/******************************************************************************
 *
 * Copyright(c) 2007 - 2012 Realtek Corporation. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
 * more details.
 *
 ******************************************************************************/
#define _RTW_MLME_EXT_C_

#include <drv_types.h>
#include <rtw_debug.h>
#include <rtw_wifi_regd.h>


static struct mlme_handler mlme_sta_tbl[] = {
        {WIFI_ASSOCREQ,         "OnAssocReq",   &OnAssocReq},
        {WIFI_ASSOCRSP,         "OnAssocRsp",   &OnAssocRsp},
        {WIFI_REASSOCREQ,       "OnReAssocReq", &OnAssocReq},
        {WIFI_REASSOCRSP,       "OnReAssocRsp", &OnAssocRsp},
        {WIFI_PROBEREQ,         "OnProbeReq",   &OnProbeReq},
        {WIFI_PROBERSP,         "OnProbeRsp",           &OnProbeRsp},

        /*----------------------------------------------------------
                                        below 2 are reserved
        -----------------------------------------------------------*/
        {0,                                     "DoReserved",           &DoReserved},
        {0,                                     "DoReserved",           &DoReserved},
        {WIFI_BEACON,           "OnBeacon",             &OnBeacon},
        {WIFI_ATIM,                     "OnATIM",               &OnAtim},
        {WIFI_DISASSOC,         "OnDisassoc",           &OnDisassoc},
        {WIFI_AUTH,                     "OnAuth",               &OnAuthClient},
        {WIFI_DEAUTH,           "OnDeAuth",             &OnDeAuth},
        {WIFI_ACTION,           "OnAction",             &OnAction},
        {WIFI_ACTION_NOACK, "OnActionNoAck",    &OnAction},
};

static struct action_handler OnAction_tbl[] = {
        {RTW_WLAN_CATEGORY_SPECTRUM_MGMT,        "ACTION_SPECTRUM_MGMT", on_action_spct},
        {RTW_WLAN_CATEGORY_QOS, "ACTION_QOS", &DoReserved},
        {RTW_WLAN_CATEGORY_DLS, "ACTION_DLS", &DoReserved},
        {RTW_WLAN_CATEGORY_BACK, "ACTION_BACK", &OnAction_back},
        {RTW_WLAN_CATEGORY_PUBLIC, "ACTION_PUBLIC", on_action_public},
        {RTW_WLAN_CATEGORY_RADIO_MEASUREMENT, "ACTION_RADIO_MEASUREMENT", &DoReserved},
        {RTW_WLAN_CATEGORY_FT, "ACTION_FT",     &DoReserved},
        {RTW_WLAN_CATEGORY_HT,  "ACTION_HT",    &OnAction_ht},
        {RTW_WLAN_CATEGORY_SA_QUERY, "ACTION_SA_QUERY", &OnAction_sa_query},
        {RTW_WLAN_CATEGORY_UNPROTECTED_WNM, "ACTION_UNPROTECTED_WNM", &DoReserved},
        {RTW_WLAN_CATEGORY_SELF_PROTECTED, "ACTION_SELF_PROTECTED", &DoReserved},
        {RTW_WLAN_CATEGORY_WMM, "ACTION_WMM", &DoReserved},
        {RTW_WLAN_CATEGORY_VHT, "ACTION_VHT", &DoReserved},
        {RTW_WLAN_CATEGORY_P2P, "ACTION_P2P", &DoReserved},
};


static u8 null_addr[ETH_ALEN] = {0, 0, 0, 0, 0, 0};

/**************************************************
OUI definitions for the vendor specific IE
***************************************************/
unsigned char RTW_WPA_OUI[] = {0x00, 0x50, 0xf2, 0x01};
unsigned char WMM_OUI[] = {0x00, 0x50, 0xf2, 0x02};
unsigned char WPS_OUI[] = {0x00, 0x50, 0xf2, 0x04};
unsigned char P2P_OUI[] = {0x50, 0x6F, 0x9A, 0x09};
unsigned char WFD_OUI[] = {0x50, 0x6F, 0x9A, 0x0A};

unsigned char WMM_INFO_OUI[] = {0x00, 0x50, 0xf2, 0x02, 0x00, 0x01};
unsigned char WMM_PARA_OUI[] = {0x00, 0x50, 0xf2, 0x02, 0x01, 0x01};

static unsigned char REALTEK_96B_IE[] = {0x00, 0xe0, 0x4c, 0x02, 0x01, 0x20};

/********************************************************
ChannelPlan definitions
*********************************************************/
static RT_CHANNEL_PLAN_2G       RTW_ChannelPlan2G[RT_CHANNEL_DOMAIN_2G_MAX] = {
        {{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13}, 13},              /*  0x00, RT_CHANNEL_DOMAIN_2G_WORLD , Passive scan CH 12, 13 */
        {{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13}, 13},              /*  0x01, RT_CHANNEL_DOMAIN_2G_ETSI1 */
        {{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11}, 11},                      /*  0x02, RT_CHANNEL_DOMAIN_2G_FCC1 */
        {{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14}, 14},  /*  0x03, RT_CHANNEL_DOMAIN_2G_MIKK1 */
        {{10, 11, 12, 13}, 4},                                          /*  0x04, RT_CHANNEL_DOMAIN_2G_ETSI2 */
        {{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14}, 14},  /*  0x05, RT_CHANNEL_DOMAIN_2G_GLOBAL , Passive scan CH 12, 13, 14 */
        {{}, 0},                                                                /*  0x06, RT_CHANNEL_DOMAIN_2G_NULL */
};

static RT_CHANNEL_PLAN_5G       RTW_ChannelPlan5G[RT_CHANNEL_DOMAIN_5G_MAX] = {
        {{}, 0},                                                                                                                                                                        /*  0x00, RT_CHANNEL_DOMAIN_5G_NULL */
        {{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140}, 19},                                          /*  0x01, RT_CHANNEL_DOMAIN_5G_ETSI1 */
        {{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 149, 153, 157, 161, 165}, 24}, /*  0x02, RT_CHANNEL_DOMAIN_5G_ETSI2 */
        {{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 149, 153, 157, 161, 165}, 22},                   /*  0x03, RT_CHANNEL_DOMAIN_5G_ETSI3 */
        {{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 149, 153, 157, 161, 165}, 24}, /*  0x04, RT_CHANNEL_DOMAIN_5G_FCC1 */
        {{36, 40, 44, 48, 149, 153, 157, 161, 165}, 9},                                                                                                         /*  0x05, RT_CHANNEL_DOMAIN_5G_FCC2 */
        {{36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161, 165}, 13},                                                                                        /*  0x06, RT_CHANNEL_DOMAIN_5G_FCC3 */
        {{36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161}, 12},                                                                                             /*  0x07, RT_CHANNEL_DOMAIN_5G_FCC4 */
        {{149, 153, 157, 161, 165}, 5},                                                                                                                                 /*  0x08, RT_CHANNEL_DOMAIN_5G_FCC5 */
        {{36, 40, 44, 48, 52, 56, 60, 64}, 8},                                                                                                                          /*  0x09, RT_CHANNEL_DOMAIN_5G_FCC6 */
        {{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 136, 140, 149, 153, 157, 161, 165}, 20},                                     /*  0x0A, RT_CHANNEL_DOMAIN_5G_FCC7_IC1 */
        {{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 149, 153, 157, 161, 165}, 20},                                     /*  0x0B, RT_CHANNEL_DOMAIN_5G_KCC1 */
        {{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140}, 19},                                          /*  0x0C, RT_CHANNEL_DOMAIN_5G_MKK1 */
        {{36, 40, 44, 48, 52, 56, 60, 64}, 8},                                                                                                                          /*  0x0D, RT_CHANNEL_DOMAIN_5G_MKK2 */
        {{100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140}, 11},                                                                                  /*  0x0E, RT_CHANNEL_DOMAIN_5G_MKK3 */
        {{56, 60, 64, 100, 104, 108, 112, 116, 136, 140, 149, 153, 157, 161, 165}, 15},                                                         /*  0x0F, RT_CHANNEL_DOMAIN_5G_NCC1 */
        {{56, 60, 64, 149, 153, 157, 161, 165}, 8},                                                                                                                     /*  0x10, RT_CHANNEL_DOMAIN_5G_NCC2 */
        {{149, 153, 157, 161, 165}, 5},                                                                                                                                 /*  0x11, RT_CHANNEL_DOMAIN_5G_NCC3 */
        {{36, 40, 44, 48}, 4},                                                                                                                                                  /*  0x12, RT_CHANNEL_DOMAIN_5G_ETSI4 */
        {{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 136, 140, 149, 153, 157, 161, 165}, 20},                                     /*  0x13, RT_CHANNEL_DOMAIN_5G_ETSI5 */
        {{149, 153, 157, 161}, 4},                                                                                                                                              /*  0x14, RT_CHANNEL_DOMAIN_5G_FCC8 */
        {{36, 40, 44, 48, 52, 56, 60, 64}, 8},                                                                                                                          /*  0x15, RT_CHANNEL_DOMAIN_5G_ETSI6 */
        {{36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161, 165}, 13},                                                                                        /*  0x16, RT_CHANNEL_DOMAIN_5G_ETSI7 */
        {{36, 40, 44, 48, 149, 153, 157, 161, 165}, 9},                                                                                                         /*  0x17, RT_CHANNEL_DOMAIN_5G_ETSI8 */
        {{100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140}, 11},                                                                                  /*  0x18, RT_CHANNEL_DOMAIN_5G_ETSI9 */
        {{149, 153, 157, 161, 165}, 5},                                                                                                                                 /*  0x19, RT_CHANNEL_DOMAIN_5G_ETSI10 */
        {{36, 40, 44, 48, 52, 56, 60, 64, 132, 136, 140, 149, 153, 157, 161, 165}, 16},                                                                 /*  0x1A, RT_CHANNEL_DOMAIN_5G_ETSI11 */
        {{52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140, 149, 153, 157, 161, 165}, 17},                                                        /*  0x1B, RT_CHANNEL_DOMAIN_5G_NCC4 */
        {{149, 153, 157, 161}, 4},                                                                                                                                              /*  0x1C, RT_CHANNEL_DOMAIN_5G_ETSI12 */
        {{36, 40, 44, 48, 100, 104, 108, 112, 116, 132, 136, 140, 149, 153, 157, 161, 165}, 17},                                                        /*  0x1D, RT_CHANNEL_DOMAIN_5G_FCC9 */
        {{36, 40, 44, 48, 100, 104, 108, 112, 116, 132, 136, 140}, 12},                                                                                 /*  0x1E, RT_CHANNEL_DOMAIN_5G_ETSI13 */
        {{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140, 149, 153, 157, 161}, 20},                                     /*  0x1F, RT_CHANNEL_DOMAIN_5G_FCC10 */

        /*  Driver self defined for old channel plan Compatible , Remember to modify if have new channel plan definition ===== */
        {{36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140, 149, 153, 157, 161, 165}, 21},                                /*  0x20, RT_CHANNEL_DOMAIN_5G_FCC */
        {{36, 40, 44, 48}, 4},                                                                                                                                                  /*  0x21, RT_CHANNEL_DOMAIN_5G_JAPAN_NO_DFS */
        {{36, 40, 44, 48, 149, 153, 157, 161}, 8},                                                                                                                      /*  0x22, RT_CHANNEL_DOMAIN_5G_FCC4_NO_DFS */
};

static RT_CHANNEL_PLAN_MAP      RTW_ChannelPlanMap[RT_CHANNEL_DOMAIN_MAX] = {
        /*  0x00 ~ 0x1F , Old Define ===== */
        {0x02, 0x20},   /* 0x00, RT_CHANNEL_DOMAIN_FCC */
        {0x02, 0x0A},   /* 0x01, RT_CHANNEL_DOMAIN_IC */
        {0x01, 0x01},   /* 0x02, RT_CHANNEL_DOMAIN_ETSI */
        {0x01, 0x00},   /* 0x03, RT_CHANNEL_DOMAIN_SPAIN */
        {0x01, 0x00},   /* 0x04, RT_CHANNEL_DOMAIN_FRANCE */
        {0x03, 0x00},   /* 0x05, RT_CHANNEL_DOMAIN_MKK */
        {0x03, 0x00},   /* 0x06, RT_CHANNEL_DOMAIN_MKK1 */
        {0x01, 0x09},   /* 0x07, RT_CHANNEL_DOMAIN_ISRAEL */
        {0x03, 0x09},   /* 0x08, RT_CHANNEL_DOMAIN_TELEC */
        {0x03, 0x00},   /* 0x09, RT_CHANNEL_DOMAIN_GLOBAL_DOAMIN */
        {0x00, 0x00},   /* 0x0A, RT_CHANNEL_DOMAIN_WORLD_WIDE_13 */
        {0x02, 0x0F},   /* 0x0B, RT_CHANNEL_DOMAIN_TAIWAN */
        {0x01, 0x08},   /* 0x0C, RT_CHANNEL_DOMAIN_CHINA */
        {0x02, 0x06},   /* 0x0D, RT_CHANNEL_DOMAIN_SINGAPORE_INDIA_MEXICO */
        {0x02, 0x0B},   /* 0x0E, RT_CHANNEL_DOMAIN_KOREA */
        {0x02, 0x09},   /* 0x0F, RT_CHANNEL_DOMAIN_TURKEY */
        {0x01, 0x01},   /* 0x10, RT_CHANNEL_DOMAIN_JAPAN */
        {0x02, 0x05},   /* 0x11, RT_CHANNEL_DOMAIN_FCC_NO_DFS */
        {0x01, 0x21},   /* 0x12, RT_CHANNEL_DOMAIN_JAPAN_NO_DFS */
        {0x00, 0x04},   /* 0x13, RT_CHANNEL_DOMAIN_WORLD_WIDE_5G */
        {0x02, 0x10},   /* 0x14, RT_CHANNEL_DOMAIN_TAIWAN_NO_DFS */
        {0x00, 0x21},   /* 0x15, RT_CHANNEL_DOMAIN_ETSI_NO_DFS */
        {0x00, 0x22},   /* 0x16, RT_CHANNEL_DOMAIN_KOREA_NO_DFS */
        {0x03, 0x21},   /* 0x17, RT_CHANNEL_DOMAIN_JAPAN_NO_DFS */
        {0x06, 0x08},   /* 0x18, RT_CHANNEL_DOMAIN_PAKISTAN_NO_DFS */
        {0x02, 0x08},   /* 0x19, RT_CHANNEL_DOMAIN_TAIWAN2_NO_DFS */
        {0x00, 0x00},   /* 0x1A, */
        {0x00, 0x00},   /* 0x1B, */
        {0x00, 0x00},   /* 0x1C, */
        {0x00, 0x00},   /* 0x1D, */
        {0x00, 0x00},   /* 0x1E, */
        {0x06, 0x04},   /* 0x1F, RT_CHANNEL_DOMAIN_WORLD_WIDE_ONLY_5G */
        /*  0x20 ~ 0x7F , New Define ===== */
        {0x00, 0x00},   /* 0x20, RT_CHANNEL_DOMAIN_WORLD_NULL */
        {0x01, 0x00},   /* 0x21, RT_CHANNEL_DOMAIN_ETSI1_NULL */
        {0x02, 0x00},   /* 0x22, RT_CHANNEL_DOMAIN_FCC1_NULL */
        {0x03, 0x00},   /* 0x23, RT_CHANNEL_DOMAIN_MKK1_NULL */
        {0x04, 0x00},   /* 0x24, RT_CHANNEL_DOMAIN_ETSI2_NULL */
        {0x02, 0x04},   /* 0x25, RT_CHANNEL_DOMAIN_FCC1_FCC1 */
        {0x00, 0x01},   /* 0x26, RT_CHANNEL_DOMAIN_WORLD_ETSI1 */
        {0x03, 0x0C},   /* 0x27, RT_CHANNEL_DOMAIN_MKK1_MKK1 */
        {0x00, 0x0B},   /* 0x28, RT_CHANNEL_DOMAIN_WORLD_KCC1 */
        {0x00, 0x05},   /* 0x29, RT_CHANNEL_DOMAIN_WORLD_FCC2 */
        {0x00, 0x00},   /* 0x2A, */
        {0x00, 0x00},   /* 0x2B, */
        {0x00, 0x00},   /* 0x2C, */
        {0x00, 0x00},   /* 0x2D, */
        {0x00, 0x00},   /* 0x2E, */
        {0x00, 0x00},   /* 0x2F, */
        {0x00, 0x06},   /* 0x30, RT_CHANNEL_DOMAIN_WORLD_FCC3 */
        {0x00, 0x07},   /* 0x31, RT_CHANNEL_DOMAIN_WORLD_FCC4 */
        {0x00, 0x08},   /* 0x32, RT_CHANNEL_DOMAIN_WORLD_FCC5 */
        {0x00, 0x09},   /* 0x33, RT_CHANNEL_DOMAIN_WORLD_FCC6 */
        {0x02, 0x0A},   /* 0x34, RT_CHANNEL_DOMAIN_FCC1_FCC7 */
        {0x00, 0x02},   /* 0x35, RT_CHANNEL_DOMAIN_WORLD_ETSI2 */
        {0x00, 0x03},   /* 0x36, RT_CHANNEL_DOMAIN_WORLD_ETSI3 */
        {0x03, 0x0D},   /* 0x37, RT_CHANNEL_DOMAIN_MKK1_MKK2 */
        {0x03, 0x0E},   /* 0x38, RT_CHANNEL_DOMAIN_MKK1_MKK3 */
        {0x02, 0x0F},   /* 0x39, RT_CHANNEL_DOMAIN_FCC1_NCC1 */
        {0x00, 0x00},   /* 0x3A, */
        {0x00, 0x00},   /* 0x3B, */
        {0x00, 0x00},   /* 0x3C, */
        {0x00, 0x00},   /* 0x3D, */
        {0x00, 0x00},   /* 0x3E, */
        {0x00, 0x00},   /* 0x3F, */
        {0x02, 0x10},   /* 0x40, RT_CHANNEL_DOMAIN_FCC1_NCC2 */
        {0x05, 0x00},   /* 0x41, RT_CHANNEL_DOMAIN_GLOBAL_NULL */
        {0x01, 0x12},   /* 0x42, RT_CHANNEL_DOMAIN_ETSI1_ETSI4 */
        {0x02, 0x05},   /* 0x43, RT_CHANNEL_DOMAIN_FCC1_FCC2 */
        {0x02, 0x11},   /* 0x44, RT_CHANNEL_DOMAIN_FCC1_NCC3 */
        {0x00, 0x13},   /* 0x45, RT_CHANNEL_DOMAIN_WORLD_ETSI5 */
        {0x02, 0x14},   /* 0x46, RT_CHANNEL_DOMAIN_FCC1_FCC8 */
        {0x00, 0x15},   /* 0x47, RT_CHANNEL_DOMAIN_WORLD_ETSI6 */
        {0x00, 0x16},   /* 0x48, RT_CHANNEL_DOMAIN_WORLD_ETSI7 */
        {0x00, 0x17},   /* 0x49, RT_CHANNEL_DOMAIN_WORLD_ETSI8 */
        {0x00, 0x18},   /* 0x50, RT_CHANNEL_DOMAIN_WORLD_ETSI9 */
        {0x00, 0x19},   /* 0x51, RT_CHANNEL_DOMAIN_WORLD_ETSI10 */
        {0x00, 0x1A},   /* 0x52, RT_CHANNEL_DOMAIN_WORLD_ETSI11 */
        {0x02, 0x1B},   /* 0x53, RT_CHANNEL_DOMAIN_FCC1_NCC4 */
        {0x00, 0x1C},   /* 0x54, RT_CHANNEL_DOMAIN_WORLD_ETSI12 */
        {0x02, 0x1D},   /* 0x55, RT_CHANNEL_DOMAIN_FCC1_FCC9 */
        {0x00, 0x1E},   /* 0x56, RT_CHANNEL_DOMAIN_WORLD_ETSI13 */
        {0x02, 0x1F},   /* 0x57, RT_CHANNEL_DOMAIN_FCC1_FCC10 */
};

static RT_CHANNEL_PLAN_MAP      RTW_CHANNEL_PLAN_MAP_REALTEK_DEFINE = {0x03, 0x02}; /* use the conbination for max channel numbers */

/*
 * Search the @param ch in given @param ch_set
 * @ch_set: the given channel set
 * @ch: the given channel number
 *
 * return the index of channel_num in channel_set, -1 if not found
 */
int rtw_ch_set_search_ch(RT_CHANNEL_INFO *ch_set, const u32 ch)
{
        int i;
        for (i = 0; ch_set[i].ChannelNum != 0; i++) {
                if (ch == ch_set[i].ChannelNum)
                        break;
        }

        if (i >= ch_set[i].ChannelNum)
                return -1;
        return i;
}

/*
 * Check the @param ch is fit with setband setting of @param adapter
 * @adapter: the given adapter
 * @ch: the given channel number
 *
 * return true when check valid, false not valid
 */
bool rtw_mlme_band_check(struct adapter *adapter, const u32 ch)
{
        if (adapter->setband == GHZ24_50 /* 2.4G and 5G */
                || (adapter->setband == GHZ_24 && ch < 35) /* 2.4G only */
                || (adapter->setband == GHZ_50 && ch > 35) /* 5G only */
        ) {
                return true;
        }
        return false;
}

/****************************************************************************

Following are the initialization functions for WiFi MLME

*****************************************************************************/

int init_hw_mlme_ext(struct adapter *padapter)
{
        struct  mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;

        set_channel_bwmode(padapter, pmlmeext->cur_channel, pmlmeext->cur_ch_offset, pmlmeext->cur_bwmode);
        return _SUCCESS;
}

void init_mlme_default_rate_set(struct adapter *padapter)
{
        struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;

        unsigned char mixed_datarate[NumRates] = {_1M_RATE_, _2M_RATE_, _5M_RATE_, _11M_RATE_, _6M_RATE_, _9M_RATE_, _12M_RATE_, _18M_RATE_, _24M_RATE_, _36M_RATE_, _48M_RATE_, _54M_RATE_, 0xff};
        unsigned char mixed_basicrate[NumRates] = {_1M_RATE_, _2M_RATE_, _5M_RATE_, _11M_RATE_, _6M_RATE_, _12M_RATE_, _24M_RATE_, 0xff,};
        unsigned char supported_mcs_set[16] = {0xff, 0xff, 0x00, 0x00, 0x01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};

        memcpy(pmlmeext->datarate, mixed_datarate, NumRates);
        memcpy(pmlmeext->basicrate, mixed_basicrate, NumRates);

        memcpy(pmlmeext->default_supported_mcs_set, supported_mcs_set, sizeof(pmlmeext->default_supported_mcs_set));
}

static void init_mlme_ext_priv_value(struct adapter *padapter)
{
        struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
        struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);

        atomic_set(&pmlmeext->event_seq, 0);
        pmlmeext->mgnt_seq = 0;/* reset to zero when disconnect at client mode */
        pmlmeext->sa_query_seq = 0;
        pmlmeext->mgnt_80211w_IPN = 0;
        pmlmeext->mgnt_80211w_IPN_rx = 0;
        pmlmeext->cur_channel = padapter->registrypriv.channel;
        pmlmeext->cur_bwmode = CHANNEL_WIDTH_20;
        pmlmeext->cur_ch_offset = HAL_PRIME_CHNL_OFFSET_DONT_CARE;

        pmlmeext->retry = 0;

        pmlmeext->cur_wireless_mode = padapter->registrypriv.wireless_mode;

        init_mlme_default_rate_set(padapter);

        if (pmlmeext->cur_channel > 14)
                pmlmeext->tx_rate = IEEE80211_OFDM_RATE_6MB;
        else
                pmlmeext->tx_rate = IEEE80211_CCK_RATE_1MB;

        pmlmeext->sitesurvey_res.state = SCAN_DISABLE;
        pmlmeext->sitesurvey_res.channel_idx = 0;
        pmlmeext->sitesurvey_res.bss_cnt = 0;
        pmlmeext->scan_abort = false;

        pmlmeinfo->state = WIFI_FW_NULL_STATE;
        pmlmeinfo->reauth_count = 0;
        pmlmeinfo->reassoc_count = 0;
        pmlmeinfo->link_count = 0;
        pmlmeinfo->auth_seq = 0;
        pmlmeinfo->auth_algo = dot11AuthAlgrthm_Open;
        pmlmeinfo->key_index = 0;
        pmlmeinfo->iv = 0;

        pmlmeinfo->enc_algo = _NO_PRIVACY_;
        pmlmeinfo->authModeToggle = 0;

        memset(pmlmeinfo->chg_txt, 0, 128);

        pmlmeinfo->slotTime = SHORT_SLOT_TIME;
        pmlmeinfo->preamble_mode = PREAMBLE_AUTO;

        pmlmeinfo->dialogToken = 0;

        pmlmeext->action_public_rxseq = 0xffff;
        pmlmeext->action_public_dialog_token = 0xff;
}

static int has_channel(RT_CHANNEL_INFO *channel_set,
                                           u8 chanset_size,
                                           u8 chan) {
        int i;

        for (i = 0; i < chanset_size; i++) {
                if (channel_set[i].ChannelNum == chan) {
                        return 1;
                }
        }

        return 0;
}

static void init_channel_list(struct adapter *padapter, RT_CHANNEL_INFO *channel_set,
                                                          u8 chanset_size,
                                                          struct p2p_channels *channel_list) {

        struct p2p_oper_class_map op_class[] = {
                { IEEE80211G,  81,   1,  13,  1, BW20 },
                { IEEE80211G,  82,  14,  14,  1, BW20 },
                { IEEE80211A, 115,  36,  48,  4, BW20 },
                { IEEE80211A, 116,  36,  44,  8, BW40PLUS },
                { IEEE80211A, 117,  40,  48,  8, BW40MINUS },
                { IEEE80211A, 124, 149, 161,  4, BW20 },
                { IEEE80211A, 125, 149, 169,  4, BW20 },
                { IEEE80211A, 126, 149, 157,  8, BW40PLUS },
                { IEEE80211A, 127, 153, 161,  8, BW40MINUS },
                { -1, 0, 0, 0, 0, BW20 }
        };

        int cla, op;

        cla = 0;

        for (op = 0; op_class[op].op_class; op++) {
                u8 ch;
                struct p2p_oper_class_map *o = &op_class[op];
                struct p2p_reg_class *reg = NULL;

                for (ch = o->min_chan; ch <= o->max_chan; ch += o->inc) {
                        if (!has_channel(channel_set, chanset_size, ch)) {
                                continue;
                        }

                        if ((0 == padapter->registrypriv.ht_enable) && (8 == o->inc))
                                continue;

                        if ((0 < (padapter->registrypriv.bw_mode & 0xf0)) &&
                                ((BW40MINUS == o->bw) || (BW40PLUS == o->bw)))
                                continue;

                        if (reg == NULL) {
                                reg = &channel_list->reg_class[cla];
                                cla++;
                                reg->reg_class = o->op_class;
                                reg->channels = 0;
                        }
                        reg->channel[reg->channels] = ch;
                        reg->channels++;
                }
        }
        channel_list->reg_classes = cla;

}

static u8 init_channel_set(struct adapter *padapter, u8 ChannelPlan, RT_CHANNEL_INFO *channel_set)
{
        u8 index, chanset_size = 0;
        u8 b5GBand = false, b2_4GBand = false;
        u8 Index2G = 0, Index5G = 0;

        memset(channel_set, 0, sizeof(RT_CHANNEL_INFO)*MAX_CHANNEL_NUM);

        if (ChannelPlan >= RT_CHANNEL_DOMAIN_MAX && ChannelPlan != RT_CHANNEL_DOMAIN_REALTEK_DEFINE) {
                DBG_871X("ChannelPlan ID %x error !!!!!\n", ChannelPlan);
                return chanset_size;
        }

        if (IsSupported24G(padapter->registrypriv.wireless_mode)) {
                b2_4GBand = true;
                if (RT_CHANNEL_DOMAIN_REALTEK_DEFINE == ChannelPlan)
                        Index2G = RTW_CHANNEL_PLAN_MAP_REALTEK_DEFINE.Index2G;
                else
                        Index2G = RTW_ChannelPlanMap[ChannelPlan].Index2G;
        }

        if (b2_4GBand) {
                for (index = 0; index < RTW_ChannelPlan2G[Index2G].Len; index++) {
                        channel_set[chanset_size].ChannelNum = RTW_ChannelPlan2G[Index2G].Channel[index];

                        if ((RT_CHANNEL_DOMAIN_GLOBAL_DOAMIN == ChannelPlan) ||/* Channel 1~11 is active, and 12~14 is passive */
                                (RT_CHANNEL_DOMAIN_GLOBAL_NULL == ChannelPlan)) {
                                if (channel_set[chanset_size].ChannelNum >= 1 && channel_set[chanset_size].ChannelNum <= 11)
                                        channel_set[chanset_size].ScanType = SCAN_ACTIVE;
                                else if ((channel_set[chanset_size].ChannelNum  >= 12 && channel_set[chanset_size].ChannelNum  <= 14))
                                        channel_set[chanset_size].ScanType  = SCAN_PASSIVE;
                        } else if (RT_CHANNEL_DOMAIN_WORLD_WIDE_13 == ChannelPlan ||
                                RT_CHANNEL_DOMAIN_WORLD_WIDE_5G == ChannelPlan ||
                                RT_CHANNEL_DOMAIN_2G_WORLD == Index2G) { /*  channel 12~13, passive scan */
                                if (channel_set[chanset_size].ChannelNum <= 11)
                                        channel_set[chanset_size].ScanType = SCAN_ACTIVE;
                                else
                                        channel_set[chanset_size].ScanType = SCAN_PASSIVE;
                        } else
                                channel_set[chanset_size].ScanType = SCAN_ACTIVE;

                        chanset_size++;
                }
        }

        if (b5GBand) {
                for (index = 0; index < RTW_ChannelPlan5G[Index5G].Len; index++) {
                        if (RTW_ChannelPlan5G[Index5G].Channel[index] <= 48
                                || RTW_ChannelPlan5G[Index5G].Channel[index] >= 149) {
                                channel_set[chanset_size].ChannelNum = RTW_ChannelPlan5G[Index5G].Channel[index];
                                if (RT_CHANNEL_DOMAIN_WORLD_WIDE_5G == ChannelPlan)/* passive scan for all 5G channels */
                                        channel_set[chanset_size].ScanType = SCAN_PASSIVE;
                                else
                                        channel_set[chanset_size].ScanType = SCAN_ACTIVE;
                                DBG_871X("%s(): channel_set[%d].ChannelNum = %d\n", __func__, chanset_size, channel_set[chanset_size].ChannelNum);
                                chanset_size++;
                        }
                }
        }

        DBG_871X("%s ChannelPlan ID %x Chan num:%d \n", __func__, ChannelPlan, chanset_size);
        return chanset_size;
}

int     init_mlme_ext_priv(struct adapter *padapter)
{
        int     res = _SUCCESS;
        struct registry_priv *pregistrypriv = &padapter->registrypriv;
        struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
        struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
        struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);

        /*  We don't need to memset padapter->XXX to zero, because adapter is allocated by vzalloc(). */
        /* memset((u8 *)pmlmeext, 0, sizeof(struct mlme_ext_priv)); */

        pmlmeext->padapter = padapter;

        /* fill_fwpriv(padapter, &(pmlmeext->fwpriv)); */

        init_mlme_ext_priv_value(padapter);
        pmlmeinfo->bAcceptAddbaReq = pregistrypriv->bAcceptAddbaReq;

        init_mlme_ext_timer(padapter);

        init_mlme_ap_info(padapter);

        pmlmeext->max_chan_nums = init_channel_set(padapter, pmlmepriv->ChannelPlan, pmlmeext->channel_set);
        init_channel_list(padapter, pmlmeext->channel_set, pmlmeext->max_chan_nums, &pmlmeext->channel_list);
        pmlmeext->last_scan_time = 0;
        pmlmeext->chan_scan_time = SURVEY_TO;
        pmlmeext->mlmeext_init = true;
        pmlmeext->active_keep_alive_check = true;

#ifdef DBG_FIXED_CHAN
        pmlmeext->fixed_chan = 0xFF;
#endif

        return res;

