📄 cmm_sanity.c
字号:
*pHtCapabilityLen = SIZE_HT_CAP_IE; // Nnow we only support 26 bytes.#ifdef BIG_ENDIAN *(USHORT *)(&pHtCapability->HtCapInfo) = SWAP16(*(USHORT *)(&pHtCapability->HtCapInfo)); *(USHORT *)(&pHtCapability->ExtHtCapInfo) = SWAP16(*(USHORT *)(&pHtCapability->ExtHtCapInfo));#endif // BIG_ENDIAN //#ifdef CONFIG_STA_SUPPORT *pPreNHtCapabilityLen = 0; // Nnow we only support 26 bytes. Ptr = (PUCHAR) pVIE; NdisMoveMemory(Ptr + *LengthVIE, &pEid->Eid, pEid->Len + 2); *LengthVIE += (pEid->Len + 2);#endif // CONFIG_STA_SUPPORT // } else { DBGPRINT(RT_DEBUG_WARN, ("PeerBeaconAndProbeRspSanity - wrong IE_HT_CAP. pEid->Len = %d\n", pEid->Len)); } break; case IE_ADD_HT: if (pEid->Len >= sizeof(ADD_HT_INFO_IE)) { // This IE allows extension, but we can ignore extra bytes beyond our knowledge , so only // copy first sizeof(ADD_HT_INFO_IE) NdisMoveMemory(AddHtInfo, pEid->Octet, sizeof(ADD_HT_INFO_IE)); *AddHtInfoLen = SIZE_ADD_HT_INFO_IE;#ifdef BIG_ENDIAN *(USHORT *)(&AddHtInfo->AddHtInfo2) = SWAP16(*(USHORT *)(&AddHtInfo->AddHtInfo2)); *(USHORT *)(&AddHtInfo->AddHtInfo3) = SWAP16(*(USHORT *)(&AddHtInfo->AddHtInfo3));#endif // BIG_ENDIAN // #ifdef CONFIG_STA_SUPPORT Ptr = (PUCHAR) pVIE; NdisMoveMemory(Ptr + *LengthVIE, &pEid->Eid, pEid->Len + 2); *LengthVIE += (pEid->Len + 2);#endif // CONFIG_STA_SUPPORT // } else { DBGPRINT(RT_DEBUG_WARN, ("PeerBeaconAndProbeRspSanity - wrong IE_ADD_HT. \n")); } break; case IE_NEW_EXT_CHA_OFFSET: if (pEid->Len == 1) { *NewExtChannelOffset = pEid->Octet[0]; } else { DBGPRINT(RT_DEBUG_WARN, ("PeerBeaconAndProbeRspSanity - wrong IE_NEW_EXT_CHA_OFFSET. \n")); } break; case IE_FH_PARM: DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity(IE_FH_PARM) \n")); break; case IE_DS_PARM: if(pEid->Len == 1) { *pChannel = *pEid->Octet;#ifdef CONFIG_STA_SUPPORT if (ChannelSanity(pAd, *pChannel) == 0) { DBGPRINT(RT_DEBUG_INFO, ("PeerBeaconAndProbeRspSanity - wrong IE_DS_PARM (ch=%d)\n",*pChannel)); return FALSE; }#endif // CONFIG_STA_SUPPORT // Sanity |= 0x4; } else { DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_DS_PARM (len=%d)\n",pEid->Len)); return FALSE; } break; case IE_CF_PARM: if(pEid->Len == 6) { pCfParm->bValid = TRUE; pCfParm->CfpCount = pEid->Octet[0]; pCfParm->CfpPeriod = pEid->Octet[1]; pCfParm->CfpMaxDuration = pEid->Octet[2] + 256 * pEid->Octet[3]; pCfParm->CfpDurRemaining = pEid->Octet[4] + 256 * pEid->Octet[5]; } else { DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_CF_PARM\n")); return FALSE; } break; case IE_IBSS_PARM: if(pEid->Len == 2) { NdisMoveMemory(pAtimWin, pEid->Octet, pEid->Len); } else { DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_IBSS_PARM\n")); return FALSE; } break;#ifdef CONFIG_STA_SUPPORT case IE_TIM: if(INFRA_ON(pAd) && SubType == SUBTYPE_BEACON) { GetTimBit((PUCHAR)pEid, pAd->StaActive.Aid, &TimLen, pBcastFlag, pDtimCount, pDtimPeriod, pMessageToMe); } break;#endif // CONFIG_STA_SUPPORT // case IE_CHANNEL_SWITCH_ANNOUNCEMENT: if(pEid->Len == 3) { *pNewChannel = pEid->Octet[1]; //extract new channel number } break; // New for WPA // CCX v2 has the same IE, we need to parse that too // Wifi WMM use the same IE vale, need to parse that too // case IE_WPA: case IE_VENDOR_SPECIFIC: // Check Broadcom/Atheros 802.11n OUI version, for HT Capability IE. // This HT IE is before IEEE draft set HT IE value.2006-09-28 by Jan. /*if (NdisEqualMemory(pEid->Octet, BROADCOM_OUI, 3) && (pEid->Len >= 4)) { if ((pEid->Octet[3] == OUI_BROADCOM_HT) && (pEid->Len >= 30)) { { NdisMoveMemory(pHtCapability, &pEid->Octet[4], sizeof(HT_CAPABILITY_IE)); *pHtCapabilityLen = SIZE_HT_CAP_IE; // Nnow we only support 26 bytes. } } if ((pEid->Octet[3] == OUI_BROADCOM_HT) && (pEid->Len >= 26)) { { NdisMoveMemory(AddHtInfo, &pEid->Octet[4], sizeof(ADD_HT_INFO_IE)); *AddHtInfoLen = SIZE_ADD_HT_INFO_IE; // Nnow we only support 26 bytes. } } } */ // Check the OUI version, filter out non-standard usage if (NdisEqualMemory(pEid->Octet, RALINK_OUI, 3) && (pEid->Len == 7)) { //*pRalinkIe = pEid->Octet[3]; if (pEid->Octet[3] != 0) *pRalinkIe = pEid->Octet[3]; else *pRalinkIe = 0xf0000000; // Set to non-zero value (can't set bit0-2) to represent this is Ralink Chip. So at linkup, we will set ralinkchip flag. }#ifdef CONFIG_STA_SUPPORT // This HT IE is before IEEE draft set HT IE value.2006-09-28 by Jan. // Other vendors had production before IE_HT_CAP value is assigned. To backward support those old-firmware AP, // Check broadcom-defiend pre-802.11nD1.0 OUI for HT related IE, including HT Capatilities IE and HT Information IE else if ((*pHtCapabilityLen == 0) && NdisEqualMemory(pEid->Octet, PRE_N_HT_OUI, 3) && (pEid->Len >= 4)) { if ((pEid->Octet[3] == OUI_PREN_HT_CAP) && (pEid->Len >= 30) && (*pHtCapabilityLen == 0)) { NdisMoveMemory(pHtCapability, &pEid->Octet[4], sizeof(HT_CAPABILITY_IE)); *pPreNHtCapabilityLen = SIZE_HT_CAP_IE; } if ((pEid->Octet[3] == OUI_PREN_ADD_HT) && (pEid->Len >= 26)) { NdisMoveMemory(AddHtInfo, &pEid->Octet[4], sizeof(ADD_HT_INFO_IE)); *AddHtInfoLen = SIZE_ADD_HT_INFO_IE; } }#endif // CONFIG_STA_SUPPORT // else if (NdisEqualMemory(pEid->Octet, WPA_OUI, 4)) { // Copy to pVIE which will report to microsoft bssid list. Ptr = (PUCHAR) pVIE; NdisMoveMemory(Ptr + *LengthVIE, &pEid->Eid, pEid->Len + 2); *LengthVIE += (pEid->Len + 2); } else if (NdisEqualMemory(pEid->Octet, WME_PARM_ELEM, 6) && (pEid->Len == 24)) { PUCHAR ptr; int i; // parsing EDCA parameters pEdcaParm->bValid = TRUE; pEdcaParm->bQAck = FALSE; // pEid->Octet[0] & 0x10; pEdcaParm->bQueueRequest = FALSE; // pEid->Octet[0] & 0x20; pEdcaParm->bTxopRequest = FALSE; // pEid->Octet[0] & 0x40; pEdcaParm->EdcaUpdateCount = pEid->Octet[6] & 0x0f; pEdcaParm->bAPSDCapable = (pEid->Octet[6] & 0x80) ? 