-
Notifications
You must be signed in to change notification settings - Fork 0
/
sanity.c
332 lines (281 loc) · 8.75 KB
/
sanity.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
/*
***************************************************************************
* Ralink Tech Inc.
* 4F, No. 2 Technology 5th Rd.
* Science-based Industrial Park
* Hsin-chu, Taiwan, R.O.C.
*
* (c) Copyright 2002-2004, Ralink Technology, Inc.
*
* All rights reserved. Ralink's source code is an unpublished work and the
* use of a copyright notice does not imply otherwise. This source code
* contains confidential trade secret material of Ralink Tech. Any attemp
* or participation in deciphering, decoding, reverse engineering or in any
* way altering the source code is stricitly prohibited, unless the prior
* written consent of Ralink Technology, Inc. is obtained.
***************************************************************************
Module Name:
sanity.c
Abstract:
Revision History:
Who When What
-------- ---------- ----------------------------------------------
John Chang 2004-09-01 add WMM support
*/
#include "rt_config.h"
extern UCHAR CISCO_OUI[];
extern UCHAR WPA_OUI[];
extern UCHAR RSN_OUI[];
extern UCHAR WME_INFO_ELEM[];
extern UCHAR WME_PARM_ELEM[];
extern UCHAR RALINK_OUI[];
extern UCHAR BROADCOM_OUI[];
/*
==========================================================================
Description:
MLME message sanity check
Return:
TRUE if all parameters are OK, FALSE otherwise
==========================================================================
*/
BOOLEAN MlmeStartReqSanity(
IN PRTMP_ADAPTER pAd,
IN VOID *Msg,
IN ULONG MsgLen,
OUT CHAR Ssid[],
OUT UCHAR *pSsidLen)
{
MLME_START_REQ_STRUCT *Info;
Info = (MLME_START_REQ_STRUCT *) (Msg);
if (Info->SsidLen > MAX_LEN_OF_SSID) {
DBGPRINT(RT_DEBUG_TRACE,
("MlmeStartReqSanity fail - wrong SSID length\n"));
return FALSE;
}
*pSsidLen = Info->SsidLen;
NdisMoveMemory(Ssid, Info->Ssid, *pSsidLen);
return TRUE;
}
/*
==========================================================================
Description:
MLME message sanity check
Return:
TRUE if all parameters are OK, FALSE otherwise
IRQL = DISPATCH_LEVEL
==========================================================================
*/
BOOLEAN PeerAssocRspSanity(
IN PRTMP_ADAPTER pAd,
IN VOID *pMsg,
IN ULONG MsgLen,
OUT PUCHAR pAddr2,
OUT USHORT *pCapabilityInfo,
OUT USHORT *pStatus,
OUT USHORT *pAid,
OUT UCHAR SupRate[],
OUT UCHAR *pSupRateLen,
OUT UCHAR ExtRate[],
OUT UCHAR *pExtRateLen,
OUT HT_CAPABILITY_IE *pHtCapability,
OUT ADD_HT_INFO_IE *pAddHtInfo, /* AP might use this additional ht info IE */
OUT UCHAR *pHtCapabilityLen,
OUT UCHAR *pAddHtInfoLen,
OUT UCHAR *pNewExtChannelOffset,
OUT PEDCA_PARM pEdcaParm,
OUT EXT_CAP_INFO_ELEMENT *pExtCapInfo,
OUT UCHAR *pCkipFlag)
{