}

void free_mlme_ext_priv(struct mlme_ext_priv *pmlmeext)
{
        struct adapter *padapter = pmlmeext->padapter;

        if (!padapter)
                return;

        if (padapter->bDriverStopped == true) {
                del_timer_sync(&pmlmeext->survey_timer);
                del_timer_sync(&pmlmeext->link_timer);
                /* del_timer_sync(&pmlmeext->ADDBA_timer); */
        }
}

static void _mgt_dispatcher(struct adapter *padapter, struct mlme_handler *ptable, union recv_frame *precv_frame)
{
        u8 bc_addr[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
        u8 *pframe = precv_frame->u.hdr.rx_data;

        if (ptable->func) {
                /* receive the frames that ra(a1) is my address or ra(a1) is bc address. */
                if (memcmp(GetAddr1Ptr(pframe), myid(&padapter->eeprompriv), ETH_ALEN) &&
                    memcmp(GetAddr1Ptr(pframe), bc_addr, ETH_ALEN))
                        return;

                ptable->func(padapter, precv_frame);
        }
}

void mgt_dispatcher(struct adapter *padapter, union recv_frame *precv_frame)
{
        int index;
        struct mlme_handler *ptable;
        struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
        u8 bc_addr[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
        u8 *pframe = precv_frame->u.hdr.rx_data;
        struct sta_info *psta = rtw_get_stainfo(&padapter->stapriv, GetAddr2Ptr(pframe));
        struct dvobj_priv *psdpriv = padapter->dvobj;
        struct debug_priv *pdbgpriv = &psdpriv->drv_dbg;

        RT_TRACE(_module_rtl871x_mlme_c_, _drv_info_,
                 ("+mgt_dispatcher: type(0x%x) subtype(0x%x)\n",
                  GetFrameType(pframe), GetFrameSubType(pframe)));

        if (GetFrameType(pframe) != WIFI_MGT_TYPE) {
                RT_TRACE(_module_rtl871x_mlme_c_, _drv_err_, ("mgt_dispatcher: type(0x%x) error!\n", GetFrameType(pframe)));
                return;
        }

        /* receive the frames that ra(a1) is my address or ra(a1) is bc address. */
        if (memcmp(GetAddr1Ptr(pframe), myid(&padapter->eeprompriv), ETH_ALEN) &&
                memcmp(GetAddr1Ptr(pframe), bc_addr, ETH_ALEN)) {
                return;
        }

        ptable = mlme_sta_tbl;

        index = GetFrameSubType(pframe) >> 4;

        if (index >= (sizeof(mlme_sta_tbl) / sizeof(struct mlme_handler))) {
                RT_TRACE(_module_rtl871x_mlme_c_, _drv_err_, ("Currently we do not support reserved sub-fr-type =%d\n", index));
                return;
        }
        ptable += index;

        if (psta != NULL) {
                if (GetRetry(pframe)) {
                        if (precv_frame->u.hdr.attrib.seq_num == psta->RxMgmtFrameSeqNum) {
                                /* drop the duplicate management frame */
                                pdbgpriv->dbg_rx_dup_mgt_frame_drop_count++;
                                DBG_871X("Drop duplicate management frame with seq_num = %d.\n", precv_frame->u.hdr.attrib.seq_num);
                                return;
                        }
                }
                psta->RxMgmtFrameSeqNum = precv_frame->u.hdr.attrib.seq_num;
        }

        switch (GetFrameSubType(pframe)) {
        case WIFI_AUTH:
                if (check_fwstate(pmlmepriv, WIFI_AP_STATE) == true)
                        ptable->func = &OnAuth;
                else
                        ptable->func = &OnAuthClient;
                /* pass through */
        case WIFI_ASSOCREQ:
        case WIFI_REASSOCREQ:
                _mgt_dispatcher(padapter, ptable, precv_frame);
                break;
        case WIFI_PROBEREQ:
                _mgt_dispatcher(padapter, ptable, precv_frame);
                break;
        case WIFI_BEACON:
                _mgt_dispatcher(padapter, ptable, precv_frame);
                break;
        case WIFI_ACTION:
                /* if (check_fwstate(pmlmepriv, WIFI_AP_STATE) == true) */
                _mgt_dispatcher(padapter, ptable, precv_frame);
                break;
        default:
                _mgt_dispatcher(padapter, ptable, precv_frame);
                break;
        }
}

/****************************************************************************

Following are the callback functions for each subtype of the management frames

*****************************************************************************/

unsigned int OnProbeReq(struct adapter *padapter, union recv_frame *precv_frame)
{
        unsigned int    ielen;
        unsigned char *p;
        struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
        struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
        struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
        struct wlan_bssid_ex    *cur = &(pmlmeinfo->network);
        u8 *pframe = precv_frame->u.hdr.rx_data;
        uint len = precv_frame->u.hdr.len;
        u8 is_valid_p2p_probereq = false;

        if (check_fwstate(pmlmepriv, WIFI_STATION_STATE))
                return _SUCCESS;

        if (check_fwstate(pmlmepriv, _FW_LINKED) == false &&
                check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE|WIFI_AP_STATE) == false) {
                return _SUCCESS;
        }


        /* DBG_871X("+OnProbeReq\n"); */

#ifdef CONFIG_AUTO_AP_MODE
        if (check_fwstate(pmlmepriv, _FW_LINKED) == true &&
                        pmlmepriv->cur_network.join_res == true) {
                struct sta_info *psta;
                u8 *mac_addr, *peer_addr;
                struct sta_priv *pstapriv = &padapter->stapriv;
                u8 RC_OUI[4] = {0x00, 0xE0, 0x4C, 0x0A};
                /* EID[1] + EID_LEN[1] + RC_OUI[4] + MAC[6] + PairingID[2] + ChannelNum[2] */

                p = rtw_get_ie(pframe + WLAN_HDR_A3_LEN + _PROBEREQ_IE_OFFSET_, _VENDOR_SPECIFIC_IE_, (int *)&ielen,
                        len - WLAN_HDR_A3_LEN - _PROBEREQ_IE_OFFSET_);

                if (!p || ielen != 14)
                        goto _non_rc_device;

                if (memcmp(p+2, RC_OUI, sizeof(RC_OUI)))
                        goto _non_rc_device;

                if (memcmp(p+6, get_sa(pframe), ETH_ALEN)) {
                        DBG_871X("%s, do rc pairing ("MAC_FMT"), but mac addr mismatch!("MAC_FMT")\n", __func__,
                                MAC_ARG(get_sa(pframe)), MAC_ARG(p+6));

                        goto _non_rc_device;
                }

                DBG_871X("%s, got the pairing device("MAC_FMT")\n", __func__,  MAC_ARG(get_sa(pframe)));

                /* new a station */
                psta = rtw_get_stainfo(pstapriv, get_sa(pframe));
                if (psta == NULL) {
                        /*  allocate a new one */
                        DBG_871X("going to alloc stainfo for rc ="MAC_FMT"\n",  MAC_ARG(get_sa(pframe)));
                        psta = rtw_alloc_stainfo(pstapriv, get_sa(pframe));
                        if (psta == NULL) {
                                /* TODO: */
                                DBG_871X(" Exceed the upper limit of supported clients...\n");
                                return _SUCCESS;
                        }

                        spin_lock_bh(&pstapriv->asoc_list_lock);
                        if (list_empty(&psta->asoc_list)) {
                                psta->expire_to = pstapriv->expire_to;
                                list_add_tail(&psta->asoc_list, &pstapriv->asoc_list);
                                pstapriv->asoc_list_cnt++;
                        }
                        spin_unlock_bh(&pstapriv->asoc_list_lock);

                        /* generate pairing ID */
                        mac_addr = myid(&(padapter->eeprompriv));
                        peer_addr = psta->hwaddr;
                        psta->pid = (u16)(((mac_addr[4]<<8) + mac_addr[5]) + ((peer_addr[4]<<8) + peer_addr[5]));

                        /* update peer stainfo */
                        psta->isrc = true;
                        /* psta->aid = 0; */
                        /* psta->mac_id = 2; */

                        /* get a unique AID */
                        if (psta->aid > 0) {
                                DBG_871X("old AID %d\n", psta->aid);
                        } else {
                                for (psta->aid = 1; psta->aid <= NUM_STA; psta->aid++)
                                        if (pstapriv->sta_aid[psta->aid - 1] == NULL)
                                                break;

                                if (psta->aid > pstapriv->max_num_sta) {
                                        psta->aid = 0;
                                        DBG_871X("no room for more AIDs\n");
                                        return _SUCCESS;
                                } else {
                                        pstapriv->sta_aid[psta->aid - 1] = psta;
                                        DBG_871X("allocate new AID = (%d)\n", psta->aid);
                                }
                        }

                        psta->qos_option = 1;
                        psta->bw_mode = CHANNEL_WIDTH_20;
                        psta->ieee8021x_blocked = false;
                        psta->htpriv.ht_option = true;
                        psta->htpriv.ampdu_enable = false;
                        psta->htpriv.sgi_20m = false;
                        psta->htpriv.sgi_40m = false;
                        psta->htpriv.ch_offset = HAL_PRIME_CHNL_OFFSET_DONT_CARE;
                        psta->htpriv.agg_enable_bitmap = 0x0;/* reset */
                        psta->htpriv.candidate_tid_bitmap = 0x0;/* reset */

                        rtw_hal_set_odm_var(padapter, HAL_ODM_STA_INFO, psta, true);

                        memset((void *)&psta->sta_stats, 0, sizeof(struct stainfo_stats));

                        spin_lock_bh(&psta->lock);
                        psta->state |= _FW_LINKED;
                        spin_unlock_bh(&psta->lock);

                        report_add_sta_event(padapter, psta->hwaddr, psta->aid);

                }

                issue_probersp(padapter, get_sa(pframe), false);

                return _SUCCESS;

        }

_non_rc_device:

        return _SUCCESS;

#endif /* CONFIG_AUTO_AP_MODE */

        p = rtw_get_ie(pframe + WLAN_HDR_A3_LEN + _PROBEREQ_IE_OFFSET_, _SSID_IE_, (int *)&ielen,
                        len - WLAN_HDR_A3_LEN - _PROBEREQ_IE_OFFSET_);


        /* check (wildcard) SSID */
        if (p != NULL) {
                if (is_valid_p2p_probereq == true)
                        goto _issue_probersp;

                if ((ielen != 0 && false == !memcmp((void *)(p+2), (void *)cur->Ssid.Ssid, cur->Ssid.SsidLength))
                        || (ielen == 0 && pmlmeinfo->hidden_ssid_mode)
                )
                        return _SUCCESS;

_issue_probersp:
                if (((check_fwstate(pmlmepriv, _FW_LINKED) == true &&
                        pmlmepriv->cur_network.join_res == true)) || check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) {
                        /* DBG_871X("+issue_probersp during ap mode\n"); */
                        issue_probersp(padapter, get_sa(pframe), is_valid_p2p_probereq);
                }

        }

        return _SUCCESS;

}

unsigned int OnProbeRsp(struct adapter *padapter, union recv_frame *precv_frame)
{
        struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;

        if (pmlmeext->sitesurvey_res.state == SCAN_PROCESS) {
                report_survey_event(padapter, precv_frame);
                return _SUCCESS;
        }

        return _SUCCESS;

}

unsigned int OnBeacon(struct adapter *padapter, union recv_frame *precv_frame)
{
        int cam_idx;
        struct sta_info *psta;
        struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
        struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
        struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
        struct sta_priv *pstapriv = &padapter->stapriv;
        u8 *pframe = precv_frame->u.hdr.rx_data;
        uint len = precv_frame->u.hdr.len;
        struct wlan_bssid_ex *pbss;
        int ret = _SUCCESS;
        u8 *p = NULL;
        u32 ielen = 0;

        p = rtw_get_ie(pframe + sizeof(struct ieee80211_hdr_3addr) + _BEACON_IE_OFFSET_, _EXT_SUPPORTEDRATES_IE_, &ielen, precv_frame->u.hdr.len - sizeof(struct ieee80211_hdr_3addr) - _BEACON_IE_OFFSET_);
        if ((p != NULL) && (ielen > 0)) {
                if ((*(p + 1 + ielen) == 0x2D) && (*(p + 2 + ielen) != 0x2D)) {
                        /* Invalid value 0x2D is detected in Extended Supported Rates (ESR) IE. Try to fix the IE length to avoid failed Beacon parsing. */
                        DBG_871X("[WIFIDBG] Error in ESR IE is detected in Beacon of BSSID:"MAC_FMT". Fix the length of ESR IE to avoid failed Beacon parsing.\n", MAC_ARG(GetAddr3Ptr(pframe)));
                        *(p + 1) = ielen - 1;
                }
        }

        if (pmlmeext->sitesurvey_res.state == SCAN_PROCESS) {
                report_survey_event(padapter, precv_frame);
                return _SUCCESS;
        }

        if (!memcmp(GetAddr3Ptr(pframe), get_my_bssid(&pmlmeinfo->network), ETH_ALEN)) {
                if (pmlmeinfo->state & WIFI_FW_AUTH_NULL) {
                        /* we should update current network before auth, or some IE is wrong */
                        pbss = (struct wlan_bssid_ex *)rtw_malloc(sizeof(struct wlan_bssid_ex));
                        if (pbss) {
                                if (collect_bss_info(padapter, precv_frame, pbss) == _SUCCESS) {
                                        update_network(&(pmlmepriv->cur_network.network), pbss, padapter, true);
                                        rtw_get_bcn_info(&(pmlmepriv->cur_network));
                                }
                                kfree((u8 *)pbss);
                        }

                        /* check the vendor of the assoc AP */
                        pmlmeinfo->assoc_AP_vendor = check_assoc_AP(pframe+sizeof(struct ieee80211_hdr_3addr), len-sizeof(struct ieee80211_hdr_3addr));

                        /* update TSF Value */
                        update_TSF(pmlmeext, pframe, len);

                        /* reset for adaptive_early_32k */
                        pmlmeext->adaptive_tsf_done = false;
                        pmlmeext->DrvBcnEarly = 0xff;
                        pmlmeext->DrvBcnTimeOut = 0xff;
                        pmlmeext->bcn_cnt = 0;
                        memset(pmlmeext->bcn_delay_cnt, 0, sizeof(pmlmeext->bcn_delay_cnt));
                        memset(pmlmeext->bcn_delay_ratio, 0, sizeof(pmlmeext->bcn_delay_ratio));

                        /* start auth */
                        start_clnt_auth(padapter);

                        return _SUCCESS;
                }

                if (((pmlmeinfo->state&0x03) == WIFI_FW_STATION_STATE) && (pmlmeinfo->state & WIFI_FW_ASSOC_SUCCESS)) {
                        psta = rtw_get_stainfo(pstapriv, GetAddr2Ptr(pframe));
                        if (psta != NULL) {
                                ret = rtw_check_bcn_info(padapter, pframe, len);
                                if (!ret) {
                                                DBG_871X_LEVEL(_drv_always_, "ap has changed, disconnect now\n ");
                                                receive_disconnect(padapter, pmlmeinfo->network.MacAddress, 0);
                                                return _SUCCESS;
                                }
                                /* update WMM, ERP in the beacon */
                                /* todo: the timer is used instead of the number of the beacon received */
                                if ((sta_rx_pkts(psta) & 0xf) == 0)
                                        /* DBG_871X("update_bcn_info\n"); */
                                        update_beacon_info(padapter, pframe, len, psta);

                                adaptive_early_32k(pmlmeext, pframe, len);
                        }
                } else if ((pmlmeinfo->state&0x03) == WIFI_FW_ADHOC_STATE) {
                        psta = rtw_get_stainfo(pstapriv, GetAddr2Ptr(pframe));
                        if (psta != NULL) {
                                /* update WMM, ERP in the beacon */
                                /* todo: the timer is used instead of the number of the beacon received */
                                if ((sta_rx_pkts(psta) & 0xf) == 0) {
                                        /* DBG_871X("update_bcn_info\n"); */
                                        update_beacon_info(padapter, pframe, len, psta);
                                }
                        } else{
                                /* allocate a new CAM entry for IBSS station */
                                cam_idx = allocate_fw_sta_entry(padapter);
                                if (cam_idx == NUM_STA)
                                        goto _END_ONBEACON_;

                                /* get supported rate */
                                if (update_sta_support_rate(padapter, (pframe + WLAN_HDR_A3_LEN + _BEACON_IE_OFFSET_), (len - WLAN_HDR_A3_LEN - _BEACON_IE_OFFSET_), cam_idx) == _FAIL) {
                                        pmlmeinfo->FW_sta_info[cam_idx].status = 0;
                                        goto _END_ONBEACON_;
                                }

                                /* update TSF Value */
                                update_TSF(pmlmeext, pframe, len);

                                /* report sta add event */
                                report_add_sta_event(padapter, GetAddr2Ptr(pframe), cam_idx);
                        }
                }
        }

_END_ONBEACON_:

        return _SUCCESS;

}

unsigned int OnAuth(struct adapter *padapter, union recv_frame *precv_frame)
{
        unsigned int    auth_mode, seq, ie_len;
        unsigned char *sa, *p;
        u16 algorithm;
        int     status;
        static struct sta_info stat;
        struct  sta_info *pstat = NULL;
        struct  sta_priv *pstapriv = &padapter->stapriv;
        struct security_priv *psecuritypriv = &padapter->securitypriv;
        struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
        struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
        u8 *pframe = precv_frame->u.hdr.rx_data;
        uint len = precv_frame->u.hdr.len;
        u8 offset = 0;

        if ((pmlmeinfo->state&0x03) != WIFI_FW_AP_STATE)
                return _FAIL;

        DBG_871X("+OnAuth\n");

        sa = GetAddr2Ptr(pframe);

        auth_mode = psecuritypriv->dot11AuthAlgrthm;

        if (GetPrivacy(pframe)) {
                u8 *iv;
                struct rx_pkt_attrib     *prxattrib = &(precv_frame->u.hdr.attrib);

                prxattrib->hdrlen = WLAN_HDR_A3_LEN;
                prxattrib->encrypt = _WEP40_;

                iv = pframe+prxattrib->hdrlen;
                prxattrib->key_index = ((iv[3]>>6)&0x3);

                prxattrib->iv_len = 4;
                prxattrib->icv_len = 4;

                rtw_wep_decrypt(padapter, (u8 *)precv_frame);

                offset = 4;
        }

        algorithm = le16_to_cpu(*(__le16 *)((SIZE_PTR)pframe + WLAN_HDR_A3_LEN + offset));
        seq     = le16_to_cpu(*(__le16 *)((SIZE_PTR)pframe + WLAN_HDR_A3_LEN + offset + 2));

        DBG_871X("auth alg =%x, seq =%X\n", algorithm, seq);

        if (auth_mode == 2 &&
                        psecuritypriv->dot11PrivacyAlgrthm != _WEP40_ &&
                        psecuritypriv->dot11PrivacyAlgrthm != _WEP104_)
                auth_mode = 0;

        if ((algorithm > 0 && auth_mode == 0) ||        /*  rx a shared-key auth but shared not enabled */
                (algorithm == 0 && auth_mode == 1)) {   /*  rx a open-system auth but shared-key is enabled */
                DBG_871X("auth rejected due to bad alg [alg =%d, auth_mib =%d] %02X%02X%02X%02X%02X%02X\n",
                        algorithm, auth_mode, sa[0], sa[1], sa[2], sa[3], sa[4], sa[5]);

                status = _STATS_NO_SUPP_ALG_;

                goto auth_fail;
        }

        if (rtw_access_ctrl(padapter, sa) == false) {
                status = _STATS_UNABLE_HANDLE_STA_;
                goto auth_fail;
        }

        pstat = rtw_get_stainfo(pstapriv, sa);
        if (pstat == NULL) {

                /*  allocate a new one */
                DBG_871X("going to alloc stainfo for sa ="MAC_FMT"\n",  MAC_ARG(sa));
                pstat = rtw_alloc_stainfo(pstapriv, sa);
                if (pstat == NULL) {
                        DBG_871X(" Exceed the upper limit of supported clients...\n");
                        status = _STATS_UNABLE_HANDLE_STA_;
                        goto auth_fail;
                }

                pstat->state = WIFI_FW_AUTH_NULL;
                pstat->auth_seq = 0;

                /* pstat->flags = 0; */
                /* pstat->capability = 0; */
        } else{

                spin_lock_bh(&pstapriv->asoc_list_lock);
                if (list_empty(&pstat->asoc_list) == false) {
                        list_del_init(&pstat->asoc_list);
                        pstapriv->asoc_list_cnt--;
                        if (pstat->expire_to > 0) {
                                /* TODO: STA re_auth within expire_to */
                        }
                }
                spin_unlock_bh(&pstapriv->asoc_list_lock);

                if (seq == 1) {

                        /* TODO: STA re_auth and auth timeout */
                }
        }

        spin_lock_bh(&pstapriv->auth_list_lock);
        if (list_empty(&pstat->auth_list)) {

                list_add_tail(&pstat->auth_list, &pstapriv->auth_list);
                pstapriv->auth_list_cnt++;
        }
        spin_unlock_bh(&pstapriv->auth_list_lock);

        if (pstat->auth_seq == 0)
                pstat->expire_to = pstapriv->auth_to;


        if ((pstat->auth_seq + 1) != seq) {
                DBG_871X("(1)auth rejected because out of seq [rx_seq =%d, exp_seq =%d]!\n",
                        seq, pstat->auth_seq+1);
                status = _STATS_OUT_OF_AUTH_SEQ_;
                goto auth_fail;
        }

        if (algorithm == 0 && (auth_mode == 0 || auth_mode == 2 || auth_mode == 3)) {
                if (seq == 1) {
                        pstat->state &= ~WIFI_FW_AUTH_NULL;
                        pstat->state |= WIFI_FW_AUTH_SUCCESS;
                        pstat->expire_to = pstapriv->assoc_to;
                        pstat->authalg = algorithm;
                } else{
                        DBG_871X("(2)auth rejected because out of seq [rx_seq =%d, exp_seq =%d]!\n",
                                seq, pstat->auth_seq+1);
                        status = _STATS_OUT_OF_AUTH_SEQ_;
                        goto auth_fail;
                }
        } else{ /*  shared system or auto authentication */
                if (seq == 1) {
                        /* prepare for the challenging txt... */
                        memset((void *)pstat->chg_txt, 78, 128);

                        pstat->state &= ~WIFI_FW_AUTH_NULL;
                        pstat->state |= WIFI_FW_AUTH_STATE;
                        pstat->authalg = algorithm;
                        pstat->auth_seq = 2;
                } else if (seq == 3) {
                        /* checking for challenging txt... */
                        DBG_871X("checking for challenging txt...\n");

                        p = rtw_get_ie(pframe + WLAN_HDR_A3_LEN + 4 + _AUTH_IE_OFFSET_, _CHLGETXT_IE_, (int *)&ie_len,
                                        len - WLAN_HDR_A3_LEN - _AUTH_IE_OFFSET_ - 4);

                        if ((p == NULL) || (ie_len <= 0)) {
                                DBG_871X("auth rejected because challenge failure!(1)\n");
                                status = _STATS_CHALLENGE_FAIL_;
                                goto auth_fail;
                        }

                        if (!memcmp((void *)(p + 2), pstat->chg_txt, 128)) {
                                pstat->state &= (~WIFI_FW_AUTH_STATE);
                                pstat->state |= WIFI_FW_AUTH_SUCCESS;
                                /*  challenging txt is correct... */
                                pstat->expire_to =  pstapriv->assoc_to;
                        } else{
                                DBG_871X("auth rejected because challenge failure!\n");
                                status = _STATS_CHALLENGE_FAIL_;
                                goto auth_fail;
                        }
                } else{
                        DBG_871X("(3)auth rejected because out of seq [rx_seq =%d, exp_seq =%d]!\n",
                                seq, pstat->auth_seq+1);
                        status = _STATS_OUT_OF_AUTH_SEQ_;
                        goto auth_fail;
                }
        }


        /*  Now, we are going to issue_auth... */
        pstat->auth_seq = seq + 1;

        issue_auth(padapter, pstat, (unsigned short)(_STATS_SUCCESSFUL_));

        if (pstat->state & WIFI_FW_AUTH_SUCCESS)
                pstat->auth_seq = 0;


        return _SUCCESS;

auth_fail:

        if (pstat)
                rtw_free_stainfo(padapter, pstat);

        pstat = &stat;
        memset((char *)pstat, '\0', sizeof(stat));
        pstat->auth_seq = 2;
        memcpy(pstat->hwaddr, sa, 6);

        issue_auth(padapter, pstat, (unsigned short)status);

        return _FAIL;

}

unsigned int OnAuthClient(struct adapter *padapter, union recv_frame *precv_frame)
{
        unsigned int    seq, len, status, algthm, offset;
        unsigned char *p;
        unsigned int    go2asoc = 0;
        struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
        struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
        u8 *pframe = precv_frame->u.hdr.rx_data;
        uint pkt_len = precv_frame->u.hdr.len;

        DBG_871X("%s\n", __func__);

        /* check A1 matches or not */
        if (memcmp(myid(&(padapter->eeprompriv)), get_da(pframe), ETH_ALEN))
                return _SUCCESS;

        if (!(pmlmeinfo->state & WIFI_FW_AUTH_STATE))
                return _SUCCESS;

        offset = (GetPrivacy(pframe)) ? 4 : 0;

        algthm  = le16_to_cpu(*(__le16 *)((SIZE_PTR)pframe + WLAN_HDR_A3_LEN + offset));
        seq     = le16_to_cpu(*(__le16 *)((SIZE_PTR)pframe + WLAN_HDR_A3_LEN + offset + 2));
        status  = le16_to_cpu(*(__le16 *)((SIZE_PTR)pframe + WLAN_HDR_A3_LEN + offset + 4));

        if (status != 0) {
                DBG_871X("clnt auth fail, status: %d\n", status);
                if (status == 13) { /*  pmlmeinfo->auth_algo == dot11AuthAlgrthm_Auto) */
                        if (pmlmeinfo->auth_algo == dot11AuthAlgrthm_Shared)
                                pmlmeinfo->auth_algo = dot11AuthAlgrthm_Open;
                        else
                                pmlmeinfo->auth_algo = dot11AuthAlgrthm_Shared;
                        /* pmlmeinfo->reauth_count = 0; */
                }

                set_link_timer(pmlmeext, 1);
                goto authclnt_fail;
        }

        if (seq == 2) {
                if (pmlmeinfo->auth_algo == dot11AuthAlgrthm_Shared) {
                         /*  legendary shared system */
                        p = rtw_get_ie(pframe + WLAN_HDR_A3_LEN + _AUTH_IE_OFFSET_, _CHLGETXT_IE_, (int *)&len,
                                pkt_len - WLAN_HDR_A3_LEN - _AUTH_IE_OFFSET_);

                        if (p == NULL) {
                                /* DBG_871X("marc: no challenge text?\n"); */
                                goto authclnt_fail;
                        }

                        memcpy((void *)(pmlmeinfo->chg_txt), (void *)(p + 2), len);
                        pmlmeinfo->auth_seq = 3;
                        issue_auth(padapter, NULL, 0);
                        set_link_timer(pmlmeext, REAUTH_TO);

                        return _SUCCESS;
                } else{
                        /*  open system */
                        go2asoc = 1;
                }
        } else if (seq == 4) {
                if (pmlmeinfo->auth_algo == dot11AuthAlgrthm_Shared) {
                        go2asoc = 1;
                } else{
                        goto authclnt_fail;
                }
        } else{
                /*  this is also illegal */
                /* DBG_871X("marc: clnt auth failed due to illegal seq =%x\n", seq); */
                goto authclnt_fail;
        }

        if (go2asoc) {
                DBG_871X_LEVEL(_drv_always_, "auth success, start assoc\n");
                start_clnt_assoc(padapter);
                return _SUCCESS;
        }

authclnt_fail:

        /* pmlmeinfo->state &= ~(WIFI_FW_AUTH_STATE); */

        return _FAIL;

}

unsigned int OnAssocReq(struct adapter *padapter, union recv_frame *precv_frame)
{
        u16 capab_info, listen_interval;
        struct rtw_ieee802_11_elems elems;
        struct sta_info *pstat;
        unsigned char   reassoc, *p, *pos, *wpa_ie;
        unsigned char WMM_IE[] = {0x00, 0x50, 0xf2, 0x02, 0x00, 0x01};
        int             i, ie_len, wpa_ie_len, left;
        unsigned char   supportRate[16];
        int                                     supportRateNum;
        unsigned short          status = _STATS_SUCCESSFUL_;
        unsigned short          frame_type, ie_offset = 0;
        struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
        struct security_priv *psecuritypriv = &padapter->securitypriv;
        struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
        struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
        struct wlan_bssid_ex    *cur = &(pmlmeinfo->network);
        struct sta_priv *pstapriv = &padapter->stapriv;
        u8 *pframe = precv_frame->u.hdr.rx_data;
        uint pkt_len = precv_frame->u.hdr.len;

        if ((pmlmeinfo->state&0x03) != WIFI_FW_AP_STATE)
                return _FAIL;

        frame_type = GetFrameSubType(pframe);
        if (frame_type == WIFI_ASSOCREQ) {
                reassoc = 0;
                ie_offset = _ASOCREQ_IE_OFFSET_;
        } else{ /*  WIFI_REASSOCREQ */
                reassoc = 1;
                ie_offset = _REASOCREQ_IE_OFFSET_;
        }


        if (pkt_len < IEEE80211_3ADDR_LEN + ie_offset) {
                DBG_871X("handle_assoc(reassoc =%d) - too short payload (len =%lu)"
                       "\n", reassoc, (unsigned long)pkt_len);
                return _FAIL;
        }

        pstat = rtw_get_stainfo(pstapriv, GetAddr2Ptr(pframe));
        if (pstat == NULL) {
                status = _RSON_CLS2_;
                goto asoc_class2_error;
        }

        capab_info = RTW_GET_LE16(pframe + WLAN_HDR_A3_LEN);
        /* capab_info = le16_to_cpu(*(unsigned short *)(pframe + WLAN_HDR_A3_LEN)); */
        /* listen_interval = le16_to_cpu(*(unsigned short *)(pframe + WLAN_HDR_A3_LEN+2)); */
        listen_interval = RTW_GET_LE16(pframe + WLAN_HDR_A3_LEN+2);

        left = pkt_len - (IEEE80211_3ADDR_LEN + ie_offset);
        pos = pframe + (IEEE80211_3ADDR_LEN + ie_offset);


        DBG_871X("%s\n", __func__);

        /*  check if this stat has been successfully authenticated/assocated */
        if (!((pstat->state) & WIFI_FW_AUTH_SUCCESS)) {
                if (!((pstat->state) & WIFI_FW_ASSOC_SUCCESS)) {
                        status = _RSON_CLS2_;
                        goto asoc_class2_error;
                } else{
                        pstat->state &= (~WIFI_FW_ASSOC_SUCCESS);
                        pstat->state |= WIFI_FW_ASSOC_STATE;
                }
        } else{
                pstat->state &= (~WIFI_FW_AUTH_SUCCESS);
                pstat->state |= WIFI_FW_ASSOC_STATE;
        }


        pstat->capability = capab_info;

        /* now parse all ieee802_11 ie to point to elems */
        if (rtw_ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed ||
            !elems.ssid) {
                DBG_871X("STA " MAC_FMT " sent invalid association request\n",
                       MAC_ARG(pstat->hwaddr));
                status = _STATS_FAILURE_;
                goto OnAssocReqFail;
        }


        /*  now we should check all the fields... */
        /*  checking SSID */
        p = rtw_get_ie(pframe + WLAN_HDR_A3_LEN + ie_offset, _SSID_IE_, &ie_len,
                pkt_len - WLAN_HDR_A3_LEN - ie_offset);
        if (p == NULL) {
                status = _STATS_FAILURE_;
        }

        if (ie_len == 0) /*  broadcast ssid, however it is not allowed in assocreq */
                status = _STATS_FAILURE_;
        else {
                /*  check if ssid match */
                if (memcmp((void *)(p+2), cur->Ssid.Ssid, cur->Ssid.SsidLength))
                        status = _STATS_FAILURE_;

                if (ie_len != cur->Ssid.SsidLength)
                        status = _STATS_FAILURE_;
        }

        if (_STATS_SUCCESSFUL_ != status)
                goto OnAssocReqFail;

        /*  check if the supported rate is ok */
        p = rtw_get_ie(pframe + WLAN_HDR_A3_LEN + ie_offset, _SUPPORTEDRATES_IE_, &ie_len, pkt_len - WLAN_HDR_A3_LEN - ie_offset);
        if (p == NULL) {
                DBG_871X("Rx a sta assoc-req which supported rate is empty!\n");
                /*  use our own rate set as statoin used */
                /* memcpy(supportRate, AP_BSSRATE, AP_BSSRATE_LEN); */
                /* supportRateNum = AP_BSSRATE_LEN; */

                status = _STATS_FAILURE_;
                goto OnAssocReqFail;
        } else {
                memcpy(supportRate, p+2, ie_len);
                supportRateNum = ie_len;

                p = rtw_get_ie(pframe + WLAN_HDR_A3_LEN + ie_offset, _EXT_SUPPORTEDRATES_IE_, &ie_len,
                                pkt_len - WLAN_HDR_A3_LEN - ie_offset);
                if (p !=  NULL) {

                        if (supportRateNum <= sizeof(supportRate)) {
                                memcpy(supportRate+supportRateNum, p+2, ie_len);
                                supportRateNum += ie_len;
                        }
                }
        }

        /* todo: mask supportRate between AP & STA -> move to update raid */
        /* get_matched_rate(pmlmeext, supportRate, &supportRateNum, 0); */

        /* update station supportRate */
        pstat->bssratelen = supportRateNum;
        memcpy(pstat->bssrateset, supportRate, supportRateNum);
        UpdateBrateTblForSoftAP(pstat->bssrateset, pstat->bssratelen);

        /* check RSN/WPA/WPS */
        pstat->dot8021xalg = 0;
        pstat->wpa_psk = 0;
        pstat->wpa_group_cipher = 0;
        pstat->wpa2_group_cipher = 0;
        pstat->wpa_pairwise_cipher = 0;
        pstat->wpa2_pairwise_cipher = 0;
        memset(pstat->wpa_ie, 0, sizeof(pstat->wpa_ie));
        if ((psecuritypriv->wpa_psk & BIT(1)) && elems.rsn_ie) {

                int group_cipher = 0, pairwise_cipher = 0;

                wpa_ie = elems.rsn_ie;
                wpa_ie_len = elems.rsn_ie_len;

                if (rtw_parse_wpa2_ie(wpa_ie-2, wpa_ie_len+2, &group_cipher, &pairwise_cipher, NULL) == _SUCCESS) {
                        pstat->dot8021xalg = 1;/* psk,  todo:802.1x */
                        pstat->wpa_psk |= BIT(1);

                        pstat->wpa2_group_cipher = group_cipher&psecuritypriv->wpa2_group_cipher;
                        pstat->wpa2_pairwise_cipher = pairwise_cipher&psecuritypriv->wpa2_pairwise_cipher;

                        if (!pstat->wpa2_group_cipher)
                                status = WLAN_STATUS_GROUP_CIPHER_NOT_VALID;

                        if (!pstat->wpa2_pairwise_cipher)
                                status = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
                } else{
                        status = WLAN_STATUS_INVALID_IE;
                }

        } else if ((psecuritypriv->wpa_psk & BIT(0)) && elems.wpa_ie) {

                int group_cipher = 0, pairwise_cipher = 0;

                wpa_ie = elems.wpa_ie;
                wpa_ie_len = elems.wpa_ie_len;

                if (rtw_parse_wpa_ie(wpa_ie-2, wpa_ie_len+2, &group_cipher, &pairwise_cipher, NULL) == _SUCCESS) {
                        pstat->dot8021xalg = 1;/* psk,  todo:802.1x */
                        pstat->wpa_psk |= BIT(0);

                        pstat->wpa_group_cipher = group_cipher&psecuritypriv->wpa_group_cipher;
                        pstat->wpa_pairwise_cipher = pairwise_cipher&psecuritypriv->wpa_pairwise_cipher;

                        if (!pstat->wpa_group_cipher)
                                status = WLAN_STATUS_GROUP_CIPHER_NOT_VALID;

                        if (!pstat->wpa_pairwise_cipher)
                                status = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;

                } else{
                        status = WLAN_STATUS_INVALID_IE;
                }

        } else {
                wpa_ie = NULL;
                wpa_ie_len = 0;
        }

        if (_STATS_SUCCESSFUL_ != status)
                goto OnAssocReqFail;

        pstat->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS);
        if (wpa_ie == NULL) {
                if (elems.wps_ie) {
                        DBG_871X("STA included WPS IE in "
                                   "(Re)Association Request - assume WPS is "
                                   "used\n");
                        pstat->flags |= WLAN_STA_WPS;
                        /* wpabuf_free(sta->wps_ie); */
                        /* sta->wps_ie = wpabuf_alloc_copy(elems.wps_ie + 4, */
                        /*                              elems.wps_ie_len - 4); */
                } else {
                        DBG_871X("STA did not include WPA/RSN IE "
                                   "in (Re)Association Request - possible WPS "
                                   "use\n");
                        pstat->flags |= WLAN_STA_MAYBE_WPS;
                }


                /*  AP support WPA/RSN, and sta is going to do WPS, but AP is not ready */
                /*  that the selected registrar of AP is _FLASE */
                if ((psecuritypriv->wpa_psk > 0)
                        && (pstat->flags & (WLAN_STA_WPS|WLAN_STA_MAYBE_WPS))) {
                        if (pmlmepriv->wps_beacon_ie) {
                                u8 selected_registrar = 0;

                                rtw_get_wps_attr_content(pmlmepriv->wps_beacon_ie, pmlmepriv->wps_beacon_ie_len, WPS_ATTR_SELECTED_REGISTRAR, &selected_registrar, NULL);

                                if (!selected_registrar) {
                                        DBG_871X("selected_registrar is false , or AP is not ready to do WPS\n");

                                        status = _STATS_UNABLE_HANDLE_STA_;

                                        goto OnAssocReqFail;
                                }
                        }
                }

        } else{
                int copy_len;

                if (psecuritypriv->wpa_psk == 0) {
                        DBG_871X("STA " MAC_FMT ": WPA/RSN IE in association "
                        "request, but AP don't support WPA/RSN\n", MAC_ARG(pstat->hwaddr));

                        status = WLAN_STATUS_INVALID_IE;

                        goto OnAssocReqFail;

                }

                if (elems.wps_ie) {
                        DBG_871X("STA included WPS IE in "
                                   "(Re)Association Request - WPS is "
                                   "used\n");
                        pstat->flags |= WLAN_STA_WPS;
                        copy_len = 0;
                } else{
                        copy_len = ((wpa_ie_len+2) > sizeof(pstat->wpa_ie)) ? (sizeof(pstat->wpa_ie)):(wpa_ie_len+2);
                }


                if (copy_len > 0)
                        memcpy(pstat->wpa_ie, wpa_ie-2, copy_len);

        }


        /*  check if there is WMM IE & support WWM-PS */
        pstat->flags &= ~WLAN_STA_WME;
        pstat->qos_option = 0;
        pstat->qos_info = 0;
        pstat->has_legacy_ac = true;
        pstat->uapsd_vo = 0;
        pstat->uapsd_vi = 0;
        pstat->uapsd_be = 0;
        pstat->uapsd_bk = 0;
        if (pmlmepriv->qospriv.qos_option) {
                p = pframe + WLAN_HDR_A3_LEN + ie_offset; ie_len = 0;
                for (;;) {
                        p = rtw_get_ie(p, _VENDOR_SPECIFIC_IE_, &ie_len, pkt_len - WLAN_HDR_A3_LEN - ie_offset);
                        if (p != NULL) {
                                if (!memcmp(p+2, WMM_IE, 6)) {

                                        pstat->flags |= WLAN_STA_WME;

                                        pstat->qos_option = 1;
                                        pstat->qos_info = *(p+8);

                                        pstat->max_sp_len = (pstat->qos_info>>5)&0x3;

                                        if ((pstat->qos_info&0xf) != 0xf)
                                                pstat->has_legacy_ac = true;
                                        else
                                                pstat->has_legacy_ac = false;

                                        if (pstat->qos_info&0xf) {
                                                if (pstat->qos_info&BIT(0))
                                                        pstat->uapsd_vo = BIT(0)|BIT(1);
                                                else
                                                        pstat->uapsd_vo = 0;

                                                if (pstat->qos_info&BIT(1))
                                                        pstat->uapsd_vi = BIT(0)|BIT(1);
                                                else
                                                        pstat->uapsd_vi = 0;

                                                if (pstat->qos_info&BIT(2))
                                                        pstat->uapsd_bk = BIT(0)|BIT(1);
                                                else
                                                        pstat->uapsd_bk = 0;

                                                if (pstat->qos_info&BIT(3))
                                                        pstat->uapsd_be = BIT(0)|BIT(1);
                                                else
                                                        pstat->uapsd_be = 0;

                                        }

                                        break;
                                }
                        } else {
                                break;
                        }
                        p = p + ie_len + 2;
                }
        }

        /* save HT capabilities in the sta object */
        memset(&pstat->htpriv.ht_cap, 0, sizeof(struct rtw_ieee80211_ht_cap));
        if (elems.ht_capabilities && elems.ht_capabilities_len >= sizeof(struct rtw_ieee80211_ht_cap)) {
                pstat->flags |= WLAN_STA_HT;

                pstat->flags |= WLAN_STA_WME;

                memcpy(&pstat->htpriv.ht_cap, elems.ht_capabilities, sizeof(struct rtw_ieee80211_ht_cap));

        } else
                pstat->flags &= ~WLAN_STA_HT;


        if ((pmlmepriv->htpriv.ht_option == false) && (pstat->flags&WLAN_STA_HT)) {
                status = _STATS_FAILURE_;
                goto OnAssocReqFail;
        }


        if ((pstat->flags & WLAN_STA_HT) &&
                    ((pstat->wpa2_pairwise_cipher&WPA_CIPHER_TKIP) ||
                      (pstat->wpa_pairwise_cipher&WPA_CIPHER_TKIP))) {
                DBG_871X("HT: " MAC_FMT " tried to "
                                   "use TKIP with HT association\n", MAC_ARG(pstat->hwaddr));

                /* status = WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; */
                /* goto OnAssocReqFail; */
        }
        pstat->flags |= WLAN_STA_NONERP;
        for (i = 0; i < pstat->bssratelen; i++) {
                if ((pstat->bssrateset[i] & 0x7f) > 22) {
                        pstat->flags &= ~WLAN_STA_NONERP;
                        break;
                }
        }

        if (pstat->capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
                pstat->flags |= WLAN_STA_SHORT_PREAMBLE;
        else
                pstat->flags &= ~WLAN_STA_SHORT_PREAMBLE;



        if (status != _STATS_SUCCESSFUL_)
                goto OnAssocReqFail;

        /* TODO: identify_proprietary_vendor_ie(); */
        /*  Realtek proprietary IE */
        /*  identify if this is Broadcom sta */
        /*  identify if this is ralink sta */
        /*  Customer proprietary IE */



        /* get a unique AID */
        if (pstat->aid > 0) {
                DBG_871X("  old AID %d\n", pstat->aid);
        } else {
                for (pstat->aid = 1; pstat->aid < NUM_STA; pstat->aid++)
                        if (pstapriv->sta_aid[pstat->aid - 1] == NULL)
                                break;

                /* if (pstat->aid > NUM_STA) { */
                if (pstat->aid > pstapriv->max_num_sta) {

                        pstat->aid = 0;

                        DBG_871X("  no room for more AIDs\n");

                        status = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;

                        goto OnAssocReqFail;


                } else {
                        pstapriv->sta_aid[pstat->aid - 1] = pstat;
                        DBG_871X("allocate new AID = (%d)\n", pstat->aid);
                }
        }


        pstat->state &= (~WIFI_FW_ASSOC_STATE);
        pstat->state |= WIFI_FW_ASSOC_SUCCESS;

        spin_lock_bh(&pstapriv->auth_list_lock);
        if (!list_empty(&pstat->auth_list)) {
                list_del_init(&pstat->auth_list);
                pstapriv->auth_list_cnt--;
        }
        spin_unlock_bh(&pstapriv->auth_list_lock);

        spin_lock_bh(&pstapriv->asoc_list_lock);
        if (list_empty(&pstat->asoc_list)) {
                pstat->expire_to = pstapriv->expire_to;
                list_add_tail(&pstat->asoc_list, &pstapriv->asoc_list);
                pstapriv->asoc_list_cnt++;
        }
        spin_unlock_bh(&pstapriv->asoc_list_lock);

        /*  now the station is qualified to join our BSS... */
        if (pstat && (pstat->state & WIFI_FW_ASSOC_SUCCESS) && (_STATS_SUCCESSFUL_ == status)) {
                /* 1 bss_cap_update & sta_info_update */
                bss_cap_update_on_sta_join(padapter, pstat);
                sta_info_update(padapter, pstat);

                /* 2 issue assoc rsp before notify station join event. */
                if (frame_type == WIFI_ASSOCREQ)
                        issue_asocrsp(padapter, status, pstat, WIFI_ASSOCRSP);
                else
                        issue_asocrsp(padapter, status, pstat, WIFI_REASSOCRSP);

                spin_lock_bh(&pstat->lock);
                if (pstat->passoc_req) {
                        kfree(pstat->passoc_req);
                        pstat->passoc_req = NULL;
                        pstat->assoc_req_len = 0;
                }

                pstat->passoc_req =  rtw_zmalloc(pkt_len);
                if (pstat->passoc_req) {
                        memcpy(pstat->passoc_req, pframe, pkt_len);
                        pstat->assoc_req_len = pkt_len;
                }
                spin_unlock_bh(&pstat->lock);

                /* 3-(1) report sta add event */
                report_add_sta_event(padapter, pstat->hwaddr, pstat->aid);
        }

        return _SUCCESS;

asoc_class2_error:

        issue_deauth(padapter, (void *)GetAddr2Ptr(pframe), status);

        return _FAIL;

OnAssocReqFail:

        pstat->aid = 0;
        if (frame_type == WIFI_ASSOCREQ)
                issue_asocrsp(padapter, status, pstat, WIFI_ASSOCRSP);
        else
                issue_asocrsp(padapter, status, pstat, WIFI_REASSOCRSP);

        return _FAIL;
}

unsigned int OnAssocRsp(struct adapter *padapter, union recv_frame *precv_frame)
{
        uint i;
        int res;
        unsigned short  status;
        struct ndis_80211_var_ie *pIE;
        struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
        struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
        struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
        /* struct wlan_bssid_ex                 *cur_network = &(pmlmeinfo->network); */
        u8 *pframe = precv_frame->u.hdr.rx_data;
        uint pkt_len = precv_frame->u.hdr.len;

        DBG_871X("%s\n", __func__);

        /* check A1 matches or not */
        if (memcmp(myid(&(padapter->eeprompriv)), get_da(pframe), ETH_ALEN))
                return _SUCCESS;

        if (!(pmlmeinfo->state & (WIFI_FW_AUTH_SUCCESS | WIFI_FW_ASSOC_STATE)))
                return _SUCCESS;

        if (pmlmeinfo->state & WIFI_FW_ASSOC_SUCCESS)
                return _SUCCESS;

        del_timer_sync(&pmlmeext->link_timer);

        /* status */
        status = le16_to_cpu(*(__le16 *)(pframe + WLAN_HDR_A3_LEN + 2));
        if (status > 0) {
                DBG_871X("assoc reject, status code: %d\n", status);
                pmlmeinfo->state = WIFI_FW_NULL_STATE;
                res = -4;
                goto report_assoc_result;
        }

        /* get capabilities */
        pmlmeinfo->capability = le16_to_cpu(*(__le16 *)(pframe + WLAN_HDR_A3_LEN));

        /* set slot time */
        pmlmeinfo->slotTime = (pmlmeinfo->capability & BIT(10)) ? 9 : 20;

        /* AID */
        res = pmlmeinfo->aid = (int)(le16_to_cpu(*(__le16 *)(pframe + WLAN_HDR_A3_LEN + 4))&0x3fff);

        /* following are moved to join event callback function */
        /* to handle HT, WMM, rate adaptive, update MAC reg */
        /* for not to handle the synchronous IO in the tasklet */
        for (i = (6 + WLAN_HDR_A3_LEN); i < pkt_len;) {
                pIE = (struct ndis_80211_var_ie *)(pframe + i);

                switch (pIE->ElementID) {
                case _VENDOR_SPECIFIC_IE_:
                        if (!memcmp(pIE->data, WMM_PARA_OUI, 6))        /* WMM */
                                WMM_param_handler(padapter, pIE);
                        break;

                case _HT_CAPABILITY_IE_:        /* HT caps */
                        HT_caps_handler(padapter, pIE);
                        break;

                case _HT_EXTRA_INFO_IE_:        /* HT info */
                        HT_info_handler(padapter, pIE);
                        break;

                case _ERPINFO_IE_:
                        ERP_IE_handler(padapter, pIE);

                default:
                        break;
                }

                i += (pIE->Length + 2);
        }

        pmlmeinfo->state &= (~WIFI_FW_ASSOC_STATE);
        pmlmeinfo->state |= WIFI_FW_ASSOC_SUCCESS;

        /* Update Basic Rate Table for spec, 2010-12-28 , by thomas */
        UpdateBrateTbl(padapter, pmlmeinfo->network.SupportedRates);

report_assoc_result:
        if (res > 0) {
                rtw_buf_update(&pmlmepriv->assoc_rsp, &pmlmepriv->assoc_rsp_len, pframe, pkt_len);
        } else {
                rtw_buf_free(&pmlmepriv->assoc_rsp, &pmlmepriv->assoc_rsp_len);
        }

        report_join_res(padapter, res);

        return _SUCCESS;
}

unsigned int OnDeAuth(struct adapter *padapter, union recv_frame *precv_frame)
{
        unsigned short  reason;
        struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
        struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
        struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
        u8 *pframe = precv_frame->u.hdr.rx_data;

        /* check A3 */
        if (memcmp(GetAddr3Ptr(pframe), get_my_bssid(&pmlmeinfo->network), ETH_ALEN))
                return _SUCCESS;

        reason = le16_to_cpu(*(__le16 *)(pframe + WLAN_HDR_A3_LEN));

        DBG_871X("%s Reason code(%d)\n", __func__, reason);

        if (check_fwstate(pmlmepriv, WIFI_AP_STATE) == true) {
                struct sta_info *psta;
                struct sta_priv *pstapriv = &padapter->stapriv;

                /* spin_lock_bh(&(pstapriv->sta_hash_lock)); */
                /* rtw_free_stainfo(padapter, psta); */
                /* spin_unlock_bh(&(pstapriv->sta_hash_lock)); */

                DBG_871X_LEVEL(_drv_always_, "ap recv deauth reason code(%d) sta:%pM\n",
                                reason, GetAddr2Ptr(pframe));

                psta = rtw_get_stainfo(pstapriv, GetAddr2Ptr(pframe));
                if (psta) {
                        u8 updated = false;

                        spin_lock_bh(&pstapriv->asoc_list_lock);
                        if (list_empty(&psta->asoc_list) == false) {
                                list_del_init(&psta->asoc_list);
                                pstapriv->asoc_list_cnt--;
                                updated = ap_free_sta(padapter, psta, false, reason);

                        }
                        spin_unlock_bh(&pstapriv->asoc_list_lock);

                        associated_clients_update(padapter, updated);
                }


                return _SUCCESS;
        } else{
                int     ignore_received_deauth = 0;

                /*      Commented by Albert 20130604 */
                /*      Before sending the auth frame to start the STA/GC mode connection with AP/GO, */
                /*      we will send the deauth first. */
                /*      However, the Win8.1 with BRCM Wi-Fi will send the deauth with reason code 6 to us after receieving our deauth. */
                /*      Added the following code to avoid this case. */
                if ((pmlmeinfo->state & WIFI_FW_AUTH_STATE) ||
                        (pmlmeinfo->state & WIFI_FW_ASSOC_STATE)) {
                        if (reason == WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA) {
                                ignore_received_deauth = 1;
                        } else if (WLAN_REASON_PREV_AUTH_NOT_VALID == reason) {
                                /*  TODO: 802.11r */
                                ignore_received_deauth = 1;
                        }
                }

                DBG_871X_LEVEL(_drv_always_, "sta recv deauth reason code(%d) sta:%pM, ignore = %d\n",
                                reason, GetAddr3Ptr(pframe), ignore_received_deauth);

                if (0 == ignore_received_deauth) {
                        receive_disconnect(padapter, GetAddr3Ptr(pframe), reason);
                }
        }
        pmlmepriv->LinkDetectInfo.bBusyTraffic = false;
        return _SUCCESS;

}

unsigned int OnDisassoc(struct adapter *padapter, union recv_frame *precv_frame)
{
        unsigned short  reason;
        struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
        struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
        struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
        u8 *pframe = precv_frame->u.hdr.rx_data;

        /* check A3 */
        if (memcmp(GetAddr3Ptr(pframe), get_my_bssid(&pmlmeinfo->network), ETH_ALEN))
                return _SUCCESS;

        reason = le16_to_cpu(*(__le16 *)(pframe + WLAN_HDR_A3_LEN));

        DBG_871X("%s Reason code(%d)\n", __func__, reason);

        if (check_fwstate(pmlmepriv, WIFI_AP_STATE) == true) {
                struct sta_info *psta;
                struct sta_priv *pstapriv = &padapter->stapriv;

                /* spin_lock_bh(&(pstapriv->sta_hash_lock)); */
                /* rtw_free_stainfo(padapter, psta); */
                /* spin_unlock_bh(&(pstapriv->sta_hash_lock)); */

                DBG_871X_LEVEL(_drv_always_, "ap recv disassoc reason code(%d) sta:%pM\n",
                                reason, GetAddr2Ptr(pframe));

                psta = rtw_get_stainfo(pstapriv, GetAddr2Ptr(pframe));
                if (psta) {
                        u8 updated = false;

                        spin_lock_bh(&pstapriv->asoc_list_lock);
                        if (list_empty(&psta->asoc_list) == false) {
                                list_del_init(&psta->asoc_list);
                                pstapriv->asoc_list_cnt--;
                                updated = ap_free_sta(padapter, psta, false, reason);

                        }
                        spin_unlock_bh(&pstapriv->asoc_list_lock);

                        associated_clients_update(padapter, updated);
                }

                return _SUCCESS;
        } else{
                DBG_871X_LEVEL(_drv_always_, "sta recv disassoc reason code(%d) sta:%pM\n",
                                reason, GetAddr3Ptr(pframe));

                receive_disconnect(padapter, GetAddr3Ptr(pframe), reason);
        }
        pmlmepriv->LinkDetectInfo.bBusyTraffic = false;
        return _SUCCESS;

}

unsigned int OnAtim(struct adapter *padapter, union recv_frame *precv_frame)
{
        DBG_871X("%s\n", __func__);
        return _SUCCESS;
}

unsigned int on_action_spct(struct adapter *padapter, union recv_frame *precv_frame)
{
        unsigned int ret = _FAIL;
        struct sta_info *psta = NULL;
        struct sta_priv *pstapriv = &padapter->stapriv;
        u8 *pframe = precv_frame->u.hdr.rx_data;
        u8 *frame_body = (u8 *)(pframe + sizeof(struct ieee80211_hdr_3addr));
        u8 category;
        u8 action;

        DBG_871X(FUNC_NDEV_FMT"\n", FUNC_NDEV_ARG(padapter->pnetdev));

        psta = rtw_get_stainfo(pstapriv, GetAddr2Ptr(pframe));

        if (!psta)
                goto exit;

        category = frame_body[0];
        if (category != RTW_WLAN_CATEGORY_SPECTRUM_MGMT)
                goto exit;

        action = frame_body[1];
        switch (action) {
        case RTW_WLAN_ACTION_SPCT_MSR_REQ:
        case RTW_WLAN_ACTION_SPCT_MSR_RPRT:
        case RTW_WLAN_ACTION_SPCT_TPC_REQ:
        case RTW_WLAN_ACTION_SPCT_TPC_RPRT:
        case RTW_WLAN_ACTION_SPCT_CHL_SWITCH:
                break;
        default:
                break;
        }

exit:
        return ret;
}

unsigned int OnAction_back(struct adapter *padapter, union recv_frame *precv_frame)
{
        u8 *addr;
        struct sta_info *psta = NULL;
        struct recv_reorder_ctrl *preorder_ctrl;
        unsigned char   *frame_body;
        unsigned char   category, action;
        unsigned short  tid, status, reason_code = 0;
        struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
        struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
        u8 *pframe = precv_frame->u.hdr.rx_data;
        struct sta_priv *pstapriv = &padapter->stapriv;

        DBG_871X("%s\n", __func__);

        /* check RA matches or not */
        if (memcmp(myid(&(padapter->eeprompriv)), GetAddr1Ptr(pframe), ETH_ALEN))/* for if1, sta/ap mode */
                return _SUCCESS;

        if ((pmlmeinfo->state&0x03) != WIFI_FW_AP_STATE)
                if (!(pmlmeinfo->state & WIFI_FW_ASSOC_SUCCESS))
                        return _SUCCESS;

        addr = GetAddr2Ptr(pframe);
        psta = rtw_get_stainfo(pstapriv, addr);

        if (psta == NULL)
                return _SUCCESS;

        frame_body = (unsigned char *)(pframe + sizeof(struct ieee80211_hdr_3addr));

        category = frame_body[0];
        if (category == RTW_WLAN_CATEGORY_BACK) {/*  representing Block Ack */
                if (!pmlmeinfo->HT_enable) {
                        return _SUCCESS;
                }

                action = frame_body[1];
                DBG_871X("%s, action =%d\n", __func__, action);
                switch (action) {
                case RTW_WLAN_ACTION_ADDBA_REQ: /* ADDBA request */

                        memcpy(&(pmlmeinfo->ADDBA_req), &(frame_body[2]), sizeof(struct ADDBA_request));
                        /* process_addba_req(padapter, (u8 *)&(pmlmeinfo->ADDBA_req), GetAddr3Ptr(pframe)); */
                        process_addba_req(padapter, (u8 *)&(pmlmeinfo->ADDBA_req), addr);

                        if (pmlmeinfo->bAcceptAddbaReq == true) {
                                issue_action_BA(padapter, addr, RTW_WLAN_ACTION_ADDBA_RESP, 0);
                        } else{
                                issue_action_BA(padapter, addr, RTW_WLAN_ACTION_ADDBA_RESP, 37);/* reject ADDBA Req */
                        }

                        break;

                case RTW_WLAN_ACTION_ADDBA_RESP: /* ADDBA response */
                        status = RTW_GET_LE16(&frame_body[3]);
                        tid = ((frame_body[5] >> 2) & 0x7);

                        if (status == 0) {
                                /* successful */
                                DBG_871X("agg_enable for TID =%d\n", tid);
                                psta->htpriv.agg_enable_bitmap |= 1 << tid;
                                psta->htpriv.candidate_tid_bitmap &= ~BIT(tid);
                        } else{
                                psta->htpriv.agg_enable_bitmap &= ~BIT(tid);
                        }

                        if (psta->state & WIFI_STA_ALIVE_CHK_STATE) {

                                DBG_871X("%s alive check - rx ADDBA response\n", __func__);
                                psta->htpriv.agg_enable_bitmap &= ~BIT(tid);
                                psta->expire_to = pstapriv->expire_to;
                                psta->state ^= WIFI_STA_ALIVE_CHK_STATE;
                        }

                        /* DBG_871X("marc: ADDBA RSP: %x\n", pmlmeinfo->agg_enable_bitmap); */
                        break;

                case RTW_WLAN_ACTION_DELBA: /* DELBA */
                        if ((frame_body[3] & BIT(3)) == 0) {
                                psta->htpriv.agg_enable_bitmap &= ~(1 << ((frame_body[3] >> 4) & 0xf));
                                psta->htpriv.candidate_tid_bitmap &= ~(1 << ((frame_body[3] >> 4) & 0xf));

                                /* reason_code = frame_body[4] | (frame_body[5] << 8); */
                                reason_code = RTW_GET_LE16(&frame_body[4]);
                        } else if ((frame_body[3] & BIT(3)) == BIT(3)) {
                                tid = (frame_body[3] >> 4) & 0x0F;

                                preorder_ctrl =  &psta->recvreorder_ctrl[tid];
                                preorder_ctrl->enable = false;
                                preorder_ctrl->indicate_seq = 0xffff;
                                #ifdef DBG_RX_SEQ
                                DBG_871X("DBG_RX_SEQ %s:%d indicate_seq:%u\n", __func__, __LINE__,
                                        preorder_ctrl->indicate_seq);
                                #endif
                        }

                        DBG_871X("%s(): DELBA: %x(%x)\n", __func__, pmlmeinfo->agg_enable_bitmap, reason_code);
                        /* todo: how to notify the host while receiving DELETE BA */
                        break;

                default:
                        break;
                }
        }
        return _SUCCESS;
}

static s32 rtw_action_public_decache(union recv_frame *recv_frame, s32 token)
{
        struct adapter *adapter = recv_frame->u.hdr.adapter;
        struct mlme_ext_priv *mlmeext = &(adapter->mlmeextpriv);
        u8 *frame = recv_frame->u.hdr.rx_data;
        u16 seq_ctrl = ((recv_frame->u.hdr.attrib.seq_num&0xffff) << 4) |
                (recv_frame->u.hdr.attrib.frag_num & 0xf);

        if (GetRetry(frame)) {
                if (token >= 0) {
                        if ((seq_ctrl == mlmeext->action_public_rxseq)
                                && (token == mlmeext->action_public_dialog_token)) {
                                DBG_871X(FUNC_ADPT_FMT" seq_ctrl = 0x%x, rxseq = 0x%x, token:%d\n",
                                        FUNC_ADPT_ARG(adapter), seq_ctrl, mlmeext->action_public_rxseq, token);
                                return _FAIL;
                        }
                } else {
                        if (seq_ctrl == mlmeext->action_public_rxseq) {
                                DBG_871X(FUNC_ADPT_FMT" seq_ctrl = 0x%x, rxseq = 0x%x\n",
                                        FUNC_ADPT_ARG(adapter), seq_ctrl, mlmeext->action_public_rxseq);
                                return _FAIL;
                        }
                }
        }

        mlmeext->action_public_rxseq = seq_ctrl;

        if (token >= 0)
                mlmeext->action_public_dialog_token = token;

        return _SUCCESS;
}

static unsigned int on_action_public_p2p(union recv_frame *precv_frame)
{
        u8 *pframe = precv_frame->u.hdr.rx_data;
        u8 *frame_body;
        u8 dialogToken = 0;

        frame_body = (unsigned char *)(pframe + sizeof(struct ieee80211_hdr_3addr));

        dialogToken = frame_body[7];

        if (rtw_action_public_decache(precv_frame, dialogToken) == _FAIL)
                return _FAIL;

        return _SUCCESS;
}

static unsigned int on_action_public_vendor(union recv_frame *precv_frame)
{
        unsigned int ret = _FAIL;
        u8 *pframe = precv_frame->u.hdr.rx_data;
        u8 *frame_body = pframe + sizeof(struct ieee80211_hdr_3addr);

        if (!memcmp(frame_body + 2, P2P_OUI, 4)) {
                ret = on_action_public_p2p(precv_frame);
        }

        return ret;
}

static unsigned int on_action_public_default(union recv_frame *precv_frame, u8 action)
{
        unsigned int ret = _FAIL;
        u8 *pframe = precv_frame->u.hdr.rx_data;
        uint frame_len = precv_frame->u.hdr.len;
        u8 *frame_body = pframe + sizeof(struct ieee80211_hdr_3addr);
        u8 token;
        struct adapter *adapter = precv_frame->u.hdr.adapter;
        int cnt = 0;
        char msg[64];

        token = frame_body[2];

        if (rtw_action_public_decache(precv_frame, token) == _FAIL)
                goto exit;

        cnt += sprintf((msg+cnt), "%s(token:%u)", action_public_str(action), token);
        rtw_cfg80211_rx_action(adapter, pframe, frame_len, msg);

        ret = _SUCCESS;

exit:
        return ret;
}

unsigned int on_action_public(struct adapter *padapter, union recv_frame *precv_frame)
{
        unsigned int ret = _FAIL;
        u8 *pframe = precv_frame->u.hdr.rx_data;
        u8 *frame_body = pframe + sizeof(struct ieee80211_hdr_3addr);
        u8 category, action;

        /* check RA matches or not */
        if (memcmp(myid(&(padapter->eeprompriv)), GetAddr1Ptr(pframe), ETH_ALEN))
                goto exit;

        category = frame_body[0];
        if (category != RTW_WLAN_CATEGORY_PUBLIC)
                goto exit;

        action = frame_body[1];
        switch (action) {
        case ACT_PUBLIC_VENDOR:
                ret = on_action_public_vendor(precv_frame);
                break;
        default:
                ret = on_action_public_default(precv_frame, action);
                break;
        }

exit:
        return ret;
}

unsigned int OnAction_ht(struct adapter *padapter, union recv_frame *precv_frame)
{
        u8 *pframe = precv_frame->u.hdr.rx_data;
        u8 *frame_body = pframe + sizeof(struct ieee80211_hdr_3addr);
        u8 category, action;

        /* check RA matches or not */
        if (memcmp(myid(&(padapter->eeprompriv)), GetAddr1Ptr(pframe), ETH_ALEN))
                goto exit;

        category = frame_body[0];
        if (category != RTW_WLAN_CATEGORY_HT)
                goto exit;

        action = frame_body[1];
        switch (action) {
        case RTW_WLAN_ACTION_HT_COMPRESS_BEAMFORMING:
                break;
        default:
                break;
        }

exit:

        return _SUCCESS;
}

unsigned int OnAction_sa_query(struct adapter *padapter, union recv_frame *precv_frame)
{
        u8 *pframe = precv_frame->u.hdr.rx_data;
        struct rx_pkt_attrib *pattrib = &precv_frame->u.hdr.attrib;
        struct mlme_ext_priv *pmlmeext = &(padapter->mlmeextpriv);
        unsigned short tid;
        /* Baron */