1 : 0; ptr = &pEid->Octet[8]; for (i=0; i<4; i++) { UCHAR aci = (*ptr & 0x60) >> 5; // b5~6 is AC INDEX pEdcaParm->bACM[aci] = (((*ptr) & 0x10) == 0x10); // b5 is ACM pEdcaParm->Aifsn[aci] = (*ptr) & 0x0f; // b0~3 is AIFSN pEdcaParm->Cwmin[aci] = *(ptr+1) & 0x0f; // b0~4 is Cwmin pEdcaParm->Cwmax[aci] = *(ptr+1) >> 4; // b5~8 is Cwmax pEdcaParm->Txop[aci] = *(ptr+2) + 256 * (*(ptr+3)); // in unit of 32-us ptr += 4; // point to next AC } } else if (NdisEqualMemory(pEid->Octet, WME_INFO_ELEM, 6) && (pEid->Len == 7)) { // parsing EDCA parameters pEdcaParm->bValid = TRUE; pEdcaParm->bQAck = FALSE; // pEid->Octet[0] & 0x10; pEdcaParm->bQueueRequest = FALSE; // pEid->Octet[0] & 0x20; pEdcaParm->bTxopRequest = FALSE; // pEid->Octet[0] & 0x40; pEdcaParm->EdcaUpdateCount = pEid->Octet[6] & 0x0f; pEdcaParm->bAPSDCapable = (pEid->Octet[6] & 0x80) ? 1 : 0; // use default EDCA parameter pEdcaParm->bACM[QID_AC_BE] = 0; pEdcaParm->Aifsn[QID_AC_BE] = 3; pEdcaParm->Cwmin[QID_AC_BE] = CW_MIN_IN_BITS; pEdcaParm->Cwmax[QID_AC_BE] = CW_MAX_IN_BITS; pEdcaParm->Txop[QID_AC_BE] = 0; pEdcaParm->bACM[QID_AC_BK] = 0; pEdcaParm->Aifsn[QID_AC_BK] = 7; pEdcaParm->Cwmin[QID_AC_BK] = CW_MIN_IN_BITS; pEdcaParm->Cwmax[QID_AC_BK] = CW_MAX_IN_BITS; pEdcaParm->Txop[QID_AC_BK] = 0; pEdcaParm->bACM[QID_AC_VI] = 0; pEdcaParm->Aifsn[QID_AC_VI] = 2; pEdcaParm->Cwmin[QID_AC_VI] = CW_MIN_IN_BITS-1; pEdcaParm->Cwmax[QID_AC_VI] = CW_MAX_IN_BITS; pEdcaParm->Txop[QID_AC_VI] = 96; // AC_VI: 96*32us ~= 3ms pEdcaParm->bACM[QID_AC_VO] = 0; pEdcaParm->Aifsn[QID_AC_VO] = 2; pEdcaParm->Cwmin[QID_AC_VO] = CW_MIN_IN_BITS-2; pEdcaParm->Cwmax[QID_AC_VO] = CW_MAX_IN_BITS-1; pEdcaParm->Txop[QID_AC_VO] = 48; // AC_VO: 48*32us ~= 1.5ms } DBGPRINT(RT_DEBUG_INFO, ("PeerBeaconAndProbeRspSanity - Receive IE_WPA\n")); break; case IE_EXT_SUPP_RATES: if (pEid->Len <= MAX_LEN_OF_SUPPORTED_RATES) { NdisMoveMemory(ExtRate, pEid->Octet, pEid->Len); *pExtRateLen = pEid->Len; // TODO: 2004-09-14 not a good design here, cause it exclude extra rates // from ScanTab. We should report as is. And filter out unsupported // rates in MlmeAux. // Check against the supported rates // RTMPCheckRates(pAd, ExtRate, pExtRateLen); } break; case IE_ERP: if (pEid->Len == 1) { *pErp = (UCHAR)pEid->Octet[0]; } break; case IE_AIRONET_CKIP: // 0. Check Aironet IE length, it must be larger or equal to 28 // Cisco AP350 used length as 28 // Cisco AP12XX used length as 30 if (pEid->Len < (CKIP_NEGOTIATION_LENGTH - 2)) break; // 1. Copy CKIP flag byte to buffer for process *pCkipFlag = *(pEid->Octet + 8); break; case IE_AP_TX_POWER: // AP Control of Client Transmit Power //0. Check Aironet IE length, it must be 6 if (pEid->Len != 0x06) break; // Get cell power limit in dBm if (NdisEqualMemory(pEid->Octet, CISCO_OUI, 3) == 1) *pAironetCellPowerLimit = *(pEid->Octet + 4); break; // WPA2 & 802.11i RSN case IE_RSN: // There is no OUI for version anymore, check the group cipher OUI before copying if (RTMPEqualMemory(pEid->Octet + 2, RSN_OUI, 3)) { // Copy to pVIE which will report to microsoft bssid list. Ptr = (PUCHAR) pVIE; NdisMoveMemory(Ptr + *LengthVIE, &pEid->Eid, pEid->Len + 2); *LengthVIE += (pEid->Len + 2); } DBGPRINT(RT_DEBUG_INFO, ("IE_RSN length = %d\n", pEid->Len)); break; default: DBGPRINT(RT_DEBUG_INFO, ("PeerBeaconAndProbeRspSanity - unrecognized EID = %d\n", pEid->Eid)); break; } Length = Length + 2 + pEid->Len; // Eid[1] + Len[1]+ content[Len] pEid = (PEID_STRUCT)((UCHAR*)pEid + 2 + pEid->Len); } // For some 11a AP. it did not have the channel EID, patch here#ifdef CONFIG_STA_SUPPORT if ((pAd->LatchRfRegs.Channel > 14) && ((Sanity & 0x4) == 0))#endif // CONFIG_STA_SUPPORT // {#ifdef CONFIG_STA_SUPPORT *pChannel = pAd->LatchRfRegs.Channel; #endif // CONFIG_STA_SUPPORT // Sanity |= 0x4; } if (Sanity != 0x7) { DBGPRINT(RT_DEBUG_WARN, ("PeerBeaconAndProbeRspSanity - missing field, Sanity=0x%02x\n", Sanity)); return FALSE; } else { return TRUE; }}/* ========================================================================== Description: MLME message sanity check Return: TRUE if all parameters are OK, FALSE otherwise ========================================================================== */BOOLEAN MlmeScanReqSanity( IN PRTMP_ADAPTER pAd, IN VOID *Msg, IN ULONG MsgLen, OUT UCHAR *pBssType, OUT CHAR Ssid[], OUT UCHAR *pSsidLen, OUT UCHAR *pScanType) { MLME_SCAN_REQ_STRUCT *Info; Info = (MLME_SCAN_REQ_STRUCT *)(Msg); *pBssType = Info->BssType; *pSsidLen = Info->SsidLen; NdisMoveMemory(Ssid, Info->Ssid, *pSsidLen); *pScanType = Info->ScanType; if ((*pBssType == BSS_INFRA || *pBssType == BSS_ADHOC || *pBssType == BSS_ANY) && (*pScanType == SCAN_ACTIVE || *pScanType == SCAN_PASSIVE#ifdef CONFIG_STA_SUPPORT || *pScanType == SCAN_CISCO_PASSIVE || *pScanType == SCAN_CISCO_ACTIVE || *pScanType == SCAN_CISCO_CHANNEL_LOAD || *pScanType == SCAN_CISCO_NOISE#endif // CONFIG_STA_SUPPORT // )) { return TRUE; } else { DBGPRINT(RT_DEBUG_TRACE, ("MlmeScanReqSanity fail - wrong BssType or ScanType\n")); return FALSE; }}// IRQL = DISPATCH_LEVELUCHAR ChannelSanity( IN PRTMP_ADAPTER pAd, IN UCHAR channel){ int i; for (i = 0; i < pAd->ChannelListNum; i ++) { if (channel == pAd->ChannelList[i].Channel) return 1; } return 0;}/* ========================================================================== Description: MLME message sanity check Return: TRUE if all parameters are OK, FALSE otherwise IRQL = DISPATCH_LEVEL ========================================================================== */BOOLEAN PeerDeauthSanity( IN PRTMP_ADAPTER pAd, IN VOID *Msg, IN ULONG MsgLen, OUT PUCHAR pAddr2, OUT USHORT *pReason) { PFRAME_802_11 pFrame = (PFRAME_802_11)Msg; COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2); NdisMoveMemory(pReason, &pFrame->Octet[0], 2); return TRUE;}/* ========================================================================== Description: MLME message sanity check Return: TRUE if all parameters are OK, FALSE otherwise IRQL = DISPATCH_LEVEL ==========================================================================⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -