1 /** \file mlmeBuilder.c
2 * \brief 802.11 MLME Builder
3 *
4 * \see mlmeBuilder.h
5 */
6
7 /****************************************************************************
8 **+-----------------------------------------------------------------------+**
9 **| |**
10 **| Copyright(c) 1998 - 2008 Texas Instruments. All rights reserved. |**
11 **| All rights reserved. |**
12 **| |**
13 **| Redistribution and use in source and binary forms, with or without |**
14 **| modification, are permitted provided that the following conditions |**
15 **| are met: |**
16 **| |**
17 **| * Redistributions of source code must retain the above copyright |**
18 **| notice, this list of conditions and the following disclaimer. |**
19 **| * Redistributions in binary form must reproduce the above copyright |**
20 **| notice, this list of conditions and the following disclaimer in |**
21 **| the documentation and/or other materials provided with the |**
22 **| distribution. |**
23 **| * Neither the name Texas Instruments nor the names of its |**
24 **| contributors may be used to endorse or promote products derived |**
25 **| from this software without specific prior written permission. |**
26 **| |**
27 **| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |**
28 **| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |**
29 **| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |**
30 **| A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |**
31 **| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |**
32 **| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |**
33 **| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |**
34 **| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |**
35 **| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |**
36 **| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |**
37 **| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |**
38 **| |**
39 **+-----------------------------------------------------------------------+**
40 ****************************************************************************/
41
42 /***************************************************************************/
43 /* */
44 /* MODULE: mlmeBuilder.c */
45 /* PURPOSE: 802.11 MLME Builder */
46 /* */
47 /***************************************************************************/
48
49
50
51 #include "802_11Defs.h"
52
53 #include "osApi.h"
54
55 #include "paramOut.h"
56 #include "paramIn.h"
57
58 #include "utils.h"
59 #include "memMngrEx.h"
60 #include "report.h"
61
62 #include "DataCtrl_Api.h"
63 #include "smeApi.h"
64
65 #include "mlmeApi.h"
66 #include "mlmeSm.h"
67 #include "Assoc/AssocSM.h"
68 #include "Auth/authSm.h"
69
70 #include "mlmeParser.h"
71 #include "measurementMgrApi.h"
72 #include "siteMgrApi.h"
73 #include "spectrumMngmntMgr.h"
74 #include "currBss.h"
75 #include "apConn.h"
76 #include "SwitchChannelApi.h"
77 #include "regulatoryDomainApi.h"
78 #include "qosMngr_API.h"
79
80
81 /* Constants */
82
83 /* Enumerations */
84
85 /* Typedefs */
86
87 /* Structures */
88
89 /* External data definitions */
90
91 /* External functions definitions */
92
93 /* Local function prototypes */
94
95 /* Functions */
96
97 #define BcnMissTst 0
98 #define BcnMissTstWithScrPad7 0
99 #define CHECK_PARSING_ERROR_CONDITION_PRINT 0
100
101 #if BcnMissTst
102 static void mlmeParser_printBeaconDebugInfo(TI_HANDLE theMlmeHandle,
103 mlmeFrameInfo_t theFrame);
104 #endif
105
106 BOOL MissingBcnInt = FALSE ;
107 extern int WMEQosTagToACTable[MAX_NUM_OF_802_1d_TAGS];
108
mlmeParser_recv(TI_HANDLE hMlme,mem_MSDU_T * pMsdu,Rx_attr_t * pRxAttr)109 TI_STATUS mlmeParser_recv(TI_HANDLE hMlme, mem_MSDU_T *pMsdu, Rx_attr_t* pRxAttr)
110 {
111 TI_STATUS status = NOK;
112 mlme_t *pHandle;
113 UINT8 *pData;
114 INT32 bodyDataLen;
115 UINT32 readLen;
116 dot11_eleHdr_t *pEleHdr;
117 dot11_mgmtFrame_t *pMgmtFrame;
118 dot11MgmtSubType_e msgType;
119 paramInfo_t param;
120 macAddress_t recvBssid;
121 macAddress_t recvSa;
122 UINT8 rsnIeIdx = 0;
123 UINT8 wpaIeOuiIe[] = WPA_IE_OUI;
124 UINT8 ti_oui[] = TI_OUI;
125 #ifdef EXC_MODULE_INCLUDED
126 UINT8 exc_oui[] = EXC_OUI;
127 EXCv4IEs_t *pExcIeParameter;
128 #endif
129 BOOL ciscoIEPresent = FALSE;
130 #if BcnMissTst
131 /* debug info */
132 UINT32 currProbeRspTSFTime = 0;
133 UINT32 deltaProbeRspTSFTime = 0;
134 #endif
135
136
137 if (hMlme == NULL)
138 {
139 return NOK;
140 }
141
142 pHandle = (mlme_t*)hMlme;
143
144 if (pMsdu == NULL)
145 {
146 return NOK;
147 }
148
149 /* zero frame content */
150 os_memoryZero(pHandle->hOs, &(pHandle->tempFrameInfo), sizeof(mlmeIEParsingParams_t));
151
152 pMgmtFrame = (dot11_mgmtFrame_t*)(memMgr_BufData(pMsdu->firstBDPtr) + memMgr_BufOffset(pMsdu->firstBDPtr)) ;
153
154 /* get frame type */
155 status = mlmeParser_getFrameType(pHandle, (UINT16 *)&pMgmtFrame->hdr.fc, &msgType);
156 if (status != OK)
157 {
158 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
159 return OK;
160 }
161
162 pHandle->tempFrameInfo.frame.subType = msgType;
163
164 /* We have to ignore management frames from other BSSIDs (except beacons & probe responses) */
165 param.paramType = CTRL_DATA_CURRENT_BSSID_PARAM;
166 ctrlData_getParam(pHandle->hCtrlData, ¶m);
167
168 os_memoryCopy(pHandle->hOs, &(recvBssid.addr), &(pMgmtFrame->hdr.BSSID), MAC_ADDR_LEN);
169
170 os_memoryCopy(pHandle->hOs, &(recvSa.addr), &(pMgmtFrame->hdr.SA), MAC_ADDR_LEN);
171
172 if (MAC_EQUAL((&(param.content.ctrlDataCurrentBSSID)), (&(recvBssid))))
173 pHandle->tempFrameInfo.myBssid = TRUE;
174 else
175 pHandle->tempFrameInfo.myBssid = FALSE;
176
177 if (MAC_EQUAL((&(param.content.ctrlDataCurrentBSSID)), (&(recvSa))))
178 pHandle->tempFrameInfo.mySa = TRUE;
179 else
180 pHandle->tempFrameInfo.mySa = FALSE;
181
182 /* The Default value of the myDst flag is false, only in case of unicast packet with the STA's destination address, the flag is set to True */
183 pHandle->tempFrameInfo.myDst = FALSE;
184
185 /* check destination MAC address for broadcast */
186
187 if (MAC_BROADCAST((&pMgmtFrame->hdr.DA)))
188 {
189 pHandle->tempFrameInfo.frame.extesion.destType = MSG_BROADCAST;
190 }
191 else
192 {
193 if (MAC_MULTICAST((&pMgmtFrame->hdr.DA)))
194 {
195 pHandle->tempFrameInfo.frame.extesion.destType = MSG_MULTICAST;
196 }
197 else
198 {
199 pHandle->tempFrameInfo.frame.extesion.destType = MSG_UNICAST;
200
201 param.paramType = CTRL_DATA_MAC_ADDRESS;
202 ctrlData_getParam(pHandle->hCtrlData, ¶m);
203
204 /* Verifying whether the received unicast packet is for the STA, if yes we set the flag to True */
205 if (MAC_EQUAL( (&(param.content.ctrlDataDeviceMacAddress)), (&(pMgmtFrame->hdr.DA)) ) )
206 pHandle->tempFrameInfo.myDst = TRUE;
207
208
209 }
210 }
211
212 MAC_COPY(pHandle->hOs, (&(pHandle->tempFrameInfo.bssid)), (&pMgmtFrame->hdr.BSSID));
213
214 pData = (UINT8 *)(pMgmtFrame->body);
215
216 /* length of body (msdu without 802.11 header and FCS) */
217 bodyDataLen = pMsdu->dataLen - WLAN_HDR_LEN;
218
219 switch (msgType)
220 {
221 case ASSOC_REQUEST:
222 WLAN_REPORT_SM(pHandle->hReport, MLME_SM_MODULE_LOG,
223 ("MLME_PARSER: recieved ASSOC_REQ message \n"));
224 break;
225 case RE_ASSOC_REQUEST:
226 WLAN_REPORT_SM(pHandle->hReport, MLME_SM_MODULE_LOG,
227 ("MLME_PARSER: recieved RE_ASSOC_REQ message \n"));
228 break;
229 case RE_ASSOC_RESPONSE:
230 WLAN_REPORT_SM(pHandle->hReport, MLME_SM_MODULE_LOG,
231 ("MLME_PARSER: recieved RE_ASSOC_RSP message \n"));
232 /* break;*/
233 case ASSOC_RESPONSE:
234 /* if the assoc response is not directed to our STA or not from the current AP */
235 if ((!pHandle->tempFrameInfo.myBssid) || (!pHandle->tempFrameInfo.mySa) || (pHandle->tempFrameInfo.myDst == FALSE))
236 break;
237
238 /* Save the association response message */
239 assoc_saveAssocRespMessage(pHandle->hAssoc, (UINT8 *)(pMgmtFrame->body), bodyDataLen);
240
241 /* init frame fields */
242 pHandle->tempFrameInfo.frame.content.assocRsp.barkerPreambleMode = PREAMBLE_UNSPECIFIED;
243
244 /* read capabilities */
245 pHandle->tempFrameInfo.frame.content.assocRsp.capabilities = ENDIAN_HANDLE_WORD(*(UINT16*)pData);
246 pData += 2;
247 /* read status */
248 pHandle->tempFrameInfo.frame.content.assocRsp.status = ENDIAN_HANDLE_WORD(*(UINT16*)pData);
249 pData += 2;
250 /* read AID */
251 pHandle->tempFrameInfo.frame.content.assocRsp.aid = ENDIAN_HANDLE_WORD(*(UINT16*)pData);
252 pData += 2;
253
254 bodyDataLen -= ASSOC_RESP_FIXED_DATA_LEN;
255 /***************************/
256
257 pHandle->tempFrameInfo.frame.content.assocRsp.pRsnIe = NULL;
258 pHandle->tempFrameInfo.frame.content.assocRsp.rsnIeLen = 0;
259 while (bodyDataLen > 2)
260 {
261 pEleHdr = (dot11_eleHdr_t*)pData;
262
263 if (pEleHdr->eleLen > (bodyDataLen - 2))
264 {
265 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,
266 ("MLME_PARSER: IE %d with length %d out of bounds %d\n", pEleHdr->eleId, pEleHdr->eleLen, (bodyDataLen - 2)));
267 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
268 return NOK;
269 }
270
271 switch (pEleHdr->eleId)
272 {
273 /* read rates */
274 case SUPPORTED_RATES_IE_ID:
275 pHandle->tempFrameInfo.frame.content.assocRsp.pRates = &(pHandle->tempFrameInfo.rates);
276 status = mlmeParser_readRates(pHandle, pData, bodyDataLen, &readLen, &(pHandle->tempFrameInfo.rates));
277 if (status != OK)
278 {
279 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,
280 ("MLME_PARSER: error reading RATES\n"));
281 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
282 return NOK;
283 }
284 break;
285
286 case EXT_SUPPORTED_RATES_IE_ID:
287 /* read rates */
288 pHandle->tempFrameInfo.frame.content.assocRsp.pExtRates = &(pHandle->tempFrameInfo.extRates);
289 status = mlmeParser_readRates(pHandle, pData, bodyDataLen, &readLen, &(pHandle->tempFrameInfo.extRates));
290 if (status != OK)
291 {
292 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
293 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,("MLME_PARSER: error reading RATES\n"));
294 return NOK;
295 }
296 break;
297
298 case ERP_IE_ID:
299 status = mlmeParser_readERP(pHandle, pData, bodyDataLen, &readLen,
300 (BOOL *)&(pHandle->tempFrameInfo.frame.content.assocRsp.useProtection),
301 (preamble_e *)&(pHandle->tempFrameInfo.frame.content.assocRsp.barkerPreambleMode));
302 if (status != OK)
303 {
304 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
305 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,("MLME_PARSER: error reading ERP\n"));
306 return NOK;
307 }
308 break;
309
310 case DOT11_4X_ELE_ID:
311 /* Note : WPA, WME, TSRS, MSDU lifetime and 4X use the same Element ID */
312 /* Its assumes that:
313 4X - uses OUI = 0x08,0x00,0x28;
314 TSRS and MSDU lifetime use OUI = 0x00,0x40,0x96 (=Cisco) but
315 use different OUI Type:
316 TSRS uses OUI Type 8
317 MSDU lifetime uses OUI Type 9;
318 WPA and WME use the same OUI = 0x00,0x50,0xf2 but
319 use different OUI Type:
320 WPA - uses OUI Type with value - 1
321 WME - uses OUI Type with value - 2.
322 */
323
324 /* check if this is 4X IE */
325 if(os_memoryCompare(pHandle->hOs ,ti_oui, pData+2, DOT11_OUI_LEN) == 0)
326 {
327 pHandle->tempFrameInfo.frame.content.assocRsp.fourXParams = &(pHandle->tempFrameInfo.fourXParams);
328 status = mlmeParser_read4Xxarams(pHandle, pData, bodyDataLen, &readLen,
329 &(pHandle->tempFrameInfo.fourXParams));
330 if (status != OK)
331 {
332 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,
333 ("MLME_PARSER: error reading 4X parameters\n"));
334 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
335 return NOK;
336 }
337 }
338 /* check if this is WME IE */
339 else if((os_memoryCompare(pHandle->hOs, wpaIeOuiIe, pData+2, DOT11_OUI_LEN) == 0) &&
340 ((*(UINT8*)(pData+5)) == dot11_WME_OUI_TYPE))
341 {
342 pHandle->tempFrameInfo.frame.content.assocRsp.WMEParams = &(pHandle->tempFrameInfo.WMEParams);
343 status = mlmeParser_readWMEParams(pHandle, pData, bodyDataLen, &readLen,
344 &(pHandle->tempFrameInfo.WMEParams),
345 &(pHandle->tempFrameInfo.frame.content.assocRsp));
346 if (status != OK)
347 {
348 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,
349 ("MLME_PARSER: error reading WME parameters\n"));
350 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
351 return NOK;
352 }
353 }
354 #ifdef EXC_MODULE_INCLUDED
355 /* check if this is EXC vendor specific OUI */
356 else if (os_memoryCompare(pHandle->hOs, exc_oui, pData+2, DOT11_OUI_LEN) == 0)
357 {
358 pExcIeParameter = &(pHandle->tempFrameInfo.frame.content.assocRsp.excIEs[WMEQosTagToACTable[*(pData+6)]]);
359 mlmeParser_readExcOui(pData, bodyDataLen, &readLen, pExcIeParameter);
360 }
361 #endif
362 else
363 {
364 /* skip this IE */
365 readLen = pEleHdr->eleLen + 2;
366 }
367 break;
368 case EXC_EXT_1_IE_ID:
369 ciscoIEPresent = TRUE;
370 pHandle->tempFrameInfo.frame.content.assocRsp.pRsnIe = &(pHandle->tempFrameInfo.rsnIe[0]);
371 status = mlmeParser_readRsnIe(pHandle, pData, bodyDataLen, &readLen,
372 &(pHandle->tempFrameInfo.rsnIe[rsnIeIdx]));
373 if (status != OK)
374 {
375 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,
376 ("MLME_PARSER: error reading EXC EXT1 IE\n"));
377 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
378 return NOK;
379 }
380
381 pHandle->tempFrameInfo.frame.content.assocRsp.rsnIeLen += readLen;
382 rsnIeIdx ++;
383 break;
384
385 case EXC_EXT_2_IE_ID:
386 ciscoIEPresent = TRUE;
387 pHandle->tempFrameInfo.frame.content.assocRsp.pRsnIe = &(pHandle->tempFrameInfo.rsnIe[0]);
388 status = mlmeParser_readRsnIe(pHandle, pData, bodyDataLen, &readLen,
389 &(pHandle->tempFrameInfo.rsnIe[rsnIeIdx]));
390 if (status != OK)
391 {
392 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,
393 ("MLME_PARSER: error reading RSN IP ADDR IE\n"));
394 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
395 return NOK;
396 }
397
398 pHandle->tempFrameInfo.frame.content.assocRsp.rsnIeLen += readLen;
399 rsnIeIdx ++;
400 break;
401
402 case DOT11_QOS_CAPABILITY_ELE_ID:
403 pHandle->tempFrameInfo.frame.content.assocRsp.QoSCapParameters = &(pHandle->tempFrameInfo.QosCapParams);
404 status = mlmeParser_readQosCapabilityIE(pHandle, pData, bodyDataLen, &readLen,
405 &(pHandle->tempFrameInfo.QosCapParams));
406 if (status != OK)
407 {
408 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
409 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,("MLME_PARSER: error reading QOS\n"));
410 return NOK;
411 }
412 break;
413
414 default:
415 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG,
416 ("MLME_PARSER: unsupported IE found (%d)\n", pEleHdr->eleId));
417 readLen = pEleHdr->eleLen + 2;
418 status = OK;
419 break;
420 }
421
422 pData += readLen;
423 bodyDataLen -= readLen;
424 }
425 /***************************/
426
427 /* set the appropriate flag in the association response frame */
428 /* to indicate whether or not we encountered a Cisco IE, i.e., */
429 /* if we have any indication as to whether the AP we've associated */
430 /* with is a Cisco AP. */
431 pHandle->tempFrameInfo.frame.content.assocRsp.ciscoIEPresent = ciscoIEPresent;
432
433 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG,
434 ("MLME_PARSER: ciscoIEPresent = %d\n", ciscoIEPresent));
435
436 status = assoc_recv(pHandle->hAssoc, &(pHandle->tempFrameInfo.frame));
437 break;
438
439 case PROBE_REQUEST:
440 WLAN_REPORT_SM(pHandle->hReport, MLME_SM_MODULE_LOG,
441 ("MLME_PARSER: recieved PROBE_REQ message \n"));
442 break;
443 case PROBE_RESPONSE:
444
445 WLAN_REPORT_SM(pHandle->hReport, MLME_SM_MODULE_LOG,
446 ("MLME_PARSER: recieved PROBE_RESPONSE message \n"));
447
448 if(pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4 > MAX_BEACON_BODY_LENGTH)
449 {
450 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG,
451 ("mlmeParser_recv: probe response length out of range. length=%d, band=%d, channel=%d\n", pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4, pRxAttr->band, pRxAttr->channel));
452 /* Error in parsing probe response packet - exit */
453 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
454 return NOK;
455
456 }
457
458 /* init frame fields */
459 pHandle->tempFrameInfo.frame.content.iePacket.barkerPreambleMode = PREAMBLE_UNSPECIFIED;
460
461 /* read time stamp */
462 os_memoryCopy(pHandle->hOs, (void *)pHandle->tempFrameInfo.frame.content.iePacket.timestamp, pData, TIME_STAMP_LEN);
463 pData += TIME_STAMP_LEN;
464
465 bodyDataLen -= TIME_STAMP_LEN;
466 /* read beacon interval */
467 pHandle->tempFrameInfo.frame.content.iePacket.beaconInerval = ENDIAN_HANDLE_WORD(*(UINT16*)pData);
468 pData += 2;
469 /* read capabilities */
470 pHandle->tempFrameInfo.frame.content.iePacket.capabilities = ENDIAN_HANDLE_WORD(*(UINT16*)pData);
471 pData += 2;
472
473 bodyDataLen -= 4;
474 pHandle->tempFrameInfo.frame.content.iePacket.pRsnIe = NULL;
475 pHandle->tempFrameInfo.frame.content.iePacket.rsnIeLen = 0;
476
477 pHandle->tempFrameInfo.band = pRxAttr->band;
478 pHandle->tempFrameInfo.rxChannel = pRxAttr->channel;
479
480 if ((pRxAttr->band == RADIO_BAND_2_4_GHZ) && (pRxAttr->channel > NUM_OF_CHANNELS_24))
481 {
482 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,
483 ("mlmeParser_recv, band=%d, channel=%d\n", pRxAttr->band, pRxAttr->channel));
484 /* Error in parsing Probe response packet - exit */
485 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
486 return NOK;
487
488 }
489 else if ((pRxAttr->band == RADIO_BAND_5_0_GHZ) && (pRxAttr->channel <= NUM_OF_CHANNELS_24))
490 {
491 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,
492 ("mlmeParser_recv, band=%d, channel=%d\n", pRxAttr->band, pRxAttr->channel));
493 /* Error in parsing Probe response packet - exit */
494 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
495 return NOK;
496
497 }
498 if (mlmeParser_parseIEs(hMlme, pData, bodyDataLen, &(pHandle->tempFrameInfo)) != OK)
499 {
500 /* Error in parsing Probe response packet - exit */
501 WLAN_REPORT_WARNING(pHandle->hReport, MLME_SM_MODULE_LOG,("mlmeParser_parseIEs: Error in parsing probe response \n"));
502 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
503 return NOK;
504 }
505
506 /* Check if there is a scan in progress */
507 if ( NULL != pHandle->resultCBFunc )
508 {
509 /* result CB is registered - results are sent to the registered callback */
510 pHandle->resultCBFunc( pHandle->resultCBObj, &(pHandle->tempFrameInfo.bssid), &(pHandle->tempFrameInfo.frame), pRxAttr,
511 (UINT8 *)(pMgmtFrame->body+TIME_STAMP_LEN+4),
512 pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4 );
513 }
514 currBSS_probRespReceivedCallb(pHandle->hCurrBss, pRxAttr, &(pHandle->tempFrameInfo.bssid),
515 &(pHandle->tempFrameInfo.frame),
516 (char *)pMgmtFrame->body+TIME_STAMP_LEN+4,
517 pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4);
518
519 /* For Debug */
520 #if BcnMissTst
521
522 /* Printing all the required parameters of the received ProbeRsp */
523 currProbeRspTSFTime = (UINT32)ENDIAN_HANDLE_LONG(*(INT32*)(pHandle->tempFrameInfo.frame.content.iePacket.timestamp));
524 deltaProbeRspTSFTime = (UINT32)((UINT32)currProbeRspTSFTime - (UINT32)pHandle->debug_lastProbeRspTSFTime);
525
526 if(pHandle->tempFrameInfo.frame.content.iePacket.pSsid != NULL)
527 {
528 WLAN_REPORT_INFORMATION(pHandle->hReport,
529 MLME_SM_MODULE_LOG,
530 ("ProbeRsp ssid=%8s TS=0x%x TSDelta=0x%x beaconInt=%d HostTime = %d\n",
531 pHandle->tempFrameInfo.frame.content.iePacket.pSsid->serviceSetId,
532 currProbeRspTSFTime,
533 deltaProbeRspTSFTime,
534 pHandle->tempFrameInfo.frame.content.iePacket.beaconInerval,
535 os_timeStampMs(pHandle)));
536 }
537
538 if(pHandle->tempFrameInfo.frame.content.iePacket.pSsid == NULL)
539 WLAN_REPORT_INFORMATION(pHandle->hReport,
540 MLME_SM_MODULE_LOG,
541 ("SSID null\n"));
542
543 pHandle->debug_lastProbeRspTSFTime = currProbeRspTSFTime;
544
545 #endif /* BcnMissTst */
546 if(pHandle->tempFrameInfo.recvChannelSwitchAnnoncIE == FALSE)
547 {
548 switchChannel_recvCmd(pHandle->hSwitchChannel, NULL, pRxAttr->channel);
549 }
550
551 break;
552 case BEACON:
553
554 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG,
555 ("MLME_PARSER: recieved BEACON message, TS= %ld\n", os_timeStampMs(pHandle->hOs)));
556 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG, ("beacon MSDU") );
557
558 if(pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4 > MAX_BEACON_BODY_LENGTH)
559 {
560 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,
561 ("mlmeParser_recv: beacon length out of range. length=%d, band=%d, channel=%d\n", pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4, pRxAttr->band, pRxAttr->channel));
562 /* Error in parsing beacon packet - exit */
563 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
564 return NOK;
565
566 }
567
568 /* init frame fields */
569 pHandle->tempFrameInfo.frame.content.iePacket.barkerPreambleMode = PREAMBLE_UNSPECIFIED;
570
571 /* read time stamp */
572 os_memoryCopy(pHandle->hOs, (void *)pHandle->tempFrameInfo.frame.content.iePacket.timestamp, pData, TIME_STAMP_LEN);
573 pData += TIME_STAMP_LEN;
574
575 bodyDataLen -= TIME_STAMP_LEN;
576 /* read beacon interval */
577 pHandle->tempFrameInfo.frame.content.iePacket.beaconInerval = ENDIAN_HANDLE_WORD(*(UINT16*)pData);
578 pData += 2;
579 /* read capabilities */
580 pHandle->tempFrameInfo.frame.content.iePacket.capabilities = ENDIAN_HANDLE_WORD(*(UINT16*)pData);
581 pData += 2;
582
583 bodyDataLen -= 4;
584 pHandle->tempFrameInfo.frame.content.iePacket.pRsnIe = NULL;
585 pHandle->tempFrameInfo.frame.content.iePacket.rsnIeLen = 0;
586
587 if ((pRxAttr->band == RADIO_BAND_2_4_GHZ) && (pRxAttr->channel > NUM_OF_CHANNELS_24))
588 {
589 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,
590 ("mlmeParser_recv, band=%d, channel=%d\n", pRxAttr->band, pRxAttr->channel));
591 /* Error in parsing Probe response packet - exit */
592 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
593 return NOK;
594
595 }
596 else if ((pRxAttr->band == RADIO_BAND_5_0_GHZ) && (pRxAttr->channel <= NUM_OF_CHANNELS_24))
597 {
598 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,
599 ("mlmeParser_recv, band=%d, channel=%d\n", pRxAttr->band, pRxAttr->channel));
600 /* Error in parsing Probe response packet - exit */
601 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
602 return NOK;
603
604 }
605 pHandle->tempFrameInfo.band = pRxAttr->band;
606 pHandle->tempFrameInfo.rxChannel = pRxAttr->channel;
607
608 if (mlmeParser_parseIEs(hMlme, pData, bodyDataLen, &(pHandle->tempFrameInfo)) != OK)
609 {
610 WLAN_REPORT_WARNING(pHandle->hReport, MLME_SM_MODULE_LOG,("mlmeParser_parseIEs - Error in parsing Beacon \n"));
611 /* Error in parsing Beacon packet - exit */
612 wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle);
613 return NOK;
614 }
615
616 /* Check if there is a scan in progress */
617 if ( NULL != pHandle->resultCBFunc )
618 {
619 /* result CB is registered - results are sent to the registered callback */
620 pHandle->resultCBFunc( pHandle->resultCBObj, &(pHandle->tempFrameInfo.bssid), &(pHandle->tempFrameInfo.frame), pRxAttr,
621 (UINT8 *)(pMgmtFrame->body+TIME_STAMP_LEN+4),
622 pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4 );
623 }
624
625 /* Counting the number of recieved beacons - used for statistics */
626 pHandle->BeaconsCounterPS++;
627
628 currBSS_beaconReceivedCallb(pHandle->hCurrBss, pRxAttr, &(pHandle->tempFrameInfo.bssid),
629 &(pHandle->tempFrameInfo.frame), (char *)pMgmtFrame->body+TIME_STAMP_LEN+4,
630 pMsdu->dataLen-WLAN_HDR_LEN-TIME_STAMP_LEN-4);
631
632 #if BcnMissTst
633 if ( pHandle->tempFrameInfo.myBssid )
634 {
635 mlmeParser_printBeaconDebugInfo(hMlme,
636 pHandle->tempFrameInfo.frame);
637 }
638 #endif
639 if (pHandle->tempFrameInfo.recvChannelSwitchAnnoncIE == FALSE)
640 {
641 switchChannel_recvCmd(pHandle->hSwitchChannel, NULL, pRxAttr->channel);
642 }
643
644 break;
645 case ATIM:
646 if (!pHandle->tempFrameInfo.myBssid)
647 break;
648
649 WLAN_REPORT_SM(pHandle->hReport, MLME_SM_MODULE_LOG,
650 ("MLME_PARSER: recieved ATIM message \n"));
651 break;
652 case DIS_ASSOC:
653 if ((!pHandle->tempFrameInfo.myBssid) || (!pHandle->tempFrameInfo.mySa))
654 break;
655
656 /* consider the DisAssoc frame if it is one of the following:
657 1) unicast frame and directed to our STA
658 2) broadcast frame
659 */
660 if((pHandle->tempFrameInfo.frame.extesion.destType == MSG_UNICAST) &&
661 (pHandle->tempFrameInfo.myDst == FALSE))
662 break;
663
664 /* read Reason interval */
665 pHandle->tempFrameInfo.frame.content.disAssoc.reason = ENDIAN_HANDLE_WORD(*(UINT16*)pData);
666
667 { /* Send roaming trigger */
668 roamingEventData_u RoamingEventData;
669 RoamingEventData.APDisconnect.uStatusCode = pHandle->tempFrameInfo.frame.content.disAssoc.reason;
670 RoamingEventData.APDisconnect.bDeAuthenticate = FALSE; /* i.e. This is not DeAuth packet */
671 apConn_reportRoamingEvent(pHandle->hApConn, ROAMING_TRIGGER_AP_DISCONNECT, &RoamingEventData);
672 }
673
674 break;
675 case AUTH:
676 /* Auth response frame is should be directed to our STA, and from the current AP */
677 if ((!pHandle->tempFrameInfo.myBssid) || (!pHandle->tempFrameInfo.mySa) || (pHandle->tempFrameInfo.myDst == FALSE))
678 break;
679
680 /* read Algorithm interval */
681 pHandle->tempFrameInfo.frame.content.auth.authAlgo = ENDIAN_HANDLE_WORD(*(UINT16*)pData);
682 pData += 2;
683 /* read Sequence number */
684 pHandle->tempFrameInfo.frame.content.auth.seqNum = ENDIAN_HANDLE_WORD(*(UINT16*)pData);
685 pData += 2;
686 /* read status */
687 pHandle->tempFrameInfo.frame.content.auth.status = ENDIAN_HANDLE_WORD(*(UINT16*)pData);
688 pData += 2;
689
690 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG,
691 ("MLME_PARSER: Read Auth: algo=%d, seq=%d, status=%d\n",
692 pHandle->tempFrameInfo.frame.content.auth.authAlgo,
693 pHandle->tempFrameInfo.frame.content.auth.seqNum,
694 pHandle->tempFrameInfo.frame.content.auth.status));
695 bodyDataLen -= 6;
696 /* read Challenge */
697 pHandle->tempFrameInfo.frame.content.auth.pChallenge = &(pHandle->tempFrameInfo.challenge);
698 status = mlmeParser_readChallange(pHandle, pData, bodyDataLen, &readLen, &(pHandle->tempFrameInfo.challenge));
699 if (status != OK)
700 {
701 pHandle->tempFrameInfo.challenge.hdr.eleLen = 0;
702 readLen = 0;
703 }
704 pData += readLen;
705
706 status = auth_recv(pHandle->hAuth, &(pHandle->tempFrameInfo.frame));
707 break;
708 case DE_AUTH:
709 if ((!pHandle->tempFrameInfo.myBssid) || (!pHandle->tempFrameInfo.mySa))
710 break;
711
712 /* consider the Assoc frame if it is one of the following:
713 1) unicast frame and directed to our STA
714 2) broadcast frame
715 */
716 if((pHandle->tempFrameInfo.frame.extesion.destType == MSG_UNICAST) &&
717 (pHandle->tempFrameInfo.myDst == FALSE))
718 break;
719
720 /* read Reason */
721 pHandle->tempFrameInfo.frame.content.deAuth.reason = ENDIAN_HANDLE_WORD(*(UINT16*)pData);
722
723 { /* Send roaming trigger */
724 roamingEventData_u RoamingEventData;
725 RoamingEventData.APDisconnect.uStatusCode = pHandle->tempFrameInfo.frame.content.disAssoc.reason;
726 RoamingEventData.APDisconnect.bDeAuthenticate = TRUE; /* i.e. This is DeAuth packet */
727 apConn_reportRoamingEvent(pHandle->hApConn, ROAMING_TRIGGER_AP_DISCONNECT, &RoamingEventData);
728 }
729 break;
730
731 case ACTION:
732 param.paramType = CTRL_DATA_CURRENT_BSS_TYPE_PARAM;
733 ctrlData_getParam(pHandle->hCtrlData, ¶m);
734
735 if ((!pHandle->tempFrameInfo.myBssid) ||
736 ((!pHandle->tempFrameInfo.mySa) && (param.content.ctrlDataCurrentBssType == BSS_INFRASTRUCTURE)))
737 break;
738
739 /* if the action frame is unicast and not directed to our STA, we should ignore it */
740 if((pHandle->tempFrameInfo.frame.extesion.destType == MSG_UNICAST) &&
741 (pHandle->tempFrameInfo.myDst == FALSE))
742 break;
743
744
745 /* read Category field */
746 pHandle->tempFrameInfo.frame.content.action.category = *pData;
747 pData ++;
748 bodyDataLen --;
749
750 /* Checking if the category field is valid */
751 if(( pHandle->tempFrameInfo.frame.content.action.category != CATAGORY_SPECTRUM_MANAGEMENT) &&
752 (pHandle->tempFrameInfo.frame.content.action.category != CATAGORY_QOS) &&
753 (pHandle->tempFrameInfo.frame.content.action.category != WME_CATAGORY_QOS) )
754 {
755 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,
756 ("MLME_PARSER: Error category is invalid for action management frame %d \n",
757 pHandle->tempFrameInfo.frame.content.action.category ));
758 break;
759 }
760
761 switch(pHandle->tempFrameInfo.frame.content.action.category)
762 {
763 case CATAGORY_QOS:
764 case WME_CATAGORY_QOS:
765 /* read action field */
766 pHandle->tempFrameInfo.frame.content.action.action = *pData;
767 pData ++;
768 bodyDataLen --;
769
770 QosMngr_receiveActionFrames(pHandle->hQosMngr, pData, pHandle->tempFrameInfo.frame.content.action.action, bodyDataLen);
771 break;
772
773 case CATAGORY_SPECTRUM_MANAGEMENT:
774 /* read action field */
775 pHandle->tempFrameInfo.frame.content.action.action = *pData;
776 pData ++;
777 bodyDataLen --;
778
779 switch(pHandle->tempFrameInfo.frame.content.action.action)
780 {
781 case MEASUREMENT_REQUEST:
782 /* Checking the frame type */
783 if(pHandle->tempFrameInfo.frame.extesion.destType == MSG_BROADCAST)
784 pHandle->tempFrameInfo.frame.content.action.frameType = MSR_FRAME_TYPE_BROADCAST;
785 else
786 pHandle->tempFrameInfo.frame.content.action.frameType = MSR_FRAME_TYPE_UNICAST;
787
788 /*measurementMgr_receiveFrameRequest(pHandle->hMeasurementMgr,
789 pHandle->tempFrameInfo.frame.content.action.frameType,
790 bodyDataLen,pData);*/
791 break;
792
793 case TPC_REQUEST:
794 /*measurementMgr_receiveTPCRequest(pHandle->hMeasurementMgr,(UINT8)bodyDataLen,pData);*/
795 break;
796
797 case CHANNEL_SWITCH_ANNOUNCEMENT:
798 if (pHandle->tempFrameInfo.myBssid)
799 { /* Ignore Switch Channel commands from non my BSSID */
800 mlmeParser_readChannelSwitch(pHandle,pData,bodyDataLen,&readLen,&(pHandle->tempFrameInfo.channelSwitch),
801 pRxAttr->channel);
802 }
803 break;
804
805 default:
806 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,
807 ("MLME_PARSER: Error, category is invalid for action management frame %d \n",
808 pHandle->tempFrameInfo.frame.content.action.category ));
809 break;
810 }
811
812 break;
813
814
815 default:
816 status = NOK;
817 break;
818
819 }
820 }
821
822 /* release MSDU */
823 if (wlan_memMngrFreeMSDU(pHandle->hMemMgr, pMsdu->handle) != OK)
824 {
825 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG,
826 ("MLME_PARSER: Error releasing MSDU handle %d \n", pMsdu->handle));
827 }
828
829 return OK;
830 }
831
mlmeParser_getFrameType(mlme_t * pMlme,UINT16 * pFrameCtrl,dot11MgmtSubType_e * pType)832 TI_STATUS mlmeParser_getFrameType(mlme_t *pMlme, UINT16* pFrameCtrl, dot11MgmtSubType_e *pType)
833 {
834 if ((*pFrameCtrl & DOT11_FC_PROT_VERSION_MASK) != DOT11_FC_PROT_VERSION)
835 {
836 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG,
837 ("MLME_PARSER: Error Wrong protocol version (not %d) \n", DOT11_FC_PROT_VERSION));
838 return NOK;
839 }
840
841 if ((*pFrameCtrl & DOT11_FC_TYPE_MASK) != DOT11_FC_TYPE_MGMT)
842 {
843 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG,
844 ("MLME_PARSER: Error not MANAGEMENT frame\n"));
845 return NOK;
846 }
847
848 *pType = (dot11MgmtSubType_e)((*pFrameCtrl & DOT11_FC_SUB_MASK) >> 4);
849
850 return OK;
851 }
852
mlmeParser_read4Xxarams(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_4X_t * fourXParams)853 TI_STATUS mlmeParser_read4Xxarams(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_4X_t *fourXParams)
854 {
855 fourXParams->hdr.eleId = *pData;
856 fourXParams->hdr.eleLen = *(pData+1);
857
858 *pReadLen = fourXParams->hdr.eleLen + 2;
859
860 if ((dataLen < 2) || (dataLen < (UINT32)(fourXParams->hdr.eleLen + 2)))
861 {
862 return NOK;
863 }
864
865 if (fourXParams->hdr.eleLen > DOT11_4X_MAX_LEN)
866 {
867 return NOK;
868 }
869
870 os_memoryCopy(pMlme->hOs, (void *)fourXParams->fourXCapabilities, pData+2, fourXParams->hdr.eleLen);
871
872 return OK;
873 }
874
875
876 #ifdef EXC_MODULE_INCLUDED
mlmeParser_readExcOui(UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,EXCv4IEs_t * excIEs)877 void mlmeParser_readExcOui (UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, EXCv4IEs_t *excIEs)
878 {
879 UINT8 ieLen;
880 UINT8 ouiType;
881
882 ieLen = *(pData+1) + 2;
883
884 if (dataLen < ieLen)
885 {
886 /* Wrong length of info-element, skip to the end of the packet */
887 *pReadLen = dataLen;
888 return;
889 }
890
891 *pReadLen = ieLen;
892 ouiType = *(pData+5);
893
894 switch (ouiType)
895 {
896 case TS_METRIX_OUI_TYPE:
897 excIEs->tsMetrixParameter = (dot11_TS_METRICS_IE_t *)pData;
898 break;
899 case TS_RATE_SET_OUI_TYPE:
900 excIEs->trafficStreamParameter = (dot11_TSRS_IE_t *)pData;
901 break;
902 case EDCA_LIFETIME_OUI_TYPE:
903 excIEs->edcaLifetimeParameter = (dot11_MSDU_LIFE_TIME_IE_t *)pData;
904 break;
905 }
906 return;
907 }
908 #endif
909
910
mlmeParser_readERP(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,BOOL * useProtection,preamble_e * barkerPreambleMode)911 TI_STATUS mlmeParser_readERP(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen,
912 BOOL *useProtection, preamble_e *barkerPreambleMode)
913 {
914
915 UINT32 erpIElen;
916 UINT16 ctrl;
917 UINT16 ShortData=0;
918
919 erpIElen = *(pData+1);
920 *pReadLen = erpIElen + 2;
921
922 if (dataLen < (UINT32)(erpIElen + 2))
923 {
924 return NOK;
925 }
926 #ifdef FOUR_ALIGNMENT /*fix for un-aligned exception on ARM */
927 ((UINT8 *)&ShortData)[0] = pData[2];
928 ((UINT8 *)&ShortData)[1] = pData[3];
929 ctrl = ENDIAN_HANDLE_WORD(ShortData);
930 #else
931 ctrl = ENDIAN_HANDLE_WORD(*(UINT16*)(pData+2));
932 #endif
933
934 *useProtection = (ctrl & 0x2) >>1;
935 *barkerPreambleMode = ((ctrl & 0x4) >>2) ? PREAMBLE_LONG : PREAMBLE_SHORT;
936
937 return OK;
938 }
939
940
mlmeParser_readRates(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_RATES_t * pRates)941 TI_STATUS mlmeParser_readRates(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_RATES_t *pRates)
942 {
943 pRates->hdr.eleId = *pData;
944 pRates->hdr.eleLen = *(pData+1);
945
946 *pReadLen = pRates->hdr.eleLen + 2;
947
948 if (dataLen < (UINT32)(pRates->hdr.eleLen + 2))
949 {
950 return NOK;
951 }
952
953 if (pRates->hdr.eleLen > MAX_SUPPORTED_RATES)
954 {
955 return NOK;
956 }
957
958 os_memoryCopy(pMlme->hOs, (void *)pRates->rates, pData+2, pRates->hdr.eleLen);
959
960 return OK;
961 }
962
mlmeParser_readSsid(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_SSID_t * pSsid)963 TI_STATUS mlmeParser_readSsid(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_SSID_t *pSsid)
964 {
965 pSsid->hdr.eleId = *pData;
966 pSsid->hdr.eleLen = *(pData+1);
967
968 *pReadLen = pSsid->hdr.eleLen + 2;
969
970 if ((dataLen < 2) || (dataLen < (UINT32)(pSsid->hdr.eleLen + 2)))
971 {
972 return NOK;
973 }
974
975 if (pSsid->hdr.eleLen > MAX_SSID_LEN)
976 {
977 return NOK;
978 }
979
980 os_memoryCopy(pMlme->hOs, (void *)pSsid->serviceSetId, pData+2, pSsid->hdr.eleLen);
981
982 return OK;
983 }
984
mlmeParser_readFhParams(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_FH_PARAMS_t * pFhParams)985 TI_STATUS mlmeParser_readFhParams(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_FH_PARAMS_t *pFhParams)
986 {
987 UINT16 ShortData=0;
988 pFhParams->hdr.eleId = *pData;
989 pFhParams->hdr.eleLen = *(pData+1);
990 pData += 2;
991
992 if ((dataLen < 2) || (dataLen < (UINT32)(pFhParams->hdr.eleLen + 2)))
993 {
994 return NOK;
995 }
996
997 #if 1
998 ((UINT8 *)&ShortData)[0] = pData[0];
999 ((UINT8 *)&ShortData)[1] = pData[1];
1000 #else
1001 /* Fix for possible alignment problem */
1002 COPY_UNALIGNED_WORD(&ShortData , pData);
1003 #endif
1004
1005 pFhParams->dwellTime = ENDIAN_HANDLE_WORD(ShortData);
1006 pData += 2;
1007
1008 pFhParams->hopSet = *pData;
1009 pFhParams->hopPattern = *(pData+1);
1010 pFhParams->hopIndex = *(pData+2);
1011
1012 *pReadLen = pFhParams->hdr.eleLen + 2;
1013
1014 return OK;
1015 }
1016
mlmeParser_readDsParams(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_DS_PARAMS_t * pDsParams)1017 TI_STATUS mlmeParser_readDsParams(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_DS_PARAMS_t *pDsParams)
1018 {
1019 pDsParams->hdr.eleId = *pData;
1020 pDsParams->hdr.eleLen = *(pData+1);
1021
1022 if ((dataLen < 2) || (dataLen < (UINT32)(pDsParams->hdr.eleLen + 2)))
1023 {
1024 return NOK;
1025 }
1026
1027 pDsParams->currChannel = *(pData+2);
1028
1029 *pReadLen = pDsParams->hdr.eleLen + 2;
1030
1031 return OK;
1032 }
1033
mlmeParser_readCfParams(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_CF_PARAMS_t * pCfParams)1034 TI_STATUS mlmeParser_readCfParams(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_CF_PARAMS_t *pCfParams)
1035 {
1036 UINT16 ShortData=0;
1037 pCfParams->hdr.eleId = *pData;
1038 pCfParams->hdr.eleLen = *(pData+1);
1039 pData += 2;
1040
1041 if ((dataLen < 2) || (dataLen < (UINT32)(pCfParams->hdr.eleLen + 2)))
1042 {
1043 return NOK;
1044 }
1045
1046 pCfParams->cfpCount = *pData;
1047 pCfParams->cfpPeriod = *(pData+1);
1048 pData += 2;
1049
1050 #if 1
1051 /* Fix for possible alignment problem */
1052 ((UINT8 *)&ShortData)[0] = pData[0];
1053 ((UINT8 *)&ShortData)[1] = pData[1];
1054 #else
1055 COPY_UNALIGNED_WORD(&ShortData, pData);
1056 #endif
1057 pCfParams->cfpMaxDuration = ENDIAN_HANDLE_WORD(ShortData);
1058
1059 pData += 2;
1060
1061 #if 1
1062 /* Fix for possible alignment problem */
1063 ((UINT8 *)&ShortData)[0] = pData[0];
1064 ((UINT8 *)&ShortData)[1] = pData[1];
1065 #else
1066 /* Fix for possible alignment problem */
1067 COPY_UNALIGNED_WORD(&ShortData, pData);
1068 #endif
1069 pCfParams->cfpDurRemain = ENDIAN_HANDLE_WORD(ShortData);
1070
1071 *pReadLen = pCfParams->hdr.eleLen + 2;
1072
1073 return OK;
1074 }
1075
mlmeParser_readIbssParams(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_IBSS_PARAMS_t * pIbssParams)1076 TI_STATUS mlmeParser_readIbssParams(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_IBSS_PARAMS_t *pIbssParams)
1077 {
1078 UINT16 ShortData=0;
1079 pIbssParams->hdr.eleId = *pData;
1080 pIbssParams->hdr.eleLen = *(pData+1);
1081 pData += 2;
1082
1083 if ((dataLen < 2) || (dataLen < (UINT32)(pIbssParams->hdr.eleLen + 2)))
1084 {
1085 return NOK;
1086 }
1087
1088 #if 1
1089 /* Fix for possible alignment problem */
1090 ((UINT8 *)&ShortData)[0] = pData[0];
1091 ((UINT8 *)&ShortData)[1] = pData[1];
1092 #else
1093 /* Fix for possible alignment problem */
1094 COPY_UNALIGNED_WORD(&ShortData, pData);
1095 #endif
1096 pIbssParams->atimWindow = ENDIAN_HANDLE_WORD(ShortData);
1097
1098 *pReadLen = pIbssParams->hdr.eleLen + 2;
1099
1100 return OK;
1101 }
1102
mlmeParser_readTim(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_TIM_t * pTim)1103 TI_STATUS mlmeParser_readTim(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_TIM_t *pTim)
1104 {
1105 pTim->hdr.eleId = *pData;
1106 pTim->hdr.eleLen = *(pData+1);
1107 pData += 2;
1108
1109 if ((dataLen < 2) || (dataLen < (UINT32)(pTim->hdr.eleLen + 2)) || (pTim->hdr.eleLen < 3))
1110 {
1111 return NOK;
1112 }
1113
1114 pTim->dtimCount = *pData;
1115 pTim->dtimPeriod = *(pData+1);
1116 pTim->bmapControl = *(pData+2);
1117 pData += 3;
1118
1119 if ((pTim->hdr.eleLen - 3) > DOT11_PARTIAL_VIRTUAL_BITMAP_MAX) /* Dm: Security fix */
1120 {
1121 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG,
1122 ("MLME_PARSER: Security Error: eleLen=%d, maxLen=%d\n",
1123 pTim->hdr.eleLen, DOT11_PARTIAL_VIRTUAL_BITMAP_MAX));
1124 return NOK;
1125 }
1126 os_memoryCopy(pMlme->hOs, (void *)pTim->partialVirtualBmap, pData, pTim->hdr.eleLen - 3);
1127
1128 *pReadLen = pTim->hdr.eleLen + 2;
1129
1130 return OK;
1131 }
1132
mlmeParser_readCountry(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_COUNTRY_t * countryIE)1133 TI_STATUS mlmeParser_readCountry(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_COUNTRY_t *countryIE)
1134 {
1135 countryIE->hdr.eleId = *pData;
1136 countryIE->hdr.eleLen = *(pData+1);
1137
1138 *pReadLen = countryIE->hdr.eleLen + 2;
1139
1140 if ((dataLen < 8) || (dataLen < (UINT32)(countryIE->hdr.eleLen + 2)))
1141 {
1142 return NOK;
1143 }
1144
1145 if (countryIE->hdr.eleLen > DOT11_COUNTRY_ELE_LEN_MAX)
1146 {
1147 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG,
1148 ("MLME_PARSER: country IE error: eleLen=%d, maxLen=%d\n",
1149 countryIE->hdr.eleLen, DOT11_COUNTRY_ELE_LEN_MAX));
1150 return NOK;
1151 }
1152
1153 os_memoryCopy(pMlme->hOs,&(countryIE->countryIE), pData+2, countryIE->hdr.eleLen);
1154
1155 return OK;
1156 }
1157
mlmeParser_readWMEParams(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_WME_PARAM_t * pWMEParamIE,assocRsp_t * assocRsp)1158 TI_STATUS mlmeParser_readWMEParams(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen,
1159 UINT32 *pReadLen, dot11_WME_PARAM_t *pWMEParamIE,
1160 assocRsp_t *assocRsp)
1161 {
1162 UINT8 ieSubtype;
1163 UINT8 ac;
1164
1165 pWMEParamIE->hdr.eleId = *pData;
1166 pWMEParamIE->hdr.eleLen = *(pData+1);
1167
1168 *pReadLen = pWMEParamIE->hdr.eleLen + 2;
1169
1170 if (dataLen < *pReadLen)
1171 {
1172 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG,
1173 ("MLME_PARSER: WME Parameter: eleLen=%d is too long (%d)\n", *pReadLen, dataLen));
1174 *pReadLen = dataLen;
1175 return NOK;
1176 }
1177
1178 if ((pWMEParamIE->hdr.eleLen > WME_TSPEC_IE_LEN) || (pWMEParamIE->hdr.eleLen < DOT11_WME_ELE_LEN))
1179 {
1180 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG,
1181 ("MLME_PARSER: WME Parameter IE error: eleLen=%d\n", pWMEParamIE->hdr.eleLen));
1182 return NOK;
1183 }
1184
1185 ieSubtype = *((UINT8*)(pData+6));
1186 switch (ieSubtype)
1187 {
1188 case dot11_WME_OUI_SUB_TYPE_IE:
1189 case dot11_WME_OUI_SUB_TYPE_PARAMS_IE:
1190 /* Checking WME Version validity */
1191 if (*((UINT8*)(pData+7)) != dot11_WME_VERSION )
1192 {
1193 WLAN_REPORT_INFORMATION(pMlme->hReport, MLME_SM_MODULE_LOG,
1194 ("MLME_PARSER: WME Parameter IE error: Version =%d is unsupported\n",
1195 *((UINT8*)(pData+7)) ));
1196 return NOK;
1197 }
1198 /* Copy either the WME-Params IE or the WME-Info IE (Info is a subset of Params)! */
1199 os_memoryCopy(pMlme->hOs,&(pWMEParamIE->OUI), pData+2, pWMEParamIE->hdr.eleLen);
1200 break;
1201
1202 case WME_TSPEC_IE_OUI_SUB_TYPE:
1203 /* Read renegotiated TSPEC parameters */
1204 if (assocRsp == NULL)
1205 {
1206 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG,
1207 ("MLME_PARSER: WME Parameter IE error: TSPEC Sub Type in beacon or probe resp\n"));
1208 return NOK;
1209 }
1210 ac = WMEQosTagToACTable[((((dot11_WME_TSPEC_IE_t *)pData)->tHdr.tsInfoField.tsInfoArr[1]) & TS_INFO_1_USER_PRIORITY_MASK) >> USER_PRIORITY_SHIFT];
1211
1212 if (ac == QOS_AC_VO)
1213 {
1214 assocRsp->tspecVoiceParameters = (dot11_WME_TSPEC_IE_t *)pData;
1215 }
1216 else if (ac == QOS_AC_VI)
1217 {
1218 assocRsp->tspecSignalParameters = (dot11_WME_TSPEC_IE_t *)pData;
1219 }
1220 break;
1221
1222 default:
1223 /* Checking OUI Sub Type validity */
1224 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG,
1225 ("MLME_PARSER: WME Parameter IE error: Sub Type =%d is invalid\n",
1226 ieSubtype));
1227 return NOK;
1228 }
1229 return OK;
1230 }
1231
1232
mlmeParser_readQosCapabilityIE(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_QOS_CAPABILITY_IE_t * QosCapParams)1233 TI_STATUS mlmeParser_readQosCapabilityIE(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_QOS_CAPABILITY_IE_t *QosCapParams)
1234 {
1235 QosCapParams->hdr.eleId = *pData;
1236 QosCapParams->hdr.eleLen = *(pData+1);
1237
1238 *pReadLen = QosCapParams->hdr.eleLen + 2;
1239
1240 if (dataLen < (UINT32)(QosCapParams->hdr.eleLen + 2))
1241 {
1242 return NOK;
1243 }
1244
1245 if (QosCapParams->hdr.eleLen > DOT11_QOS_CAPABILITY_ELE_LEN)
1246 {
1247 WLAN_REPORT_ERROR(pMlme->hReport, MLME_SM_MODULE_LOG,
1248 ("MLME_PARSER: QOS Capability IE error: eleLen=%d, maxLen=%d\n",
1249 QosCapParams->hdr.eleLen, DOT11_QOS_CAPABILITY_ELE_LEN));
1250 return NOK;
1251 }
1252
1253 QosCapParams->QosInfoField = (*(pData+1));
1254 return OK;
1255 }
1256
1257
mlmeParser_readChallange(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_CHALLENGE_t * pChallange)1258 TI_STATUS mlmeParser_readChallange(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_CHALLENGE_t *pChallange)
1259 {
1260 if (dataLen < 2)
1261 {
1262 return NOK;
1263 }
1264
1265 pChallange->hdr.eleId = *pData;
1266 pChallange->hdr.eleLen = *(pData+1);
1267 pData += 2;
1268
1269 if ((dataLen < 2) || (dataLen < (UINT32)(pChallange->hdr.eleLen + 2)))
1270 {
1271 return NOK;
1272 }
1273
1274 if (pChallange->hdr.eleLen > DOT11_CHALLENGE_TEXT_MAX)
1275 {
1276 return NOK;
1277 }
1278
1279 os_memoryCopy(pMlme->hOs, (void *)pChallange->text, pData, pChallange->hdr.eleLen);
1280
1281 *pReadLen = pChallange->hdr.eleLen + 2;
1282
1283 return OK;
1284 }
1285
mlmeParser_readRsnIe(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_RSN_t * pRsnIe)1286 TI_STATUS mlmeParser_readRsnIe(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_RSN_t *pRsnIe)
1287 {
1288 pRsnIe->hdr.eleId = *pData;
1289 pRsnIe->hdr.eleLen = *(pData+1);
1290 pData += 2;
1291
1292 if ((dataLen < 2) || (dataLen < (UINT32)(pRsnIe->hdr.eleLen + 2)))
1293 {
1294 return NOK;
1295 }
1296
1297 os_memoryCopy(pMlme->hOs, (void *)pRsnIe->rsnIeData, pData, pRsnIe->hdr.eleLen);
1298
1299 *pReadLen = pRsnIe->hdr.eleLen + 2;
1300
1301 return OK;
1302 }
1303
mlmeParser_readPowerConstraint(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_POWER_CONSTRAINT_t * powerConstraintIE)1304 TI_STATUS mlmeParser_readPowerConstraint(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_POWER_CONSTRAINT_t *powerConstraintIE)
1305 {
1306 powerConstraintIE->hdr.eleId = *pData;
1307 powerConstraintIE->hdr.eleLen = *(pData+1);
1308
1309 *pReadLen = powerConstraintIE->hdr.eleLen + 2;
1310
1311 if ((dataLen < 2) || (dataLen < (UINT32)(powerConstraintIE->hdr.eleLen + 2)))
1312 {
1313 return NOK;
1314 }
1315
1316 if (powerConstraintIE->hdr.eleLen > DOT11_POWER_CONSTRAINT_ELE_LEN)
1317 {
1318 return NOK;
1319 }
1320
1321 os_memoryCopy(pMlme->hOs,(void *)&(powerConstraintIE->powerConstraint), pData+2, powerConstraintIE->hdr.eleLen);
1322
1323 return OK;
1324 }
1325
1326
mlmeParser_readChannelSwitch(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_CHANNEL_SWITCH_t * channelSwitch,UINT8 channel)1327 TI_STATUS mlmeParser_readChannelSwitch(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_CHANNEL_SWITCH_t *channelSwitch, UINT8 channel)
1328 {
1329 channelSwitch->hdr.eleId = *pData++;
1330 channelSwitch->hdr.eleLen = *pData++;
1331
1332 *pReadLen = channelSwitch->hdr.eleLen + 2;
1333
1334 if ((dataLen < 2) || (dataLen < (UINT32)(channelSwitch->hdr.eleLen + 2)))
1335 {
1336 return NOK;
1337 }
1338
1339 if (channelSwitch->hdr.eleLen > DOT11_CHANNEL_SWITCH_ELE_LEN)
1340 {
1341 return NOK;
1342 }
1343
1344 channelSwitch->channelSwitchMode = *pData++;
1345 channelSwitch->channelNumber = *pData++;
1346 channelSwitch->channelSwitchCount = *pData;
1347
1348
1349 switchChannel_recvCmd(pMlme->hSwitchChannel, channelSwitch, channel);
1350 return OK;
1351 }
1352
mlmeParser_readQuiet(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_QUIET_t * quiet)1353 TI_STATUS mlmeParser_readQuiet(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_QUIET_t *quiet)
1354 {
1355 quiet->hdr.eleId = *pData++;
1356 quiet->hdr.eleLen = *pData++;
1357
1358 *pReadLen = quiet->hdr.eleLen + 2;
1359
1360 if ((dataLen < 2) || (dataLen < (UINT32)(quiet->hdr.eleLen + 2)))
1361 {
1362 return NOK;
1363 }
1364
1365 if (quiet->hdr.eleLen > DOT11_QUIET_ELE_LEN)
1366 {
1367 return NOK;
1368 }
1369
1370 quiet->quietCount = *pData++;
1371 quiet->quietPeriod = *pData++;
1372 quiet->quietDuration = *((UINT16*)pData); pData+=2; /* Dm: */
1373 quiet->quietOffset = *((UINT16*)pData);
1374
1375 return OK;
1376 }
1377
1378
mlmeParser_readTPCReport(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_TPC_REPORT_t * TPCReport)1379 TI_STATUS mlmeParser_readTPCReport(mlme_t *pMlme,UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_TPC_REPORT_t *TPCReport)
1380 {
1381 TPCReport->hdr.eleId = *pData;
1382 TPCReport->hdr.eleLen = *(pData+1);
1383
1384 *pReadLen = TPCReport->hdr.eleLen + 2;
1385
1386 if ((dataLen < 2) || (dataLen < (UINT32)(TPCReport->hdr.eleLen + 2)))
1387 {
1388 return NOK;
1389 }
1390
1391 if (TPCReport->hdr.eleLen > DOT11_TPC_REPORT_ELE_LEN)
1392 {
1393 return NOK;
1394 }
1395
1396 TPCReport->transmitPower = *(pData+2);
1397
1398 return OK;
1399 }
1400
1401
1402 #ifdef EXC_MODULE_INCLUDED
mlmeParser_readCellTP(mlme_t * pMlme,UINT8 * pData,UINT32 dataLen,UINT32 * pReadLen,dot11_CELL_TP_t * cellTP)1403 TI_STATUS mlmeParser_readCellTP(mlme_t *pMlme, UINT8 *pData, UINT32 dataLen, UINT32 *pReadLen, dot11_CELL_TP_t *cellTP)
1404 {
1405 UINT8 exc_OUI[] = EXC_OUI;
1406
1407 cellTP->hdr.eleId = *pData++;
1408 cellTP->hdr.eleLen = *pData++;
1409
1410 *pReadLen = cellTP->hdr.eleLen + 2;
1411
1412 if ((dataLen < 2) || (dataLen < (UINT32)(cellTP->hdr.eleLen + 2)))
1413 {
1414 return NOK;
1415 }
1416
1417 if (cellTP->hdr.eleLen > DOT11_CELL_TP_ELE_LEN)
1418 {
1419 return NOK;
1420 }
1421
1422 os_memoryCopy(pMlme->hOs, (PVOID)cellTP->oui, pData, cellTP->hdr.eleLen);
1423
1424 if (os_memoryCompare(pMlme->hOs, (PVOID)cellTP->oui, exc_OUI, 3) != 0)
1425 {
1426 return NOK;
1427 }
1428
1429 return OK;
1430 }
1431 #endif
1432
mlmeParser_registerForBeaconAndProbeResp(TI_HANDLE hMlme,mlme_resultCB_t resultCBFunc,TI_HANDLE resultCBObj)1433 TI_STATUS mlmeParser_registerForBeaconAndProbeResp( TI_HANDLE hMlme,
1434 mlme_resultCB_t resultCBFunc,
1435 TI_HANDLE resultCBObj )
1436 {
1437 mlme_t* pMlme = (mlme_t*)hMlme;
1438
1439 if ( NULL != pMlme->resultCBFunc )
1440 {
1441 WLAN_REPORT_WARNING( pMlme->hReport, MLME_SM_MODULE_LOG,
1442 ("trying to register for beacons and probe responses when someone is already registered!.\n") );
1443 return NOK;
1444 }
1445
1446 pMlme->resultCBFunc = resultCBFunc;
1447 pMlme->resultCBObj = resultCBObj;
1448 return OK;
1449 }
1450
mlmeParser_unregisterForBeaconAndProbeResp(TI_HANDLE hMlme)1451 void mlmeParser_unregisterForBeaconAndProbeResp( TI_HANDLE hMlme )
1452 {
1453 mlme_t* pMlme = (mlme_t*)hMlme;
1454
1455 pMlme->resultCBFunc = NULL;
1456 pMlme->resultCBObj = NULL;
1457 }
1458
mlme_beaconReceivedPrint(TI_HANDLE hMlme)1459 void mlme_beaconReceivedPrint(TI_HANDLE hMlme)
1460 {
1461 #if BcnMissTst
1462 mlme_t *pMlme = (mlme_t*) hMlme;
1463 WLAN_REPORT_INFORMATION(pMlme->hReport,MLME_SM_MODULE_LOG,
1464 ("Beacon Missed - FW interrupt\n"));
1465 #endif
1466 }
1467 #if BcnMissTst
mlmeParser_printBeaconDebugInfo(TI_HANDLE theMlmeHandle,mlmeFrameInfo_t theFrame)1468 static void mlmeParser_printBeaconDebugInfo(TI_HANDLE theMlmeHandle,
1469 mlmeFrameInfo_t theFrame)
1470 {
1471 mlme_t *pHandle = (mlme_t*)theMlmeHandle;
1472 paramInfo_t param;
1473 UINT32 CurNumBcnMissed = 0;
1474 BOOL BeaconMissiedFlag = FALSE;
1475 UINT32 currBeaconTSFTime = 0;
1476 UINT32 deltaBeaconTSFTime = 0;
1477 INT32 dtimPeriod;
1478 INT32 dtimCount;
1479 UINT8 bmapControl = 0;
1480 UINT8 partialVirtualBmap = 0;
1481 UINT8 aid = 0;
1482
1483
1484 param.paramType = TX_DATA_PORT_STATUS_PARAM;
1485 txData_getParam(pHandle->hTxData,¶m);
1486 if(param.content.txDataPortStatus == CLOSE)
1487 {
1488 return;
1489 }
1490
1491 param.paramType = SITE_MGR_CURRENT_SSID_PARAM;
1492 siteMgr_getParam(pHandle->hSiteMgr,¶m);
1493 if(strcmp(theFrame.content.iePacket.pSsid->serviceSetId , param.content.siteMgrCurrentSSID.ssidString) != 0)
1494 {
1495 /* If the beacon is not from the primary site, ignore it */
1496 return;
1497 }
1498
1499
1500 if(theFrame.content.iePacket.pTIM != NULL)
1501 {
1502 whalParamInfo_t whalParam;
1503
1504 dtimPeriod = theFrame.content.iePacket.pTIM->dtimPeriod;
1505 dtimCount = theFrame.content.iePacket.pTIM->dtimCount;
1506 bmapControl = theFrame.content.iePacket.pTIM->bmapControl;
1507
1508 whalParam.paramType = HAL_CTRL_AID_PARAM;
1509 whalCtrl_GetParam (pHandle->hHalCtrl, &whalParam) ;
1510 aid = whalParam.content.halCtrlAid;
1511 if (aid < DOT11_PARTIAL_VIRTUAL_BITMAP_MAX)
1512 {
1513 partialVirtualBmap = theFrame.content.iePacket.pTIM->partialVirtualBmap[aid/8] & (1 << (aid%8) );
1514 }
1515 else
1516 {
1517 WLAN_REPORT_ERROR(pHandle->hReport,
1518 MLME_SM_MODULE_LOG,
1519 ("%s(%d) - Invalid AID (=%d)\n",
1520 __FILE__,__LINE__,aid));
1521 }
1522 }
1523 else
1524 {
1525 WLAN_REPORT_INFORMATION(pHandle->hReport,
1526 MLME_SM_MODULE_LOG,
1527 ("Beacon without TIM element\n"));
1528 dtimPeriod = 1;
1529 dtimCount = 0;
1530 }
1531
1532 /* Printing all the required parameters of the received beacon only if the station is connected*/
1533 currBeaconTSFTime = (UINT32)ENDIAN_HANDLE_LONG(*(INT32*)(theFrame.content.iePacket.timestamp));
1534
1535
1536 /*
1537 ** in case Configured to wake up on DTIM
1538 ** ---------------------------------------
1539 ** in case received beacon is DTIM
1540 ** if delta time between the current DTIM and the former DTIM is Bigger then
1541 ** DTIM Time -> there is a beacon miss (DTIM)
1542 **
1543 */
1544 if ((theFrame.content.iePacket.pTIM != NULL) && (dtimPeriod > 1))
1545 {
1546 if(pHandle->debug_isFunctionFirstTime == TRUE)
1547 {
1548 if( (dtimCount == 0) && (dtimPeriod > 1))
1549 {
1550 pHandle->debug_isFunctionFirstTime = FALSE;
1551 pHandle->debug_lastDtimBcnTSFTime = currBeaconTSFTime ;
1552 }
1553 }
1554
1555
1556 /* to avoid dummy BeaconMiss, just until first DTIM received */
1557 if((pHandle->debug_isFunctionFirstTime == TRUE) && (dtimPeriod > 1))
1558 {
1559 return;
1560 }
1561
1562 if(dtimCount == 0)
1563 {
1564 deltaBeaconTSFTime = (UINT32)((UINT32)currBeaconTSFTime - (UINT32)pHandle->debug_lastDtimBcnTSFTime);
1565
1566 CurNumBcnMissed = (deltaBeaconTSFTime + ((UINT32)theFrame.content.iePacket.beaconInerval * 500) ) /
1567 ((UINT32)theFrame.content.iePacket.beaconInerval * dtimPeriod * 1000);
1568
1569 if(CurNumBcnMissed >=1)
1570 {
1571 CurNumBcnMissed -- ;
1572 }
1573
1574 if (CurNumBcnMissed != 0)
1575 {
1576 WLAN_REPORT_INFORMATION(pHandle->hReport,
1577 MLME_SM_MODULE_LOG,
1578 ("BeaconMiss : currBcnTS=0x%x TSDelta=0x%x DtimCnt=%d DtimPriod=%d beaconInt=%d lastDtimBcnTSFTime = 0x%x \n",
1579 currBeaconTSFTime,
1580 deltaBeaconTSFTime,
1581 dtimCount ,
1582 dtimPeriod ,
1583 theFrame.content.iePacket.beaconInerval,
1584 pHandle->debug_lastDtimBcnTSFTime));
1585 }
1586
1587 pHandle->debug_lastDtimBcnTSFTime = currBeaconTSFTime ;
1588 }
1589
1590 else /* (dtimCount != 0) */
1591 {
1592 deltaBeaconTSFTime = (UINT32)((UINT32)currBeaconTSFTime - (UINT32)pHandle->debug_lastDtimBcnTSFTime);
1593
1594 if (deltaBeaconTSFTime > ((UINT32)theFrame.content.iePacket.beaconInerval * dtimPeriod * 1000))
1595 {
1596 CurNumBcnMissed = (deltaBeaconTSFTime -
1597 ((UINT32)(dtimPeriod - dtimCount) * (UINT32)theFrame.content.iePacket.beaconInerval * 1000) +
1598 ((UINT32)theFrame.content.iePacket.beaconInerval * 500) ) /
1599 ((UINT32)theFrame.content.iePacket.beaconInerval * dtimPeriod * 1000);
1600
1601 }
1602 else
1603 {
1604 CurNumBcnMissed = 0 ;
1605 }
1606
1607 if (CurNumBcnMissed != 0)
1608 {
1609 WLAN_REPORT_INFORMATION(pHandle->hReport,
1610 MLME_SM_MODULE_LOG,
1611 ("BeaconMiss : currBcnTS=0x%x TSDelta=0x%x DtimCnt=%d DtimPriod=%d beaconInt=%d lastDtimBcnTSFTime = 0x%x \n",
1612 currBeaconTSFTime,
1613 deltaBeaconTSFTime,
1614 dtimCount ,
1615 dtimPeriod ,
1616 theFrame.content.iePacket.beaconInerval,
1617 pHandle->debug_lastDtimBcnTSFTime));
1618 }
1619 }
1620
1621 } /* Configured to wake up on DTIM */
1622
1623
1624 /*
1625 ** in case Configured to wake up on Beacon
1626 ** ---------------------------------------
1627 */
1628 else
1629 {
1630 if(pHandle->debug_isFunctionFirstTime == TRUE)
1631 {
1632 pHandle->debug_isFunctionFirstTime = FALSE;
1633 pHandle->debug_lastBeaconTSFTime = currBeaconTSFTime;
1634 }
1635
1636 deltaBeaconTSFTime = (UINT32)((UINT32)currBeaconTSFTime - (UINT32)pHandle->debug_lastBeaconTSFTime);
1637
1638 CurNumBcnMissed = (deltaBeaconTSFTime + ((UINT32)theFrame.content.iePacket.beaconInerval * 500) ) /
1639 ((UINT32)theFrame.content.iePacket.beaconInerval * dtimPeriod * 1000);
1640
1641 if(CurNumBcnMissed >=1)
1642 {
1643 CurNumBcnMissed -- ;
1644 }
1645
1646 if (CurNumBcnMissed != 0)
1647 {
1648 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG,
1649 ("BeaconMiss : currBcnTS=0x%x TSDelta=0x%x DtimCnt=%d DtimPriod=%d beaconInt=%d lastBcnTSFTime = 0x%x \n",
1650 currBeaconTSFTime,
1651 deltaBeaconTSFTime,
1652 dtimCount ,
1653 dtimPeriod ,
1654 theFrame.content.iePacket.beaconInerval,
1655 pHandle->debug_lastBeaconTSFTime));
1656 }
1657
1658 pHandle->debug_lastBeaconTSFTime = currBeaconTSFTime;
1659
1660 } /* Configured to wake up on Beacon */
1661
1662
1663
1664 if (CurNumBcnMissed != 0)
1665 {
1666 BeaconMissiedFlag = TRUE;
1667 }
1668
1669 /* in case DTIM beacon miss */
1670 if (BeaconMissiedFlag == TRUE)
1671 {
1672 pHandle->totalMissingBeaconsCounter += CurNumBcnMissed;
1673 if(CurNumBcnMissed > pHandle->maxMissingBeaconSequence)
1674 {
1675 pHandle->maxMissingBeaconSequence = CurNumBcnMissed;
1676 }
1677
1678 WLAN_REPORT_INFORMATION(pHandle->hReport,
1679 MLME_SM_MODULE_LOG,
1680 ("Beacon Missed Total = %d and currently %d beacon missed\n",pHandle->totalMissingBeaconsCounter,CurNumBcnMissed));
1681 }
1682
1683
1684 #if BcnMissTstWithScrPad7
1685 if (BeaconMissiedFlag == TRUE)
1686 {
1687 if (MissingBcnInt == TRUE)
1688 {
1689 WLAN_REPORT_INFORMATION(pHandle->hReport,
1690 MLME_SM_MODULE_LOG,
1691 ("Driver write to SCR_PAD7 0x1\n"));
1692
1693 whalCtrlWriteMacReg(pHandle->hHalCtrl, SCR_PAD7 ,0x1);
1694 }
1695 else
1696 {
1697 WLAN_REPORT_INFORMATION(pHandle->hReport,
1698 MLME_SM_MODULE_LOG,
1699 ("Driver write to SCR_PAD7 0x3\n"));
1700
1701 whalCtrlWriteMacReg(pHandle->hHalCtrl, SCR_PAD7 ,0x3);
1702 }
1703 }
1704 else
1705 {
1706 if (MissingBcnInt == TRUE)
1707 {
1708 WLAN_REPORT_INFORMATION(pHandle->hReport,
1709 MLME_SM_MODULE_LOG,
1710 ("Driver write to SCR_PAD7 0x4\n"));
1711
1712 whalCtrlWriteMacReg(pHandle->hHalCtrl, SCR_PAD7 ,0x4);
1713 }
1714 else
1715 {
1716 WLAN_REPORT_INFORMATION(pHandle->hReport,
1717 MLME_SM_MODULE_LOG,
1718 ("Driver write to SCR_PAD7 0x2\n"));
1719
1720 whalCtrlWriteMacReg(pHandle->hHalCtrl, SCR_PAD7 ,0x2);
1721 }
1722 }
1723 #endif
1724
1725 if(theFrame.content.iePacket.pTIM != NULL && theFrame.content.iePacket.pSsid != NULL)
1726 {
1727 WLAN_REPORT_INFORMATION(pHandle->hReport,
1728 MLME_SM_MODULE_LOG,
1729 ("Beacon ssid=%8s TS=0x%x TSDelta=0x%x DtimCnt=%d DtimPriod=%d bmapControl=0x%02X partialVirtualBmap=0x%02X beaconInt=%d HostTime=%d Total=%d\n",
1730 theFrame.content.iePacket.pSsid->serviceSetId,
1731 currBeaconTSFTime,
1732 deltaBeaconTSFTime,
1733 dtimCount ,
1734 dtimPeriod ,
1735 bmapControl,
1736 partialVirtualBmap,
1737 theFrame.content.iePacket.beaconInerval,
1738 os_timeStampMs(pHandle),
1739 ++(pHandle->totalRcvdBeaconsCounter)));
1740
1741 #if BcnMissTstWithScrPad7
1742 if(BeaconMissiedFlag != TRUE)
1743 {
1744 whalCtrlWriteMacReg(pHandle->hHalCtrl, SCR_PAD7 ,0x2);
1745 }
1746 #endif
1747 }
1748
1749 if(theFrame.content.iePacket.pTIM == NULL)
1750 {
1751 WLAN_REPORT_INFORMATION(pHandle->hReport,
1752 MLME_SM_MODULE_LOG,
1753 ("Tim null\n"));
1754 }
1755 if(theFrame.content.iePacket.pSsid == NULL)
1756 {
1757 WLAN_REPORT_INFORMATION(pHandle->hReport,
1758 MLME_SM_MODULE_LOG,
1759 ("SSID null\n"));
1760 }
1761 }
1762
1763 #endif
1764
1765 #if CHECK_PARSING_ERROR_CONDITION_PRINT
1766 #define CHECK_PARSING_ERROR_CONDITION(x, msg, bDump) \
1767 if ((x)) \
1768 { \
1769 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, msg); \
1770 if (bDump) {\
1771 WLAN_REPORT_ERROR(pHandle->hReport, MLME_SM_MODULE_LOG, ("Buff len = %d \n", packetLength)); \
1772 HexDumpData(pPacketBody, packetLength); }\
1773 return NOK; \
1774 }
1775 #else
1776 #define CHECK_PARSING_ERROR_CONDITION(x, msg, bDump) \
1777 if ((x)) return NOK;
1778 #endif
1779
mlmeParser_parseIEs(TI_HANDLE * hMlme,UINT8 * pData,INT32 bodyDataLen,mlmeIEParsingParams_t * params)1780 TI_STATUS mlmeParser_parseIEs(TI_HANDLE *hMlme,
1781 UINT8 *pData,
1782 INT32 bodyDataLen,
1783 mlmeIEParsingParams_t *params)
1784 {
1785 dot11_eleHdr_t *pEleHdr;
1786 BOOL skipIE = FALSE;
1787 UINT32 readLen;
1788 TI_STATUS status = NOK;
1789 UINT8 rsnIeIdx = 0;
1790 UINT8 wpaIeOuiIe[4] = { 0x00, 0x50, 0xf2, 0x01};
1791 UINT8 ti_oui[] = TI_OUI;
1792 UINT8 lastIE = 0;
1793 beacon_probeRsp_t *frame = &(params->frame.content.iePacket);
1794 mlme_t *pHandle = (mlme_t *)hMlme;
1795 #ifdef EXC_MODULE_INCLUDED
1796 BOOL allowCellTP = TRUE;
1797 #endif
1798 #if CHECK_PARSING_ERROR_CONDITION_PRINT
1799 INT32 packetLength = bodyDataLen;
1800 UINT8 *pPacketBody = pData;
1801 #endif
1802
1803 params->recvChannelSwitchAnnoncIE = FALSE;
1804
1805 while (bodyDataLen > 1)
1806 {
1807 pEleHdr = (dot11_eleHdr_t *)pData;
1808
1809 CHECK_PARSING_ERROR_CONDITION((pEleHdr->eleLen > (bodyDataLen - 2)), ("MLME_PARSER: IE %d with length %d out of bounds %d\n", pEleHdr->eleId, pEleHdr->eleLen, (bodyDataLen - 2)),TRUE);
1810
1811 /* IEs in the packet must be ordered in increased order */
1812 /* exept of WPA and RSN IEs! I.e. if current IE id less than */
1813 /* the last one , we just skip such element. */
1814 /* If the current IE is more than the last IE id (and it is not*/
1815 /* WPA or RSN one), we save its IE id as the last id. */
1816
1817 skipIE = FALSE;
1818 if((pEleHdr->eleId != WPA_IE_ID) && (pEleHdr->eleId != RSN_IE_ID))
1819 {
1820 if (pEleHdr->eleId < lastIE)
1821 {
1822 readLen = 2 + pEleHdr->eleLen;
1823 skipIE = TRUE;
1824 }
1825 else
1826 {
1827 lastIE = pEleHdr->eleId;
1828 }
1829 }
1830
1831 if(!skipIE)
1832 {
1833 switch (pEleHdr->eleId)
1834 {
1835 /* read SSID */
1836 case SSID_IE_ID:
1837 frame->pSsid = ¶ms->ssid;
1838 status = mlmeParser_readSsid(pHandle, pData, bodyDataLen, &readLen, frame->pSsid);
1839 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading SSID\n"),TRUE);
1840 break;
1841 /* read rates */
1842 case SUPPORTED_RATES_IE_ID:
1843 frame->pRates = ¶ms->rates;
1844 status = mlmeParser_readRates(pHandle, pData, bodyDataLen, &readLen, frame->pRates);
1845 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading RATES\n"),TRUE);
1846 break;
1847 case EXT_SUPPORTED_RATES_IE_ID:
1848 frame->pExtRates = ¶ms->extRates;
1849 status = mlmeParser_readRates(pHandle, pData, bodyDataLen, &readLen, frame->pExtRates);
1850 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading EXT RATES\n"),TRUE);
1851 break;
1852
1853 case ERP_IE_ID:
1854 status = mlmeParser_readERP(pHandle, pData, bodyDataLen, &readLen,
1855 (BOOL *)&frame->useProtection,
1856 (preamble_e *)&frame->barkerPreambleMode);
1857 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading ERP\n"),TRUE);
1858 break;
1859 /* read FH parameter set */
1860 case FH_PARAMETER_SET_IE_ID:
1861 frame->pFHParamsSet = ¶ms->fhParams;
1862 status = mlmeParser_readFhParams(pHandle, pData, bodyDataLen, &readLen, frame->pFHParamsSet);
1863 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading FH parameters\n"),TRUE);
1864 break;
1865 /* read DS parameter set */
1866 case DS_PARAMETER_SET_IE_ID:
1867 frame->pDSParamsSet = ¶ms->dsParams;
1868 status = mlmeParser_readDsParams(pHandle, pData, bodyDataLen, &readLen, frame->pDSParamsSet);
1869 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading DS parameters\n"),TRUE);
1870 if (RADIO_BAND_2_4_GHZ == params->band )
1871 {
1872 CHECK_PARSING_ERROR_CONDITION((frame->pDSParamsSet->currChannel != params->rxChannel),
1873 ("Channel ERROR - incompatible channel source information: Frame=%d Vs Radio=%d.\n\
1874 parser ABORTED!!!\n",
1875 frame->pDSParamsSet->currChannel , params->rxChannel),FALSE);
1876 }
1877 break;
1878 /* read CF parameter set */
1879 case CF_PARAMETER_SET_IE_ID:
1880 frame->pCFParamsSet = ¶ms->cfParams;
1881 status = mlmeParser_readCfParams(pHandle, pData, bodyDataLen, &readLen, frame->pCFParamsSet);
1882 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading CF parameters\n"),TRUE);
1883 break;
1884 /* read IBSS parameter set */
1885 case IBSS_PARAMETER_SET_IE_ID:
1886 frame->pIBSSParamsSet = ¶ms->ibssParams;
1887 status = mlmeParser_readIbssParams(pHandle, pData, bodyDataLen, &readLen, frame->pIBSSParamsSet);
1888 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading IBSS parameters\n"),TRUE);
1889 break;
1890
1891 /* read TIM */
1892 case TIM_IE_ID:
1893 frame->pTIM = ¶ms->tim;
1894 status = mlmeParser_readTim(pHandle, pData, bodyDataLen, &readLen, frame->pTIM);
1895 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading TIM\n"),TRUE);
1896 break;
1897
1898 /* read Country */
1899 case COUNTRY_IE_ID:
1900 frame->country = ¶ms->country;
1901 status = mlmeParser_readCountry(pHandle, pData, bodyDataLen, &readLen, frame->country);
1902 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading country parameters\n"),TRUE);
1903 break;
1904
1905 /* read Power Constraint */
1906 case POWER_CONSTRAINT_IE_ID:
1907 #ifdef EXC_MODULE_INCLUDED
1908 allowCellTP = FALSE;
1909 #endif
1910 frame->powerConstraint = ¶ms->powerConstraint;
1911 status = mlmeParser_readPowerConstraint(pHandle, pData, bodyDataLen, &readLen, frame->powerConstraint);
1912 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading Power Constraint parameters\n"),TRUE);
1913 break;
1914
1915 /* read Channel Switch Mode */
1916 case CHANNEL_SWITCH_ANNOUNCEMENT_IE_ID:
1917 if (params->myBssid)
1918 { /* Ignore Switch Channel commands from non my BSSID */
1919 params->recvChannelSwitchAnnoncIE = TRUE;
1920 frame->channelSwitch = ¶ms->channelSwitch;
1921 status = mlmeParser_readChannelSwitch(pHandle, pData, bodyDataLen, &readLen, frame->channelSwitch, params->rxChannel);
1922 if (status != OK)
1923 {
1924 /*
1925 * PATCH for working with AP-DK 4.0.51 that use IE 37 (with length 20) for RSNE
1926 * Ignore the IE instead of rejecting the whole Msdu (beacon or probe response)
1927 */
1928 WLAN_REPORT_WARNING(pHandle->hReport, MLME_SM_MODULE_LOG,
1929 ("MLME_PARSER: error reading Channel Switch announcement parameters - ignore IE\n"));
1930 }
1931 }
1932 break;
1933
1934 /* read Quiet IE */
1935 case QUIET_IE_ID:
1936 frame->quiet = ¶ms->quiet;
1937 status = mlmeParser_readQuiet(pHandle, pData, bodyDataLen, &readLen, frame->quiet);
1938 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading Quiet parameters\n"),TRUE);
1939 break;
1940
1941 /* read TPC report IE */
1942 case TPC_REPORT_IE_ID:
1943 frame->TPCReport = ¶ms->TPCReport;
1944 status = mlmeParser_readTPCReport(pHandle, pData, bodyDataLen, &readLen, frame->TPCReport);
1945 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading TPC report parameters\n"),TRUE);
1946 break;
1947
1948 case EXC_EXT_1_IE_ID:
1949 frame->pRsnIe = ¶ms->rsnIe[0];
1950 status = mlmeParser_readRsnIe(pHandle, pData, bodyDataLen, &readLen, ¶ms->rsnIe[rsnIeIdx]);
1951 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading RSN IE\n"),TRUE);
1952
1953 frame->rsnIeLen += readLen;
1954 rsnIeIdx ++;
1955 break;
1956
1957 case RSN_IE_ID:
1958 frame->pRsnIe = ¶ms->rsnIe[0];
1959 status = mlmeParser_readRsnIe(pHandle, pData, bodyDataLen, &readLen, ¶ms->rsnIe[rsnIeIdx]);
1960 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading RSN IE\n"),TRUE);
1961
1962 frame->rsnIeLen += readLen;
1963 rsnIeIdx ++;
1964 break;
1965
1966 case DOT11_QOS_CAPABILITY_ELE_ID:
1967 frame->QoSCapParameters = ¶ms->QosCapParams;
1968 status = mlmeParser_readQosCapabilityIE(pHandle, pData, bodyDataLen, &readLen, ¶ms->QosCapParams);
1969 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading QOS CapabilityIE\n"),TRUE);
1970 break;
1971
1972 case WPA_IE_ID:
1973 if (!os_memoryCompare(pHandle->hOs, pData+2, wpaIeOuiIe, 3))
1974 {
1975 /* Note : WPA and WME use the same OUI */
1976 /* Its assumes that:
1977 WPA uses OUI Type with value - 1
1978 WME uses OUI Type with value - 2
1979 */
1980
1981 /* Check the OUI sub Type to verify whether this is a WME IE or WPA IE*/
1982 if( (*(UINT8*)(pData+5)) == dot11_WPA_OUI_TYPE)
1983 {
1984 /* If we are here - the following is WPA IE */
1985 frame->pRsnIe = ¶ms->rsnIe[0];
1986 status = mlmeParser_readRsnIe(pHandle, pData, bodyDataLen,
1987 &readLen, ¶ms->rsnIe[rsnIeIdx]);
1988 frame->rsnIeLen += readLen;
1989 rsnIeIdx ++;
1990
1991 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading RSN IE\n"),TRUE);
1992 }
1993 if( ( (*(UINT8*)(pData+5)) == dot11_WME_OUI_TYPE ) &&
1994 ( ( (*(UINT8*)(pData+6)) == dot11_WME_OUI_SUB_TYPE_PARAMS_IE) ||
1995 ( (*(UINT8*)(pData+6)) == dot11_WME_OUI_SUB_TYPE_IE) ) )
1996 {
1997 /* If we are here - the following is WME-Params IE, WME-Info IE or TSPEC IE. */
1998 /* Note that we are using the WMEParams struct also to hold the WME-Info IE
1999 which is a subset of WMEParams, and only one of them is sent in a frame. */
2000 frame->WMEParams = ¶ms->WMEParams;
2001 status = mlmeParser_readWMEParams(pHandle, pData, bodyDataLen, &readLen, frame->WMEParams, NULL);
2002
2003 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading WME params\n"),TRUE);
2004 }
2005 else
2006 {
2007 /* Unrecognized OUI type */
2008 readLen = pEleHdr->eleLen + 2;
2009 }
2010 }
2011 else
2012 /* check if this is 4X IE */
2013 if(os_memoryCompare(pHandle->hOs, ti_oui, pData+2, DOT11_OUI_LEN) == 0)
2014 {
2015 frame->fourXParams = ¶ms->fourXParams;
2016 status = mlmeParser_read4Xxarams(pHandle, pData, bodyDataLen, &readLen, frame->fourXParams);
2017 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading 4X parameters\n"),TRUE);
2018 }
2019 else
2020 {
2021 /* not 4x IE */
2022 readLen = pEleHdr->eleLen + 2;
2023 }
2024
2025 break;
2026
2027 #ifdef EXC_MODULE_INCLUDED
2028 case CELL_POWER_IE:
2029 /* We mustn't take the Cell Transmit Power IE into account if */
2030 /* there's a Power Constraint IE. Since the IEs must be in increasing */
2031 /* order, it's enough to perform the check here, because if the Power */
2032 /* Constraint IE is present it must have already been processed. */
2033 if (allowCellTP)
2034 {
2035 frame->cellTP = ¶ms->cellTP;
2036 status = mlmeParser_readCellTP(pHandle, pData, bodyDataLen, &readLen, frame->cellTP);
2037 CHECK_PARSING_ERROR_CONDITION((status != OK), ("MLME_PARSER: error reading Cell Transmit Power params.\n"),TRUE);
2038 }
2039 break;
2040 #endif
2041
2042 default:
2043 WLAN_REPORT_INFORMATION(pHandle->hReport, MLME_SM_MODULE_LOG,
2044 ("MLME_PARSER: unsupported IE found (%d)\n", pEleHdr->eleId));
2045 readLen = pEleHdr->eleLen + 2;
2046 break;
2047 }
2048 }
2049 pData += readLen;
2050 bodyDataLen -= readLen;
2051 CHECK_PARSING_ERROR_CONDITION((bodyDataLen < 0), ("MLME_PARSER: negative bodyDataLen %d bytes\n", bodyDataLen),TRUE);
2052 }
2053 return OK;
2054 }
2055
mlmeParser_getParseIEsBuffer(TI_HANDLE * hMlme)2056 mlmeIEParsingParams_t *mlmeParser_getParseIEsBuffer(TI_HANDLE *hMlme)
2057 {
2058 return (&(((mlme_t *)hMlme)->tempFrameInfo));
2059 }
2060
2061