        DBG_871X("OnAction_sa_query\n");

        switch (pframe[WLAN_HDR_A3_LEN+1]) {
        case 0: /* SA Query req */
                memcpy(&tid, &pframe[WLAN_HDR_A3_LEN+2], sizeof(unsigned short));
                DBG_871X("OnAction_sa_query request, action =%d, tid =%04x\n", pframe[WLAN_HDR_A3_LEN+1], tid);
                issue_action_SA_Query(padapter, GetAddr2Ptr(pframe), 1, tid);
                break;

        case 1: /* SA Query rsp */
                del_timer_sync(&pmlmeext->sa_query_timer);
                DBG_871X("OnAction_sa_query response, action =%d, tid =%04x, cancel timer\n", pframe[WLAN_HDR_A3_LEN+1], pframe[WLAN_HDR_A3_LEN+2]);
                break;
        default:
                break;
        }
        if (0) {
                int pp;
                printk("pattrib->pktlen = %d =>", pattrib->pkt_len);
                for (pp = 0; pp < pattrib->pkt_len; pp++)
                        printk(" %02x ", pframe[pp]);
                printk("\n");
        }

        return _SUCCESS;
}

unsigned int OnAction(struct adapter *padapter, union recv_frame *precv_frame)
{
        int i;
        unsigned char category;
        struct action_handler *ptable;
        unsigned char *frame_body;
        u8 *pframe = precv_frame->u.hdr.rx_data;

        frame_body = (unsigned char *)(pframe + sizeof(struct ieee80211_hdr_3addr));

        category = frame_body[0];

        for (i = 0; i < sizeof(OnAction_tbl)/sizeof(struct action_handler); i++) {
                ptable = &OnAction_tbl[i];

                if (category == ptable->num)
                        ptable->func(padapter, precv_frame);

        }

        return _SUCCESS;

}

unsigned int DoReserved(struct adapter *padapter, union recv_frame *precv_frame)
{

        /* DBG_871X("rcvd mgt frame(%x, %x)\n", (GetFrameSubType(pframe) >> 4), *(unsigned int *)GetAddr1Ptr(pframe)); */
        return _SUCCESS;
}

static struct xmit_frame *_alloc_mgtxmitframe(struct xmit_priv *pxmitpriv, bool once)
{
        struct xmit_frame *pmgntframe;
        struct xmit_buf *pxmitbuf;

        if (once)
                pmgntframe = rtw_alloc_xmitframe_once(pxmitpriv);
        else
                pmgntframe = rtw_alloc_xmitframe_ext(pxmitpriv);

        if (pmgntframe == NULL) {
                DBG_871X(FUNC_ADPT_FMT" alloc xmitframe fail, once:%d\n", FUNC_ADPT_ARG(pxmitpriv->adapter), once);
                goto exit;
        }

        pxmitbuf = rtw_alloc_xmitbuf_ext(pxmitpriv);
        if (pxmitbuf == NULL) {
                DBG_871X(FUNC_ADPT_FMT" alloc xmitbuf fail\n", FUNC_ADPT_ARG(pxmitpriv->adapter));
                rtw_free_xmitframe(pxmitpriv, pmgntframe);
                pmgntframe = NULL;
                goto exit;
        }

        pmgntframe->frame_tag = MGNT_FRAMETAG;
        pmgntframe->pxmitbuf = pxmitbuf;
        pmgntframe->buf_addr = pxmitbuf->pbuf;
        pxmitbuf->priv_data = pmgntframe;

exit:
        return pmgntframe;

}

inline struct xmit_frame *alloc_mgtxmitframe(struct xmit_priv *pxmitpriv)
{
        return _alloc_mgtxmitframe(pxmitpriv, false);
}

/****************************************************************************

Following are some TX fuctions for WiFi MLME

*****************************************************************************/

void update_mgnt_tx_rate(struct adapter *padapter, u8 rate)
{
        struct mlme_ext_priv *pmlmeext = &(padapter->mlmeextpriv);

        pmlmeext->tx_rate = rate;
        /* DBG_871X("%s(): rate = %x\n", __func__, rate); */
}

void update_mgntframe_attrib(struct adapter *padapter, struct pkt_attrib *pattrib)
{
        u8 wireless_mode;
        struct mlme_ext_priv *pmlmeext = &(padapter->mlmeextpriv);

        /* memset((u8 *)(pattrib), 0, sizeof(struct pkt_attrib)); */

        pattrib->hdrlen = 24;
        pattrib->nr_frags = 1;
        pattrib->priority = 7;
        pattrib->mac_id = 0;
        pattrib->qsel = 0x12;

        pattrib->pktlen = 0;

        if (pmlmeext->tx_rate == IEEE80211_CCK_RATE_1MB)
                wireless_mode = WIRELESS_11B;
        else
                wireless_mode = WIRELESS_11G;
        pattrib->raid =  rtw_get_mgntframe_raid(padapter, wireless_mode);
        pattrib->rate = pmlmeext->tx_rate;

        pattrib->encrypt = _NO_PRIVACY_;
        pattrib->bswenc = false;

        pattrib->qos_en = false;
        pattrib->ht_en = false;
        pattrib->bwmode = CHANNEL_WIDTH_20;
        pattrib->ch_offset = HAL_PRIME_CHNL_OFFSET_DONT_CARE;
        pattrib->sgi = false;

        pattrib->seqnum = pmlmeext->mgnt_seq;

        pattrib->retry_ctrl = true;

        pattrib->mbssid = 0;

}

void update_mgntframe_attrib_addr(struct adapter *padapter, struct xmit_frame *pmgntframe)
{
        u8 *pframe;
        struct pkt_attrib       *pattrib = &pmgntframe->attrib;

        pframe = (u8 *)(pmgntframe->buf_addr) + TXDESC_OFFSET;

        memcpy(pattrib->ra, GetAddr1Ptr(pframe), ETH_ALEN);
        memcpy(pattrib->ta, GetAddr2Ptr(pframe), ETH_ALEN);
}

void dump_mgntframe(struct adapter *padapter, struct xmit_frame *pmgntframe)
{
        if (padapter->bSurpriseRemoved == true ||
                padapter->bDriverStopped == true) {
                rtw_free_xmitbuf(&padapter->xmitpriv, pmgntframe->pxmitbuf);
                rtw_free_xmitframe(&padapter->xmitpriv, pmgntframe);
                return;
        }

        rtw_hal_mgnt_xmit(padapter, pmgntframe);
}

s32 dump_mgntframe_and_wait(struct adapter *padapter, struct xmit_frame *pmgntframe, int timeout_ms)
{
        s32 ret = _FAIL;
        _irqL irqL;
        struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
        struct xmit_buf *pxmitbuf = pmgntframe->pxmitbuf;
        struct submit_ctx sctx;

        if (padapter->bSurpriseRemoved == true ||
                padapter->bDriverStopped == true) {
                rtw_free_xmitbuf(&padapter->xmitpriv, pmgntframe->pxmitbuf);
                rtw_free_xmitframe(&padapter->xmitpriv, pmgntframe);
                return ret;
        }

        rtw_sctx_init(&sctx, timeout_ms);
        pxmitbuf->sctx = &sctx;

        ret = rtw_hal_mgnt_xmit(padapter, pmgntframe);

        if (ret == _SUCCESS)
                ret = rtw_sctx_wait(&sctx, __func__);

        spin_lock_irqsave(&pxmitpriv->lock_sctx, irqL);
        pxmitbuf->sctx = NULL;
        spin_unlock_irqrestore(&pxmitpriv->lock_sctx, irqL);

        return ret;
}

s32 dump_mgntframe_and_wait_ack(struct adapter *padapter, struct xmit_frame *pmgntframe)
{
        static u8 seq_no;
        s32 ret = _FAIL;
        u32 timeout_ms = 500;/*   500ms */
        struct xmit_priv *pxmitpriv = &padapter->xmitpriv;

        if (padapter->bSurpriseRemoved == true ||
                padapter->bDriverStopped == true) {
                rtw_free_xmitbuf(&padapter->xmitpriv, pmgntframe->pxmitbuf);
                rtw_free_xmitframe(&padapter->xmitpriv, pmgntframe);
                return -1;
        }

        if (mutex_lock_interruptible(&pxmitpriv->ack_tx_mutex) == 0) {
                pxmitpriv->ack_tx = true;
                pxmitpriv->seq_no = seq_no++;
                pmgntframe->ack_report = 1;
                if (rtw_hal_mgnt_xmit(padapter, pmgntframe) == _SUCCESS) {
                        ret = rtw_ack_tx_wait(pxmitpriv, timeout_ms);
                }

                pxmitpriv->ack_tx = false;
                mutex_unlock(&pxmitpriv->ack_tx_mutex);
        }

        return ret;
}

static int update_hidden_ssid(u8 *ies, u32 ies_len, u8 hidden_ssid_mode)
{
        u8 *ssid_ie;
        sint ssid_len_ori;
        int len_diff = 0;

        ssid_ie = rtw_get_ie(ies,  WLAN_EID_SSID, &ssid_len_ori, ies_len);

        /* DBG_871X("%s hidden_ssid_mode:%u, ssid_ie:%p, ssid_len_ori:%d\n", __func__, hidden_ssid_mode, ssid_ie, ssid_len_ori); */

        if (ssid_ie && ssid_len_ori > 0) {
                switch (hidden_ssid_mode) {
                case 1:
                {
                        u8 *next_ie = ssid_ie + 2 + ssid_len_ori;
                        u32 remain_len = 0;

                        remain_len = ies_len - (next_ie-ies);

                        ssid_ie[1] = 0;
                        memcpy(ssid_ie+2, next_ie, remain_len);
                        len_diff -= ssid_len_ori;

                        break;
                }
                case 2:
                        memset(&ssid_ie[2], 0, ssid_len_ori);
                        break;
                default:
                        break;
        }
        }

        return len_diff;
}

void issue_beacon(struct adapter *padapter, int timeout_ms)
{
        struct xmit_frame       *pmgntframe;
        struct pkt_attrib       *pattrib;
        unsigned char *pframe;
        struct ieee80211_hdr *pwlanhdr;
        __le16 *fctrl;
        unsigned int    rate_len;
        struct xmit_priv *pxmitpriv = &(padapter->xmitpriv);
        struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
        struct mlme_ext_priv *pmlmeext = &(padapter->mlmeextpriv);
        struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
        struct wlan_bssid_ex            *cur_network = &(pmlmeinfo->network);
        u8 bc_addr[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};

        /* DBG_871X("%s\n", __func__); */

        pmgntframe = alloc_mgtxmitframe(pxmitpriv);
        if (pmgntframe == NULL) {
                DBG_871X("%s, alloc mgnt frame fail\n", __func__);
                return;
        }

        spin_lock_bh(&pmlmepriv->bcn_update_lock);

        /* update attribute */
        pattrib = &pmgntframe->attrib;
        update_mgntframe_attrib(padapter, pattrib);
        pattrib->qsel = 0x10;

        memset(pmgntframe->buf_addr, 0, WLANHDR_OFFSET + TXDESC_OFFSET);

        pframe = (u8 *)(pmgntframe->buf_addr) + TXDESC_OFFSET;
        pwlanhdr = (struct ieee80211_hdr *)pframe;


        fctrl = &(pwlanhdr->frame_control);
        *(fctrl) = 0;

        memcpy(pwlanhdr->addr1, bc_addr, ETH_ALEN);
        memcpy(pwlanhdr->addr2, myid(&(padapter->eeprompriv)), ETH_ALEN);
        memcpy(pwlanhdr->addr3, get_my_bssid(cur_network), ETH_ALEN);

        SetSeqNum(pwlanhdr, 0/*pmlmeext->mgnt_seq*/);
        /* pmlmeext->mgnt_seq++; */
        SetFrameSubType(pframe, WIFI_BEACON);

        pframe += sizeof(struct ieee80211_hdr_3addr);
        pattrib->pktlen = sizeof(struct ieee80211_hdr_3addr);

        if ((pmlmeinfo->state&0x03) == WIFI_FW_AP_STATE) {
                /* DBG_871X("ie len =%d\n", cur_network->IELength); */
                {
                        int len_diff;
                        memcpy(pframe, cur_network->IEs, cur_network->IELength);
                        len_diff = update_hidden_ssid(
                                pframe+_BEACON_IE_OFFSET_
                                , cur_network->IELength-_BEACON_IE_OFFSET_
                                , pmlmeinfo->hidden_ssid_mode
                        );
                        pframe += (cur_network->IELength+len_diff);
                        pattrib->pktlen += (cur_network->IELength+len_diff);
                }

                {
                        u8 *wps_ie;
                        uint wps_ielen;
                        u8 sr = 0;
                        wps_ie = rtw_get_wps_ie(pmgntframe->buf_addr+TXDESC_OFFSET+sizeof(struct ieee80211_hdr_3addr)+_BEACON_IE_OFFSET_,
                                pattrib->pktlen-sizeof(struct ieee80211_hdr_3addr)-_BEACON_IE_OFFSET_, NULL, &wps_ielen);
                        if (wps_ie && wps_ielen > 0) {
                                rtw_get_wps_attr_content(wps_ie,  wps_ielen, WPS_ATTR_SELECTED_REGISTRAR, (u8 *)(&sr), NULL);
                        }
                        if (sr != 0)
                                set_fwstate(pmlmepriv, WIFI_UNDER_WPS);
                        else
                                _clr_fwstate_(pmlmepriv, WIFI_UNDER_WPS);
                }

                goto _issue_bcn;

        }

        /* below for ad-hoc mode */

        /* timestamp will be inserted by hardware */
        pframe += 8;
        pattrib->pktlen += 8;

        /*  beacon interval: 2 bytes */

        memcpy(pframe, (unsigned char *)(rtw_get_beacon_interval_from_ie(cur_network->IEs)), 2);

        pframe += 2;
        pattrib->pktlen += 2;

        /*  capability info: 2 bytes */

        memcpy(pframe, (unsigned char *)(rtw_get_capability_from_ie(cur_network->IEs)), 2);

        pframe += 2;
        pattrib->pktlen += 2;

        /*  SSID */
        pframe = rtw_set_ie(pframe, _SSID_IE_, cur_network->Ssid.SsidLength, cur_network->Ssid.Ssid, &pattrib->pktlen);

        /*  supported rates... */
        rate_len = rtw_get_rateset_len(cur_network->SupportedRates);
        pframe = rtw_set_ie(pframe, _SUPPORTEDRATES_IE_, ((rate_len > 8) ? 8 : rate_len), cur_network->SupportedRates, &pattrib->pktlen);

        /*  DS parameter set */
        pframe = rtw_set_ie(pframe, _DSSET_IE_, 1, (unsigned char *)&(cur_network->Configuration.DSConfig), &pattrib->pktlen);

        /* if ((pmlmeinfo->state&0x03) == WIFI_FW_ADHOC_STATE) */
        {
                u8 erpinfo = 0;
                u32 ATIMWindow;
                /*  IBSS Parameter Set... */
                /* ATIMWindow = cur->Configuration.ATIMWindow; */
                ATIMWindow = 0;
                pframe = rtw_set_ie(pframe, _IBSS_PARA_IE_, 2, (unsigned char *)(&ATIMWindow), &pattrib->pktlen);

                /* ERP IE */
                pframe = rtw_set_ie(pframe, _ERPINFO_IE_, 1, &erpinfo, &pattrib->pktlen);
        }


        /*  EXTERNDED SUPPORTED RATE */
        if (rate_len > 8) {
                pframe = rtw_set_ie(pframe, _EXT_SUPPORTEDRATES_IE_, (rate_len - 8), (cur_network->SupportedRates + 8), &pattrib->pktlen);
        }


        /* todo:HT for adhoc */

_issue_bcn:

        pmlmepriv->update_bcn = false;

        spin_unlock_bh(&pmlmepriv->bcn_update_lock);

        if ((pattrib->pktlen + TXDESC_SIZE) > 512) {
                DBG_871X("beacon frame too large\n");
                return;
        }

        pattrib->last_txcmdsz = pattrib->pktlen;

        /* DBG_871X("issue bcn_sz =%d\n", pattrib->last_txcmdsz); */
        if (timeout_ms > 0)
                dump_mgntframe_and_wait(padapter, pmgntframe, timeout_ms);
        else
                dump_mgntframe(padapter, pmgntframe);

}

void issue_probersp(struct adapter *padapter, unsigned char *da, u8 is_valid_p2p_probereq)
{
        struct xmit_frame                       *pmgntframe;
        struct pkt_attrib                       *pattrib;
        unsigned char                           *pframe;
        struct ieee80211_hdr    *pwlanhdr;
        __le16 *fctrl;
        unsigned char                           *mac, *bssid;
        struct xmit_priv *pxmitpriv = &(padapter->xmitpriv);

        u8 *pwps_ie;
        uint wps_ielen;
        struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
        struct mlme_ext_priv *pmlmeext = &(padapter->mlmeextpriv);
        struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
        struct wlan_bssid_ex            *cur_network = &(pmlmeinfo->network);
        unsigned int    rate_len;

        /* DBG_871X("%s\n", __func__); */

        if (da == NULL)
                return;

        pmgntframe = alloc_mgtxmitframe(pxmitpriv);
        if (pmgntframe == NULL) {
                DBG_871X("%s, alloc mgnt frame fail\n", __func__);
                return;
        }


        /* update attribute */
        pattrib = &pmgntframe->attrib;
        update_mgntframe_attrib(padapter, pattrib);

        memset(pmgntframe->buf_addr, 0, WLANHDR_OFFSET + TXDESC_OFFSET);

        pframe = (u8 *)(pmgntframe->buf_addr) + TXDESC_OFFSET;
        pwlanhdr = (struct ieee80211_hdr *)pframe;

        mac = myid(&(padapter->eeprompriv));
        bssid = cur_network->MacAddress;

        fctrl = &(pwlanhdr->frame_control);
        *(fctrl) = 0;
        memcpy(pwlanhdr->addr1, da, ETH_ALEN);
        memcpy(pwlanhdr->addr2, mac, ETH_ALEN);
        memcpy(pwlanhdr->addr3, bssid, ETH_ALEN);

        SetSeqNum(pwlanhdr, pmlmeext->mgnt_seq);
        pmlmeext->mgnt_seq++;
        SetFrameSubType(fctrl, WIFI_PROBERSP);

        pattrib->hdrlen = sizeof(struct ieee80211_hdr_3addr);
        pattrib->pktlen = pattrib->hdrlen;
        pframe += pattrib->hdrlen;


        if (cur_network->IELength > MAX_IE_SZ)
                return;

        if ((pmlmeinfo->state&0x03) == WIFI_FW_AP_STATE) {
                pwps_ie = rtw_get_wps_ie(cur_network->IEs+_FIXED_IE_LENGTH_, cur_network->IELength-_FIXED_IE_LENGTH_, NULL, &wps_ielen);

                /* inerset & update wps_probe_resp_ie */
                if ((pmlmepriv->wps_probe_resp_ie != NULL) && pwps_ie && (wps_ielen > 0)) {
                        uint wps_offset, remainder_ielen;
                        u8 *premainder_ie;

                        wps_offset = (uint)(pwps_ie - cur_network->IEs);

                        premainder_ie = pwps_ie + wps_ielen;

                        remainder_ielen = cur_network->IELength - wps_offset - wps_ielen;

                        memcpy(pframe, cur_network->IEs, wps_offset);
                        pframe += wps_offset;
                        pattrib->pktlen += wps_offset;

                        wps_ielen = (uint)pmlmepriv->wps_probe_resp_ie[1];/* to get ie data len */
                        if ((wps_offset+wps_ielen+2) <= MAX_IE_SZ) {
                                memcpy(pframe, pmlmepriv->wps_probe_resp_ie, wps_ielen+2);
                                pframe += wps_ielen+2;
                                pattrib->pktlen += wps_ielen+2;
                        }

                        if ((wps_offset+wps_ielen+2+remainder_ielen) <= MAX_IE_SZ) {
                                memcpy(pframe, premainder_ie, remainder_ielen);
                                pframe += remainder_ielen;
                                pattrib->pktlen += remainder_ielen;
                        }
                } else{
                        memcpy(pframe, cur_network->IEs, cur_network->IELength);
                        pframe += cur_network->IELength;
                        pattrib->pktlen += cur_network->IELength;
                }

                /* retrieve SSID IE from cur_network->Ssid */
                {
                        u8 *ssid_ie;
                        sint ssid_ielen;
                        sint ssid_ielen_diff;
                        u8 buf[MAX_IE_SZ];
                        u8 *ies = pmgntframe->buf_addr+TXDESC_OFFSET+sizeof(struct ieee80211_hdr_3addr);

                        ssid_ie = rtw_get_ie(ies+_FIXED_IE_LENGTH_, _SSID_IE_, &ssid_ielen,
                                (pframe-ies)-_FIXED_IE_LENGTH_);

                        ssid_ielen_diff = cur_network->Ssid.SsidLength - ssid_ielen;

                        if (ssid_ie &&  cur_network->Ssid.SsidLength) {
                                uint remainder_ielen;
                                u8 *remainder_ie;
                                remainder_ie = ssid_ie+2;
                                remainder_ielen = (pframe-remainder_ie);

                                if (remainder_ielen > MAX_IE_SZ) {
                                        DBG_871X_LEVEL(_drv_warning_, FUNC_ADPT_FMT" remainder_ielen > MAX_IE_SZ\n", FUNC_ADPT_ARG(padapter));
                                        remainder_ielen = MAX_IE_SZ;
                                }

                                memcpy(buf, remainder_ie, remainder_ielen);
                                memcpy(remainder_ie+ssid_ielen_diff, buf, remainder_ielen);
                                *(ssid_ie+1) = cur_network->Ssid.SsidLength;
                                memcpy(ssid_ie+2, cur_network->Ssid.Ssid, cur_network->Ssid.SsidLength);

                                pframe += ssid_ielen_diff;
                                pattrib->pktlen += ssid_ielen_diff;
                        }
                }
        } else{
                /* timestamp will be inserted by hardware */
                pframe += 8;
                pattrib->pktlen += 8;

                /*  beacon interval: 2 bytes */

                memcpy(pframe, (unsigned char *)(rtw_get_beacon_interval_from_ie(cur_network->IEs)), 2);

                pframe += 2;
                pattrib->pktlen += 2;

                /*  capability info: 2 bytes */

                memcpy(pframe, (unsigned char *)(rtw_get_capability_from_ie(cur_network->IEs)), 2);

                pframe += 2;
                pattrib->pktlen += 2;

                /* below for ad-hoc mode */

                /*  SSID */
                pframe = rtw_set_ie(pframe, _SSID_IE_, cur_network->Ssid.SsidLength, cur_network->Ssid.Ssid, &pattrib->pktlen);

                /*  supported rates... */
                rate_len = rtw_get_rateset_len(cur_network->SupportedRates);
                pframe = rtw_set_ie(pframe, _SUPPORTEDRATES_IE_, ((rate_len > 8) ? 8 : rate_len), cur_network->SupportedRates, &pattrib->pktlen);

                /*  DS parameter set */
                pframe = rtw_set_ie(pframe, _DSSET_IE_, 1, (unsigned char *)&(cur_network->Configuration.DSConfig), &pattrib->pktlen);

                if ((pmlmeinfo->state&0x03) == WIFI_FW_ADHOC_STATE) {
                        u8 erpinfo = 0;
                        u32 ATIMWindow;
                        /*  IBSS Parameter Set... */
                        /* ATIMWindow = cur->Configuration.ATIMWindow; */
                        ATIMWindow = 0;
                        pframe = rtw_set_ie(pframe, _IBSS_PARA_IE_, 2, (unsigned char *)(&ATIMWindow), &pattrib->pktlen);

                        /* ERP IE */
                        pframe = rtw_set_ie(pframe, _ERPINFO_IE_, 1, &erpinfo, &pattrib->pktlen);
                }


                /*  EXTERNDED SUPPORTED RATE */
                if (rate_len > 8) {
                        pframe = rtw_set_ie(pframe, _EXT_SUPPORTEDRATES_IE_, (rate_len - 8), (cur_network->SupportedRates + 8), &pattrib->pktlen);
                }


                /* todo:HT for adhoc */

        }

#ifdef CONFIG_AUTO_AP_MODE
{
        struct sta_info *psta;
        struct sta_priv *pstapriv = &padapter->stapriv;

        DBG_871X("(%s)\n", __func__);

        /* check rc station */
        psta = rtw_get_stainfo(pstapriv, da);
        if (psta && psta->isrc && psta->pid > 0) {
                u8 RC_OUI[4] = {0x00, 0xE0, 0x4C, 0x0A};
                u8 RC_INFO[14] = {0};
                /* EID[1] + EID_LEN[1] + RC_OUI[4] + MAC[6] + PairingID[2] + ChannelNum[2] */
                u16 cu_ch = (u16)cur_network->Configuration.DSConfig;

                DBG_871X("%s, reply rc(pid = 0x%x) device "MAC_FMT" in ch =%d\n", __func__,
                        psta->pid, MAC_ARG(psta->hwaddr), cu_ch);

                /* append vendor specific ie */
                memcpy(RC_INFO, RC_OUI, sizeof(RC_OUI));
                memcpy(&RC_INFO[4], mac, ETH_ALEN);
                memcpy(&RC_INFO[10], (u8 *)&psta->pid, 2);
                memcpy(&RC_INFO[12], (u8 *)&cu_ch, 2);

                pframe = rtw_set_ie(pframe, _VENDOR_SPECIFIC_IE_, sizeof(RC_INFO), RC_INFO, &pattrib->pktlen);
        }
}
#endif /* CONFIG_AUTO_AP_MODE */


        pattrib->last_txcmdsz = pattrib->pktlen;


        dump_mgntframe(padapter, pmgntframe);

        return;

}

static int _issue_probereq(struct adapter *padapter, struct ndis_802_11_ssid *pssid, u8 *da, u8 ch, bool append_wps, int wait_ack)
{
        int ret = _FAIL;
        struct xmit_frame               *pmgntframe;
        struct pkt_attrib               *pattrib;
        unsigned char           *pframe;
        struct ieee80211_hdr    *pwlanhdr;
        __le16 *fctrl;
        unsigned char           *mac;
        unsigned char           bssrate[NumRates];
        struct xmit_priv        *pxmitpriv = &(padapter->xmitpriv);
        struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
        struct mlme_ext_priv *pmlmeext = &(padapter->mlmeextpriv);
        int     bssrate_len = 0;
        u8 bc_addr[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};

        RT_TRACE(_module_rtl871x_mlme_c_, _drv_notice_, ("+issue_probereq\n"));

        pmgntframe = alloc_mgtxmitframe(pxmitpriv);
        if (pmgntframe == NULL)
                goto exit;

        /* update attribute */
        pattrib = &pmgntframe->attrib;
        update_mgntframe_attrib(padapter, pattrib);


        memset(pmgntframe->buf_addr, 0, WLANHDR_OFFSET + TXDESC_OFFSET);

        pframe = (u8 *)(pmgntframe->buf_addr) + TXDESC_OFFSET;
        pwlanhdr = (struct ieee80211_hdr *)pframe;

        mac = myid(&(padapter->eeprompriv));

        fctrl = &(pwlanhdr->frame_control);
        *(fctrl) = 0;

        if (da) {
                /*      unicast probe request frame */
                memcpy(pwlanhdr->addr1, da, ETH_ALEN);
                memcpy(pwlanhdr->addr3, da, ETH_ALEN);
        } else{
                /*      broadcast probe request frame */
                memcpy(pwlanhdr->addr1, bc_addr, ETH_ALEN);
                memcpy(pwlanhdr->addr3, bc_addr, ETH_ALEN);
        }

        memcpy(pwlanhdr->addr2, mac, ETH_ALEN);

        SetSeqNum(pwlanhdr, pmlmeext->mgnt_seq);
        pmlmeext->mgnt_seq++;
        SetFrameSubType(pframe, WIFI_PROBEREQ);

        pframe += sizeof(struct ieee80211_hdr_3addr);
        pattrib->pktlen = sizeof(struct ieee80211_hdr_3addr);

        if (pssid)
                pframe = rtw_set_ie(pframe, _SSID_IE_, pssid->SsidLength, pssid->Ssid, &(pattrib->pktlen));
        else
                pframe = rtw_set_ie(pframe, _SSID_IE_, 0, NULL, &(pattrib->pktlen));

        get_rate_set(padapter, bssrate, &bssrate_len);

        if (bssrate_len > 8) {
                pframe = rtw_set_ie(pframe, _SUPPORTEDRATES_IE_, 8, bssrate, &(pattrib->pktlen));
                pframe = rtw_set_ie(pframe, _EXT_SUPPORTEDRATES_IE_, (bssrate_len - 8), (bssrate + 8), &(pattrib->pktlen));
        } else{
                pframe = rtw_set_ie(pframe, _SUPPORTEDRATES_IE_, bssrate_len, bssrate, &(pattrib->pktlen));
        }

        if (ch)
                pframe = rtw_set_ie(pframe, _DSSET_IE_, 1, &ch, &pattrib->pktlen);

        if (append_wps) {
                /* add wps_ie for wps2.0 */
                if (pmlmepriv->wps_probe_req_ie_len > 0 && pmlmepriv->wps_probe_req_ie) {
                        memcpy(pframe, pmlmepriv->wps_probe_req_ie, pmlmepriv->wps_probe_req_ie_len);
                        pframe += pmlmepriv->wps_probe_req_ie_len;
                        pattrib->pktlen += pmlmepriv->wps_probe_req_ie_len;
                }
        }

        pattrib->last_txcmdsz = pattrib->pktlen;

        RT_TRACE(_module_rtl871x_mlme_c_, _drv_notice_, ("issuing probe_req, tx_len =%d\n", pattrib->last_txcmdsz));

        if (wait_ack) {
                ret = dump_mgntframe_and_wait_ack(padapter, pmgntframe);
        } else {
                dump_mgntframe(padapter, pmgntframe);
                ret = _SUCCESS;
        }

exit:
        return ret;
}

inline void issue_probereq(struct adapter *padapter, struct ndis_802_11_ssid *pssid, u8 *da)
{
        _issue_probereq(padapter, pssid, da, 0, 1, false);
}

int issue_probereq_ex(struct adapter *padapter, struct ndis_802_11_ssid *pssid, u8 *da, u8 ch, bool append_wps,
        int try_cnt, int wait_ms)
{
        int ret;
        int i = 0;

        do {
                ret = _issue_probereq(padapter, pssid, da, ch, append_wps, wait_ms > 0?true:false);

                i++;

                if (padapter->bDriverStopped || padapter->bSurpriseRemoved)
                        break;

                if (i < try_cnt && wait_ms > 0 && ret == _FAIL)
                        msleep(wait_ms);

        } while ((i < try_cnt) && ((ret == _FAIL) || (wait_ms == 0)));

        if (ret != _FAIL) {
                ret = _SUCCESS;
                #ifndef DBG_XMIT_ACK
                goto exit;
                #endif
        }

        if (try_cnt && wait_ms) {
                if (da)
                        DBG_871X(FUNC_ADPT_FMT" to "MAC_FMT", ch:%u%s, %d/%d in %u ms\n",
                                FUNC_ADPT_ARG(padapter), MAC_ARG(da), rtw_get_oper_ch(padapter),
                                ret == _SUCCESS?", acked":"", i, try_cnt, (i + 1) * wait_ms);
                else
                        DBG_871X(FUNC_ADPT_FMT", ch:%u%s, %d/%d in %u ms\n",
                                FUNC_ADPT_ARG(padapter), rtw_get_oper_ch(padapter),
                                ret == _SUCCESS?", acked":"", i, try_cnt, (i + 1) * wait_ms);
        }
exit:
        return ret;
}

/*  if psta == NULL, indiate we are station(client) now... */
void issue_auth(struct adapter *padapter, struct sta_info *psta, unsigned short status)
{
        struct xmit_frame                       *pmgntframe;
        struct pkt_attrib                       *pattrib;
        unsigned char                           *pframe;
        struct ieee80211_hdr    *pwlanhdr;
        __le16 *fctrl;
        unsigned int                                    val32;
        unsigned short                          val16;
        int use_shared_key = 0;
        struct xmit_priv                *pxmitpriv = &(padapter->xmitpriv);
        struct mlme_ext_priv *pmlmeext = &(padapter->mlmeextpriv);
        struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
        __le16 le_tmp;

        pmgntframe = alloc_mgtxmitframe(pxmitpriv);
        if (pmgntframe == NULL)
                return;

        /* update attribute */
        pattrib = &pmgntframe->attrib;
        update_mgntframe_attrib(padapter, pattrib);