/drivers/staging/rtl8723au/core/rtw_mlme_ext.c

Large files files are truncated, but you can click here to view the full file

/******************************************************************************
 *
 * Copyright(c) 2007 - 2012 Realtek Corporation. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
 * more details.
 *
 ******************************************************************************/
#define _RTW_MLME_EXT_C_

#include <osdep_service.h>
#include <drv_types.h>
#include <wifi.h>
#include <rtw_mlme_ext.h>
#include <wlan_bssdef.h>
#include <mlme_osdep.h>
#include <recv_osdep.h>
#include <linux/ieee80211.h>
#include <rtl8723a_hal.h>

static int OnAssocReq23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnAssocRsp23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnProbeReq23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnProbeRsp23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int DoReserved23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnBeacon23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnAtim23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnDisassoc23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnAuth23aClient23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnDeAuth23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnAction23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);

static int on_action_spct23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnAction23a_qos(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnAction23a_dls(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnAction23a_back23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int on_action_public23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnAction23a_ht(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnAction23a_wmm(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static int OnAction23a_p2p(struct rtw_adapter *padapter, struct recv_frame *precv_frame);

static void issue_assocreq(struct rtw_adapter *padapter);
static void issue_probereq(struct rtw_adapter *padapter,
			   struct cfg80211_ssid *pssid, u8 *da);
static int issue_probereq_ex(struct rtw_adapter *padapter,
			     struct cfg80211_ssid *pssid,
			     u8 *da, int try_cnt, int wait_ms);
static void issue_probersp(struct rtw_adapter *padapter, unsigned char *da);
static void issue_auth(struct rtw_adapter *padapter, struct sta_info *psta,
		       unsigned short status);
static int issue_deauth_ex(struct rtw_adapter *padapter, u8 *da,
			   unsigned short reason, int try_cnt, int wait_ms);
static void start_clnt_assoc(struct rtw_adapter *padapter);
static void start_clnt_auth(struct rtw_adapter *padapter);
static void start_clnt_join(struct rtw_adapter *padapter);
static void start_create_ibss(struct rtw_adapter *padapter);
static struct wlan_bssid_ex *collect_bss_info(struct rtw_adapter *padapter,
					      struct recv_frame *precv_frame);

#ifdef CONFIG_8723AU_AP_MODE
static int OnAuth23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame);
static void issue_assocrsp(struct rtw_adapter *padapter, unsigned short status,
			   struct sta_info *pstat, u16 pkt_type);
#endif

static struct mlme_handler mlme_sta_tbl[]={
	{"OnAssocReq23a",		&OnAssocReq23a},
	{"OnAssocRsp23a",		&OnAssocRsp23a},
	{"OnReAssocReq",	&OnAssocReq23a},
	{"OnReAssocRsp",	&OnAssocRsp23a},
	{"OnProbeReq23a",		&OnProbeReq23a},
	{"OnProbeRsp23a",		&OnProbeRsp23a},

	/*----------------------------------------------------------
					below 2 are reserved
	-----------------------------------------------------------*/
	{"DoReserved23a",		&DoReserved23a},
	{"DoReserved23a",		&DoReserved23a},
	{"OnBeacon23a",		&OnBeacon23a},
	{"OnATIM",		&OnAtim23a},
	{"OnDisassoc23a",		&OnDisassoc23a},
	{"OnAuth23a",		&OnAuth23aClient23a},
	{"OnDeAuth23a",		&OnDeAuth23a},
	{"OnAction23a",		&OnAction23a},
};

static struct action_handler OnAction23a_tbl[]={
	{WLAN_CATEGORY_SPECTRUM_MGMT, "ACTION_SPECTRUM_MGMT", on_action_spct23a},
	{WLAN_CATEGORY_QOS, "ACTION_QOS", &OnAction23a_qos},
	{WLAN_CATEGORY_DLS, "ACTION_DLS", &OnAction23a_dls},
	{WLAN_CATEGORY_BACK, "ACTION_BACK", &OnAction23a_back23a},
	{WLAN_CATEGORY_PUBLIC, "ACTION_PUBLIC", on_action_public23a},
	{WLAN_CATEGORY_HT, "ACTION_HT",	&OnAction23a_ht},
	{WLAN_CATEGORY_SA_QUERY, "ACTION_SA_QUERY", &DoReserved23a},
	{WLAN_CATEGORY_WMM, "ACTION_WMM", &OnAction23a_wmm},
	{WLAN_CATEGORY_VENDOR_SPECIFIC, "ACTION_P2P", &OnAction23a_p2p},
};

static u8	null_addr[ETH_ALEN]= {0, 0, 0, 0, 0, 0};

/**************************************************
OUI definitions for the vendor specific IE
***************************************************/
unsigned char WMM_OUI23A[] = {0x00, 0x50, 0xf2, 0x02};
unsigned char WPS_OUI23A[] = {0x00, 0x50, 0xf2, 0x04};
unsigned char P2P_OUI23A[] = {0x50, 0x6F, 0x9A, 0x09};
unsigned char WFD_OUI23A[] = {0x50, 0x6F, 0x9A, 0x0A};

unsigned char WMM_INFO_OUI23A[] = {0x00, 0x50, 0xf2, 0x02, 0x00, 0x01};
unsigned char WMM_PARA_OUI23A[] = {0x00, 0x50, 0xf2, 0x02, 0x01, 0x01};

static unsigned char REALTEK_96B_IE[] = {0x00, 0xe0, 0x4c, 0x02, 0x01, 0x20};

/********************************************************
MCS rate definitions
*********************************************************/
unsigned char MCS_rate_2R23A[16] = {
	0xff, 0xff, 0x0, 0x0, 0x01, 0x0, 0x0, 0x0,
	0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
unsigned char MCS_rate_1R23A[16] = {
	0xff, 0x00, 0x0, 0x0, 0x01, 0x0, 0x0, 0x0,
	0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};

/********************************************************
ChannelPlan definitions
*********************************************************/

static struct rt_channel_plan_2g RTW_ChannelPlan2G[RT_CHANNEL_DOMAIN_2G_MAX] = {
	/*  0x00, RT_CHANNEL_DOMAIN_2G_WORLD , Passive scan CH 12, 13 */
	{{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13}, 13},
	/*  0x01, RT_CHANNEL_DOMAIN_2G_ETSI1 */
	{{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13}, 13},
	/*  0x02, RT_CHANNEL_DOMAIN_2G_FCC1 */
	{{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11}, 11},
	/*  0x03, RT_CHANNEL_DOMAIN_2G_MIKK1 */
	{{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14}, 14},
	/*  0x04, RT_CHANNEL_DOMAIN_2G_ETSI2 */
	{{10, 11, 12, 13}, 4},
	/*  0x05, RT_CHANNEL_DOMAIN_2G_NULL */
	{{}, 0},
};

static struct rt_channel_plan_5g RTW_ChannelPlan5G[RT_CHANNEL_DOMAIN_5G_MAX] = {
	/*  0x00, RT_CHANNEL_DOMAIN_5G_NULL */
	{{}, 0},
	/*  0x01, RT_CHANNEL_DOMAIN_5G_ETSI1 */
	{{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112,
	  116, 120, 124, 128, 132, 136, 140}, 19},
	/*  0x02, RT_CHANNEL_DOMAIN_5G_ETSI2 */
	{{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112,
	  116, 120, 124, 128, 132, 136, 140, 149, 153, 157, 161, 165}, 24},
	/*  0x03, RT_CHANNEL_DOMAIN_5G_ETSI3 */
	{{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112,
	  116, 120, 124, 128, 132, 149, 153, 157, 161, 165}, 22},
	/*  0x04, RT_CHANNEL_DOMAIN_5G_FCC1 */
	{{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112,
	  116, 120, 124, 128, 132, 136, 140, 149, 153, 157, 161, 165}, 24},
	/*  0x05, RT_CHANNEL_DOMAIN_5G_FCC2 */
	{{36, 40, 44, 48, 149, 153, 157, 161, 165}, 9},
	/*  0x06, RT_CHANNEL_DOMAIN_5G_FCC3 */
	{{36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161, 165}, 13},
	/*  0x07, RT_CHANNEL_DOMAIN_5G_FCC4 */
	{{36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161}, 12},
	/*  0x08, RT_CHANNEL_DOMAIN_5G_FCC5 */
	{{149, 153, 157, 161, 165}, 5},
	/*  0x09, RT_CHANNEL_DOMAIN_5G_FCC6 */
	{{36, 40, 44, 48, 52, 56, 60, 64}, 8},
	/*  0x0A, RT_CHANNEL_DOMAIN_5G_FCC7_IC1 */
	{{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112,
	  116, 136, 140, 149, 153, 157, 161, 165}, 20},
	/*  0x0B, RT_CHANNEL_DOMAIN_5G_KCC1 */
	{{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112,
	  116, 120, 124, 149, 153, 157, 161, 165}, 20},
	/*  0x0C, RT_CHANNEL_DOMAIN_5G_MKK1 */
	{{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112,
	  116, 120, 124, 128, 132, 136, 140}, 19},
	/*  0x0D, RT_CHANNEL_DOMAIN_5G_MKK2 */
	{{36, 40, 44, 48, 52, 56, 60, 64}, 8},
	/*  0x0E, RT_CHANNEL_DOMAIN_5G_MKK3 */
	{{100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140}, 11},
	/*  0x0F, RT_CHANNEL_DOMAIN_5G_NCC1 */
	{{56, 60, 64, 100, 104, 108, 112, 116, 136, 140, 149,
	  153, 157, 161, 165}, 15},
	/*  0x10, RT_CHANNEL_DOMAIN_5G_NCC2 */
	{{56, 60, 64, 149, 153, 157, 161, 165}, 8},

	/*  Driver self defined for old channel plan Compatible,
	    Remember to modify if have new channel plan definition ===== */
	/*  0x11, RT_CHANNEL_DOMAIN_5G_FCC */
	{{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112,
	  116, 132, 136, 140, 149, 153, 157, 161, 165}, 21},
	/*  0x12, RT_CHANNEL_DOMAIN_5G_JAPAN_NO_DFS */
	{{36, 40, 44, 48}, 4},
	/*  0x13, RT_CHANNEL_DOMAIN_5G_FCC4_NO_DFS */
	{{36, 40, 44, 48, 149, 153, 157, 161}, 8},
};

static struct rt_channel_plan_map RTW_ChannelPlanMap[RT_CHANNEL_DOMAIN_MAX] = {
	/*  0x00 ~ 0x1F , Old Define ===== */
	{0x02, 0x11},	/* 0x00, RT_CHANNEL_DOMAIN_FCC */
	{0x02, 0x0A},	/* 0x01, RT_CHANNEL_DOMAIN_IC */
	{0x01, 0x01},	/* 0x02, RT_CHANNEL_DOMAIN_ETSI */
	{0x01, 0x00},	/* 0x03, RT_CHANNEL_DOMAIN_SPAIN */
	{0x01, 0x00},	/* 0x04, RT_CHANNEL_DOMAIN_FRANCE */
	{0x03, 0x00},	/* 0x05, RT_CHANNEL_DOMAIN_MKK */
	{0x03, 0x00},	/* 0x06, RT_CHANNEL_DOMAIN_MKK1 */
	{0x01, 0x09},	/* 0x07, RT_CHANNEL_DOMAIN_ISRAEL */
	{0x03, 0x09},	/* 0x08, RT_CHANNEL_DOMAIN_TELEC */
	{0x03, 0x00},	/* 0x09, RT_CHANNEL_DOMAIN_GLOBAL_DOAMIN */
	{0x00, 0x00},	/* 0x0A, RT_CHANNEL_DOMAIN_WORLD_WIDE_13 */
	{0x02, 0x0F},	/* 0x0B, RT_CHANNEL_DOMAIN_TAIWAN */
	{0x01, 0x08},	/* 0x0C, RT_CHANNEL_DOMAIN_CHINA */
	{0x02, 0x06},	/* 0x0D, RT_CHANNEL_DOMAIN_SINGAPORE_INDIA_MEXICO */
	{0x02, 0x0B},	/* 0x0E, RT_CHANNEL_DOMAIN_KOREA */
	{0x02, 0x09},	/* 0x0F, RT_CHANNEL_DOMAIN_TURKEY */
	{0x01, 0x01},	/* 0x10, RT_CHANNEL_DOMAIN_JAPAN */
	{0x02, 0x05},	/* 0x11, RT_CHANNEL_DOMAIN_FCC_NO_DFS */
	{0x01, 0x12},	/* 0x12, RT_CHANNEL_DOMAIN_JAPAN_NO_DFS */
	{0x00, 0x04},	/* 0x13, RT_CHANNEL_DOMAIN_WORLD_WIDE_5G */
	{0x02, 0x10},	/* 0x14, RT_CHANNEL_DOMAIN_TAIWAN_NO_DFS */
	{0x00, 0x12},	/* 0x15, RT_CHANNEL_DOMAIN_ETSI_NO_DFS */
	{0x00, 0x13},	/* 0x16, RT_CHANNEL_DOMAIN_KOREA_NO_DFS */
	{0x03, 0x12},	/* 0x17, RT_CHANNEL_DOMAIN_JAPAN_NO_DFS */
	{0x05, 0x08},	/* 0x18, RT_CHANNEL_DOMAIN_PAKISTAN_NO_DFS */
	{0x02, 0x08},	/* 0x19, RT_CHANNEL_DOMAIN_TAIWAN2_NO_DFS */
	{0x00, 0x00},	/* 0x1A, */
	{0x00, 0x00},	/* 0x1B, */
	{0x00, 0x00},	/* 0x1C, */
	{0x00, 0x00},	/* 0x1D, */
	{0x00, 0x00},	/* 0x1E, */
	{0x05, 0x04},	/* 0x1F, RT_CHANNEL_DOMAIN_WORLD_WIDE_ONLY_5G */
	/*  0x20 ~ 0x7F , New Define ===== */
	{0x00, 0x00},	/* 0x20, RT_CHANNEL_DOMAIN_WORLD_NULL */
	{0x01, 0x00},	/* 0x21, RT_CHANNEL_DOMAIN_ETSI1_NULL */
	{0x02, 0x00},	/* 0x22, RT_CHANNEL_DOMAIN_FCC1_NULL */
	{0x03, 0x00},	/* 0x23, RT_CHANNEL_DOMAIN_MKK1_NULL */
	{0x04, 0x00},	/* 0x24, RT_CHANNEL_DOMAIN_ETSI2_NULL */
	{0x02, 0x04},	/* 0x25, RT_CHANNEL_DOMAIN_FCC1_FCC1 */
	{0x00, 0x01},	/* 0x26, RT_CHANNEL_DOMAIN_WORLD_ETSI1 */
	{0x03, 0x0C},	/* 0x27, RT_CHANNEL_DOMAIN_MKK1_MKK1 */
	{0x00, 0x0B},	/* 0x28, RT_CHANNEL_DOMAIN_WORLD_KCC1 */
	{0x00, 0x05},	/* 0x29, RT_CHANNEL_DOMAIN_WORLD_FCC2 */
	{0x00, 0x00},	/* 0x2A, */
	{0x00, 0x00},	/* 0x2B, */
	{0x00, 0x00},	/* 0x2C, */
	{0x00, 0x00},	/* 0x2D, */
	{0x00, 0x00},	/* 0x2E, */
	{0x00, 0x00},	/* 0x2F, */
	{0x00, 0x06},	/* 0x30, RT_CHANNEL_DOMAIN_WORLD_FCC3 */
	{0x00, 0x07},	/* 0x31, RT_CHANNEL_DOMAIN_WORLD_FCC4 */
	{0x00, 0x08},	/* 0x32, RT_CHANNEL_DOMAIN_WORLD_FCC5 */
	{0x00, 0x09},	/* 0x33, RT_CHANNEL_DOMAIN_WORLD_FCC6 */
	{0x02, 0x0A},	/* 0x34, RT_CHANNEL_DOMAIN_FCC1_FCC7 */
	{0x00, 0x02},	/* 0x35, RT_CHANNEL_DOMAIN_WORLD_ETSI2 */
	{0x00, 0x03},	/* 0x36, RT_CHANNEL_DOMAIN_WORLD_ETSI3 */
	{0x03, 0x0D},	/* 0x37, RT_CHANNEL_DOMAIN_MKK1_MKK2 */
	{0x03, 0x0E},	/* 0x38, RT_CHANNEL_DOMAIN_MKK1_MKK3 */
	{0x02, 0x0F},	/* 0x39, RT_CHANNEL_DOMAIN_FCC1_NCC1 */
	{0x00, 0x00},	/* 0x3A, */
	{0x00, 0x00},	/* 0x3B, */
	{0x00, 0x00},	/* 0x3C, */
	{0x00, 0x00},	/* 0x3D, */
	{0x00, 0x00},	/* 0x3E, */
	{0x00, 0x00},	/* 0x3F, */
	{0x02, 0x10},	/* 0x40, RT_CHANNEL_DOMAIN_FCC1_NCC2 */
	{0x03, 0x00},	/* 0x41, RT_CHANNEL_DOMAIN_GLOBAL_DOAMIN_2G */
};

static struct rt_channel_plan_map RTW_CHANNEL_PLAN_MAP_REALTEK_DEFINE =
{0x03, 0x02}; /* use the conbination for max channel numbers */

static void dummy_event_callback(struct rtw_adapter *adapter, const u8 *pbuf)
{
}

static struct fwevent wlanevents[] =
{
	{0, &dummy_event_callback},	/*0*/
	{0, NULL},
	{0, NULL},
	{0, NULL},
	{0, NULL},
	{0, NULL},
	{0, NULL},
	{0, NULL},
	{0, &rtw_survey_event_cb23a},		/*8*/
	{sizeof (struct surveydone_event), &rtw_surveydone_event_callback23a},
	{0, &rtw23a_joinbss_event_cb},		/*10*/
	{sizeof(struct stassoc_event), &rtw_stassoc_event_callback23a},
	{sizeof(struct stadel_event), &rtw_stadel_event_callback23a},
	{0, &dummy_event_callback},
	{0, &dummy_event_callback},
	{0, NULL},	/*15*/
	{0, NULL},
	{0, NULL},
	{0, NULL},
	{0, &dummy_event_callback},
	{0, NULL},	 /*20*/
	{0, NULL},
	{0, NULL},
	{0, &dummy_event_callback},
	{0, NULL},
};


static void rtw_correct_TSF(struct rtw_adapter *padapter)
{
	hw_var_set_correct_tsf(padapter);
}

static void
rtw_update_TSF(struct mlme_ext_priv *pmlmeext, struct ieee80211_mgmt *mgmt)
{
	pmlmeext->TSFValue = get_unaligned_le64(&mgmt->u.beacon.timestamp);
}

/*
 * Search the @param channel_num in given @param channel_set
 * @ch_set: the given channel set
 * @ch: the given channel number
 *
 * return the index of channel_num in channel_set, -1 if not found
 */
int rtw_ch_set_search_ch23a(struct rt_channel_info *ch_set, const u32 ch)
{
	int i;

	for (i = 0; ch_set[i]. ChannelNum != 0; i++) {
		if (ch == ch_set[i].ChannelNum)
			break;
	}

	if (i >= ch_set[i].ChannelNum)
		return -1;
	return i;
}

/****************************************************************************

Following are the initialization functions for WiFi MLME

*****************************************************************************/

int init_hw_mlme_ext23a(struct rtw_adapter *padapter)
{
	struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;

	set_channel_bwmode23a(padapter, pmlmeext->cur_channel,
			      pmlmeext->cur_ch_offset, pmlmeext->cur_bwmode);
	return _SUCCESS;
}

static void init_mlme_ext_priv23a_value(struct rtw_adapter *padapter)
{
	struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
	struct mlme_ext_info *pmlmeinfo = &pmlmeext->mlmext_info;
	unsigned char	mixed_datarate[NumRates] = {
		_1M_RATE_, _2M_RATE_, _5M_RATE_, _11M_RATE_, _6M_RATE_,
		_9M_RATE_, _12M_RATE_, _18M_RATE_, _24M_RATE_, _36M_RATE_,
		_48M_RATE_, _54M_RATE_, 0xff};
	unsigned char	mixed_basicrate[NumRates] = {
		_1M_RATE_, _2M_RATE_, _5M_RATE_, _11M_RATE_, _6M_RATE_,
		_12M_RATE_, _24M_RATE_, 0xff,};

	atomic_set(&pmlmeext->event_seq, 0);
	/* reset to zero when disconnect at client mode */
	pmlmeext->mgnt_seq = 0;

	pmlmeext->cur_channel = padapter->registrypriv.channel;
	pmlmeext->cur_bwmode = HT_CHANNEL_WIDTH_20;
	pmlmeext->cur_ch_offset = HAL_PRIME_CHNL_OFFSET_DONT_CARE;

	pmlmeext->retry = 0;

	pmlmeext->cur_wireless_mode = padapter->registrypriv.wireless_mode;

	memcpy(pmlmeext->datarate, mixed_datarate, NumRates);
	memcpy(pmlmeext->basicrate, mixed_basicrate, NumRates);

	if (pmlmeext->cur_channel > 14)
		pmlmeext->tx_rate = IEEE80211_OFDM_RATE_6MB;
	else
		pmlmeext->tx_rate = IEEE80211_CCK_RATE_1MB;

	pmlmeext->sitesurvey_res.state = SCAN_DISABLE;
	pmlmeext->sitesurvey_res.channel_idx = 0;
	pmlmeext->sitesurvey_res.bss_cnt = 0;
	pmlmeext->scan_abort = false;

	pmlmeinfo->state = MSR_NOLINK;
	pmlmeinfo->reauth_count = 0;
	pmlmeinfo->reassoc_count = 0;
	pmlmeinfo->link_count = 0;
	pmlmeinfo->auth_seq = 0;
	pmlmeinfo->auth_algo = dot11AuthAlgrthm_Open;
	pmlmeinfo->key_index = 0;
	pmlmeinfo->iv = 0;

	pmlmeinfo->enc_algo = 0;
	pmlmeinfo->authModeToggle = 0;

	memset(pmlmeinfo->chg_txt, 0, 128);

	pmlmeinfo->slotTime = SHORT_SLOT_TIME;
	pmlmeinfo->preamble_mode = PREAMBLE_AUTO;

	pmlmeinfo->dialogToken = 0;

	pmlmeext->action_public_rxseq = 0xffff;
	pmlmeext->action_public_dialog_token = 0xff;
}

static int has_channel(struct rt_channel_info *channel_set,
		       u8 chanset_size, u8 chan) {
	int i;

	for (i = 0; i < chanset_size; i++) {
		if (channel_set[i].ChannelNum == chan)
			return 1;
	}

	return 0;
}

static void init_channel_list(struct rtw_adapter *padapter,
			      struct rt_channel_info *channel_set,
			      u8 chanset_size,
			      struct p2p_channels *channel_list)
{
	struct p2p_oper_class_map op_class[] = {
		{ IEEE80211G,  81,   1,  13,  1, BW20 },
		{ IEEE80211G,  82,  14,  14,  1, BW20 },
		{ IEEE80211A, 115,  36,  48,  4, BW20 },
		{ IEEE80211A, 116,  36,  44,  8, BW40PLUS },
		{ IEEE80211A, 117,  40,  48,  8, BW40MINUS },
		{ IEEE80211A, 124, 149, 161,  4, BW20 },
		{ IEEE80211A, 125, 149, 169,  4, BW20 },
		{ IEEE80211A, 126, 149, 157,  8, BW40PLUS },
		{ IEEE80211A, 127, 153, 161,  8, BW40MINUS },
		{ -1, 0, 0, 0, 0, BW20 }
	};

	int cla, op;

	cla = 0;

	for (op = 0; op_class[op].op_class; op++) {
		u8 ch;
		struct p2p_oper_class_map *o = &op_class[op];
		struct p2p_reg_class *reg = NULL;

		for (ch = o->min_chan; ch <= o->max_chan; ch += o->inc) {
			if (!has_channel(channel_set, chanset_size, ch))
				continue;

			if ((0 == padapter->registrypriv.ht_enable) &&
			    (o->inc == 8))
				continue;

			if ((0 == (padapter->registrypriv.cbw40_enable & BIT(1))) &&
				((BW40MINUS == o->bw) || (BW40PLUS == o->bw)))
				continue;

			if (reg == NULL) {
				reg = &channel_list->reg_class[cla];
				cla++;
				reg->reg_class = o->op_class;
				reg->channels = 0;
			}
			reg->channel[reg->channels] = ch;
			reg->channels++;
		}
	}
	channel_list->reg_classes = cla;
}

static u8 init_channel_set(struct rtw_adapter *padapter, u8 cplan,
			   struct rt_channel_info *c_set)
{
	u8 i, ch_size = 0;
	u8 b5GBand = false, b2_4GBand = false;
	u8 Index2G = 0, Index5G = 0;

	memset(c_set, 0, sizeof(struct rt_channel_info) * MAX_CHANNEL_NUM);

	if (cplan >= RT_CHANNEL_DOMAIN_MAX &&
	    cplan != RT_CHANNEL_DOMAIN_REALTEK_DEFINE) {
		DBG_8723A("ChannelPlan ID %x error !!!!!\n", cplan);
		return ch_size;
	}

	if (padapter->registrypriv.wireless_mode & WIRELESS_11G) {
		b2_4GBand = true;
		if (RT_CHANNEL_DOMAIN_REALTEK_DEFINE == cplan)
			Index2G = RTW_CHANNEL_PLAN_MAP_REALTEK_DEFINE.Index2G;
		else
			Index2G = RTW_ChannelPlanMap[cplan].Index2G;
	}

	if (padapter->registrypriv.wireless_mode & WIRELESS_11A) {
		b5GBand = true;
		if (RT_CHANNEL_DOMAIN_REALTEK_DEFINE == cplan)
			Index5G = RTW_CHANNEL_PLAN_MAP_REALTEK_DEFINE.Index5G;
		else
			Index5G = RTW_ChannelPlanMap[cplan].Index5G;
	}

	if (b2_4GBand) {
		for (i = 0; i < RTW_ChannelPlan2G[Index2G].Len; i++) {
			c_set[ch_size].ChannelNum =
				RTW_ChannelPlan2G[Index2G].Channel[i];

			if ((RT_CHANNEL_DOMAIN_GLOBAL_DOAMIN == cplan) ||
			    /* Channel 1~11 is active, and 12~14 is passive */
			    RT_CHANNEL_DOMAIN_GLOBAL_DOAMIN_2G == cplan) {
				if (c_set[ch_size].ChannelNum >= 1 &&
				    c_set[ch_size].ChannelNum <= 11)
					c_set[ch_size].ScanType = SCAN_ACTIVE;
				else if (c_set[ch_size].ChannelNum >= 12 &&
					 c_set[ch_size].ChannelNum  <= 14)
					c_set[ch_size].ScanType = SCAN_PASSIVE;
			} else if (RT_CHANNEL_DOMAIN_WORLD_WIDE_13 == cplan ||
				   RT_CHANNEL_DOMAIN_WORLD_WIDE_5G == cplan ||
				   RT_CHANNEL_DOMAIN_2G_WORLD == Index2G) {
				/*  channel 12~13, passive scan */
				if (c_set[ch_size].ChannelNum <= 11)
					c_set[ch_size].ScanType = SCAN_ACTIVE;
				else
					c_set[ch_size].ScanType = SCAN_PASSIVE;
			} else
				c_set[ch_size].ScanType = SCAN_ACTIVE;

			ch_size++;
		}
	}

	if (b5GBand) {
		for (i = 0; i < RTW_ChannelPlan5G[Index5G].Len; i++) {
			if (RTW_ChannelPlan5G[Index5G].Channel[i] <= 48 ||
			    RTW_ChannelPlan5G[Index5G].Channel[i] >= 149) {
				c_set[ch_size].ChannelNum =
					RTW_ChannelPlan5G[Index5G].Channel[i];
				if (RT_CHANNEL_DOMAIN_WORLD_WIDE_5G == cplan) {
					/* passive scan for all 5G channels */
					c_set[ch_size].ScanType =
						SCAN_PASSIVE;
				} else
					c_set[ch_size].ScanType =
						SCAN_ACTIVE;
				DBG_8723A("%s(): channel_set[%d].ChannelNum = "
					  "%d\n", __func__, ch_size,
					  c_set[ch_size].ChannelNum);
				ch_size++;
			}
		}
	}

	return ch_size;
}

int init_mlme_ext_priv23a(struct rtw_adapter *padapter)
{
	struct registry_priv *pregistrypriv = &padapter->registrypriv;
	struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
	struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
	struct mlme_ext_info *pmlmeinfo = &pmlmeext->mlmext_info;

	pmlmeext->padapter = padapter;

	init_mlme_ext_priv23a_value(padapter);
	pmlmeinfo->bAcceptAddbaReq = pregistrypriv->bAcceptAddbaReq;

	init_mlme_ext_timer23a(padapter);

#ifdef CONFIG_8723AU_AP_MODE
	init_mlme_ap_info23a(padapter);
#endif

	pmlmeext->max_chan_nums = init_channel_set(padapter,
						   pmlmepriv->ChannelPlan,
						   pmlmeext->channel_set);
	init_channel_list(padapter, pmlmeext->channel_set,
			  pmlmeext->max_chan_nums, &pmlmeext->channel_list);

	pmlmeext->chan_scan_time = SURVEY_TO;
	pmlmeext->mlmeext_init = true;

	pmlmeext->active_keep_alive_check = true;
	return _SUCCESS;
}

void free_mlme_ext_priv23a (struct mlme_ext_priv *pmlmeext)
{
	struct rtw_adapter *padapter = pmlmeext->padapter;

	if (!padapter)
		return;

	if (padapter->bDriverStopped == true) {
		del_timer_sync(&pmlmeext->survey_timer);
		del_timer_sync(&pmlmeext->link_timer);
		/* del_timer_sync(&pmlmeext->ADDBA_timer); */
	}
}

static void
_mgt_dispatcher23a(struct rtw_adapter *padapter, struct mlme_handler *ptable,
		   struct recv_frame *precv_frame)
{
	struct sk_buff *skb = precv_frame->pkt;
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;

	if (ptable->func) {
		/* receive the frames that ra(a1) is my address
		   or ra(a1) is bc address. */
		if (!ether_addr_equal(hdr->addr1, myid(&padapter->eeprompriv))&&
		    !is_broadcast_ether_addr(hdr->addr1))
			return;

		ptable->func(padapter, precv_frame);
	}
}

void mgt_dispatcher23a(struct rtw_adapter *padapter,
		    struct recv_frame *precv_frame)
{
	struct mlme_handler *ptable;
#ifdef CONFIG_8723AU_AP_MODE
	struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
#endif /* CONFIG_8723AU_AP_MODE */
	struct sk_buff *skb = precv_frame->pkt;
	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) skb->data;
	struct sta_info *psta;
	u16 stype;
	int index;

	if (!ieee80211_is_mgmt(mgmt->frame_control))
		return;

	/* receive the frames that ra(a1) is my address or ra(a1) is
	   bc address. */
	if (!ether_addr_equal(mgmt->da, myid(&padapter->eeprompriv)) &&
	    !is_broadcast_ether_addr(mgmt->da))
		return;

	ptable = mlme_sta_tbl;

	stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
	index = stype >> 4;

	if (index > 13) {
		RT_TRACE(_module_rtl871x_mlme_c_, _drv_err_,
			 "Currently we do not support reserved sub-fr-type =%d\n",
			 index);
		return;
	}
	ptable += index;

	psta = rtw_get_stainfo23a(&padapter->stapriv, mgmt->sa);

	if (psta) {
		if (ieee80211_has_retry(mgmt->frame_control)) {
			if (precv_frame->attrib.seq_num ==
			    psta->RxMgmtFrameSeqNum) {
				/* drop the duplicate management frame */
				DBG_8723A("Drop duplicate management frame "
					  "with seq_num = %d.\n",
					  precv_frame->attrib.seq_num);
				return;
			}
		}
		psta->RxMgmtFrameSeqNum = precv_frame->attrib.seq_num;
	}

#ifdef CONFIG_8723AU_AP_MODE
	switch (stype) {
	case IEEE80211_STYPE_AUTH:
		if (check_fwstate(pmlmepriv, WIFI_AP_STATE))
			ptable->func = &OnAuth23a;
		else
			ptable->func = &OnAuth23aClient23a;
		/* pass through */
	case IEEE80211_STYPE_ASSOC_REQ:
	case IEEE80211_STYPE_REASSOC_REQ:
		_mgt_dispatcher23a(padapter, ptable, precv_frame);
		break;
	case IEEE80211_STYPE_PROBE_REQ:
		if (check_fwstate(pmlmepriv, WIFI_AP_STATE))
			_mgt_dispatcher23a(padapter, ptable, precv_frame);
		else
			_mgt_dispatcher23a(padapter, ptable, precv_frame);
		break;
	case IEEE80211_STYPE_BEACON:
		_mgt_dispatcher23a(padapter, ptable, precv_frame);
		break;
	case IEEE80211_STYPE_ACTION:
		/* if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) */
		_mgt_dispatcher23a(padapter, ptable, precv_frame);
		break;
	default:
		_mgt_dispatcher23a(padapter, ptable, precv_frame);
		break;
	}
#else
	_mgt_dispatcher23a(padapter, ptable, precv_frame);
#endif
}

/****************************************************************************

Following are the callback functions for each subtype of the management frames

*****************************************************************************/

static int
OnProbeReq23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame)
{
	const u8 *ie;
	struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
	struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
	struct mlme_ext_info *pmlmeinfo = &pmlmeext->mlmext_info;
	struct wlan_bssid_ex *cur = &pmlmeinfo->network;
	struct sk_buff *skb = precv_frame->pkt;
	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) skb->data;
	int len = skb->len;

	if (check_fwstate(pmlmepriv, WIFI_STATION_STATE))
		return _SUCCESS;

	if (!check_fwstate(pmlmepriv, _FW_LINKED) &&
	    !check_fwstate(pmlmepriv,
			   WIFI_ADHOC_MASTER_STATE | WIFI_AP_STATE))
		return _SUCCESS;

	if (unlikely(!ieee80211_is_probe_req(mgmt->frame_control))) {
		printk(KERN_WARNING "%s: Received non probe request frame\n",
		       __func__);
		return _FAIL;
	}

	len -= offsetof(struct ieee80211_mgmt, u.probe_req.variable);

	ie = cfg80211_find_ie(WLAN_EID_SSID, mgmt->u.probe_req.variable, len);

	/* check (wildcard) SSID */
	if (!ie)
		goto out;

	if ((ie[1] && memcmp(ie + 2, cur->Ssid.ssid, cur->Ssid.ssid_len)) ||
	    (ie[1] == 0 && pmlmeinfo->hidden_ssid_mode)) {
		return _SUCCESS;
	}

	if (check_fwstate(pmlmepriv, _FW_LINKED) &&
	    pmlmepriv->cur_network.join_res)
		issue_probersp(padapter, mgmt->sa);

out:
	return _SUCCESS;
}

static int
OnProbeRsp23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame)
{
	struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;

	if (pmlmeext->sitesurvey_res.state == SCAN_PROCESS) {
		report_survey_event23a(padapter, precv_frame);
		return _SUCCESS;
	}

	return _SUCCESS;
}

static int
OnBeacon23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame)
{
	int cam_idx;
	struct sta_info	*psta;
	struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
	struct mlme_ext_info *pmlmeinfo = &pmlmeext->mlmext_info;
	struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
	struct sta_priv	*pstapriv = &padapter->stapriv;
	struct sk_buff *skb = precv_frame->pkt;
	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) skb->data;
	int pkt_len = skb->len;
	struct wlan_bssid_ex *pbss;
	int ret = _SUCCESS;
	u8 *p, *pie;
	int pie_len;
	u32 ielen = 0;

	pie = mgmt->u.beacon.variable;
	pie_len = pkt_len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
	p = rtw_get_ie23a(pie, WLAN_EID_EXT_SUPP_RATES, &ielen, pie_len);
	if (p && ielen > 0) {
		if (p[1 + ielen] == 0x2D && p[2 + ielen] != 0x2D) {
			/* Invalid value 0x2D is detected in Extended Supported
			 * Rates (ESR) IE. Try to fix the IE length to avoid
			 * failed Beacon parsing.
			 */
			DBG_8723A("[WIFIDBG] Error in ESR IE is detected in "
				  "Beacon of BSSID: %pM. Fix the length of "
				  "ESR IE to avoid failed Beacon parsing.\n",
				  mgmt->bssid);
			p[1] = ielen - 1;
		}
	}

	if (pmlmeext->sitesurvey_res.state == SCAN_PROCESS) {
		report_survey_event23a(padapter, precv_frame);
		return _SUCCESS;
	}

	if (!ether_addr_equal(mgmt->bssid,
			      get_my_bssid23a(&pmlmeinfo->network)))
		goto out;

	if (pmlmeinfo->state & WIFI_FW_AUTH_NULL) {
		/* we should update current network before auth,
		   or some IE is wrong */
		pbss = collect_bss_info(padapter, precv_frame);
		if (pbss) {
			update_network23a(&pmlmepriv->cur_network.network, pbss,
					  padapter, true);
			rtw_get_bcn_info23a(&pmlmepriv->cur_network);
			kfree(pbss);
		}

		/* check the vendor of the assoc AP */
		pmlmeinfo->assoc_AP_vendor =
			check_assoc_AP23a((u8 *)&mgmt->u.beacon, pkt_len -
					  offsetof(struct ieee80211_mgmt, u));

		/* update TSF Value */
		rtw_update_TSF(pmlmeext, mgmt);

		/* start auth */
		start_clnt_auth(padapter);

		return _SUCCESS;
	}

	if (((pmlmeinfo->state & 0x03) == MSR_AP) &&
	    (pmlmeinfo->state & WIFI_FW_ASSOC_SUCCESS)) {
		psta = rtw_get_stainfo23a(pstapriv, mgmt->sa);
		if (psta) {
			ret = rtw_check_bcn_info23a(padapter, mgmt, pkt_len);
			if (ret != _SUCCESS) {
				DBG_8723A_LEVEL(_drv_always_, "ap has changed, "
						"disconnect now\n");
				receive_disconnect23a(padapter, pmlmeinfo->network.MacAddress, 65535);
				return _SUCCESS;
			}
			/* update WMM, ERP in the beacon */
			/* todo: the timer is used instead of
			   the number of the beacon received */
			if ((sta_rx_pkts(psta) & 0xf) == 0) {
				/* DBG_8723A("update_bcn_info\n"); */
				update_beacon23a_info(padapter, mgmt,
						      pkt_len, psta);
			}
		}
	} else if ((pmlmeinfo->state&0x03) == MSR_ADHOC) {
		psta = rtw_get_stainfo23a(pstapriv, mgmt->sa);
		if (psta) {
			/* update WMM, ERP in the beacon */
			/* todo: the timer is used instead of the
			   number of the beacon received */
			if ((sta_rx_pkts(psta) & 0xf) == 0) {
				/* DBG_8723A("update_bcn_info\n"); */
				update_beacon23a_info(padapter, mgmt,
						      pkt_len, psta);
			}
		} else {
			/* allocate a new CAM entry for IBSS station */
			cam_idx = allocate_fw_sta_entry23a(padapter);
			if (cam_idx == NUM_STA)
				goto out;

			/* get supported rate */
			if (update_sta_support_rate23a(padapter, pie, pie_len,
						       cam_idx) == _FAIL) {
				pmlmeinfo->FW_sta_info[cam_idx].status = 0;
				goto out;
			}

			/* update TSF Value */
			rtw_update_TSF(pmlmeext, mgmt);

			/* report sta add event */
			report_add_sta_event23a(padapter, mgmt->sa,
						cam_idx);
		}
	}

out:

	return _SUCCESS;
}

#ifdef CONFIG_8723AU_AP_MODE
static int
OnAuth23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame)
{
	static struct sta_info stat;
	struct sta_info *pstat = NULL;
	struct sta_priv *pstapriv = &padapter->stapriv;
	struct security_priv *psecuritypriv = &padapter->securitypriv;
	struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
	struct mlme_ext_info *pmlmeinfo = &pmlmeext->mlmext_info;
	struct sk_buff *skb = precv_frame->pkt;
	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) skb->data;
	u8 *pframe;
	const u8 *p;
	unsigned char *sa;
	u16 auth_mode, seq, algorithm;
	int status, len = skb->len;

	if ((pmlmeinfo->state & 0x03) != MSR_AP)
		return _FAIL;

	DBG_8723A("+OnAuth23a\n");

	sa = mgmt->sa;

	auth_mode = psecuritypriv->dot11AuthAlgrthm;

	pframe = mgmt->u.auth.variable;
	len = skb->len - offsetof(struct ieee80211_mgmt, u.auth.variable);

	seq = le16_to_cpu(mgmt->u.auth.auth_transaction);
	algorithm = le16_to_cpu(mgmt->u.auth.auth_alg);

	DBG_8723A("auth alg =%x, seq =%X\n", algorithm, seq);

	if (auth_mode == 2 &&
	    psecuritypriv->dot11PrivacyAlgrthm != WLAN_CIPHER_SUITE_WEP40 &&
	    psecuritypriv->dot11PrivacyAlgrthm != WLAN_CIPHER_SUITE_WEP104)
		auth_mode = 0;

	/*  rx a shared-key auth but shared not enabled, or */
	/*  rx a open-system auth but shared-key is enabled */
	if ((algorithm != WLAN_AUTH_OPEN && auth_mode == 0) ||
	    (algorithm == WLAN_AUTH_OPEN && auth_mode == 1)) {
		DBG_8723A("auth rejected due to bad alg [alg =%d, auth_mib "
			  "=%d] %02X%02X%02X%02X%02X%02X\n",
			  algorithm, auth_mode,
			  sa[0], sa[1], sa[2], sa[3], sa[4], sa[5]);

		status = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;

		goto auth_fail;
	}

	if (rtw_access_ctrl23a(padapter, sa) == false) {
		status = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
		goto auth_fail;
	}

	pstat = rtw_get_stainfo23a(pstapriv, sa);
	if (!pstat) {
		/*  allocate a new one */
		DBG_8723A("going to alloc stainfo for sa =%pM\n", sa);
		pstat = rtw_alloc_stainfo23a(pstapriv, sa, GFP_ATOMIC);
		if (!pstat) {
			DBG_8723A(" Exceed the upper limit of supported "
				  "clients...\n");
			status = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
			goto auth_fail;
		}

		pstat->state = WIFI_FW_AUTH_NULL;
		pstat->auth_seq = 0;

		/* pstat->flags = 0; */
		/* pstat->capability = 0; */
	} else {
		spin_lock_bh(&pstapriv->asoc_list_lock);
		if (!list_empty(&pstat->asoc_list)) {
			list_del_init(&pstat->asoc_list);
			pstapriv->asoc_list_cnt--;
			if (pstat->expire_to > 0) {
				/* TODO: STA re_auth within expire_to */
			}
		}
		spin_unlock_bh(&pstapriv->asoc_list_lock);

		if (seq == 1) {
			/* TODO: STA re_auth and auth timeout */
		}
	}

	spin_lock_bh(&pstapriv->auth_list_lock);
	if (list_empty(&pstat->auth_list)) {
		list_add_tail(&pstat->auth_list, &pstapriv->auth_list);
		pstapriv->auth_list_cnt++;
	}
	spin_unlock_bh(&pstapriv->auth_list_lock);

	if (pstat->auth_seq == 0)
		pstat->expire_to = pstapriv->auth_to;

	if ((pstat->auth_seq + 1) != seq) {
		DBG_8723A("(1)auth rejected because out of seq [rx_seq =%d, "
			  "exp_seq =%d]!\n", seq, pstat->auth_seq+1);
		status = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
		goto auth_fail;
	}

	if (algorithm == WLAN_AUTH_OPEN && (auth_mode == 0 || auth_mode == 2)) {
		if (seq == 1) {
			pstat->state &= ~WIFI_FW_AUTH_NULL;
			pstat->state |= WIFI_FW_AUTH_SUCCESS;
			pstat->expire_to = pstapriv->assoc_to;
			pstat->authalg = algorithm;
		} else {
			DBG_8723A("(2)auth rejected because out of seq "
				  "[rx_seq =%d, exp_seq =%d]!\n",
				  seq, pstat->auth_seq+1);
			status = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
			goto auth_fail;
		}
	} else { /*  shared system or auto authentication */
		if (seq == 1) {
			/* prepare for the challenging txt... */
			pstat->state &= ~WIFI_FW_AUTH_NULL;
			pstat->state |= WIFI_FW_AUTH_STATE;
			pstat->authalg = algorithm;
			pstat->auth_seq = 2;
		} else if (seq == 3) {
			/* checking for challenging txt... */
			DBG_8723A("checking for challenging txt...\n");

			p = cfg80211_find_ie(WLAN_EID_CHALLENGE, pframe, len);
			if (!p || p[1] <= 0) {
				DBG_8723A("auth rejected because challenge "
					  "failure!(1)\n");
				status = WLAN_STATUS_CHALLENGE_FAIL;
				goto auth_fail;
			}

			if (!memcmp(p + 2, pstat->chg_txt, 128)) {
				pstat->state &= ~WIFI_FW_AUTH_STATE;
				pstat->state |= WIFI_FW_AUTH_SUCCESS;
				/*  challenging txt is correct... */
				pstat->expire_to =  pstapriv->assoc_to;
			} else {
				DBG_8723A("auth rejected because challenge "
					  "failure!\n");
				status = WLAN_STATUS_CHALLENGE_FAIL;
				goto auth_fail;
			}
		} else {
			DBG_8723A("(3)auth rejected because out of seq "
				  "[rx_seq =%d, exp_seq =%d]!\n",
				  seq, pstat->auth_seq+1);
			status = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
			goto auth_fail;
		}
	}

	/*  Now, we are going to issue_auth... */
	pstat->auth_seq = seq + 1;

	issue_auth(padapter, pstat, WLAN_STATUS_SUCCESS);

	if (pstat->state & WIFI_FW_AUTH_SUCCESS)
		pstat->auth_seq = 0;

	return _SUCCESS;

auth_fail:

	if (pstat)
		rtw_free_stainfo23a(padapter, pstat);

	pstat = &stat;
	memset((char *)pstat, '\0', sizeof(stat));
	pstat->auth_seq = 2;
	ether_addr_copy(pstat->hwaddr, sa);

	issue_auth(padapter, pstat, (unsigned short)status);

	return _FAIL;
}
#endif

static int
OnAuth23aClient23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame)
{
	unsigned int seq, status, algthm;
	unsigned int go2asoc = 0;
	struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
	struct mlme_ext_info *pmlmeinfo = &pmlmeext->mlmext_info;
	struct sk_buff *skb = precv_frame->pkt;
	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) skb->data;
	const u8 *p;
	u8 *pie;
	int plen = skb->len;

	DBG_8723A("%s\n", __func__);

	/* check A1 matches or not */
	if (!ether_addr_equal(myid(&padapter->eeprompriv), mgmt->da))
		return _SUCCESS;

	if (!(pmlmeinfo->state & WIFI_FW_AUTH_STATE))
		return _SUCCESS;

	pie = mgmt->u.auth.variable;
	plen -= offsetof(struct ieee80211_mgmt, u.auth.variable);

	algthm = le16_to_cpu(mgmt->u.auth.auth_alg);
	seq = le16_to_cpu(mgmt->u.auth.auth_transaction);
	status = le16_to_cpu(mgmt->u.auth.status_code);

	if (status) {
		DBG_8723A("clnt auth fail, status: %d\n", status);
		/*  pmlmeinfo->auth_algo == dot11AuthAlgrthm_Auto) */
		if (status == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
			if (pmlmeinfo->auth_algo == dot11AuthAlgrthm_Shared)
				pmlmeinfo->auth_algo = dot11AuthAlgrthm_Open;
			else
				pmlmeinfo->auth_algo = dot11AuthAlgrthm_Shared;
			/* pmlmeinfo->reauth_count = 0; */
		}

		set_link_timer(pmlmeext, 1);
		goto authclnt_fail;
	}

	if (seq == 2) {
		if (pmlmeinfo->auth_algo == dot11AuthAlgrthm_Shared) {
			/*  legendary shared system */
			p = cfg80211_find_ie(WLAN_EID_CHALLENGE, pie, plen);

			if (!p) {
				/* DBG_8723A("marc: no challenge text?\n"); */
				goto authclnt_fail;
			}

			memcpy((void *)(pmlmeinfo->chg_txt), p + 2, p[1]);
			pmlmeinfo->auth_seq = 3;
			issue_auth(padapter, NULL, 0);
			set_link_timer(pmlmeext, REAUTH_TO);

			return _SUCCESS;
		} else {
			/*  open system */
			go2asoc = 1;
		}
	} else if (seq == 4) {
		if (pmlmeinfo->auth_algo == dot11AuthAlgrthm_Shared)
			go2asoc = 1;
		else
			goto authclnt_fail;
	} else {
		/*  this is also illegal */
		/* DBG_8723A("marc: clnt auth failed due to illegal seq =%x\n",
		   seq); */
		goto authclnt_fail;
	}

	if (go2asoc) {
		DBG_8723A_LEVEL(_drv_always_, "auth success, start assoc\n");
		start_clnt_assoc(padapter);
		return _SUCCESS;
	}

authclnt_fail:

	/* pmlmeinfo->state &= ~(WIFI_FW_AUTH_STATE); */

	return _FAIL;
}

#ifdef CONFIG_8723AU_AP_MODE
static int rtw_validate_vendor_specific_ies(const u8 *pos, int elen)
{
	unsigned int oui;

	/* first 3 bytes in vendor specific information element are the IEEE
	 * OUI of the vendor. The following byte is used a vendor specific
	 * sub-type. */
	if (elen < 4) {
		DBG_8723A("short vendor specific information element "
			  "ignored (len =%i)\n", elen);
		return -EINVAL;
	}

	oui = RTW_GET_BE24(pos);
	switch (oui) {
	case WLAN_OUI_MICROSOFT:
		/* Microsoft/Wi-Fi information elements are further typed and
		 * subtyped */
		switch (pos[3]) {
		case WLAN_OUI_TYPE_MICROSOFT_WPA:
			/* Microsoft OUI (00:50:F2) with OUI Type 1:
			 * real WPA information element */
			break;
		case WLAN_OUI_TYPE_MICROSOFT_WMM:
			if (elen < 5) {
				DBG_8723A("short WME information element "
					  "ignored (len =%i)\n", elen);
				return -EINVAL;
			}
			switch (pos[4]) {
			case WME_OUI_SUBTYPE_INFORMATION_ELEMENT:
			case WME_OUI_SUBTYPE_PARAMETER_ELEMENT:
				break;
			case WME_OUI_SUBTYPE_TSPEC_ELEMENT:
				break;
			default:
				DBG_8723A("unknown WME information element "
					  "ignored (subtype =%d len =%i)\n",
					   pos[4], elen);
				return -EINVAL;
			}
			break;
		case WLAN_OUI_TYPE_MICROSOFT_WPS:
			/* Wi-Fi Protected Setup (WPS) IE */
			break;
		default:
			DBG_8723A("Unknown Microsoft information element "
				  "ignored (type =%d len =%i)\n",
				  pos[3], elen);
			return -EINVAL;
		}
		break;

	case OUI_BROADCOM:
		switch (pos[3]) {
		case VENDOR_HT_CAPAB_OUI_TYPE:
			break;
		default:
			DBG_8723A("Unknown Broadcom information element "
				  "ignored (type =%d len =%i)\n", pos[3], elen);
			return -EINVAL;
		}
		break;

	default:
		DBG_8723A("unknown vendor specific information element "
			  "ignored (vendor OUI %02x:%02x:%02x len =%i)\n",
			   pos[0], pos[1], pos[2], elen);
		return -EINVAL;
	}

	return 0;
}

static int rtw_validate_frame_ies(const u8 *start, uint len)
{
	const u8 *pos = start;
	int left = len;
	int unknown = 0;

	while (left >= 2) {
		u8 id, elen;

		id = *pos++;
		elen = *pos++;
		left -= 2;

		if (elen > left) {
			DBG_8723A("%s: IEEE 802.11 failed (id =%d elen =%d "
				  "left =%i)\n", __func__, id, elen, left);
			return -EINVAL;
		}

		switch (id) {
		case WLAN_EID_SSID:
		case WLAN_EID_SUPP_RATES:
		case WLAN_EID_FH_PARAMS:
		case WLAN_EID_DS_PARAMS:
		case WLAN_EID_CF_PARAMS:
		case WLAN_EID_TIM:
		case WLAN_EID_IBSS_PARAMS:
		case WLAN_EID_CHALLENGE:
		case WLAN_EID_ERP_INFO:
		case WLAN_EID_EXT_SUPP_RATES:
			break;
		case WLAN_EID_VENDOR_SPECIFIC:
			if (rtw_validate_vendor_specific_ies(pos, elen))
				unknown++;
			break;
		case WLAN_EID_RSN:
		case WLAN_EID_PWR_CAPABILITY:
		case WLAN_EID_SUPPORTED_CHANNELS:
		case WLAN_EID_MOBILITY_DOMAIN:
		case WLAN_EID_FAST_BSS_TRANSITION:
		case WLAN_EID_TIMEOUT_INTERVAL:
		case WLAN_EID_HT_CAPABILITY:
		case WLAN_EID_HT_OPERATION:
		default:
			unknown++;
			DBG_8723A("%s IEEE 802.11 ignored unknown element "
				  "(id =%d elen =%d)\n", __func__, id, elen);
			break;
		}

		left -= elen;
		pos += elen;
	}

	if (left)
		return -EINVAL;

	return 0;
}
#endif

static int
OnAssocReq23a(struct rtw_adapter *padapter, struct recv_frame *precv_frame)
{
#ifdef CONFIG_8723AU_AP_MODE
	u16 capab_info, listen_interval;
	struct sta_info	*pstat;
	unsigned char reassoc;
	int i, wpa_ie_len, left;
	unsigned char supportRate[16];
	int supportRateNum;
	unsigned short status = WLAN_STATUS_SUCCESS;
	struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
	struct security_priv *psecuritypriv = &padapter->securitypriv;
	struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
	struct mlme_ext_info *pmlmeinfo = &pmlmeext->mlmext_info;
	struct wlan_bssid_ex *cur = &pmlmeinfo->network;
	struct sta_priv *pstapriv = &padapter->stapriv;
	struct sk_buff *skb = precv_frame->pkt;
	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) skb->data;
	const u8 *pos, *p, *wpa_ie, *wps_ie;
	u8 *pframe = skb->data;
	uint pkt_len = skb->len;
	int r;

	if ((pmlmeinfo->state & 0x03) != MSR_AP)
		return _FAIL;

	left = pkt_len - sizeof(struct ieee80211_hdr_3addr);
	if (ieee80211_is_assoc_req(mgmt->frame_control)) {
		reassoc = 0;
		pos = mgmt->u.assoc_req.variable;
		left -= offsetof(struct ieee80211_mgmt, u.assoc_req.variable);
	} else { /*  WIFI_REASSOCREQ */
		reassoc = 1;
		pos = mgmt->u.reassoc_req.variable;
		left -= offsetof(struct ieee80211_mgmt, u.reassoc_req.variable);
	}

	if (left < 0) {
		DBG_8723A("handle_assoc(reassoc =%d) - too short payload "
			  "(len =%lu)\n", reassoc, (unsigned long)pkt_len);
		return _FAIL;
	}

	pstat = rtw_get_stainfo23a(pstapriv, mgmt->sa);
	if (!pstat) {
		status = WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA;
		goto asoc_class2_error;
	}

	/* These two are located at the same offsets whether it's an
	 * assoc_req or a reassoc_req */
	capab_info = get_unaligned_le16(&mgmt->u.assoc_req.capab_info);
	listen_interval =
		get_unaligned_le16(&mgmt->u.assoc_req.listen_interval);

	DBG_8723A("%s\n", __func__);

	/*  check if this stat has been successfully authenticated/assocated */
	if (!(pstat->state & WIFI_FW_AUTH_SUCCESS)) {
		if (!(pstat->state & WIFI_FW_ASSOC_SUCCESS)) {
			status = WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA;
			goto asoc_class2_error;
		} else {
			pstat->state &= (~WIFI_FW_ASSOC_SUCCESS);
			pstat->state |= WIFI_FW_ASSOC_STATE;
		}
	} else {
		pstat->state &= (~WIFI_FW_AUTH_SUCCESS);
		pstat->state |= WIFI_FW_ASSOC_STATE;
	}

	pstat->capability = capab_info;

	/* now parse all ieee802_11 ie to point to elems */

	if (rtw_validate_frame_ies(pos, left)) {
		DBG_8723A("STA %pM sent invalid association request\n",
			  pstat->hwaddr);
		status = WLAN_STATUS_UNSPECIFIED_FAILURE;
		goto OnAssocReq23aFail;
	}

	/*  now we should check all the fields... */
	/*  checking SSID */
	p = cfg80211_find_ie(WLAN_EID_SSID, pos, left);
	if (!p || p[1] == 0) {
		/*  broadcast ssid, however it is not allowed in assocreq */
		DBG_8723A("STA %pM sent invalid association request lacking an SSID\n",
			  pstat->hwaddr);
		status = WLAN_STATUS_UNSPECIFIED_FAILURE;
		goto OnAssocReq23aFail;
	} else {
		/*  check if ssid match */
		if (memcmp(p + 2, cur->Ssid.ssid, cur->Ssid.ssid_len))
			status = WLAN_STATUS_UNSPECIFIED_FAILURE;

		if (p[1] != cur->Ssid.ssid_len)
			status = WLAN_STATUS_UNSPECIFIED_FAILURE;
	}

	if (status != WLAN_STATUS_SUCCESS)
		goto OnAssocReq23aFail;