CHAR IeType, *Ptr;
PFRAME_802_11 pFrame = (PFRAME_802_11) pMsg;
PEID_STRUCT pEid;
ULONG Length = 0;
*pNewExtChannelOffset = 0xff;
*pHtCapabilityLen = 0;
*pAddHtInfoLen = 0;
COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2);
Ptr = (PCHAR) pFrame->Octet;
Length += LENGTH_802_11;
NdisMoveMemory(pCapabilityInfo, &pFrame->Octet[0], 2);
Length += 2;
NdisMoveMemory(pStatus, &pFrame->Octet[2], 2);
Length += 2;
*pCkipFlag = 0;
*pExtRateLen = 0;
pEdcaParm->bValid = FALSE;
if (*pStatus != MLME_SUCCESS)
return TRUE;
NdisMoveMemory(pAid, &pFrame->Octet[4], 2);
Length += 2;
/* Aid already swaped byte order in RTMPFrameEndianChange() for big endian platform */
*pAid = (*pAid) & 0x3fff; /* AID is low 14-bit */
/* -- get supported rates from payload and advance the pointer */
IeType = pFrame->Octet[6];
*pSupRateLen = pFrame->Octet[7];
if ((IeType != IE_SUPP_RATES)
|| (*pSupRateLen > MAX_LEN_OF_SUPPORTED_RATES)) {
DBGPRINT(RT_DEBUG_TRACE,
("PeerAssocRspSanity fail - wrong SupportedRates IE\n"));
return FALSE;
} else
NdisMoveMemory(SupRate, &pFrame->Octet[8], *pSupRateLen);
Length = Length + 2 + *pSupRateLen;
/*
many AP implement proprietary IEs in non-standard order, we'd better
tolerate mis-ordered IEs to get best compatibility
*/
pEid = (PEID_STRUCT) & pFrame->Octet[8 + (*pSupRateLen)];
/* get variable fields from payload and advance the pointer */
while ((Length + 2 + pEid->Len) <= MsgLen) {
switch (pEid->Eid) {
case IE_EXT_SUPP_RATES:
if (pEid->Len <= MAX_LEN_OF_SUPPORTED_RATES) {
NdisMoveMemory(ExtRate, pEid->Octet, pEid->Len);
*pExtRateLen = pEid->Len;
}
break;
case IE_HT_CAP:
case IE_HT_CAP2:
if (pEid->Len >= SIZE_HT_CAP_IE) { /* Note: allow extension.!! */
NdisMoveMemory(pHtCapability, pEid->Octet,
SIZE_HT_CAP_IE);
*(USHORT *) (&pHtCapability->HtCapInfo) =
cpu2le16(*(USHORT *)
(&pHtCapability->HtCapInfo));
*(USHORT *) (&pHtCapability->ExtHtCapInfo) =
cpu2le16(*(USHORT *)
(&pHtCapability->ExtHtCapInfo));
*pHtCapabilityLen = SIZE_HT_CAP_IE;
} else {
DBGPRINT(RT_DEBUG_WARN,
("PeerAssocRspSanity - wrong IE_HT_CAP. \n"));
}
break;
#ifdef DOT11_N_SUPPORT
case IE_ADD_HT:
case IE_ADD_HT2:
if (pEid->Len >= sizeof (ADD_HT_INFO_IE)) {
/*
This IE allows extension, but we can ignore extra bytes beyond our knowledge , so only
copy first sizeof(ADD_HT_INFO_IE)
*/
NdisMoveMemory(pAddHtInfo, pEid->Octet,
sizeof (ADD_HT_INFO_IE));
*(USHORT *) (&pAddHtInfo->AddHtInfo2) =
cpu2le16(*(USHORT *)
(&pAddHtInfo->AddHtInfo2));
*(USHORT *) (&pAddHtInfo->AddHtInfo3) =
cpu2le16(*(USHORT *)
(&pAddHtInfo->AddHtInfo3));
*pAddHtInfoLen = SIZE_ADD_HT_INFO_IE;
} else {
DBGPRINT(RT_DEBUG_WARN,
("PeerAssocRspSanity - wrong IE_ADD_HT. \n"));
}
break;
case IE_SECONDARY_CH_OFFSET:
if (pEid->Len == 1) {
*pNewExtChannelOffset = pEid->Octet[0];
} else {
DBGPRINT(RT_DEBUG_WARN,
("PeerAssocRspSanity - wrong IE_SECONDARY_CH_OFFSET. \n"));
}
#endif /* DOT11_N_SUPPORT */
break;
case IE_VENDOR_SPECIFIC:
/* handle WME PARAMTER ELEMENT */
if (NdisEqualMemory(pEid->Octet, WME_PARM_ELEM, 6)
&& (pEid->Len == 24)) {
PUCHAR ptr;
int i;
/* parsing EDCA parameters */
pEdcaParm->bValid = TRUE;
pEdcaParm->bQAck = FALSE; /* pEid->Octet[0] & 0x10; */
pEdcaParm->bQueueRequest = FALSE; /* pEid->Octet[0] & 0x20; */
pEdcaParm->bTxopRequest = FALSE; /* pEid->Octet[0] & 0x40; */
pEdcaParm->EdcaUpdateCount =
pEid->Octet[6] & 0x0f;
pEdcaParm->bAPSDCapable =
(pEid->Octet[6] & 0x80) ? 1 : 0;
ptr = (PUCHAR) & pEid->Octet[8];
for (i = 0; i < 4; i++) {
UCHAR aci = (*ptr & 0x60) >> 5; /* b5~6 is AC INDEX */
pEdcaParm->bACM[aci] = (((*ptr) & 0x10) == 0x10); /* b5 is ACM */
pEdcaParm->Aifsn[aci] = (*ptr) & 0x0f; /* b0~3 is AIFSN */
pEdcaParm->Cwmin[aci] = *(ptr + 1) & 0x0f; /* b0~4 is Cwmin */
pEdcaParm->Cwmax[aci] = *(ptr + 1) >> 4; /* b5~8 is Cwmax */
pEdcaParm->Txop[aci] = *(ptr + 2) + 256 * (*(ptr + 3)); /* in unit of 32-us */
ptr += 4; /* point to next AC */
}
}
break;
case IE_EXT_CAPABILITY:
if (pEid->Len >= 1)
{
UCHAR MaxSize;
UCHAR MySize = sizeof(EXT_CAP_INFO_ELEMENT);
MaxSize = min(pEid->Len, MySize);
NdisMoveMemory(pExtCapInfo, &pEid->Octet[0], MaxSize);
DBGPRINT(RT_DEBUG_WARN, ("PeerAssocReqSanity - IE_EXT_CAPABILITY!\n"));
}
break;
default:
DBGPRINT(RT_DEBUG_TRACE,
("PeerAssocRspSanity - ignore unrecognized EID = %d\n",
pEid->Eid));
break;
}
Length = Length + 2 + pEid->Len;
pEid = (PEID_STRUCT) ((UCHAR *) pEid + 2 + pEid->Len);
}
return TRUE;
}
/*
==========================================================================
Description:
IRQL = DISPATCH_LEVEL
==========================================================================
*/
BOOLEAN GetTimBit(
IN CHAR *Ptr,
IN USHORT Aid,
OUT UCHAR *TimLen,
OUT UCHAR *BcastFlag,
OUT UCHAR *DtimCount,
OUT UCHAR *DtimPeriod,
OUT UCHAR *MessageToMe)
{
UCHAR BitCntl, N1, N2, MyByte, MyBit;
CHAR *IdxPtr;
IdxPtr = Ptr;
IdxPtr++;
*TimLen = *IdxPtr;
/* get DTIM Count from TIM element */
IdxPtr++;
*DtimCount = *IdxPtr;
/* get DTIM Period from TIM element */
IdxPtr++;
*DtimPeriod = *IdxPtr;
/* get Bitmap Control from TIM element */
IdxPtr++;
BitCntl = *IdxPtr;
if ((*DtimCount == 0) && (BitCntl & 0x01))
*BcastFlag = TRUE;
else
*BcastFlag = FALSE;
/* Parse Partial Virtual Bitmap from TIM element */
N1 = BitCntl & 0xfe; /* N1 is the first bitmap byte# */
N2 = *TimLen - 4 + N1; /* N2 is the last bitmap byte# */
if ((Aid < (N1 << 3)) || (Aid >= ((N2 + 1) << 3)))
*MessageToMe = FALSE;
else {
MyByte = (Aid >> 3) - N1; /* my byte position in the bitmap byte-stream */
MyBit = Aid % 16 - ((MyByte & 0x01) ? 8 : 0);
IdxPtr += (MyByte + 1);
if (*IdxPtr & (0x01 << MyBit))
*MessageToMe = TRUE;
else
*MessageToMe = FALSE;
}
return TRUE;
}