oui, pData+2, DOT11_OUI_LEN) == 0) 2014 { 2015 frame->fourXParams = ¶ms->fourXParams; 2016 status = mlmeParser_read4Xxarams(pHandle, pData, bodyDataLen, &readLen, frame->fourXParams); 2017 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading 4X parameters\n"),TRUE); 2018 } 2019 else 2020 { 2021 /* not 4x IE */ 2022 readLen = pEleHdr->eleLen + 2; 2023 } 2024 2025 break; 2026 2027 #ifdef EXC_MODULE_INCLUDED 2028 case CELL_POWER_IE: 2029 /* We mustn't take the Cell Transmit Power IE into account if */ 2030 /* there's a Power Constraint IE. Since the IEs must be in increasing */ 2031 /* order, it's enough to perform the check here, because if the Power */ 2032 /* Constraint IE is present it must have already been processed. */ 2033 if (allowCellTP) 2034 { 2035 frame->cellTP = ¶ms->cellTP; 2036 status = mlmeParser_readCellTP(pHandle, pData, bodyDataLen, &readLen, frame->cellTP); 2037 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading Cell Transmit Power params.\n"),TRUE); 2038 } 2039 break; 2040 #endif 2041 2042 default: 2043 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG, 2044 ("MLME_PARSER: unsupported IE found (%d)\n", pEleHdr->eleId)); 2045 readLen = pEleHdr->eleLen + 2; 2046 break; 2047 } 2048 } 2049 pData += readLen; 2050 bodyDataLen -= readLen; 2051 CHECK_PARSING_ERROR_CONDITION((bodyDataLen < 0), ("MLME_PARSER: negative bodyDataLen %d bytes\n", bodyDataLen),TRUE); 2052 } 2053 return OK; 2054 } 2055 2056 mlmeIEParsingParams_t *mlmeParser_getParseIEsBuffer(TI_HANDLE *hMlme) 2057 { 2058 return (&(((mlme_t *)hMlme)->tempFrameInfo)); 2059 } 2060 2061