	/*  check if the supported rate is ok */
	p = cfg80211_find_ie(WLAN_EID_SUPP_RATES, pos, left);
	if (!p) {
		DBG_8723A("Rx a sta assoc-req which supported rate is "
			  "empty!\n");
		/*  use our own rate set as statoin used */
		/* memcpy(supportRate, AP_BSSRATE, AP_BSSRATE_LEN); */
		/* supportRateNum = AP_BSSRATE_LEN; */

		status = WLAN_STATUS_UNSPECIFIED_FAILURE;
		goto OnAssocReq23aFail;
	} else {
		memcpy(supportRate, p + 2, p[1]);
		supportRateNum = p[1];

		p = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, pos, left);
		if (p) {
			if (supportRateNum <= sizeof(supportRate)) {
				memcpy(supportRate+supportRateNum, p + 2, p[1]);
				supportRateNum += p[1];
			}
		}
	}

	/* todo: mask supportRate between AP & STA -> move to update raid */
	/* get_matched_rate(pmlmeext, supportRate, &supportRateNum, 0); */

	/* update station supportRate */
	pstat->bssratelen = supportRateNum;
	memcpy(pstat->bssrateset, supportRate, supportRateNum);
	Update23aTblForSoftAP(pstat->bssrateset, pstat->bssratelen);

	/* check RSN/WPA/WPS */
	pstat->dot8021xalg = 0;
	pstat->wpa_psk = 0;
	pstat->wpa_group_cipher = 0;
	pstat->wpa2_group_cipher = 0;
	pstat->wpa_pairwise_cipher = 0;
	pstat->wpa2_pairwise_cipher = 0;
	memset(pstat->wpa_ie, 0, sizeof(pstat->wpa_ie));

	wpa_ie = cfg80211_find_ie(WLAN_EID_RSN, pos, left);
	if (!wpa_ie)
		wpa_ie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
						 WLAN_OUI_TYPE_MICROSOFT_WPA,
						 pos, left);
	if (wpa_ie) {
		int group_cipher = 0, pairwise_cipher = 0;

		wpa_ie_len = wpa_ie[1];
		if (psecuritypriv->wpa_psk & BIT(1)) {
			r = rtw_parse_wpa2_ie23a(wpa_ie, wpa_ie_len + 2,
						 &group_cipher,
						 &pairwise_cipher, NULL);
			if (r == _SUCCESS) {
				pstat->dot8021xalg = 1;/* psk,  todo:802.1x */
				pstat->wpa_psk |= BIT(1);

				pstat->wpa2_group_cipher = group_cipher &
					psecuritypriv->wpa2_group_cipher;
				pstat->wpa2_pairwise_cipher = pairwise_cipher &
					psecuritypriv->wpa2_pairwise_cipher;
			} else
				status = WLAN_STATUS_INVALID_IE;
		} else if (psecuritypriv->wpa_psk & BIT(0)) {
			r = rtw_parse_wpa_ie23a(wpa_ie, wpa_ie_len + 2,
						&group_cipher, &pairwise_cipher,
						NULL);
			if (r == _SUCCESS) {
				pstat->dot8021xalg = 1;/* psk,  todo:802.1x */
				pstat->wpa_psk |= BIT(0);

				pstat->wpa_group_cipher = group_cipher &
					psecuritypriv->wpa_group_cipher;
				pstat->wpa_pairwise_cipher = pairwise_cipher &
					psecuritypriv->wpa_pairwise_cipher;
			} else
				status = WLAN_STATUS_INVALID_IE;
		} else {
			wpa_ie = NULL;
			wpa_ie_len = 0;
		}
		if (wpa_ie && status == WLAN_STATUS_SUCCESS) {
			if (!pstat->wpa_group_cipher)
				status = WLAN_STATUS_INVALID_GROUP_CIPHER;

			if (!pstat->wpa_pairwise_cipher)
				status = WLAN_STATUS_INVALID_PAIRWISE_CIPHER;
		}
	}

	if (status != WLAN_STATUS_SUCCESS)
		goto OnAssocReq23aFail;

	pstat->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS);

	wps_ie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
					 WLAN_OUI_TYPE_MICROSOFT_WPS,
					 pos, left);

	if (!wpa_ie) {
		if (wps_ie) {
			DBG_8723A("STA included WPS IE in (Re)Association "
				  "Request - assume WPS is used\n");
			pstat->flags |= WLAN_STA_WPS;
		} else {
			DBG_8723A("STA did not include WPA/RSN IE in (Re)"
				   "Association Request - possible WPS use\n");
			pstat->flags |= WLAN_STA_MAYBE_WPS;
		}
	} else {
		int copy_len;

		if (psecuritypriv->wpa_psk == 0) {
			DBG_8723A("STA %pM: WPA/RSN IE in association request, but AP don't support WPA/RSN\n",
				  pstat->hwaddr);

			status = WLAN_STATUS_INVALID_IE;

			goto OnAssocReq23aFail;
		}

		if (wps_ie) {
			DBG_8723A("STA included WPS IE in (Re)Association "
				  "Request - WPS is used\n");
			pstat->flags |= WLAN_STA_WPS;
			copy_len = 0;
		} else {
			copy_len = ((wpa_ie_len + 2) > sizeof(pstat->wpa_ie)) ?
				sizeof(pstat->wpa_ie) : (wpa_ie_len + 2);
		}

		if (copy_len > 0)
			memcpy(pstat->wpa_ie, wpa_ie - 2, copy_len);
	}

	/*  check if there is WMM IE & support WWM-PS */
	pstat->flags &= ~WLAN_STA_WME;
	pstat->qos_option = 0;
	pstat->qos_info = 0;
	pstat->has_legacy_ac = true;
	pstat->uapsd_vo = 0;
	pstat->uapsd_vi = 0;
	pstat->uapsd_be = 0;
	pstat->uapsd_bk = 0;
	if (pmlmepriv->qos_option) {
		const u8 *end = pos + left;

		p = pos;

		for (;;) {
			left = end - p;
			p = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
						    WLAN_OUI_TYPE_MICROSOFT_WMM,
						    p, left);
			if (p) {
				pstat->flags |= WLAN_STA_WME;

				pstat->qos_option = 1;
				pstat->qos_info = *(p + 8);

				pstat->max_sp_len =
					(pstat->qos_info >> 5) & 0x3;

				if ((pstat->qos_info & 0xf) != 0xf)
					pstat->has_legacy_ac = true;
				else
					pstat->has_legacy_ac = false;

				if (pstat->qos_info & 0xf) {
					if (pstat->qos_info & BIT(0))
						pstat->uapsd_vo = BIT(0)|BIT(1);
					else
						pstat->uapsd_vo = 0;

					if (pstat->qos_info & BIT(1))
						pstat->uapsd_vi = BIT(0)|BIT(1);
					else
						pstat->uapsd_vi = 0;

					if (pstat->qos_info & BIT(2))
						pstat->uapsd_bk = BIT(0)|BIT(1);
					else
						pstat->uapsd_bk = 0;

					if (pstat->qos_info & BIT(3))
						pstat->uapsd_be = BIT(0)|BIT(1);
					else
						pstat->uapsd_be = 0;

					break;
				}
			} else {
				break;
			}
			p = p + p[1] + 2;
		}
	}

	/* save HT capabilities in the sta object */
	memset(&pstat->htpriv.ht_cap, 0, sizeof(struct ieee80211_ht_cap));
	p = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, pos, left);

	if (p && p[1] >= sizeof(struct ieee80211_ht_cap)) {
		pstat->flags |= WLAN_STA_HT;

		pstat->flags |= WLAN_STA_WME;

		memcpy(&pstat->htpriv.ht_cap, p + 2,
		       sizeof(struct ieee80211_ht_cap));
	} else
		pstat->flags &= ~WLAN_STA_HT;

	if (!pmlmepriv->htpriv.ht_option && pstat->flags & WLAN_STA_HT){
		status = WLAN_STATUS_UNSPECIFIED_FAILURE;
		goto On…